Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-11-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 raspado hemebond: do you know how to get pillar items for a minion on the master?
00:00 prg3 joined #salt
00:00 hemebond salt minion pillar.items
00:03 hemebond raspado: http://www.saltstat.es/posts/environment-based-clusters.html
00:05 hemebond maybe set top_file_merging_strategy: same on your master
00:05 raspado omgfg hemebond
00:05 raspado you saved me the rest of my weekend
00:05 hemebond ūüĎć
00:06 raspado hemebond: thx man i owe you one ;)
00:07 hemebond Happy to help :-)
00:07 raspado so why was it grabbing stage?
00:07 raspado what is the order in which salt decides to pick a pillar and stick with it
00:07 hemebond Because your stage environment had '*' which means all minions.
00:08 raspado yeah but i had dev,qe,stage,prod pillar folders basically with the same thing
00:08 hemebond And they would have applied
00:08 netcho joined #salt
00:08 hemebond But stage was probably applied last.
00:08 raspado so it gets whatever is loaded last
00:09 hemebond Well, you were probably overriding the pillar values in later environments.
00:09 hemebond The pillar values are merged and updated/overridden.
00:09 raspado ahh shit
00:09 raspado okay basically whatever loaded and overwrote the value
00:09 raspado is what you get
00:09 hemebond That's why in my top.sls files I explicitly target things.
00:11 raspado ugga
00:11 raspado okay i need a brew
00:11 raspado ill drink one for ya hemebond \o
00:11 hemebond o/
00:11 fas3r is there a way to set parrallel build mode/options when using cloud.provide in a state ?
00:11 keimlink joined #salt
00:11 hemebond fas3r: Can you point me to documentation on this cloud.provide state module function?
00:12 fas3r hemebond: https://docs.saltstack.com/en/latest/topics/cloud/salt.html
00:13 fas3r when using the salt-cloud there is -P option.
00:13 fas3r just wondering if we can pass it using when using with states.
00:13 hemebond The state module has present, profile and absent.
00:13 hemebond Where is provide?
00:14 fas3r hemebond: http://pastebin.com/Vj2wPuTf
00:14 fas3r what I do
00:14 fas3r I call the module from the master.
00:14 hemebond Okay, that's profile, not provide
00:19 hemebond Have you tried passing - opts: '-P' ?
00:20 fas3r hemebond: trying now.
00:23 fas3r nop does not work.
00:25 Klas joined #salt
00:27 cyteen joined #salt
00:31 netcho joined #salt
00:34 hemebond I think it's only for a single instance.
00:34 hemebond "Spin up an instance using Salt Cloud"
00:34 hemebond It accepts kwargs
00:35 hemebond But I don't know how -P can be a kwarg.
00:38 fas3r oki I will find an other way .
00:38 fas3r I will check the code it's ok.
00:48 jas02 joined #salt
00:51 amontalban joined #salt
00:59 Salander27 joined #salt
01:00 jas02 joined #salt
01:01 saltsa joined #salt
01:05 fas3r hemebond: do you know if it's possible to do a loop like for i in 1 to 5;i++ ?
01:06 awiss joined #salt
01:17 fredrick joined #salt
01:17 swills joined #salt
01:18 fredrick Anyone salted kafka?  I have seen some examples of using a pool for the broker_id.  How the heck do you setup a pool in salt?
01:19 hemebond fas3r: Yes, Jinja can do loop with range http://jinja.pocoo.org/docs/dev/templates/#range
01:20 swills joined #salt
01:21 nidr0x joined #salt
01:26 mavhq joined #salt
01:28 izrail joined #salt
01:30 amcorreia joined #salt
01:32 netcho joined #salt
01:32 adsisco joined #salt
01:40 catpigger joined #salt
01:41 edrocks joined #salt
01:42 amontalb1n joined #salt
01:44 DEger joined #salt
01:56 raspado joined #salt
01:56 jeddi joined #salt
01:59 akhter joined #salt
02:00 awiss joined #salt
02:01 jas02 joined #salt
02:01 awiss_ joined #salt
02:05 aarontc joined #salt
02:15 catpiggest joined #salt
02:17 sh123124213 joined #salt
02:17 netcho joined #salt
02:19 raspado joined #salt
02:29 evle joined #salt
02:42 hasues joined #salt
02:42 hasues left #salt
02:46 sebastian-w joined #salt
02:50 onlyanegg joined #salt
02:52 hoonetorg joined #salt
03:02 jas02 joined #salt
03:04 bastiandg joined #salt
03:05 rem5 joined #salt
03:10 preludedrew joined #salt
03:12 bocaneri joined #salt
03:18 netcho joined #salt
03:18 raspado joined #salt
03:39 netcho joined #salt
03:46 JPT joined #salt
03:48 raspado think i found a bug
03:49 raspado if you have ext_pillar and pillar_roots set and you have ext_pillar_first: False with "pillar_source_merging_strategy: none"
03:49 raspado the merging strategy will be ignored
04:05 DEger joined #salt
04:09 fas3r is it possible to overide the default value used by a formula directly from the states ?
04:10 raspado fas3r: thought you asked that earlier?
04:11 fas3r nop
04:12 raspado oh guess that was someone else
04:12 RandyT joined #salt
04:12 raspado how about jinja?
04:12 raspado http://docs.ansible.com/ansible/playbooks_filters.html search for regex_replace
04:13 fas3r you mean that I can set a variable in jinja in my states with the same name than in the template and it will be overwritten ?
04:17 mikecmpbll joined #salt
04:21 michaelc_ joined #salt
04:21 raspado yeah it should give it a shot
04:23 raspado wait a minute here....
04:24 raspado so for git_pillar if one environments pillar data is in git but the other one is local (pillar_root)
04:24 raspado salt will default all environments to local?
04:25 fas3r maybe I have to set the value as a pillar ?
04:25 __number5__ raspado: depends on your pillar_root settings on salt master
04:25 raspado my pillar_roots has all the environments set, same environments, I define in ext_pillar
04:26 fas3r it's trying to use : https://github.com/saltstack-formulas/keepalived-formula. There is a value call virtual_ipaddresses that I need to set dynamically. For now the only way that I make it work is to use file.replace after the formula is deployed in order to set the proper value.
04:28 Lionel_Debroux_ joined #salt
04:28 fas3r and when I look at the jinja template, I see that's looping over " instance" to get all the pillar value. I'm wondering what's the best way here.
04:28 raspado __number5__: seems like If one environment hits pillar_roots then all environments follow suite
04:30 raspado fas3r: not sure if i can help much but it would be helpful to see using pastebin
04:30 fas3r raspado: the pillar.example https://github.com/saltstack-formulas/keepalived-formula/blob/master/pillar.example
04:33 raspado is there a state file?
04:33 fas3r well it's a formula, I just include it in my state.
04:34 fas3r i include: - keepalived - keepalived.install -keepalived. config
04:34 raspado its the virtual_ipaddresses you need to set dynamically?
04:34 fas3r yes
04:34 raspado based on what
04:34 fas3r the only wayt I found is to do a file.replace after the setup.
04:34 fas3r but there is most probably a cleaner way directly from the formula.
04:35 fas3r I was thinking about working in the "config.sls" states of the formula directly but I don't think that's also the way to do so.
04:38 raspado dynamically: so it will always change
04:38 raspado or is there some pattern
04:39 informant joined #salt
04:39 fas3r it's an IP :)
04:39 raspado maybe taking it out of pillar might be better
04:40 raspado I key off grains myself
04:40 netcho joined #salt
04:40 raspado so if grain == blah, then ip: 1.2.3.4
04:40 fas3r I was think aboug that and use grains['xxx'] in the pillar.
04:40 raspado elif grain == blahblah, then ip: 2.3.4.5
04:40 raspado etc etc
04:41 raspado it should work
04:41 fas3r yes I do so for some other values.
04:43 raspado kinda ugly but thats a lil more dynamic :)
04:43 fas3r I will stick with my file.replace :D
04:44 edrocks joined #salt
04:46 akunin joined #salt
04:49 akhter joined #salt
04:51 akunin joined #salt
04:54 akunin joined #salt
04:58 impi joined #salt
04:59 akunin joined #salt
05:00 akunin what salt.states.file can I use to insert a line at line 2? I'm trying to add "auth sufficient pam_securetty.so" to /etc/pam.d/rsh for passwordless login, but need to preserve the header on line 1
05:01 akunin any multiline prepend, append or replace fails
05:01 Shirkdog_ joined #salt
05:03 jas02 joined #salt
05:05 rdas joined #salt
05:08 akunin joined #salt
05:13 akunin joined #salt
05:13 fas3r akunin: use sed and cmd.run
05:14 akunin fas3r: ah, good call... haven't thought of that
05:15 akunin fas3r: might be tricky for subsequent state.apply not to keep adding lines, though
05:19 om2 joined #salt
05:20 fas3r akunin: I will save you some time
05:20 fas3r give me 2 sec
05:22 fas3r akunin: http://pastebin.com/j3Hg9m6t
05:23 fas3r basically you check if the pattern is present in the file, if not you execute X
05:23 akunin fas3r: awesome! let me give this a try
05:23 fas3r dont forget that sshd that tabs
05:24 fas3r so you might have to adjust the pattern
05:24 akunin sure, thanks
05:27 samodid joined #salt
05:27 kuromagi^ joined #salt
05:35 akunin joined #salt
05:38 akunin joined #salt
05:41 netcho joined #salt
05:43 akunin joined #salt
05:44 akunin fas3r: I used file.line instead with after: <pattern of first line> and mode: ensure
05:44 akunin https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.line
05:45 fas3r ok. same result :) make sure that the first one dont move :P
05:50 akunin joined #salt
05:50 jeddi joined #salt
05:55 akunin joined #salt
05:57 raspado joined #salt
06:00 jimklo joined #salt
06:04 ivanjaros joined #salt
06:04 jas02 joined #salt
06:06 DEger joined #salt
06:11 akunin fas3r: exactly. but so far so good...
06:13 akunin joined #salt
06:23 akunin joined #salt
06:27 nicksloan joined #salt
06:30 systo joined #salt
06:33 akunin joined #salt
06:41 netcho joined #salt
06:46 edrocks joined #salt
06:53 fracklen joined #salt
07:00 assafshapira joined #salt
07:00 sh123124213 joined #salt
07:02 felskrone joined #salt
07:05 jas02 joined #salt
07:07 Miouge joined #salt
07:08 jimklo joined #salt
07:09 sh123124213 joined #salt
07:11 fracklen joined #salt
07:14 ivanjaros3916 joined #salt
07:18 jhauser joined #salt
07:19 CruX__ hi all, I am in the process of evaluating salt to automate deployment of systemd-nspawn containers with software in them. What is the least stupid way to automate the acceptance of the keys for those new minions?
07:20 CruX__ I have a salt-minion that deploys and runs the systemd-nspawn containers. Ideally, I'd like to preseed them using eg. gen_accept but I'm not sure how to do that…
07:28 guest_ joined #salt
07:29 systo joined #salt
07:30 jimklo joined #salt
07:32 yuhlw______ joined #salt
07:37 dkrae joined #salt
07:42 ashokrajar joined #salt
07:43 ashokrajar How do I read the ec2 access_key & access_secret form the environment in to cloud-config /etc/salt/cloud. I didn't find any documents related to it of any such stack overflow post. Any points would be really helpful. Thanks in advance guys.
07:46 darioleidi joined #salt
07:49 fracklen joined #salt
07:49 ivanjaros joined #salt
07:52 sh123124213 joined #salt
07:53 krymzon joined #salt
07:59 fracklen joined #salt
08:03 fracklen joined #salt
08:04 fracklen joined #salt
08:06 jas02 joined #salt
08:07 DEger joined #salt
08:11 dingesX joined #salt
08:13 dingesX Hi all, I think i'm having problems understanding the "salt.states.line.replace". Im trying to do the following: http://pastebin.com/cMuyhRZs
08:15 dingesX What i want to achieve is: If the entry in the config file is not "client={{ netvault.client_name }}" or "Client={{ netvault.client_name }}" replace it with the line stated in "content"
08:16 dingesX However it only seems to work when the file is lower capital only... Am i missing something here?
08:17 hemebond dingesX: Tried full regex syntax?
08:17 hemebond What about (c|C)
08:17 hemebond or [cC]
08:18 hemebond or even /[cC]lients=.*/
08:19 dingesX hemebond: Thanks for the info, let me try that! (I'm quite unfamiliar with regex so I'll have to admit that i don't understand the different dialects and such.)
08:20 ronnix joined #salt
08:22 dingesX hemebond: nope, doesn't work. Do you maybe know which regex engine is being used here?
08:22 hemebond I would assume the python regex engine.
08:22 catpig joined #salt
08:23 dingesX ack, i'll do some reading! thanks a lot! if I find the solution i'll report back.
08:24 blue joined #salt
08:26 hemebond Try out file.replace
08:28 babilen file.line is such a weird and confusing state
08:28 hemebond And no examples!
08:29 hemebond - match: "^[cC]lients=.*"
08:33 hemebond ^ that worked for me
08:33 hemebond Though it only replaced the first instance of the line.
08:34 dingesX Wow hemebond , works like a charm!
08:34 dingesX +1
08:35 onlyanegg joined #salt
08:36 CeBe joined #salt
08:36 samodid joined #salt
08:37 JohnnyRun joined #salt
08:39 Garo_ joined #salt
08:44 krymzon joined #salt
08:48 teclator joined #salt
08:56 darioleidi joined #salt
08:56 mikecmpbll joined #salt
08:59 keimlink joined #salt
09:07 jas02 joined #salt
09:10 geomacy joined #salt
09:10 netcho joined #salt
09:13 JohnnyRun joined #salt
09:14 ronnix_ joined #salt
09:18 onlyanegg joined #salt
09:21 N-Mi joined #salt
09:27 s_kunk joined #salt
09:30 Bryson joined #salt
09:30 rdas joined #salt
09:30 Rumbles joined #salt
09:37 ashokrajar can I use environment variable inside /etc/salt/cloud configuration. So I can avoid storing sensitive credentials.
09:40 N-Mi joined #salt
09:40 N-Mi joined #salt
09:48 edrocks joined #salt
09:54 onlyanegg joined #salt
10:00 Bryson joined #salt
10:01 fracklen joined #salt
10:01 dingesX Question, is it possible for jinja to 'set' an element in a dict? E.g. {% set data['x'] = 'woot' %}?
10:04 Inver joined #salt
10:04 aarontc joined #salt
10:05 teclator joined #salt
10:08 AndreasLutro use this hack: {% do data.update({'x': 'woot'}) %}
10:08 jas02 joined #salt
10:09 haam3r joined #salt
10:12 dingesX AndreasLutro: Thank you very much!
10:14 s_kunk joined #salt
10:31 amcorreia joined #salt
10:35 tmrtn[m] joined #salt
10:37 mjimeneznet joined #salt
10:42 colttt joined #salt
10:50 netcho joined #salt
10:58 mavhq joined #salt
11:07 ozux joined #salt
11:09 mavhq joined #salt
11:14 Elsmorian joined #salt
11:21 amontalban joined #salt
11:28 netcho hi all, what am i doing wrong here
11:28 netcho http://hastebin.com/ginadoluju.cs
11:31 netcho trying to import env.. obviously doing smth wrong
11:32 rawzone joined #salt
11:36 fredvd joined #salt
11:40 xenocode joined #salt
11:43 netcho anyone?
11:47 ronnix joined #salt
11:52 netcho got it
11:57 manji oh
11:57 manji "staging"
11:57 manji ?
11:57 jeddi joined #salt
11:58 DaveQB joined #salt
11:58 bluenemo joined #salt
11:59 bluenemo Hi guys. When I do on a new machine: echo ip salt >> /etc/hosts; apt-get install salt-minion, the minion will try to auth with the master. I was wondering if that could be protected a bit better. As in the minion and the master having some sort of authkey in the config or similar. Is there something for that?
12:01 xmj bluenemo: normally the master must accept the minion's key
12:02 netcho manji: yes, needed to be string :)
12:02 bluenemo xmj, yes, but I was looking for something further
12:02 jeddi joined #salt
12:03 bluenemo sth kinda like ssh accepting host keys upon initial connection
12:04 bluenemo when on the minion the /etc/hosts ip for salt is changed, will the minion accept commands from a new master?
12:05 bluenemo as far as I know it wont - what I'm looking for is a way to make the minion verify the initial master
12:05 xmj oh, gotcha. no idea about that
12:07 jeddi joined #salt
12:07 bluenemo I think that would be very nifty. Lets see if sbd answers, if not I'll open a ticket. I think this is worth having.
12:08 bluenemo Otherwise maybe the minion pki can be pre-installed prior to apt-get install salt-minion
12:09 DEger joined #salt
12:09 jas02 joined #salt
12:10 teclator joined #salt
12:34 sh123124213 joined #salt
12:38 Sarph joined #salt
12:46 AndreasLutro bluenemo: look into master signing keys
12:46 AndreasLutro and yes, pre-generate the minion's keypair before installing the salt minion
12:59 oida joined #salt
13:10 jas02 joined #salt
13:12 CrummyGummy joined #salt
13:15 Qwazerty joined #salt
13:19 Qwazerty joined #salt
13:21 edrocks joined #salt
13:25 amontalban joined #salt
13:25 amontalban joined #salt
13:44 tkharju joined #salt
13:44 amontalb1n joined #salt
13:46 _JZ_ joined #salt
13:47 rem5 joined #salt
13:50 traph joined #salt
13:50 traph joined #salt
13:57 nicksloan joined #salt
14:02 awiss joined #salt
14:05 Pulp joined #salt
14:06 akhter joined #salt
14:06 swills joined #salt
14:06 akhter joined #salt
14:08 swills joined #salt
14:11 jas02 joined #salt
14:12 akhter joined #salt
14:15 haam3r joined #salt
14:18 mk-fg joined #salt
14:23 aarontc joined #salt
14:26 Reverend did we say that 'order: last' is 'end of this sls' or 'end of this current run'
14:26 Reverend ?
14:27 AndreasLutro end of the highstate
14:27 Reverend win
14:27 Reverend thanks chap
14:29 subsignal joined #salt
14:29 scoates joined #salt
14:32 RandyT good day
14:32 RandyT quick question, after upgrade to 2016.3.4, my s3 ext_pillar has stopped working.
14:32 RandyT getting the following error:   - Failed to load ext_pillar s3: global name '__utils__' is not defined
14:33 RandyT anyone else running into similar issues?
14:37 babilen Yeah, that error came up in this channel before
14:37 babilen You might want to check bug reports
14:37 RandyT babilen: thanks, scanning through there now
14:39 RandyT babilen: unfortunately, everything that is related is very old.
14:39 RandyT and it has been working up until this update...
14:40 RandyT found : https://github.com/saltstack/salt/issues/37388
14:40 saltstackbot [#37388][MERGED] [2016.3.4] Refreshing of an s3 file server results in an exception.  | Description of Issue/Question...
14:45 Pulp joined #salt
14:45 msn joined #salt
14:48 RandyT unfortunately, that issue does not fix my problem
14:51 RandyT this fixes the problem: https://github.com/saltstack/salt/commit/67cc7a7dc4356f1be781734500f478fc98721ce3
14:52 RandyT which seems to be broken on all minions, including the Windows minions which are a bit more difficult to hack.
14:52 Reverend joined #salt
14:52 RandyT @saltlake, any place for a quick bug fix release for 2016.3.4?
14:53 babilen RandyT: I guess that updating to 2016.3.4 is not an option for you then
14:53 RandyT an "plans"?
14:53 RandyT babilen: this is 2016.3.4
14:53 babilen Yes, which is broken
14:53 DEger joined #salt
14:53 RandyT well, it is a downgrade that is now the next challenge...
14:54 babilen I am saying that you cannot use that version if you rely on that functionality
14:54 RandyT got it.
14:55 ozux__ joined #salt
14:56 cyborg-one joined #salt
14:56 kbaikov joined #salt
15:03 RandyT babilen: any hints as to how to force a downgrade?
15:03 RandyT looking at repo, previous point release, 2016.3.3 does not seem to be available.
15:04 AndreasLutro just follow https://repo.saltstack.com and select "pin to minor release"
15:06 RandyT AndreasLutro: thank you
15:06 Tanta joined #salt
15:10 akhter joined #salt
15:10 daks hello
15:11 daks i'm writing a formula and in there i need to use some Python code to generate a variable (to generate SECRET_KEY for Django)
15:11 daks is there any possibility to use Python code inside a formula? or to have a '_module' in a formula?
15:12 daks I want this formula to be totally independent/autonomous so I don't to need a specific execution module in the rest of the Salt code just for the formula
15:13 jas02 joined #salt
15:13 kbaikov joined #salt
15:13 racooper joined #salt
15:14 mpanetta joined #salt
15:17 dya1n joined #salt
15:21 bluenemo AndreasLutro, thank you
15:27 fredrick joined #salt
15:31 sad_salt joined #salt
15:31 sad_salt Hi
15:31 akhter joined #salt
15:32 sad_salt I'm getting errors when I try to create a new aws instance with salt-cloud on the ssh command. I've checked the security groups and outbound calls should work, but the debug says that it can't reach ubuntu to download updates.
15:32 fredrick Anyone salt kafka?  I would like do do it like the one in the formulas.  But not sure how they are doing the broker_id with a pool??
15:35 hasues joined #salt
15:35 hasues left #salt
15:38 raspado joined #salt
15:38 fredrick sad_salt: are you specifing a ami?
15:39 akhter joined #salt
15:39 sad_salt I'm using a role
15:39 sad_salt and yes.. I specify an ami
15:40 sad_salt image: ami-4b8bd85c
15:40 fredrick I have had that issue when the ami has licensing or was not available for the region I was deploying
15:40 orionx joined #salt
15:41 orionx joined #salt
15:43 raspado so with pillar_roots and git_pillar, I have both defined but it seems that salt cannot determine if one environment lives in pillar_roots and another in git_pillar, with pillar, is it an all ext_pillar or all pillar_roots?
15:45 sad_salt I was able to build the instance manually in aws with the same settings.
15:46 sad_salt Though, since in the private network I haven't been able to ssh in to try to manuallly install the salt-minion on it.
15:49 sad_salt The error I see most is like this:  W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/precise-backports/universe/i18n/Translation-en  Unable to connect to us-east-1.ec2.archive.ubuntu.com:http: [IP: 54.162.0.189 80]
15:50 amontalban joined #salt
15:50 amontalban joined #salt
15:50 fredrick hmm sounds like a security group not allowing the instance out.
15:51 forrest joined #salt
15:51 ALLmightySPIFF joined #salt
15:56 tiwula joined #salt
15:56 tapoxi joined #salt
15:57 sad_salt That's what I assumed, but all of my security groups say outbound 0.0.0.0/0 for all traffic
15:57 lurky joined #salt
15:57 sad_salt hmm, I wonder if maybe the security group isn't getting attached properly
15:57 sad_salt since I'm trying to add two of them.
15:58 UForgotten joined #salt
15:59 sad_salt https://gist.github.com/avik-so/e5df61065649c68a44850a93104494eb
16:02 sarcasticadmin joined #salt
16:03 akhter joined #salt
16:04 fredrick you gist looks correct
16:08 akhter joined #salt
16:09 fracklen joined #salt
16:13 jas02 joined #salt
16:14 RandyT sad_salt: have you tried with just one security group?
16:14 akhter joined #salt
16:14 JohnnyRun joined #salt
16:14 krymzon What is the recommended way to use saltutil.regen_keys? It looks like after running it, I need to manually restart minion, delete old key, accept new key....
16:14 RandyT also, running the deploy with -l debug and showing the output would probably allow some of us to help you better.
16:15 RandyT sad_salt: it would also be helpful to see the provider info
16:16 jimklo joined #salt
16:17 Heartsbane joined #salt
16:17 Heartsbane joined #salt
16:17 amcorreia joined #salt
16:18 RandyT sad_salt: also, can you tell me what that ami is? I don't see it as a public image
16:18 sad_salt hmm what is the provider info?
16:18 sad_salt its 12.04-amd64-server-20161020  ubuntu
16:18 RandyT sad_salt: the provider info is what you reference in your profile as provider:
16:19 muep joined #salt
16:21 sad_salt gist now has the provider
16:21 sad_salt https://gist.github.com/avik-so/e5df61065649c68a44850a93104494eb
16:21 sad_salt I have not tried only one security group yet, but I need both.
16:22 RandyT sad_salt: I've added to your gist an example of my provider info for my region
16:22 RandyT possible you need to define ssh_interface: private_ips?
16:23 RandyT sad_salt: be sure to scrub your account number there
16:24 shalkie joined #salt
16:25 sad_salt do I need that minion:->master block in my provider?
16:25 RandyT sad_salt: I made small update that may clear up confusion there, but yes, that is where I put my minion config block
16:26 RandyT sad_salt: I don't think that is what is causing the problem though.
16:27 RandyT It is either that you need to specify the ssh_interface parameter so that ssh binds to the private ip, or you may also be running into a problem that I seem to remember in the past of using multiple security groups.
16:27 RandyT that last issue may be fixed, but seems to ring a bell for me.
16:27 sad_salt Ok thanks, trying the ssh_interface no
16:27 sad_salt now
16:28 RandyT is this ami a private ami, or just that I cannot seem to find it when searching?
16:29 gtmanfred sad_salt: you do not need the master if the minion can look up the hostname 'salt' and find it.  If it doesn't do a domain search or some other way to find the subdomain name salt, then you do need to include a minion: master: option in the configs
16:29 RandyT if it is private, you might want to try pointing to a public ubuntu ami that is available in your region
16:30 ozux joined #salt
16:31 sad_salt its a community ami not my own
16:31 sad_salt search under the community ami section
16:31 DEger joined #salt
16:32 RandyT I see it now. was searching in us-west-2 and not us-east-1 where it resides
16:33 sad_salt that worked!
16:35 RandyT excellent, enjoy
16:35 sad_salt now to figure out how to add both security groups
16:36 RandyT sad_salt: so was that the issue?
16:36 sad_salt don't know I changed both things
16:36 sad_salt I'll try now with both security groups and see what happens
16:36 RandyT honestly I would expect an aws error if it failed, so I suspect it works but would be interesting to know
16:37 sad_salt oh it didn't work.. it kicked me off the ssh
16:37 ozux joined #salt
16:39 ozux__ joined #salt
16:41 nini joined #salt
16:42 sad_salt trying again with both security groups
16:42 nini Greetings! I'm getting a very strange error on several file.managed states when I run a state.highstate. It's:
16:42 nini Unable to manage file: 'module' object has no attribute 'TEMPFILE_PREFIX'
16:43 sad_salt I'm getting a connection refused with an exception in wait_for_port during debug. Is that normal?
16:43 nini I've tried googling for TEMPFILE_PREFIX and nothing comes up. Though I did a grep and it appears in salt/modules/file.py
16:43 nini Did I break my salt somehow? O.o
16:43 nini I installed it with pip, version 2016.3.4
16:44 gtmanfred nini: can you make sure that you don't have multiple versions of salt installed somehow, also clear out any .pyc files
16:45 gtmanfred nini: remove $(python_prefix)/salt/utils/template.pyc
16:45 gtmanfred templates.pyc*
16:46 nini ok
16:47 fredrick Anyone salt kafka?  I would like do do it like the one in the formulas.  But not sure how they are doing the broker_id with a pool??
16:48 jas02 joined #salt
16:49 teclator joined #salt
16:50 berto- joined #salt
16:52 iggy krymzon: probably best to switch to open_mode before doing big rekey'ing things
16:53 tkharju joined #salt
16:53 gtmanfred if you have a list of all the names of servers, you could switch to the autoaccept mode, and just put your server list in the auto accept option... that way no other names get accepted
16:53 gtmanfred assuming the list isn't too long
16:54 iggy <--- uber lazy
16:54 nini gtmanfred: I cleared out the .pyc files, I also checked that no extra salts were installed, and there doesn't seem to be any. I ran another highstate and still get the error. Do I need to remove every *.pyc under the salt install or just the templates?
16:54 gtmanfred always a valid path :P
16:54 gtmanfred you removed it on the minion right?
16:55 gtmanfred the templates.pyc file is the one that had TEMPFILE_PREFIX added.
16:55 gtmanfred sorry, no it isn't
16:55 gtmanfred it is salt/utils/files.pyc
16:55 gtmanfred https://github.com/saltstack/salt/pull/37022/files#diff-e7e637b8aedc0a9fecf47d51a6237023
16:55 saltstackbot [#37022][MERGED] Use a default prefix for the mkstemp utils function | This also moves this function into salt.utils.files so that alongside it can be an attribute (`TEMPFILE_PREFIX`) which can be used to get the default tempfile prefix. This allows for simpler logic for properly cleaning the tempfiles created by the `__clean_tmp()` function in `salt.modules.file`....
16:55 gtmanfred that is where it was added
16:55 gtmanfred actually, i don't think that was backported
16:55 iggy safe to remove all pyc files though
16:55 gtmanfred yes ^^
16:55 krymzon iggy: thank you, though not really suitable for my case. 1.many minions are in untrusted locations, 2.I want to do it to a small subset of minions at a time, say 16/200
16:56 iggy then see what gtmanfred said
16:57 edrocks joined #salt
16:57 gtmanfred krymzon: https://docs.saltstack.com/en/latest/ref/configuration/master.html#autosign-file
16:58 teclator joined #salt
16:58 krymzon gtmanfred: thank you, do you mean autosign_file? auto_accept seems global?
16:58 gtmanfred yeah, i liked to autosign-file
16:58 krymzon ok, great, thank you, I'll try that
16:58 gtmanfred linked*
16:58 gtmanfred :)
16:59 krymzon sent before I saw your link :)
16:59 gtmanfred :P
17:04 gtmanfred nini: looks like that file did get updated in 2016.3.4, so yeah remove the salt/utils/file.pyc file
17:05 fredvd joined #salt
17:05 sad_salt joined #salt
17:05 sad_salt bummer, doesn't work at all. :(
17:07 nini interesting. gtmanfred: removing the pyc file didn't work, but your comment made me think to try 2016.3.3 since I had just upgraded. I no longer get the error.
17:07 impi joined #salt
17:07 cyteen joined #salt
17:09 gtmanfred hrm... odd
17:10 mpanetta joined #salt
17:11 darioleidi_ joined #salt
17:13 darioleidi_ joined #salt
17:15 darioleidi joined #salt
17:16 haam3r joined #salt
17:22 lurky joined #salt
17:23 pipps joined #salt
17:24 woodtablet joined #salt
17:30 haam3r joined #salt
17:31 wendall911 joined #salt
17:34 KennethWilke joined #salt
17:38 beowuff joined #salt
17:42 DEger joined #salt
17:43 mpanetta joined #salt
17:47 samodid joined #salt
17:47 mikecmpbll joined #salt
17:48 awiss joined #salt
17:48 debian112 joined #salt
17:49 Josemad joined #salt
17:49 Josemad Hola, alguien habla espa√Īol?
17:52 ferbla joined #salt
17:52 ferbla joined #salt
17:55 darioleidi joined #salt
17:56 Trauma joined #salt
17:56 pdayton joined #salt
17:58 haam3r joined #salt
17:59 raspado if pillar_roots and git_pillar is configured and environment targeting is defined by branch name, it seems that some environments managed only via pillar_roots will default to git_pillar
18:00 raspado so does that mean that pillar needs to be managed either by pillar_roots or git_pillar but not a mix of both?
18:00 raspado (similar to that of gitfs)
18:00 Elsmorian joined #salt
18:00 raspado also "pillar_source_merging_strategy: none" does not seem to apply to ext_pillar
18:00 RandyT sad_salt: I'm working strictly with CentOS 7 images in AWS and works well. Maybe give another image a try?
18:01 gtmanfred raspado: that might be a bug, because it should be able to see them independently of each other
18:03 edrocks joined #salt
18:03 Edgan joined #salt
18:04 nicksloan joined #salt
18:04 pdayton I'm a bit confused as to how I might target external pillars using top.sls, based on what I read in the documentation I believe I'm supposed to enable the following on my salt master: ext_pillar_first, and then I should be able to target from files.  How would I call the external pillar in top.sls?
18:05 pipps joined #salt
18:05 gtmanfred pdayton:
18:05 gtmanfred 'somekey:abc':
18:05 gtmanfred - match: pillar
18:05 gtmanfred - xyz
18:05 gtmanfred something like that
18:05 onlyanegg joined #salt
18:06 gtmanfred here is the doc about targeting minions https://docs.saltstack.com/en/latest/topics/targeting/
18:06 raspado gtmanfred: is there a way I can escalate this up to salt devs?
18:07 gtmanfred raspado: create an issue on github
18:07 gtmanfred and be sure to give us a way to replicate it
18:07 raspado kk
18:08 sad_salt RandyT:  Might be worth a shot. However I need these to eventually run this version of ubuntu, cause that is what the code is configured to work on.
18:10 iggy pdayton: external_pillar targets itself... how would you target it in the top file?
18:11 fredrick sad_salt:  I have it working with Ubuntu 14.04 could you use instead?
18:11 nidr0x joined #salt
18:11 pdayton @iggy: I don't want to target by pillar, I would like to take data I get from an external pillar and target it to minions based on grains
18:12 RandyT sad_salt: is this a new salt master config?
18:12 pdayton I currently have pillar data in flat files that targets to my grains, with a top file like this: base:
18:12 pdayton base:
18:12 pdayton - default
18:12 pdayton 'kinds:couchbase':
18:12 pdayton - match: grain
18:12 pdayton - backup
18:12 pdayton - couchbase
18:13 RandyT sad_salt: might be worth running salt-cloud -u to update bootstrap code or specify script_args: in the profile to specify the minion code version
18:13 pdayton any minions that have the grain couchbase get the pillar data from my flat files backup/init.sls and couchbase/init.sls
18:13 Miouge joined #salt
18:16 iggy pdayton: that's not how ext_pillars work
18:17 iggy pdayton: they get a minion_id and target based on that (they also have access to __grains__)
18:17 pdayton So in my actual external pillar data itself I would need to have a minion ID?
18:17 gtmanfred iggy: that does work, that is what ext_pillar_First is for
18:17 iggy but that snippet (which you should have used gist for) is just regular file based pillar_roots
18:18 gtmanfred so that it can be evaluated first and then be used to match in the top.sls file
18:18 iggy gtmanfred: that's not what the question was (or I missed something)
18:18 gtmanfred it is, 12:04:46 ¬† ¬† ¬†pdayton ¬Ľ I'm a bit confused as to how I might target external pillars using top.sls, based on what I read in the documentation I believe I'm supposed to enable the following on my salt master: ext_pillar_first, and then I should be able to target from files. ¬†How would I call the external pillar in top.sls?
18:18 gtmanfred oh wait
18:18 gtmanfred i missread
18:18 gtmanfred pdayton: there is no targeting for external pillars
18:19 gtmanfred for external pillars they are only applied to minions based on the minion_id
18:19 gtmanfred so there is no top.sls file
18:19 gtmanfred pdayton: ext_pillar_first is used so that you could take the pillars it gets from the external pillars, and use them to target and give them other pillars in the pillar_roots
18:20 gtmanfred iggy: nevermind, you were right
18:20 gtmanfred brb, baking bread
18:21 pppingme joined #salt
18:22 sad_salt RandyT:  Yeah this is a fresh salt master.  Don't know if I can use ubuntu 14 or not as its never been tested there. But it's worth looking into.
18:23 Bryson joined #salt
18:23 sad_salt RandyT:  Which minion code version should I use?
18:26 Edgan sad_salt: 2016.3.4 on both master and minions, and I recommend Ubuntu 16.04 if possible for the master. Ubuntu 14.04 will work too, but is less than ideal for a master.
18:26 RandyT just be aware I ran into show stopper issue on AWS with S3 today running 2016.3.4...
18:26 Edgan sad_salt: I only mention Ubuntu 16.04 if you already use Ubuntu as your primary distribution.
18:26 RandyT had to revert to 2016.3.3
18:27 Edgan RandyT: There are bugs in all releases. I have to patch 2016.3.3 or 2016.3.4 for features I need working.
18:27 Edgan RandyT: Hopefully 2016.11.0 will be stable enough I can stop having to maintain my own patched packages.
18:29 Miouge joined #salt
18:29 beowuff joined #salt
18:33 pipps99 joined #salt
18:34 RandyT Edgan: I've not gone as far to build my own Windows minions, so "patching" releases is not a simple optioni there.
18:35 RandyT Updating master to 2016.3.4 breaks any older windows minion depending on S3.
18:35 Edgan RandyT: I don't do Windows.
18:35 RandyT Edgan: some of us don't have that luxury... :-)
18:36 Edgan RandyT: What city do you live in?
18:36 RandyT Denver
18:38 Edgan RandyT: yeah, that is on my theoretical list of cities to move to. I am looking at getting out of the SF Bay Area. The top of my list is Portland. What I have found while looking is that Windows is still used way more outside the SF Bay Area. Which gives me more reason to stay. :\
18:39 RandyT Edgan: in my experience, cities and application arch don't corrilate well. :)
18:39 Edgan RandyT: It is more of SF Bay Area vs the rest of the country.
18:39 RandyT I'm dealing with all Windows... but get the fun of mixing them all...
18:39 Edgan RandyT: Though there are definitely regional preferences
18:40 RandyT I meant... I am NOT dealing with all windows.
18:40 sh123124213 joined #salt
18:43 derrickm joined #salt
18:44 fredrick interesting that you are noticing regional for windows versus linux.
18:44 fredrick What type work are you looking for?
18:45 Edgan RandyT: Depends on industry, and how much outside software you use. The "new way" is not using third party code, and writing as much as possible in house.
18:45 derrickm hey all, I have a question regarding pillar in multiple envs. With salt states I can set the merging strategy so they are separate, but it seems like this is not working the same for pillar
18:45 Edgan fredrick: Windows vs Linux is more SF Bay Area vs the rest of the US. I have noticed regional preferences for Linux distributions.
18:46 Edgan fredrick: devops
18:46 Miouge joined #salt
18:46 fredrick Edgan: interesting I am in Denver as well and all I work on is linux, ubuntu currently centos previously.
18:47 cyteen_ joined #salt
18:47 Edgan fredrick: I prefer CentOS, but currently work with Ubuntu. Ops prefers CentOS, and Dev prefers Ubuntu, in general.
18:48 fredrick Edgan: agreed does seem that way.
18:48 rem5 joined #salt
18:49 notnotpeter joined #salt
18:50 Sketch ops prefer stability, dev prefers frequent updates? heh
18:50 Edgan Sketch: yes
18:50 pipps joined #salt
18:50 Sketch that does seem to mirror my experience, as well
18:50 Edgan Sketch: Dev also prefers to have 20 versions in parallel of the same piece of software
18:50 nicksloan joined #salt
18:51 Edgan Sketch: Ops knows this is bad for security. Dev doesn't care.
18:52 Edgan Sketch: Ubuntu makes 20 versions in parallel easier.
18:53 Sketch heh
18:53 nicksloan joined #salt
18:53 Edgan Sketch: Fedora(beta) for CentOS/RHEL, have begun to come around on this point. They know they will be left behind if they doing. The pendulum has swung in the dev direction for now.
18:54 Edgan Sketch: It is the same reason you see Microsoft embedding Ubuntu inside Windows.
18:54 fxhp joined #salt
18:54 Sketch how does ubuntu make 20 versions easier in parallel?
18:54 foundatron joined #salt
18:55 Sketch i figured MS embedding ubuntu was mostly due to it's popularity
18:55 Edgan Sketch: Ubuntu is based on Debian, and Debian has a tradition of parallel packaging. gcc44, gcc45, gcc46, gcc50, etc.
18:56 Edgan Sketch: It is Microsoft knowing they will get left behind if they don't adopt Linux stuff. The industry is moving in that direction.
18:56 Sketch ah
18:56 Edgan Sketch: Part of it is the Debian alternatives system.
18:56 cyteen_ joined #salt
18:56 Sketch redhat tends to parallel package a few things for rhel/centos, but not for fedora
18:56 Edgan Sketch: Which I think CentOS has too, but Debian/Ubuntu actual use.
18:56 Sketch mostly only major library versions for the previous version or rhel
18:56 SaucyElf joined #salt
18:57 Edgan Sketch: They have historicially had libfoo and libfoo-compat
18:57 Sketch right
18:57 Edgan Sketch: Debian more just does libfoo12 and libfoo13
18:57 Edgan Sketch: It is trickling into RedHat stuff
18:58 Edgan Sketch: Another new thing in Fedora is COPRs, which are basically the equivalent of PPAs.
18:58 Edgan Sketch: Fedora also used to have a policy against library version bundling into a package. Say a package having it's own version of libpng
18:59 Edgan Sketch: They have given up on the idea, and now there are chromium packages.
18:59 SaucyElf joined #salt
19:01 Sketch official?
19:01 derrickm joined #salt
19:02 raspado for salt/openstack (nova), is there a way to assign a nic a floating IP as well as an internally assigned IP?
19:02 pipps joined #salt
19:02 edrocks joined #salt
19:02 derrickm to clarify my question better, in master I have pillar_roots: dev: -/srv/dev/pillar, prod: - /srv/prod/pillar
19:03 derrickm in dev, if I go dev: - versions and in prod, prod: versions in the top file
19:03 derrickm they seem to share the same space
19:03 raspado derrickm: i had the same issue last night
19:03 derrickm and I am worried if someone F's up dev's pillar it could screw up prod
19:04 derrickm seems really bad
19:04 raspado with the help of hemebond, the solution was set this in your master.conf "pillar_source_merging_strategy: none"
19:04 Edgan Sketch: yes
19:04 derrickm thanks :)
19:04 aarontc joined #salt
19:04 raspado @derrickm try that and report your findings
19:05 Edgan Sketch: https://mirrors.kernel.org/fedora/updates/24/x86_64/c/chromium-54.0.2840.90-3.fc24.x86_64.rpm
19:05 derrickm oh yeah that's much better
19:05 derrickm thanks!
19:05 raspado sweet
19:07 darioleidi joined #salt
19:08 derrickm one last thing... in sls top files, I can specify dev: prod: qa: etc environments, makes deployments easier as everything stays the same from dev->prod
19:08 derrickm but in pillar top files, it seems you can only have one env per top file
19:08 derrickm if you define them all, it seems to grab incorrect data
19:09 krymzon joined #salt
19:10 raspado define them all?
19:10 derrickm meh, it's not a big deal
19:10 raspado in your top file are you doing "- match: grain"
19:11 vodik is the top.sls file supposed to propograte to minions on state.apply?
19:11 vodik wondering why my minion is getting the wrong config, looking at the minion, i see it operating with a stale top.sls
19:11 raspado vodik: i believe the minions pull whatever it needs from the top.sls file
19:11 derrickm no, actually I am good :) nevermind. Thanks all
19:13 Miouge joined #salt
19:13 vodik raspado: that's what i though, but when i do salt-call with -l trace, i see it reading an old top.sls
19:14 RandyT Edgan: if you knew me, you would know how funny it is to preach to me about writing your own code...
19:15 Edgan RandyT: I am not preaching about it. I am not recommending it. I am just saying it is what people are doing these days.
19:15 Edgan RandyT: There are lots of industry trends I don't like.
19:19 vodik raspado: facepalm, wrong saltenv
19:24 _JZ__ joined #salt
19:26 gtmanfred raspado: not in 2016.3, there is no way to auto assign a floating ip, you can only assign fixed ips and netids to servers in nova, they floating ip stuff is added in the pending 2016.11 release though
19:27 gtmanfred raspado: you can watch the salt-announce for information on when that becomes official
19:27 gtmanfred https://groups.google.com/forum/#!forum/salt-announce
19:27 gtmanfred vodik: <3
19:28 greyeax_ joined #salt
19:28 haam3r joined #salt
19:28 vodik gtmanfred: o/
19:28 gtmanfred o/
19:30 raspado gtmanfred: thx
19:31 donmichelangelo joined #salt
19:31 donmichelangelo joined #salt
19:32 jas02 joined #salt
19:32 raspado vodik: thatll do it :) /etc/salt/minion to modify if needed
19:33 vodik raspado: yeah, thanks
19:37 raspado gtmanfred: is there any foxumentation for fixed ip? can only find net-id in https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.nova.html
19:38 Shirkdog joined #salt
19:38 Shirkdog joined #salt
19:38 raspado foxumentation haha documentation
19:38 gtmanfred raspado: the networks dictionary takes any argument that you would pass to --nic on the cli
19:39 raspado ahhh ok thx
19:39 gtmanfred http://sprunge.us/aIeJ
19:39 raspado dope thx
19:40 gtmanfred np
19:42 swa_mobil joined #salt
19:42 Edgan gtmanfred: What is the criteria used for deciding to do a new minor release?
19:42 gtmanfred we do them about once a month
19:43 Miouge joined #salt
19:43 gtmanfred there will be one in december for 2016.3.5
19:43 __number5__ joined #salt
19:43 nini curious, will the one in december be fully working with python 3? :)
19:44 gtmanfred https://docs.saltstack.com/en/latest/topics/development/conventions/release.html
19:44 gtmanfred nini: no
19:44 nini aww
19:44 gtmanfred 2016.11 can run under python3 but doesn't run the full test suite yet
19:44 gtmanfred we are hopeing for the Nitrogen feature release to be fully python3 compatible
19:45 nini has 2016.11 been released yet?
19:45 gtmanfred no
19:45 gtmanfred it is in rc2
19:45 nini ah. ok.
19:45 nini I can't wait to try it out.
19:45 gtmanfred Edgan: check https://docs.saltstack.com/en/latest/topics/development/conventions/release.html and https://github.com/saltstack/salt/issues?q=is%3Aopen+is%3Aissue+label%3A2016.3.5+label%3ABlocker to know when 2016.3.5 is close to being released
19:46 cyteen__ joined #salt
19:47 gtmanfred raspado: to use the fixedip, set the line in the list of networks to net-id=<UUID>,v4-fixed-ip=<ipaddress>
19:48 raspado yep yep, gtmanfred question though, if i set the v4-fixed-ip to an available floating IP
19:48 gtmanfred i don't think you can do that
19:48 raspado would that work and would it show in openstack that the floating ip is attached?
19:48 gtmanfred i don't think you can do that... if you have a port-id you could use that instead of net-id, but you can't use a fixed ip in there
19:48 gtmanfred for floating ips in the nova driver, you really need to have the nova driver from carbon
19:49 raspado darn so the fixed-ip only applies to internal ips?
19:49 gtmanfred it only applies to ips on the network that is being applied
19:50 gtmanfred so if you have a provider network that is external and all elastic ips, then you could do it
19:50 gtmanfred but 99% of openstack deployments don't have that
19:50 raspado hmm kk
19:51 gtmanfred fixed ips only apply to ips in the range of the network that is being attached
19:58 akhter joined #salt
19:58 Trauma joined #salt
20:01 nicksloan joined #salt
20:02 cyteen_ joined #salt
20:07 akhter joined #salt
20:07 Shirkdog joined #salt
20:08 cyteen_ joined #salt
20:08 swa_mobil joined #salt
20:12 DammitJim joined #salt
20:12 Miouge joined #salt
20:14 jas02 joined #salt
20:17 netcho hi all, hgavin issues setting up smtp in salt for ec2-autoscale reacotor
20:19 netcho salt-api runs fine, tested with curl and a different reactor
20:22 jimklo_ joined #salt
20:27 jimklo joined #salt
20:31 akhter joined #salt
20:31 quantumsummers joined #salt
20:32 nZac joined #salt
20:33 quantumsummers Hello! Using salt-ssh 2016.3.4 (Boron) here, trying to do a basic state.orchestrate, and regardless of what my 'tgt' may be (a list, a glob, single minion), I always get the error: 'No matching targets found in roster.'
20:34 quantumsummers While with '-l debug' I certainly see that it renders my roster, I get 'Matched minions: {}'`
20:35 quantumsummers NB: salt-ssh works with state.sls, state.apply, etc.
20:35 gtmanfred oh interesting, i had no idea you could use state.orchestrate like that ... hrm
20:36 quantumsummers Any help is much appreciated
20:36 quantumsummers I thought it was supported
20:42 pipps joined #salt
20:43 pdayton joined #salt
20:46 gtmanfred hrm, i have never used the state.orchestrate execution module, so i have no clue... what is the exact command you are running to run your state.orchestrate
20:48 netcho trying to send email from salt but i get SMTPServerDisconnected: please run connect() first
20:50 netcho anything else needs to be added to master config except http://hastebin.com/otemilucer.scala ?
20:50 tapoxi joined #salt
20:50 quantumsummers I run it like so `salt-ssh state.orch test_fleet -l debug`
20:50 quantumsummers I have salt ssh setup in a virtualenv, running as a user
20:51 quantumsummers which works perfectly for remote command stuff, state.sls, state.highstate, state.single, etc, etc
20:51 gtmanfred hrm, interesting, yeah i have no idea, I am going to have to try that at some point and figure out how it works... but i have never used salt-ssh with state.orch
20:51 quantumsummers now i would love to do some things with the orchestration system, but am hitting this
20:52 gtmanfred can you set ssh: True in the state.highstate in your orchestrate file?
20:52 gtmanfred https://github.com/saltstack/salt/issues/17014 like how this one looks?
20:52 saltstackbot [#17014][MERGED] Error with salt-ssh and orchestrate runner | I'm trying to use the salt-ssh transport system with the orchestrate runner, here's an extract of the configuration file used :...
20:52 quantumsummers actually just using salt.function right not, not even trying to run a state
20:53 gtmanfred and then use salt-run state.orch test_fleet
20:53 quantumsummers wow saltstack bot
20:54 austin_ joined #salt
20:54 quantumsummers hmm, old Oct 29, 2014
20:54 gtmanfred don't look at the bug
20:54 gtmanfred just look at the actual state he has in the issue
20:55 gtmanfred can you make your orchestrate file look like that with the - ssh: True
20:55 gtmanfred and then use salt-run state.orchestrate test_fleet
20:55 quantumsummers yes, so, I have tried ssh: True
20:55 quantumsummers I  have read the docs
20:55 pdayton joined #salt
20:55 gtmanfred where is that mentioned in the docs? i couldn't find it
20:55 _JZ_ joined #salt
20:56 austin_ in a multi-master sydnic setup with failover, if the "primary" master comes back online, do minions reconnect automatically ?
20:56 gtmanfred good question, i don't think so
20:56 austin_ ok
20:56 austin_ just figured id ask. a little faster then testing :)
20:57 gtmanfred yeah, i am pretty sure that is to does not, and it only fails over when it disconnects, but it is worth testing if you have time
20:57 austin_ yea... i just have  A LOT of testing to do
20:57 austin_ hahaha
20:57 austin_ _adds it to the growing list_
20:59 austin_ by the time i'm done testing, i may have completely replicated my network using vagrant
20:59 quantumsummers so it does not matter if I use a salt.state or salt.function in an sls called by state.orchestration, I still get "No matching targets found in roster."
21:00 gtmanfred quantumsummers: where in the docs does it talk about useing ssh: True? i can't find it
21:00 austin_ did you set tgt ?
21:01 austin_ ssh: true, tgt: somehost with somehost in my /etc/salt/roster
21:02 nicksloan joined #salt
21:03 gtmanfred also, i think you should be running salt-run state.orch
21:03 gtmanfred salt-ssh takes a target as a command
21:03 quantumsummers yes, I get further using salt-run
21:04 gtmanfred cool
21:04 quantumsummers still fails though :D
21:04 gtmanfred so the previous command was trying to target on state.orch, and then run the test_fleet module
21:04 gtmanfred :/
21:04 quantumsummers but it's a new error, so progress
21:05 gtmanfred yay
21:08 quantumsummers ah ha, there it goes
21:08 quantumsummers working
21:08 gtmanfred nice
21:08 quantumsummers hmm, so I guess I need to have my orchestration sls files in the same dir as my states
21:08 gtmanfred yup, they need to be in the fileserver
21:09 quantumsummers yeah, is there some config related to saltenv that I can mangle to only effect the state.orch runner?
21:10 gtmanfred umm, what are you trying to do? just have your orchestration states be in a different directory?
21:11 quantumsummers I was considering maintaining the orch dir structure at the same level as states and pillar
21:11 quantumsummers no biggue
21:11 quantumsummers *biggie
21:11 netcho anyone? :D
21:11 gtmanfred you could always just have an extra directory listed under the base environment in the file_roots
21:11 gtmanfred file_roots:
21:11 gtmanfred base:
21:11 gtmanfred - /dir1
21:11 gtmanfred - /dir2
21:11 gtmanfred and then they can be stored seperately, but referenced as the same environment
21:12 quantumsummers right
21:12 gtmanfred as for the orchestration, i am not sure about if the saltenv gets passed down or not
21:12 netcho this is the sam eissue i have https://gist.github.com/daveneeley/c9aeeb8b28a0e608d54f
21:12 gtmanfred my gut reaction is that it does not pass down the saltenv from the orchestration state
21:13 gtmanfred netcho: you need it to be indented out
21:13 gtmanfred make it
21:13 gtmanfred smtp_profile:
21:13 gtmanfred smtp.from: ...
21:13 netcho i did
21:13 netcho i master config
21:13 gtmanfred http://hastebin.com/otemilucer.scala this wasn't
21:14 gtmanfred other than that, it looks fine
21:14 netcho yea but after that i did indentation
21:19 xet7 joined #salt
21:19 netcho gtmanfred: File "/usr/lib/python2.7/dist-packages/salt/modules/smtp.py", line 95, in send_msg ... server = creds.get('smtp.server') ...  AttributeError: 'str' object has no attribute 'get'
21:19 gtmanfred yup, i don't know, i have never used it.
21:20 gtmanfred it lookd right to me though /shrug
21:20 netcho oki, thanks
21:20 gtmanfred sorry
21:20 netcho anyone managed to setup ec2-reactor for autoscale?
21:20 netcho this is why i'm trying to setup smtp
21:21 pipps joined #salt
21:23 jas02 joined #salt
21:25 awiss joined #salt
21:27 fredrick joined #salt
21:29 hemebond netcho: For autoscaling?
21:29 netcho yes
21:29 hemebond I used a slightly different method https://gist.github.com/hemebond/4b48df43721adb283e0df404501a4b59
21:30 hemebond But it's working well for me so far.
21:34 netcho ok so minion id has to be asg name = instance id?
21:34 netcho +
21:34 hemebond That's how my setup names minions.
21:34 netcho yeah i can see
21:34 gtmanfred thanks hemebond
21:34 hemebond I don't use ec2-reactor
21:35 netcho i managed top setup this: https://github.com/JensRantil/saltstack-autoscaling
21:35 netcho but it's klinda slow
21:35 netcho kinda
21:36 hemebond Ah, I didn't use that because it maintained its own database or something.
21:36 netcho yes
21:37 netcho hemebond: how fast is this one? :)
21:37 hemebond Fast?
21:37 hemebond Uh....
21:37 hemebond No idea.
21:37 hemebond All it does it pre-authorise the minion.
21:38 hemebond Well, all the master really does it pre-authorise the minion.
21:38 hemebond The minion itself installs Salt.
21:38 netcho hm.. am i blind or i don't se minion installation
21:38 hemebond cloud-init.yaml tells the new VM to install and configure Salt.
21:39 netcho oh, at the end
21:39 hemebond Yeah. So all the master does is say "Oh, there's a new minion coming in, accept it when it connects"
21:39 netcho without checking?
21:40 hemebond Correct. It pre-approves the minion ID.
21:40 hemebond Which will be MYASGi-123j345jk54
21:40 hemebond Whatever the automatic ID is that EC2 gives it prefixed by the group name/ID.
21:41 netcho yeah i get it
21:41 netcho i will have to change my minion naming convention ur change ur code :D
21:41 netcho s/ur/or
21:42 netcho or change asg names hh
21:42 hemebond How do you currently name your autoscaling minions?
21:42 netcho app_name-environment-#
21:43 netcho i can name asg like thet
21:43 netcho it's then easy to target them va grains.... if 'staging' i grains['id'] etc.
21:44 hemebond Okay. You will have to edit cloud-init.yaml anyway to change _GRP_
21:44 netcho yes
21:45 netcho i gave states for creating asg too
21:45 pipps joined #salt
21:45 netcho will have to some modifications also
21:45 hemebond If there's anything in that gist that isn't clear please let me know so I can update it.
21:45 netcho i will give it a try later
21:45 netcho almost 11pm and still at the office :D
21:45 hemebond Ah, yes, if you use it. Thank ‚ėļ
21:52 teclator joined #salt
21:53 subsignal joined #salt
21:54 toastedpenguin joined #salt
22:02 DEger joined #salt
22:03 SaucyElf joined #salt
22:03 voileux joined #salt
22:03 Cottser joined #salt
22:07 DEger joined #salt
22:09 raspado is there any harm done creating a schedule to delete minion keys?
22:09 raspado we have alot of minions that we shut down for cost savings so they will be unresponsive, just curious to know what happens when those minions start back up
22:11 gtmanfred raspado: you could do a salt-run manage.down removekeys=True and schedule that
22:11 gtmanfred when they come back up, they won't be able to connect, and you will have to reaccept the key
22:11 gtmanfred assuming you are not in open or autosign_file mode
22:11 raspado hmmm ok that would be bad
22:11 gtmanfred or auto_accept
22:12 raspado ok thx gtmanfred
22:12 gtmanfred np
22:15 akhter joined #salt
22:17 coredumb Hello
22:17 gtmanfred Hola
22:17 coredumb I've noticed than when I reboot my salt server, some/many minions lost their connection to it
22:17 gtmanfred the salt master?
22:18 coredumb yes
22:18 coredumb s/server/master/
22:18 gtmanfred you might need to bump up the auth_tries value or master_tries value https://docs.saltstack.com/en/latest/ref/configuration/minion.html#master-tries
22:18 gtmanfred you can set master_tries to -1 and the minion will try for forever to connect
22:19 coredumb wohhhh
22:19 coredumb ok
22:19 gtmanfred (master_tries is new in 2016.3)
22:19 coredumb was wondering what was behind the scene that the minion got back to it
22:20 sarasfox joined #salt
22:21 teclator joined #salt
22:21 coredumb gtmanfred: still feels  like the my minions get their connection back when they issue their next high state though
22:21 sarasfox https://gist.github.com/sarasfox/ba5b369e6ad86b44f4995d530cdb77c5 help
22:22 gtmanfred sarasfox: add a : after NessusAgent.msi
22:22 gtmanfred above file.copy
22:23 sarasfox oh
22:24 jas02 joined #salt
22:24 akhter joined #salt
22:25 gtmanfred I have done that so many times :P
22:38 cyteen_ joined #salt
22:40 rem5 joined #salt
22:44 michaelc_ joined #salt
22:49 akhter joined #salt
22:50 xbglowx_ joined #salt
22:51 jmedinar joined #salt
22:52 pipps joined #salt
22:53 jmedinar Question... how can I use the 'onfail' statement but only for a particular exit code... or for all exit codes except 0 and 2 as example
22:53 gtmanfred i do not believe you can
22:55 gtmanfred though, that is totally something that cmd.run should be able to do
22:57 jmedinar it will be really nice to have something like onfail: - exitcode: 0,2 - cmd: whatever
22:57 gtmanfred yeah, so that won't be on fail
22:57 gtmanfred because onfail takes a state that fails
22:57 gtmanfred but it would be useful to have cmd.run state be able to say, these 3 exit codes are successes
22:58 Fade joined #salt
22:58 gtmanfred jmedinar: onfail only cares if the state you specify there has result: False in the state block return
22:59 jmedinar got it :)
22:59 jmedinar Salt determines whether the cmd state is successfully enforced based on the exit code returned by the command. If the command returns a zero exit code, then salt determines that the state was successfully enforced. If the script returns a non-zero exit code, then salt determines that it failed to successfully enforce the state. If a command returns a non-zero exit code but you wish to treat this as a success, then you must place
22:59 jmedinar the command in a script and explicitly set the exit code of the script to zero
23:00 jmedinar Thanks gtmanfred!
23:00 gtmanfred no problem :)
23:00 Klas joined #salt
23:00 gtmanfred aight, 5pm here, i am going to go make dinner, it is curry week at my house :P
23:01 gtmanfred o/
23:07 jacksontj joined #salt
23:10 iggy I can't imagine... my room mate makes curry every once in a while and the smell lingers for days
23:12 mohae_ joined #salt
23:16 xbglowx_ Having some problems with gifs and multiple environments. I have one top file in a separate repo as recommended, with entries for all my environments. I am trying to bootstrap a master by having it run salt-call with options --local, --file-root and, and --pillar-root. It is having problems fetching state files served by salt for env other than base when executing the salt-call command. If I tack on the specific state after state.app
23:16 xbglowx_ ly, it works fine.
23:17 xbglowx_ sorry for the multiline comment.
23:18 fracklen joined #salt
23:19 iggy xbglowx_: can you gist your minion config (bonus points if you strip comments ;) )
23:23 GnuLxUsr joined #salt
23:23 xbglowx_ iggy coming up
23:25 teclator joined #salt
23:26 jas02 joined #salt
23:26 xbglowx_ iggy https://gist.github.com/xbglowx/a8037308e1be8c5f7bd03e98c1ed6af2. FYI, this config is placed under /etc/salt/minion.d. I haven't touched /etc/salt/minion yet.
23:30 jab416171 has anyone had success with using the 'args' option when setting up external auth?
23:30 jab416171 https://docs.saltstack.com/en/latest/topics/eauth/index.html#limiting-by-function-arguments
23:31 calroc joined #salt
23:32 pipps joined #salt
23:32 calroc hi all
23:33 calroc I'm trying to install salt using the directions here: https://repo.saltstack.com/#rhel
23:33 calroc Getting an error:
23:33 calroc The GPG keys listed for the "SaltStack Latest Release Channel for RHEL/Centos 7" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.
23:33 calroc for Jinja2    python-jinja2-2.7.2-2.el7.noarch
23:34 calroc any advice?  Thanks in advance.
23:34 iggy xbglowx_: you don't have any file_roots or pillar_roots in that config?
23:34 teclator joined #salt
23:34 xbglowx_ I specify them on the cli during the bootstrap with: salt-call --retcode-passthrough --file-root=/var/lib/saltstack/salt --pillar-root=/var/lib/saltstack/pillar --local state.apply -l debug
23:35 xbglowx_ iggy ^
23:35 xbglowx_ that command doesn't work, but if I run the following it does: salt-call --retcode-passthrough --file-root=/var/lib/saltstack/salt --pillar-root=/var/lib/saltstack/pillar --local state.apply -l debug pass
23:35 iggy xbglowx_: but your issue is not having environments... how are you passing the environment config (either file_roots or gitfs)?
23:38 calroc Er, I may have found it https://github.com/saltstack/salt/issues/28144
23:38 saltstackbot [#28144][MERGED] Salt Installation Issue | Hi,...
23:41 xbglowx_ iggy won't specifying --file-root=/var/lib/saltstack/salt during the salt-call do that?
23:42 xbglowx_ iggy, I think I might be picking up what you are putting down. Let me try something.
23:44 iggy if the environments and the top file are in git repos, specifying file_roots won't do any good, no
23:47 xbglowx_ iggy, even if I have local checkouts of those repos in the file paths I am specifying with cli options --file-root and --pillar-root?
23:51 nicksloan joined #salt
23:53 sp0097 joined #salt
23:56 calroc yep, that did it.  Ciao.
23:56 calroc left #salt
23:57 akhter joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary