Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 eprice joined #salt
00:11 mavhq joined #salt
00:23 mattp what is the general approach for using orch for deployment vs top file?
00:23 mattp if I have an app I need to orchestrate to deploy, i just do not list the states in my topfile?
00:37 PatrolDoom mattp: i think most folks use jenkins?
00:37 * PatrolDoom needs to look into that himself
00:43 mavhq joined #salt
00:48 mattp PatrolDoom: so only run a highstate when something changes?
00:48 mattp not sure you understood my question
00:48 PatrolDoom there is state management & then wanting to do something as in a app deploy eh?
00:48 * PatrolDoom checks notes from other person whom gave advice
00:49 mattp PatrolDoom: sometimes
00:49 mattp ie, think about a web app cluster. take 1 out, upgrade, put it back in
00:50 PatrolDoom ah indeed, hrm i haven't gotten to that point w/ salt yet
00:50 PatrolDoom at last place we use puppet & ansible
00:50 PatrolDoom puppet for state management & ansible for deployments
00:50 PatrolDoom one method i'm considering - https://www.reddit.com/r/saltstack/comments/4ebic5/what_does_your_workflow_with_saltstack_look_like/d1ymw42/
00:50 saltstackbot [REDDIT] What does your workflow with saltstack look like? (self.saltstack) | 11 points (100.0%) | 6 comments | Posted by bearinswedish | Created at 2016-04-11 - 16:38:29
00:51 PatrolDoom well thats not waht you want
00:51 * PatrolDoom appoligizes for the randomness
00:51 PatrolDoom i know what you want, however idk how to do so w/ salt
00:51 heyimawesome joined #salt
00:51 * PatrolDoom waits for someone else to chime in
00:54 mavhq joined #salt
00:57 ivanjaros joined #salt
00:58 nickabbey joined #salt
00:58 stooj joined #salt
00:58 heyimawesome left #salt
01:00 om2 joined #salt
01:02 ninjada joined #salt
01:07 ninjada trying to run a salt state against my aws minion, to provison aws elasticache cluster.. but im getting:  State 'boto_elasticache.present' was not found..
01:07 ninjada ive got python-boto boto3 botocore installed on the minion, but for some reason it doesnt have the boto_elasticache file (and a bunch of others).. how can i install all the boto stuff required
01:09 s_kunk joined #salt
01:09 heyimawesome joined #salt
01:10 andi- joined #salt
01:10 austin_ joined #salt
01:11 mavhq joined #salt
01:12 kukacz joined #salt
01:12 brokensyntax joined #salt
01:12 MeltedLux joined #salt
01:12 twiedenbein joined #salt
01:12 eseyman joined #salt
01:12 LordOfLA joined #salt
01:12 devster31 joined #salt
01:12 Aikar joined #salt
01:12 Aikar joined #salt
01:12 dunz0r joined #salt
01:12 jholtom joined #salt
01:12 gaghiel` joined #salt
01:12 berto- joined #salt
01:12 coldbrewedbrew_ joined #salt
01:12 TRManderson joined #salt
01:12 yesimon joined #salt
01:12 g3cko joined #salt
01:12 garthk_ joined #salt
01:12 lorengordon joined #salt
01:12 McNinja joined #salt
01:12 packeteer joined #salt
01:12 shbst joined #salt
01:12 vaelen joined #salt
01:12 cebreidian joined #salt
01:12 skrobul joined #salt
01:12 tvinson joined #salt
01:13 chutzpah joined #salt
01:13 riftman joined #salt
01:13 jesusaur joined #salt
01:13 Zachary_DuBois joined #salt
01:13 Valfor joined #salt
01:13 Valfor joined #salt
01:14 dwfreed joined #salt
01:15 igormarnat_ joined #salt
01:15 m0nky joined #salt
01:15 czchen joined #salt
01:15 frew joined #salt
01:16 d3c4f joined #salt
01:18 krobertson joined #salt
01:20 HRH_H_Crab joined #salt
01:20 OliverMT joined #salt
01:22 ninjada ah seems to be a python 2.7 thing. need to enforce 2.6
01:23 stupidnic joined #salt
01:23 daemonkeeper joined #salt
01:23 gmacon joined #salt
01:23 s0undt3ch joined #salt
01:23 dnull joined #salt
01:23 mschiff joined #salt
01:23 Zaunei joined #salt
01:23 mschiff joined #salt
01:23 cmarzullo joined #salt
01:23 dlloyd joined #salt
01:23 scc_ joined #salt
01:23 tom29739 joined #salt
01:23 Sarphram joined #salt
01:23 ajolo joined #salt
01:23 TOoSmOotH joined #salt
01:23 sknebel joined #salt
01:23 tongpu joined #salt
01:24 cb_ joined #salt
01:24 setkeh joined #salt
01:24 scarcry joined #salt
01:24 Armadill0 joined #salt
01:24 mauli joined #salt
01:24 guerby joined #salt
01:24 remi joined #salt
01:24 EvaSDK joined #salt
01:24 Twiglet joined #salt
01:24 bbradley joined #salt
01:24 athaller joined #salt
01:24 LeProvokateur joined #salt
01:24 nickabbe_ joined #salt
01:25 bfrog joined #salt
01:26 Eugene joined #salt
01:28 saltstackbot joined #salt
01:28 Rubin joined #salt
01:29 Jarus joined #salt
01:29 smakar_ joined #salt
01:30 hacks joined #salt
01:36 tcolvin joined #salt
01:37 adongy joined #salt
01:38 wiqd joined #salt
01:38 lilvim joined #salt
01:40 jholtom joined #salt
01:43 Ouzo_12 joined #salt
01:43 mavhq joined #salt
01:47 shalkie joined #salt
01:51 AbyssOne joined #salt
02:00 daks joined #salt
02:05 ninjada_ joined #salt
02:13 Xenophon1 joined #salt
02:18 manji joined #salt
02:22 tapoxi joined #salt
02:23 mavhq joined #salt
02:26 catpiggest joined #salt
02:28 tapoxi joined #salt
02:40 edrocks joined #salt
02:41 ninjada joined #salt
02:46 czchen joined #salt
02:46 lkannan joined #salt
02:46 edrocks_ joined #salt
02:46 futuredale joined #salt
02:46 igormarnat_ joined #salt
02:46 d3c4f joined #salt
02:46 LordOfLA joined #salt
02:46 kidneb joined #salt
02:46 AndreasLutro joined #salt
02:46 JPaul joined #salt
02:46 tom29739 joined #salt
02:46 dnull joined #salt
02:46 chutzpah joined #salt
02:46 CustosLimen joined #salt
02:46 hexa- joined #salt
02:50 ilbot3 joined #salt
02:50 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.4, 2016.11.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:55 mswart joined #salt
02:55 Xevian joined #salt
02:59 McNinja joined #salt
03:07 eprice joined #salt
03:27 pipps joined #salt
03:34 bastiand1 joined #salt
03:34 hemebond Is there an established explanation for what goes into "app:lookup" and what goes into "app"?
03:42 mavhq joined #salt
03:43 mihait joined #salt
03:45 onlyanegg joined #salt
03:45 JPT joined #salt
03:53 om2 joined #salt
04:22 sh123124213 joined #salt
04:29 canaar joined #salt
04:37 canaar hey all
04:37 canaar what is the use of salt-api?
04:40 munhitsu_ joined #salt
04:55 preludedrew joined #salt
04:59 pradiprwt joined #salt
05:00 pradiprwt Hi Everyone, How to do salt states lint testing..?
05:00 pradiprwt Is there any tool or a way to do lint testing to salt states ...?
05:01 onlyanegg joined #salt
05:09 spuder joined #salt
05:09 armyriad joined #salt
05:10 hemebond canaar: It's a web API for sending events to the Salt master.
05:10 hemebond pradiprwt: A lint test? Like, just syntax checking?
05:10 pradiprwt hemebond : yes
05:11 hemebond I don't know of one. I did read a Github issue the other day about people wanting one.
05:11 hemebond Quick Google found this https://github.com/johanek/salt-lint
05:12 hemebond In fact there seem to be a couple of Salt linters.
05:12 pradiprwt hemebond: states contain yaml and python syntax, it's very complected for me to do lint testing..
05:13 pradiprwt hemebond : I want to develop CI for salt states which involves syntax step ..
05:14 hemebond What about http://stackoverflow.com/questions/32160599/how-to-check-saltstacks-sls-files-for-syntactic-correctness-during-development
05:16 pradiprwt hemebond : Thanks for help me, I will try to find a way
05:19 onlyanegg joined #salt
05:19 hemebond Good luck ????
05:22 rdas joined #salt
05:27 ronnix joined #salt
05:38 Llmiseyhaa joined #salt
05:46 edrocks joined #salt
05:48 DEger joined #salt
05:52 onlyanegg joined #salt
05:53 spuder joined #salt
05:54 nickabbey joined #salt
06:10 eprice joined #salt
06:13 mattl joined #salt
06:13 mavhq joined #salt
06:16 ronnix joined #salt
06:34 ninjada joined #salt
06:37 ninjada_ joined #salt
06:43 mavhq joined #salt
06:43 candyman88 joined #salt
06:47 evle joined #salt
06:53 onlyanegg joined #salt
07:03 sh123124213 joined #salt
07:11 felskrone joined #salt
07:12 colttt joined #salt
07:12 bhl joined #salt
07:14 taradacto joined #salt
07:18 fracklen joined #salt
07:27 mavhq joined #salt
07:29 darioleidi joined #salt
07:30 fracklen joined #salt
07:32 fracklen joined #salt
07:33 mavhq joined #salt
07:35 sh123124213 joined #salt
07:35 sh123124213 joined #salt
07:37 sh123124213 joined #salt
07:37 mswart left #salt
07:40 dkrae joined #salt
07:42 netcho joined #salt
07:46 ninjada joined #salt
07:50 cyborg-one joined #salt
07:54 lasseknudsen2 joined #salt
07:55 nickabbey joined #salt
07:57 starbucksusually joined #salt
08:06 bltmiller joined #salt
08:07 hoonetorg joined #salt
08:11 eprice joined #salt
08:18 onlyanegg joined #salt
08:29 o1e9 joined #salt
08:29 Lionel_Debroux joined #salt
08:30 JohnnyRun joined #salt
08:34 _KaszpiR_ joined #salt
08:35 ivanjaros joined #salt
08:37 mavhq joined #salt
08:41 mavhq joined #salt
08:48 edrocks joined #salt
08:51 lasseknudsen joined #salt
08:54 mavhq joined #salt
09:04 ronnix joined #salt
09:04 rylnd joined #salt
09:05 kbaikov joined #salt
09:06 keimlink joined #salt
09:11 inad922 joined #salt
09:15 keimlink_ joined #salt
09:24 Mattch joined #salt
09:28 Mattch joined #salt
09:29 orichards joined #salt
09:31 _KaszpiR_ joined #salt
09:33 ronnix joined #salt
09:34 cyteen joined #salt
09:36 felskrone joined #salt
09:43 s_kunk joined #salt
09:43 s_kunk joined #salt
09:43 jhauser joined #salt
09:47 cyteen joined #salt
09:50 N-Mi__ joined #salt
09:55 nickabbey joined #salt
09:56 ronnix joined #salt
10:06 netcho joined #salt
10:09 slanders joined #salt
10:11 mavhq joined #salt
10:11 saintpablo joined #salt
10:14 slanders Hi All, i'm trying to run an cmd.run function in an orchestration and i want to pass the "runas" argument. Does anybody know how i can achieve this? eg: https://hastebin.com/dihomidaso.yaml
10:15 babilen slanders: Is it an argument or a keyword argument?
10:16 slanders I guess that would be a keyword argument
10:17 hemebond - kwarg:
10:17 babilen It looks like the latter, so you'd have to pass it as a "kwarg" -- See the "copy_some_file" example in https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html
10:17 slanders Ah, thanks!
10:17 slanders I see
10:18 slanders (rtfm... *shame*)
10:19 onlyanegg joined #salt
10:19 jfelchner joined #salt
10:21 slanders babilen: Ah it does not work, because it should be a kwarg for "cmd.run" and not "salt.function".
10:21 amcorreia joined #salt
10:22 hemebond arg and kwarg are both for the "cmd.run", no?
10:22 bookwar joined #salt
10:25 slanders hemebond: that is what I try to achieve indeed. However, the error i get is as follows: https://hastebin.com/avigerewun.txt
10:26 hemebond Show your state.
10:29 slanders hemebond: Ah nevermind this is accepted: https://hastebin.com/iyoyiyiloh.yaml
10:30 hemebond It wanted a list for kwarg?
10:32 slanders Well, that is accepted it seems. If i don't format it as a list i get the error i mentioned at: https://hastebin.com/avigerewun.txt
10:32 hemebond Naughty docs.
10:32 hemebond I think I've seen that before.
10:33 hemebond Though I don't use it myself so not sure how many people run into that problem.
10:33 slanders But it doesn't seem to work. Given the following state: https://hastebin.com/bawupugujo
10:34 babilen kwargs should be a dictionary
10:34 babilen It's passed as **kwargs not *kwargs
10:34 slanders I should expect that the stdout from that cmd.run would be: "oracle" however it echos "root".
10:34 hemebond Try the full path to whoami
10:35 hemebond Oh it runs the command but returns the wrong output?
10:35 slanders hemebond: yes
10:35 slanders ah fixed it
10:35 slanders I have to do the funky this-time-it-is-four-spaces-yaml-because-of-reasons
10:36 hemebond That's why I asked for the state :-)
10:37 slanders Ha sorry for the confusion guys. For the record, this is the working state: https://hastebin.com/yobahozoge
10:39 bVector joined #salt
10:41 Reverend can you not run a cmd.run with a runas in a state?
10:43 slanders Reverend: I could, however i need this pattern for an orchestration I am trying to build. I think it should be possible, but then again, everything is with saltstack :)
10:44 _JZ_ joined #salt
10:49 whytewolf slanders: pst. you can pass states to orchestration ... using salt.state instead of salt.function ... but anyway https://gist.github.com/whytewolf/a91f1141b87ba8fbcc24f7f0d18e64c2
10:49 mavhq joined #salt
10:50 whytewolf hardly ever need to actually use kwargs
10:51 whytewolf arg takes it exactly as it is passed to the cli
10:58 netcho hi all, trying to figure out scheduling on master
10:58 netcho whats the best way of doing that?
10:59 netcho for example i wanna run test.ping every hour
10:59 armin joined #salt
11:00 netcho my minions become unresponsive after two days for example, is thet cuz of key rotation? they do not contact master for some time? or am i missng smth here
11:01 whytewolf on the master minions setup a https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs or use cron
11:01 hemebond netcho: Run one of the affected minions in debug mode then check the log when it falls off.
11:01 whytewolf also yes ^ that
11:02 whytewolf find out why they are dropping off cause that is not normal
11:02 netcho so i came back after a weekend for exampel and i run salt \* test.ping and i get Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
11:02 netcho i run it again some of the minions respond
11:03 netcho anfter couple of runs or restaring master service they all respond
11:03 whytewolf put a minion to save logs in debug mode. then leave it be.
11:03 netcho yea, i am gonna do that
11:04 netcho now the sheduling part...
11:04 whytewolf cause i have minions i don't touch for weeks at a time and do not have the issue you are talking about.
11:04 netcho hm...
11:04 netcho so i probably did smth wrong
11:05 whytewolf or have older versions of software that might have had a bug.
11:05 whytewolf or any number of things that only logs could tell you
11:05 netcho salt 2016.3.4 (Boron)
11:05 netcho i will have to wait :)
11:06 kbaikov joined #salt
11:06 netcho ok, where do i need to put schedule state?
11:06 netcho can it be in master.d?
11:06 whytewolf read the link i posted
11:07 whytewolf you odn't schedule on the master software [least no anyway that i have found. you schedule through the minion...
11:08 babilen netcho: I typically maintain schedules in pillar
11:09 whytewolf i do as well. although  i hear the schedule state isn't to bad. but i always try and avoid anything in a config file if i can.
11:12 DEger joined #salt
11:14 eprice joined #salt
11:20 bookwar joined #salt
11:20 netcho ok so i created a schedule.conf in /etc/salt/master.d and set 1 job to do test.ping every 60secs but it's not doing it..
11:21 hemebond Aren't schedules for minions?
11:21 whytewolf again ... you don't configure scedules in the master
11:22 netcho ok, sorrz my bad... so if i want to run smth on the master i need to use cron?
11:22 hemebond ya
11:22 hemebond or run a minion on your master
11:22 netcho gotcha
11:22 whytewolf netcho: or, setup a minion on the maste
11:22 netcho i have a minion on the master zeah
11:22 hemebond Which is possibly what whytewolf linked to earlier.
11:23 whytewolf actually it made no mention of the master.
11:23 whytewolf it was about scheduling
11:23 mikecmpbll joined #salt
11:23 netcho sorr i got confused
11:24 hemebond Oh true, I thought I saw a link about combined master minion setups.
11:30 babilen netcho: It really is very easy to define schedulers in pillars. That setup doesn't necessitate to manage any kind of local state on the minions and you can easily update your schedules.
11:33 averell joined #salt
11:34 impi joined #salt
11:40 ronnix joined #salt
11:42 sh123124213 joined #salt
11:43 abednarik joined #salt
11:46 elh9 joined #salt
11:47 ninjada joined #salt
11:56 lasseknudsen2 joined #salt
11:56 nickabbey joined #salt
12:14 rawzone joined #salt
12:16 lasseknudsen joined #salt
12:19 onlyanegg joined #salt
12:20 austin_ joined #salt
12:25 _KaszpiR_ joined #salt
12:55 _Cyclone_ joined #salt
12:57 tpaul joined #salt
12:57 abednarik joined #salt
13:08 wryfi joined #salt
13:12 numkem joined #salt
13:13 wryfi joined #salt
13:20 ninjada joined #salt
13:23 muxdaemon joined #salt
13:24 Trauma joined #salt
13:26 teclator joined #salt
13:26 wryfi joined #salt
13:27 djgerm joined #salt
13:27 starbucksusually joined #salt
13:28 DEger joined #salt
13:30 juadk joined #salt
13:32 DEger_ joined #salt
13:33 muxdaemon joined #salt
13:36 edrocks joined #salt
13:38 wryfi_ joined #salt
13:41 ronnix joined #salt
13:42 ninjada joined #salt
13:44 toastedpenguin joined #salt
13:44 evle1 joined #salt
13:45 alvinstarr joined #salt
13:45 edrocks joined #salt
13:47 mpanetta joined #salt
13:48 wryfi joined #salt
13:50 abednarik joined #salt
13:52 tpaul joined #salt
13:53 ninjada joined #salt
13:53 mpanetta joined #salt
13:54 ProT-0-TypE joined #salt
13:57 mrud joined #salt
14:00 xet7 joined #salt
14:02 muxdaemon joined #salt
14:09 beardedeagle joined #salt
14:11 swills joined #salt
14:14 ssplatt joined #salt
14:16 eprice joined #salt
14:20 fxhp joined #salt
14:20 onlyanegg joined #salt
14:30 mavhq joined #salt
14:31 fracklen joined #salt
14:33 Trauma joined #salt
14:33 ninjada joined #salt
14:35 ninjada_ joined #salt
14:42 antpa joined #salt
14:42 Trauma joined #salt
14:43 anotherzero joined #salt
14:44 leev joined #salt
14:44 daxroc Afternoon all
14:45 beardedeagle Morning
14:45 ronnix joined #salt
14:45 daxroc Is there a way to inspect the output of a job that has been executed. I'm not seeing the output in realtime but post 'converge'
14:46 DEger joined #salt
14:46 beardedeagle have you tried watching the event loop?
14:48 ninjada joined #salt
14:48 daxroc * I'm initiating convergence via "salt '*' state.highstate" and it wait's patiently and dumps the job output at the end, is it possible to see similar behavior as --retcode-passthrough for salt-call ?
14:49 daxroc *or rather salt-call in that it dumps directly to stdout I guess - haven't looked under the hood yet
14:51 netcho joined #salt
14:54 saltnewbie joined #salt
14:54 saltnewbie Hello
14:55 saltnewbie salt minion for windows.
14:55 saltnewbie https://docs.saltstack.com/en/latest/topics/installation/windows.html
14:55 ninjada joined #salt
14:56 saltnewbie did exactly as described in this KB
14:56 saltnewbie accepted the minion key
14:56 saltnewbie the test.ping returned "Minion did not return. [No response]"
14:57 PatrolDoom joined #salt
14:57 PatrolDoom joined #salt
14:58 DEger joined #salt
14:58 leev_ joined #salt
14:59 daxroc Can you see that your minion key has been accepted with: "salt-key -L "
15:00 saltnewbie yep
15:01 daxroc and "salt '*' test.ping" fails ?
15:01 Miouge joined #salt
15:01 saltnewbie i can even ping from master but when I use salt '<minion id>' test.ping
15:01 saltnewbie that's the result
15:02 daxroc try it with --log-level=debug
15:02 saltnewbie so stop the service and start it with --log-level=debug?
15:03 Trauma joined #salt
15:06 daxroc "salt '*' test.ping -l debug"
15:10 ravi joined #salt
15:12 ninjada joined #salt
15:14 nickabbey joined #salt
15:15 mavhq joined #salt
15:15 saltnewbie [DEBUG   ] Reading configuration from /etc/salt/master [DEBUG   ] Using cached minion ID from /etc/salt/minion_id: sesklsaltmdv01.astrazeneca.net [DEBUG   ] Missing configuration file: /root/.saltrc [DEBUG   ] Configuration file path: /etc/salt/master [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. [DEBUG   ] Reading configuration from /etc/salt/master [DEBUG   ] Using cached minion ID from /etc/s
15:16 saltnewbie [DEBUG   ] Missing configuration file: /root/.saltrc [DEBUG   ] MasterEvent PUB socket URI: /var/run/salt/master/master_event_pub.ipc [DEBUG   ] MasterEvent PULL socket URI: /var/run/salt/master/master_event_pull.ipc [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'sesklsaltmdv01.astrazeneca.net_master', 'tcp://127.0.0.1:4506', 'clear') [DEBUG   ] Initializing new IPCClient for path: /var/run/salt/ma
15:16 saltnewbie [DEBUG   ] Reading minion list from /var/cache/salt/master/jobs/4a/35bb5d8ecf92125e0907b57429260b9f4f9d2c2340026393829736921b9396/.minions.p [DEBUG   ] get_iter_returns for jid 20170109101300238804 sent to set(['seskwvmconv04.astrazeneca.net']) will timeout at 10:13:05.271192 [DEBUG   ] Checking whether jid 20170109101300238804 is still running
15:16 saltnewbie [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'sesklsaltmdv01.astrazeneca.net_master', 'tcp://127.0.0.1:4506', 'clear') [DEBUG   ] Passing on saltutil error. This may be an error in saltclient. 'retcode' [DEBUG   ] LazyLoaded localfs.list
15:16 mr_kyd saltnewbie: pastebin please
15:17 dxiri joined #salt
15:19 Trauma joined #salt
15:20 ronnix joined #salt
15:20 ninjada joined #salt
15:21 saltnewbie mr_kyd: thank you
15:21 swills joined #salt
15:21 saltnewbie daxroc: http://paste2.org/kO6MxNZO
15:21 _JZ_ joined #salt
15:22 Tanta joined #salt
15:23 tapoxi joined #salt
15:23 daxroc Are the master and client on the same host ?
15:23 saltnewbie nope
15:23 saltnewbie client is windows 2008 R2
15:23 netcho joined #salt
15:23 netcho joined #salt
15:23 saltnewbie and master centos 7
15:24 saltnewbie centos client works for the same master
15:24 sarcasticadmin joined #salt
15:26 daxroc What does "salt run manage.status" show do you see both minions as Up?
15:26 daxroc *salt-run
15:28 saltnewbie Windows minion shows in adown and centos minion shows in up
15:29 alvinstarr joined #salt
15:29 daxroc Check the configuration of your windows minion and restart the minion.
15:29 wryfi joined #salt
15:30 xet7 joined #salt
15:30 fxhp joined #salt
15:30 daxroc If your centos minion is on the same host as the master, verify you don't have any firewall rules blocking inbound connectivity etc
15:31 saltnewbie the centos minion is on a different server
15:31 saltnewbie firewalld is stopped
15:31 gtmanfred happy monday!
15:31 ravi I have few .sls files. I want to link them in my CI. Salt .sls file is yaml,so I could use yaml linter but my sls file contains few Jinja tags. Is there any linter which supports complete .sls linting. Or Is there any way to check this from salt commandline.
15:31 daxroc OK. Then verify the minion config and debug from the windows side
15:32 gtmanfred ravi: do salt-call cp.get_template
15:32 gtmanfred and that will render the jinja in the file
15:32 daxroc ravi you can also dry-run I think ?
15:32 gtmanfred then you can just do a yaml linter on it
15:32 gtmanfred also, if you wanna just check that it all compiles, you could do a state.show_low_sls and it will render it to the low data that is passed to the functions
15:33 cyteen joined #salt
15:35 daxroc Is the salt-mine the equivalent to chef-search ?
15:35 gtmanfred no
15:36 gtmanfred it can be used similarly, but you also have to choose what data to put into the mine
15:36 brousch__ joined #salt
15:36 daxroc Oh, is that the main difference is you control the data ?
15:36 gtmanfred yeah
15:37 gtmanfred knife search already has all the grains data in there for you
15:37 gtmanfred while salt mine does not
15:37 daxroc So the salt-mine is an active search across live grains ?
15:37 gtmanfred no
15:37 daxroc *live-grain-cache moreso ?
15:37 gtmanfred the minions report back what information they have to the master, and it gets stored in the mine
15:38 gtmanfred and it isn't just grains
15:38 gtmanfred it could be the return information from any of the salt execution modules
15:38 gtmanfred https://docs.saltstack.com/en/latest/topics/mine/#mine-functions
15:38 gtmanfred Linux kernel initialization, translated to bash
15:38 gtmanfred Raw
15:39 gtmanfred hrm, wrong channel
15:39 daxroc I get it now, Thanks
15:39 gtmanfred no problem
15:40 daxroc What would be the best way to find information at deploytime for use within a converge. Grains would be too late as it's after the initial compile/templating right - what patters are folks using for this ?
15:41 daxroc export to the mine and read back when needed ?
15:41 gtmanfred mine data if you are ok using a cache
15:41 gtmanfred or publish.publish
15:41 gtmanfred and peering
15:42 gtmanfred https://docs.saltstack.com/en/latest/ref/peer.html
15:42 gtmanfred but remember, the peer system does cause more load on the master with each highstate
15:42 ravi Thanks gtmanfred and daxroc .. I will try both..
15:43 Trauma joined #salt
15:44 dxiri joined #salt
15:45 ruxu joined #salt
15:46 mavhq joined #salt
15:47 Trauma joined #salt
15:50 spuder joined #salt
15:52 keltim joined #salt
15:52 ninjada joined #salt
15:54 alvinstarr joined #salt
15:55 swills joined #salt
15:56 Brew joined #salt
15:58 mavhq joined #salt
16:09 armguy joined #salt
16:14 wryfi joined #salt
16:14 mavhq joined #salt
16:14 tobithiel joined #salt
16:15 onlyanegg joined #salt
16:17 amontalban joined #salt
16:17 amontalban joined #salt
16:18 ALLmightySPIFF joined #salt
16:18 eprice joined #salt
16:21 daxroc What's the syntax for adding a grain to the mine ?
16:23 jimklo joined #salt
16:23 daxroc mine_functions:
16:23 daxroc grains.item: [mygrain]
16:24 wryfi joined #salt
16:27 johnkeates joined #salt
16:27 abednarik joined #salt
16:30 nickabbey joined #salt
16:37 candyman88 joined #salt
16:39 dendazen joined #salt
16:39 jimklo joined #salt
16:42 lumtnman joined #salt
16:43 chksome joined #salt
16:44 whiteinge joined #salt
16:44 whiteinge joined #salt
16:45 spuder joined #salt
16:45 nicerobot[m] joined #salt
16:47 cprior joined #salt
16:48 dxiri joined #salt
16:49 daxroc Would the mine not suffer the same chickent:egg fate - As reading a grain into jinja during first-converge  or is mine data made available immediately? It's looking more eventual consistently in my understanding
16:50 babilen daxroc: What are you really trying to do?
16:50 babilen Maybe there's a different approach that solves this catch 22
16:51 jraffucci joined #salt
16:51 daxroc I'm installing an application and want to read a uuid generated during installation. I need to make some rest-calls with this data to do application configuration.
16:51 daxroc I've a grain that stores this under myapplication:agent:uuid works fine on a second converge
16:52 daxroc I guess read the uuid:file directly would be the easiest way out ?
16:53 dxiri_ joined #salt
16:53 gtmanfred you would need to do a publish.publish to look it up, unless you trigger a mine.update module call
16:53 gtmanfred then you could check the mine
16:55 daxroc The mine.update, would this be triggered from the agent.sls in my example ?
16:55 wryfi joined #salt
16:56 abednarik joined #salt
16:58 gtmanfred sure, it could be from anything as long as it is after the grain is set, and before the other minion tries to access the mine
16:59 daxroc ah  this would all be in the one converge
16:59 gtmanfred you would need to also make sure that the other minion doesn't start its state run until after the first minion sets the uuid, so you could use an orchestrate state
17:00 gtmanfred https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#orchestrate-runner
17:00 daxroc *this would be the same node - for this instance.
17:00 anotherzero joined #salt
17:01 gtmanfred ahh ok, so here is your real problem
17:01 tercenya joined #salt
17:01 gtmanfred the {{}} jinja is rendered then the yaml is rendered, and then your states run
17:02 daxroc And there is no way to defer a variable lookup to runtime via jinja right?
17:03 gtmanfred not via jinja
17:03 gtmanfred we are working on a method to do the lookup at runtime, but it def won't be in until Nitrogen
17:03 whytewolf well. no official way. using orchestration you can kind of get around it because orchestration makes new calls for each stanza in it.
17:03 spuder_ joined #salt
17:03 gtmanfred https://github.com/saltstack/salt/pull/38469
17:03 saltstackbot [#38469][MERGED] [WIP] First run at adding "slots" | I would like to have a review of this idea, it is to allow for...
17:04 gtmanfred that was the first run at adding runtime evaluations
17:05 daxroc It will be a huge improvement in the --local context. But orchestrate does sound like what I need as I do need the agents installed before running the config
17:06 daxroc gtmanfred: appreciate your time, thank you
17:06 daxroc whytewolf: thanks!
17:09 tcowan joined #salt
17:09 tcowan Greetings!
17:09 nicksloan joined #salt
17:10 tcowan I need help.  I'm trying to debug a known issue.  But i'm very stuck.  looking for help.  https://github.com/saltstack/salt/issues/36349
17:10 saltstackbot [#36349][OPEN] Eauth permissions fail with subset | Description of Issue...
17:10 cyborg-one joined #salt
17:10 pipps joined #salt
17:11 spuder joined #salt
17:12 sh123124213 joined #salt
17:12 mavhq joined #salt
17:14 haam3r Hi! I'm deploying machines with salt-cloud to vmware using a template. I'm currently firing two reactor states when the salt/cloud/*/created event is fired.
17:14 haam3r One to set the hostname and the other one to run state.highstate. The issue I'm running is that the highstate reactor event breaking the hostname change...i end up with two minion key's.
17:14 haam3r One for the name I wanted that's not working and one key for the original template hostname.
17:14 ronnix joined #salt
17:14 haam3r Do I have to switch to an orchestrate run?
17:21 lumtnman joined #salt
17:22 tcowan haam3r: The two minion keys makes sense if you are changing the minion id and restarting the minion service.  One of the states failing also makes sense since they are triggered at the same time and only one state can run (yes use orchestrate)
17:22 pipps joined #salt
17:23 tcowan haam3r: I think you need to set the minion id with salt-cloud and not with a state run.
17:24 woodtablet joined #salt
17:25 haam3r tcowan: See the funny thing is...that salt-cloud is setting the minion id on the master and adding the key...but then it does not set it in the minion config for some reason
17:26 gtmanfred it doesn't set it in the config
17:26 gtmanfred it should set the hostname as the provided name you give it at build time
17:26 gtmanfred and then that gets added as /etc/salt/minion_id
17:26 gtmanfred when the salt minion starts
17:27 druonysus joined #salt
17:27 haam3r I'm deploying from a vmware template, but it is not changing the hostname at any point...it was setting the minion_id file before but that broke at some point
17:28 tercenya_ joined #salt
17:30 sh123124_ joined #salt
17:30 tawm04 joined #salt
17:31 racooper joined #salt
17:32 impi joined #salt
17:32 Edgan joined #salt
17:32 gtmanfred I think the real problem here is that the template name is not being changed, do you have vmtoolsd setup correctly?
17:32 pipps joined #salt
17:34 bltmiller joined #salt
17:35 anotherzero joined #salt
17:35 edrocks joined #salt
17:35 swills joined #salt
17:38 nidr0x joined #salt
17:43 haam3r root@minion:~# dpkg -l | grep open-vm-tools
17:43 haam3r ii  open-vm-tools                      2:10.0.7-3227872-2ubuntu1         amd64        Open VMware Tools for virtual machines hosted on VMware (CLI)
17:43 haam3r root@minion:~# vmtoolsd --version
17:43 haam3r VMware Tools daemon, version 10.0.7.52125 (build-3227872)
17:43 gtmanfred is it running?
17:43 chowmein__ joined #salt
17:44 hoonetorg joined #salt
17:47 lumtnman joined #salt
17:47 haam3r gtmanfred: yep
17:49 gtmanfred ¯\(°_o)/¯ then idk, but that is the thing that needs to be fixed
17:51 haam3r gtmanfred: ok..I'll dig into that. Thanks
17:54 tercenya joined #salt
17:57 athaller joined #salt
17:58 bocaneri joined #salt
18:01 chowmeined joined #salt
18:01 nickabbey joined #salt
18:02 ekristen joined #salt
18:05 ivanjaros joined #salt
18:10 lws joined #salt
18:10 lws Is there any way to get the YAML SerializerExtension to *not* spit out unsafe yaml?  I'm ending up with "!!python/unicode" in some templated files which fails to be re-parsed.
18:14 haam3r gtmanfred: It's not setting the hostname, or the /etc/salt/minion_id file but I can see that it writes the minion id to "etc/salt/minion" and then my highstate reactor event overwrites that file..causing the double keys
18:14 gtmanfred ahh, that would do it
18:17 gtmanfred why are you changing the hostname in the highstate?  Why not just pass the name when you build it with salt-cloud?
18:18 whiteinge joined #salt
18:18 wangofett joined #salt
18:18 haam3r gtmanfred: I was not even aware that salt-cloud would change the hostname itself. Is that the default behaviour for vmware template or should I configure something for it?
18:19 ThomasJ|m joined #salt
18:19 saintaquinas[m] joined #salt
18:19 jcl[m] joined #salt
18:19 Salander27 joined #salt
18:19 Mads[m] joined #salt
18:19 haam3r gtmanfred: i'm running "salt-cloud -p profile_name minion.host.name.com"
18:19 jerrykan[m] joined #salt
18:19 dnull[m] joined #salt
18:19 M-MadsRC joined #salt
18:19 M-liberdiko joined #salt
18:19 freelock[m] joined #salt
18:19 tmrtn[m] joined #salt
18:19 haam3r that clones a machine on vmware from a template and runs bootstrap-salt
18:20 pipps joined #salt
18:20 haam3r I actually do want the hostname to be correct before running the highstate.
18:21 mavhq joined #salt
18:22 gtmanfred Right, my question is why is your highstate changing the hostname in /etc/salt/minion?
18:22 ronnix joined #salt
18:22 gtmanfred why not build with the correct hostname in the salt-cloud command, so that the id is already correct in /etc/salt/minion
18:23 gtmanfred also, usually cloud providers let you set the hostname of the machine on build, so when you build it in vmware, it should be passed down to vmtoolsd for the hostname to be set.
18:23 haam3r It's not changing it, but removing it from there because im using a template file for the minion config and I have everything built up so that minion_id == fqdn
18:24 haam3r aka I don't need to set the minion id if the fqdn is correct
18:24 oida joined #salt
18:24 haam3r yes, but this machine is not being built from scratch but it's cloned from a template as the salt vmware docs suggest being the best option
18:25 wendall911 joined #salt
18:25 gtmanfred so, when you replace the /etc/salt/minion, do you change the hostname on the server to the same as the id: was, and then restart the salt-minion?
18:26 rem5 joined #salt
18:27 s_kunk joined #salt
18:27 s_kunk joined #salt
18:27 whiteinge joined #salt
18:30 pipps joined #salt
18:31 haam3r referring back to my original question. I'm targeting the salt/cloud/*/created event with two separate reactor events in an effort to fix this.
18:31 haam3r First state sets the minion fqdn to equal the minion_id provided by salt-cloud.
18:31 haam3r The second reactor state is running a state.highstate. As I found out running these two states on one reactor event, breaks the first state run.
18:31 haam3r So as tcowan said...I should switch over to an orch run so i can run those states sequentially.
18:32 tpaul left #salt
18:33 haam3r but yes the end result should be that the minion_id == fqdn of the server and that I have only one key on the master and the machine get's a highstate run as well
18:33 gtmanfred oh, sorry, i missunderstood then
18:35 druonysus joined #salt
18:37 haam3r gtmanfred: but are you still saying that even with a vmware template salt-cloud should be able to change the hostname and I should not have to use a reactor state to change it?
18:39 gtmanfred that i am not 100% sure on, but i don't think you should need to do it, because even with templates, it should be passed down and modified by vmtoolsd
18:39 ssplatt haam3r: alternatively you can make a state in your config that sets the hostname of the minion as a part of the state.highstate run.
18:40 ssplatt either by the network module or a cmd.run hostnamectl
18:40 gtmanfred there is a hostname state
18:40 gtmanfred hrm, looks like it is in the network state
18:40 gtmanfred system:
18:40 gtmanfred network.system:
18:40 gtmanfred - hostname: server2.example.com
18:40 gtmanfred - apply_hostname: True
18:40 gtmanfred - retain_settings: True
18:41 ssplatt in my experience, the network.system doesn’t work well
18:41 ssplatt so i run cmd.run hostnamectl when i need to set the hostname
18:41 haam3r I am already using that to set the hostname
18:42 spuder joined #salt
18:42 art5005 joined #salt
18:43 lws joined #salt
18:43 art5005 If I set a default value in a file.managed, how can I access it in the jinja template?
18:43 haam3r but that only seems to affect the "/etc/hostname" file.. I have to also set "/etc/hosts" with file.replace and run "/etc/init.d/hostname.sh" to fully configure the hostname without a reboot
18:43 gtmanfred just like any other variable in jinja
18:43 gtmanfred {{variable}}
18:44 art5005 Ah, way easier than I thought.. Thanks.
18:45 beardo http://www.theverge.com/2017/1/8/14204440/mark-hamill-dubbing-donald-trump-tweets-the-joker
18:46 beardo whoops, wrong channel
18:46 KyleG joined #salt
18:46 KyleG joined #salt
18:48 gtmanfred did you see that he was also obsessed with Late night with david letterman?
18:48 cprior iggy: Thanks for the pyyaml confrmation
18:55 sh123124213 joined #salt
18:57 jimklo joined #salt
19:05 acmd joined #salt
19:06 pipps joined #salt
19:08 alvinstarr joined #salt
19:09 swills joined #salt
19:09 acmd can anyone help me with ssh_auth
19:15 dxiri joined #salt
19:17 jimklo joined #salt
19:19 dxiri hey everyone, I see you guys are developing a libvirt driver for salt-cloud, how can I use that?
19:19 dxiri https://docs.saltstack.com/en/develop/topics/cloud/libvirt.html
19:19 cyteen joined #salt
19:19 ivanjaros3916 joined #salt
19:20 dxiri I am following that page but getting: The cloud driver, 'libvirt', configured under the 'local-kvm' cloud provider alias, could not be loaded. Please check your provider configuration files and ensure all required dependencies are installed for the 'libvirt' driver.
19:20 cyteen joined #salt
19:21 KajiMaster joined #salt
19:22 ponyofdeath hi, wondering how to work around a problem where i have salt setting up ldap auth on a system. but even tho the ldap auth is working the first salt run fails to have access to user id's from the ldap dir? is there a way to regenerate the salt info during a run
19:22 sh123124213 are there any reported issues with backwards compatibility of 2016.11 - 2016.3 ? Seems to be working fine but I would like to make sure
19:23 benner I have a problem: after upgrading minion (and server) to 2016.11.1 I saw that all upgraded minions cannot return output. What I see on master: Published command XXX and then Published command saltutil.find_job with and answer never cames.
19:24 benner any ideas where to look?
19:24 netcho joined #salt
19:24 benner salt-call test.ping on minion gives true
19:24 lumtnman joined #salt
19:27 DEger joined #salt
19:29 keimlink joined #salt
19:30 sh123124213 benner : minion log ?
19:32 nickabbey joined #salt
19:33 Praematura joined #salt
19:33 art5005 Kind of piggy-backing off my last question, but is there a way to use a variable to define the path to pillar data? Ie, something like this:
19:33 art5005 {% set data = salt['pillar.get']('services:data:{{config_env}}', {})-%}
19:33 art5005 where config_env would be passed in from the file.managed settings.
19:33 benner on minion side I see proper 'Executing command'... and then return job - 'Starting a new job with PID' but no actual return is happening
19:34 art5005 I can use if statements, but it'd be cleaner if I could use the variable inline.
19:34 fracklen joined #salt
19:34 debian112 joined #salt
19:35 Sketch art5005: have you tried that?  it may work...
19:36 sh123124213 benner: try to stop master and minion completely, run stop twice and then start them again.
19:37 art5005 Nah, I don't get a syntax error, but it just acts as if the pillar data doesn't exist. Think it ends up interpreting {{ config_env }} literally.
19:38 jimklo joined #salt
19:38 bltmiller joined #salt
19:38 nickabbey joined #salt
19:40 benner sh123124213: why twice?
19:40 whiteinge joined #salt
19:40 CeBe hi, in a jinja template, is there a way to fail if some conditions are not met?
19:41 sh123124213 happens sometimes that master or minion doesn't die correctly with one time
19:41 CeBe e.g. an improper combination of pillar values
19:41 sh123124213 benner:
19:41 benner sh123124213: you mean all minions and then salt master/api?
19:42 cyraxjoe joined #salt
19:42 sh123124213 just test on one minion and the master first
19:44 invalidexception joined #salt
19:45 benner sh123124213: does not help
19:46 sh123124213 so you restarted master and minion and it has the same issue ?
19:46 sh123124213 are you sure you didn't change any configuration parameters ?
19:46 benner stopped master, api, then minion, then started master+api and minion
19:47 benner I chamges fingerprint on minion (format changed)
19:48 sh123124213 what do you mean fingerprint ?
19:48 benner master_finger
19:48 benner from md5 to shaXXX
19:49 sh123124213 try to switch back to the values you had. I had no issues with upgrade
19:50 sh123124213 can you get output from salt-call test.ping ?
19:50 sh123124213 running that directly on the minion
19:50 benner then I have "fingerprints does not match" and this part is OK because on master I see Authentication request from/uthentication accepted from
19:50 benner and logs says that minion runs my command, gets output
19:51 benner stracing second (output) job on minion show me that i goes trhough salt/minion/proc/ files, and then send kill to itself
19:52 benner but no socket activity
19:53 sh123124213 mv /var/cache/salt/minion /var/cache/salt/minion_bak
19:53 sh123124213 restart minion
19:53 sh123124213 and test again ?
19:55 benner same...
19:56 sh123124213 I would try to downgrade one minion to previous version and then test
19:56 sh123124213 what was the previous version you had ?
19:58 benner sh123124213: i have at the moment ~300 2016.3.4 still
19:59 benner and they are working
19:59 benner what I see with debugging on minion: https://gist.github.com/anonymous/861ba1669a2c6d3775a40e537271702b
19:59 iggy art5005: {% set data = salt['pillar.get']('services:data:' ~ {{config_env}}, {}) -%}
19:59 nethershaw joined #salt
20:00 iggy CeBe: you can use some jinja and the test.fail* functions
20:00 mavhq joined #salt
20:01 CeBe iggy: how would these functions look like?
20:01 CeBe or where do I find them?
20:01 whytewolf CeBe: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html#salt.states.test.fail_with_changes
20:02 art5005 iggy: Getting this error: Unable to manage file: Jinja syntax error: expected token ':', got '}'; line 9
20:02 netcho joined #salt
20:02 whytewolf art5005: {% set data = salt['pillar.get']('services:data:' ~ config_env, {}) -%}
20:03 art5005 ahh.. there we go.
20:03 CeBe whytewolf, iggy: thanks, will check that out!
20:03 art5005 Awesome, thanks!
20:03 iggy I thought the {{foo}} worked in jinja like that too
20:04 whytewolf not within jinja.  {{}} is nothing more then a short cut for {% print <var> %}
20:05 whytewolf and jinja within jinja just don't work
20:09 anthonyshaw joined #salt
20:12 mavhq joined #salt
20:12 bbradley joined #salt
20:13 SaucyElf joined #salt
20:17 cscf How is it possible for a nodegroup match to work in "salt -N 'dfs-421' state.apply" but not in top.sls?
20:17 hemebond cscf: Would need to check your top.sls syntax
20:18 darthzen joined #salt
20:20 cscf hemebond, it's precisely the same as other entries, that's the weird thing
20:20 snergster joined #salt
20:21 dxiri joined #salt
20:21 cscf http://paste.ubuntu.com/23772312/
20:21 eprice joined #salt
20:23 CeBe whytewolf, iggy: turns out that was not really what I need. My state contains a reference to a pillar like this: {% if 'version' in pillar.mariadb %}
20:23 bowhunter joined #salt
20:24 CeBe but if mariadb is not given that fails with a really weird error that noone will understand
20:24 CeBe I'd like to throw a message like "mariadb is not configured in pillar"
20:25 whytewolf CeBe: oh so test.show_notification
20:27 CeBe whytewolf: putting {{ salt.test.show_notification("example") }} in my state file does nothing, at least the other error is still there
20:27 Trauma joined #salt
20:27 whytewolf CeBe: that is a state not a jinja function. you use jinja to render out the stuff that will error and in the test state that will notify that it isn't setup right
20:28 CeBe whytewolf: the problem here is that jinja does not compile so there is nothing to run that could error
20:29 CeBe I'm getting  Rendering SLS 'base:mariadb' failed: Jinja error: argument of type 'StrictUndefined' is not iterable
20:29 iggy it doesn't compile because {{ salt.test.... }} is invalid
20:29 CeBe correct
20:29 iggy can you gist what you have so far?
20:29 CeBe no wait, it does not compile without that
20:30 CeBe sure
20:31 CeBe https://gist.github.com/cebe/8af5127baf49be0269015f834e4121fa
20:31 CeBe as far as I see line 8 throws the error
20:32 cscf hemebond, looks fine, right?
20:32 iggy and you want to just bail out if there's no pillar.mariadb?
20:32 CeBe because pillar.mariadb is not set
20:32 CeBe iggy: it bails out already, but I'd like to bail out with a message that is more clear :)
20:32 hemebond cscf: Yeah, looks fine. I don't use nodegroups myself so I was reading up and the examples match what you've got.
20:32 dxiri joined #salt
20:33 cscf hemebond, it perfectly matches other nodegroups that have been working fine, and it works fine on the command line ( it runs state.apply, but only with the '*' stuff)
20:33 CeBe as far as my research got now that does not seem possible...
20:33 hemebond cscf: Is this nodegroup definition different to the others? Have you restarted your master?
20:34 cscf hemebond, well, actually, it's the first time I've used the yaml list rather than L@...
20:34 cscf So that's one difference
20:34 hemebond "the yaml list"?
20:34 cscf And yes, I've restarted it twice
20:34 hemebond Can you show your nodegroups?
20:34 hemebond Oh I think I see what you mean about YAML lists.
20:35 whytewolf CeBe: could you use a default value instead?
20:35 CeBe whytewolf: no, I want to avoid applying the state at all if no config was given
20:35 whytewolf ok thats easy one sec
20:36 cscf hemebond, http://paste.ubuntu.com/23772396/
20:36 sh123124213 benner: did you figure it out ?
20:36 iggy CeBe: commented
20:36 hemebond cscf: Don't you need joining terms like "and" or "or"?
20:36 hemebond Oh that's for compound matching.
20:36 cscf hemebond, https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html#defining-nodegroups-as-lists-of-minion-ids
20:37 hemebond Wait... you can use Jinja in the nodegroup definitions?
20:37 cscf hemebond, works for the other ones, yeah
20:37 hemebond There are some odd places that Jinja works on the master.
20:37 CeBe iggy: I see, so you avoid the other error by not letting jinja parse the rest of the file
20:37 cscf lets me trim the long domain name
20:37 anotherzero joined #salt
20:37 CeBe will try that, thanks!
20:37 cscf Also made it easier to sanitize for pasting
20:39 hemebond I can't see any problem.
20:39 CeBe that worked, thanks iggy and whytewolf !
20:39 whytewolf i see iggy already did it, but yes. that was the idea is trying to get at. just jinja out the stuff that doesn't work
20:40 iggy yeah, we have a lot of stuff like that here because we have like 8 different ext_pillars
20:42 hemebond cscf: That list notation doesn't even work for me on the command line.
20:42 whytewolf yeah i use that pretty much in a few places when i get lazy
20:43 cscf hemebond, as in, yaml list in /etc/salt/master, restart salt-master, salt -N 'group' doesn't work?
20:43 hemebond correct.
20:43 Trauma_ joined #salt
20:43 cscf hemebond, what salt version?  the yaml format is 2016.11
20:44 hemebond 2016.3.4
20:44 austin_ i'm trying to service pillar data from /srv/pillar/dev for a system. however, i can't seem to get that pillar data present on the minion
20:44 austin_ i've set the pillarenv: dev on the minion
20:44 austin_ anything else i'm missing ?
20:44 hemebond Oh
20:44 cscf hemebond, yeah, so it wouldn't work anyway
20:44 hemebond Looks like the new list thing is 2016.11
20:44 pipps joined #salt
20:44 cscf hemebond, yup
20:45 cscf I am running 2016.11.1 master and minion
20:45 whytewolf austin_: pillar_roots?
20:45 austin_ nope. got that.
20:45 hemebond cscf: Yeah, I'll be skipping 2016.11 so I can't help I'm afraid.
20:45 austin_ o shoudl the top file be per dir or still at the /srv/pillar level ?
20:45 whytewolf saltutil.pillar_refresh?
20:45 austin_ yea. did that
20:46 hemebond Side note: I didn't need to restart the master to test a new nodegroup (editing a file in master.d)
20:46 whytewolf and yes if you are telling the minion it needs to be dev then the top file should also be in dev
20:46 whytewolf i think
20:46 whytewolf I avoid enviroments like the plauge
20:47 austin_ yea i'm starting to see that
20:47 lumtnman joined #salt
20:47 austin_ whytewolf: i need to have pillar data different for say developing on vagrant
20:47 austin_ v actually production
20:47 austin_ pretty classic straight forward problem
20:47 austin_ but i'm not exactly sure the best route
20:48 iggy we use different masters
20:48 whytewolf yeah different masters that point at base as a different branch in the repo
20:48 austin_ ok. so you store your pillar data in a maybe a different repo ?
20:48 austin_ which brings up another problem i've run into and thats how to best set up my git remotes
20:49 fracklen joined #salt
20:50 iggy we use branches in one repo... we just check out that branch on the master in question
20:50 Rumbles joined #salt
20:50 austin_ ok so you dont develop on vagrant ?
20:51 austin_ er... using
20:51 iggy some people do
20:51 ssplatt iggy: do you have your git branches configured as envs on the salt master?
20:52 ssplatt iggy: i’d be interested in seeing what that config looks like
20:53 iggy most of the systems I deal with either require specific hardware or are clusters/setups that require multipe systems
20:53 austin_ yea but branching would eventually merge your "develop" branch to "master" and thus taking your pillar data with it
20:53 iggy we don't use envs
20:53 austin_ unless you have your pillar data in a different repo
20:53 whytewolf austin_: for me states are in a seperate repo to pillars
20:54 austin_ yea i'm thinking that might be the better play here
20:54 whytewolf still no enviroments on the masters
20:54 austin_ since we host our own internal github, make that secrete and its easy
20:54 austin_ yea i'm not so sure about envs
20:55 iggy well, technically a lot of our pillar data comes from external systems (we have a huge cmdb/ipam/etc service that predates salt)
20:55 austin_ iggy: i'll be in the same position very soon
20:55 austin_ we have metadata service that i'll need to tie into for lots of things
20:56 austin_ although it would be a custom grain
20:57 seanz joined #salt
20:58 austin_ alright so from a vagrant dev perspective, i'd have to make sure my pillars map to the same structure as my prod pillars in another repo
20:58 austin_ which initially isn't bad but i could see issues there
20:58 benner sh123124213: not yet. was afk
21:00 anthonyshaw joined #salt
21:00 dxiri joined #salt
21:01 DammitJim joined #salt
21:02 DammitJim since I updated salt to 2016... salt-cloud doesn't seem to show progress when performing actions like create_snapshot
21:03 pipps joined #salt
21:04 netcho joined #salt
21:06 xbglowx_ joined #salt
21:06 nickabbey joined #salt
21:07 DEger joined #salt
21:09 keimlink joined #salt
21:11 nickabbey joined #salt
21:11 austin_ restarting multiple services from the same watch file
21:11 austin_ can i just list them under name ?
21:12 whytewolf - name: accepts a string not a list
21:13 austin_ yea i should look at the code :sigh:
21:13 mavhq joined #salt
21:13 cmarzullo you can use watch_in
21:13 Rumbles joined #salt
21:17 xet7 joined #salt
21:19 fracklen joined #salt
21:21 DammitJim joined #salt
21:22 amontalb1n joined #salt
21:31 austin_ what does config.dot_vals actually do ?
21:32 austin_ looking at this to help to mange minion configs.
21:32 netcho joined #salt
21:34 dxiri_ joined #salt
21:34 debian112 joined #salt
21:34 whytewolf austin_: iirc all of the items in config only return config information
21:34 whytewolf there is no setting information from there
21:35 austin_ whytewolf: that is what i've kinda concluded here. just seems like you could do the master with wheel mod but can't manage the minion config?
21:35 whytewolf well most of the minion configs can be changed through pillar
21:35 austin_ i guess the pattern is to use file mod and potentially drop in a conf into minion.d/
21:35 whytewolf depending on what it is
21:36 austin_ o i did not realize this
21:36 austin_ wtf am i doing?
21:36 austin_ sorry... new to salt :)
21:37 whytewolf well there are a lot of built in configs that control how the minion operats that have to go through the minion config. but things like a lot of the extra stuff for mysql or schedules or mines can be done through pillar
21:37 austin_ yea so the ideal i have is i need to manage the syndics
21:37 austin_ idea*
21:37 austin_ i have several layers of syndics
21:38 austin_ network / security constraints i must consider
21:38 whytewolf ahh those i don't know about never configured syndics myself yet
21:38 austin_ well, its just the minion conf
21:38 austin_ and adding the syndic_master to the master conf
21:38 dxiri joined #salt
21:38 austin_ not a big deal. rather dumb command repeaters
21:39 austin_ we are setting up salt almost like a service and i need to maintain that infrastructure
21:39 whytewolf i would think that would have to be a config file item since it controlls a centeral part of the system. but yeah salt with file.maanged
21:39 austin_ ok yea i'm pretty much doing that with templates
21:39 austin_ simple for now
21:40 austin_ i see this getting interesting and will need to make sure i understand the merge strategy well
21:40 pipps joined #salt
21:45 __JZ__ joined #salt
21:45 druonysus joined #salt
21:46 Sandman joined #salt
21:47 Sandman hi - is this the place to ask silly implementation questions?
21:48 sh123124213 you can ask and people might reply
21:49 Sandman so i have a top.sls and i want to include other top.sls-like files, and these other sub-tops will have similar grain matches
21:50 Sandman top.sls: include top2.sls, base:  'roles:webserver':    do thing1
21:50 Sandman top2.sls: base:  'roles:webserver'     do thing2
21:50 Sandman seems like the states in the included top2.sls do not get executed though
21:52 ponyofdeath hi, at what time is salt
21:53 whytewolf Sandman: well first do they show up if you do a state.show_top
21:53 whytewolf ponyofdeath: what thyme is salt?
21:53 ponyofdeath sorry, how do I cleare the salt system users cache during a run?
21:53 ponyofdeath whytewolf: it seems that salt has some sort of cache at startup for available system users.
21:54 whytewolf are you sure about that?
21:54 ponyofdeath whytewolf: and after my state add's ldap to the mix the new users are not detected unless i run salt state.apply
21:54 ponyofdeath a second time
21:55 whytewolf that sounds like you are cnfusing rendering with exacution. rendering [the jinja] happens before states are ran. so the users don't exist until AFTER the states run
21:55 whytewolf it isn't a cache. it is a order of operations thing
21:56 ponyofdeath whytewolf: no, the errors are unable to create dir because user does not exist. even tho i am ssh'd into the system and can see the user
21:56 ponyofdeath a second run of salt and everything works
21:56 ponyofdeath its unable to see the ldap users during the first run
21:56 TheoSLC joined #salt
21:57 whytewolf let us see the states
21:57 whytewolf btw, salt does not have a cahce for what you are discribing. so there must be something else going on
21:58 Sandman whytewolf: they do not
21:58 ponyofdeath whytewolf: https://gist.github.com/evilbulgarian/749f3bb7f0f76506f53875d43af77743
21:58 xbglowx_ joined #salt
21:59 Tanta joined #salt
22:00 whytewolf ponyofdeath: are you using nss or other operating system user cache?
22:00 ponyofdeath whytewolf: sssd
22:00 ponyofdeath whytewolf: but that is setup durin the salt run so there is no cache
22:01 Sandman oh wow
22:01 Sandman i think i found a way around it
22:01 xbglowx__ joined #salt
22:01 whytewolf ponyofdeath: well salt doesn't have a cache either and it is the operating system saying the user doesn't exist.
22:01 whytewolf is the file create happening before the user creation?
22:02 whytewolf or maybe at the same time
22:02 lws joined #salt
22:02 ponyofdeath whytewolf: ok i guess i will keep hunting, was wondering if there was some kind of cache at play since the second run succeeds
22:03 whytewolf ponyofdeath: the second run succeeds because the user is most defintly there the second time.
22:03 whytewolf it could also be ldap not returning the user fast enough for being a fresh user
22:04 ponyofdeath whytewolf: i did require: - sls: auth.ldap to ensure all these commands happen after the ldap state file and re-running now
22:04 ponyofdeath before i just had require: - service: sssd
22:05 pipps99 joined #salt
22:06 pipps_ joined #salt
22:06 jimklo joined #salt
22:09 ponyofdeath whytewolf: same result
22:09 Sandman seems like if in my two top files, if i have "webserver" and "webserver" it doesn't work but "webserver" and "webserver*" it does
22:09 Tanta IDs should be unique
22:10 ponyofdeath whytewolf: not sure why salt is not seeing the ldap users during the first run even, the nsswitch.conf file changes i wonder if that has something to do with it
22:10 Tanta you run into dragons if you make it work somehow
22:10 Sandman for my thing?
22:10 Tanta not sure what you're doing
22:10 whytewolf ponyofdeath: you might have to orchestrate it. split it up so the ldap stuff into one orchestration stanza and the file creation into another
22:11 Sandman trying to add states for particular grains to the highstate
22:11 Sandman but do it such that it only requires one include statement in the top.sls
22:11 ponyofdeath whytewolf: what do you mean orchestrate it? u mean run multiple times from the salt master?
22:11 whitenoise joined #salt
22:13 DEger joined #salt
22:14 whytewolf ponyofdeath: no i mean use salt orchestration to run parts of it
22:21 paant joined #salt
22:24 rml_ joined #salt
22:29 KyleG joined #salt
22:29 KyleG joined #salt
22:31 hackel joined #salt
22:32 hackel Is there a way to mark a state as a post-requisite of another state?  That is, it should only run if another state has run successfully?  Basically like OnlyIf, but for a state, not a command.
22:34 ponyofdeath whytewolf: Be aware that existing processes will not be aware of the changes to nsswitch.conf
22:34 whytewolf hackel: that is what require is for
22:35 whytewolf hackel: " If the required state's execution succeeds, the dependent state will then execute. If the required state's execution fails, the dependent state will not execute."
22:35 hackel whytewolf: Wouldn't require force the requisite state to be executed, even if not specified?  I don't want that.  I want the dependent state to be executed *only* if explicitely run.
22:36 TheoSLC joined #salt
22:37 whytewolf the only way a state wouldn't run is if it doesn't exist and if it doesn't exist you can't put any kind of requisite against it
22:41 synaestheory joined #salt
22:42 hackel whytewolf: I'm including an sls in two different hosts in my top.sls, but only one includes the "required" state.  So I need to check in the sls whether the required state exists/has been run, and if so, run the dependent state.
22:43 hackel Does that make sense?  I'm looking for the best way to achieve this, without splitting the sls into two separate files.
22:44 whytewolf i would say put some sort of other marker in besides the state and use that to render out the dependent state
22:45 ninjada joined #salt
22:46 hackel whytewolf: A pillar or something?  Just trying to avoid repeating configuration.
22:48 _KaszpiR_ joined #salt
22:57 whytewolf a pillar or a grain. something that is actually easy to pull out in jinja. states don't work cause well you can't be sure what states are going to exist before the jinja renders
22:57 woodtablet left #salt
22:58 cypher543 joined #salt
22:59 dendazen joined #salt
23:02 cypher543 Is there a list of execution module functions that can be overridden in proxy modules? The examples show that package_install implements pkg.install, for example.
23:06 pipps joined #salt
23:15 PatrolDoom joined #salt
23:19 whytewolf cypher543: do you mean virtual modules?
23:20 whytewolf cypher543: not sure what you are asking about.
23:20 pipps joined #salt
23:23 eprice joined #salt
23:24 sh123124213 cypher543: you would probably need to write your own.
23:24 cypher543 Say I have a proxy minion for a modem and I want to make something like 'salt modem network.interfaces' work with it. For other functions like pkg.install or test.ping, I can implement 'package_install' and 'ping', respectively. But only the pkg.* and service.* overrides are shown in the examples.
23:25 whytewolf what examples
23:25 cypher543 https://docs.saltstack.com/en/latest/topics/proxyminion/index.html#proxymodules
23:26 sh123124213 cypher543 : https://docs.saltstack.com/en/latest/ref/proxy/all/index.html
23:26 sh123124213 those are the existing ones
23:26 anthonyshaw joined #salt
23:26 sh123124213 they can be taken as examples to code what you need
23:28 whytewolf ohhh that example doesn't create a pkg.install it creates a rest_sample.package_install and rest_sample.service_status
23:28 whytewolf things like that
23:29 whytewolf least thats how i read it
23:30 cypher543 The doc comment for package_list says that it can be executed as the standard pkg.list_pkgs, though.
23:30 whytewolf have you tried it
23:30 cypher543 And then ping gets executed for test.ping.
23:31 ssplatt joined #salt
23:32 whytewolf huh, never mind. just reading up now apperently there are some virtuals out there.
23:32 mrueg joined #salt
23:32 cypher543 Well... hrm. I just tried it and pkg.install doesn't invoke package_install.
23:33 cypher543 So the doc comment must be wrong.
23:33 debian112 joined #salt
23:38 whytewolf most likely th doc was copied directly from one of the other pkg.list modules
23:39 whytewolf but if you read down in the command execution bit they start outright that they are called with pkg_list and pkg_install
23:39 whytewolf on, no they send pkg_* commands to the minion. they are called with packe_*
23:40 cypher543 Alright. So basically, I can't make a proxy minion respond to built-in execution module functions?
23:42 whytewolf that i don't know
23:43 whytewolf the whole documentation for proxy minions has always been a little ... ball of strange
23:43 nidr0x joined #salt
23:44 pipps99 joined #salt
23:44 debian112 joined #salt
23:44 whytewolf you might want to break down the proxy modules that exist. and see if anything there helps
23:46 cypher543 Ok. Thanks for your help!
23:47 ninjada joined #salt
23:53 TheBarKeep joined #salt
23:56 TheBarKeep left #salt
23:56 TheBarKeep joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary