Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 cro joined #salt
00:08 whytewolf unless is universal.
00:08 whytewolf CeBe: https://docs.saltstack.com/en/latest/ref/states/requisites.html
00:09 CeBe ui nice :)
00:09 CeBe thanks whytewolf!
00:12 Brew joined #salt
00:20 heyimawesome joined #salt
00:25 onlyanegg joined #salt
00:31 ivanjaros joined #salt
00:33 eprice left #salt
00:33 dendazen joined #salt
00:45 sh123124213 joined #salt
00:49 Jarus left #salt
00:52 debian112 joined #salt
01:00 nickabbey joined #salt
01:13 mikecmpbll joined #salt
01:13 jas02 joined #salt
01:21 aagbds joined #salt
01:23 swills joined #salt
01:26 onlyanegg joined #salt
01:30 avalarion joined #salt
01:43 numkem joined #salt
01:49 onlyanegg joined #salt
01:51 puzzlingWeirdo joined #salt
01:57 gnomethrower joined #salt
01:57 gnomethrower Hey guys. Not sure if this is the right place to ask, but I'm having trouble with the iptables module
01:57 gnomethrower https://gist.github.com/Zorlin/acff561c778c0e476b05bb7e28d395d0
01:57 beardedeagle joined #salt
01:57 gnomethrower I used the examples here: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
01:58 gnomethrower but the rules don't seem to take effect
02:03 beardedeagle so I must be going crazy, but how can you merge/update a json dict in jinja: https://gist.github.com/beardedeagle/ff1fea4c2c941cd423b8e0e4ebfe9709
02:04 Brew joined #salt
02:04 hemebond beardedeagle: Your metadata variable contains a string.
02:06 beardedeagle oh damnit
02:06 catpiggest joined #salt
02:07 beardedeagle troubleshooting someone else state and didn't notice the - dataset: "{{ metadata }}" which is dumping it to the file as a string to be read later @hemebond
02:07 jas02 joined #salt
02:08 numkem joined #salt
02:17 onlyanegg joined #salt
02:33 edrocks joined #salt
02:38 fuhnoo joined #salt
02:38 numkem joined #salt
02:38 fuhnoo hey everyone. quick question
02:39 fuhnoo i wrote a runner that uses the logger module to write custom logs. however, whenever the runner executes, it adds the following to the log file
02:39 fuhnoo "Found minion id from generate_minion_id(): <minion_id>"
02:39 fuhnoo "Runner completed: <job_id>"
02:39 fuhnoo any idea why?
02:39 kira_ joined #salt
02:40 bigjazzsound joined #salt
02:42 hemebond fuhnoo: Is there something wrong with that?
02:46 fuhnoo the runner is going to be running lots and it's going to really fill up the logs with data i don't care about
02:46 fuhnoo so it would be nice not to have it, if possible
02:46 fuhnoo also: this is a custom log file, not the salt log file
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:50 dnull joined #salt
02:51 dnull joined #salt
02:52 dnull joined #salt
02:58 orionx joined #salt
02:58 Shirkdog_ joined #salt
02:59 orionx_ joined #salt
02:59 k4kvm joined #salt
03:00 amagawdd joined #salt
03:01 CrummyGummy joined #salt
03:01 patrek joined #salt
03:03 blu_ joined #salt
03:04 gtmanfred joined #salt
03:04 rome_390 joined #salt
03:05 stooj joined #salt
03:05 jab416171 joined #salt
03:05 KevinAn27 joined #salt
03:07 TooLmaN joined #salt
03:08 jas02 joined #salt
03:09 nineteen joined #salt
03:10 catpiggest joined #salt
03:14 jas02 joined #salt
03:21 gnomethrower Hey guys... hopefully a stupid question
03:21 gnomethrower https://gist.github.com/Zorlin/54dddabd9dae64bac363c0137c983171
03:21 gnomethrower I need to "hide" the last two lines from CentOS 5 boxes
03:21 gnomethrower and not sure whether to handle that in the state, or in the Jinja template
03:21 gnomethrower I think inside the template might be cleaner if it's possible to do that
03:22 hemebond Something like... {%- if grains.os != 'Centos' %}
03:22 hemebond ... {%- endif %}
03:23 gnomethrower hemebond: perfect, will give that a try. thanks
03:23 gnomethrower can I do like
03:23 hemebond There are obviously cleaner ways to do it but that's the simplest/most direct.
03:23 gnomethrower sure
03:23 gnomethrower well, we're going to be retiring the machines this is targeting in ~2 months
03:24 gnomethrower so I can remove this quite soon anyways :)
03:24 gnomethrower remove this exception* rathre
03:24 gnomethrower rather
03:26 gnomethrower hemebond: what about something like this?
03:26 gnomethrower {%- if grains.os != 'CentOS' and grains.osmajorrelease != '5' -%}
03:26 hemebond Seems fine.
03:27 gnomethrower i think that "and" may need to be an "or", right?
03:27 hemebond No, should be an "and".
03:27 gnomethrower but that doesn't seem right either...
03:27 gnomethrower Okay :) I'll try it out. Thank you for the help!!]
03:27 whytewolf or would mean it is centos [any version] or it is distro thats magor version is 5
03:28 gnomethrower whytewolf: yep.. haven't had coffee yet ;)
03:28 gnomethrower cheers
03:29 whytewolf coffee?? it's time for beer for me
03:29 gnomethrower hell yes. it works. thanks hemebond!
03:29 hemebond ūüĎć
03:30 mpanetta joined #salt
03:34 mpanetta joined #salt
03:34 gnomethrower hemebond: actually it doesn't work as well as I hoped :(
03:35 k_sze[work] joined #salt
03:35 gnomethrower it's applying to my CentOS 6 box
03:35 gnomethrower I need it to apply solely to CentOS 5
03:35 catpiggest joined #salt
03:35 gnomethrower this is what i have... {%- if grains.os != 'CentOS' and grains.osmajorrelease != '5' -%}
03:36 hemebond Have you checked the grains from your CentOS 5 box?
03:36 hemebond oh
03:36 hemebond == '5'
03:36 hemebond not != '5'
03:36 gnomethrower oh! nice catch!
03:36 gnomethrower thanks :)
03:38 gnomethrower hm.. that doesn't work either
03:38 gnomethrower {%- if grains.os != 'CentOS' and grains.osmajorrelease == '5' -%}
03:38 hemebond It's possible osmajorrelease is an integer.
03:38 hemebond Have you checked the grains?
03:38 gnomethrower ah - so drop the quotes?
03:39 gnomethrower yep
03:39 gnomethrower osmajorrelease:
03:39 gnomethrower 6
03:39 gnomethrower (says 5 on my centos 5 box)
03:40 gnomethrower yep, no luck with that either..
03:40 hemebond {%- if grains.os != 'CentOS' and int(grains.osmajorrelease) == 5 -%}
03:42 gnomethrower still nope... centos 6 box matches when it shouldn't
03:42 hemebond That's very strange.
03:43 whytewolf gnomethrower: using gitfs?
03:43 gnomethrower no
03:43 gnomethrower hang on... wouldn't this make more sense?
03:43 gnomethrower {%- if grains.os == 'CentOS' and int(grains.osmajorrelease) == 5 -%}
03:43 gnomethrower since we're targeting everything except CentOS 5
03:43 gnomethrower (changed first from != to ==)
03:43 hemebond I thought you wanted to exclude CentOS 5 from those lines.
03:44 gnomethrower yes... doesn't the dash make the thing inverse?
03:44 gnomethrower {%- blah -%} is an inverse match I thought
03:44 hemebond No, the dash just removes leading newlines.
03:44 beardedeagle joined #salt
03:44 hemebond (or trailing if at the end)
03:44 gnomethrower Oh. okay, then I'm still confused :P
03:44 gnomethrower yes... the idea is to print those lines for everything except CentOS 5
03:44 hemebond So, {%- if grains.os != 'CentOS' %} this stuff only shows for non-centos {%- endif %}
03:45 gnomethrower as C5 doesn't support "Match"
03:45 gnomethrower hemebond: yes... but I need those lines on CentOS 6 and 7
03:45 hemebond Just add in that osmajorversion check too.
03:45 hemebond Or are you saying that your CentOS 6 boxes are NOT getting those lines?
03:46 gnomethrower hemebond: correct
03:46 gnomethrower CentOS 6/7 are being excluded incorrectly
03:46 gnomethrower with this line
03:46 gnomethrower {%- if grains.os != 'CentOS' and int(grains.osmajorrelease) == 5 -%}
03:46 gnomethrower i have ubuntu 12.04, 14.04, 16.04 and CentOS 5,6,7 in play
03:47 gnomethrower all except C5 need to have those lines in that config, and C5 must miss them
03:47 whytewolf {%- if not (grains.os == 'CentOS' and int(grains.osmajorrelease) == 5) -%}
03:48 gnomethrower whytewolf: ah! yes! that looks like it should work
03:48 whytewolf [don't really need the int()
03:48 gnomethrower will give it a try, thanks
03:49 hemebond Oh man, my conditional was way off :-D
03:49 gnomethrower hemebond: mine was even worse ;)
03:49 hemebond Early night for me I think.
03:49 gnomethrower normally I'm good with this sort of logic but I'm pretty tired am
03:49 gnomethrower atm*]
03:50 wt joined #salt
03:51 whytewolf I used to stare at logic like this for hours on end when i was a ph dev. using tricks in php to actually tweek performence based on how far the test would need to get based on likely outcomes.... man i hate php
03:54 gnomethrower WTF...
03:54 gnomethrower hang on... weird behaviour
03:54 whytewolf define weird
03:55 gnomethrower one sec..
03:59 gnomethrower whytewolf: here
03:59 gnomethrower https://gist.github.com/Zorlin/ba526ad748482108480992aad18d88d4
03:59 gnomethrower no matter which box I go to, I get that result. Ubuntu, CentOS... doesn't matter
03:59 hemebond remove the - at the end
03:59 hemebond Use %}  instead of -%}
04:00 hemebond Only put it at the beginning.
04:00 hemebond i.e., {%-
04:00 gnomethrower oh okay
04:00 gnomethrower thanks, let me try that
04:01 gnomethrower fingers crossed, might be working..
04:02 whytewolf oh, doh. the () might be throwing it off
04:02 hemebond The () should work.
04:02 whytewolf should....
04:03 gnomethrower i think the () works
04:04 gnomethrower YAY
04:04 gnomethrower This was the final working line
04:04 gnomethrower {%- if not (grains.os == 'CentOS' and grains.osmajorrelease == '5') %}
04:04 gnomethrower and {%- endif %}
04:05 whytewolf nice
04:05 gnomethrower thank you all so much for the help :)
04:05 gnomethrower works perfectly now
04:13 netcho joined #salt
04:22 sh123124213 joined #salt
04:23 pepoluan joined #salt
04:24 pepoluan hello, I have a quick question regarding "onfail" and "require"
04:24 sh123124213 joined #salt
04:24 pepoluan say I have a state "a1" which might fail, a state "a2" with "onfail:" set to handle a1's failure, and a state "b" which "require: a1"
04:24 pepoluan will state
04:25 pepoluan will state "b" run if "a1" fails but "a2" succeeds?
04:25 hemebond pepoluan: I don't believe it will.
04:25 pepoluan hmm
04:25 pepoluan is there a way for "b" to require either "a1" *or* "a2"?
04:26 pepoluan "require:" seems to be hardcoded to use logical AND relationship, while in this case I need logical OR
04:29 amagawdd joined #salt
04:35 edrocks joined #salt
04:54 nethershaw joined #salt
05:09 nethershaw joined #salt
05:15 jas02 joined #salt
05:19 djgerm1 joined #salt
05:44 lwass joined #salt
05:45 preludedrew joined #salt
05:48 lwass hi mates, how you doing? im Luiz from Brazil and im needing ask for help! i have an environment with an salt-master and a salt api, but after restarting the salt services, after about 4, 5 hours, im starting to get errors in communication of minions with my master, so i have to restart all things again to temporary resolve the problem, do you guys have any suggestions about this problem? thank you all, and sorry for my poor english! r
05:48 hemebond lwass: What version of salt-minion? Could it be a memory leak?
05:49 lwass hemebond: im monitoring my server and my minions, and i dont have any issues with memory or any other resources, the salt-minion version is 2015.8.5
05:49 lwass hemebond: thank you for your quick response!!
05:50 hemebond Are you using GitFS?
05:51 hemebond Are you able to test against a newer version of Salt?
05:51 Straphka joined #salt
05:51 hemebond There definitely appear to be memory issues in that version of Salt.
05:52 simmel joined #salt
05:53 lwass hemebond: yes i am using, but i cant update the salt-master / minion versions right now, im using it in a production envrionment with several customers :(
05:53 rdas joined #salt
05:55 lwass hemebond: do you know if is there some way to restart a type of cache or something like this without restarting the salt-master service?
05:55 hemebond Do you have to restart the master to get the minions to reconnect?
05:56 lwass hemebond: yes, my minions are communicating by the api requisitions
05:56 hemebond Restarting just a minion doesn't get it to reconnect?
05:57 lwass i tried it yesterday but with no success. No, the minions didnt reconnect with a restart
05:58 hemebond Well, 2015.8.5 is fairly old now. First thing I would do is try a newer version. At least the latest 2015.8.
05:59 hemebond I don't think there's anything else you can restart except the main salt-master service.
05:59 lwass one thing is that my minion do a requisition to salt-api, and a jobid is generated, but it is not executing and didnt return anything
06:00 hemebond Do you mean a request? They send a request to salt-api?
06:00 hemebond Why do they do that?
06:00 lwass yes
06:01 lwass cause my salt is located on my internal company environment, and my minions are on aws
06:01 lwass i believe it is because of that
06:02 lwass dont know why people of my companys did this way
06:02 hemebond I don't really understand. They must still be connecting to the master directly.
06:05 lwass explaining more, my environment have a server, who do the provisioning of infrastructure at aws via aws api, and after that, do the provisioning of our product on that, by calling states via api
06:05 lwass and the saltstack runs the states directly on the minions
06:13 jas02 joined #salt
06:14 jas02 joined #salt
06:14 jas02 joined #salt
06:16 jas02 joined #salt
06:17 lwass hemebond: a guy from my company said that its not a good idea update the master, because the api endpoints should change doing that, do you know something relative to this?
06:17 hemebond Well, updating the master will likely break stuff, yes.
06:18 hemebond Do you have no way to run a separate master to test updated minions?
06:18 hemebond I mean, if you're hitting a bug, usually the first thing to do is test a newer version.
06:19 Straphka joined #salt
06:19 simmel joined #salt
06:22 evle joined #salt
06:23 lwass hemebond: yes, im gonna see that if i can up a separate master
06:23 lwass hemebond: wil it be a problem if i run minions with 2015.8.5 and master with an updated version?
06:23 lwass will*
06:24 hemebond It's not ideal, but they will likely work.
06:25 lwass nice
06:28 overyander joined #salt
06:28 Reverend_Fail joined #salt
06:30 zifnab_ joined #salt
06:31 onlyaneg1 joined #salt
06:32 nickabbey joined #salt
06:32 tkelley__ joined #salt
06:33 klaas joined #salt
06:33 kshlm joined #salt
06:34 s_kunk joined #salt
06:35 gladia2r joined #salt
06:38 edgr joined #salt
06:39 tom29739 joined #salt
06:43 cyborg-one joined #salt
06:47 lwass hemebond: thank you for your help :D
06:47 hemebond Good luck ūüĎć
06:50 djgerm joined #salt
06:58 ronnix joined #salt
07:01 djgerm Every so often, we get the following on error when turning up new instances with salt-cloud (11.1) http://paste.debian.net/913497/ and it seems like the ubuntu ami is getting some apt lock, and we can't figure out why. Is it likely some stupid misconfiguraiton on our AMI, could it be something buggy with salt-cloud? I can't imagine it's salt-cloud… maybe somebody else has seen this sorta thing?
07:01 sh123124213 joined #salt
07:01 bocaneri joined #salt
07:03 sh123124213 joined #salt
07:06 avalarion joined #salt
07:07 jas02 joined #salt
07:11 jas02_ joined #salt
07:12 sh123124213 joined #salt
07:14 whytewolf djgerm: that error looks like it lost connection while it was running the deploy script.
07:17 djgerm and if I run the script immediately after, it works fine.
07:17 marcinkuzminski joined #salt
07:18 whytewolf possable restart in the middle?
07:18 djgerm it's in AWS, somtimes in the same subnet, loss of connectivity would be strange...
07:19 Cidan joined #salt
07:28 jas02 joined #salt
07:28 jas02 joined #salt
07:31 ChubYann joined #salt
07:33 ivanjaros3916 joined #salt
07:41 jas02 joined #salt
08:03 juntalis joined #salt
08:09 o1e9 joined #salt
08:09 jas02 joined #salt
08:11 armyriad joined #salt
08:12 Kelsar joined #salt
08:21 k_sze[work] joined #salt
08:22 keltim joined #salt
08:26 netcho joined #salt
08:28 toanju joined #salt
08:31 teclator joined #salt
08:35 sh123124213 joined #salt
08:38 JohnnyRun joined #salt
08:43 jhauser joined #salt
08:46 DanyC joined #salt
08:52 DanyC joined #salt
08:54 ronnix joined #salt
08:55 alexzel joined #salt
08:55 lwass hemebond: are you still here? :D
08:55 hemebond yip
08:55 mavhq joined #salt
08:56 lwass i have activated debug log level in my salt-master config file
08:56 lwass and im getting a lot of bad load from minion errors
08:56 lwass 'Failed to authenticate message'
08:56 hemebond Are the minions the same version?
08:57 lwass yep
08:57 hemebond New master and minions?
08:57 lwass no, same old hahahha
08:57 lwass but
08:57 lwass do you think it can be a problem?
08:57 lwass relationed
08:58 hemebond Authentication failures are probably a problem.
09:00 mikecmpbll joined #salt
09:04 jas02 joined #salt
09:07 Kelsar joined #salt
09:10 jhauser joined #salt
09:12 iggy djgerm: I've seen that with other cloud providers as well... I think it's just a timing issue with cloud-init/apt/etc... I never found a long term fix... just kept trying
09:13 jas02_ joined #salt
09:24 jas02_ joined #salt
09:25 jhauser joined #salt
09:25 Qwazerty joined #salt
09:28 Firewalll joined #salt
09:29 NV joined #salt
09:33 nickabbey joined #salt
09:37 s_kunk joined #salt
09:37 edrocks joined #salt
09:43 netcho_ joined #salt
09:48 teclator joined #salt
09:52 dariusjs joined #salt
10:14 jas02 joined #salt
10:38 scristian joined #salt
10:54 jken joined #salt
10:59 amcorreia joined #salt
11:15 ssplatt joined #salt
11:23 evle joined #salt
11:33 dariusjs joined #salt
11:34 SaltySeaCaptain joined #salt
11:34 SaltySeaCaptain Hey all, I'm wondering if anyone can help with a firewalld state issue I'm having.
11:35 SaltySeaCaptain I'm attempting to add an "snmpservice" service to firewalld, and the minion keeps returning with an error stating that the firewall-cmd encountered unrecognised arguments.
11:36 AndreasLutro you'll probably have to run the state with `salt-call -l debug` and see if you can spot what the command being ran is
11:37 SaltySeaCaptain Ok, could you advise how I would change the following command to implement debug?: sudo salt 'minion-id' state.apply state-name
11:38 ssplatt -l debug is an option on `salt` too. just add it on to the command
11:39 AndreasLutro no, you have to ssh onto the minion and run `salt-call state.apply state-name`
11:39 AndreasLutro if you add -l debug to the salt command on the master you won't get the information you're looking for
11:40 SaltySeaCaptain Ok thank you, I'll give it a go.
11:40 ssplatt :( sorry, thought it did
11:40 impi joined #salt
11:42 SaltySeaCaptain Executing command '/bin/firewall-cmd --permanent --service=snmpservice --get-ports' in directory '/root'
11:43 SaltySeaCaptain Should Salt not create a service if it isn't present?
11:44 ssplatt is there a firewalld.makeservice or something similar state?
11:44 SaltySeaCaptain Not listed in the documentation, only firewalld.service and firewalld.present
11:45 SaltySeaCaptain I need to first make the service with firewalld.service before I can add it to firewalld.present
11:45 SaltySeaCaptain https://docs.saltstack.com/en/latest/ref/states/all/salt.states.firewalld.html
11:46 SaltySeaCaptain The documentation gives an example of creating a NEW service with the ports defined and I've copied that example, only changing the ports that are required.
11:49 SaltySeaCaptain My Salt is also above the version that firewalld.service was implemented in (My salt version = 2016.11.1, required version 2016.11.0)
11:51 jas02_ Hello, how can I run (in the background) java app? Is it possible with cmd.run, or do I need some wrapper script?
11:51 klippo joined #salt
11:52 AndreasLutro jas02_: set up a systemd service or similar
11:53 manji jas02_, create a systemd unit file
11:53 manji and register it as a serviice
11:54 manji then you can use the service salt module
11:55 Neighbour ok, what's wrong when `salt-run pillar.show_pillar minion=name` shows the proper pillar, but `salt name pillar.items` does not? (doesn't show the external pillar data)
11:56 Neighbour even after `salt name saltutil.sync_all` and `salt name saltutil.refresh_pillar`
11:56 SaltySeaCaptain Should the name not be encapsulated in ''?
11:57 Neighbour only if it contains characters that would otherwise be interpreted by your shell
12:01 abednarik joined #salt
12:10 Guest14588 joined #salt
12:13 jhauser joined #salt
12:15 jas02 joined #salt
12:21 Neighbour oddly enough, restarting the salt-master fixed it :/
12:25 mavhq joined #salt
12:29 nfahldieck joined #salt
12:31 jas02 joined #salt
12:40 edrocks joined #salt
12:43 Tanta joined #salt
12:45 dlloyd is there an easy way to handle service.running for init scripts that don't implement `status`?
12:45 darioleidi joined #salt
12:48 dlloyd it seems like between 2016.3 and 2016.11 `sig` is no longer used
13:07 impi joined #salt
13:10 cthulhuplus joined #salt
13:17 jas02 joined #salt
13:17 flughafen is there a way to call an invidual state for testing purposes but have it be with all the highstate data?
13:24 Neighbour flughafen: not that I know of
13:24 cthulhuplus Is there a way to use salt-ssh to apply states to assets behind a jumpbox?
13:24 flughafen thanks Neighbour
13:27 WKNiGHT joined #salt
13:30 edrocks joined #salt
13:31 DammitJim joined #salt
13:34 cyborg-one joined #salt
13:35 nickabbey joined #salt
13:36 CrummyGummy joined #salt
13:37 POJO joined #salt
13:38 jas02 joined #salt
13:43 FreeSpencer joined #salt
13:43 FreeSpencer joined #salt
13:43 coldbrewedbrew joined #salt
13:43 coldbrewedbrew joined #salt
13:45 dendazen joined #salt
13:53 drawsmcgraw joined #salt
13:55 cthulhuplus Like a multihop salt-ssh connection.  I'm running salt-ssh on server A which has access to server B (but not server C), but want to execute the commands/states through B to C (which B has access to).
13:59 amagawdd joined #salt
13:59 gableroux joined #salt
14:02 DanyC joined #salt
14:03 jas02 joined #salt
14:06 toastedpenguin joined #salt
14:14 toastedpenguin joined #salt
14:14 aagbds joined #salt
14:17 jas02 joined #salt
14:18 rylnd joined #salt
14:18 numkem joined #salt
14:23 nickabbey joined #salt
14:23 keltim joined #salt
14:24 dariusjs joined #salt
14:26 jas02 joined #salt
14:28 demize cthulhuplus: Configure ssh to do a proxy jump and you're golden.
14:31 cthulhuplus Thank you, I will try that
14:31 Reverend hey chaps. what would you suggest is the best way to change a minon_id from the masteR?
14:32 eThaD joined #salt
14:32 eThaD joined #salt
14:35 eThaD joined #salt
14:37 wangofett any clue why git.latest wouldn't be checking out a particular revision or fetching the remote branch?
14:38 keltim joined #salt
14:39 wangofett https://gist.github.com/waynew/08aa1994fb5a041b7cf1cd4d856b6427 that's what my state looks like
14:39 Reverend hang on let met check mine
14:39 Reverend i specify like 20 options
14:44 wangofett I recall it working before, but suddenly it seems to not work at all :P
14:45 wangofett I can use the git module to update things... but I've got some watchers for that module so it's kind of important :P
14:45 racooper joined #salt
14:49 jas02 joined #salt
14:51 jas02 joined #salt
14:54 impi joined #salt
15:01 PatrolDoom joined #salt
15:02 ssplatt joined #salt
15:04 ajv joined #salt
15:04 ajv left #salt
15:05 scoates joined #salt
15:06 ajv joined #salt
15:08 mpanetta joined #salt
15:08 DammitJim joined #salt
15:11 averell joined #salt
15:13 ajv joined #salt
15:18 tiwula joined #salt
15:20 jas02 joined #salt
15:23 abednarik joined #salt
15:24 _JZ_ joined #salt
15:26 writteno1 joined #salt
15:30 wangofett *rage* turns out I was just missing the state in my topfile
15:30 jas02 joined #salt
15:30 wangofett apparently I was doing state.apply
15:31 netcho joined #salt
15:33 debian112 joined #salt
15:34 mpanetta joined #salt
15:36 abednarik joined #salt
15:40 jas02 joined #salt
15:44 nZac joined #salt
15:47 eThaD joined #salt
15:48 eprice joined #salt
15:48 orianbsilva joined #salt
15:50 JLP_ joined #salt
15:52 eThaD joined #salt
15:53 scsinutz joined #salt
15:54 eThaD joined #salt
15:54 heaje joined #salt
15:59 JLP_ So I've got the weirdest problem.  trying to pull docker images out of quay.io and I get a "Tuple index out of range" Running the latest Salt-server and Minion versions.  And my output is like:  is such:  http://pastebin.com/9mT3EGvY
15:59 eThaD joined #salt
16:00 JLP_ Note that if I run a docker login quay.io on my test minion and then I can pull the docker containers fine.
16:02 orionx joined #salt
16:03 ssplatt joined #salt
16:06 abednarik joined #salt
16:09 scoates joined #salt
16:10 JLP1 joined #salt
16:12 JLP1 anyone see my last message?  Not sure if I was actually live.
16:12 rylnd joined #salt
16:14 dariusjs joined #salt
16:15 quasiben joined #salt
16:16 sarcasticadmin joined #salt
16:17 foundatron joined #salt
16:20 swills joined #salt
16:21 brousch__ joined #salt
16:21 foundatron Hi, i've been  trying and failing to get gitfs to work with AWS codecommit, while using aws codecommit credential helper for auth. Are any of the gitfs providers able to use credential helpers defined in .gitconfig?
16:22 muxdaemon joined #salt
16:22 mswart joined #salt
16:23 foundatron I'm trying to do this in Salt 2016.3 on Amazon Linux
16:23 hax404 joined #salt
16:24 foundatron Outside of salt, i have verified that git cli tool properly uses the credential helper
16:24 foundatron but it looks like salt doesn't know about it
16:25 foundatron You can see in Step 3. of this link how the credential helper is defined. https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html
16:25 gableroux Never worked with codecommit with salt, I guess you can use codecommit remotes for gitfs, but you may have to specify credentials the way gitfs requires them
16:26 orionx joined #salt
16:27 foundatron It's less of a code commit thing, and whether or not any of the providers are capable of using the helpers in .gitconfig
16:27 foundatron Right now my research says no...
16:27 mswart joined #salt
16:27 cmichel joined #salt
16:27 foundatron but I was hoping someone would tell me I'm totally wrong :)
16:28 gableroux I'm having some troubles getting mysql.module to run queries on one of my minions. I checked the minion's `/etc/salt/minion` and it has the right mysql configs, `cat /etc/salt/minion | grep mysql`, restarted the salt-minion service, but I always get Access denied for user 'root'@'localhost' (using password: YES).
16:30 gableroux I see that `/etc/mysql/debian.cnf` has a wrong password, but sudo mysql --defaults-file=/etc/mysql/debian.cnf gives me ERROR 1045 (28000): Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)
16:30 sp0097 joined #salt
16:30 sp0097 left #salt
16:30 POJO joined #salt
16:30 gableroux salt seems to be using the right user (root) otherwise, I'd see `debian-sys-maint` I suppose
16:32 jimklo joined #salt
16:33 AndreasLutro gableroux: best guess, you don't have a grant in mysql for root@localhost
16:34 gableroux but when I run it manually `mysql -u root -p` (and write the right password), it works, oh but could it be a a grant on a specific db, I'll check this, thanks (shouldn't root have access to everything by default in mysql?)
16:35 AndreasLutro try specifying -h localhost
16:35 AndreasLutro see what happens
16:37 djgerm joined #salt
16:39 keltim joined #salt
16:40 toanju joined #salt
16:46 jimklo joined #salt
16:53 mpanetta joined #salt
16:54 lwass joined #salt
16:56 lwass hi!! i have enabled salt-api http logging into my salt-api.conf down to rest_cherrypy, the parameter is    log_access_file: /var/log/salt/salt-api-access.log, do you guys know if i must do any other thing to get it working? thank you so much, sorry bad english
16:56 impi joined #salt
16:58 muxdaemon joined #salt
17:00 DanyC joined #salt
17:01 netcho joined #salt
17:02 quique_ joined #salt
17:04 Cadmus left #salt
17:06 djgerm joined #salt
17:06 mswart joined #salt
17:08 abednarik joined #salt
17:09 DanyC joined #salt
17:12 whiteinge lwass: that is all that is required. be sure to restart the salt-api daemon.
17:15 whiteinge also, I think that was added in 2016.11 so make sure you're on that version or later.
17:16 nixjdm joined #salt
17:19 woodtablet joined #salt
17:20 Lionel_Debroux_ joined #salt
17:21 jas02 joined #salt
17:22 teclator joined #salt
17:26 lwass whiteinge: im on 2015.8.5 :(
17:27 whiteinge ah :(
17:27 quique hemebond: did you find anything wrong with my files? error: https://paste.fedoraproject.org/551294/ /etc/salt/cloud.providers.d/ec2-us-east-1.conf: https://paste.fedoraproject.org/551283/  /etc/salt/cloud.profiles.d/ec2_us_east-1.conf: https://paste.fedoraproject.org/551284/
17:30 muxdaemon joined #salt
17:31 nidr0x joined #salt
17:34 scsinutz joined #salt
17:34 rylnd joined #salt
17:38 dariusjs joined #salt
17:40 mswart joined #salt
17:44 Trauma joined #salt
17:45 quique Can anyone let me know what I'm doing wrong? I'm trying to launch an instances using salt-cloud (2016.3) via aws with the command: "salt-cloud -p ec2_east_small_test_private tester2 -l debug" /etc/salt/cloud.providers.d/ec2-us-east-1.conf: http://paste.fedoraproject.org/551870/66199014/  /etc/salt/cloud.profiles.d/ec2_us_east-1.conf: http://paste.fedoraproject.org/551871/ error: http://paste.fedoraproject.org/551872/
17:46 wendall911 joined #salt
17:47 wendall911 joined #salt
17:53 hackel joined #salt
17:57 sh123124213 joined #salt
17:57 sh123124213 joined #salt
17:59 dariusjs joined #salt
18:01 quique joined #salt
18:03 muxdaemon joined #salt
18:05 jas02 joined #salt
18:19 nickabbey joined #salt
18:21 muxdaemon joined #salt
18:22 lmbd joined #salt
18:22 lmbd left #salt
18:23 lmbd joined #salt
18:24 lmbd Hello all
18:25 lmbd I have an issue on macOS, where I get a lot of failed states because of: "Failed to set supplemental groups to [4234]. Error: [Errno 1] Operation not permitted"
18:26 lmbd I have found the line which produce this error https://github.com/saltstack/salt/blob/2016.11/salt/utils/__init__.py#L2889
18:27 lmbd But I can't manage to find a way to debug the salt code, can some one give me a hand on this?
18:27 Edgan joined #salt
18:28 AndreasLutro lmbd: open a terminal and put in this: sudo python -c 'import os; os.getgroups()'
18:28 AndreasLutro do you get an error running that?
18:28 lmbd No error
18:28 AndreasLutro do you run the salt minion as root?
18:28 lmbd But I'm not in the sudo group on this machine
18:29 lmbd nop as user
18:29 AndreasLutro well I don't know anything about macos but I guess something there prevents your user to read groups
18:29 lmbd The issue appear for example in a state git.latest when I use the option user
18:30 edrocks joined #salt
18:30 tehsu Is there a way to use include with different unique IDs to be able to call include multiple times in a single state
18:31 tehsu I'm guessing not from this, https://github.com/saltstack/salt/issues/14899
18:31 saltstackbot [#14899][OPEN] State inclusion is limited | Currently, in a state I can include other modules:...
18:31 lmbd I only need to find a way to debug salt, but I didn't managed to use pdb with salt
18:31 aagbds_ joined #salt
18:32 lmbd How does people usually debug this software?
18:33 Ch3LL lmbd you can use pudb if running a salt-call. you can't use it for remote calls you wuld have to use a remote debugger software
18:33 Ch3LL so just from the minion att your pudb statement and run `salt-call cmd` and you will get a pudb interface
18:34 Ch3LL i mean pdb. sorry i use pudb personally
18:34 Inveracity joined #salt
18:35 lmbd Ch3LL: I just didd that before coming here
18:35 lmbd But I may have done it wrong, will try it again
18:36 cyteen joined #salt
18:38 Ch3LL yeah i do that all day long so i know it works. let me know if it doesnt
18:40 ChubYann joined #salt
18:41 lmbd So salt-call stop to execute but I doesn't get the pdb command prompt :s
18:42 lmbd I added  the line import pdb ; pdb.set_trace()
18:42 Ch3LL what file are you editing? let me try
18:42 Neighbour lmbd: I usually run the salt-master and salt-minion with "-l debug" from the console
18:43 Ch3LL and what command
18:43 foundatron Based on my comments before, and head banging yesterday I created this issue about GitFS providers not using git credential helpers https://github.com/saltstack/salt/issues/39284 . Still not sure if this is gitfs provider limitations, or salt's implementation.
18:43 saltstackbot [#39284][OPEN] GitFS providers do not use git credential helper in .gitconfig file | Description of Issue/Question...
18:43 lmbd Neighbour: I already use -l debug, and now I have to dive deeper ;)
18:44 lmbd salt-call with the --local flag
18:45 jas02 joined #salt
18:45 onlyanegg joined #salt
18:46 Ch3LL lmdb: i'm heading out for lunch but feel free to msg me and i'll get to it when i come back. Theres always adding `log.debug` statements as well if nothing else works
18:48 lmbd Ch3LL: Bon appetit!
18:48 iggy salt very much expects that it has or can get escalated privs
18:49 iggy if you are trying to run it in some other way, A) don't B) you get to keep the pieces
18:51 jas02 joined #salt
18:56 lindleyw joined #salt
18:57 lindleyw Hi, is there a way to run a state function only if a file exists in local salt files?
18:57 lindleyw like a function that checks if a file exists in state renderer
18:58 Kelsar joined #salt
19:01 gableroux AndreasLutro: Thanks for your suggestion, I verified my /etc/hosts and localhost does point to the right place, but for some reason, I can't login with root anymore even from command line, there's probably something I missed
19:01 gableroux hosts had*
19:03 AndreasLutro gableroux: mysql treats 127.0.0.1 and localhost differently. try setting host to null in your minion config
19:03 swa_work joined #salt
19:04 gableroux Good I'll try this :)
19:04 Sketch lindleyw: what does "local salt files" mean.
19:05 Sketch remember states are rendered on the minion...
19:05 lindleyw like salt://file
19:06 gableroux can we do something like this? salt['filefile_exists']('/some/file')
19:06 lindleyw yeah like that
19:06 Sketch you can, but i don't think it takes salt://file urls, it's going to look for a file on the minion.
19:07 lindleyw that's fine
19:07 lindleyw basically I want to download  file if it isn't on the minion
19:08 lindleyw and have the state reflect that
19:08 hlub_ lindleyw: is it an archive or what?
19:08 gableroux you can also have a state for the download and have a unless: ls the_file
19:09 lindleyw yeah it's a big archive
19:09 hlub lindleyw: you can use file.managed to download files from salt:// urls
19:09 hlub or you can extract archives with state archive.extracted
19:10 lindleyw it needs basic auth, so can't use archive
19:10 lindleyw so have to do cmd with curl
19:10 jimklo joined #salt
19:10 gableroux Here's an example: https://github.com/saltstack-formulas/sun-java-formula/blob/master/sun-java/init.sls#L17
19:10 hlub lindleyw: cmd.run with unless command
19:11 dariusjs joined #salt
19:12 Edgan joined #salt
19:13 mswart left #salt
19:14 hlub lindleyw: and that command could be 'test'
19:14 hlub like test -f yourfilename
19:15 swa_work joined #salt
19:19 toanju joined #salt
19:20 numkem joined #salt
19:20 gableroux AndreasLutro: I got it working, problem was simply the root password not valid anymore (can't figure out why, but it's ok )
19:21 gableroux localhost was ok, but that's good to know
19:22 MTecknology hg clone ...; cd repo/salt/{salt,pillar,etc.}; vim files; hg commit; hg push; cd ../?; ./scripts/push.sh (script: rsync, ssh->./scripts/local_deploy.sh)
19:22 MTecknology AAAAHHHHH!!!!!!!
19:25 MTecknology process at home:  git clone repo; cd repo; vim files; git commit; git push
19:30 Praematura joined #salt
19:31 juanito joined #salt
19:31 aagbds joined #salt
19:42 numkem joined #salt
19:43 DEger joined #salt
19:43 beardedeagle joined #salt
19:46 beardedeagle I _*CANNOT*_ figure out why I am getting the following error: `Jinja syntax error: expected token 'end of statement block', got '-'; line 1`. https://gist.github.com/beardedeagle/f4ff3869ead783cdcf9862aaa928689b
19:47 beardedeagle Anyone want to tell me where I am being stupid?
19:47 cscf beardedeagle, what's {%- for? I use {%
19:48 beardedeagle I have a personal war against white space
19:48 cscf oh does that prevent it from printing newlines or something?
19:48 beardedeagle that being said I have removed all `{%-` and `-%}` and still get the same error
19:49 sh123124213 anybody uses : state.pkg ?
19:49 cscf beardedeagle, do you mean you replaced with {% and %}
19:49 cscf ?*
19:49 beardedeagle yes
19:50 cscf perhaps you are not allowed dashes in "ha-lbaas"
19:50 cscf have you used dashes there before?
19:50 whytewolf t is the - in halbaas it is complaining about
19:51 * beardedeagle facepalm
19:55 * XenophonF plus-ones "personal war against white space"
19:55 Sketch +2
19:56 cscf I have a few for loops I should probably use that
19:56 XenophonF i spent _hours_ painstakingly tinkering with the whitespace controls to get various Jinja-rendered XML templates to look right
19:58 quique joined #salt
19:58 XenophonF brb
20:01 aagbds joined #salt
20:02 sh123124213 how can I run a state with pillars only from the minion(files being locally) but the minion has connection to the master ?
20:03 beardedeagle salt-call --local
20:03 beardedeagle on the minion
20:04 sh123124213 where would I save the files ?
20:04 sh123124213 what is the special config that minion needs ?
20:05 numkem joined #salt
20:06 aboe joined #salt
20:06 sh123124213 beardedeagle: ?
20:06 beardedeagle it's going to pull pillar data from wherever you have specified in your minion config
20:08 sh123124213 k, can I call salt-call from a module ?
20:09 sh123124213 https://docs.saltstack.com/en/latest/ref/clients/#salt.client.Caller
20:10 juanito_ joined #salt
20:10 sh123124213 what I want is to make the call from the master but execute the pillars and states located in the minion path. I wouldnt want to do a cmd.run 'salt-call bla bla'
20:11 sh123124213 I would be more interested to call a module on the minion
20:11 sh123124213 beardedeagle:
20:11 DanyC joined #salt
20:13 jmcknight joined #salt
20:14 DanyC joined #salt
20:15 whytewolf sh123124213: if you want to do something that can only be done with salt call then yes. you want to use cmd.run. because you need to break into a seperate salt call for what you want to do
20:16 whytewolf sh123124213: what you are basicly asking for is hey i want a masterless minion that isn't masterlesss
20:17 beardedeagle sorry, in a retro. I have to look like I am paying attention at least.
20:17 sh123124213 whytewolf: what I want is be able to run state tree with the pillars but not having rootfs or any other fileserver in the master but only in the minion
20:17 whytewolf sh123124213: yes, that is called a masterless minion
20:17 sh123124213 :D
20:17 sh123124213 you can say it like that I don't mind
20:18 whytewolf sh123124213: i say it like that because that is what it is
20:18 sh123124213 ideally I would be able to do salt minion state.highstate pkg=/tmp/state_tree.gz
20:18 whytewolf no
20:19 whytewolf won't happen
20:19 sh123124213 I have trust in the force
20:19 sh123124213 jk
20:19 whytewolf the minion shuts down it's connection to the master when you set the filesystem to local
20:19 scsinutz joined #salt
20:20 whytewolf so you either have to deal with the fileserver being on the master. or use masterless minions.
20:20 sh123124213 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.pkg
20:21 sh123124213 not sure how this works though
20:21 cscf sh123124213, so you want central pillars but local files?
20:22 cscf sounds like masterless + some sort of external pillar, if you really want that
20:22 whytewolf actually he said he wants local pillars and states
20:22 sh123124213 cscf: I want all local
20:22 MeltedLux joined #salt
20:22 whytewolf he justs wants to controll it all from a centeral point
20:23 cscf sh123124213, use pdsh on "master" to invoke local masterless minions XD
20:23 quique joined #salt
20:23 whytewolf honestly this could be done with salt-ssh also
20:24 whytewolf in fact that "package" you linked to is a salt-ssh built package
20:26 beardedeagle that is what I do ^
20:26 beardedeagle it's probably not smiled upon by the salt gods
20:26 beardedeagle but I masterless salt throughout my entire infrastructure. everything connects to consul in some way or form so I generate roster files from consul to use with salt-ssh
20:26 whytewolf salt-ssh packages tend to not have everything in the state tree though. becuase they are speciel built for the minion based on the states. and it sometimes misses things like jinja includes.
20:26 XenophonF joined #salt
20:29 whytewolf actually beardedeagle i don't frown on it. masterless installs actually are pretty kewl. and salt-ssh is a decent way to control them from a centeral point.
20:29 candyman88 joined #salt
20:30 whytewolf Ryan_Lane actually did  lot of work that made masterless installs almost as powerful as a minion-master config
20:32 aagbds joined #salt
20:32 beardedeagle Yeah I just use salt-ssh to deploy changes only
20:32 beardedeagle but I will be dropping salt-ssh here soon as well
20:33 beardedeagle since all my stuff lives in openstack and is pretty much ephemeral
20:33 whytewolf nice
20:33 beardedeagle just one or two more things to change before I can 100%
20:34 jas02 joined #salt
20:34 cscf beardedeagle, are you using a vendor's version of openstack, or how did you set it up?
20:35 beardedeagle we roll our own internally
20:36 beardedeagle but this product I am currently working on is basically octavia on crack
20:36 beardedeagle fully ephemeral cross-dc, geo aware load balancing as a service
20:37 whytewolf i really wish i could get into a company that understood roll your own openstack. vendor openstacks are .. limited. never seen one that could actualy scale.
20:37 scsinutz1 joined #salt
20:37 beardedeagle well
20:38 beardedeagle we have a buch of crap ours integrates into internally that makes it...interesting to say the least
20:38 whytewolf yeah. ours as well. and we a vendor openstack. it breaks my mind at how unstable it is because of the stupid things we do to meet complience
20:38 DammitJim joined #salt
20:40 sh123124213 beardedeagle: how do I generate that tar.gz ? what is not working exactly if I use state.pkg ?
20:40 beardedeagle wut?
20:41 sh123124213 beardedeagle: you said you use salt-ssh with state.pkg
20:42 sh123124213 right ?
20:42 whytewolf sh123124213: no
20:42 beardedeagle I did not no
20:42 sh123124213 sorry it was whytewolf :)
20:42 whytewolf sh123124213: i said the packages are generated by salt-ssh
20:42 whytewolf that entire function is there to make salt-ssh work
20:43 whytewolf with states
20:43 sh123124213 so it cannot be used without salt-ssh ?
20:44 * whytewolf shrugs.
20:45 djgerm joined #salt
20:45 whytewolf what you are asking for is so outside of the scope of salt that i doubt anyone can answer
20:46 scsinutz joined #salt
20:48 DanyC joined #salt
20:48 snarfmonkey joined #salt
20:50 snarfmonkey hey y'all. I might just be dumb - but I would say 100% the most difficult part of using salt is figuring out how these data structures are being put together by looking at a map file.
20:50 snarfmonkey it drives me bonkers. is there a way to visualize what's happening in a map so I can grok it more easily?
20:51 edrocks joined #salt
20:52 whytewolf snarfmonkey: map files? like map.jinja. might help if you look at the function that is doing the heavy lifting there. grains.filter_by
20:52 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.filter_by
20:52 snarfmonkey that's what is doing the heavy lifting sometimes.
20:52 whytewolf pretty much 90% of the time
20:54 whytewolf if it isn't a filter_by then most likely someone has done some crazy logic
20:54 snarfmonkey https://github.com/saltstack-formulas/docker-formula/blob/master/docker/map.jinja
20:55 whytewolf that is a lot of grains.filter_by
20:56 snarfmonkey my pillar is we got pillar.example that says docker-pkg:  lookup:  version:
20:56 sagerdearia joined #salt
20:56 snarfmonkey er my pillar is exactly that as far as i can tell
20:57 DammitJim joined #salt
20:57 snarfmonkey I was hoping there was maybe a tool to show me what these datastructures look like after the map merges things together
20:58 snarfmonkey i guess i am not smart enough to understand filter_by. i have read that page a hundred times
20:58 whytewolf not really.
20:58 whytewolf it would have to be built into the formula.
20:58 whytewolf I tend to just use a render module to render the output and see how it turned out
20:58 whytewolf i also tend to stay away from formulas
20:59 snarfmonkey yes. i have found the formulas only confuse me and break a lot
20:59 snarfmonkey much better to have purpose built states that reflect our infra
20:59 beardedeagle really? I went the other direction
21:00 snarfmonkey well you probably understand all this merging nonsense better than I do
21:00 snarfmonkey i spend hours trying to follow the logic between 3-4 different files that are  setting and merging data together
21:01 beardedeagle I use a single map file in all of my formulas and _*MOST*_ of my stuff is done in the pillar
21:01 beardedeagle because I can't trust dev's not to fuck it up
21:01 whytewolf humm looking at that code. pkg = the contents of docker-pkg:lookup
21:01 beardedeagle it's easier to just expect them to know how to yaml and that's it
21:01 snarfmonkey it is one of our main gripes from devs that they don't have pillar access
21:01 Poppabear joined #salt
21:02 whytewolf also, while i don't use formulas i do a lot of the tricks that formulas do use. such as merges. and clean table lookups
21:02 snarfmonkey whytewolf: and then pkg gets merged into docker? so the state can use docker.version?
21:02 viccuad joined #salt
21:02 snarfmonkey sigh
21:02 snarfmonkey i should just quit
21:03 snarfmonkey ive been doing this salt stuff for 3 years now
21:03 snarfmonkey i went to saltconf
21:03 snarfmonkey i still don't get it
21:03 viccuad Hi folks. I'm aware of file.symlink, but can file.recurse copy symlinks seamlessly? thanks in advance
21:03 whytewolf depends on how map.jinja is called.
21:03 snarfmonkey im gonna go haul garbage
21:03 POJO joined #salt
21:04 snarfmonkey well it does {% do defaults.docker.update(pkg) %}
21:04 snarfmonkey then the init file does {% from "docker/map.jinja" import docker with context %}
21:04 whytewolf so yes. that would be correct
21:05 snarfmonkey i guess i'll go back to troubleshooting why it's doing package.latest then
21:05 whytewolf because they want to make sure it is updated ;)
21:06 quique_ joined #salt
21:06 snarfmonkey yeah it hasn't really caused me any issues lately, but you can imagine someone using docker 1.10 getting upgraded to 1.13 without knowing it
21:06 snarfmonkey i don't like unexpected upgrades
21:07 whytewolf if you want to really debug. put the formula on salt locally. and add a {{docker}} then call cp.get_template on it
21:08 xet7 joined #salt
21:08 beardedeagle so snarfmonkey, probably won't help you but I use salt-call --local -l debug state.show_highstate all the damn time to figure out what is going on
21:09 snarfmonkey worth a shot
21:09 snarfmonkey oh hey btw is there a time limit on bans. I think i opened and closed my laptop too many times during the day yesterday or something
21:10 snarfmonkey :D
21:10 gtmanfred snarfmonkey: yeah, i got ya
21:11 gtmanfred was just flooding the channel for some people who were using the webgui
21:12 snarfmonkey sorry
21:12 snarfmonkey thanks
21:13 beardedeagle snarfmonkey: I also am a heavy advocator of drinking till a problem makes sense
21:13 whytewolf +1
21:14 jas02 joined #salt
21:14 Eugene Or until it doesn't make sense
21:14 whytewolf drink until there is no problem
21:14 snarfmonkey I think I have too many problems and not enough alcohol for that solution
21:15 snarfmonkey i am the only IT person at work today im so lonely
21:15 beardedeagle I have a drawer in my desk dedicated to scotch
21:19 shbst hey, any of yall know how salt-cloud sets the master when provisioning a new node?  I'm writing a new provider based on project fifo
21:19 gtmanfred snarfmonkey: no worries :D
21:20 gtmanfred shbst: it is set to whatever the default is, or whatever you put in
21:20 gtmanfred minion:
21:20 gtmanfred master: ......
21:20 gtmanfred in the profile, provider, or /etc/salt/cloud
21:20 gtmanfred default is emptystring
21:20 gtmanfred which defaults to doing a dns lookup on `salt`
21:20 shbst oh shit, i didn't realize that is what i had in the config file
21:21 shbst i thought it was picking it up from somewhere else
21:21 gtmanfred yeah, you don't have to do anything extra in the driver
21:21 shbst thanks gtmanfred
21:21 gtmanfred that will all be handled by the boostrap deploy stuff
21:21 gtmanfred np
21:21 shbst you're in austin btw right?
21:21 gtmanfred I am in San Antonio
21:21 gtmanfred for now
21:21 gtmanfred i move up to SLC on April 7th
21:21 shbst i think i've seen you at the salt meetups here?
21:21 gtmanfred yeah, i used to come up there
21:22 gtmanfred then I started working from home, and didn't feel like driving up there
21:22 gtmanfred and just walk to geekdom in downtown san antonio
21:22 shbst cool, how is SLC?  Awesome to live by the moutains now?
21:22 shbst oh, you haven't yet
21:22 gtmanfred yar :D
21:22 shbst shit, i can't read
21:22 ecdhe Does anyone use salt+openbsd in production?  I was considering building an openbsd router, and salt is my go-to for configuration management.  But with openbsd+pf, there's a real possibility that salt would be the least secure component of the system.
21:22 gtmanfred my fiancée got a job up there too, so she has been up there since december
21:22 shbst i need to go to san antionio to ride the mission trail
21:22 shbst and get a work from home job
21:23 gtmanfred shbst: it is fun, i took my parents on it when they were in town for thanksgiving
21:23 gtmanfred ecdhe: why would it be less secure? if it is just a minion, you don't have to open any ports on the minion
21:23 robawt hey thanks Salt for the SCALE 15x code
21:23 * robawt blames Heartsbane
21:24 shbst i wonder if i should be managing my pfsense router with salt :p
21:24 ecdhe shbst, you can now!
21:24 shbst ooo, i'm gonna search for it
21:24 ecdhe shbst, the only thing you're really configuring is it's config.xml file, with a hook to trigger it to restart services onchange.
21:25 ecdhe There should probably be a salt module to manage it.
21:25 gtmanfred there is a salt module to manage firewalld, so i am sure there is xml stuff in there somewhere
21:25 shbst i've never messed with the os outside of the UI
21:26 gtmanfred hrm, looks like not
21:26 gtmanfred unfortunate
21:26 shbst it's a different beast than any linux firewalls
21:26 Heartsbane robawt: did they give you a code?
21:26 robawt Heartsbane: i guessed it was 'SALT' again like in the past and it worked
21:26 robawt :)
21:26 ecdhe shbst, pfsense doesn't officially support anything but the web UI.  But it's manageable.
21:27 robawt i've used salt as the discount code since i first met you
21:27 robawt shbst: have you checked out opnsense?
21:27 robawt it's pretty cool and it's a fork of pfsense
21:28 gtmanfred aight, I am out of here for the day, gotta wrap some stuff up o/
21:28 Heartsbane robawt: I just paid full price and expensed it I will see you there.
21:28 shbst i wonder if it's worth checking out since i have pfsense branded hardware and they make images for it
21:28 shbst (i'm still cehcking it out)
21:28 robawt aww man now I feel bad :\
21:30 shbst one thing i really don't like about pfsense is the monitoring and graphing isn't that good.  Coming from a tomato router
21:31 Brew joined #salt
21:31 shbst not something salt can fix either :p
21:31 ecdhe gtmanfred, I guess salt would not open any ports.  But it's heavy compared to the couple of config files it'd be managing.  I'm not sure if masterless is the way to go, or salt-ssh.
21:31 ecdhe Didn't know if someone out there uses openbsd and can comment.
21:32 ecdhe shbst, what pfsense really needs is a vagrant basebox
21:32 brd ecdhe: tell them, they have the underlying stuff needed
21:32 brd it would be pretty easy for them to publish
21:33 brd ecdhe: spoken as the guy that did the work to build FreeBSD vagrant images
21:33 ecdhe whoa! good to meet you!  thank you!
21:34 onlyanegg joined #salt
21:34 brd np :)
21:34 brd They are very useful
21:34 ecdhe for me, building anything with a new OS means I need to salt it (for reproducible configs) and `vagrant up' it (to verify that the configs are correct)
21:35 brd Yay!
21:36 brd I need to figure out the git integration with salt and setup a vagrant to use that
21:36 ecdhe Those FreeBSD vagrant boxes have been instrumental in my learning zfs, among other things, *wonderful* to have that available.  Do you think it will be easy to convince pfsense to publish a vagrant box?
21:37 brd ecdhe: Awesome, I am very happy to hear that!
21:37 brd ecdhe: I don't know.. I can't speak for them, but you could tell them how they would be useful to you
21:40 ecdhe Is it something you need CI for? Like, when pfsense 2.4 drops, a basebox would auto-build off of the latest git repo?
21:41 netcho joined #salt
21:41 ecdhe being able to test salt formulas on the latest pfsense image would be awesome, even if you're just setting hostname, a few packet rules, and installing a zabbix minion....
21:42 shbst ecdhe, they have some kind of image don't they?
21:42 shbst i just checked, they don't
21:44 beardedeagle love it when pillars are somehow read as str_obj's
21:45 shbst if bool(True): return bool(True)
21:45 snarfmonkey guys can i not have more than one pillar key at the first indent?
21:45 snarfmonkey like i have a pillar file for a minion that has ntp settings and docker settings
21:45 snarfmonkey and they are ntp and docker-pkg respectively. all the pillar a minion could need.
21:45 zulgabis joined #salt
21:45 snarfmonkey but i can pillar.get ntp and not pillar.get docker-pkg
21:46 beardedeagle joined #salt
21:46 snarfmonkey do they have to be separate files in the pillar?
21:46 whytewolf shouldn't need to be no
21:46 whytewolf i have many files that have way more then one set of dicts/lists
21:47 nickabbey joined #salt
21:48 austin_ joined #salt
21:48 austin_ can you execute an orchestration workflow from the salt-api via /run ?
21:48 zulgabis hi all. i have a problem with saltenv. when i run <salt "sf-ie*" state.sls backup saltenv="test" test=True>, output error <Specified SLS 'backup' in environment 'base' is not available on the salt master>
21:48 whytewolf austin_: you should be able to.
21:48 austin_ i hope so
21:48 austin_ whytewolf: thanks
21:49 zulgabis but state.show_low_sls working fine
21:49 whiteinge austin_: use `client` of `runner` or `runner_async`. the fun is `state.orchestrate` and `mods` is the keyword argument of the sls names
21:49 austin_ ah ok.
21:49 jmickle joined #salt
21:50 jmickle Hi! does anyone know much about returners for highstate?
21:50 whytewolf there is a greater then 0% chance someone knows
21:51 jmickle trying to figure out if the duration in ret[‚Äėreturn‚Äô][‚Ķ] is a singleton duration or a summed duration
21:52 snarfmonkey http://pastebin.com/TcEFwBAD
21:52 snarfmonkey i've refresh_pillar'd i've restarted the master, i've fileserver.updated a hundred times
21:53 whytewolf snarfmonkey: check pillar.items
21:53 whytewolf see if there is a render error at the top
21:53 jmickle whytewolf: any idea about the returner?
21:53 snarfmonkey gooodo idea
21:54 whytewolf jmickle: sorry no idea myself. I don't mess with the returners
21:54 jmickle got it, so there may literally be a 0% chance :-D
21:54 whytewolf I'm not the only person in here
21:56 snarfmonkey ok. there isn't an error but it's not coming across like i expect. there's an empty docker-pkg key and a version key
21:56 snarfmonkey huh
21:57 beardedeagle so I am a little confused again, when I do a `salt-call --local pillars.items` it is showing correctly, but when I `{%- set ha_lbaas = salt['pillar.get']('ha-lbaas') -%}` it is loading as a string object
21:59 ecdhe brd, do you have any documentation on the process of building the FreeBSD vagrantbox that I could cite when submitting a feature request to pfsense?
22:00 Sarphram joined #salt
22:02 beardedeagle pillar.obfuscate shows them as bools too
22:03 DanyC joined #salt
22:05 viccuad so, what's the best option to store passwords, cert files, etc, while sharing the rest of states? gitfs and git+ssh private repo?
22:08 snarfmonkey alright. i got it. maybe i got some weird line end in there or something. i just had to re-write the pillar file. sigh
22:08 oododa joined #salt
22:09 beardedeagle viccuad: I use vault as a backend for all of my pillar data
22:09 snarfmonkey that sounds better than what we do
22:09 snarfmonkey which is just a secret gitolite repo
22:10 DEger joined #salt
22:10 viccuad beardedeagle: do you encrypt and unencrypt from it?
22:10 beardedeagle heh, we are very hashicorp heavy on this project
22:10 Sarphram joined #salt
22:10 oododa Howdy, folks. I'm using pip.installed: [ list of things ], and for some reason salt seems to invoke 'pip --version' and 'pip freeze' for every package in [ list of things ]. Is there any way to encourage salt not to do that?
22:11 whytewolf viccuad: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.vault.html
22:11 beardedeagle yes we do. also you could do gpg renderer for your pillars
22:11 viccuad thanks folks :)
22:11 beardedeagle gpg + gitfs + priave repo
22:12 viccuad but then, the problem of bootstrapping the gpg key
22:14 snarfmonkey whytewolf: thanks a lot man. i was feeling pretty crushed. i can finally go get lunch now
22:14 snarfmonkey i mean. i still think i might be a hair too dumb for saltstack
22:14 snarfmonkey but i live to fight another day
22:15 * snarfmonkey closes his chat window like a good netizen
22:15 jas02 joined #salt
22:18 sh123124213 joined #salt
22:18 ProT-0-TypE joined #salt
22:20 drawsmcgraw left #salt
22:31 viccuad Hi folks. I'm aware of file.symlink, but can file.recurse copy symlinks seamlessly? thanks in advance
22:42 jas02 joined #salt
22:45 barmaley joined #salt
22:49 debian112 joined #salt
22:59 scsinutz joined #salt
23:00 onlyanegg joined #salt
23:03 jimklo joined #salt
23:10 cebreidian joined #salt
23:16 jas02 joined #salt
23:16 sh123124213 joined #salt
23:16 dxtr joined #salt
23:19 sh123124213 joined #salt
23:21 coldbrewedbrew joined #salt
23:21 coldbrewedbrew joined #salt
23:21 coldbrewedbrew_ joined #salt
23:22 Or joined #salt
23:24 beardedeagle So I cannot get past this Rendering SLS 'base:ha-lbaas.restart' failed: Jinja variable 'str object' has no attribute 'reboot' error: https://gist.github.com/beardedeagle/72d809ad212e84f1f1e9033a3c67848f
23:26 hemebond Looks okay. The pillar is being applied correctly?
23:27 beardedeagle Works fine when I `salt-call --local pillar.items`
23:27 honestly beardedeagle dump the jinja variable?
23:29 Reverend joined #salt
23:30 coldbrewedbrew joined #salt
23:30 coldbrewedbrew joined #salt
23:30 coldbrewedbrew_ joined #salt
23:30 hemebond Looks like the pillar is being read in as a string.
23:30 beardedeagle yes
23:30 beardedeagle that is my issue
23:30 hemebond That's very odd.
23:30 beardedeagle pillar.get shows it fine
23:31 beardedeagle pillar.obfuscate shows everything is typed correctly
23:31 hemebond You can do pillar.get ha_lbaas:failover ?
23:31 beardedeagle yup
23:32 hlub joined #salt
23:32 beardedeagle `salt-call --local pillar.get ha_lbaas:reboot` local: True
23:32 drags joined #salt
23:33 hemebond Is there no master?
23:34 amcorreia joined #salt
23:35 brd ecdhe: um, you could tell them to email brd@FreeBSD.org if they need any assistence
23:35 hemebond What happens if you do the pillar.get in the state file rather than importing from the map.jinja?
23:35 beardedeagle masterless
23:36 woodtablet joined #salt
23:37 orionx_ joined #salt
23:38 beardedeagle @hemebond if I change the if conditional to `{%- if pillar['ha_lbaas']['reboot'] %}` it works
23:40 hemebond What about salt['pillar.get']('ha_lbaas')['reboot']
23:40 coldbrewedbrew joined #salt
23:40 coldbrewedbrew joined #salt
23:41 beardedeagle isn't that the same thing with additional steps?
23:41 hemebond It's the same as what you have in the map.jinja.
23:41 coldbrewedbrew_ joined #salt
23:41 hemebond There is some difference in behaviour between the two methods.
23:41 hemebond I always use salt['pillar.get']
23:41 justanotheruser joined #salt
23:43 FreeSpencer joined #salt
23:43 FreeSpencer joined #salt
23:43 Tanta hemebond, you can do {% if salt['pillar.get;]('key') is defined %}
23:44 Tanta that's a useful and simple way of checking variable state
23:44 Ryan_Lane whytewolf: I'd argue masterless is nicer than master/minion if you're willing to live without remote execution :)
23:44 Tanta hey Ryan_Lane :D
23:45 Tanta u still working at lyft?
23:45 beardedeagle I am trying to avoid multiple calls to pillar[''] in my states or instantiating a var to hold my pillar in every state
23:45 hemebond Ryan_Lane: Never!
23:45 Ryan_Lane what you lose in functionality you gain in consistency and testability
23:45 beardedeagle so I create it in map
23:45 beardedeagle and just import it everywhere
23:45 Ryan_Lane Tanta: yep
23:45 beardedeagle but that is causing issues
23:45 Tanta I used your blog post about masterless as inspiration for my current deployment
23:45 hemebond I watched your talk a couple of times and still don't really understand the masterless stuff.
23:45 Tanta it is working out very well
23:45 Ryan_Lane hemebond: did you watch the one from last year, or the year before?
23:45 hemebond Hmmm, both I think.
23:45 Ryan_Lane I did not prepare well at all last year :(
23:46 Tanta so I owe you one Ryan_Lane, your exposition on the masterless setup was incisive and very useful
23:46 Ryan_Lane Tanta: thanks :)
23:46 Ryan_Lane if you're in a datacenter and are using real hardware, I'd think masterless isn't very doable
23:47 Ryan_Lane because you need to deploy your salt code to every node
23:47 Tanta depends on whether u can pxe boot...
23:47 Ryan_Lane true
23:47 Tanta it works well for a 5 VPC setup at AWS though
23:47 Tanta that would be a nightmare to have a central master
23:47 Ryan_Lane I'd think with pxe boot and something like swift or minio it could work similarly
23:47 Ryan_Lane indeed. autoscale groups make life way harder with masters
23:47 Ryan_Lane and multiple vpcs do too
23:48 Tanta yes I did it once with a Rails app
23:48 Ryan_Lane wait till you start dealing with multiple aws accounts
23:48 Ryan_Lane and multiple regions
23:48 Tanta I hope that never happens
23:48 Tanta my company is just a small edutech thing
23:48 Ryan_Lane it's _easy_ to do this with masterless, but insanely difficult with a master
23:48 Tanta you have an entirely different scale and logistical challenge at Lyft though
23:48 Ryan_Lane you'll probably want multi-region for disaster recovery purposes :)
23:49 Tanta yes, fair point
23:49 Tanta 3 AZs is good enough for now though
23:49 Ryan_Lane yep
23:49 Tanta I figure if that gets knocked offline, there are bigger problems
23:49 whytewolf I like mastered for deploying my openstack setup. but honestly i do agree that masterless works great inside of it
23:51 Ryan_Lane yeah, that's understandable. it's nice to be able to do RCE actions against real hardware
23:51 Tanta Ryan_Lane, I store my grains in a private S3 bucket, and deploy them to /etc/salt/grains by encoding the S3 path and sha1 sum in pillar
23:51 Ryan_Lane ah nice
23:51 Tanta if there's a new set of grains it terminates and re-runs highstate
23:51 Ryan_Lane oh. we have something really fun coming with the boto_asg state
23:51 Tanta I use cloudformation
23:51 Ryan_Lane :'(
23:51 Tanta they do YAML now :D
23:52 Tanta 2900 lines of cloudformation json
23:52 Tanta I know it's bad
23:52 Ryan_Lane boto_asg will manage boto_lc automatically for you. we're adding an arg to boto_asg that'll let you take your tag information and have it injected into your cloud-init as a boothook as environment vars you can source
23:53 Tanta cool
23:53 Ryan_Lane that way you can use the sourced environment variables as grains, based on the asg tag info
23:53 Ryan_Lane without needing to lookup the tags
23:53 Ryan_Lane which is... unreliable at best
23:53 Tanta yeah
23:53 Tanta I use the ASG name as a key
23:57 beardedeagle eff it
23:57 beardedeagle I changed my map file to hard req pillar['ha_lbaas']
23:57 teclator joined #salt
23:57 beardedeagle and it is working

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary