Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-16

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:07 edrocks joined #salt
00:12 Badgerops joined #salt
00:13 k_sze[work] joined #salt
00:36 hrumph joined #salt
00:36 funabashi joined #salt
00:50 sh123124213 joined #salt
01:00 awpti- Incoming stupid questions because I can't seem to find the right term(s) to search for: I want to create a formula with conditions relevant to a given environment (dev, qa, stage, et al). I can't find anything in the docs on what variable I should look at to determine the env for a given condition that doesn't also require it to be set on each minion. What am I missing here? :x
01:01 brousch__ joined #salt
01:05 ksoviero joined #salt
01:06 ksoviero joined #salt
01:07 ksoviero joined #salt
01:07 bwellsnc joined #salt
01:08 ksoviero joined #salt
01:08 whytewolf awpti-: saltenv by chance? https://docs.saltstack.com/en/latest/ref/states/vars.html#saltenv
01:08 bwellsnc Hey guys, I am trying to tune my instance and I am constantly getting "The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased."  My specs are 8 vCPU and 16gb of ram... I think I am missing something in my conf to help with this
01:09 bwellsnc Currently I have 184 minions
01:09 whytewolf bwellsnc: I have ran salt on less hardware with more minions i think you have something else going on then performence of the master issues
01:10 cyborg-one joined #salt
01:11 bwellsnc That was I am afraid of... I am running Foreman/Katello on the same machine also because I am trying to avoid using puppet with foreman and I have a feeling this causing my issues
01:13 bwellsnc It might be the version also, I am running the version that comes with RHEL 7, 2015.5.10
01:13 nickabbey joined #salt
01:13 whytewolf that shouldn't be the issue. I was running even older on a version that was known for ZmQ issues
01:14 whytewolf 2014.1
01:16 bwellsnc ah ok... I think I need to give it more resources to compensate for foreman running on it
01:17 whytewolf well you could do a little investigating. whats your io look like? check networking top also. also are you doing anything crazy with mine and orchestrat and pillar and jinja
01:17 k_sze[work] joined #salt
01:18 k_sze[work] joined #salt
01:19 hrumph hi
01:19 bwellsnc io looks good, I was looking at that last night, need to look at the network then... I do have external pillars setup to be in foreman
01:19 hrumph when i use run.cmd how can i handle an error. if it fails it just exits with ERROR: Minions returned with non-zero exit code
01:20 hrumph there's no exception i can catch
01:21 whytewolf hrumph: in what context. cli, state, or custom module?
01:21 hrumph whytewolf, right now just a custom module
01:21 whytewolf use cmd.run_all which returns a dict with more then just the output
01:22 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run_all
01:24 prg3 joined #salt
01:24 rimk joined #salt
01:25 shoemonkey joined #salt
01:30 hemebond I wish the output from run and run_all was consistent.
01:42 k_sze[work] joined #salt
01:43 whytewolf it isn't?
01:44 hemebond No, one is at least missing the return code.
01:44 hemebond I have a custom NSCA returner to do monitoring and have to use run_all to make sure I get all the information.
01:46 puzzlingWeirdo joined #salt
01:47 whytewolf eh, run is mostly kept for backwords compatibility it really should be deprecated, then made an alias of run_all. but that is a TON of work. since cmd.run preatty uch is at the heart of most salt modules
01:48 whytewolf changeing to run_all format would take a long time to make sure every place that cmd.run is used is covered. and most don't need anything more then output of the command in question.
01:54 PeterO joined #salt
01:59 jas02 joined #salt
02:00 rimk joined #salt
02:01 hrumph whytewolf, why is there no powershell_all to match run_all?
02:01 * whytewolf shrugs
02:02 whytewolf like a bad made, i don't do windows
02:02 whytewolf also i don't work for salt, so take everything i say with ... salt
02:06 sh123124213 joined #salt
02:07 edrocks joined #salt
02:19 Nahual joined #salt
02:19 mpanetta_ joined #salt
02:33 tapoxi joined #salt
02:40 rimk joined #salt
02:46 onlyanegg joined #salt
02:48 gnomethrower joined #salt
02:48 gnomethrower Hey there
02:49 gnomethrower we're using 2015.08 and want to know how to upgrade to the latest version of Salt
02:49 gnomethrower we have a pretty extensive set of pillars and states, and environments and hacks..
02:49 gnomethrower basically I want to know if there's a document that tells you what changes you need to make to be compatible with later versions - things like {{ env }} -> {{ saltenv }}\
02:49 GabLeRoux joined #salt
02:56 jimklo_ joined #salt
02:58 catpiggest joined #salt
02:59 liviudm joined #salt
03:08 XenophonF you mean, aslide from the release notes?
03:09 XenophonF 2015.08 isn't that old
03:11 gnomethrower XenophonF: There's a lot of release notes...
03:11 gnomethrower or are you saying I could get away with just reading the release notes for major versions?
03:12 XenophonF point releases are just bugfixes iirc
03:12 XenophonF is your salt-master config salted?
03:12 gnomethrower i think so
03:12 gnomethrower not sure yet, pretty new to this environment :)
03:12 XenophonF if so just deploy a new dev master on 2015.08, deploy a dev minion on 2015.08, and upgrade them, see what breaks
03:13 gnomethrower we have a pretty sprawly infrastructure
03:13 XenophonF if your salt master is a VM and you don't mind breaking production briefly, snapshot it, upgrade, test, revert if necessary
03:13 gnomethrower it's not quite as simple as that - I need to spawn up a bunch of different types of machines
03:13 gnomethrower in order to properly test the upgrade
03:14 XenophonF true, you need to lint your config
03:15 XenophonF or you use grep/awk to get all the state module/exec module function names, | sort | uniq, and test enough different combos that you cover every function you call
03:15 gnomethrower interesting
03:15 gnomethrower well, my workstation has 32GB of RAM
03:15 XenophonF i mean
03:15 XenophonF your CM tooling isn't exactly mission critical, you know?
03:16 XenophonF well
03:16 gnomethrower I was thinking of just spinning up all known node configurations as VMs with 1GB of RAM each
03:16 XenophonF it might be but mine isn't ;)
03:16 XenophonF you also can do things like `salt-call state.highstate test=True`
03:17 gnomethrower oh, like a dry run?
03:17 XenophonF that will show you breakage without touching the minion
03:17 XenophonF yup
03:17 XenophonF again, snapshot the master (assuming it's a VM), upgrade it, do `salt \* state.highstate test=True`, see what comes back
03:18 XenophonF like i said, that's assuming your CM tooling isn't mission-critical
03:19 XenophonF if it is, then obvs you have to be more careful and run that all in a proper test environment
03:20 gnomethrower yes, ours is mission-critical.
03:20 gnomethrower I'd like to change that at some point, but it is what it is :)
03:21 XenophonF that's not necessarily a bad thing
03:21 gnomethrower ultimately I'd like to get to a sort of immutable-infrastructure system
03:21 gnomethrower where no machine is older than 1 month
03:21 gnomethrower and we're constantly throwing away and rebuilding machines
03:21 gnomethrower since VMs are cheap :P
03:21 XenophonF yu
03:22 XenophonF geez what's wrong with my keyboard tonight?
03:22 gnomethrower then I'd have a copy of the whole INFRA, albeit less powerful, on my workstation
03:22 * whytewolf would love to build a system where that was possable. but I tend to need things like a RDBMS that well doesn't play nice with deleteing and readding servers willy nilly
03:22 * XenophonF inspects the connection between the chair and the keyboard
03:22 gnomethrower and I could test this stuff with no risk
03:22 gnomethrower whytewolf: yeah... well, my solution would be to use Percona XtraDB Cluster
03:22 dendazen joined #salt
03:22 XenophonF yeah databases and file servers are mutable by definition
03:22 gnomethrower and throw away and rebuild one DB server per week :P
03:23 whytewolf yeah even using a gallera like cluster, you still have issues with deleting and adding new servers
03:23 whytewolf it isn't like elasticsearch
03:23 gnomethrower it's kind of a dream. we're at least a year away from that dream at $workplace
03:23 gnomethrower yeah, true...
03:24 gnomethrower I don't know. I'm kind of inspired by Chaos Monkey
03:24 gnomethrower and stuff like that
03:24 gnomethrower anyways I'm way off topic :)
03:24 whytewolf yeah you know how that works? netflix doesn't use a RDBMS and the file storage is s3 based
03:25 whytewolf there backend database is cassandra
03:25 gnomethrower yep, all true...
03:25 whytewolf s/there/their
03:25 gnomethrower I'm aware Netflix has a very different/special setup
03:25 gnomethrower not saying it's easy to rebuild RDBMS and fileservers etc
03:26 whytewolf well to get to what you are talking about. easy to rebuild is mandatory
03:26 gnomethrower example, we'll probably have a LizardFS shared storage cluster at work at some point
03:26 gnomethrower I doubt I'll be able to cycle the chunkservers as often as I'd like to
03:26 * whytewolf likes gluster and ceph
03:26 gnomethrower gluster is bleh
03:26 gnomethrower ceph is going to be good someday though
03:28 gnomethrower at $oldemployer we migrated from Gluster to LizardFS about 4-5 months ago
03:28 gnomethrower very happy with the move
03:28 hemebond Ceph is scary.
03:28 gnomethrower hemebond: My impression with Ceph
03:28 gnomethrower is that if you have plenty of fast, modern hardware
03:28 gnomethrower and a person to work on just Ceph and CephFS 40 hours a week
03:29 whytewolf humm. ceph actually was very easy
03:29 gnomethrower dedicated JUST to Ceph
03:29 gnomethrower you'll be able to run it and be very, very happy with it
03:29 gnomethrower anything short of that and it will be a miserable failure
03:29 whytewolf I used to manage a cech cluster as part of an openstack setup
03:29 hemebond It _can_ be easy, unless you try to do things manually.
03:29 gnomethrower that's just my impression
03:29 gnomethrower whytewolf: I feel the same way about OpenStack, incidentally
03:29 hemebond That's where I had problems.
03:29 whytewolf so you are highly opinionated :P
03:30 DEger joined #salt
03:30 whytewolf honestly I love openstack and run a highly stable openstack cluster at home
03:30 rimk joined #salt
03:31 whytewolf i don't use vendors i built my own deployment scripts for it
03:31 whytewolf [useing salt of coarse]
03:32 gnomethrower whytewolf: yes, I'm quite opinionated :P
03:32 gnomethrower did I say I wasn't?
03:32 whytewolf :P
03:33 gnomethrower my dream @ $workplace is probably going to be OpenNebula + LizardFS, or Kubernetes + etcd + LizardFS
03:33 gnomethrower but possibly both
03:33 hemebond No Salt?
03:33 whytewolf ... sooo you want openstack under a different name.
03:33 gnomethrower salt everywhere
03:33 whytewolf [openNebula is openstack]
03:33 hemebond What's the reason for etcd and Kubernetes if you have Salt?
03:33 gnomethrower whytewolf: Citation needed for that..
03:34 whytewolf Kubernetes is done with salt so meh
03:35 gnomethrower whytewolf: OpenNebula is most definitely NOT OpenStack-based
03:35 whytewolf oh wait was thinking of a different product that is relabeled as openstack
03:35 gnomethrower unless you're saying it's a ripoff of OpenStack
03:35 gnomethrower were you thinking Apache CloudStack?
03:35 whytewolf no cloudstack isn't openstack
03:35 DEger joined #salt
03:35 gnomethrower hmm.
03:36 whytewolf Eucalyptus i think
03:36 hemebond Isn't Eucalyptus like EC2?
03:36 hemebond Like, a self-hosted version of AWS?
03:36 whytewolf openstack does ec2 calls
03:37 gnomethrower hemebond: basically, yes
03:37 thebinary joined #salt
03:37 gnomethrower it has a major focus on being AWS-compatible.
03:38 sh123124213 joined #salt
03:39 onlyanegg joined #salt
03:45 gnomethrower hemebond: Salt and etcd/Kubernetes are complementary imo
03:46 gnomethrower honestly i'll just try it and see what feels best for each task
03:46 thebinary joined #salt
03:46 hemebond I haven't yet figured out where I would even use etcd/kubernetes.
03:46 hemebond I've looked several times but I can usually see a way to use Salt instead.
03:46 gnomethrower I want to use it to build a distributed, HA cluster of webservers
03:46 gnomethrower with plenty of marketing terms
03:47 hemebond lol
03:47 gnomethrower (when I say "webservers" I really mean a stack of nginx, Varnish, haproxy, PHP7.1 and MariaDB)
03:48 gnomethrower and i want to run as much of it as I can in easy to replace containers
03:50 hemebond Sure. What does etcd/kubernetes give you?
03:51 gnomethrower hemebond: I haven't really researched it enough to say for sure.
03:51 hemebond Ah
03:51 gnomethrower I may end up with Docker + Salt filling the same role.
03:51 gnomethrower I want to try Kubernetes mainly because it "feels" that that's where the industry is headed
03:51 gnomethrower in the same way that I feel Ceph is headed towards being the dominant distributed FS in a few years
03:52 gnomethrower (even if I don't like it much yet)
03:58 jas02 joined #salt
04:01 scsinutz joined #salt
04:04 spuder joined #salt
04:07 ivanjaros joined #salt
04:09 edrocks joined #salt
04:17 orionx joined #salt
04:18 frew joined #salt
04:25 spuder joined #salt
04:33 k_sze[work] joined #salt
04:38 mpanetta joined #salt
04:46 scsinutz joined #salt
04:47 k_sze[work] joined #salt
04:55 dendazen joined #salt
05:00 rimk joined #salt
05:03 nickabbey joined #salt
05:03 evle joined #salt
05:13 PatrolDoom joined #salt
05:17 krymzon joined #salt
05:18 jimklo joined #salt
05:28 icebal joined #salt
05:47 justanotheruser joined #salt
05:48 hasues left #salt
06:19 Sammichmaker joined #salt
06:19 Sammichmaker joined #salt
06:28 jas02 joined #salt
06:39 gladia2r joined #salt
06:41 sh123124213 joined #salt
06:42 gladia2r joined #salt
06:42 DEger joined #salt
06:51 zulutango joined #salt
06:59 puzzlingWeirdo joined #salt
07:03 jas02 joined #salt
07:03 DEger joined #salt
07:03 felskrone joined #salt
07:05 puzzlingWeirdo joined #salt
07:07 jimklo joined #salt
07:08 sh123124213 joined #salt
07:09 saintromuald joined #salt
07:11 edrocks joined #salt
07:14 Inveracity joined #salt
07:16 rimk joined #salt
07:18 jeddi joined #salt
07:20 moeyebus9 joined #salt
07:32 sh123124213 joined #salt
07:35 darioleidi joined #salt
07:39 darioleidi joined #salt
07:50 colttt joined #salt
08:04 nickabbey joined #salt
08:05 babilen joined #salt
08:06 jas02 joined #salt
08:07 colttt joined #salt
08:12 JohnnyRun joined #salt
08:16 jas02 joined #salt
08:17 AndreasLutro I wish there was a way to specify optional onchanges so that it wouldn't error if I specify states that aren't part of the highstate
08:17 gmoro joined #salt
08:18 onlyanegg joined #salt
08:26 hemebond Two states?
08:27 dariusjs joined #salt
08:40 jas02 joined #salt
08:45 Firewalll joined #salt
09:00 rimk joined #salt
09:01 AndreasLutro what do you mean by that hemebond?
09:01 hemebond What about having two states that do the same thing but have different requisites.
09:02 AndreasLutro https://bpaste.net/show/559e2b85b328 this is what I want to do
09:02 AndreasLutro but it will fail if there are no user states as part of the current highstate
09:03 Reverend hemebond: i have been meaning to thank you for that gist re two highstates when a server turns on. Had to do a bit of butchery with some help from babilen... but got there in the end :)
09:03 mikecmpbll joined #salt
09:03 hemebond Reverend: Was that the sync_grains followed by the highstate?
09:03 saintromuald joined #salt
09:04 Reverend no i had to run two highstates :/
09:04 Reverend but essentialy the same thing
09:04 Reverend in terms of automation
09:04 hemebond Ah okay. Glad my code helped somehow ☺
09:06 impi joined #salt
09:06 krymzon joined #salt
09:10 candyman88 joined #salt
09:13 edrocks joined #salt
09:14 jas02 joined #salt
09:14 dariusjs joined #salt
09:17 awpti joined #salt
09:19 onlyanegg joined #salt
09:27 jhauser joined #salt
09:27 wnkz joined #salt
09:28 whytewolf AndreasLutro: how about the user changes having onchanges_in
09:30 candyman88 joined #salt
09:31 AndreasLutro yeah that's what I ended up doing, but it's still ugly, mostly because rkhunter isn't installed everywhere
09:33 AndreasLutro https://bpaste.net/show/0280a7e10833 for example
09:33 hlub any ideas how to use kitchen within a virtual machine? vagrant with virtualbox does not work (at leasti with 64-bit boxes), vagrant with libvirt is not supported in kitchen and docker cannot run services.
09:34 whytewolf ahh yeah that is still kind of ugly. also wild cards are supposed to work, but i don't think they work if the entire thing is a wildcard
09:35 whytewolf never really tried them
09:36 gnomethrower stupid thought of the day: "Why do meteors always land in craters?"
09:37 teclator joined #salt
09:44 AndreasLutro whytewolf: I use them quite often, the wildcard will fail if no states match the wildcard
09:48 whytewolf ahh, that does make sense though. since it still needs to try to match onchanges to something since it is listed.
09:49 whytewolf okay, i need to head to bed
09:49 whytewolf it is almost 2am and i have to work
09:54 babilen sleep well
09:58 TyrfingMjolnir joined #salt
10:00 colttt joined #salt
10:01 yuhl______ joined #salt
10:04 toanju joined #salt
10:06 nickabbey joined #salt
10:06 ivanjaros joined #salt
10:11 Heartsbane joined #salt
10:19 achedeuzot joined #salt
10:24 bd gnomethrower: that's not stupid. that's an class a show thought.
10:25 gnomethrower :)
10:35 gmoro joined #salt
10:41 alexlist joined #salt
10:43 alexlist joined #salt
10:44 alexlist joined #salt
10:53 alexlist joined #salt
10:58 alexlist joined #salt
10:59 dariusjs joined #salt
11:02 alexlist joined #salt
11:09 alexlist joined #salt
11:11 alexlist joined #salt
11:15 alexlist joined #salt
11:19 onlyanegg joined #salt
11:21 colegatron joined #salt
11:23 evle joined #salt
11:26 impi joined #salt
11:28 dariusjs joined #salt
11:29 _Cyclone_ joined #salt
11:32 ivanjaros3916 joined #salt
11:32 TyrfingMjolnir joined #salt
11:38 _Cyclone_ joined #salt
11:42 Hybrid joined #salt
11:45 inad922 joined #salt
12:15 edrocks joined #salt
12:26 darioleidi_ joined #salt
12:29 shoemonkey joined #salt
12:33 candyman88 joined #salt
12:38 alex-zel joined #salt
12:39 alex-zel Hello, I'm having some issues with a salt state, https://gist.github.com/alex-zel/6cf6d0c38d35d3c13b6e173f74d51137
12:39 bwellsnc joined #salt
12:40 alex-zel I'm creating a keypair for root user, and then using that key in a reactor to add it to another host, the problem is if the host doesn't have a keypair already the state will fail when rendering the jinja context
12:41 alex-zel If i'll user 'include' of some other prerequisites the can create the keypair before rendering jinja?
12:53 cyborg-one joined #salt
13:00 hemebond alex-zel: No, jinja is rendered before anything else.
13:03 gableroux joined #salt
13:05 Brew joined #salt
13:20 onlyanegg joined #salt
13:27 besideyou joined #salt
13:30 edrocks joined #salt
13:35 edrocks joined #salt
13:41 tkharju joined #salt
13:41 gableroux joined #salt
13:41 dendazen joined #salt
13:47 o1e9 joined #salt
13:48 numkem joined #salt
13:48 edrocks joined #salt
13:56 mage_ any idea how can I get a list of all minions in a state file?
13:56 BX joined #salt
13:56 AndreasLutro mine.get
13:57 mage_ thanks :)
13:57 BX Hi, I'm looking for a way to insert a pause/delay/sleep between functions in a salt state. Can't find an appropriate state module
13:58 baikal joined #salt
14:00 toanju joined #salt
14:05 _JZ_ joined #salt
14:07 swills joined #salt
14:08 nickabbey joined #salt
14:10 besideyou exit
14:10 besideyou exit
14:11 AndreasLutro sudo exit
14:11 jas02 joined #salt
14:12 mage_ si I have to add something to mine_functions to get the id ?
14:13 mage_ something like: mine_function: grains.get: minion_id ..?
14:15 mage_ ok found it :p
14:23 sh123124213 joined #salt
14:30 edrocks joined #salt
14:31 PatrolDoom joined #salt
14:40 PatrolDoom joined #salt
14:51 onlyanegg joined #salt
14:51 PatrolDoom joined #salt
14:55 zionsofer joined #salt
14:57 zionsofer Hi, Im trying to use multiple pillar environments by using pillar_roots and passing a pillarenv parameter to state.sls module. However this doesn't seem to work for me.
14:57 jeffspeff joined #salt
15:01 zionsofer Check out this gist: https://gist.github.com/zizkebab/52b00e4257c10e4f47d6790e967fb71a
15:02 zionsofer I expected foobar pillar to be available only on pillarenv=test, but it's available on either base or test
15:02 zionsofer Does that make any sense?
15:07 racooper joined #salt
15:08 tapoxi joined #salt
15:08 onlyanegg joined #salt
15:10 bmac2 joined #salt
15:13 BernhardG joined #salt
15:18 BernhardG Hi, I have a question about pillar matching: Is it possible/intended to match against a pillar in the pillar top file? Why? I would like to match some ssh public keys to many hosts (or groups of hosts).
15:19 cmek_ BernhardG: it is possible
15:20 cmek_ BernhardG: one way of doing that is using ext_pillar
15:21 cmek_ BernhardG: and setting ext_pillar_first to True
15:21 pissoff joined #salt
15:22 cmek_ BernhardG: that way you'll have some data populated and available from pillar in your top.sls
15:22 onlyanegg joined #salt
15:23 dariusjs joined #salt
15:23 cyborg-one joined #salt
15:23 BernhardG cmek_, sounds really good. I will have a look into it. Because in my first test I got an error message: Got a bad pillar from master, type str, expecting dict
15:25 Tanta joined #salt
15:25 cmek_ BernhardG: I've done it using a really small pillar module so we can match by roles in our pillar top.sls
15:26 cmek_ BernhardG: something tells me there could be a better or built in solution to do that. ;)
15:26 cmek_ I think there's something that salt openstack guys use, but I don't remember what it's called
15:27 BernhardG cmek_, that sounds like the thing I would like to do. If a host has the role 'webserver' and a user is 'webdeveloper' - the SSH-Key should be deployed there.
15:28 zer0def uh, is there a way to run a runner within a reactor sls?
15:28 BernhardG cmek_, I also would think that this could be a basic function in Salt.
15:29 cmek_ BernhardG: if I remember correctly I just followed instructions here: https://docs.saltstack.com/en/latest/topics/development/external_pillars.html
15:30 BernhardG cmek_, I just got to that page too. I will try it.
15:33 daxroc Can you up the batch number on a running job ?
15:44 PatrolDoom joined #salt
15:52 jas02 joined #salt
15:53 sarcasticadmin joined #salt
15:54 DammitJim joined #salt
15:59 tiwula joined #salt
16:04 WesleyTech joined #salt
16:09 orionx joined #salt
16:14 orionx_ joined #salt
16:19 dave_angeleno joined #salt
16:23 jimklo joined #salt
16:24 impi joined #salt
16:27 gtmanfred zer0def: yes
16:28 spuder joined #salt
16:28 gtmanfred zer0def: runner.<module>.<function>
16:28 gtmanfred daxroc: i would be very surprised if you could
16:29 orionx joined #salt
16:30 zer0def gtmanfred: i guess i should've been clearer - can i call a runner from jinja defined in a reaction?
16:30 zer0def meaning something like: `{{ runner['jobs.active']() }}`
16:31 gtmanfred zer0def: they should be in salt https://docs.saltstack.com/en/latest/topics/reactor/#jinja-context
16:33 raspado joined #salt
16:33 zer0def gtmanfred: would there be any easy way to list the entirety of context's dictionary?
16:34 gtmanfred https://docs.saltstack.com/en/latest/topics/jinja/index.html#debugging
16:35 gtmanfred show_full_context
16:35 zer0def actually, i've overlooked: "The salt object is available for calling Runner and Execution modules but it should be used sparingly and only for quick tasks for the reasons mentioned above", just need to figure out how to run a runner from salt's object
16:37 gtmanfred {{salt['cache.grains'
16:37 gtmanfred {{salt['cache.grains']('tgt')}}
16:37 gtmanfred just like you would usually, just specify the runner module
16:38 sarcasticadmin joined #salt
16:38 DEger joined #salt
16:43 tapoxi how do you guys set hostname in salt-cloud? I'm using salt.states.network.system but it doesn't seem to take effect
16:44 gtmanfred are you trying to do it on windows?
16:44 gtmanfred if it is on linux, whatever you pass as the name of the machine should be set as the hostname by the cloud provider
16:45 tapoxi gtmanfred: in AWS it just comes up with the ip as name, so I'm trying to run this as part of my highstate: https://hastebin.com/ojocezecim.php
16:45 tapoxi but it doesnt seem to do anything
16:45 Hybrid joined #salt
16:46 gtmanfred ahh, yeah ec2, i have never tried to do it on ec2, but that state looks right from the documentation
16:47 gtmanfred i know we set the name tag on the server. you might try pulling that data from the metadata server.
16:48 gtmanfred ¯\(°_o)/¯
16:49 tapoxi yeah the name tag is set properly, the hostname just looks weird
16:50 tapoxi also my nova boxes end up with .novalocal at the end of their fqdn, which is odd
16:51 Reverend tapoxi: are you trying to set the minion ID?
16:51 Reverend sorry im just catching the tail end of this convo
16:54 ivanjaros joined #salt
16:55 zer0def gtmanfred: just double-checked and i'm getting a `SaltRenderError: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'cache.grains'`
16:57 gtmanfred hrm, the docs clearly say runners should be available in the reactor jinja
16:57 kiltzman joined #salt
16:57 tapoxi Reverend: setting the hostname to the minion id
16:57 tapoxi my minion ids are all FQDNs
16:58 gmacon do we have any hints as to when 2016.11.3 will be released?
16:59 gtmanfred it hasn't been tagged yet
16:59 gtmanfred but soon? https://github.com/saltstack/salt/pull/39451
16:59 saltstackbot [#39451][OPEN] add 2016.11.3 changelog to release notes | 2016.11.3 changelog add to the 2016.11.3 release notes
17:00 gmacon thanks
17:00 onlyanegg joined #salt
17:01 gtmanfred zer0def: can you check {{runner['cache.grains']...}}?
17:01 scsinutz joined #salt
17:02 zer0def gtmanfred: undefined var
17:04 zer0def gtmanfred: a workaround is to call `{{ salt['saltutil.runner'](<runner_func>)(<runner_func_args>) }}`
17:04 gtmanfred yeah, i guess... that is annoying though
17:05 zer0def i'll take it regardless of form :)
17:05 gtmanfred yeah, one thing to note, the saltutil.runner only takes kwargs, and with some runners, there are not kwargs and things require args, like the survey runner
17:07 zer0def wouldn't prefixing it with an appropriate kwarg name solve the issue?
17:07 gtmanfred nope, because it requires them to be args, it pulls the data from *args
17:07 zer0def i see
17:07 Reverend tapoxi: yeah. do you want my code?
17:07 Reverend this was the neatest way i could find
17:08 Reverend I use the EC2 tags.. but any grain data will do the trick
17:08 gtmanfred zer0def: https://github.com/saltstack/salt/blob/develop/salt/runners/survey.py#L149
17:08 zer0def yeah, just noticed it in the documentation
17:08 tapoxi Reverend: sure, thanks!
17:09 zer0def i guess i ought to type out a ticket about running runners in reaction jinjas and get slapped with something obvious from whoever replies - thanks gtmanfred :)
17:09 Reverend tapoxi: np gimme a sec. just fixing something for a go live.
17:09 Hybrid1 joined #salt
17:10 Hybrid joined #salt
17:10 gtmanfred zer0def: gimme a minute, i am discussing it in our slack
17:11 Reverend tapoxi: https://hastebin.com/elizaneduv.pl
17:11 Reverend thats how I do it. just bear in mind that minions DO NOT reply
17:11 Reverend that's in my 'first run' highstate, so that any future highstates don't brel
17:11 Reverend brek*
17:12 Reverend gtmanfred: there's a salt slack? :o canhazjoin?
17:12 tapoxi Reverend: ahh I'm trying to do the other way around
17:13 Reverend tapoxi: i think the issue you have is once you turn on the server, the minion_id is written, and that's it
17:13 Reverend (based on the FQDN)
17:13 Reverend you actually don't need to change the FQDN, but the minion_id file itself :) and that'll be as permanent as you can get (is)
17:13 Reverend ish*
17:13 tapoxi right. salt-cloud sets the minion id and aws tag properly, but the hostname itself isn't set to either
17:13 Reverend yarp
17:13 Reverend it's a one way street
17:13 tapoxi but if I grains.get minion_id it looks correct
17:13 tapoxi so I don't know whats going on
17:14 tapoxi I think states.network just isn't setting it properly somehow
17:14 Lionel_Debroux joined #salt
17:14 Reverend huh... weird. really?
17:14 tapoxi I've been hacking it by doing cmd.run 'hostname ctl set-hostname blah'
17:14 tapoxi I've been hacking it by doing cmd.run 'hostname ctlset-hostname blah'
17:15 tapoxi yeah
17:15 gtmanfred Reverend: no, it is interal
17:15 gtmanfred internal
17:15 tapoxi Reverend: if you're in the boston area we have a small slack/semi users group
17:16 Reverend gtmanfred: oh, so not a salt slack? :) i thought I was missing out on gold xD
17:16 Reverend but if so... sadfaces everywhere
17:16 Reverend tapoxi: im allll the way int he uk chap :L
17:17 gtmanfred zer0def: yeah, open a ticket with a link to that documentation
17:17 sh123124213 joined #salt
17:18 nickabbey joined #salt
17:20 MConceicao joined #salt
17:20 tapoxi gtmanfred: if I migrate pillar to a _pillar dir and store it in gitfs, it isn't accessible from the fileserver right?
17:21 tapoxi same with say _runners
17:21 PatrolDoom joined #salt
17:21 gtmanfred did you run salt-run saltutil.sync_all sync_pillar or sync_runners?
17:22 raspado gtmanfred: i think you provided some feedback yesterday on modifying the backup script that runs in salts scheduler, I see this file in two locations, modify the extmods one right? I see it in /var/cache/salt/minion/extmods/modules and /var/cache/salt/minion/files/prod/_modules/backup.py
17:23 gtmanfred extmods is the one that salt uses
17:23 raspado got it thx
17:31 zionsofer When having mutiple pillar environments, do I need a top file on each pillar_root ?
17:31 shanathon joined #salt
17:32 gtmanfred yes
17:32 gtmanfred you used to not have to, but that was a bug in the way it was behaving, it was never meant to work that way
17:32 WesleyTech_ joined #salt
17:32 shanathon I have a question about parameterizing secure data in the state files. I came across this article here: https://docs.saltstack.com/en/latest/topics/best_practices.html
17:33 gtmanfred zionsofer: https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-top_file_merging_strategy
17:33 shanathon which suggests storing the data in pillar files and goes on to say "  Access to users who should not be able to review these details can also be prevented while ensuring that they are still able to write states which take advantage of this information."
17:34 shanathon but it doesnt say how? I dont see how storing the secure data in a pillar is different then storing in a state files I guess.
17:35 Reverend right guys - order of precedence in a 4 statement jinja if.
17:35 gtmanfred so, you don't have to give the user write access to the pillar data, but if they know the structure and what key it is stored in, they can write a state that uses it
17:35 raspado to run the job manually, do I call it by the name of the job or the function?
17:35 Reverend I have an `if x and y and z or a` and need to make it `if (x and y) and (z or a)` < -- how do
17:36 gtmanfred raspado: what do you mean by job?
17:36 gtmanfred Reverend: with parenthesis just like you did
17:36 Reverend oh
17:36 Reverend haha
17:36 Reverend <3
17:36 tapoxi gtmanfred: yeah it should be available that way, but pillar data is readable only by machines that match in the topfile right? could an evil client read the pillar if its stored in a _pillar dir?
17:36 Reverend sorry - I'm working on a live system and don't wanna explode shit :P
17:37 raspado gtmanfred: http://pastebin.com/2s4C00Yd under schedule, the name "backup" or should i run the job by the function within the backup job? "backup.run_backup"
17:37 gtmanfred raspado: you cannot trigger a run of the job in the schedule
17:37 gtmanfred run what it has configured
17:37 gtmanfred salt \* backup.run_backup
17:38 gtmanfred tapoxi: if it is in _pillar, it is an external pillar, and you would have to configure that, and then the data is returned based on the minion_id that is sent.
17:39 shanathon @gtmanfred - so to summarize, storing the data in pillar is not really that much more secure if the end users know which directories to look in
17:39 gtmanfred which it would need the correct minion key to authenticate as the minion_id
17:39 twiedenbein joined #salt
17:39 raspado i see
17:39 tapoxi gtmanfred: got it thanks
17:39 raspado thx gtmanfred
17:39 gtmanfred shanathon: only if they have access to the master.  Which if you only give them access to a git repository, and have salt gitfs pull it down, then they don't need access to the master
17:39 raspado so on the local minion just run salt-call backup.run_backup ?
17:40 shanathon ok
17:40 gtmanfred in the end, they could still do a pillar.items, but you could also block that off using publisher acls, and only let them run certain commands as their user
17:40 gtmanfred shanathon: https://docs.saltstack.com/en/latest/ref/publisheracl.html
17:40 shanathon thank you @gtamanfred
17:40 SaucyElf joined #salt
17:42 numkem joined #salt
17:42 gtmanfred np
17:43 mikecmpbll joined #salt
17:44 onlyanegg joined #salt
17:53 XenophonF I don't understand this error returned by salt-cloud: TypeError: encode() argument 1 must be string, not None
17:53 XenophonF http://ix.io/bna
17:53 dyasny joined #salt
17:53 XenophonF Clearly the call to RunInstances is failing, but salt-cloud can't tell me why.
17:53 zer0def gtmanfred, for reference: https://github.com/saltstack/salt/issues/39454
17:53 saltstackbot [#39454][OPEN] Inability to cleanly call runner functions in reactor SLS'/reaction's jinja | After consulting with @gtmanfred over IRC, we've noticed that the documentation specifies one could call execution and runner modules from within reactions: https://docs.saltstack.com/en/latest/topics/reactor/#jinja-context...
17:53 dyasny joined #salt
17:54 zer0def let me know if i left out something important
17:54 XenophonF hm, this might be related: https://github.com/saltstack/salt/issues/38287
17:54 saltstackbot [#38287][OPEN] Salt-Cloud failing to deploy to EC2 -- "There was a profile error: encode() argument 1 must be string, not None" | Description of Issue/Question...
17:56 vexati0n_ joined #salt
17:56 tapoxi I hit that yesterday
17:56 tapoxi the patch provided in the bug report worked for me
17:57 XenophonF cool
17:58 PatrolDoom joined #salt
17:58 zer0def gtmanfred: speaking of #39454, how would calling execution modules be helpful in a reaction context, when it's being ran on a master?
18:00 gtmanfred zer0def: /shrug
18:01 zer0def might be that it's just a slight oversight and nothing more
18:03 IvanSim joined #salt
18:09 swills joined #salt
18:15 IvanSim Hi, I have created a formula for CockroachDB. How do I go about contributing it to the GH saltstack-formula org?
18:18 WesleyTech_ joined #salt
18:20 ekristen joined #salt
18:20 edrocks joined #salt
18:23 uncool IvanSim: just post a message here (https://groups.google.com/forum/#!forum/salt-users) with the GH link asking for inclusion. it worked for me.
18:29 onlyanegg joined #salt
18:31 IvanSim uncool: Got it
18:31 ChubYann joined #salt
18:40 Edgan joined #salt
18:41 jas02 joined #salt
18:42 jas02 joined #salt
18:50 spuder_ joined #salt
18:54 cyborg-one joined #salt
18:54 scsinutz joined #salt
18:56 raspado hmmm so if i start the salt-minion, will it refresh update itself with the salt master?
18:59 raspado or in otherwords, do a highstate
19:02 raspado crap, yes it does -_-
19:05 rubenb Hi. Was wondering. is {%if salt['pillar.get']('key') is not defined %} valid syntax?
19:05 raspado i attempted to disable the job but it still says enabled: true, is this a bug? http://pastebin.com/6FgSd8ze
19:06 raspado in the minion log, I see "[salt.utils.schedule][INFO    ][24874] Disabling job highstate in scheduler"
19:08 sh123124213 joined #salt
19:09 onlyanegg joined #salt
19:09 jas02_ joined #salt
19:11 PatrolDoom joined #salt
19:14 debian112 left #salt
19:21 mpanetta joined #salt
19:27 jmedinar joined #salt
19:29 jmedinar How can I pass a variable to a salt-call as argument?
19:29 jmedinar salt-call event.send '/salt/monitor/alert/history' '{key1: $test, key2: $test2}'
19:29 PatrolDoom joined #salt
19:31 sjorge joined #salt
19:31 sjorge joined #salt
19:33 jmedinar double quotes..
19:33 XenophonF well it looks like that bad error message hid the fact that i was using the wrong security group ID (specified an AMI ID instead of a SG ID)
19:50 Trauma joined #salt
19:50 raspado question, if i disable a job via schedule.disable_job <jobname>, is that job supposed to re-enable itself when the minion is restarted?
19:50 raspado or should it stay disabled until its re-enabled again?
19:50 SaucyElf_ joined #salt
19:50 raspado or when a highstate is kicked off?
19:51 githubcdr joined #salt
19:52 jas02 joined #salt
19:52 githubcdr Hi
19:53 githubcdr anyone here using tcp transport option in Saltstack?
19:53 githubcdr minions don't reconnect when the salt master is restarted, anyone ran into this issue?
19:53 gtmanfred rubenb: you want `pillar.foo.bar.baz is not defined`
19:55 gtmanfred raspado: it depends on how the schedules are configured.  If it is configured with pillars, it could be reenabled when the pillars refresh
19:57 rubenb gtmanfred: Thanks, I tried to google the 'is not defined' syntax, but couldn;t really find anything.
19:58 gtmanfred rubenb: http://jinja.pocoo.org/docs/2.9/templates/#tests
19:58 raspado gtmanfred: its just configured through the salt states
19:59 gtmanfred then i would guess that you should be able to disable it, assuming that the states do not run on the minion start with startup_states
19:59 jas02 joined #salt
19:59 raspado kk
20:02 githubcdr all disconnected minions end with same log entry; "SaltClientError: Attempt to authenticate with the salt master failed with timeout error", I would expect a reconnect but this never happens :(
20:08 raspado how can i remove an empty grain
20:08 raspado grains.remove <grain_name> asks for 2 arguments but this grain has no value
20:12 ThomasJ joined #salt
20:12 jas02 joined #salt
20:24 akoumjian joined #salt
20:27 githubcdr @raspado add destructive=True
20:29 snarfy^ joined #salt
20:29 snarfy^ left #salt
20:31 jas02 joined #salt
20:39 PatrolDoom joined #salt
20:46 faggy joined #salt
20:46 faggy left #salt
20:48 gmoro_ joined #salt
20:55 scsinutz joined #salt
20:55 sh123124213 joined #salt
21:20 nickabbey joined #salt
21:32 jas02 joined #salt
21:33 Praematura joined #salt
21:34 jgarr joined #salt
21:35 jgarr anyone using the slack engine for salt? trying to figure out what type of token I should generate for the engine. Bot token? does it matter? ping Gareth
21:37 edrocks joined #salt
21:40 djgerm whaaaaat? slack engine!?!
21:40 bantone I was thinking the same thing
21:40 bantone salt.engines.slack module?
21:40 bantone wooo must be new
21:44 * jgarr is trying to figure out how to make it work
21:45 mikecmpbll joined #salt
21:45 jgarr it says it'll work on minion or master but I'm not sure how commands will work from a minion
21:47 djgerm salt-call maybe
21:48 jgarr I just keep getting "Using salt is not allowed" but not sure why
21:50 saltednight joined #salt
21:50 saltednight hello
21:50 lorengordon joined #salt
21:51 saltednight is there any way to read multi pillar data at once in salt
21:51 hemebond "multi pillar data" is what exactly?
21:52 saltednight http://pastebin.com/UhjFXq6T
21:52 saltednight i would read this data at once in salt
21:52 hemebond salt['pillar.get']('data')
21:57 sh123124213 joined #salt
21:58 saltednight himm
21:58 saltednight http://pastebin.com/vMhC3mti
21:58 beardedeagle joined #salt
21:58 saltednight i mean exatctly like this link below
21:58 hemebond Take off the trailing :
21:59 hemebond salt['pillar.get']('device:storage')
21:59 saltednight it is returned failed
21:59 saltednight him wait please
21:59 hemebond Also, you are getting a list, so you need a FOR loop.
21:59 beardedeagle does anyone know if there is a linter for salt that can be used with jenkins?
22:00 hemebond {% for d in salt['pillar.get']('device:storage') %} {{ d }} {% endfor %}
22:00 saltednight but i belive that i should have take read all data at once without use loop
22:00 saltednight i am trying
22:00 Gareth jgarr: ahoy
22:01 jgarr yay! where can I get logs from the slack engine?
22:01 Gareth master log.
22:01 saltednight saltednight: it is still returns an error like this
22:01 jgarr what about when it's run from a minion?
22:02 ekristen I’m writing a module and state, if I need the module to do requests to an HTTP endpoint and track some metadata per request so that future calls using states can detect if there is a change or not, is there a preferred way of storing this metadata per minion?
22:02 saltednight http://pastebin.com/9Gp6wHF4
22:02 Gareth jgarr: should be the minion log.
22:02 jgarr I didn't see anything in the minion log. Bot was printing "Using salt is not allowed." I'm guessing I should just put it on the master. I just didn't want to restart the master service
22:03 Gareth jgarr: What are you calling when you get that message?
22:03 Gareth exact text.
22:03 hemebond saltednight: Show me your new state.
22:04 jgarr !salt test.ping I also tried !salt 'node' test.ping from my user. user and command were set as allowed in the config
22:05 saltednight hemebond: yes it is working as well
22:05 saltednight thanks
22:05 hemebond ????
22:06 saltednight spasiba
22:06 Gareth jgarr: remove salt.  just !test.ping
22:06 jgarr ohhhhhh, let me try
22:08 Gareth jgarr: my work in progress branch has the ability to change the trigger :)
22:09 jgarr do I need to set up aliases for setting target filters? (grains etc)
22:09 scsinutz joined #salt
22:12 Gareth jgarr: good question. :) I need to run out for an appointment...but I can look back at the code later.
22:12 jgarr ok thanks, I'll play with it some more
22:12 jgarr anyone know if there's a way to reload master config without restart? kill -usr1?
22:13 scsinutz joined #salt
22:14 beardedeagle or what are people doing to test their states? not talking about infra tests via serverspec or testinfra. actually testing their state code.
22:15 Sketch test=True ?
22:16 Sketch doesn't work in all cases, obviously, but it's usually close enough
22:16 beardedeagle I mean I could install salt standalone and salt-call with retcodes
22:16 beardedeagle that would probably work
22:18 fooker joined #salt
22:19 saltednight have a good night!
22:33 jas02 joined #salt
22:37 rpb joined #salt
22:46 rpb joined #salt
22:50 bigjazzsound joined #salt
23:17 shanathon question on "salt.modules.win_system.join_domain"
23:17 shanathon account_exists (bool) -- If set to True the computer will only join the domain if the account already exists. If set to False the computer account will be created if it does not exist, otherwise it will use the existing account. Default is False
23:17 shanathon https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_system.html
23:18 shanathon im looking for the computer object to be created in my active directory users and computers.
23:18 shanathon the domain joins fine, but icant find where it created the account.
23:18 shanathon (i have the flag set to false)
23:19 hemebond It's not in Domain Computers?
23:19 hemebond Did you put in an OU?
23:19 hemebond (actually the default is Computers I think)
23:21 shanathon i did.
23:21 shanathon one sec
23:21 nickabbey joined #salt
23:22 shanathon odule.run:     - name: system.join_domain     - domain: xxxxxx.com     - username:*******    - password: ********    - account_ou: 'ou=servers,dc=xxxxx,dc=com'     - account_exists: false     - restart: true
23:22 shanathon that joins to the domain fine..let me see if it created it in computers
23:23 shanathon nope nothing in computers
23:23 shanathon in fact i searched my entire domain for my computer name. and nothing came up.
23:23 hemebond So it's not in computers and not in the OU you specified?
23:23 btorch_ left #salt
23:23 shanathon correct
23:24 hemebond Rebooted the minion?
23:24 shanathon yes after i successfully do the domain join. it auto reboots in 5 minutes
23:25 shanathon im going to try to set that flag to true and see if it does not do the domain join
23:30 shanathon so it did fail with an error...
23:30 shanathon Comment: Module function system.join_domain threw an exception. Exception: 1332
23:31 shanathon anyway to get more info on that exception ...not much more info when i google it
23:33 tkojames joined #salt
23:34 jas02 joined #salt
23:36 testuser_ joined #salt
23:36 testuser_ is it possible to network.manage a ens* interface for ubuntu 16.04?
23:38 MConceicao joined #salt
23:39 tkojames So we are moving are salt master to a different location. Some of our minions are pointing to IP instead of server name. We want to change this. I run the following command and it comes back with all the minions set to the ip but is missing the name of each minion. Is there a way to get the minion name for each as well? Command: sudo salt '*' cmd.run 'cat /etc/salt/minion' | grep "IP of Salt Master"
23:40 hemebond tkojames: Can't you just query the grains?
23:40 dendazen joined #salt
23:40 hemebond salt * grains.get master
23:41 hemebond With --output=json you could then pipe into jq to filter out the ones that are using an IP.
23:42 tkojames ahh! yes that should work great! thank you for the help.
23:43 shanathon so if debugging from the master is not giving enough info on these domain join errors.
23:43 shanathon can i get more info buy executing a similar command from the minion?
23:43 hemebond Yes
23:43 shanathon can you point me in the right direction?
23:44 hemebond salt-call state.apply mydomainjoinstate
23:44 hemebond salt-call state.apply mydomainjoinstate --loglevel=debug
23:44 hemebond I think that's right.
23:44 whytewolf or just -l debug :P
23:44 shanathon so from the master i am running this
23:44 shanathon sudo salt '*' state.apply
23:44 shanathon from the minion i can do:
23:44 hemebond Though I usually just change the minion config to enable debug mode.
23:45 hemebond salt-call state.apply -l debug
23:45 hemebond I think.
23:45 shanathon thanks!
23:45 DEger joined #salt
23:48 scsinutz joined #salt
23:58 sh123124213 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary