Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-06-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
05:15 _ilbot joined #salt
05:15 Topic for #salt is now Welcome to #salt - http://saltstack.org | 0.15.3 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
07:30 _ilbot joined #salt
07:30 Topic for #salt is now Welcome to #salt - http://saltstack.org | 0.15.3 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
08:44 _ilbot joined #salt
08:44 Topic for #salt is now Welcome to #salt - http://saltstack.org | 0.15.3 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
09:12 _ilbot joined #salt
09:12 Topic for #salt is now Welcome to #salt - http://saltstack.org | 0.15.3 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
09:14 mchype joined #salt
09:18 salty joined #salt
09:19 hazzadous joined #salt
09:20 derelm joined #salt
09:21 salty007 hi
09:23 salty007 i'm making my own salt packages in chroots. but do i really have to? since salt is all python (source) ... could i use same .debs on all deb-based distros and releases?
09:25 Furao salt in chroot?
09:25 Furao you want to manage what?
09:25 Furao the interior of the chroot only?
09:26 Furao oh sorry
09:27 Furao I misread
09:27 Furao ubuntu .deb are for upstart
09:27 Furao salt is python but it depends on zeromq which is C
09:29 jesusaurus joined #salt
09:30 __gotcha joined #salt
09:30 salty007 we have squeeze, wheezy, lucid (ubuntu) etc distros so I started building my own salt packages from github sources. i have like 7 chroots set up to build them. but since all the .debs contain the same sourcecode .py files... do i have to build them multiple times?
09:30 Furao I don't remember about squeeze and wheezy
09:30 Furao but lucid is 2.6
09:31 Furao (python 2.6)
09:31 Furao you might have to do something for distro with python 2.7
09:32 salty007 so the .debs i'm building only superficially seem similar, but there are differences and they won't work on other distros/releases?
09:37 jeddi joined #salt
09:37 salty007 for example if I build salt 0.15 .deb from github source in debian 6 which gives me salt-common_0.15.0-1_all.deb (etc) then those packages won't install on debian 7 or ubuntu releases?
09:45 backjlack joined #salt
09:58 zz___number5__ joined #salt
10:06 krak3n` joined #salt
10:07 krak3n` joined #salt
10:11 __gotcha joined #salt
10:11 __gotcha joined #salt
10:22 fredvd joined #salt
10:27 giantlock joined #salt
10:28 hazzadous joined #salt
10:43 fivethre1o joined #salt
10:45 Nexpro1 joined #salt
10:53 krak3n` joined #salt
10:58 test_ joined #salt
11:09 Xeago joined #salt
11:11 New_Slang joined #salt
11:13 kenbolton joined #salt
11:15 xet7 how do I require that newest packages are installed from ppa repo during highstate? http://pastebin.com/t3TRW6at
11:19 diegows joined #salt
11:23 Furao xset7: pkg.installed - latest
11:23 Furao refresh
11:24 sashka_ua joined #salt
11:29 __gotcha joined #salt
11:30 xet7 Furao: When I try to add those options, it says "Too many functions declared in state "pkg" in sls php5". What is the correct syntax?
11:34 Furao check in github.com/bclermont/states
11:34 Furao there is examples around
11:34 Furao but nothing on php (yay)
11:35 Nexpro joined #salt
11:35 djn joined #salt
11:42 Newt[cz] joined #salt
11:57 z3uS joined #salt
11:58 linjan joined #salt
12:02 oz_akan_ joined #salt
12:03 ange anyone running a salt-master as non root with a gitfs ? (ubuntu 13-x) ? cc iMil ?
12:06 twhitma1 joined #salt
12:07 twhitma1 left #salt
12:08 blakearnold joined #salt
12:08 jeddi ange: sounds like a world of pain.
12:09 Newt[cz] joined #salt
12:09 ange kinda
12:10 ange so far it's mostly errors at start up
12:10 ange [ERROR   ] Exception 'git init' returned exit status 128: fatal: unable to access '/root/.config/git/config': Permission denied occurred in file server update
12:10 Katafalkas joined #salt
12:16 logix812 joined #salt
12:17 jslatts joined #salt
12:18 timl0101 joined #salt
12:20 Furao ange: look like salt-master don't change os.environ['HOME'] = pwd.getpwnam(__opts__['user']).pw_dir
12:20 timl0101_ joined #salt
12:21 ange Furao: ok, is that something I can set in the master conf ?
12:21 Furao no, it's probably an omission in salt master itself
12:21 Furao well...
12:21 ange ok
12:22 Furao no
12:22 Furao ah yes
12:22 ange so bug report, maybe a patch then
12:22 Furao you can export HOME=/path/otheruserhome
12:22 Furao before running salt-master
12:22 jeddi with salt-cloud, what's the Best Practice suggestion on doing an apt-get upgrade and reboot prior to the build completing?  (rackspace ubuntu instances almost always want a reboot after they've been brought up to the latest set of debs)
12:22 Furao but it's an issue anyway
12:22 Furao jeddi: it's not centos, you don't need to reboot unless you update kernel/grub
12:22 ange ok, I'll create the issue, after testing setting HOME
12:23 Furao but .config/git/config is a weird path
12:23 Furao it's supposed to be ~/.git/config no?
12:23 ange probably
12:24 ange might need a mix of config file changes and env var
12:24 cron0 joined #salt
12:25 juicer2 joined #salt
12:26 ange setting the HOME var results in :
12:26 ange [ERROR   ] Exception len([]) != len(['Permission denied (publickey).', '', '', 'and the repository exists.']) occurred in file server update
12:28 Furao this error come from which module
12:29 ange don't know just serving it from the log of the master running
12:30 mnemonikk joined #salt
12:31 lemao joined #salt
12:31 rnts joined #salt
12:32 mgw joined #salt
12:32 Furao i mean
12:32 Furao is that when you launch salt-master
12:32 Furao or when you state.highstate
12:32 Furao oh I see
12:32 knightsamar is there any good guide to writing a grain ?
12:33 Furao knightsamar: github.com/bclermont/states
12:33 ange Furao: when I launch it : HOME=/home/cook salt-master start -u cook
12:33 Furao there is one there
12:33 Furao just wrote one today :)
12:33 knightsamar Furao: great! link please :)
12:33 Furao import salt.modules.cmdmod
12:33 Furao def arch():
12:33 Furao return {
12:33 Furao 'debian_arch': salt.modules.cmdmod._run_quiet(
12:33 Furao 'dpkg --print-architecture')
12:33 Furao }
12:34 Furao but check github.com/bclermont/states
12:34 Furao it's plenty of old examples
12:34 Furao that probably works
12:34 ange ?
12:34 knightsamar thanks Furao :)
12:35 Furao ange: you need to have /home/cook/.ssh/ private key to reach your git server
12:35 Furao and user cook need to owns it
12:35 Furao and permission need to be at least 600
12:35 Furao sudo -u cook git clone $url
12:35 Furao to test
12:36 Furao In my case, my salt masters always run a git server that hold all 3-4 git repos
12:36 Furao and I push into my master AND my official repo
12:37 ange strange the cloning starts then dies : fatal: unable to access '/root/.config/git/config': Permission denied
12:37 kermit joined #salt
12:37 Furao that's because sudo don't change HOME
12:37 Furao sudo -u cook bash
12:37 Furao export HOME=/home/cook
12:37 Furao git clone $url
12:39 ange I get a permission denied, it's a github private repo, the key is in the deploys list
12:40 Furao then try to ssh into github.com
12:40 Furao your url is wrong
12:40 Furao or your cook user don't have proper .ssh/$private_key
12:40 Furao ls -laR /home/cook
12:41 ange ssh and git get the same error : Permission denied (publickey).
12:41 santagada joined #salt
12:41 Furao bad URL || bad key
12:41 ange drwx------ 2 cook cooks 4096 Jun 25 12:31 .ssh
12:41 Furao or bad key's permission
12:41 ange -rw------- 1 cook cooks 1679 Jun 16 09:20 id_rsa
12:41 ange -rw-r--r-- 1 cook cooks  396 Jun 16 09:20 id_rsa.pub
12:41 Furao and in .ssh ?
12:41 Furao and url?
12:42 ange git@github.com:Arbousier/salt-master-1.git copied from github
12:42 tpe11etier joined #salt
12:45 Furao ssh -v -i /home/cook/.ssh/id_rsa -p 22 git@github.com
12:46 ange ok passed, auth but no logged in
12:46 ange found the problem I think
12:48 ange ok, it was a identify file line I did not update
12:48 Furao :P
12:48 ange but launching the salt master , the error is still there
12:48 Furao surement pas la meme erreur
12:49 ange [ERROR   ] Exception len([]) != len(['Permission denied (publickey).', '', '', 'and the repository exists.']) occurred in file server update
12:49 ange HOME=/home/cook salt-master start -u cook
12:50 Cipher-0 joined #salt
12:50 jeffrubic joined #salt
12:51 Furao je sais pas trop, personnellement je modifierais le code de gitfs.py pour trouver quel clef il utilise
12:52 ange oh my
12:54 Cipher-0 Que?
12:55 ange so right now it seems to be working only for public repositories or masters running as root
12:55 ange ?
12:56 fredvd joined #salt
12:56 Furao Cipher-0: solo hablamos de gitfs :P
12:56 ange ok, another entry in the ssh config file was causing trouble, strange that it did check that one
12:57 Cipher-0 No entiendo Espanol muy bien, habla Engles?
12:58 Furao Cipher-0: yes we all speak english here
12:58 Furao you said "Que?"
12:59 auser joined #salt
13:01 oz_akan_ joined #salt
13:05 ange Furao: considering the amount of trouble I am facing trying to run unprivileged should I understand that most of you run the salt master as root ?
13:06 m_george|away joined #salt
13:06 Furao ange: I don't see the point to run a salt master as non root, as it's mostly useful to manage the whole host and not just a single user
13:07 Furao sorry
13:07 Furao I read MINION
13:07 anteaya joined #salt
13:07 Furao well I don't know anyone who run master as non-root
13:07 mikedawson joined #salt
13:09 dcrouch joined #salt
13:09 LyndsySimon joined #salt
13:09 karlp Furao: only because it doesn't work properly.
13:09 karlp why _should_ I run it as root?
13:10 karlp ange: yes, I run it as root, because despite the docs, it didn't work properly trying to run it as non-root
13:11 Furao but yes, there is no good reasons to run it as root
13:11 Furao in fact, by default the master should run as non-root
13:11 karlp but you seem to just have general key problems with github, not salt master as root problems...
13:11 karlp Furao: by default since when?
13:11 jeddi ange: non-root usage comes up in here periodically, and on the mailing list .. it's why i said 'sounds like a world of pain' when you mentioned it .. it doesn't seem to be a well-catered for permutation.
13:11 Furao it SHOULD not it is :)
13:11 karlp ahh :)
13:12 ange grumbl it checks an old repo
13:12 ange why why why
13:12 jeddi ange: what problems are you trying to solve by avoid running as root?
13:13 ange jeddi:  I come from a time where running daemons as root was enough to get thrown through the door by senior admins
13:14 karlp jeddi: otherway round, things don't work as non-root, was seeing whether running as root would fix them :)
13:14 jeddi ange: so precedent, then?
13:14 santagada joined #salt
13:15 ange so I going back to running it as root, only to find that somehow, it kept the old repo url somewhere
13:15 DerekRBN joined #salt
13:16 Furao ange: check your gitfs_remotes
13:16 Kholloway joined #salt
13:16 m_george left #salt
13:18 ange Furao: I did, it's the new one there
13:20 Furao rm -rf /var/salt/master/gitfs
13:20 Furao restart master
13:20 Furao no sorry
13:21 Furao it's /var/cache/salt/master/gitfs
13:24 timl0101 joined #salt
13:24 racooper joined #salt
13:30 Cipher-0 left #salt
13:31 blee joined #salt
13:31 blee is there anywhere where theres a complete list of matchers and how you are able to use them in the top file targeting?
13:32 blee I see examples where people use match: grain, but i cant seem to find that in the wiki at all
13:35 jeddi i'm trying to use a jinja template for a single variable into a new text file on my minions .. and i'm getting errors about 'StrictUndefined' and 'StrictUndefined'    -- code i'm using is   http://rn0.ru/show/8DNDbVopii1lx0S6xwd2/
13:35 jeddi i've done something similar with the source: fall-through stuff .. but this is the first time i've tried to pass parameters into jinja.
13:35 jeddi oh - is it the hyphen in the variable name?
13:35 blee is jeddicorp-hostname a grain?
13:36 jeddi flippin' heck - it *is*.
13:36 jeddi blee:  no - it's something i'm setting there with the variable name .. that's how you're able to pass it ot the jinja template.
13:36 Furao it try to do jeddicorp - hostname
13:36 Furao as a math operation
13:36 jeddi it turns out it *is* the hyphen - changing it to jeddicorp_hostname fixes it.
13:36 Furao blee: it's a default or context value
13:36 jeddi Furao: in yaml?  inneressing.   thought it would only try to do maths ops if it was in {{ }} tags ... ?
13:36 blee lost me, and i feel really dumb for it :P
13:37 Furao put jeddicorp-hostname under context
13:37 jeddi blee: https://groups.google.com/forum/#!topic/salt-users/NNnFHOgkyg0  is the example i stole -- it's very simple - just i haven't trie dot use templating yet for my managed files.
13:37 Furao it's not a good idea to put that tere
13:37 Furao there
13:37 jeddi Furao: context?
13:37 jeddi Furao:  thomas hatch himself gave that code as an example!  ;)
13:38 jeddi (reading subsequent messages)
13:38 jeddi ah, just a sub-para for context:  .. got it.
13:38 blee oh, i didnt know you could do that
13:38 blee cool
13:38 Furao search context in all the thread
13:38 jeddi Furao:  got it :)
13:38 jeddi Furao: guessing that's so you don't get bitten by future reserved words?
13:38 Furao or check github.com/bclermont/states for plenty of examples
13:39 Furao I found some reserved keywords
13:39 Furao they had to update the doc because of me
13:39 jeddi Furao: curiously i had followed that link about an hour ago from saltstarters .. and hadn't got back to it -- http://saltstarters.org/example/bclermont/states
13:40 jeddi i'm actually doing this as i procrastinate about configuring a state to give me an sftp box.
13:40 jeddi Furao: so you're basically saying you're a troublemaker, eh?
13:40 Furao well I open around 50 issues in salt so far :)
13:41 xt Furao ftw!
13:41 blee lol
13:41 Furao last time i checked i was in top 15 contributers
13:41 jeddi i'm sure github used a big int for issue #'s. :)
13:41 Furao even if I don't contribute that much
13:42 Furao I wrote a testing tool for salt states and it helped me found a lot's of bug in my own states and salt itself
13:44 ange is there a command to know which minions are up to date ?
13:44 Furao ange: up to date on what?
13:44 LyndsySimon left #salt
13:44 ange I have some sls files in the repository, new ones
13:45 ange I 'd like to check if the minions have applied them yet or not
13:45 jeddi state.show_sls ?
13:45 Furao state.highstate test=True
13:45 ydavid joined #salt
13:45 jeddi salt '*' state.show_highstate ?
13:45 jeddi might be verbose.
13:46 jeddi I tend to do what Furao just mentioned - test=True on a highstate
13:46 nrub joined #salt
13:46 Furao maybe I should use show_highstate
13:46 jeddi Furao: not sure if it's better.  it's certainly *longer* .. so it's handy if you've got logging turned off .. and there aren't any changes.
13:46 jeddi less paranoia-inducing.
13:47 ange is there a way to list sls files that are known by the master ?
13:47 jeddi ange:  du -a
13:47 jeddi ange: sorry.   uhm.  you mean that will be acted upon for a given host or set of hosts?
13:47 ange I want simply to know if the master properly loaded the files that are in the repository
13:48 jeddi ange: don't know.  this section, and the rest of that page, may have some insight.  http://docs.saltstack.com/ref/modules/all/salt.modules.state.html?highlight=sls#salt.modules.state.show_sls
13:50 Furao ange: if you use gitfs no
13:50 santagada joined #salt
13:50 Furao well maybe by looking into /var/cache/salt/master/gitfs/refs
13:50 Furao I think
13:50 danielcharles joined #salt
13:50 ange oh my
13:51 JasonSwindle joined #salt
13:51 JasonSwindle Howdy, all
13:52 jessep joined #salt
13:53 bezaban joined #salt
13:53 Furao don't stress about the number of .sls
13:53 Furao ~/sandbox/salt find . -type f -name '*.sls' | wc -l     552
13:54 Furao almost 21 000 lines
13:54 Furao if you start wondering which state your master need to apply, you'll be stressing a lot :P
13:54 ange no, it's just sounds like an archaic way
13:55 ronc joined #salt
13:55 ange and the command tells me it's installed but the minion still miss the program
13:55 Furao miss the program?
13:55 Furao ça sa fait français :P
13:55 ange https://gist.github.com/mcansky/4e79296c4ccbe45c4ab8
13:56 shiznit joined #salt
13:57 Furao not sure I understand the problem
13:58 ferai joined #salt
14:00 jrgifford__ joined #salt
14:00 rnts_ joined #salt
14:01 johnsocp_ joined #salt
14:01 ange not sure I understand salt's basics
14:01 elements joined #salt
14:03 krak3n` joined #salt
14:03 gwar99991 joined #salt
14:05 Furao welcome to where most of us went trough
14:06 Furao at least you got better doc and examples than last year
14:07 baniir joined #salt
14:08 ncjohnsto joined #salt
14:08 ange Furao: .)
14:09 chjohnst_work joined #salt
14:09 aberant joined #salt
14:11 Furao yay rains
14:12 Furao the sporadic rain that is expected to fall in parts of Selangor, Kuala Lumpur and Perak will not bring much relief as winds will eventually blow the haze back into place.
14:12 Furao :(
14:13 ange so once I have pushed new commits to the repository and the salt-master got hold of them, how are the minions supposed to get the changes ?
14:14 Furao ange: you can configure minion to run state.highstate on specific schedule
14:14 Furao but give you time to have stable states :P
14:14 Furao I still don't do that myself
14:15 Furao changes in gitfs will be available in < 60 seconds
14:15 Furao unless you change the frequency of I don't remember which settings in master
14:16 Furao and then you can run state.highstate
14:16 ange ok
14:16 Furao you can speed up the process with restart salt-master
14:16 Katafalkas joined #salt
14:16 kcb joined #salt
14:16 Kamal_ joined #salt
14:16 utahcon joined #salt
14:16 rizumu joined #salt
14:16 ange so under 10 min or so, the minions do get the new stuff installed on their own, right ?
14:17 Furao if you make state.highstate run each 10 minutes
14:17 Furao but I don't recommend it so soon
14:19 kho joined #salt
14:20 ange 'No Top file or external nodes data matches found'
14:20 kho joined #salt
14:20 Furao your top.sls don't match any state
14:22 ange ack
14:22 mgw joined #salt
14:23 santagada joined #salt
14:27 ange thanks
14:28 bhosmer joined #salt
14:28 p3rror joined #salt
14:28 kaptk2 joined #salt
14:29 danielbachhuber joined #salt
14:32 anteaya_ joined #salt
14:33 danielbachhuber- joined #salt
14:34 JasonSwindle Is 0.16.0 out, or in testing?
14:34 anteaya__ joined #salt
14:34 JasonSwindle I see the 0.15.9 is out...
14:35 Katafalkas joined #salt
14:35 kcb joined #salt
14:35 Kamal_ joined #salt
14:35 utahcon joined #salt
14:35 rizumu joined #salt
14:36 nrub joined #salt
14:37 ningujoan joined #salt
14:37 magmatt left #salt
14:40 Guest98593 joined #salt
14:40 kallek_ joined #salt
14:41 shiznit1 joined #salt
14:41 jpcw_ joined #salt
14:41 Furao https://github.com/saltstack/salt/tree/0.16
14:41 Furao wait for 0.16.1 :P
14:41 mikedawson_ joined #salt
14:42 Furao https://github.com/saltstack/salt/tree/v0.15.90
14:42 Sypher|NL joined #salt
14:42 cwright_ joined #salt
14:42 aleszoul3k joined #salt
14:42 jafo` joined #salt
14:43 pt|Zool_ joined #salt
14:43 opapo_ joined #salt
14:43 Katafalkas joined #salt
14:44 Kzim joined #salt
14:44 Kzim hi
14:45 jalbretsen joined #salt
14:47 lmnts joined #salt
14:49 Tekni joined #salt
14:49 felixhummel joined #salt
14:49 dave_den_ joined #salt
14:49 Gifflen joined #salt
14:49 rnts joined #salt
14:50 Gifflen joined #salt
14:50 scott_w joined #salt
14:51 oz_akan_ joined #salt
14:51 ninkotech joined #salt
14:51 Teknix joined #salt
14:51 octarine joined #salt
14:53 Vivek joined #salt
14:53 ioni joined #salt
14:54 evax joined #salt
14:55 abe_music joined #salt
14:55 scooby2 joined #salt
14:56 Lucas joined #salt
14:58 tseNkiN joined #salt
14:59 alazylearner joined #salt
14:59 ronc joined #salt
15:00 MrTango joined #salt
15:01 krak3n` joined #salt
15:02 StDiluted joined #salt
15:05 kaptk2 joined #salt
15:07 fmedery joined #salt
15:07 blakearnold joined #salt
15:08 whiskybar joined #salt
15:09 Newt[cz] joined #salt
15:09 basepi JasonSwindle Furao:  0.15.9 is the RC for 0.16.0
15:09 basepi 0.16.0 will be the equivalent of *.*.1 from previous releases.  =)
15:11 JasonSwindle sweet!
15:11 KennethWilke joined #salt
15:11 basepi We hope to have 0.16.0 out in the next week or so -- we're just trying to get more people to download and test the RC
15:12 emocakes joined #salt
15:12 ningujoan left #salt
15:13 nrub What's new in the RC?
15:14 sashka_ua basepi: salt has a lot of issue, I just not sure how to test em
15:14 sashka_ua of issues
15:15 jeddi basepi: and salt-cloud 0.8.9 is going to be synced with the salt 0.16 release, right?
15:15 basepi jeddi: afaik yes
15:16 basepi sashka_ua: i don't think there are any game-breakers in the RC, we just need people to test the release so we can catch game-breakers before the actual release, if that makes sense
15:16 chrisgilmerproj joined #salt
15:17 basepi nrub: quite a few things -- the biggest two features are probably multi-master support and the prereq requisite:  http://docs.saltstack.com/topics/releases/0.16.0.html
15:17 basepi and many many bugfixes, as usual.  =P
15:18 basepi now that we have both me and terminalmage more or less full-time on bugs, we're slowly catching up. =)
15:21 StDiluted basepi, when is VPC support slated?
15:21 basepi Not sure -- right now we're just playing catch-up on bugs -- the number of open issues labeled "bug" on the tracker is unacceptable
15:22 basepi Also, that's not my wheel-house, so I'm not sure.  =)
15:22 StDiluted understood. I think I have some ways around needing it, but I would love to see salt-cloud be able to bootstrap inside a VPC
15:22 basepi Definitely.
15:22 basepi I'll ask Joseph when I see him
15:23 baniir joined #salt
15:23 tommyfun joined #salt
15:26 jpeach joined #salt
15:27 jschadlick joined #salt
15:27 andy____ joined #salt
15:27 EugeneKay I'm pondering a pillar script to make dealing with pillar a lot saner
15:28 andy____ Hello. I need to download a file using some custom code to pass authentication credentials
15:28 toastedpenguin joined #salt
15:28 jeddi EugeneKay: very meta :)
15:28 EugeneKay Eg, Rather than calling saltutil.refresh_pillar, I can just `pillar [$HOSTNAME] refresh`
15:28 jeddi EugeneKay: oh - a wrapper - yeah, that'd make sense.
15:28 toastedpenguin anyone have an example of managing DNS e.g /etc/resolv.conf via salt?
15:28 andy____ Is there an easy way I can subclass salt.states.file and somehow refer to it in an init.sls file?
15:28 EugeneKay Ya. Knocking something together in bash now
15:29 EugeneKay toastedpenguin - yeah, sec.
15:29 toastedpenguin using this to compare my puppet testing as I just stumbled upon salt stack yesterday
15:30 Newt[cz]1 joined #salt
15:30 KennethWilke toastedpenguin: i hope you enjoy your adventure
15:31 ange http://docs.saltstack.com/ref/states/all/salt.states.rbenv.html < is this a module included by default ?
15:31 toastedpenguin EugeneKay: awesome, I havent started officially using puppet so I would like to compare what I have done to what salt looks like
15:31 EugeneKay toastedpenguin - https://gist.github.com/EugeneKay/c4496379b1f3362bff1e
15:31 EugeneKay then in Pillar I have defined network.v4dns and .v6dns(or not....)
15:33 toastedpenguin one of my hurtles with puppet is that I have 3 data centers, and I tried to use the options rotate so I could use the same resolv.conf but I keep reading rotate doesnt always work, least not in rhel/centos
15:33 toastedpenguin so I decided I needed 3 different resolv.conf so I am not beating the @#$% out of one DNS server
15:33 toastedpenguin and that got messy
15:33 toastedpenguin using puppet
15:33 toastedpenguin at least for a noob
15:34 whiskybar joined #salt
15:34 KennethWilke toastedpenguin: a setup similar tor what EugeneKay provided would probably work well, you could have data in pillar for each DC
15:35 Newt[cz] joined #salt
15:35 KennethWilke and a template file for resolv.conf that works for all of em
15:35 toastedpenguin guess I need to read up on pillar
15:36 KennethWilke it's very handy, http://docs.saltstack.com/topics/tutorials/pillar.html this is a good doc to get started with it
15:36 wendall911 joined #salt
15:36 KennethWilke i dont have any public examples but i use it to manage the nodes that are in rotation for prod/dev
15:37 toastedpenguin does it make sense to have a bunch of sub dir for the different types, e.g. data center + prod/dev/stage/ops etc., is that recommended?
15:37 KennethWilke they use the same base nginx config, but i have a prod and dev environment with a list of hostnames for the nodes
15:38 seb_ joined #salt
15:38 KennethWilke in my experience salt has been very flexible, if that's what make the most sense for what you need out of it it'll be fantastic
15:39 oz_akan__ joined #salt
15:39 imil_ joined #salt
15:39 Gifflen_ joined #salt
15:39 KennethWilke i only work out of a single dc for my environment, so i haven't had to deal with that issue
15:40 gisli left #salt
15:40 JasonSwindle KennethWilke: Going by name now?
15:40 MTecknol1gy joined #salt
15:40 toastedpenguin ya my env is a little complex in that regard
15:40 farra joined #salt
15:40 rnts_ joined #salt
15:40 akio1 joined #salt
15:41 luminous_ joined #salt
15:41 frankfurter joined #salt
15:41 LordOfLA|Broken joined #salt
15:42 _ioni joined #salt
15:42 ams_ joined #salt
15:42 t0rrant_ joined #salt
15:42 milind joined #salt
15:42 KennethWilke in your situation, and i say this in full ignorance of your infrastructure, i'd probably use environments like prod/dev/stage/ops and then have endpoint configs for each DC
15:42 jeddi toastedpenguin: do your hostname contain a reference to the DC that they reside in?
15:43 EugeneKay Here's a first stab at `pillar` https://gist.github.com/EugeneKay/5859530
15:43 EugeneKay Handles the two things I find myself arguing with the most
15:43 jeddi EugeneKay: needs moar python :)
15:43 KennethWilke JasonSwindle: yeah i usually do it by name
15:43 EugeneKay Sure does.
15:44 ams_ Hey, is it possible to test if a particular cloud provider options are correct? I've been trying to launch an instance on EC2 and salt just says "killed". Log does not show anything either
15:44 ams_ rackspace seems to work fine
15:44 jeddi KennethWilke: i mean - can you programmatically identify the DC based from the name?   for example i use a nomenclature of SS-function-Txx - SS is a two-char site code (RS for our rackspace intsances, for example), T is type (prod, dev), xx is numeric starting at 01 .. so I can determine where  a box is from its name.
15:44 jeblair_ joined #salt
15:45 toastedpenguin jeddi:  yes
15:45 __d10n__ joined #salt
15:45 toastedpenguin something like ptc01-dc.doma.in
15:46 jeddi toastedpenguin: sorry - misdirected :)   then it should be relatively painless to point each box towards its nearest dns i think.
15:46 KennethWilke ^ +1
15:46 toastedpenguin p for production, tc for tomcat, 01 then dc = initial for data center
15:46 jeddi toastedpenguin: lovely.
15:46 KennethWilke then salt shall make your targeting easy
15:46 KennethWilke :p
15:46 wyrd1 joined #salt
15:47 Vivek joined #salt
15:47 drogoh joined #salt
15:48 jeblair joined #salt
15:48 toastedpenguin jeddi: so I have 3 DNS clusters (2 PDNS servers sharing a VIP), one in each DC, and I have VPNs going between so there is redundancy in case a DNS cluster fails and i have all 3 listed in resolve.conf
15:48 toastedpenguin but if you are in dc1, then the first listed should be its own dns cluster vip, dc2 its own and so on
15:49 jeddi toastedpenguin: i haven't had to deal with something like that before, but it sounds reasonable.
15:50 Kholloway joined #salt
15:50 jeddi if there's only three permutations then I'd probably go the lazy way and just have the three files, rather than trying to construct each file dynamically.
15:50 toastedpenguin our app's backend uses cassandra so all 3 DC make up a cluster, so each data center is a backup for the others
15:50 KennethWilke or one file with a data structure representing what you want
15:50 toastedpenguin ya that is what I was thinking
15:51 jeddi toastedpenguin: not sure how much you've read up yet on grains, identifying / grouping servers, and the salt fs ..
15:51 toastedpenguin being a noob I was going to attempt the easy route and grow to the more complex
15:51 aberant joined #salt
15:51 jeddi ooh .. cassandra.   i've been pondering building a cass cluster via salt.
15:51 UtahDave joined #salt
15:51 jeddi toastedpenguin: so if i were doing that, i'd have three files located at master:/srv/salt/fs/etc/resolv.conf.dc[123]
15:51 toastedpenguin its easy to install it on centos since there is a repo....lol
15:52 jeddi (for example).   and 'dc1' would be identified via a grain, say, so in the state file you source: salt://fs/etc/resolv.conf.{{grains['dc']}}
15:52 jeddi or similar.
15:52 jeddi toastedpenguin: much fun awaits.
15:52 toastedpenguin ah ok
15:53 jeblair joined #salt
15:53 jeddi toastedpenguin: cass is prett straighforward, yeah - i haven't played with it since version 0.6.6/7 .. it was a bit of a pain to do the random partitioner and make dynamic changes to the cluster .. i gather with 1.2 (?) it's not quite as painful.
15:53 toastedpenguin not at all
15:54 kaptk2 joined #salt
15:54 jeddi actually my boss periodically makes grunty noises about building up a hadoop cluster that we can drop and recreate 'easily'.
15:54 jeddi a salt project for another day.
15:56 KennethWilke toastedpenguin: i think i'd try something like https://gist.github.com/KennethWilke/5859637
15:56 StDiluted would a micro instance be sufficient for testing salt out?
15:56 KennethWilke this would use a dc grain similar to what jeddi suggested
15:57 toastedpenguin interesting
15:57 toastedpenguin ok, that is also helping me get a general feel for salt
15:57 KennethWilke there's a lot of flexibility in how you can go about defining the states
15:59 UtahDave jeddi: hopefully auser can opensource his hadoop Salt magic soon
15:59 ange how to check if a module is installed ?
15:59 KennethWilke UtahDave: is there some openstack salt magic?
15:59 UtahDave StDiluted: yes, a micro instance is fine.  Just don't try to connect 10,000 minions to it
16:00 StDiluted nah, not planning on that
16:00 StDiluted thanks
16:02 pcarrier joined #salt
16:02 jeddi UtahDave: hopefully i can avoid having to do anything with hadoop too :)
16:02 UtahDave :)
16:02 jeddi KennethWilke: salt-cloud
16:02 KennethWilke salt-cloud doesn't help me deploy openstack
16:02 KennethWilke just helps me use it
16:02 UtahDave KennethWilke: LOTS of people use Salt with their openstack setup. We have a bunch of openstack configs templated in our salt-formulae repo
16:02 jeddi KennethWilke: oh - *deploy* rather than *use* openstack magic :)
16:03 jeddi gotcha.
16:03 UtahDave we don't have an official SaltStack OpenStack deploy...   yet.
16:03 KennethWilke UtahDave: kk cool i will check that out
16:03 KennethWilke jeddi: but yes salt-cloud is wonderful :)
16:04 KennethWilke devstack however...
16:04 KennethWilke less wonderful
16:07 jeddi next on the list is working out how / what / why on using saltstack with lxc.
16:08 faust joined #salt
16:08 luminous_ joined #salt
16:11 carlos joined #salt
16:12 Newt[cz] joined #salt
16:12 APLU joined #salt
16:12 up_the_irons joined #salt
16:12 jgelens joined #salt
16:12 neilf joined #salt
16:12 mfournier joined #salt
16:12 chutzpah joined #salt
16:13 UtahDave jeddi: I can't remember exactly who, but I know someone here in IRC was doing a lot with Salt and lxc
16:13 Newt[cz] joined #salt
16:14 KennethWilke if i had my way with my current project there'd be a lot of that for me :(
16:14 whiskybar joined #salt
16:14 brutasse_ joined #salt
16:14 z3uS| joined #salt
16:14 vendingo joined #salt
16:14 ange anyone have experience with the rbenv module ?
16:15 ange I can't get my head around how to use it
16:15 UtahDave neither can I!  ;)
16:16 ange ok, got another way to get a proper rbenv installed on a minion ? (preparing a ruby hosting set)
16:16 ollins_ joined #salt
16:16 kriberg joined #salt
16:17 madduck_ joined #salt
16:17 madduck_ joined #salt
16:17 carmony_ joined #salt
16:17 Kyle_ joined #salt
16:17 akio2 joined #salt
16:18 jeddi UtahDave: ooh - if you spot 'em, let me know.  there's not a lot of (obvious) hits on google for lxc + saltstack.
16:19 darrend_ joined #salt
16:19 canci_ joined #salt
16:21 oz_akan_ joined #salt
16:22 iMil joined #salt
16:22 KyleG joined #salt
16:22 dkubb joined #salt
16:23 jeffrubic joined #salt
16:23 bezaban joined #salt
16:23 Corey joined #salt
16:24 dshea joined #salt
16:24 hebz0rl joined #salt
16:26 kula joined #salt
16:26 dshea What is the preferred way of skipping post-installation questions for packages installed by apt-get on Ubuntu when installed through salt?
16:26 UtahDave dshea: I think it's to pass in the extra commands options in the  - args   field
16:27 oliv_mc joined #salt
16:27 whiskybar dshea: apt-get install -y PACKAGE but salt should do that for you IMHO
16:28 dshea whiskybar: I'm installing an ldap package which prompts for info regarding BIND DN and the like
16:28 sashka_ua basepi: I'd test this release, but its not packaged, is it?
16:28 jdenning joined #salt
16:29 gd7 joined #salt
16:31 whiskybar dshea: apt-get install -y --force-yes PACKAGE
16:31 dshea Ideally that info is already in my templatized (is that even a word ;)  managed file.  I'm going to try passing DEBIAN_FRONTEND=noninteractive as a - args, thanks UtahDave and whiskybar :-)
16:31 carmony joined #salt
16:32 gwar99991 Anybody use salt w/ an external CA such as freeipa (instead of the minion-generated keys)?
16:32 gwar99991 in this case the minions would be inherently trusted by the masters if they have a freeipa cert.
16:33 sciyoshi joined #salt
16:33 UtahDave gwar99991: Somebody on the mailing list started working on code to get that working, but I don't know where it went
16:34 dkubb left #salt
16:36 gwar99991 thanks UtahDave.
16:36 dthom91 joined #salt
16:36 gwar99991 Just out of curiosity... is salt derived from func?  I see lots of similarities in the cmd execution syntax, etc...
16:36 oz_akan_ hi, it is possible to restart salt-minion via salt formula?
16:36 dave_den dshea: use debconf
16:37 UtahDave oz_akan_: Do you mean like with a watch statement?  Or just trigger a restart?
16:37 oz_akan_ when I try there appears to be two processes running, as first one can't be stopped which is running the formula
16:37 oz_akan_ UtahDave: yes with a watch
16:37 oz_akan_ UtahDave: obviously watch method doesn't work properly
16:38 UtahDave oz_akan_: Hm. Yeah you should be able to do that. You might have to make it be the last item to be run, though
16:38 oz_akan_ UtahDave: for the reason I wrote above
16:38 LyndsySimon joined #salt
16:39 jeddi with salt-cloud, what's the Best Practice suggestion on doing an apt-get upgrade and reboot prior to the build completing?  (rackspace ubuntu instances almost always want a reboot after they've been brought up to the latest set of debs)
16:39 oz_akan_ UtahDave: http://paste.openstack.org/show/39209/
16:39 LyndsySimon joined #salt
16:39 Gifflen joined #salt
16:40 oz_akan_ UtahDave: it can't stop the running salt-minion, and starts 2nd salt-minion instance
16:40 oz_akan_ UtahDave: so it ends up having 2 salt-minions running, which breaks communication
16:41 UtahDave oz_akan_: each command is run in its own process, which was done so that Salt could restart itself.  You should be able to restart salt from the cli using the service execution module
16:41 UtahDave oz_akan_: I thought it would be possible using states, too.
16:41 oz_akan_ UtahDave: "service execution module" let me check it then
16:42 ange UtahDave: so what you using to get a proper rbenv install ?
16:42 oz_akan_ UtahDave: do you mean salt.modules.service ?
16:43 dshea dave_den: Thanks, I see there is a module salt.modules.debconfmod cool
16:43 bemehow joined #salt
16:43 UtahDave oz_akan_: yes, exactly
16:43 UtahDave ange: I install python instead.  ;)
16:43 ange meh
16:43 ange I am so tired of poorly documented stuff
16:44 bemehow hello all, I'm running into issues with yum s3 plugin and packages state
16:44 StDiluted Corey, you here?
16:44 UtahDave ange: the rbenv and rvm states were contributed by the community. We don't have any ruby experts on staff
16:44 ange I have been at it for 10 years and every year I bang my head against fresh stuff I have to document
16:44 bemehow anyone using s3 plugin to host the yum repository and pulling rpms from there
16:44 JasonSwindle joined #salt
16:44 basepi sashka_ua: not at this point.  we're trying to figure out the best way to package RCs.
16:45 oz_akan_ UtahDave: same result :( http://paste.openstack.org/show/39210/
16:45 hebz0rl hi is it possible to define a group which has every minion except one?
16:45 ange UtahDave: yeah, not much a surprise there
16:45 UtahDave sorry, ange. We do our best, but we do need improvement on our docs.
16:46 UtahDave oz_akan_: Oh, are you starting salt with   a  -d  ?
16:47 oz_akan_ UtahDave: I start with service salt-minion start
16:47 oz_akan_ UtahDave: seems like it starts with -d
16:47 UtahDave oh, ok.
16:47 danoprey joined #salt
16:47 dave_den gwar99991: afaik salt cannot use x509 certs for master/minion communication
16:47 UtahDave oz_akan_: I think this might be a bug. Salt should be able to restart itself.
16:48 dave_den i also wanted to auto-accept minions with signed certs
16:48 oz_akan_ UtahDave: do you suggest to start without -d ?
16:48 UtahDave oz_akan_: Would you mind opening an issue on this with all the details you've pasted here?
16:48 oz_akan_ ok, I will
16:48 UtahDave oz_akan_: nah, I was just wondering if there was a problem if you were starting salt manually with the -d
16:49 efixit joined #salt
16:49 UtahDave thanks, oz_akan_.
16:49 UtahDave hebz0rl: how would you define that node group?
16:49 oz_akan_ UtahDave: np, thanks for your help
16:50 kstaken joined #salt
16:50 gwar99991 dave_den: thanks, that's unfortunate.
16:50 ange UtahDave: well thanks, I'm gonna go back to some other stuff for today
16:50 hebz0rl UtahDave, i dont know exactly im fairly new to salt and i was searchig for a method to distribute a configfile to all minions except one
16:50 mollerstrand joined #salt
16:50 dcrouch joined #salt
16:51 hebz0rl UtahDave, i was thinking about a nodegroup where i can "invert" the selection and just pick that one host out of the hole minions list
16:52 dave_den gwar99991: this is all i could find: https://github.com/saltstack/salt/pull/2416
16:52 UtahDave ange: tell you what, I'll have some time tomorrow to work on the rbenv module and state if you'll help me.  I have very little ruby/rbenv experience, but maybe we could get it sorted out
16:52 zonk1024 joined #salt
16:53 UtahDave hebz0rl: Oh, yeah, you can do that.
16:53 UtahDave create a node group
16:53 UtahDave Then use a compound match with a 'not' for that nodegroup
16:54 Semen_Dickman joined #salt
16:54 Semen_Dickman SKeet Skeet bang bang nugga
16:55 hebz0rl UtahDave, great thx!
16:55 ange UtahDave: ok, that could work, what time and TZ are you thinking about ?
16:55 jpcw joined #salt
16:56 Semen_Dickman i need salt urgently please can anyone give me?
16:57 sciyoshi joined #salt
16:57 StDiluted lol, trolls common?
16:57 dave_den haters gonna hate
16:57 Semen_Dickman fuckers gonna fuck
16:57 Semen_Dickman imma nugga can i talk here?
16:57 StDiluted ignored
16:57 StDiluted lol
16:57 Semen_Dickman fuc you niggger
16:58 Semen_Dickman fuck bitch
16:58 Semen_Dickman was kicked by whiteinge: Semen_Dickman
16:59 basepi we actually have very few of those..... =P
16:59 basepi except UtahDave of course, but we can't kick ALL the trolls......  ;)
17:00 UtahDave ange: I'm looking at my calendar for tomorrow and it is really packed.  I'm Mountain time.  what tz are you?
17:00 gd7 left #salt
17:01 oz_akan_ UtahDave: https://github.com/saltstack/salt/issues/5721 is the issye
17:01 UtahDave perfect. Thanks, oz_akan_
17:01 ange UtahDave: Paris Time
17:02 oz_akan_ UtahDave: welcome
17:02 sashka_ua basepi: once I could install it with packages overwritting my current install, I'l test it and fill the bugs in case of
17:02 basepi sashka_ua: awesome!  i'll keep you posted when we get packages up
17:03 Rick1 joined #salt
17:03 Rick1 Hi all.
17:04 Rick1 What is needed to get Salt to send events, custom, for reactor?
17:04 sashka_ua basepi: :) then after testing it, I will fill bugs related to init.d wrappers. Now they just doesn't work properly in centos
17:04 basepi sashka_ua: the init scripts are broken in centos?
17:06 Ryan_Lane joined #salt
17:07 sashka_ua basepi: yes. it was broken since 0.14.* I used at the begging. first of all "-d" option, then stopping of api just doesn't kill one of two api processes, then if minion is in stuck, like 10 minion processes, it doesn't stop them. Am I right calling it broken?
17:08 mjulian joined #salt
17:08 mjulian joined #salt
17:08 sashka_ua basepi: I played a lot with "saltutil.grains" and for some reason, got minion sutck on "setval"
17:08 sashka_ua sorry, on
17:08 sashka_ua on "sync_grains"
17:09 sashka_ua it was hanging on pulling some anon_inode FD
17:09 basepi sashka_ua: sounds like you might be right, i just haven't heard anyone else complain about it.  is there an issue open?
17:09 UtahDave ange: would about this time tomorrow work for you?
17:10 jslatts joined #salt
17:10 UtahDave 11am MDT - 7PM Paris?
17:10 sashka_ua basepi: nop. I'd like to check if this fixed in upcoming release, and then report it
17:10 Lucas joined #salt
17:10 sashka_ua basepi: just a lot of stuff to do and I'd open 10 tickets per day, reporting all weirdness I face
17:10 UtahDave Rick1: to send custom events use the  event execution module.    salt-call event.fire_master 'Salt is awesome!' 'my_custom_tag'
17:11 basepi sashka_ua: understood.
17:11 basepi sashka_ua: i'll keep you posted when the packages are ready.
17:12 sashka_ua basepi: thank you very much.
17:12 blee_ joined #salt
17:12 blakearnold_ joined #salt
17:12 PBRick joined #salt
17:13 PBRick left #salt
17:13 ange UtahDave: should be ok indeed
17:13 jschadlick1 joined #salt
17:13 Alan1 joined #salt
17:14 JasonSwindle1 joined #salt
17:14 UtahDave OK, ange, I'll set that appt in my calendar.  Can you pm me your email?
17:15 KyleG1 joined #salt
17:16 Alan1 UtahDave just starting to look at the Reactors info.  So if I understand you make reactor.sls files, refer to them in the master.  But how do you get the client to tell you that the tmp directory is full for example and needs it to run?
17:16 Alan1 I assume with the event.fire you just meantioned?
17:17 bejer_ joined #salt
17:17 cwright joined #salt
17:17 rnts joined #salt
17:17 herlo__ joined #salt
17:17 minaguib_ joined #salt
17:18 Mrono_ joined #salt
17:18 bhosmer_ joined #salt
17:20 jeffrubi` joined #salt
17:20 mgw joined #salt
17:21 tommyfun_ joined #salt
17:22 UtahDave Alan1: yeah, that's correct
17:22 kula joined #salt
17:22 Corey StDiluted: Am now.
17:22 d10n joined #salt
17:22 d10n joined #salt
17:22 Rick1 joined #salt
17:22 racooper Interesting. any thoughts on why the Salt SVN module is not included with the EPEL packages?
17:22 pt|Zool joined #salt
17:22 StDiluted Corey: it's cool, I think I got it figured out. I might have questions regarding other stuff later though ;)
17:22 Corey No worries!
17:23 Alan11 joined #salt
17:23 melinath joined #salt
17:23 UtahDave racooper: It's not?
17:23 racooper hrm. I guess it is. I was probing against a server that doesn't have SVN installed at all
17:25 racooper my mistake....
17:26 Alan11 Sorry I dropped So on the minion how would I configure it to know the event needs to be fired to the master?
17:28 UtahDave Alan11: you'd probably have to set up a state that checks for that and runs a module.run for the event.fire_master
17:28 zooz joined #salt
17:28 UtahDave Alan11: we're working on a monitoring solution that will do that for you very nicely, but it's not quite production ready
17:29 twiedenbein joined #salt
17:29 jimallman joined #salt
17:29 henk joined #salt
17:29 Alan11 Hmm. I thought the reactor system would be able to see a service not running and restart or purge the tmp dir if full?  Is that incorrect?
17:29 xet7 joined #salt
17:30 jacksontj joined #salt
17:31 evax joined #salt
17:31 jeddi joined #salt
17:31 ronc joined #salt
17:31 [vaelen] joined #salt
17:32 UtahDave The reactor just listens to events coming across the event bus and looks for whatever tags you specify and then runs whatever reactor sls files you specify
17:32 N-Mi joined #salt
17:32 N-Mi joined #salt
17:32 jaequery joined #salt
17:32 N-Mi_ joined #salt
17:32 N-Mi_ joined #salt
17:32 jaequery hi guys, is salt free?
17:32 jaequery on their website it looks as if there is only paid version?
17:32 UtahDave jaequery: Yep!!  Everything is  Apache 2.0 license
17:33 mephx why doesn't a new job ran after a syncmodules that reported updated modules, use the latest module version? I'm actually restarting the minion after each sync_modules in order to be sure that I'm using the latest module version
17:34 mephx and good evening y'all =)
17:34 Kholloway joined #salt
17:34 jaequery oh sweet
17:35 jaequery why on the website no mention of open source?
17:35 jaequery only see commercial/enterprise
17:35 Alan11 I am being dense how can I get the event to come across the bus automaticly.  I see the authorization one is there a list of the built in events?
17:36 zloidemon Hello
17:37 zloidemon UtahDave: Please see it https://github.com/saltstack/salt/issues/5718 . Is it bug in debian or I've missed?
17:38 herlo joined #salt
17:39 UtahDave zloidemon: I'm not sure.  Could you email the mailing list and let's get our debian packagers involved
17:39 UtahDave jaequery: click on the community link at the top.  I agree though, we do need more talk about the open source awesomeness
17:39 dthom91 joined #salt
17:40 jaequery must be a dumb question but what does Salt bring over something like performing deployment over bash scripts?
17:40 zloidemon Ech... I perf FreeBSD. :)
17:40 jaequery i never really got into puppet/chef btw, trying to see what all the fuss is about
17:40 UtahDave Alan11: there isn't a canonical list yet.  If you run the eventlisten.py script in the tests directory of the salt repo you can watch the events go by
17:40 Alan11 Thanks
17:40 Alan11 one last question then.
17:41 UtahDave k
17:41 Kzim Hello UtahDave ! how are you ? any news on this perhaps Issue #5424 ?
17:41 UtahDave jaequery: many things.  Speed, cross platform configuration, many other things
17:41 Alan11 If i have a reactor set to start a service.  and run the event.fire from the minion will it do nothing if the service is running?
17:42 jaequery utahdave: i'm assuming there are limitations, especially given the fact bash offers you full scripting language
17:42 Rick1 jaequery the speed of remote execution and deploy is worth it just for those two items
17:42 UtahDave Kzim: It's on our todo list, but it hasn't been implemented yet.  I just assigned it to Tom to flag him on it.
17:43 jaequery for example is it possible to hit a http request to a certain url and parse the response through Salt?
17:43 UtahDave Alan11: if you're running a state on that service, then it shouldn't do anything if it doesn't need to.
17:43 Kzim UtahDave, nice thanks, do you know if he knows another ways to do this like you said on your comment ?
17:43 mgw salt.states.sysctl <- does anyone know if this ensures the setting is currently applied?
17:43 jeddi jaequery: parallelisation, bunch of infrastructure / libraries already ready to go, etc.  read about configuration management systems on wikipedia for a fuller list.
17:43 Alan11 Nice.
17:43 UtahDave jaequery: sure.
17:43 jaequery and how does it deal with things like, user prompts? when installing certain items
17:44 UtahDave mgw: It should.  If it's not doing that then it's a bugg
17:44 UtahDave bug
17:44 mgw UtahDave: I didn't try it, it just doesn't say in the docs
17:45 jaequery like installing mysql-server, it prompts you to input your password during the installation process
17:45 jaequery could you explain how does Salt get around that?
17:46 Alan11 Are there any pre made templates/examples of reactors.  Both the master entry and the sls file?
17:46 koolhead11|away joined #salt
17:46 racooper I don't know what your platform is jaequery but on centos installing a package does not prompt to configure passwords for mysql
17:46 mgw UtahDave: ok, the underlying module documents it
17:46 UtahDave jaequery: you provide that information in your salt state. Salt then uses that to answer those types of questions. Or prevent them from popping up, rather
17:47 jaequery racooper: ubuntu
17:47 UtahDave mgw: Yeah, all salt states should check if the item in question is in compliance before doing anything else
17:47 UtahDave Alan11: have you looked at the reactor doc?  There's a basic example there.
17:48 Alan11 Yes and tried to use the clean_tmp but it never worked.  Is there a way it can only clean if % full is say 85?
17:48 jaequery also going further, can salt also handle things like, automatically assigning master/slave roles on mysql?
17:49 MTecknology joined #salt
17:49 UtahDave jaequery: yes, if you set up your states correctly
17:49 jaequery like depending on which is the master node, it'll use that to setup replication to it, etc
17:49 jaequery ah cool
17:49 UtahDave jaequery: it's not completely turn-key yet
17:49 UtahDave jaequery: but you can do some awesome stuff with it.
17:50 racooper jaequery,  have you read any of the salt docs?  seems that much of what you're asking could be answered with a bit of reading
17:50 jaequery racooper: im about to now
17:50 Rick1 jaequery I would say give it a try on a small dev environment.  You will be hooked quickly.
17:51 jaequery ok
17:52 UtahDave I'll be back soon.
17:53 Alan11 So I have just readded my reactor files http://pastebin.com/ciVuB7ia
17:54 Alan11 How do I get the cleanup event to happen.
17:55 UtahDave from one of the minions:    salt-call event.fire_master 'clean up the mess!!' 'cleanup'
17:55 UtahDave Alan11: I'll be back on in a couple hours and can help you more then.
17:56 Alan11 can i do a generic salt-call event.fire_master *
17:56 Alan11 Thanks UtahDave I will look for you then.
17:57 billyw joined #salt
17:58 billyw Can anyone help me better understand how I can use pillars to limits minions' access to files and states on the master?
17:58 billyw So far, I've only use pillars to pass certain key:values to specific minions
18:00 Xeago joined #salt
18:01 Gifflen joined #salt
18:01 mikedawson joined #salt
18:02 diegows joined #salt
18:02 baniir joined #salt
18:03 zonk1024 joined #salt
18:06 baniir joined #salt
18:07 munhitsu joined #salt
18:08 Kholloway joined #salt
18:16 dosequis left #salt
18:16 _blakearnold joined #salt
18:16 Xeago joined #salt
18:19 blakearnold joined #salt
18:22 quantumsummers|c joined #salt
18:22 Kholloway joined #salt
18:24 Lucas_- joined #salt
18:33 dthom91 joined #salt
18:39 shiznit joined #salt
18:49 LyndsySimon joined #salt
18:51 kenbolton joined #salt
18:54 alazylearner joined #salt
18:57 robertkeizer joined #salt
19:03 jpadilla joined #salt
19:03 shiznit joined #salt
19:06 LarsN how would I go about doing something like:  {% for i in `ls /some/directory` %}
19:06 LarsN in a state file?
19:06 EugeneKay joined #salt
19:08 Xeago joined #salt
19:08 Corey LarsN: ...not, doing that? :-)
19:09 Corey LarsN: What're you trying to do? It sounds like a bad idea. And iterating on the output of ls is dangerous.
19:09 Corey If you have to do that, use echo instead.
19:09 LarsN i believe we're looking to add a list of files from a directory to a rendered configuration.
19:10 LarsN ccccccbhkndnbtkblkevbrrtfeegjhbihkcinjkgjttc
19:10 LarsN gah...
19:10 cbdev joined #salt
19:10 LarsN one second, while I confirm exactly what the goal is with my co-worker who asked me
19:11 cbdev hi there, is it considered 'safe' to have the master communicate with the minions over the public internet?
19:11 LarsN cbdev: the minions open a line of communication with the master
19:12 ada joined #salt
19:12 LarsN cbdev: and what I got from the training I went to a few weeks ago, it uses public/private key pairs to encrypt the data sent/received.
19:12 cbdev ok, thats what i was looking for, thanks :)
19:12 LarsN cbdev: which is to say the tunnel isn't encrypted, but the payloads are.
19:12 cbdev just could not find sufficient information by a quick search so i thought i'd just ask
19:13 LarsN I think that question got asked in four different ways of Dave when he was presenting at Texas Linux Fest.
19:13 kenbolton joined #salt
19:15 c_14 joined #salt
19:15 c_14 left #salt
19:15 LarsN Corey: so what we're working on is a way to build an rsyslog configuration.  something like:  for x in $(ls /usr/lib/cgi-bin/log)
19:16 Corey LarsN: That's probably not a good idea, to start. :-)
19:16 LarsN Corey: without having to know in advance which log files exist in that directory.
19:16 Corey LarsN: What's in that directory that you don't know about, for instance?
19:16 LarsN more importantly we're trying to get all of our custom tests to push to our logstash server.
19:16 Corey Ah, logstash!
19:16 Corey I've contributed there a bit. :-)
19:16 LarsN I've not cursed at their documentation a bit.
19:16 LarsN which is a good sign.
19:16 LarsN ;)
19:16 Corey LarsN: I'd reexamine how you're logging via rsyslog.
19:17 LarsN I "assumed" rsyslog should be able to do something similar to logrotate.
19:18 LarsN which is to say point it at a directory, and give it an extension and it'll suck things up and ship them. although I haven't looked into that at all yet.
19:18 kenbolton joined #salt
19:18 Corey LarsN: You wearing Bad Idea jeans when doing that? :-)
19:18 Corey Because it's a Bad Idea.
19:18 Corey rsyslog and logrotate aren't the same, don't conflate them.
19:19 Corey LarsN: You using imfile in your rsyslog config?
19:19 LarsN Corey: virtually everything I do, I've decided is a bad idea, waiting for a better one to come along.
19:19 Corey Sorry, I'm sounding too snarky today. :-)
19:19 LarsN Corey: currently, we have a manually tuned rsyslog configuration on each server.  We're trying to work to a place where every check instance we built is built entirely via salt-cloud + salt-master
19:20 Corey Right, which makes great sense.
19:20 LarsN which to me says. we don't need any black magic.
19:20 LarsN we should know what logs are created by $check
19:20 LarsN and be able to build the rsyslog config as necessary.
19:21 LarsN but $coworker keeps trying to solve my problems, and ignoring the ones only he knows how to fix, which leads me to asking likely stupid questions :)
19:21 LarsN on my day off no less.
19:21 chjohnst_work seeing a weird issue with the latest salt (0.15.3) where the salt-master is down and I have 100s of salt-minions running
19:21 chjohnst_work strace shows epoll_ctl with an attempted connect to the socket
19:22 chjohnst_work but unclear why I would see 100s of minions in the event the master is actually down
19:23 LarsN Corey: on a more fun note, it appears $coworker's patch for salt-cloud and hpcloud regarding public/private IP addresses got merged into the development branch.
19:23 antsygeek hm, if i execute something on all nodes, only a few respond.
19:23 koolhead11|away joined #salt
19:23 antsygeek if i re-run the exact same query, others respond
19:24 Corey LarsN: Have him write one for VPCs!
19:24 LarsN Corey: "VPCs?"
19:24 LarsN as in virtual private clouds
19:24 LarsN I'm guessing an AWS thing?
19:25 dthom91 joined #salt
19:26 Corey Yes
19:29 giantlock joined #salt
19:30 kenbolton joined #salt
19:32 N-Mi joined #salt
19:32 N-Mi joined #salt
19:32 LyndsySimon joined #salt
19:33 LarsN Corey: I suspect that's going to be at the very bottom of a rather long ToDo list
19:33 LarsN :)
19:34 Katafalkas joined #salt
19:35 dthom91 joined #salt
19:36 afx_hero joined #salt
19:36 afx_hero joined #salt
19:36 djn joined #salt
19:40 jdaggett joined #salt
19:42 terryd_ joined #salt
19:42 Rick1 MTecknology you around?
19:43 antsygeek if a host was down when i issued a remote execution command via the master, what happens? i read that the job is cached for 24hrs, but so far i didn't get a response from the host that was down
19:44 MTecknology Rick1: sort of
19:45 oz_akan_ joined #salt
19:45 UtahDave joined #salt
19:47 jlund joined #salt
19:50 triad_py joined #salt
19:52 triad_py left #salt
19:52 jschadlick joined #salt
19:54 akshayms joined #salt
19:54 bemehow joined #salt
19:56 bemehow joined #salt
19:56 oz_akan_ joined #salt
19:58 StDiluted Corey, are you there?
19:58 PentiumBug joined #salt
19:58 terryd joined #salt
20:02 aberant joined #salt
20:02 rsimpkins joined #salt
20:03 rsimpkins Hi. I have a minion that is connecting with the wrong hostname for some reason. The hostname on the machine looks correct. I've tried restarting the minion. I do not have anything defined in the minion config.
20:03 rsimpkins Any ideas how I can figure how why the minion is confused about its hostname?
20:03 efixit joined #salt
20:04 kenbolton joined #salt
20:04 dthom91 joined #salt
20:05 Alan11 UtahDave you back?
20:16 dthom91 joined #salt
20:21 racooper rsimpkins,  any entries in /etc/hosts that might be causing it?
20:22 UtahDave Alan11: Yes, just got back.  How are things going?
20:22 dave joined #salt
20:24 dave_den when using pkg.installed with the 'fromrepo' option, how do i know what the repo name is? is it a pkgrepo salt state ID?
20:26 freedave joined #salt
20:29 bemehow joined #salt
20:30 aberant joined #salt
20:33 rsimpkins racooper: I rebuilt the hosts file, deleted all the keys associated with that host, restarted the minion, and now it is correct. I don't know how it got "uncorrect" - but it may be related to host file issues.
20:34 SpX joined #salt
20:37 fragamus joined #salt
20:37 jeddi rsimpkins: are you tailing the /var/log/salt/minion log file wihle it starts up?
20:38 rsimpkins jeddi: That's a good idea. I'll check that out.
20:39 jeddi rsimpkins: you'll see what it thinks it's call, at least.
20:41 bfrog is there some way to stop a service, do a bunch of stuff, start a service?
20:42 Alan11 UtahDave great.  I am trying to get this to run now.  I have gotten reactors to touch a file now I want to find and delete files.
20:42 Alan11 http://pastebin.com/htFsw48n
20:42 bfrog I just want to order a bunch of config templates to happen between stopping and starting a service
20:42 oz_akan_ UtahDave: about minion not restarting properly, I created a cronjob which can restart minion properly
20:42 oz_akan_ UtahDave: I wanted to add a salt-call in the bash script which will remove the cronjob, salt-call state.sls minion.disable_restart
20:43 UtahDave bfrog: you'll probably want to use either a prereq for stopping the service and then a require to start it again, or use an overstate
20:43 oz_akan_ UtahDave: I found that I can't call salt-call within a bash script, it hangs.. any idea about how to run salt-call in a bash script?
20:43 KennethWilke oz_akan_ are you using debian?
20:43 oz_akan_ KennethWilke: redhat
20:43 UtahDave oz_akan_: you might need to add the --async option so that salt-call doesn't wait
20:43 zooz joined #salt
20:44 KennethWilke ah, i think there's something wrong with the initscripts for some distros
20:44 oz_akan_ UtahDave: let me try
20:44 KennethWilke i have that same issue on debian boxes oz_akan_
20:44 KennethWilke but not on ubuntu or gentoo boxes :\
20:44 bfrog I can't just order things?
20:44 UtahDave Alan11: is that pastebin not working?
20:44 bfrog sigh, time to write up like 10 requires
20:44 bfrog for files
20:44 UtahDave bfrog: sure, you can use the  - order   option
20:44 oz_akan_ KennethWilke: must be something with the environment
20:44 thaddusmt joined #salt
20:45 Alan11 No is there a way to see the command that is being past to the minion?
20:45 oz_akan_ KennethWilke: I already wasted 2 hours..
20:45 KennethWilke oz_akan_ i know the feeling, i gave up when i saw it work on other distros without an issue
20:46 KennethWilke i just restart the service manually on those boxes
20:46 oz_akan_ UtahDave: salt-call doesn't seem to have --sync
20:46 oz_akan_ --asyn
20:46 bfrog also is there a way to just copy a whole directory of files
20:46 KennethWilke bfrog: http://docs.saltstack.com/ref/states/ordering.html#the-order-option
20:46 oz_akan_ KennethWilke: all started as I wanted to use mine which requires a change on all minion configurations
20:47 KennethWilke bfrog: yeah i think theres a file.recursive or something similar
20:47 KennethWilke bfrog: http://docs.saltstack.com/ref/states/all/salt.states.file.html#salt.states.file.recurse
20:47 oz_akan_ KennethWilke: now I need to restart minion, as there is a bug there, I invented cronjob trick, i am almost done, except salt-call
20:47 xet7 joined #salt
20:47 bfrog also debugging ordering sucks
20:47 bfrog took me 2 hours yesterday to sort out all the requires
20:47 UtahDave bfrog: use file.recurse to copy down a whole directory
20:47 KennethWilke ok_akan_ yeah mine was for modules on the salt-minions
20:48 bfrog and even then I wonder if I'm right or if I'm just getting lucky
20:48 bfrog because the only real way to to tell is vagrant destroy && vagrant up
20:48 bfrog unless there's some nicer way of doing it
20:49 Gifflen joined #salt
20:49 xet7 Is it possible to make deployment and rollback with saltstack?
20:49 KennethWilke i had issues with my require's when i was trying to convert existing chef stuff to salt
20:49 bfrog but yeah, that takes a lot of time to debug stuff like "shit, nginx is running without the 10th vhost file"
20:49 KennethWilke but i think as i've gotten away from that way of thinking i haven't had the problem as much
20:49 bfrog because I forgot to setup that 10th vhost file as a watch of the nginx service or something
20:50 UtahDave xet7: typically you'll create your own states to rollback
20:51 KennethWilke bfrog: yeah that kinda stuff can be tricky, with nginx i use pillar to control what files should be included, then i have my state loop over the files the lb should have in nginx's conf.d
20:52 beardo__ joined #salt
20:53 bfrog starting to think ordered operations using programming style top down ordering > parallel operations using make like depends, but might be my particular case at work here like I said, salt has been a joy besides that
20:54 oz_akan_ KennethWilke: I did it, let me paste somewhere for your reference
20:56 oz_akan_ http://paste.openstack.org/show/39228/
20:57 oz_akan_ some of the environment values are not needed
20:58 JasonSwindle joined #salt
20:59 kaptk2 joined #salt
21:02 thaddusmt Hello - I am struggling with pillar configuration for multiple environments. If I create separate pillar file roots (/srv/pillar/dev) do I need to place a top.sls pillar file in each?
21:02 thaddusmt Or is the top.sls file only in the base pillar dir?
21:02 Alan11 Woohoo got my reactor working.  Now how to find a way to know when I need it to run on the minion
21:02 jpeach_ joined #salt
21:03 auser joined #salt
21:03 auser hey all
21:03 auser UtahDave: hey dude
21:05 bluemoon joined #salt
21:06 dfaught joined #salt
21:06 dfaught left #salt
21:07 bfrog Any thoughts on how to keep track of some variables for the whole state and use that to fill in a file like /etc/hosts
21:08 Alan11 Utah so if I want to restart a service in reactor would it just be service.service.restart in a sls?
21:08 auser bfrog: yeah
21:08 bfrog I have a bunch of vhosts that I want to set in the /etc/hosts file so dns stuff works localhost wise
21:08 bfrog depends on what gets installed though
21:08 auser i have a tool for tht
21:08 auser that
21:08 auser sec
21:08 bfrog not just part of salt?
21:08 bfrog :(
21:08 bfrog k
21:08 auser it is part of salt
21:09 auser it's a state
21:09 auser so keeping all the hosts as a name in the local /etc/hosts, right?
21:10 nrub joined #salt
21:10 bfrog yeah
21:10 bfrog like I install app1 I'd like to have app1.local as part of the 127.0.0.1 hosts line
21:11 auser yep
21:11 auser a tad messy (didn't clean it up yet): https://gist.github.com/auser/5862447
21:11 auser and it depends on
21:11 auser https://gist.github.com/auser/5201567
21:13 auser had to use the cmd state for the time being as host itself doesn't handle old ips
21:13 auser so if you kill a machine and start a new one with the same name, the hosts file won't change and it'll still keep and prioritize the old one
21:13 auser I opened a ticket for that case
21:14 bfrog ah I see, so just adding a state module for this then basically?
21:16 thaddusmt It appears I need to have a separate pillar top.sls file for each environment. So unlike the state files, all pillar environment files are not compiled together.
21:17 thaddusmt Is there any way to share some pillar data between environments?
21:18 auser I did bfrog, yes
21:18 bfrog so going back to this vhosts thing, is there a way to have nginx reload/restart as I add vhosts without having a big long watch: .... list
21:19 auser you can extend per vhost
21:19 auser that's how I do it
21:19 bfrog like I have salt/app1/init.sls salt/nginx/init.sls salt/app2/init.sls etc
21:19 UtahDave thaddusmt: no, you don't have to.  If you have multiple top files they all get merged into one big dict
21:19 bfrog does that require that include stuff or... whats with the include stuff anyways
21:19 mikedawson_ joined #salt
21:19 bfrog should read about that...
21:20 bfrog I guess I'd need to include: nginx or whatever, and extend the watch then
21:20 bfrog auser: is that basically what your doing now?
21:21 auser yep, it is
21:21 auser exactly
21:24 thaddusmt @UtahDave: Hmm, if I have my minion's environment set to 'dev', it does not appear to read the pillar files out of any directory except the 'dev' pillar root. The vars in /pillar/base/top.sls do not appear when I run pillar.data
21:26 thaddusmt Maybe I should be targeting my pillar data based on hostname instead of 'environment'
21:28 thaddusmt Also, the 'webserver*dev*' syntax described for the state top files doesn't appear to work for pillar top files. Huh.
21:30 AviMarcus joined #salt
21:30 jessep joined #salt
21:32 ange are all modules installed by default (the 'built in ones' from http://docs.saltstack.com/ref/modules/all/index.html#all-salt-modules)
21:32 ange ?
21:32 dzen somes are dsabled
21:33 dzen because they're missing some dependancies
21:34 shiznit joined #salt
21:35 ange dzen: what are you doing here ?
21:35 ange \o/
21:36 dzen ange: lurkin' on the internet
21:36 bemehow has anyone tried to achieve file.state that will add entry when not present without grepping in shell?  Tried with FILE: file.append: -text: "" -unless: grep test FILE
21:37 SEJeff_work bemehow, file.append should check for you if it is already there or not
21:38 dzen SEJeff_work: oh ahi
21:38 dzen hai
21:38 bemehow but this would only look at the end of the file, wouldn't it?
21:38 bemehow I can't guarantee the state of the file before run.. Was thinking about the functionality of file.append_if_not_exist:
21:38 SEJeff_work bemehow, Nope don't believe so
21:38 SEJeff_work thats how file.append works
21:38 SEJeff_work I believe
21:40 bemehow SEJeff_work: rigth ! just looked at docs for file.append
21:40 bemehow great :)
21:40 SEJeff_work :)
21:40 bemehow txh
21:40 SEJeff_work We've gotcha covered
21:40 guerrilla_imp joined #salt
21:42 bfrog auser: sweet, got it working
21:42 bfrog still fast too
21:42 bttf joined #salt
21:42 auser nice
21:42 auser :)
21:44 nrub joined #salt
21:48 thaddusmt If I set an environment in the minion config file, I can't access any of the pillar data in the base pillar root - am I doing something wrong? Or do I need to create a pillar root for each environment?
21:49 bttf the quick install... wget -O - http://bootstrap.saltstack.org | sudo sh ...how can i make sure it installs the master and not the minion ?
21:50 StDiluted does the salt://whatever nomenclature refer to both /srv/salt and /srv/pillar?
21:50 auser just fyi bttf, I use salt to control salt
21:50 auser so I use it to install both
21:50 auser StDiluted: yes
21:51 bttf auser: okay sounds familiar ... we use puppet scripts to build puppet masters automatedly
21:51 StDiluted auser: so /srv/salt/nginx/nginx.conf and /srv/pillar/nginx/nginx.conf would be conflicting?
21:51 auser no
21:52 auser salt://nginx/nginx.conf inside a state refers to /srv/salt/nginx/nginx.conf (if you use /srv/salt as your salt root)
21:52 StDiluted ok
21:52 auser you never have to reference files inside a pillar
21:52 auser salt will merge those for you
21:52 StDiluted ah. it's smarter than me
21:52 StDiluted got it
21:53 mgw Should I be able to do this from a pillar sls (pydsl)? — return {'foo': salt['mine.get']('*', 'baz')}
21:54 StDiluted so what would be the reason that /etc/ntp.conf would not get modified when i change it in /srv/salt/ntp/ntp.conf, assuming that I've got the init.sls set up properly
21:54 StDiluted I have a top.sls which includes ntp for *
21:54 StDiluted the package is showing as managed
21:55 StDiluted as is the config file
21:57 bluemoon joined #salt
21:57 auser I'm not sure how you have it set up
21:57 auser can you share your state with me?
21:59 StDiluted sure one sec
22:02 fragamus joined #salt
22:02 jacksontj joined #salt
22:03 Alan11 left #salt
22:08 danielbachhuber joined #salt
22:12 kenbolton joined #salt
22:15 yidhra joined #salt
22:19 bmorriso joined #salt
22:20 jeddi I have some users - jedd, dave, glen - and I've got multiple ssh keys for some of us, f.e. i have jedd_jarre, jedd_royksopp - so user+hostname.  I'm trying to come up with an elegant way of adding ssh_keys to an sftp-only machine i'm setting up, where i'm iterating through *usernames* .. but just can't think of a way of handling this.  either duplicating (for jedd_jarre, jedd_royksopp, glen ...)  but that means i would end up with separate accounts with weird
22:20 jeddi names.
22:20 bmorriso Anyone have any insight on this https://groups.google.com/d/topic/salt-users/IRPACXSBaPg/discussion << why file.rename isn't working?
22:21 jeddi this has worked so far quite nicely for normal user account and ssh authorized keys adds .. just file.append each one for a given user.
22:21 bruce-one joined #salt
22:21 jeddi basically i'm trying to generalise this before it gets even messier.
22:21 auser jeddi: I have a state for that myself
22:21 auser sec
22:22 jeddi auser: acocunts handling .. or specifically sftp?  i've been banging my head against the screen trying to work out the most elegant way to sort *that* out too ..
22:22 auser https://github.com/saltstack-formulas/users
22:22 jeddi in a repeatable and non-ugly way i mean.
22:22 auser I handle all my users in a pillar
22:23 jeddi auser: ah.  i really need to move more of my stuff into pillars.
22:24 jeddi auser: do you have a safe extract of your pillar users.sls that i could see?
22:24 auser it's in the readme
22:24 jeddi ah.  soz.  late night blindness. :)
22:24 auser :)
22:24 auser np
22:24 emocakes joined #salt
22:25 jeddi i should probably start moving things into subdirs in states and using init.sls's.
22:25 auser I prefer that
22:26 jeddi auser: this is really quite lovely .. partly beause i can understand large chunks of what you're doing.  including iterating thru the ssh keys.
22:26 auser thanks :)
22:26 auser I work hard on making my states as easily repeatable as possible
22:26 auser particularly because I have many clients who need all similar states
22:26 auser and pillars make it elegant
22:28 kenbolton joined #salt
22:28 jeddi auser: dumb questions are about to arrive ... :)    so if you wanted to do something like sftponly - an extension to opensshserver - would you try to wrangle that in there?    sftponly requires user is added to 'sftponly' group, and a new directory made for them, typically under /home/sftp/{{user}} which is a chroot for them.  the other stuff (setting up the group, editing the sshd_config) i've sorted out already.
22:28 auser just add the user to the stponly group
22:28 jeddi auser: and obviously this happens ona  single host somewhere.  i guess that's a grain that you then attribute to that host.
22:28 auser in the pillar definition
22:29 Rick1 left #salt
22:29 jeddi ah, of course.   and .. i can do a require in there that the sftpgroup exists.
22:29 auser groups: - stpfonly
22:29 auser it'll take care of that
22:30 hazzadous joined #salt
22:30 jeddi auser: truth be told, i have just one pillar - i've been avoiding separating out anything that isn't genuinely *secret* so far.  but suspect it'll make things easier longer term if i revisit much of my earlier state files and start moving the bits specific to our users and whatnot out.
22:30 auser yeah, you don't have to split them now
22:30 jeddi so absent a 'groups' for a user, they just get their user:user group membership.
22:31 auser yep
22:31 auser that's in the state
22:31 jeddi gotcha.
22:31 auser I believe
22:31 jeddi i think just the user.present (which presumably hooks to useradd or adduser on deb / ubuntu) will default to creating a gorup matching the user's name, and putting them in it.
22:33 jeddi oh, so you can force uid via the pillar .. but not force a system group?  not a biggy for me - i'll be creating the group as part of the host's configuration basically.
22:33 jeddi auser: this is fantastic, thanks.  i'm goign to spend some time working through this (by which i mean stealing it).
22:33 kermit joined #salt
22:33 dshea I'm trying to understand the order of execution of my sls file.  It seems to be running a cmd that appears later in the file prior to actually installing the package.  Is there a way to guarantee order of execution?
22:34 jeddi dshea: require:
22:34 auser yes dshea
22:34 jeddi dshea:  (is your friend :)
22:34 auser unlike chef, salt isn't by order of appearance
22:34 abyss42 Suppose if I have 1 master and 1000 minions, do i have to manually install salt on all those 1000 minions?
22:34 auser salt requires you to set up the dependency graph
22:34 auser abyss42: you have to bootstrap them, yes
22:35 dshea aha!  Thanks guys!
22:35 abyss42 auser, how do i bootstrap them? I could not find it in the docs for some reason?
22:35 auser there's a good one
22:35 abyss42 abyss42, is that manually bootstrapping 1000 minions?
22:35 auser https://github.com/saltstack/salt-bootstrap
22:35 auser are they on a rack somewhere? you could pXE boot 'em
22:36 auser I use user_data in ec2
22:37 EugeneKay Physical machines? Kickstart install, with a post-install script to set id: and master: in /etc/salt/minion & start the salt-minion service.
22:37 abyss42 auser, i am guessing something like wget -O - http://bootstrap.saltstack.org | sudo sh on every minion?
22:37 auser yep
22:37 jeddi if you're installing, and they're rackspace or aws, use salt-cloud  .. but if they're existing ... you'll need to bootstrap 'em.
22:37 auser I use fabric to do a lot of that too
22:37 jeddi using whatever method you currently use to talk to those 1000 machines ;)
22:38 abyss42 so I guess, use fabric to bootstrap salt on 1000 minions, and then get rid of fabric?
22:38 auser I don't get rid of it, I just turn off ssh
22:38 jeddi auser: going back to your users/init.sls .. for a given host or nodegroup or whatever, how do you define which users get installed to which hosts?
22:38 auser I don't
22:38 auser all users get installed on every host in my environments
22:38 auser if you *wanted* to do that
22:39 jeddi auser: ahh, right, i was worried you might say that :)
22:39 auser you could nest them inside different pillars per-host
22:39 jeddi openldap is on my list of things to re-install with this new client at some point.
22:39 bhosmer joined #salt
22:39 auser or, if you're like me, you can use roles to differentiate pillar data
22:39 jeddi auser: would that be the recommended way - separating them in the pillar .. or assigning groupings with some arbitrary key/list for each user?
22:40 auser jeddi: see my slides on speakerdeck?
22:40 auser I hope those help
22:40 jeddi is there a way i could wrap the usrs/init.sls in yet-another state file, from which i can call with a list of users to iterate through (just names - which it hten picks up details from the pillar).  that way i can define users or groupings of users per host(group)
22:40 bruce-one joined #salt
22:41 jeddi auser: i have not - but shall go read them now.
22:41 thaddusmt I am still confused about if sharing Pillar information between environments is possible, if anyone can help...
22:42 jeddi auser: the reactive-salstack one?
22:42 auser yeah
22:42 auser that shows how I do roles
22:42 auser with grains and pillars
22:42 auser brb
22:42 jeddi ack.  cool.  much to digest.  thanks again.
22:45 nliadm joined #salt
22:46 bruce-one joined #salt
22:47 nliadm has anyone else noticed that if you do any salt-key commands while a minion is talking to the master, the communication will throw an AuthenticationError ?
22:47 Kamal_ joined #salt
22:47 baniir joined #salt
22:49 rauluranga joined #salt
22:49 utahcon joined #salt
22:51 rauluranga Hi!, is there any example of how to use ruby 1.9.3 with RVM & vagrant?
22:52 bruce-one joined #salt
22:54 akshayms joined #salt
22:57 aranhoide joined #salt
23:02 Katafalkas joined #salt
23:02 kcb joined #salt
23:02 rizumu joined #salt
23:02 inso joined #salt
23:02 rauluranga joined #salt
23:03 auser ciao for now
23:03 auser rauluranga: I have one
23:04 auser email me on github: auser
23:06 twinshadow joined #salt
23:06 kenbolton joined #salt
23:06 mikedawson joined #salt
23:07 Katafalkas joined #salt
23:08 diegows joined #salt
23:10 mgw Corey: aside from the serial issue… how are you managing dns (ip<->minion mapping)? grains? mine? peer system? static pillar data?
23:10 dthom91 joined #salt
23:10 mgw or anybody else here who wishes to share methods
23:15 thaddusmt For my pillar issue I am now setting an 'environment' grain on the minion, instead of using the actual 'environment' setting, then I'm loading the proper pillar data in top.sls using the grain matcher, instead of the 'environments'
23:17 nrub joined #salt
23:19 bruce-one joined #salt
23:24 ShapeShiftr joined #salt
23:26 bruce-one joined #salt
23:29 twinshadow joined #salt
23:32 Gifflen joined #salt
23:33 mgw thadusmt: I do essentially the same thing
23:35 LyndsySimon joined #salt
23:38 jY can you do something like this? http://pastebin.com/5V3HU4BD  so the lb1.dev.example.com gets haproxy/nginx/ssh or will it just get ssh?
23:41 kenbolton joined #salt
23:41 jeddi jY: try it - but my expectation is lb* gets all three.
23:41 jY thanks
23:44 jY jeddi: looks like it does.. thansk
23:50 bruce-one joined #salt
23:50 chrisgilmerproj left #salt
23:50 slick_shoes joined #salt
23:51 slick_shoes hi all, was hoping i could get some help with this  https://groups.google.com/forum/#!topic/salt-users/ULMABzbOudI
23:52 slick_shoes i worked around this with an ssh call, not somethign i want to keep
23:52 slick_shoes there is documentation on reactor/events, but i feel like i'm missing obviousness
23:53 slick_shoes real world examples would be really helpful
23:55 bruce-one joined #salt
23:57 mgw slick_shoes: i was just trying to figure the reactor stuff out too
23:59 slick_shoes yeah, i mean, it seems relatively straight forward

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary