Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-06-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jeddi so mod_watch is subordinate to watch in a sense?
00:00 jeddi or did i misread.
00:01 jeddi UtahDave: from what you just described i feel that there's some benefit for the user to know the methods of the various classes / states ... but that's a big ask i think (well, it's a big ask for me :)
00:02 jschadlick left #salt
00:03 jlund left #salt
00:09 alazylearner joined #salt
00:09 UtahDave sorry, got pulled into a meeting
00:10 UtahDave so there is no actual "watch" function.
00:11 kho joined #salt
00:11 UtahDave The salt compiler checks for the watch function and will execute the mod_watch function of the state, if needed.
00:12 UtahDave bemehow: sorry I haven't explained it well.  :)
00:12 UtahDave I'd recommend looking at the pkg state and execution modules to see how things are put together.
00:12 cxz joined #salt
00:14 LarsN Corey: mind if I fire a /msg your direction?
00:16 abyss42 joined #salt
00:16 mgw joined #salt
00:19 dthom91 joined #salt
00:20 blee__ joined #salt
00:24 Gwayne joined #salt
00:24 Gwayne joined #salt
00:26 raydeo joined #salt
00:27 afx_hero left #salt
00:33 alazylearner joined #salt
00:43 Corey LarsN: Sure.
00:44 jeddi the suspense had been killing me.
00:44 alazylearner joined #salt
00:46 LarsN jeddi: heh
00:47 jslatts joined #salt
00:48 bemehow joined #salt
00:51 mianos joined #salt
01:01 scott_w joined #salt
01:08 LarsN If I want to manage rsyslog for all nodes, but under some circumstances add additional rules to the rsyslog configuration.  What's the best way to handle this?
01:10 liuyq joined #salt
01:12 Nexpro1 joined #salt
01:12 liuyq joined #salt
01:18 LyndsySimon joined #salt
01:18 jeddi LarsN: how many exceptions?   does rsyslog have a .d/ system you can take advantage of?
01:19 kula ~.
01:22 jacksontj joined #salt
01:23 Corey jacksontj: It does.
01:23 elbaschid joined #salt
01:23 Corey Er, jeddi ^
01:23 jacksontj ?
01:23 jacksontj oh, ok ;)
01:23 Corey jacksontj: Sorry, your nick quinntercepted my tab complete. :-)
01:23 jacksontj lol, np ;)
01:25 Furao joined #salt
01:29 jeddi what have i done now?
01:29 alazylearner joined #salt
01:30 nrub joined #salt
01:34 mianos for distributing ssh kets to a new user,  you know, .ssh/id_rsa.priv .ssh/id_rsa what's the recommended way?
01:35 scott_w joined #salt
01:36 mikedawson joined #salt
01:37 kstaken joined #salt
01:39 EugeneKay A user should generate their own private key and send you the public bit
01:39 mianos might be a bit hard for postgres clusters
01:40 mianos I'd have to generate them and get them back and insert the pubs into the known hosts for the other servers in the cluster
01:41 mianos might just stick to file.recurse
01:41 mianos or maybe generate them all on the master with some scripts
01:46 jaequery joined #salt
01:48 emocakes joined #salt
01:49 bluemoon joined #salt
01:49 danielcharles joined #salt
01:49 EugeneKay jeddi - http://docs.saltstack.com/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push
01:52 EugeneKay An initialization script for new minions should be able to accept the key, cmd.run a ssh-keygen and push the resultant .pub back to the master, then "accept" that .pub into gitolite-admin(and create a new repo for the minion to pull files off of)
01:53 mianos hmm, ok, not done any pushing yet
01:53 mianos have to give it a try when I get the replication working
01:54 jpeach joined #salt
01:56 kleinishere joined #salt
01:58 jlund joined #salt
01:58 nrub joined #salt
02:01 Nexpro1 joined #salt
02:04 kleinish_ joined #salt
02:06 jeddi EugeneKay: noted - shall read tomorrow after the red wine has dissolved.
02:25 bluemoon joined #salt
02:33 redbeard2 joined #salt
02:37 LarsN jeddi: I'm such a dummy
02:37 LarsN jeddi: why did I completely ignore the rsyslog.d folder
02:37 * LarsN puts dunce cap on head and stands in the corner.
02:39 LarsN Corey: came up with the same answer
02:39 LarsN which makes me even dumber.
02:40 StDiluted joined #salt
02:41 kstaken joined #salt
02:51 alazylearner joined #salt
02:51 Corey Hahahaha.
02:51 Corey Great Minds and all that...
02:52 Corey But yes, I've done similar things for cron, rather than hacking apart /etc/crontab
02:52 Corey (Perhaps you'd like to tell me about the cron state. Perhaps you are a fool.)
02:56 zonk1024 joined #salt
02:58 mianos this is a fun command: salt -G "subrole:m" cmd.run "su - postgres -c ./sync.sh"
02:59 mianos did all the salt for m/s replication then fired it off, in prod
02:59 LyndsySimon joined #salt
03:00 mianos after a lot of testing on the test cluster and commented out the postgres service management lines, just in case
03:00 mianos might not have been good it all the postgres servers got restarted
03:01 mohitr joined #salt
03:02 Furao mianos: I would be interested to see your psql cluster states
03:02 Furao I only got single node psql state
03:02 Corey mianos: I would be very, very interested to see that integrated into the formulae repo.
03:02 Corey mianos: Are you abstracting all the sensitive bits away with pillar?
03:09 racooper joined #salt
03:09 LyndsySimon joined #salt
03:12 emocakes joined #salt
03:16 Furao isp:
03:16 Furao bill:
03:16 Furao - paid
03:16 Furao - source: bank://{{ pillar['bank_account'] }}
03:18 kstaken joined #salt
03:19 redbeard2 joined #salt
03:22 jaequery joined #salt
03:24 Furao I already plugged bitcoin with salt, just sad that there is no simple api to pay bills
03:26 bemehow_ joined #salt
03:33 mgw joined #salt
03:37 kstaken joined #salt
03:41 alazylearner joined #salt
03:44 jamescarr joined #salt
03:45 jamescarr does salt have the capability to define master / slave relationships?
03:47 rohit011 left #salt
03:49 kstaken joined #salt
03:49 jetblack joined #salt
03:49 Ryan_Lane joined #salt
03:50 cxz jamescarr: as of 0.16.0 it can define master to many slave configs
03:50 cxz and with syndic you can have a 'master of master's'
03:50 cxz so yes
03:50 jamescarr what happens when a former slave is promoted to master?
03:50 jamescarr I'm thinking of services like redis btw
03:51 cxz it's not like tht
03:51 cxz that*
03:51 cxz there is no promotion
03:51 cxz you define which ones are masters
03:51 cxz and that's that as far as i'm aware
03:51 jamescarr ah so it doesn't have what I'm looking for
03:51 cxz you could probably write a state to promote something to master
03:52 jamescarr so far it seems like a 2nd service need to manage that
03:52 jamescarr like zookeeper
03:57 BT7 joined #salt
03:58 BT7 left #salt
03:58 BT7 joined #salt
03:59 kenbolton joined #salt
04:00 Ori0n1 joined #salt
04:01 Ori0n1 left #salt
04:01 Ori0n1 joined #salt
04:09 shiznit1 joined #salt
04:09 mianos joined #salt
04:11 cxz maybe im the wrong person to ask
04:13 Katafalkas joined #salt
04:16 jaequery joined #salt
04:21 mgw jamescarr: are you thinking of automatic promotion in reaction to some event?
04:21 jamescarr mgw: yes
04:21 jamescarr if redis primary goes down, switch to slave, auto promote
04:22 dcolish leader election is a pretty straightforward recipe if you the curator framework
04:23 dcolish *use
04:23 jamescarr documentation? Examples?
04:23 dcolish http://curator.incubator.apache.org/curator-recipes/leader-election.html
04:23 jalbretsen joined #salt
04:24 dcolish althought i wonder if something like redis can be proxied with something like haproxy, that'd be a lot simpler
04:24 dcolish should be possible, its just tcp
04:26 mianos I'm using pgpool for that with postgres
04:26 mianos works OK in test, not done it in prod
04:27 dcolish pgbouncer is also pretty nice
04:28 mianos I want the pooling mainly and the hot standby automation
04:29 mohitr joined #salt
04:32 joshe we're load balancing smtp with haproxy, it works fine
04:39 scott_w joined #salt
04:46 bemehow joined #salt
04:46 carmony joined #salt
04:55 kleinishere joined #salt
04:56 jamescarr joined #salt
04:58 cxz joined #salt
05:01 MTecknology 8hr until I own a house...
05:01 MTecknology I believe now is a good time to set an alarm and go to sleep
05:02 kmwhite joined #salt
05:03 alazylearner joined #salt
05:05 middleman_ joined #salt
05:06 quantumsummers|c hardened gentoo + kvm + libvirt + saltstack = sweet sweet nectar
05:08 jamescarr MTecknology: you won't seep all night
05:08 jamescarr two nights I couldn't sleep: When I bought my house and the first night I slept in it
05:08 agend joined #salt
05:09 shiznit1 joined #salt
05:10 quantumsummers|c MTecknology: don't sweat it, if you are closing on your place tomorrow the only thing you need to worry about is your writing arm. It will tire, as you have to sign so many times your eyes will blur.
05:14 MTecknology jamescarr: I'm shoowing for sleep.. in about 3min. :)
05:15 mohitr joined #salt
05:16 MTecknology quantumsummers|c: I've read most of the paperwork already. I'm not too worried about that. It's the huge amount of debt I'm soon to have. Right now, I'm debt free. I'm trying to enjoy it. I also have a LOT of other stuff going on tomorrow.
05:16 MTecknology I'm excited, nervous, and... ready.
05:16 MTecknology Good night! Don't let the code bugs bite!
05:16 quantumsummers|c cheers!
05:20 koolhead17 joined #salt
05:20 koolhead17 joined #salt
05:22 kstaken joined #salt
05:24 knightsamar joined #salt
05:25 bluemoon joined #salt
05:30 adotbrown joined #salt
05:31 jamescarr joined #salt
05:32 bluemoon joined #salt
05:41 kleinishere hey guys - on the final stretch of my first masterless, vagrant salt provision. everything in my base: '*' is provisioning, but my 'test_project' with additional nginx provisioning isn't being executed. would anyone be able to provide some clues on what i may be overlooking? http://pastebin.com/6U538pEp
05:41 jetblack joined #salt
05:50 alazylearner joined #salt
05:51 StDiluted do you get an error?
05:51 StDiluted looks like you have two things with the same ID /var/www/index.html
05:51 kleinishere ^ yeah, good catch, thanks
05:52 emocakes_ joined #salt
05:52 kleinishere no error, but nothing is being copied over into /etc/nginx/... as instructed by my static-test-project/nginx.sls
05:52 kleinishere everything in nginx/init.sls is working wonderfully
05:53 StDiluted and the name of the host is 'test-project'?
05:53 kleinishere i think that may be my problem
05:54 kleinishere i was just reviewing another example top.sls and Vagrantfile where the vm.hostname was set equal to the base: .. -"static-test-project"
05:55 kleinishere are the breakouts beyond base: looking for the hostname as to when they should be provisioned?
06:04 kleinishere ah, finally found the answer: http://docs.saltstack.com/ref/configuration/minion.html#std:conf_minion-id
06:05 kleinishere Default: hostname ; I hadn't realized that fundamental aspect of top.sls relating to minions
06:10 shiznit1 joined #salt
06:10 azbarcea joined #salt
06:11 jaequery joined #salt
06:13 StDiluted yeah the hostname it totally the main thing that you set
06:13 StDiluted glad you figure it out
06:13 StDiluted ;)
06:13 StDiluted figured*
06:16 adotbrown joined #salt
06:17 kleinishere thanks so much, StDiluted. glad to have picked up such a useful lesson in the error (rather than just a typo)
06:17 StDiluted I'm just starting too
06:17 kleinishere nice, there's plenty to learn and the docs are great
06:18 scott_w joined #salt
06:30 ollins joined #salt
06:33 nrub joined #salt
06:33 madduck /l/l
06:36 vaxholm joined #salt
06:42 liuyq joined #salt
06:42 Mouzz joined #salt
06:43 mianos joined #salt
06:49 adotbrown joined #salt
06:51 bluemoon joined #salt
06:52 f4cl3y joined #salt
06:52 f4cl3y joined #salt
06:53 syphar joined #salt
06:54 abyss42 joined #salt
07:07 p3rror joined #salt
07:08 scott_w joined #salt
07:09 MrTango joined #salt
07:10 ronc joined #salt
07:11 shiznit1 joined #salt
07:13 jaequery joined #salt
07:21 linjan joined #salt
07:23 carlos joined #salt
07:27 LordOfLA joined #salt
07:27 japage joined #salt
07:28 ggoZ joined #salt
07:29 longdays joined #salt
07:29 ggoZ oi
07:29 ggoZ can I use "include" declaration in top.sls ?
07:30 oc joined #salt
07:30 godog joined #salt
07:31 cxz joined #salt
07:31 Chocobo joined #salt
07:31 mianos 'roles:db':
07:31 mianos - match: grain
07:31 mianos - database
07:31 mianos like that?
07:31 mianos if the grain role matches db then run database.sls
07:31 mianos or stock ninja include '{% from 'lib.sls' import test %}'
07:31 Newt[cz] joined #salt
07:33 ggoZ was thinking more of including one top.sls into the other top.sls
07:33 ollins Hello, is there a suggested/best way to install a package from a url (httP://.../x.deb) with salt?
07:35 ggoZ ooo
07:35 cxz joined #salt
07:35 Chocobo joined #salt
07:35 robawt joined #salt
07:36 Furao joined #salt
07:36 akio2 joined #salt
07:37 atoponce joined #salt
07:37 18VABDEK7 joined #salt
07:37 cluther_ joined #salt
07:37 linjan joined #salt
07:37 vaxholm joined #salt
07:37 jamescarr joined #salt
07:37 mohitr joined #salt
07:37 agend joined #salt
07:37 quantumsummers|c joined #salt
07:37 jdenning joined #salt
07:37 oliv_mc joined #salt
07:37 spacedentist joined #salt
07:37 yumike joined #salt
07:37 sijis joined #salt
07:37 gordonm joined #salt
07:37 timl0101 joined #salt
07:37 twinshadow joined #salt
07:37 rsimpkins joined #salt
07:37 kula joined #salt
07:37 jpcw joined #salt
07:37 Kyle joined #salt
07:37 Guest61306 joined #salt
07:37 zz_farra joined #salt
07:37 seb` joined #salt
07:37 dave_den joined #salt
07:37 jafo` joined #salt
07:37 chjohnst_work joined #salt
07:37 sashka_ua joined #salt
07:37 __number5__ joined #salt
07:37 backjlack joined #salt
07:37 puppet_ joined #salt
07:37 dgarstang joined #salt
07:37 windowsrefund joined #salt
07:37 travisfischer joined #salt
07:37 pygmael joined #salt
07:37 JimShoe joined #salt
07:37 dbcooper joined #salt
07:37 chuffpdx joined #salt
07:37 necronian joined #salt
07:37 antsygeek joined #salt
07:37 blast_hardcheese joined #salt
07:37 jY joined #salt
07:37 pmcg joined #salt
07:37 lahwran joined #salt
07:37 copec joined #salt
07:37 omame joined #salt
07:37 crashmag joined #salt
07:37 esrax joined #salt
07:37 noodles775 joined #salt
07:37 Valdo joined #salt
07:37 FreeSpencer joined #salt
07:37 kvbik joined #salt
07:37 probablyfine joined #salt
07:37 UForgotten joined #salt
07:37 insatsu joined #salt
07:37 Heartsbane joined #salt
07:37 Happy86 joined #salt
07:37 cbloss joined #salt
07:37 txmoose joined #salt
07:37 jphall joined #salt
07:37 tempspace joined #salt
07:37 keith4 joined #salt
07:37 Sacro joined #salt
07:37 zloidemon joined #salt
07:37 ahammond joined #salt
07:37 jlaffaye joined #salt
07:37 EntropyWorks joined #salt
07:37 schvin joined #salt
07:37 karlp joined #salt
07:37 nage joined #salt
07:37 jetblack joined #salt
07:38 SEJeff_work joined #salt
07:38 atoponce joined #salt
07:39 liuyq joined #salt
07:39 bluemoon joined #salt
07:40 balboah joined #salt
07:42 mianos using a jijna  for loop and context to generate config files, amazing
07:45 Katafalkas joined #salt
07:46 Ryan_Lane1 joined #salt
07:52 backjlack joined #salt
07:53 timl0101_ joined #salt
07:55 ggoZ oooi
07:55 ggoZ i can have multiple state top.sls files, but i can only have one top.sls for pillar? :<
07:56 blast_hardcheese joined #salt
07:59 ggoZ anybody?
07:59 ggoZ ah-ha The top file used matches the name of the top file used for States, and has the same structure:
07:59 ggoZ lets see...
08:04 kleinishere joined #salt
08:08 felixhummel joined #salt
08:10 Xeago joined #salt
08:11 shiznit joined #salt
08:14 aleszoulek joined #salt
08:18 abyss42 joined #salt
08:19 krak3n` joined #salt
08:22 adotbrown joined #salt
08:30 jeddi joined #salt
08:30 ggoZ :/
08:30 ggoZ seems like state.top function does not pull in the correct pillar top files :<
08:32 adfasdfasdf joined #salt
08:33 ollins found it.
08:34 ggoZ ollins: ?
08:34 ollins installing a package via url.
08:35 ollins Yes, I know. Beginners question ;)
08:36 adfasdfasdf test
08:37 drdran joined #salt
08:38 QueenP joined #salt
08:40 bezaban hmm. puppet vunerability
08:41 bezaban A remote attacker could
08:41 bezaban use a specially-crafted payload to execute arbitrary code on the puppet
08:41 bezaban master.
08:41 bezaban sorry, bad paste
08:43 syphar joined #salt
08:43 dthom91 joined #salt
08:45 hvn joined #salt
08:47 giantlock joined #salt
08:50 jamescarr joined #salt
08:51 jpeach joined #salt
08:52 whiskybar joined #salt
09:03 fredvd joined #salt
09:04 tonthon Hi, I'm writing states wrapping a custom process manager
09:05 tonthon as a basis I'm looking at salt/states/service.py and I'm wondering how the __salt__['service.running'] var is fed
09:05 tonthon could anybody give me a quick tip on how to understand the __salt__ var ?
09:07 carmony joined #salt
09:07 jason^ joined #salt
09:07 g3cko joined #salt
09:12 shiznit joined #salt
09:17 pcarrier joined #salt
09:17 vaxholm joined #salt
09:18 dthom91 joined #salt
09:19 nrub_ joined #salt
09:23 Jason-AVST joined #salt
09:26 APLU joined #salt
09:28 Jason-AVST i'm trying to create a state to manage users.  each team has their own state (users_teamA.sls, users_teamB.sls, etc).  I'm storing these in /srv/salt/users and I have a pillar that does a for-loop.  The problem I'm having is that I'm not sure how to reference these in the top file.  I'd like to have something like:  [top.sls] base: '*_devservers' - users_teamA.sls .   Can anyone point me in the right direction?
09:28 munhitsu joined #salt
09:29 derelm joined #salt
09:42 tonthon Jason-AVST: http://pastealacon.com/32611 is the syntax for your top file
09:42 tonthon (/srv/pillar/top.sls)
09:43 carmony joined #salt
09:47 tonthon Hi, in a custom states, I use __salt__[cmd.run] and I'm missing some env vars (/usr/local/bin is not included in the environment)
09:47 tonthon is there a way to specify the env var ?
09:49 Jason-AVST thanks
09:50 Furao tonthon: http://docs.saltstack.com/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
09:50 Furao c'est env
09:51 Jason-AVST I shoudl have worded it better, but basically I need to reference /srv/salt/users/users_teamX.sls but not sure how to do that in the top file.  do i need to specify (ie.  - users/users_teamX.sls)?
09:51 tonthon Furao: thanks, I had missed this one
09:51 Furao Jason-AVST: keep that in pillars
09:52 tonthon Jason-AVST: you can make for loops in your state files and put all your stuff in /srv/pillar
09:52 Furao Jason-AVST: look in github.com/bclermont/states for plenty of examples of pillar usage
09:52 Jason-AVST awesome, thanks guys
09:55 Furao keep in states only template of config file, don't put any data there. the place for that is in pillars
09:58 vaxholm joined #salt
09:59 tonthon Furao: any idea about the syntax expected for the env var ?
09:59 zonk1024 joined #salt
09:59 tonthon in the docs it's default value is a tuple, but a tuple doesn't seem to work
10:00 tonthon ok, I've got it
10:00 tonthon it's a dict that is expected
10:03 Furao tonthon: they added that env kwarg because of me, but I don't remember
10:03 tonthon Furao: maybe the docs are a bit odd
10:03 Furao - env: HOME=/var/lib/rabbitmq
10:03 tonthon env=()
10:03 tonthon could be set through {'PATH':'/usr/local/bin'}
10:03 tonthon or by its yaml equivalent
10:04 Furao so yes with __salt__ you need to do that
10:04 tonthon env={} may have been clearer
10:04 tonthon I fill an issue there about
10:08 kleinishere joined #salt
10:10 mikedawson joined #salt
10:12 shiznit joined #salt
10:16 KyleG joined #salt
10:17 vaxholm joined #salt
10:17 arthurlutz joined #salt
10:18 mb1111 joined #salt
10:18 mb1111 hi all
10:18 faust joined #salt
10:19 mb1111 my debian 4.0 update debian6.0 python==2.6.6
10:19 mb1111 salt-master start
10:20 mb1111 ZMQError: Invalid argument
10:20 mb1111 File "socket.pyx", line 432, in zmq.core.socket.Socket.bind (zmq/core/socket.c:4022)
10:20 mb1111 File "checkrc.pxd", line 21, in zmq.core.checkrc._check_rc (zmq/core/socket.c:5838)
10:20 mb1111 why?
10:21 mb1111 2013-06-27 18:10:33,725 [salt.loaded.int.module.apt           ][ERROR   ] Unable to import "sourceslist" from "aptsources" module: No module named softwareproperties.ppa
10:22 Furao mb1111: because you're OS is 5 years old and no one use it anymore
10:22 Furao no I'm wrong it's 6
10:23 mb1111 I have updated to 6.0
10:23 mb1111 Debian GNU/Linux 6.0 \n
10:23 Furao softwareproperties.ppa is for ubuntu
10:24 mb1111 http://docs.saltstack.com/topics/installation/debian.html
10:25 mb1111 I updated to debian6.0 or does not support ?
10:29 oliv_mc joined #salt
10:30 mb1111 This update to 6 after salt  not to support it??
10:31 mb1111 Centos5 and centos6 is OK
10:31 Furao but this is just an error
10:32 jeddi mb1111: why aren't you updating to debian 7, can i ask?
10:32 Furao I mean it says that module.apt can't manage source list
10:32 Furao it's probably not fatal for other stuff
10:32 jeddi mb1111: oh, and that softwareproperties.ppa .. i think that's a known bug, from memry - it pops up here as well.
10:34 mb1111 I have only a handful of debian4, the other is to use CentOS to manage their salt
10:35 mb1111 module.apt can't manage source list ?? @furao
10:36 mb1111 How can I repair??
10:37 krak3n` joined #salt
10:39 mb1111 pyzmq 13.1.0
10:41 mb1111 not fatal ???
10:42 mb1111 Salt-minion is OK, but master can not find key
10:43 mb1111 So the salt-minion also has a problem, but no detailed information
10:44 mb1111 Salt-master start is wrong, while only two processes
10:47 oliv_mc joined #salt
10:52 efixit joined #salt
11:05 mb1111 apt-get install python-software-properties
11:05 mb1111 my install softwareproperties.ppa !!
11:06 mb1111 19:03:53,748 [salt.master                     ][WARNING ] Caught signal 15, stopping the Salt Master
11:06 mb1111 File "socket.pyx", line 432, in zmq.core.socket.Socket.bind (zmq/core/socket.c:4022)
11:06 mb1111 File "checkrc.pxd", line 21, in zmq.core.checkrc._check_rc (zmq/core/socket.c:5838)
11:06 mb1111 ZMQError: Invalid argument
11:06 mb1111 Process EventPublisher-3:
11:07 mb1111 So the salt-minion also has a problem, but no detailed information ??
11:09 mb1111 salt-key -L   Accepted Keys: null  Unaccepted Keys: null    Can't see the minion ID
11:10 mb1111 hi ?
11:10 mb1111 why ???
11:10 mb1111 my try update 7?
11:13 shiznit joined #salt
11:13 ranl joined #salt
11:14 Katafalkas joined #salt
11:14 Furao that's a bad way to start
11:16 chjohnst_work joined #salt
11:19 pt|Zool joined #salt
11:20 ranl Hi guys
11:20 ranl can someone point me to an example on how to use the salt.runner.RunnerClient with the overstate runner ?
11:24 aleszoulek joined #salt
11:25 emocakes joined #salt
11:29 jamescarr joined #salt
11:33 ghaering joined #salt
11:34 kleinishere joined #salt
11:34 ghaering Hello. I want to run a command if and only if a file changes. But the command is *always* run. Any suggestions? https://gist.github.com/anonymous/f156e154a72549130422
11:36 Furao the yaml is all wrong
11:36 Furao watch and require must be under cmd.run
11:36 Furao and in fact it's cmd.wait
11:36 Furao check gitbhub.com/bclermont/states for plenty of cmd.wait usage
11:36 novel1 joined #salt
11:37 Furao but in your case you might want https://github.com/bclermont/states/blob/master/states/_states/archive.py#L15
11:37 ghaering thanks, will look
11:37 Furao it's a state that do the download + extraction for you
11:45 giantlock joined #salt
11:47 Katafalkas joined #salt
12:03 jeddi i'm trying to set up a user 'api' to have rights to a mysql database, and the user 'api' should be allowed in only if it comes from one of two machines.   http://rn0.ru/show/whz6LbbQM2tqJblOGDro/    This looks really ugly.
12:06 jeddi i'd love to pick up the grains item for ip address from the two allowable originating machines - but the three ipv4 addreses (private, public, lo) aren't readily identifiable ... is that right?
12:07 jeddi i'm looking at grains.items output.  not even sure if i can loop through with jinja and pick the one that starts with '10.' .. but that approach seems ugly as well.
12:07 jeddi opinions sought. :)
12:09 elbaschid joined #salt
12:10 novel1 joined #salt
12:11 Lucas_- joined #salt
12:11 karlp shouldn't config.get x and pillar.data x work the same? http://pastebay.net/1243740
12:11 juicer2 joined #salt
12:12 karlp I've got a state called pyapps too, but sys.doc for config.get says it pulls from pillars and grains
12:13 shiznit joined #salt
12:16 xinkeT joined #salt
12:18 shiznit joined #salt
12:22 Furao_ joined #salt
12:22 karlp also pillar.raw pyapps and pillar.data pyapps show the same mismatch
12:23 timl0101 joined #salt
12:23 karlp do I need to sync pillar info or something?
12:27 logix812 joined #salt
12:28 EugeneKay `salt \* saltutil.refresh_pillar`
12:28 karlp yeah, just found it, was coming back.
12:28 karlp why isn't that done in saltutil.sync_all?
12:28 * EugeneKay shrugs
12:28 karlp still doesn't explain why they show different things.
12:28 karlp pillar.data shows one thing, pillar.raw shows a different
12:29 MasterNayru_ joined #salt
12:30 EugeneKay .data comes from the master; .raw from the minion
12:32 mikedawson joined #salt
12:32 Furao joined #salt
12:32 aleszoulek ugh
12:35 mikedawson_ joined #salt
12:37 Furao jeddi: I wrote a module that pick the proper IP address
12:37 Furao in fact it get the private and IP address, if applicable. if not both are the same
12:37 Furao so by default it's eth0, but in pillar you can specify an alternative one
12:37 Furao in amazon ec2 it use EC2 API to get the public and private ip
12:38 karlp EugeneKay: and config.get, which says is comes from the "pillar" comes from the minion.
12:38 karlp why would I even want the minion to cache pillar stuff like that?
12:42 Grokzen joined #salt
12:46 EugeneKay Performance.
12:47 karlp speed ok, but can't it hash or something to knwo that the pillar info it has is out of date?
12:48 Furao karlp: do you have ext pillars?
12:48 karlp nope
12:48 karlp I'd be ok if sync_all synced pillars too,
12:48 jeddi Furao: ah, okay .. how did you determine which ip address to use from the grains.items ?  oh, by module, do you mean some python?
12:48 karlp automatically detecting that sync was needed would be nice, but sure, I don't _need_ that.
12:48 Furao for that, I have a git repo on the salt master, when someone push into it, there is a git push hook that update the pillar directory, then trigger a saltutil.refresh_pillar
12:49 Furao jeddi: yes, in _modules/
12:49 valberg joined #salt
12:50 jeddi Furao: unchartered territory for jedd .. :)
12:50 jeddi i'll hard code 'em into pillars for the time i think.
12:50 Furao python replaced perl/bash as the sysadmin programming language
12:51 Furao I just checked my code and it first check if it's pillars, then if it's in ec2, and finally try to figure using interfaces IPs
12:52 EugeneKay Furao, got a link?
12:52 mackstick joined #salt
12:53 Furao EugeneKay: of?
12:53 Furao oh the code
12:53 EugeneKay Yeah, that.
12:53 Furao this part is used for my logic to perform monitoring auto detection, it's not closed source but not open source :)
12:53 jeddi rightio.
12:54 Furao as I have this big set of states that I packaged as a product and I sell
12:54 Furao well, states + processs + doc
12:54 EugeneKay Hinged source?
12:55 Furao + testing + custom states + etc
12:55 spoktor joined #salt
12:56 Furao hinged never seen that one before :)
12:56 shiznit joined #salt
12:56 EugeneKay It can be open or closed :-p
12:57 EugeneKay I dual-license almost everything under the WTFPL and GPLv2+
12:57 oz_akan_ joined #salt
12:58 Furao https://github.com/bclermont/python-canada-post-dev-prog/issues/4
12:59 Furao I released something as WTFPL
13:00 oz_akan_ joined #salt
13:02 * EugeneKay claps
13:07 Gifflen joined #salt
13:09 __gotcha joined #salt
13:10 Gifflen_ joined #salt
13:14 fivethreeo joined #salt
13:17 DerekRBN joined #salt
13:18 DerekRBN Good morning
13:18 mgw joined #salt
13:19 DerekRBN has anyone ever used the ssh_auth state?
13:19 adotbrown joined #salt
13:31 racooper joined #salt
13:35 timl0101 joined #salt
13:36 mgw DerekRBN: yes
13:37 redbeard2 joined #salt
13:38 redbeard2 left #salt
13:38 Kholloway joined #salt
13:42 danielcharles joined #salt
13:47 fredvd joined #salt
13:49 DerekRBN I had a question but i figured it out. Thanks. Tho I have been wondering about something else. Sometimes when I run state.highstate i get no output but i can tell it still runs. This poses a problem because i want to make sure no states failed
13:49 DerekRBN but say i run it a few times in a row i get output.... might be a routing thing
13:55 krak3n` joined #salt
14:01 jessep joined #salt
14:06 jeddi mysql ssl connections .. is that going to be something with the 'grant options' stuff?  it doesn't seem to be natively supported.
14:06 kenbolton joined #salt
14:09 bostonian joined #salt
14:12 bostonian Hi all. I'm having a strange problem provisioning my Vagrant machines with salt -- it seems that salt will complete all rules during initial startup, but when I run it again it again, salt will only check a certain subset of rules
14:14 aberant joined #salt
14:17 dave_den joined #salt
14:17 oz_akan_ joined #salt
14:19 jdaggett joined #salt
14:19 kaptk2 joined #salt
14:20 tpe11etier joined #salt
14:22 sash__ joined #salt
14:23 opapo joined #salt
14:26 danielcharles joined #salt
14:27 kho joined #salt
14:27 jaequery joined #salt
14:34 toastedpenguin can pillar be used to define a set of sources based on the grain that is evaluated?
14:35 kula i believe so.
14:36 kula actually, that's a definite yes. i do that all over the place.
14:36 JasonSwindle joined #salt
14:36 StDiluted joined #salt
14:37 kula well, i guess it depends on what you mean by "define a set of sources". but you can certainly use grains in the jinja file defining pillars.
14:38 mgw joined #salt
14:38 toastedpenguin so I am evaluating the host grain for an attribute that defines the data center a minion is in, based on that I want to provide data center specific conf files
14:39 nkuttler toastedpenguin: just check __grains__ in your conf templates?
14:39 toastedpenguin using an example from the docs on setting up pillar to evaluate the os_family and using that to determine if redhat or debian etc. I was trying to do the same for this
14:39 nkuttler wait, plain grains in the template
14:40 toastedpenguin nkuttler:I was trying that but kept getting errors so i thought maybe I needed to use pillar instead
14:40 nkuttler errors?
14:41 toastedpenguin when I ran state.sls for the sls I was working with on a test minion
14:42 nkuttler i'd just do {% if grains['foo'] %} bar {% endif %}
14:44 Kholloway joined #salt
14:44 toastedpenguin this is what my sls looks like http://fpaste.org/21379/23442541/
14:45 toastedpenguin just ran it again to see the specific errors and its erroring on file.managed:
14:46 nkuttler i don't think == does wildcards..
14:47 andrewclegg joined #salt
14:47 nkuttler but what's the error anyway, and your resolv.conf?
14:49 toastedpenguin resolv.conf just contains the DNS server order for the specific data center
14:49 oz_akan_ joined #salt
14:50 toastedpenguin error is: mapping values are not allowed here  in "<unicode string>", line 2, column 17:  file.managed:
14:53 rglauser joined #salt
14:56 whiskybar joined #salt
14:57 syphar joined #salt
14:57 karlp toastedpenguin: I'd use grain roles for them,
14:57 karlp salt '*-cn*' grains.setval roles "['cn']"
14:57 karlp then you get a fixed grain to match on in your states
14:58 kula don't you need a colon at the end of line 1 "/etc/resolv.conf:" instead of "/etc/resolv.conf"?
14:58 diegows joined #salt
14:58 Martyn joined #salt
14:59 kenbolton joined #salt
15:00 aberant joined #salt
15:00 Guest2070 Hey guys, anyone free to help with a quick issue?
15:00 JasonSwindle Guest2070: What is the issue?
15:01 Guest2070 I have two group .present calls in an sls file for admin and users. Although the Admin call never runs the first time and thus user's are not created.
15:01 Guest2070 If I run it a second time this works.
15:01 JasonSwindle What is the SLS and what does the minion log say?
15:02 Guest2070 One second
15:02 JasonSwindle Sure
15:02 anteaya joined #salt
15:04 Guest2070 Nothing about groups in the minion log file. It just says no changes made for the users. They were not even created
15:04 Guest2070 The sls is:
15:04 Guest2070 admin:     group.present:         - name: admin         - gid: 909 users:     group.present:         - name: users         - gid: 1010
15:04 jamescarr joined #salt
15:05 JasonSwindle can you put that into https://dpaste.de/ ?
15:05 Guest2070 Yeah sure one second
15:07 Guest2070 https://dpaste.de/7YjuV/
15:07 JasonSwindle left #salt
15:07 Guest2070 That is a snippet of the sls file. It also has some extends at the end.
15:09 rohit01 joined #salt
15:09 rohit01 left #salt
15:09 cron0 joined #salt
15:11 jeddi Guest2070: why is group.present within the loop?
15:12 toastedpenguin karlp: grain roles, within the sls?
15:12 longdays joined #salt
15:12 Guest2070 That was just a tester. It was tried without and still we got the same results.
15:12 jeddi Guest2070: ack.
15:12 Guest2070 ack?
15:12 bhosmer joined #salt
15:12 jeddi acknowledged.
15:13 Guest2070 Oh ok
15:13 jeddi so the first run thru the admin group isn't created, but the second time it is?  as in state.highstate ?
15:13 abe_music joined #salt
15:13 Guest2070 The first run through the users are not created. Yes that is with a high state.
15:14 Guest2070 But if I state.highstate a second time the users are created. The group is created on the first run. But it is after the users has been processed and then it fails.
15:14 Guest2070 So it does not create the users.
15:15 defunctzombie joined #salt
15:16 Handrix joined #salt
15:21 Handrix left #salt
15:21 twinshadow joined #salt
15:21 p3rror joined #salt
15:23 UtahDave joined #salt
15:24 jeddi Guest2070: does the user group already exist?   on debian it does, and is set to gid 100.  not sure that'd stall it on the first iteration.  i suspect it's a requires / ordering thing.
15:24 N-Mi joined #salt
15:24 N-Mi joined #salt
15:24 kleinishere joined #salt
15:25 Guest2070 We are using ubuntu 12.04. The admin group does NOT exist and the user group existsed we are just changing the id
15:25 Ori0n1 joined #salt
15:26 jeddi Guest2070: okay.
15:27 nrub joined #salt
15:27 kenbolton joined #salt
15:27 chrisgilmerproj joined #salt
15:28 schemanic joined #salt
15:28 schemanic Hello
15:28 jeddi Guest2070: well, reducing it down a bit .. this works for me - i've changed the users group to fnark so it didn't clobber my test machine.  http://rn0.ru/show/w9Fqlgwdqz1CUEQOAVJR/
15:28 jeddi i'm guessing you've already gone through this .. and worked back , adding bits until it breaks?
15:29 jeddi i took the ssh keys and group.present out  from the loop.
15:30 schemanic Would anyone be willing to answer a few questions about salt and what it's purpose is?
15:30 syphar joined #salt
15:30 Guest2070 Ok we will give that a try and have a play around.
15:31 Guest2070 Thanks for your time and help :)
15:31 jeddi Guest2070:  yeah, sorry i don't hvae a better scratch machine handy to test it .. but slowly growing it back to where you were should be relativelys traighforward, if a little tedious.
15:32 Guest2070 Yeah we will keep at it, just seeing if anyone had a similar problem or quick fix.
15:32 p3rror joined #salt
15:32 jeddi there are no quick fixes.  :)
15:33 Guest2070 Relatively new to salt so just learning. They is good documentation for it which helps.
15:33 schemanic Am I correct in understanding that saltstack is comparable to something like puppet insofar as being able to provision servers?
15:33 Guest2070 No they never are, thought I would test my luck :P
15:33 jdaggett joined #salt
15:34 xt schemanic: yes
15:34 Guest2070 Thanks again, bye for now
15:34 jeddi schemanic: yes, mostly.
15:35 schemanic xt: Thank you. Saltstack is a python application yes? Does one configure it and use it through python code or does one need to know other languages to effectively use it?
15:35 jschadlick joined #salt
15:35 xt schemanic, you don't really need to know python, but it helps. The default template language is jinja which is python-based, but there are others available
15:36 schemanic when we say a template language, are we speaking about an html templating language like the one used in django or something else?
15:36 schemanic I know python best, though I'm new to development as a whole
15:36 kenbolton xt: newb here. i have been led to understand the configuration code is yaml.
15:36 schemanic I'm trying to set up a development pipeline via vagrant
15:37 xt kenbolton: depends what you mean by configuration code..
15:37 xt yaml+jinja is one way to templatize configuration
15:37 xt there are many other options
15:37 kenbolton ok, good info.
15:37 xt json+mako
15:37 xt whateverdata + whatevertemplatelanguage
15:37 xt prettymuch
15:37 schemanic mmm
15:37 kenbolton sry to hijack the question.
15:37 schemanic that is all good information
15:38 xt schemanic: jinja looks/feels like django template, but is a bit more powerful/faster
15:38 KennethWilke joined #salt
15:38 schemanic I'm asking because I'd like to have things be in the "python-sphere" so to speak. Its completely subjective but I'm trying to keep as much of my pipeline in one language or sphere of languages
15:39 JasonSwindle joined #salt
15:39 basti joined #salt
15:39 xt one of the options are to use raw python as template language
15:39 xt and mako is a very pythonic templating language
15:39 schemanic That's wonderful
15:39 xt so you should be in the clear
15:39 godog joined #salt
15:40 schemanic I understand vagrant is in ruby, but it's kindof the only thing that does what it does
15:40 schemanic so using saltstack with it seems to make sense
15:40 basti Hi, since today I have a strange bug using salt
15:40 basti The package install script always return an error
15:42 karlp Guest61306: I had do add quite a few "requires" statements to make user and group creating and perms all get done int he right orders
15:42 basti NameError: global name 'rtag' is not defined
15:43 basti the total stacktrace is
15:43 jeddi karlp: i think that guest has gone.
15:43 basti File "/usr/lib/pymodules/python2.7/salt/state.py", line 1238, in call
15:43 basti *cdata['args'], **cdata['kwargs'])
15:43 basti File "/usr/lib/pymodules/python2.7/salt/states/pkg.py", line 376, in installed
15:43 basti if salt.utils.is_true(refresh) or os.path.isfile(rtag):
15:43 jeddi basti: pastebin!
15:43 basti NameError: global name 'rtag' is not defined
15:43 basti sorry. Just 3 lines of code
15:44 karlp jeddi: I tab completed his name, so Guest61306 is still here, but perhaps idle :)
15:44 basti any hints for me
15:44 karlp that was 6 lines in my terminal, not 3.
15:44 jeddi karlp: ah, thought you were responding to Guest2070
15:44 basti http://pastebin.com/yD8qNWfP
15:45 bostonian Is anyone else having a problem installing multiple packages with 'pkg'? It raises a NameError for me ("global name 'rtag' is not defined")
15:46 jeddi basti: pastebin means you can paste the sls fragment as well as the error, force syntax highlighting, and it doesn't scroll off my irc client's window.
15:46 jeddi bostonian: pkg or pkgs?
15:46 karlp basti/bostonion the same people?
15:46 karlp or just the same error at the same time?
15:46 jeddi some sls fragments would be handy.
15:47 bostonian karlp: nope :) wow, that's really coincidental! maybe it has to do with the latest version of Salt on git? (I use the salt bootstrap script)
15:47 jeddi frinstance - this pkgs works http://rn0.ru/show/DeijzCzOKtLn2mCL5H1b/
15:47 basti no we are not the same people, but have the same problem i guess.
15:48 bostonian jeddi: here's one part of my code: http://pastebin.com/BMuHK51v
15:48 jeddi basti: are you using git or pakcaged version of salt?
15:48 bostonian this also doesn't work: http://pastebin.com/4LwhD3M2
15:49 nkuttler joined #salt
15:49 nkuttler joined #salt
15:49 jeddi bostonian: did you / can you check on 0.15.3 (packaged release) ?
15:49 bostonian Hmm, looking at the salt stack github repo, it looks like it was updated just a few minutes ago
15:49 ioni joined #salt
15:49 bostonian jeddi: sure, I'll do that now
15:50 syphar joined #salt
15:50 jeddi bostonian: might save a lot of time .. if it turns out to be a .90 / rc problem.
15:50 basti i am using the git bootstrap script
15:51 jpaetzel joined #salt
15:51 jeddi basti:  salt --version .. ?
15:51 craig joined #salt
15:52 jhujhiti joined #salt
15:52 mirko joined #salt
15:52 basti salt-call 0.15.90
15:53 basti salt-minion --version
15:53 basti salt-minion 0.15.90
15:53 Kholloway joined #salt
15:53 timl0101_ joined #salt
15:53 UtahDave schemanic: Also, there's a Salt python library.     import salt
15:54 timl0101_ joined #salt
15:55 jeddi i think 15.90 came out about 30+ hours ago, so it doesn't seem likely that pkg/pkgs is failing without someone noticing :)
15:55 kevinbrolly joined #salt
15:55 MK_FG joined #salt
15:56 mgw joined #salt
15:56 jayd3e joined #salt
15:56 schemanic UtahDave: What kind of stuff can you do with the library?
15:57 basti Okay, what can i do to debug it?
15:57 robawt joined #salt
15:57 UtahDave schemanic: SALT ALL THE THINGS!!!!!!     :)
15:57 xt salted pork..
15:57 xt delicious
15:57 EugeneKay Salted slugs. Hilarious.
15:57 UtahDave schemanic: you have the full power of Salt through the python and REST interfaces.
15:59 bostonian jeddi: yep! it's definitely a problem with the latest git rc. Installed salt from the package repo and it works without error
15:59 jeddi basti: revert to 15.3 to confirm, if that's easy for you?
15:59 basti okay, i will try to do this.
15:59 alazylearner joined #salt
15:59 KyleG joined #salt
15:59 jeddi bostonian, basti: this sounds like a task for someone from saltstack to deal with  .. UtahDave - lucky you're here!
16:00 timl0101_ joined #salt
16:00 jeddi basti: actually you could just go back a few commits .. git bisect may be your friend here.
16:00 UtahDave bostonian: could you open an issue on Github for that?  We'd like to iron out these issues during this Release Candidate phase
16:01 bostonian @UtahDave: one step ahead of you: https://github.com/saltstack/salt/issues/5780
16:01 bostonian @UtahDave: :)
16:02 kenbolton joined #salt
16:02 UtahDave sweet, thanks, bostonian!
16:04 timl0101 joined #salt
16:04 henk joined #salt
16:05 bostonian np
16:05 mgw does something special have to be done to get returners to work?
16:06 jdaggett left #salt
16:06 mgw --return local does nothing, nor does --return foo (which I would expect to generate an error)
16:06 charles_ joined #salt
16:07 kenbolton_ joined #salt
16:07 jaequery joined #salt
16:08 dave_den joined #salt
16:09 UtahDave mgw: the minion needs to have any user credentials that might be necessary to actually use the target of the returner,
16:09 UtahDave but other than that --return should just work
16:10 jacksontj joined #salt
16:11 dthom91 joined #salt
16:11 mgw UtahDave: I figured it out. I was expecting it to replace the console output
16:11 mgw but it's in addition to, and executed on the minion
16:11 UtahDave yes, returners are in addition to console output on the master
16:12 mgw Is there some way to keep salt cli from printing everything, and just show changes/failures?
16:12 mgw (which was what I was hoping to do with a custom returner)
16:12 son_ joined #salt
16:12 __gotcha joined #salt
16:12 __gotcha joined #salt
16:13 KyleG joined #salt
16:13 abyss42 joined #salt
16:13 cnelsonsic left #salt
16:14 EugeneKay mgw - yes, state_verbose and state_output in your master config file
16:14 UtahDave mgw: yeah, in the master config there are 2 options you should look at.  One option limits to only showing errors, and the other shows an abbreviated console output
16:14 UtahDave bam, EugeneKay's got it.
16:14 son_ Howdy gents.  Got in this morning and noticed all my minions were not communicating with the master this morning.  Restart the minion has it reconnect.  Not seeing anything in the logs.  saltversion: 0.15.3
16:15 mgw EugeneKay, UtahDave: thanks
16:15 EugeneKay I pride myself on quickly learning new systems
16:15 UtahDave :)
16:15 UtahDave son_: how many minions, and on which OS?
16:16 son_ 10 minions,  AWS linux image
16:16 defunctzombie what is the best way to change an alternative? (i.e. update-alternatives --config editor) ?
16:16 defunctzombie should I just bump the priority on the one I want using the alternative state?
16:16 defunctzombie or is there a way to just select one
16:18 basti How can I install an older version of salt
16:18 timl0101_ joined #salt
16:19 bostonian basti: use the stable version from the bootstrap script (https://github.com/saltstack/salt-bootstrap#one-line-bootstrap) or install from the apt repo
16:19 jdenning joined #salt
16:22 UtahDave son_: can you pastebin the output of  salt-master --versions-report
16:22 UtahDave son_: and also  salt 'a-minion' test.versions_report
16:23 jamescarr joined #salt
16:24 son_ Doing it now
16:25 son_ Is that last command correct?
16:25 son_ err is the target correct, 'a-minion'?
16:25 jessep joined #salt
16:26 UtahDave son_: well, replace 'a-minion' with a valid minion name on your system
16:26 son_ doh
16:26 UtahDave sorry, I should have made that more obvious.  :)
16:27 son_ http://pastebin.com/t6mrs9Gg
16:27 nrub joined #salt
16:28 whit joined #salt
16:28 whit joined #salt
16:28 UtahDave son_: Hm. that looks fine.
16:29 son_ yah....  I wander if ELB, zone, or master had issues last night and they all just timed out.
16:29 dthom91 joined #salt
16:29 jacksontj joined #salt
16:29 UtahDave son_: could you run some of the minions overnight in debug mode and see what happens? Hopefully we'll get some better info
16:29 carmony joined #salt
16:30 son_ After a period of time they just disconnect correct?  Is there a way to force them to keep trying indefinately?
16:30 marcinkuzminski joined #salt
16:30 faust joined #salt
16:30 marcinkuzminski joined #salt
16:31 syphar joined #salt
16:31 marcinkuzminski joined #salt
16:31 timl0101 joined #salt
16:31 marcinkuzminski joined #salt
16:31 UtahDave son_: I 'm pretty sure the minion is supposed to attempt to reconnect indefinitely. I'm a little puzzled as to what's going on.
16:32 son_ k.  I can put a couple minion in debug mode. I don't have to many hosts so not a huge issue for the moment.
16:35 UtahDave cool. Thanks, son_.  That would be very helpful.
16:40 UtahDave son_: if it happens again, can you try just restarting the master to see if the minions reconnect automatically?
16:40 krak3n` joined #salt
16:41 son_ just did that as well
16:41 son_ just lost all my minions again
16:42 UtahDave Oh, really?
16:42 UtahDave Do you know how to cause it to happen?
16:42 son_ sorry....  I didn't.  Looks like a ran a test.ping to soon (right after the master restarted).
16:43 krak3n` joined #salt
16:43 son_ They are there now.  But only the minions that I had restarted.
16:43 son_ Out to lunch!
16:43 son_ :)
16:43 son_ Thanks for the help
16:44 zonk1024 joined #salt
16:44 UtahDave you're welcome.
16:44 jacksontj joined #salt
16:45 aleszoulek joined #salt
16:46 JasonSwindle joined #salt
16:49 jschadlick joined #salt
16:53 bemehow joined #salt
16:57 jschadlick Is there a way to change minion configuration files from the master?
16:58 jaequery joined #salt
16:58 kenbolton joined #salt
16:59 faust jschadlick: file state?
16:59 UtahDave jschadlick: you can put minion config options in the master's config and the minion will receive them.  and yes, you could use the file state like faust suggested
17:00 jschadlick Awesome, thanks guys
17:02 carmony joined #salt
17:02 conan_the_destro joined #salt
17:02 djn joined #salt
17:04 _jayd3e joined #salt
17:05 _jayd3e using the yamal state configuration, how would I do a pkg.upgrade?
17:05 _jayd3e still getting used to salt's configuration
17:06 _jayd3e YAML*
17:06 Xeago joined #salt
17:06 _jayd3e first attempt: https://gist.github.com/jayd3e/5878265
17:07 blakearnold_ joined #salt
17:07 faust _jayd3e: maybe you need lastes
17:07 faust t
17:07 faust upgrade is CLI only
17:07 nkuttler _jayd3e: yeah, latest..
17:07 nkuttler pkg.latest should auto-update, but that doesn't sound like a good idea to me
17:09 Xeago_ joined #salt
17:09 _jayd3e nkuttler: yah good point.  I need to cement the versions of all of the software I'm using?  Ideally?
17:09 krak3n` joined #salt
17:10 nkuttler _jayd3e: well i guess it depends on your os. i only have debian boxes, so nothing new gets installed anyway
17:10 nkuttler but i prefer to install upgrades manually, have forever
17:10 nkuttler as in security + bugfix upgrades
17:10 _jayd3e nkuttler: right, good point.  In my previous system, I would just always run apt-get upgrade for system packages, but probably isn't wise
17:11 afx_hero joined #salt
17:11 bostonian another question: how come running `salt-call state.highstate` only runs a certain subset of my salt states? is there something obvious I'm doing wrong?
17:12 kstaken joined #salt
17:12 SpX joined #salt
17:13 bostonian my top.sls file: http://pastebin.com/Y3WfTPcg
17:15 bluemoon joined #salt
17:16 azbarcea joined #salt
17:17 Teknix joined #salt
17:17 drawsmcgraw joined #salt
17:17 _jayd3e how would I go about download a package from a remote source.  For example, let's say I need to download closure_compiler from ttp://closure-compiler.googlecode.com/files/compiler-latest.tar.gz, untar it, and put it somewhere to be run.  How would I do this in a salt sls file?
17:18 Ryan_Lane joined #salt
17:18 jslatts joined #salt
17:19 dthom91 joined #salt
17:22 _jayd3e I guess I could just cmd.run
17:24 _jayd3e errr cmd.call
17:24 nkuttler _jayd3e: i would build a package and host a repo
17:25 _jayd3e gotcha.  So you maintain a local apt index?
17:25 djn joined #salt
17:25 drawsmcgraw _jayd3e: You could make a script and use cmd.script
17:26 dthom91 joined #salt
17:27 _jayd3e drawsmcgraw: hmmm that's an option too.  I used to work for a company that had its own local package index, so considering doing that for the long run, but not sure
17:27 _jayd3e that's kind of an undertaking
17:29 drawsmcgraw My thought exactly
17:31 drawsmcgraw Question -> Any issues to consider when running a minion & master on the same machine? I'm not finding any documentation on it...
17:31 kermit joined #salt
17:33 jamescarr joined #salt
17:37 oz_akan_ hi, is there  a way to force minion refresh SLS files?
17:38 bluemoon joined #salt
17:38 StDiluted how do i stop a service from being restarted if nothing has changed
17:38 syphar joined #salt
17:39 StDiluted I have - running
17:41 alazylearner joined #salt
17:44 _blakearnold joined #salt
17:44 oz_akan_ StDiluted: what do you mean with "from being started"?
17:44 StDiluted nm, i figured it out
17:44 jessep joined #salt
17:44 oz_akan_ ok
17:44 StDiluted i don't want the service to be restarted every time i call state.highstate
17:44 oz_akan_ need to remove running
17:44 oz_akan_ right?
17:45 StDiluted adding reload: True worked
17:45 StDiluted I would rather it reload conf if the watched file changes
17:45 StDiluted than restart
17:45 blakearnold joined #salt
17:45 oz_akan_ I see
17:46 Ori0n1 joined #salt
17:47 dave joined #salt
17:48 Ori0n1 left #salt
17:49 atpay joined #salt
17:51 _jayd3e So all modules are available via the CLI, but not all of them are available via the YAML api.  Whereas all states are available via the YAML api, correct?
17:53 carmony joined #salt
17:56 _jayd3e nvm think I got it, via the archive state
17:58 JasonSwindle1 joined #salt
17:59 blakearnold_ joined #salt
18:02 jeddi drawsmcgraw: this works fine.
18:03 TheRealBill joined #salt
18:03 JasonSwindle joined #salt
18:03 bluemoon joined #salt
18:04 drawsmcgraw jeddi: As-is, huh? Just install the minion on the master & start it up? Should work fine?
18:04 drawsmcgraw (I could just try it out, I guess)
18:05 ggoZ oi, question: if i include: - something, will the something be rendered with jinja?
18:05 baniir joined #salt
18:07 jeddi drawsmcgraw: yup - it's the default arrangement for most people i think- the master will manage itself.
18:08 madduck does anyone here know how salt-master finds out what makes up '*' if there is no top.sls, but a master_tops entry?
18:08 madduck I ask because it seems like master_tops is called with an explicit node ID, which wouldn't allow for '*'…
18:09 SEJeff_work madduck, Matching happens on the minion
18:09 SEJeff_work So the master publishes "everything matching hostname * do test.ping" for instance
18:09 SEJeff_work every minion says, "Does my minion id match the glob *?"
18:09 SEJeff_work and then executes or not
18:10 SEJeff_work The top file is only for the highstate stuff
18:11 dthom91 joined #salt
18:13 madduck interesting… that makes sense, of course. But it also means that it can only ever include minions that are in touch. I.e. if a minion is offline, then using master_tops, I would not actually find out…
18:13 madduck it wouldn't try to contact it.
18:13 dthom91 joined #salt
18:14 koolhead17 joined #salt
18:14 koolhead17 joined #salt
18:14 madduck I am trying to figure out how I could let master_tops also provide nodegroups
18:14 madduck SEJeff_work: so master_tops is designed to be called for each minion? The interface really needs some polishing, unfortunately…
18:15 SEJeff_work madduck, No clue. I've not actually looked at it
18:15 SEJeff_work madduck, Oh master_tops is like puppet
18:15 SEJeff_work 's external node classifier
18:15 SEJeff_work So sort of
18:16 mgw madduck: I've done some work with master_tops
18:16 madduck mgw: and ext_pillar too?
18:16 mgw yes
18:16 mgw I'm actually working on a customer ext_pillar at the moment
18:16 madduck did you find the interface to be starkly different too? ;)
18:16 madduck I find it a bit weird that you have to get the node ID from __opts__ for ext_pillar, rather than it being an argument.
18:17 madduck anyway, master_tops gets a different opts hash here and it does *not* contain a key 'id'. Have you experienced this?
18:17 mgw yeah, there are some odities like that
18:17 zonk1024 joined #salt
18:17 son_ joined #salt
18:17 madduck I wonder if now would be a better time than "then" to fix that… it wouldn't be backwards compatible, but…
18:17 mgw madduck: you'll find the id in kwargs
18:18 mgw def top(**kwargs):
18:18 * madduck checks
18:18 mgw minion_id = kwargs['opts']['id']
18:18 madduck yeah, not here…
18:18 madduck oh wait
18:18 mgw really?
18:18 StDiluted how do i watch a directory for reloading a service?
18:18 drawsmcgraw jeddi: Good to know. Thanks!
18:18 StDiluted instead of a file
18:18 madduck yeah, it contains the 'id', but it does not contain the 'master_tops' key
18:18 StDiluted watch: file.recurse: - /path to/dir ?
18:18 madduck and it's a bit silly to have to parse the configuration file rather than getting passed the parameters like ext_pillar
18:18 mgw madduck: what do you mean by master_tops key/
18:19 JordanRinke Morning
18:19 mgw you still have __opts__, just not the same __opts__
18:19 madduck mgw: https://github.com/madduck/reclass/blob/salt-adapter/reclass/adapters/salt.py#L52
18:20 mgw madduck: https://github.com/saltstack/salt/blob/develop/salt/tops/cobbler.py
18:20 madduck mgw: right, but opts (not __opts__) does not contain 'master_tops', and so I have no way to get at my configuration.
18:20 madduck Thus I have to do this hack: https://github.com/madduck/salt/blob/reclass_plugins/salt/tops/reclass_adapter.py#L30
18:21 madduck mgw: yeah, that's inconsistent as hell, cobbler gets the ID from 'opts', but the config from '__opts__'
18:21 madduck I mean, that's surely a shortfall in design and should be fixed ASAP, no?
18:22 _jayd3e is there any way to include a salt state in a way other than including it into the main salt package?
18:22 mgw madduck: yeah, they should be merged in some way
18:22 madduck I wish UtahDave was here now…
18:23 madduck I could just work on this and submit a pull request, but before I do this work, I feel like Salt Inc. should sign off on the general idea at least. ;)
18:23 mgw madduck: I see your issue, reading the comments
18:23 madduck so the changes I would suggest are: (1) pass the node ID to ext_pillar explicitly; it can get __opts__ and __salt__ and all too, but the ID is needed in all cases, so…
18:24 mgw madduck: I'd just open a feature request / bug and offer to make the changes if Tom signs off on it.
18:24 madduck (2) make the interface to master_tops be identical to ext_pillar, i.e. node ID, arguments in config, and of course there are __opts__ and __salt__ etc.
18:24 madduck good idea
18:24 mgw but be sure the suggestions don't break current functionality :-)
18:25 madduck i have an issue about this?
18:25 madduck the suggestions *will* break current functionality, at least for people who don't just use **kwargs
18:25 madduck such is the crux of API changes
18:25 madduck what issue where you looking at?
18:26 luminous joined #salt
18:26 mgw needing access to master config options outside of the tops() function
18:26 mgw s/tops/top
18:27 madduck #5785 for a start
18:27 madduck but what issue are you talking about? I don't remember anything and I don't see it in my list.
18:29 madduck #5786
18:29 * madduck is on a roll
18:30 bluemoon joined #salt
18:31 mgw madduck: It's in the comments for the tops module you posted
18:32 mgw It would be desirable to specify the location of reclass in the master config
18:32 mgw file. Unfortunately, __opts__ is only made available to the top function, not...
18:32 milind_ joined #salt
18:32 madduck #5787 weeeeeh
18:34 madduck mgw: are you referencing the email I sent to Dave privately, or could you give me a URL, please? I feel stupid, but I really don't know what you are talking about…
18:34 mgw madduck: nope, referencing the link you posted above
18:34 mgw one sec
18:35 bemehow joined #salt
18:35 mgw (I don't have access to Dave's email, I'm not the NSA)
18:35 mgw madduck: https://github.com/madduck/salt/blob/reclass_plugins/salt/tops/reclass_adapter.py#L10-L11
18:35 p3rror joined #salt
18:36 madduck haha NSA
18:36 madduck oh, *my* comments.
18:36 madduck I thought you were talking about someone else having commented on an issue or whatever it was, and I *really* could not remember filing an issue (yet). ;)
18:36 mgw madduck: lol
18:37 madduck yeah, about this reclass path thing, it would be nice, but I see no way. The way __opts__ is handled, is just, uh, weird.
18:37 madduck I wish Salt made use a lot more of Python modules and inheritance, and used the Python module loader instead of writing its own with Black Voodoo Magic Traits.
18:38 madduck to me, globals are either global, or not, and functions have access to globals or parameters. And if __opts__ isn't a parameter, it must be global and should thus be accessible at the module level. ;)
18:38 madduck That said, I think there should be no globals. Period.
18:40 madduck mgw: fyi: https://groups.google.com/forum/#!topic/salt-users/yVCogWCc8HQ
18:41 madduck mgw: would you be willing to work on this with me? No worries, I do the coding, but would you look over it and sanity check things?
18:44 bhosmer joined #salt
18:47 madduck Author: root <root@saltstack-git.(none)>  \o/
18:48 jeddi madduck: 5778 won't take long will it? ;)
18:50 madduck 5787 you mean, jeddi?
18:50 madduck If you help, it'll get done faster; I need it.
18:50 jdenning_ joined #salt
18:51 kenbolton joined #salt
18:54 jeddi madduck: 5778 - my request!  :)
18:54 jeddi madduck: i was thinking it might be an interesting thing to try jumping into .. not *too* nasty as a first attempt at writing some python.
18:58 madduck jeddi: sorry, I can't tell you. Go for it. But there is no yardstick that could be long enough for me to touch MySQL with.
18:59 mgw madduck: sure, to the extent I"m able
18:59 milind_ joined #salt
18:59 whit joined #salt
18:59 madduck mgw: nice. then i will ping you here when the pull requests come in. ;)
19:00 carlos joined #salt
19:00 madduck mgw: in the mean time, maybe you could try to tell me what you are missing? I mean, if we are changing interfaces, we might just as well…
19:00 madduck mgw: or if you have any other ideas…
19:00 mgw it's working for me, for now
19:00 madduck same here, but it's a gross hack.
19:01 * madduck does not like hacks, they end up turning into cow shit that flies into your face at 300mph
19:01 mgw agreed
19:03 jlund joined #salt
19:04 kmwhite joined #salt
19:04 bemehow joined #salt
19:06 pentabular joined #salt
19:07 tpe11etier joined #salt
19:12 HaxCore joined #salt
19:15 LyndsySimon joined #salt
19:19 dthom91 joined #salt
19:20 UtahDave joined #salt
19:21 milind_ joined #salt
19:22 * madduck waves at UtahDave
19:23 UtahDave hey, madduck!
19:23 flupke joined #salt
19:23 madduck UtahDave: I grew impatient and opened #578{5,6,7}
19:23 madduck I am sorry ;)
19:23 UtahDave I've read your email and am going to reread it soon.
19:24 UtahDave Ah, OK.   :)
19:24 UtahDave Nah, no problem.
19:24 madduck I did not expect you to react quickly, but I was structuring my thoughts and wanted to move on…
19:24 madduck I am currently somewhat intrigued by what happens when you do `salt '*' …`
19:25 UtahDave ok.  As far as what the code path is?
19:26 madduck even if you hardcoded the top.sls file, that command would still only get published to the nodes that are currently connected, and the master would report errors in case a minion is hung, but the master would not log if it couldn't publish to or receive data from a minion it knows exists but which doesn't have a TCP connection open…
19:27 anteaya joined #salt
19:27 UtahDave madduck: if you add the -v flag the command will display the names of the minions that did not return, but which the Salt Master expected to return
19:27 madduck UtahDave: but how does that master know about minions that did not return and did not have a TCP connection open?
19:27 madduck there is no inventory per se, is there?
19:28 flupke heya, I can't get my supervisord processes to restart on watched files change, do you see any problem in my state? https://gist.github.com/flupke/93b06fb75ff01efeb509
19:28 madduck flupke: do you get an error or unexpected behaviour?
19:29 UtahDave madduck: The master now caches the grains about the minions. So the master can now often predict who should return.
19:29 flupke madduck: no errors, the process just isn't reloaded
19:29 madduck UtahDave: right, I noticed that, but if I restart the master, then that's lost.
19:30 UtahDave eh, no. I'm pretty sure it keeps the grains cache
19:30 madduck UtahDave: don't get me wrong, I am not criticising, but I've been using Puppet and Ansible and cfengine too long to be able to just accept that there is no inventory. ;)
19:30 abe_music trying to figure out how to test if a device is available before mounting it in a state….file_exists and directory_exists in the file module returns false even if the device is in /dev
19:30 madduck oh, that's interesting, UtahDave. I will have to investigate.
19:30 madduck but grains do not include nodegroups or pillar matches…
19:31 flupke madduck: I added the relevant output of state.highstate below the gist in comments
19:31 UtahDave madduck: that's true. There are situations where the master still doesn't know who should return
19:31 madduck flupke: and what do you expect instead?
19:31 kmwhite left #salt
19:32 madduck UtahDave: but the top file (and master_tops) isn't the place for inventory, is it?
19:32 UtahDave abe_music: I'm not sure. I haven't delved into that part of the code at all.   If you don't find anything you may want to ask o nthe mailing list
19:32 madduck I mean, they are just matches…
19:32 UtahDave madduck: No, Salt doesn't keep an inventory
19:32 UtahDave Your infrastructure is the inventory
19:32 flupke madduck: the process should be restarted if I change something in the watched files
19:32 jslatts joined #salt
19:33 madduck UtahDave: well, there's a lot to be said about not keeping redundant information, except for when you need it to check. ;)
19:33 abe_music thanks UtahDave…i can probably get by with a custom commands looking in /proc
19:33 madduck UtahDave: a class teacher could also just not have a list of students, if you know what I mean… ;)
19:33 abe_music well test -e /dev/xvdj works, hmm
19:34 abe_music which is different than -f and -d…i'm assuming those are the flags that file_exists and directory_exists
19:34 madduck flupke: that it should, yes.
19:34 UtahDave madduck: you could also use a returner to a database and then you can query the database for minions
19:35 madduck UtahDave: I wonder whether there could be a case made for an inventory plugin system like master_tops and ext_pillar, and the inventory would return list of nodes and nodegroups.
19:35 Xeago joined #salt
19:35 madduck And then I wonder whether there could be a case made for the unification of those three plugin systems ;)
19:35 UtahDave madduck: You could also use the Salt Mine as well.
19:36 UtahDave madduck: master_tops and ext_pillar server completely different purposes.
19:36 Newt[cz] joined #salt
19:36 madduck UtahDave: salt mine is — haven't used it yet, but… — beautiful and wonderful and great, but it's also in the class of dynamic data, not inventory.
19:36 madduck UtahDave: well, yes and no. master_tops essentially gives you the states that apply to a node and ext_pillar gives you the parameters that are relevant for a node…
19:37 UtahDave madduck: Well, what the Salt Mine does is store the last result of a specific command for each minion
19:37 madduck you /could/ unify that, no?
19:37 flupke madduck: and when I change something in a watched file, I see that it's updated on the minion but the process is not restarted :(
19:37 UtahDave If you query against the mine, then you'll get all the minions, even if some of the minions are down or disconnected
19:37 madduck flupke: I am sorry, I cannot see anything obviously wrong. :( I know how frustrating this can be. Don't give up. It's probably trivial! ;)
19:37 milind_ joined #salt
19:38 s0undt3ch___ joined #salt
19:38 madduck UtahDave: yeah, makes sense. And sure, this is one way, but it's also not a "list of students", it's a "list of students who showed up on the first day of school", again… if you know what I mean.
19:38 UtahDave madduck: sort of.  The master_tops gives you the entire top data.  All minions can see ALL of the top data.  All the matching criteria.  The minions themselves determine if they match against each item in the top data
19:39 flupke madduck: oh wait, there is no mod_watch() in my state file, it must be a recent feature, I'll try to upgrade
19:39 madduck UtahDave: so that answers one of my questions: master_tops should return the same information regardless of what minion ID is in the context, right?
19:39 UtahDave madduck: that's correct
19:39 madduck \o/
19:40 UtahDave madduck: So in contrast, the pillar compiles a dict of data that's specific to each minion and is encrypted and given to each minion in a separate data stream
19:41 * madduck updates #5786
19:41 madduck UtahDave: yeah, I gathered that.
19:41 UtahDave ok, cool.
19:41 madduck UtahDave: apart from a dynamic definition of nodegroups, possibly coming from the same data source as master_tops and pillar, do you see any use of an inventory?
19:42 madduck And another question: should master_tops really just return exactly what yaml.load(file(
19:42 madduck And another question: should master_tops really just return exactly what yaml.load(file('top.sls')) should return, including matching functions, e.g. - match: grains ?
19:42 UtahDave madduck: I can see the use of an inventory.  I'm not trying to shoot down your idea.   Just trying to think through this with you
19:43 madduck I appreciate it.
19:43 UtahDave madduck: to your question about the master_tops return. Yes, it should return yaml.load(file('top.sls'))
19:43 madduck (The last project I worked with would have gotten me a single sentence reply from the leader ("no, not interested" or "that is not how it's done") and no further comments, ever. … so thanks! ;\) )
19:43 JasonSwindle joined #salt
19:44 UtahDave :)  he he.  We do try to be as open minded as possible
19:44 UtahDave Many of the awesomest features of Salt have come from our community.
19:44 madduck sweet, now I understand master_tops. And I think I need to update #5787 accordingly, meaning: as long as top.sls is not used to define nodegroups, master_tops cannot be used either.
19:44 UtahDave madduck: that's correct.  master_tops is definitly not the place to define a node group
19:45 UtahDave I think the ext_pillar is probably your best bet.
19:45 UtahDave You can create your nodegroups and have it match against all minions, then all minions will be able to use that info
19:45 madduck so the questions that is at the core of #5787 remains: would it be useful to have an external interface for nodegroup definitions, and would it make sense to make that be an inventory per se (nodegroup 'all')
19:46 madduck UtahDave: you mean I should put list(nodegroups) into the pillar for my minions and then use pillar match?
19:46 UtahDave I think that should work
19:46 madduck that is trivial to do and works already, in fact. I suppose the only thing I don't like about that is that the CLI is awkward.
19:46 madduck salt -I nodegroups:postfix_hosts …
19:47 madduck vs. salt -N postfix_hosts
19:47 bemehow joined #salt
19:47 madduck and I don't like that this might return not having spoken to all postfix_hosts
19:47 madduck i.e. there being no inventory.
19:48 UtahDave madduck: So let me ask you a couple questions so I can understand where you are coming from.
19:48 * madduck notes that Tom and Dave have completely opposing standpoints. ;)
19:48 madduck https://github.com/saltstack/salt/issues/5787#issuecomment-20148399
19:48 madduck UtahDave: go ahead, I will update Tom about this conversation!
19:49 jlund flupke: This is a bug in Salt. The same thing happens in my states, I just haven't had a chance to report it yet. Watching files to trigger restarts will output that the service is restarted when the file changes, but it isn't actually restarted. I'll file an issue now
19:50 flupke jlund: the watch code simply isn't there in 0.15.3 so it's normal, but it's there in 0.15.90, I'm testing it right now
19:51 UtahDave just a sec.
19:52 abe_music am i remembering correctly that there's a way to write straight python in my states or is that templates only?
19:53 madduck UtahDave: if the master publishes a command to web*, do hosts that do not match this glob report back saying that they didn't see a need to do anything?
19:53 madduck abe_music: there is #pydsl and #py as an alternative to the default templating (and the default is only templating, no Python)
19:54 abe_music madduck: thanks
19:55 madduck np
19:56 madduck abe_music: I used to know a girl with the last name Abe and she was crazy into music and crazy good at all instruments… ;)
19:56 flupke jlund: yup it works with 0.15.90, you can get it from ppa:saltstack/salt-daily
19:56 jlund flupke: Interesting. Thanks!
19:56 abe_music madduck: lol, funny enough i recently met a complete stranger with my last name…small world i guess
19:56 LyndsySimon_ joined #salt
19:57 madduck http://www.bu.edu/musicology/faculty/marie-abe/ ;)
19:58 abe_music madduck: that's awesome! only met 2 people with the first name abe, never someone with that last name…i hear abe is a common surname in japan
19:59 mgw is there a config directive for where virt module puts its images?
20:00 madduck mgw: libvirt?
20:00 HaxCore left #salt
20:00 mgw maybe it's in the libvirt config
20:00 mgw rather than in salt's config
20:00 mgw I'm talking about the salt virt module though
20:00 madduck yeah, not sure. it'll be in the definition of the 'default' storage pool…
20:00 UtahDave madduck: regarding your publish to web* command.  No, they don't report
20:01 p3rror joined #salt
20:01 UtahDave Remember, the master doesn't go out and send a command to each minion.
20:01 madduck UtahDave: yeah, I know. It pubsubs
20:01 UtahDave right
20:01 UtahDave But using the minions' cache the Master does try to predict who it thinks will return.
20:01 madduck UtahDave: if we had an inventory, that could be changed though. Imagine the master knowing that all minions responded, either because they were addressed, or because they were merely attentive, but didn't need to do anything.
20:02 mgw madduck: no, it's got to be a salt directive — the default is /srv/salt-images
20:02 mgw I thought maybe it would be in the minion config, but I don't see anything
20:02 madduck mgw: sorry, I have not tried virt yet. :(
20:02 mgw it's nice
20:02 madduck mgw: UTSL! ;)
20:02 UtahDave I just had a really good conversation about all this.
20:02 JasonSwindle joined #salt
20:02 * madduck sits up straight
20:03 UtahDave mgw: virt is new enough that it's possible that it's not configurable yet.
20:04 mgw :-) found it
20:04 UtahDave mgw: actually I may be wrong on that.
20:04 mgw UtahDave: it's virt.images
20:04 mgw it's just not int he sample config
20:04 UtahDave mgw: yep!  So you can add that in your master config and all the minions will get that
20:04 madduck iff pillar_data is on
20:05 mgw madduck: yeah…. pillar_opts is annoying for me
20:05 mgw But maybe I can put it in pillar instead
20:05 mgw I already have virt.nics in there
20:05 UtahDave mgw: Hey, as you're going through setting up and using salt-virt, would you mind making any doc updates that you think would be helpful?
20:05 UtahDave mgw: as I'm sure you're finding out, the virt docs need attention
20:05 mgw UtahDave: I'll make an attempt at that
20:06 UtahDave :)
20:06 mgw I sort of just skipped the docs ;-)
20:06 UtahDave thanks!  Let me know if I can help with anything
20:06 mgw I tend to look at the source to figure out how things work
20:06 madduck UtahDave: when you said you had a really good conversation, was that about virt or anything to do with inventory? I am just asking because I could either now stay up and suffer when my daughter (who came from New Zealand this morning) wakes at 4am, or sleep in anticipation. ;)
20:07 UtahDave he he.   Sorry, madduck.  Yeah, we were talking about the inventory
20:07 * madduck gladly stays up
20:07 UtahDave Tom's actually been contemplating this for a while so we can add some other features
20:08 UtahDave There are several things that are somewhat related
20:08 UtahDave So for one, he'd like to see some interface kind of like what you're talking about with master_tops that would allow for external determination of the inventory
20:08 madduck \o/ good news.
20:09 madduck UtahDave: maybe it's time I gave Tom (and whoever else) a live introduction to reclass?
20:09 UtahDave maybe making some additions to master_tops, if we can do that without messing up current usage of master_tops, or possibly through another interface
20:09 madduck I think that iff master_tops could do inventory-like stuff, then top.sls must be able to do the same.
20:09 UtahDave yes.
20:09 UtahDave Also, we added the IP addresses of the minions to the grains
20:10 EugeneKay Wheee.... the fun of trying to bootstrap minions in VMware.
20:10 EugeneKay I /almost/ have a working clone process.
20:11 UtahDave So he wants to set up an interface to looking into the kernel to see what servers are connected to the master and use the grains cache to get the minions' id and other bits of information
20:11 madduck not sure what relevance that has… or do you mean that the grains as cached on the master include the IP address of the minion as it presented itself on port 4505?
20:11 UtahDave EugeneKay: nice!  We're actually working with another company to get vmware support in salt-cloud
20:11 madduck UtahDave: oh, #2361!
20:11 EugeneKay This is using a rc.local script and VMware's provisioning stuff
20:11 UtahDave madduck: exactly.  Look at what machines are connected to port 4505 and use that to know who is connected right now
20:12 UtahDave EugeneKay: that's cool.  I'd love to see what you come up with.
20:12 EugeneKay Basically, I sniff for the hostname changing from "vanilla", and then rm the minion pki and sed the id: presented to the master.
20:12 madduck UtahDave: actually, you don't need to look into the kernel, it's pretty trivial to maintain a socket list and remove items from it when the socket layer reports failure…
20:12 EugeneKay Vmware provisioning does the hostname & IP change.
20:12 UtahDave EugeneKay: cool
20:13 madduck UtahDave: or use KeepAlive of sorts
20:13 EugeneKay I'd like to do it with salt-cloud, but.... doesn't exist yet.
20:13 UtahDave madduck: that's true. I'm not sure exactly where tom plans on getting that info from
20:13 UtahDave EugeneKay: Hopefully we'll have that support in salt-cloud within the next week!  :)
20:13 EugeneKay Nice.
20:14 EugeneKay Damnit, my DHCP is wrong somehow.
20:14 EugeneKay Grrr
20:14 EugeneKay LAST failure was because I forgot to have dhclient package included in my vanilla VM....
20:14 jschadlick joined #salt
20:14 madduck UtahDave: well, given that I filed the original issue, I'll gladly be around to help or bounce ideas back.
20:14 madduck I also know socket programming.
20:15 EugeneKay Damnit. I see what I did wrong. Stupid RH sysconfig stuff
20:15 madduck UtahDave: so, how do we proceed? Do we use the two issues in question for discussion, and you and I chat here when we get a chance? Tom doesn't IRC, eh?
20:15 UtahDave madduck: that's great. That would be very helpful.  I'll pass that info along. I'm not sure what the timeline is on that, but I'll keep you apprised
20:16 madduck apprised, what a lovely word.
20:16 madduck UtahDave: thanks. Tell Tom that he can send me emails without lead or closing if he just has an idea and wants input. ;)
20:16 UtahDave We had to ban Tom from IRC because he'd get so many questions all day that he couldn't get any programming done.  :)
20:16 madduck fair enough.
20:17 LyndsySimon joined #salt
20:17 * madduck is excited to be back using Salt.
20:17 UtahDave We filter things through to him as needed. And we can set up a chat if we need to.
20:17 madduck grand.
20:17 UtahDave :)  Glad to hear that, madduck!
20:17 madduck Alright, then I will go to bed now as my li'l girl shall be with me in an estimated 5:42:14 hours
20:18 madduck thanks, UtahDave
20:18 UtahDave allright.  good night, madduck
20:18 madduck UtahDave: do tell Tom that I am very busy until about 5 July, but then I'll do coding too, once there's a direction.
20:18 madduck bye
20:19 UtahDave sounds good
20:19 dave_den joined #salt
20:24 madduck UtahDave: one last thing: I think my email is a thing of the past. We worked through all of the points, and more.
20:25 UtahDave OK. sounds good.
20:25 UtahDave thanks for your patience madduck
20:25 madduck I bet. ;)
20:25 madduck no patience required
20:25 madduck good rest-of-day/night.
20:25 UtahDave now brush your teeth and go to bed!  lol
20:33 LyndsySimon joined #salt
20:33 milind_ joined #salt
20:34 xrl joined #salt
20:35 * EugeneKay crosses fingers, prays this machine comes up cleanly
20:35 EugeneKay So, will salt-cloud's vmware stuff support a clone operation using a "Customization Specification" ?
20:35 EugeneKay (which is really all I'm doing inside the vSphere console)
20:35 xrl are there publicly available 'recipes' for salt? I want to deploy a rails stack and would like to know how to manage that
20:36 EugeneKay Several; google for "github salt states"
20:36 sijis joined #salt
20:36 sijis joined #salt
20:36 EugeneKay Including this one https://github.com/saltstack/salt-states
20:37 drawsmcgraw Wait what? Salt vmware?
20:38 xrl EugeneKay: thanks, that was easy... guess I didn't get what a state was (makes sense if hind-sight)
20:39 UtahDave xrl: try looking in here: https://github.com/saltstack-formulas
20:39 UtahDave EugeneKay: :)  I'm not 100% sure on that exact command.  redbeard2 is heading the dev on that.
20:40 Katafalkas joined #salt
20:40 aboe joined #salt
20:41 EugeneKay Yes! It works!
20:44 dthom91 joined #salt
20:44 nliadm so, it seems that if you do a file.managed without setting source/content, it doesn't get the mode set on creation
20:47 UtahDave nliadm: really?  Have you checked if there is an open issue on that?
20:47 nliadm I have not, I'll go double-check
20:48 nliadm but yeah, I'm mopping up some minions that got in an odd state (my fault) and I'm having to run it twice
20:50 xrl ok, these recipes are really only targeting recent debian-ish systems? or are people doing other distros?
20:55 jlund xrl: https://github.com/jlund/salt-rack
20:56 jlund xrl: Those work on Debian 7 and Ubuntu
20:58 rberger joined #salt
21:00 nliadm UtahDave: https://github.com/saltstack/salt/issues/5793
21:00 UtahDave great. Thanks, nliadm.
21:04 jamescarr joined #salt
21:05 alazylearner joined #salt
21:07 s0undt3ch joined #salt
21:07 jayd3e joined #salt
21:08 jayd3e how would I go about compiling Python from source with saltstack?
21:09 anteaya joined #salt
21:09 LyndsySimon joined #salt
21:10 KyleG w00000000000t
21:10 aranhoide joined #salt
21:11 KyleG About to sign the papers for the venue for Salt Stack Hackathon 2013 LA! :-) Hope some of you here in the city can make it.
21:11 KyleG tis going down
21:11 * UtahDave high fives KyleG!
21:11 KyleG ^_^
21:11 KyleG UtahDave: Check out the digs: http://www.satellitesantamonica.com/about/facilities-and-services/ They're psyched we're hosting it there. They apparently knew about Salt Stack. :-)
21:12 KyleG They already have internet, seating, projectors, etc
21:12 UtahDave wow, that looks really nice!
21:13 jeddi joined #salt
21:14 baniir joined #salt
21:15 KyleG yeah, it's right by the beach too. So after hacking and drinking I know what I'm going to do...lol
21:16 KyleG I wonder if we can get any of the SnapChat guys to show up…they're right down the street from that venue.....
21:16 KyleG Their office is on the friggin beach/boardwalk. Lucky bastards.
21:24 thaddeusmt joined #salt
21:25 UtahDave sounds awesome, KyleG.  I should probably come down and supervise for the weekend.  :)
21:25 AviMarcus joined #salt
21:26 KyleG haha that'd be awesome. :-)
21:26 KyleG Should I email Rhett about maybe getting some SaltStack swag for the meetup?
21:27 UtahDave yeah, do that. We'll send down some shirts and things.
21:27 thaddeusmt Anyone have ideas on how to resolve a "recursive requisite" error with a symlink state? I am managing an nginx site file into the sites-available directory, then I want to symlink it in the sites-enabled directory - but both commands take the same file name so it's throwing the recursive error.
21:27 jayd3e so is there any way to do a ./configure, make && make install through saltstack?  or would I use cmd.run, and in doing so wouldn't that run it every time?
21:27 UtahDave Also, let him know the address and how many people you think you can handle so we can get the registration for your venue up on the eventbrite page
21:27 jayd3e b/c I don't want the package to get compiled each time I update a machine
21:27 alazylearner joined #salt
21:28 UtahDave thaddeusmt: can you pastebin what you have?
21:28 StDiluted jayd3e: my recommendation would be to use the fpm gem to make it a package (it's easy, trust me) and then you can use dpkg -s to check if it is installed.
21:28 elbaschid joined #salt
21:29 UtahDave jayd3e: you could use cmd.wait  and have it check for something to determine if it should run again.
21:29 StDiluted alternately, you can use an unless to check if a file that the package installed is present and not recompile if the binary is already there.
21:30 jayd3e StDiluted: I would use fpm, but managing a package index is going to be more of an undertaking than I can handle right now.  I think the unless option would be good.  I could check for the python binary
21:32 thaddeusmt @UtahDave: Ah, sorry, false alarm, I have the 'name' and 'target' symlink directives reversed. Works now.
21:32 UtahDave thaddeusmt: ah, glad you figured it out.
21:33 StDiluted jayd3e, who said anything about managing a package index? /tmp/yourpackage.deb: file.managed: - source: salt://yourpackage.deb
21:34 jayd3e StDiluted: right, gotcha.  That's a good point
21:34 StDiluted then use cmd.run to dpkg -i and use an unless dpkg -s
21:34 StDiluted I just set that up for check-mk-agent
21:35 whit joined #salt
21:36 StDiluted Can anyone advise what the best way to set up variables inside package config files would be? Grains, or if statements, or…?
21:36 StDiluted pillar?
21:38 StDiluted {% if grains ['node name'] == '*mailserver' *}
21:38 StDiluted something like that?
21:39 StDiluted just asking what best practice would be
21:40 MrTango joined #salt
21:48 StDiluted no one?
21:49 akoumjian StDiluted: templated using pillar data
21:50 StDiluted ok
21:50 baniir joined #salt
21:50 StDiluted that's what i thought, just not sure how to do it yet. :)
21:51 akoumjian StDiluted: Use the pillar/top.sls to determine what minions get what pillar values based on minion_id or grains matching. Then inside your config templates just use the pillar context var
21:51 akoumjian ie: {{ pillar['stmp_server'] }}
21:51 StDiluted cool
21:51 StDiluted that makes sense
21:52 kermit joined #salt
21:55 akshayms joined #salt
21:56 carlos joined #salt
21:57 jeffrubic joined #salt
21:58 jacksontj joined #salt
22:00 akshayms joined #salt
22:00 mgw I've got a security question. What happens if dns on a network is compromised and salt is rerouted to a rogue master? The minions auth to the master, but I don't see how the master authenticates to the minions…
22:01 UtahDave The master doesn't authenticate to the minions.
22:01 UtahDave First, once the minion checks dns for the master's IP, the minion always uses the IP address and not the dns
22:02 mgw even after a reboot?
22:02 mgw s/reboot/restart?
22:02 mgw (regardless, that helps)
22:02 UtahDave mgw: no, on reboot it will check the dns again.
22:02 UtahDave but the minion caches the master's public key and will not authenticate against any other master
22:03 UtahDave (unless you manually delete the master's cached key)
22:03 mgw ok, cool…. that's what I wanted to hear :-)
22:03 UtahDave When the minion detects the wrong master pub key, the minion service will just die
22:04 jacksontj joined #salt
22:05 bluemoon joined #salt
22:08 jdenning joined #salt
22:11 dthom91 joined #salt
22:18 blakearnold_ joined #salt
22:19 fragamus joined #salt
22:20 akshayms joined #salt
22:21 dcolish joined #salt
22:22 bemehow joined #salt
22:38 danielcharles how can i install mysql (as a package) and have users/dbs/etc. created in one run of salt.highstate?
22:40 bluemoon joined #salt
22:46 terminalmage joined #salt
22:47 danielcharles joined #salt
22:50 giantlock joined #salt
22:51 pentabular1 joined #salt
22:51 emocakes joined #salt
22:52 f4cl3y joined #salt
22:52 f4cl3y joined #salt
22:54 redondos joined #salt
22:56 danielcharles joined #salt
22:57 santagada_ joined #salt
22:58 mgw joined #salt
23:01 redondos hello. if a DNS record changes and points to a different master server, a minion will not complain about this and accepts its commands graciously. is this a design decision?
23:02 redondos this makes the minion susceptible to MitM attacks, unless I'm missing a configuration variable or something less obvious.
23:05 mgw redondos: I just discussed this with UtahDave. I don't think that's how it's supposed to work.
23:05 mgw I have not actually tested it, but UtahDave indicated that it would reject the new master if it does not have the same key as the old one
23:08 aranhoide left #salt
23:09 mikedawson joined #salt
23:10 mianos joined #salt
23:11 redondos ah, you are right: [salt.crypt       ][ERROR   ] The master key has changed, the salt master could have been subverted, verify salt master's public key
23:11 redondos where are the keys stored?
23:13 jessep joined #salt
23:13 mgw redondos: /etc/salt/pki/ by default
23:13 redondos /etc/salt/pki
23:13 redondos yes, thanks :)
23:13 redondos did you just start using Salt?
23:14 redondos I am testing it for remote execution first, mainly for rolling updates to some servers. at a later stage I'll try converting some puppet manifests and chef recipes to SLS and see how that goes.
23:14 shiznit joined #salt
23:16 mgw redondos: I've been working with it for a few months
23:16 mgw but only getting ready to put into production
23:16 mgw * only now
23:17 redondos what kinds of tasks are you using it for?
23:18 shiznit joined #salt
23:18 mikedawson_ joined #salt
23:19 mgw redondos: everything, ultimately
23:19 dthom91 joined #salt
23:20 mgw at the moment, users/groups/ssh/sudo/networking and a few other things
23:20 jschadlick left #salt
23:21 capricorn_1 joined #salt
23:21 ClausA joined #salt
23:24 dthom91 joined #salt
23:25 nrub joined #salt
23:26 rglauser joined #salt
23:29 bemehow is there a way to run sls files locally? like puppet manifests in masterless mode?
23:36 cxz joined #salt
23:36 blast_hardcheese bemehow: Yes, look at salt-call
23:37 blast_hardcheese bemehow: I'm actually using salt-call entirely locally, without a master, using `salt-call --local state.sls ...`
23:38 bluemoon joined #salt
23:39 oz_akan_ joined #salt
23:39 cxz that is a great way to use salt
23:39 cxz and one which i use myself
23:42 blast_hardcheese I'm really pleased that everything I care about is managed by Salt
23:43 blast_hardcheese (Except my iPhone, for now)
23:44 cxz :P
23:44 cxz it would be good if salt could run states without a client on the host
23:45 cxz then you could connect your android for instance
23:45 cxz and even without installing salt on your android, if you had an ssh shell and root access it should be possible to do anything ;P
23:45 blast_hardcheese cxz: I was asking about that... a year ago? :P
23:45 cxz ah
23:45 cxz :P
23:45 cxz haha
23:46 kstaken joined #salt
23:46 blast_hardcheese I did some work towards it at one point, but the abstraction became too big for me to manage at the time
23:46 chrisgilmerproj left #salt
23:47 adotbrown joined #salt
23:50 UtahDave cxz and blast_hardcheese that's in development right now.
23:52 cxz UtahDave: can u show us the specific commits/issues on github?
23:52 cxz that relate to that
23:53 UtahDave I'm not sure if Tom has pushed that entire branch up yet.
23:53 UtahDave The first step was
23:53 UtahDave to allow for an entirely selfcontained salt-call that doesn't depend on zmq and crypto for a masterless setup
23:53 UtahDave So now you'll be able to use Salt in a masterless setup and just pip install salt
23:53 austin987 joined #salt
23:54 mianos interesting not to use zmq, I have used to for a few local to local things
23:54 UtahDave Work is in progress so you can use ssh from the master to go out and manage various servers over ssh.  But it's still in heavy development
23:55 jacksontj can I deploy a pillar_ext module in the file_roots? or does it have to ship with the main master package?
23:56 UtahDave jacksontj: http://docs.saltstack.com/topics/development/external_pillars.html#location
23:56 UtahDave you can set the location the extension_modules option in your master config
23:57 Ryan_Lane if I have a grain with a value of test::me
23:57 Ryan_Lane how do I properly target it?
23:57 Ryan_Lane so, let's say it's example: test::me
23:57 Ryan_Lane salt -G 'example:test::me' doesn't work
23:57 mgw Ryan_Lane: salt -G 'example:test:me' test.ping
23:58 mgw oh, you mean the vlaue has :: in it?
23:58 Ryan_Lane yes
23:58 mgw in my experience with similar things, it won't work
23:58 mianos -G 'test:me'
23:58 mgw I ran into that wanting to have '.' in an sls file name
23:58 mgw (other than the extension)
23:58 mgw but . is a directory separator for sls includes
23:59 Ryan_Lane mianos: the grain is example and the value is test::me
23:59 mgw So I suspect it's the same thing. UtahDave might know better though.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary