Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-08-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 redbeard2 joined #salt
00:05 axisys joined #salt
00:10 lazyguru_ joined #salt
00:11 pmcg joined #salt
00:11 TheSojourner joined #salt
00:11 TheSojourner joined #salt
00:11 crashmag joined #salt
00:12 dthom91 joined #salt
00:13 jwon joined #salt
00:13 [vaelen] joined #salt
00:14 spudbook joined #salt
00:16 jacksontj is there a way in the python api to put a command out and just get the jobid back?
00:18 zach joined #salt
00:21 mgw joined #salt
00:28 mmilano joined #salt
00:31 bworth joined #salt
00:34 jacksontj looks like there is a cmd_async I just cant find it in the docs :/
00:40 druonysus joined #salt
00:42 dthom91 joined #salt
00:46 dthom91 joined #salt
00:49 krissaxton joined #salt
00:51 bworth jacksontj: You may have to look inside the source for the LocalClient class. I have confirmed the absence of docs for cmd_async.
00:51 jacksontj yea, i found it and am using it now ;)
00:51 jacksontj opened an issue: https://github.com/saltstack/salt/issues/6705
00:52 druonysus joined #salt
01:03 Katafalkas joined #salt
01:06 andrew joined #salt
01:07 liuyq joined #salt
01:12 cxz joined #salt
01:14 liuyq joined #salt
01:15 p3rror joined #salt
01:16 Nexpro1 joined #salt
01:17 blee joined #salt
01:19 alunduil joined #salt
01:24 Jahkeup joined #salt
01:26 cxz how should i perform a dns lookup inside a jinja template?
01:26 cxz cmd.run has the issue of not having dig installed when jinja is rendered
01:26 cxz before any states run
01:27 renothing joined #salt
01:34 druonysus joined #salt
01:35 dizzyd joined #salt
01:44 m_george|away joined #salt
01:49 krissaxton joined #salt
01:57 zonk1024 joined #salt
02:00 Linz joined #salt
02:05 logix812 joined #salt
02:07 andredublin joined #salt
02:07 cxz joined #salt
02:10 saurabhs left #salt
02:10 Ryan_Lane joined #salt
02:14 dthom91 joined #salt
02:19 druonysus joined #salt
02:20 hernantz joined #salt
02:45 ipmb joined #salt
02:46 Jahkeup joined #salt
02:50 krissaxton joined #salt
02:50 oz_akan_ joined #salt
02:52 saltedPorky joined #salt
03:06 xl1 joined #salt
03:23 malinoff joined #salt
03:23 malinoff Hi all
03:26 aat joined #salt
03:28 dthom91 joined #salt
03:39 jheise_ joined #salt
03:39 Nexpro joined #salt
03:45 dizzyd joined #salt
03:46 jheise joined #salt
03:50 krissaxton joined #salt
03:51 jheise_ joined #salt
03:53 liuyq joined #salt
03:56 liuyq joined #salt
03:59 aat joined #salt
04:01 mgw joined #salt
04:07 fxdgear joined #salt
04:13 malinoff_ joined #salt
04:17 Gifflen joined #salt
04:24 Lue_4911 joined #salt
04:36 Gifflen joined #salt
04:38 carmony joined #salt
04:46 malinoff joined #salt
04:51 malinoff joined #salt
04:51 krissaxton joined #salt
04:53 rberger joined #salt
04:55 malinoff_ joined #salt
04:56 malinoff_ joined #salt
05:00 drogoh joined #salt
05:24 matanya joined #salt
05:28 oz_akan_ joined #salt
05:34 ollins joined #salt
05:39 gildegoma joined #salt
05:48 monokrome What's the proper way of running a completely masterless salt?
05:49 monokrome Does this look right? http://goo.gl/nwtqku
05:51 krissaxton joined #salt
05:52 EugeneKay monokrome - IMO, run a master on localhost :-p
05:53 monokrome That does not solve the problem that I just asked about
05:54 EugeneKay It's masterless in that it's the same machine
05:54 monokrome no
05:55 monokrome It has a master
05:55 monokrome and is therefore NOT masterless
05:55 monokrome My configuration that I linked to works without running a master
05:55 EugeneKay A matter of perspective
05:55 monokrome I'm just wondering if I did anything wrong
05:55 monokrome no it's not
05:55 monokrome It's rather obvious that if there's a master, it's not masterless.
05:56 EugeneKay ....I'm saying that it meets my definition of masterless, which is not the same as "master-less"
05:56 monokrome uh huh
05:56 malinoff_ monokrome: have you read this http://docs.saltstack.com/topics/tutorials/quickstart.html ?
05:56 EugeneKay Anyway, I don't see anything obviously wrong with your states
05:57 malinoff_ and this http://docs.saltstack.com/topics/tutorials/standalone_minion.html
05:58 monokrome Yeah, I've read those. They don't really explain much.
05:58 EugeneKay What needs explaining?
06:01 monokrome I had to set up a lot of stuff that was not documented there to get that to work
06:02 monokrome is 0.13.0-64-g1d31da6 the latest salt? O_o
06:02 monokrome because if so I found an error in it :(
06:02 EugeneKay No. 0.16.something
06:02 monokrome Why isn't that the latest in pip?
06:02 monokrome PyPi*
06:03 EugeneKay https://pypi.python.org/pypi/salt/0.16.3
06:03 monokrome weird
06:03 monokrome pip install salt installed the one I just listed
06:03 EugeneKay To answer THAT question, "because pip is a piece of crap" :-p
06:03 monokrome no it's not
06:04 EugeneKay It's probably a caching issue somewhere
06:04 monokrome It's probably because my requirements.txt used to use the git repository and it created a fake egg to do that
06:04 monokrome that's my guess
06:04 monokrome we'll see
06:04 monokrome yep
06:04 monokrome *facepalm*
06:05 EugeneKay As a long-term sysadmin, your package manager preferring an out-of-date repo(that's what an Egg is within pip, right?) when you want the latest, without making this explicit, is crap behaviour. So I stand behind my statement.
06:07 monokrome As someone who understands what is going on, my having hardcoded a git repository into requirements.txt to make a fake egg file represents the issue. Pip didn't do it. I did.
06:07 monokrome http://goo.gl/UUIGPy
06:08 EugeneKay Yup, but your PM didn't tell you what repo it was using. Or maybe it did, but you ignored the output? I don't use pip because of things like this, so feel free to correct my assumptions.
06:08 monokrome Yes it did
06:08 syngin EugeneKay: pip is legit.
06:08 monokrome It's actually a really nice package management solution
06:08 monokrome I'm just being a moron about it
06:08 syngin easy_install... now _there's_ a turd.
06:09 Kotoura left #salt
06:09 EugeneKay Oh, THATS the one.
06:09 monokrome Yeah, easy_install is terrible.
06:09 EugeneKay I'm not much of a Pythonista, and my memory of dealing with this stuff is about a year out of date. Plus i'm sober tonight.
06:09 monokrome wat? http://d.pr/i/I3us
06:10 EugeneKay o.O
06:10 EugeneKay At least it explains the issue
06:10 monokrome this is a new issue due to the upgarde
06:10 monokrome upgrade*
06:11 monokrome tcp should fix it
06:11 monokrome yep
06:11 EugeneKay <3 helpful error massages
06:14 monokrome How do you manage different users performing different tasks? IE, I can't `sudo salt-call` because Homebrew requires non-root users install package - but I can't add a user because I need to run salt-call as root
06:14 monokrome Any thoughts?
06:15 vaxholm joined #salt
06:15 EugeneKay UtahDave pointed to an acl thing earlier today, but I don't know if it works masterless(I haven't read into it)
06:15 monokrome I think that everything works masterless due to Salt's design?
06:16 monokrome I basically just need to make it so that on OS X (not other OSs) packages are not installed by root
06:17 monokrome so I don't really need acls
06:17 EugeneKay Oh, I see. You need to sudo to run `salt-call`, but the pkg state should run as a different user
06:17 monokrome yep
06:18 monokrome but only as a different user in OS X
06:18 monokrome is where it seems tricky
06:18 EugeneKay File a bug for it :-p
06:18 monokrome It's debatable whether it's a bug
06:18 monokrome I think that pillars can solve the problem
06:19 EugeneKay Howso?
06:19 malinoff_ monokrome: you can use grains data to determine which os are you running, and set user in your pkg state
06:19 monokrome if I use a different pillar for OS X and set a variable there regarding who should install stuff, I guess
06:19 EugeneKay Yeah, but i don't see anything in pkg. for "user to install package as"
06:19 EugeneKay So that doesn't get you.... anthing
06:20 monokrome EugeneKay: You're right O_O
06:20 monokrome wat
06:20 EugeneKay I tend to do that when I speak emphatically.
06:20 EugeneKay Otherwise I use terms like In My Opinion, I think, and Maybe
06:20 stevetodd joined #salt
06:20 monokrome That's because salt just assumes you run it as the user that you want doing things, I suppose
06:21 EugeneKay I say you file a bug for OS X
06:21 monokrome It's not a bug.
06:21 monokrome I have an odd use case
06:21 monokrome I'm trying to replace a bash script that automates configuration of new machines
06:21 monokrome (installing all my dev tools and such)
06:21 abele joined #salt
06:22 EugeneKay So? pkg is failing on a supported platform
06:22 monokrome Homebrew returns a 0 error code when run as root
06:22 monokrome unless you specifically ask it not t
06:22 monokrome not to*
06:23 monokrome How is that a salt bug?
06:23 monokrome Sorry, I meant non-0
06:24 EugeneKay So thsi isn't the pkg state?
06:24 dthom91 joined #salt
06:25 monokrome EugeneKay: It is, but if the bug is anywhere IN salt, it's in the homebrew module
06:26 monokrome I think
06:27 EugeneKay Well, fiddle more. And don't be afraid to file a big - I did, once! And it turned out to be "vaild, but not our fault"! Go me!
06:28 monokrome http://goo.gl/x5Kowr
06:28 monokrome Looks like that fixed this issue
06:29 monokrome but I guess it wasn't accepted
06:29 monokrome ?
06:29 EugeneKay Beats me. Comment on it, see what happens
06:30 monokrome I did :}
06:30 EugeneKay So you did
06:30 EugeneKay My laptop's vertical res sucks :-|
06:30 EugeneKay Totally missed that o nfirst glance
06:31 monokrome =]
06:32 monokrome Corey: I think this is you if you could help me understand when you're around; http://goo.gl/x5Kowr
06:33 monokrome Seems like a helpful patch.
06:34 middleman_ joined #salt
06:34 * monokrome assumes mostly everyone in here is from Utah and sleeping
06:35 monokrome Crazy how I spend 26 years in Utah and finally find a neat project in Utah literally a month after I move to San Francisco.
06:36 EugeneKay Something something Mormons.
06:48 axisys joined #salt
06:52 krissaxton joined #salt
06:57 balboah joined #salt
06:59 lazyguru joined #salt
07:01 vaxholm joined #salt
07:04 matanya joined #salt
07:04 ml_1 joined #salt
07:12 aleszoulek joined #salt
07:13 axisys joined #salt
07:13 krissaxton joined #salt
07:15 lazyguru joined #salt
07:15 dthom91 joined #salt
07:16 pjs_ joined #salt
07:20 cowyn joined #salt
07:23 cowyn hello, my syndic failed to start, http://pastebin.ca/2432107
07:23 cowyn version 0.16.3
07:24 flurick joined #salt
07:24 Furao cowyn: missing import in the code
07:25 syngin yep. log an issue.
07:25 crashmag joined #salt
07:27 cowyn eh, checked salt/utils/parsers.py, it does missing import..
07:27 cowyn i added import exceptions
07:27 cowyn another error AttributeError: 'module' object has no attribute 'SaltSystemExit'
07:28 syngin cowyn: that should be the last exception in salt/exceptions.py
07:28 syngin line 98
07:28 Daviey joined #salt
07:30 xl1 joined #salt
07:30 Kotoura joined #salt
07:31 cowyn yeah
07:31 cowyn File "/usr/lib64/python2.7/site-packages/salt/utils/parsers.py", line 934, in setup_config
07:31 cowyn except exceptions.SaltSystemExit as exc:
07:31 cowyn AttributeError: 'module' object has no attribute 'SaltSystemExit'
07:32 syngin cowyn: right, so do you have a SaltSystemExit class in salt/exceptions.py ?
07:34 cowyn syngin: yeah, L98
07:34 cowyn in salt/exceptions.py
07:34 Xeago joined #salt
07:39 cowyn syngin: the reasion is dns_check failed
07:41 bwq joined #salt
07:43 cowyn syngin: i'm going to log an issue regarding the import thing
07:47 cowyn seems that this issue has gone with develop branch
07:58 scott_w joined #salt
07:58 MK_FG joined #salt
08:10 jpcw q!
08:11 zooz joined #salt
08:12 waverider joined #salt
08:17 krak3n` joined #salt
08:18 dthom91 joined #salt
08:34 ml_1 joined #salt
08:34 woyerbse joined #salt
08:40 echos joined #salt
08:41 kstaken joined #salt
08:43 it_dude joined #salt
08:45 bemehow joined #salt
08:46 MrTango joined #salt
08:50 echos joined #salt
08:51 echos joined #salt
08:58 echos joined #salt
08:58 iMil joined #salt
08:58 iMil joined #salt
08:59 zooz joined #salt
08:59 xl1 joined #salt
09:02 az87c joined #salt
09:03 az87c_ joined #salt
09:15 xiaopi[z] joined #salt
09:16 xl1 joined #salt
09:18 krissaxton joined #salt
09:23 BbT0n joined #salt
09:24 bhosmer joined #salt
09:29 whiskybar joined #salt
09:31 Gifflen joined #salt
09:31 malinoff joined #salt
09:38 Nexpro1 joined #salt
09:38 lemao joined #salt
09:42 td_ joined #salt
09:42 td_ what is it trying to tell me: http://dpaste.com/1344057/ ?
09:47 mechanicalduck joined #salt
09:47 Furao td_: you already launched state.highstate before
09:47 Furao and it's finished yet
09:48 Furao salt-call jobs.lookup_jid 20130815113512320033
09:58 td_ Furao: thx
09:59 waverider left #salt
10:08 xl1 joined #salt
10:10 logix812 joined #salt
10:16 giantlock joined #salt
10:21 BbT0n hey, What is the difference between SALT and cfenfine ? SALT simpliest for ~1000server and cfengine for Big datacenter ?
10:23 Ryan_Lane joined #salt
10:34 Furao_ joined #salt
10:36 durnik joined #salt
10:42 helderco joined #salt
10:43 ggoZ joined #salt
10:46 gmoro joined #salt
10:47 derelm joined #salt
10:48 krissaxton joined #salt
10:54 scalability-junk BbT0n: salt new and fast... cfengine old and slow :D
10:54 scalability-junk BbT0n: but actually you can't say it like that.
10:55 scalability-junk salt has speed improvements over cfengine and is much cleaner in the way you can write your configs. it's just build for the current tasks, cfengine more crew into it.
10:55 scalability-junk you can scale with salt quite far, as you can delegate configuration tasks to other masters
10:56 BbT0n Ok ;) as I understood cfengine with his C heart is a good things. But seems hard to configure and learn.
10:57 fredvd joined #salt
10:57 BbT0n scalability-junk: You convinced me ;) I'll start with this tool.... Now I squat this channel
10:58 scalability-junk one master could manage a few 1000 or more servers probably more capable of a few 100 thousand. and then have 10 of these groups, which get managed by another master.
10:58 scalability-junk hehe alright
10:59 scalability-junk BbT0n: if there is no old infrastructure with chef, puppet or cfengine already configured, I would only choose between ansible and saltstack. as they are build up from the ground to be not only configuration management, but command distributors and deployment helpers.
10:59 scalability-junk with cleaner learning curves and a bit more scalable afaik
11:00 scalability-junk in the comparison between ansible and saltstack I would take saltstack out of dislike of the opencore mentality
11:00 david_a joined #salt
11:00 scalability-junk and salt has great features.
11:00 scalability-junk anyway about the multi master features for big datacenters: for redundancy: https://salt.readthedocs.org/en/latest/topics/tutorials/multimaster.html
11:01 scalability-junk and the delegation part: https://salt.readthedocs.org/en/latest/ref/syndic.html
11:01 scalability-junk and btw the best place to search is docs.saltstack.com as there are only the latest docs.
11:03 Jahkeup_ joined #salt
11:05 EntropyWorks joined #salt
11:05 malinoff LetCan i add a repo via .rpm file? Let's say i want to install varnish - i can do that via cli: rpm --nosignature -i http://repo.url
11:05 malinoff But how can do that with salt?
11:05 BbT0n scalability-junk: many thanks ! better introduction than I found. So the easiest way be ready fast... :) expect to see me often.Bon appetit .
11:06 scalability-junk BbT0n: yeah you could be up and running with your first minor minion in a few hours/days depending on your definition of minor :D
11:06 xl1 joined #salt
11:12 MrTango joined #salt
11:12 BbT0n scalability-junk: start from scratch with user,config,packages "synchronisation", amongst ~10 hosts on freebsd/linux system :p I let you know if my servers will burnt.
11:12 spoktor joined #salt
11:25 bemehow joined #salt
11:26 xl1 joined #salt
11:32 xl1 left #salt
11:33 Thiggy joined #salt
11:36 faldridge joined #salt
11:37 Gifflen joined #salt
11:59 y0j joined #salt
12:04 krak3n` joined #salt
12:05 ramesh joined #salt
12:05 blee joined #salt
12:06 ramesh Hello, is it possible to get user arguments while running salt states ?
12:14 blee user arguments?
12:15 whiteinge joined #salt
12:15 ramesh blee: i mean, i want user to enter his username, and after that i want to create a specific folder inside his home directory
12:16 blee oh, you want to pass arguments to the state?
12:16 ramesh something like /home/bob/test
12:16 blee via the state.sls?
12:16 ramesh yeah, exactly
12:17 Gifflen joined #salt
12:18 ramesh So when a state runs, it asks for the user to enter his username, and accordingly create a directory in his home
12:19 blee i dont think so, nothing dynamic like that
12:19 blee i do know that when you create a user via salt, theres options to automatically create the hold folder
12:20 blee Why do you want to prompt for user input? if they are part of your configuration, you should just have that username within your salt states somewhere
12:20 wimbo joined #salt
12:21 wimbo how i can checkout svn repository from state file?
12:21 ramesh yeah, actually i want to create a virtualenv, and for that i need to create a folder for that specific user
12:21 wimbo u can create folder with states
12:22 wimbo file:
12:22 blee ramesh, theres a file.directory state
12:22 wimbo - directory
12:22 wimbo -user: username
12:22 wimbo - group: usergroup
12:23 wimbo -makedirs: True (optionality)
12:23 wimbo so, can somebody help me to checkout svn from state?
12:23 oz_akan_ joined #salt
12:23 wimbo i have auth on svn server by username and password
12:25 blee is the svn state not sufficient
12:25 ramesh blee: In that i need to specify the user beforehand, Is it possible to do that dynamically ?
12:25 SmellyCat joined #salt
12:26 blee dynamically how? by prompting you when you run the state?
12:26 ramesh yeah
12:26 dsmwong joined #salt
12:26 ramesh prompting the user to enter his/her username
12:26 aat joined #salt
12:26 SmellyCat left #salt
12:29 blee i dont tihnk salt can natively do that
12:29 blee you would probably be best to write a script that asks for username/pass, then packs it into a pillar, then runs the state
12:31 ramesh yeah, thats the last option i have ;)
12:31 blee whats the scenario where you would need that anyways?
12:33 bhosmer joined #salt
12:34 ramesh I wanted to install virtualenv in different systems
12:34 ramesh by different i mean, under different users
12:35 ramesh and for that i will have to create a directory under the home directory of that users
12:35 nonuby joined #salt
12:36 nonuby can the salt master and minion running on the same node for testing/experimenting purposes?
12:36 ramesh and this needs to be dynamic, as there are different users under different systems.
12:36 wimbo yeah
12:36 gamingrobot nonuby: yes
12:36 toastedpenguin joined #salt
12:37 scalability-junk ramesh: I thought it was possible but I could be mistaken
12:38 nonuby running minion in foreground, seems to start okay, added key via salt-key -A, however issuing salt '*' test.ping yields an empty line response
12:39 nonuby ignore, forgot sudo
12:39 scalability-junk ramesh: salt '*' state.highstate pillar='{"cheese": "spam"}'
12:39 scalability-junk where pillar is pillar data you can provide via command line
12:40 scalability-junk so you don't give it directly into the state, but get it from a pillar, which you provide or overwrite via cli
12:40 scalability-junk if you really want a prompt use this call with a bash script to provide the prompt mechanism, which should be 1-2 lines more ;)
12:41 ramesh ahh, u mean like this salt '*' state.highstate pillar='{"user": "bob"}' ?
12:41 scalability-junk then you can quite dynamicly do what you want I think
12:41 scalability-junk yeah
12:41 nonuby sudo salt '*' cmd.run whoami returns a response from the local client almost immediately, however it seems to wait a few seconds then before exiting, if the master knows which minions are connected why doesnt this return immediately?
12:41 bhosmer joined #salt
12:41 scalability-junk nonuby: perhaps it makes sure it is still connected ;)
12:42 scalability-junk ramesh: the state.highstate could be state.sls too so probably more what you want.
12:42 ramesh scalability-junk: how can i run a bash script with that ?
12:42 wimbo state: subversion\n  pkg\n\    - installed
12:43 wimbo = subversion\n  pkg.installed ?
12:43 scalability-junk you have a bashscript prompting for username then use the provided argument within the call to salt and use salt for your user generation and virtualenv and whatever you want ;)
12:44 scalability-junk if you mean how to call a bash script from the command (which I didn't imply) you can do that with http://docs.saltstack.com/ref/states/all/salt.states.cmd.html
12:45 gamingrobot salt is pretty awesome
12:45 ramesh ahh, thanks scalability-junk
12:46 ramesh was struggling for this, through out the day
12:47 scalability-junk ramesh: to give you a hint. pillar = data, states = tasks (more or less) and docs.saltstack.com is awesome
12:47 mechanicalduck_ joined #salt
12:47 aat joined #salt
12:47 TJ1980 joined #salt
12:49 ramesh hmm, was really confused between states and pillar, thanks for that explanation :)
12:50 scalability-junk ramesh: I do it like that: write ma states with static values first
12:50 scalability-junk then abstract all possible data, which can be dynamic (package names, urls, versions etc.) out into a pillar
12:51 scalability-junk then I have the full abstraction between state and pillar, which is actually preferred.
12:51 scalability-junk good thing about starting with static values is, that you don't have to think about defaults when abstracting, as the static ones are probably your defaults anyway.
12:52 ramesh ahh, interesting
12:52 scalability-junk so good thing to use is https://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
12:52 scalability-junk which provides a default
12:53 scalability-junk hehe wrong link sorry :D
12:53 scalability-junk or actually the half right link: the syntax I mean for jinja is: {{ salt['pillar.get']('your:nested:pillar:data', 'default_something') }}
12:56 ramesh You mean like this - pillar['pkgs']['apache']   right ?
12:57 ramesh sorry, like this salt['pillar.get']('pkgs:apache', 'httpd')
12:57 scalability-junk yeah
13:00 ramesh scalability-junk / blee Thanks You very much for your help :)
13:03 Daemonik joined #salt
13:04 blee sorry for disappearing, no problems
13:04 blee ha, annnnnnd hes gone.
13:05 anteaya joined #salt
13:09 juicer2 joined #salt
13:13 brianhicks joined #salt
13:14 subway joined #salt
13:21 Xeago can I change config.autoload_paths in an initializer? And how would I do so?
13:22 Xeago sorry!?
13:23 lempa joined #salt
13:24 oz_akan_ joined #salt
13:27 gaoyang joined #salt
13:29 ml_1 joined #salt
13:29 andredublin joined #salt
13:34 evax joined #salt
13:41 jslatts joined #salt
13:43 andrew joined #salt
13:44 danielbachhuber joined #salt
13:45 ksalman any news on the 0.16.3 package for debian? :)
13:46 bhosmer joined #salt
13:47 joehh ksalman: just requested the upload a few minutes ago
13:48 ksalman joehh: thanks!
13:49 joehh this next step could take some time, but hopefully it will be quick
13:51 rodif joined #salt
13:53 kaptk2 joined #salt
13:59 dsmwong joined #salt
14:00 dsmwong left #salt
14:01 dsmwong joined #salt
14:03 jalbretsen joined #salt
14:03 andredublin joined #salt
14:04 ipmb joined #salt
14:05 aat joined #salt
14:05 mikedawson joined #salt
14:06 joehh ksalman: which release of debian do you use?
14:06 mannyt joined #salt
14:07 KennethWilke joined #salt
14:10 bejer How/where can I see the generated output from a minion, when the minion timed out (minion did not return)? (I would like to know how well it went with the state.highstate I was running)
14:11 p3rror joined #salt
14:13 KennethWilke bejer: you can check /var/log/salt/minion on your minion and i think there's a way to check job cache as well
14:14 ksalman joehh: wheezy
14:15 JasonSwindle joined #salt
14:16 cron0 joined #salt
14:16 kula `salt-run jobs.list_jobs' will list jobs in the cache, with the jid you can `salt-run jobs.lookup_jid' to get output
14:16 kula i just had to look that up 30 minutes ago....
14:17 KennethWilke and there ya go :)
14:17 joehh ksalman: I'll let you know when it is up
14:17 ksalman joehh: sweet thanks
14:19 whit joined #salt
14:23 bejer thank you so much, gonna write it down somewhere close.
14:28 dizzyd joined #salt
14:29 giantlock joined #salt
14:33 aat joined #salt
14:33 daBrado- joined #salt
14:35 jalbretsen joined #salt
14:39 redbeard2 joined #salt
14:42 m_george left #salt
14:43 jY maybe i didn't read the doc right.. but is the point of syndic to provide a way for like minions to get to a master that might not be normally possible
14:43 jY like minions behind a proxy server
14:45 dizzyd i was under impression that syndic was about allowing a master to accept commands from another master
14:46 mgw joined #salt
14:47 goodwill joined #salt
14:49 teskew joined #salt
14:55 mmilano joined #salt
14:55 ggoZ joined #salt
14:58 jacksontj joined #salt
14:58 zach What software powers docs.saltstack.org ?
14:59 zach I really like it, would be useful at my organiization
14:59 LucasCozy joined #salt
15:00 lazyguru joined #salt
15:01 mgw joined #salt
15:04 aat joined #salt
15:04 joehh ksalman: wheezy up there now.
15:04 zach is there a way to do something like {% if grains['host'] == '*new.com' %} ?
15:08 mgw joined #salt
15:08 KennethWilke zach: you could do {% if grains['host'].endswith('new.com') %}
15:09 ksalman joehh: thanks, i was able to install the new version
15:10 KennethWilke zach: i'd be curious to know what they use for the docsite as well, whatever it is it's behind apache
15:10 forrest joined #salt
15:11 mechanicalduck joined #salt
15:14 joehh good to hear
15:15 devinus joined #salt
15:18 pdayton joined #salt
15:18 chrisgilmerproj joined #salt
15:18 bemehow joined #salt
15:18 ChoHag joined #salt
15:19 ChoHag Hi, I can't find any documentation describing the security model salt uses.
15:19 scalability-junk what security model do you mean?
15:20 ChoHag How do the server[s] and clients know whom to trust?
15:20 dizzyd PKI - the master has the public keys of the minions
15:20 ChoHag One page says it "uses certificates", but no detail.
15:21 dizzyd Under most circumstances, minion submits their pub key to the master and an explicit action must be taken by master admin to accept the key
15:21 dizzyd ala puppet
15:21 scalability-junk zach: I think it's using sphinx
15:21 ChoHag Identical to puppet's then, essentially?
15:21 dizzyd ChoHag: yuppers, as best I can tell
15:21 alexandrel yup
15:22 ChoHag agent creates keypair, submits csr to master where the admin must verify the fingerprint and sign?
15:22 alexandrel same as puppet, or ossec, or anything that uses a pki.
15:22 scalability-junk ChoHag: yeah except that it doesn't use ssl afterwards, but aes and 0mq as transport protocoll
15:22 ChoHag With nouns replaced as appropriate.
15:22 Seven joined #salt
15:22 opapo joined #salt
15:22 ChoHag alexandrel: Ultimately, yes, but there are variable details.
15:23 alexandrel ChoHag: those damn details :/
15:23 ChoHag Such as how the fingerprint/csr is verified, how the initial keypair is generated, etc.
15:23 Seven ?
15:23 ChoHag Since what I'm trying to get right now is the trust model from tin to puppet/salt/chef, these are the details I am concerned with.
15:23 alexandrel yeah, I don't know if they are doing it right or not, but you could check the code, most of it is pretty clean.
15:24 ChoHag As long as I know what salt it aiming to achieve, that is enough.
15:24 ChoHag I am trying to write something which is agnostic of which CMDB is used.
15:24 ChoHag It works well so far.
15:24 alexandrel that's ambitious.
15:24 ChoHag Not particularly.
15:25 ChoHag The only real problem I have now is deciding where the automated trust breaks down and a human has to step in.
15:25 kstaken joined #salt
15:25 alexandrel Damn, will your product replace 90% of the sysadmin @ NSA? ;)
15:26 ksalman hah
15:26 ChoHag I hope not, although since ultimately I am attempting to codify my own job; probably.
15:26 faldridge joined #salt
15:26 alexandrel haha
15:26 ksalman you don't want to script yourself out of a job
15:26 forrest I do
15:26 forrest then I get to work on fun stuff
15:27 ChoHag I do.
15:27 ChoHag Then people will pay me even more to script my peers out of their jobs.
15:27 ChoHag Sorry.
15:27 forrest Pretty funny way to answer the 'why did you leave your previous job?' question
15:28 ksalman "I replaced myself with scripts"
15:28 ksalman QQ
15:29 ChoHag aka. "I replaced a £200,000 budget item with a £25,000 budget item."
15:29 scalability-junk I used the other 175k to fund my new home :D
15:29 ChoHag Or whatever the cost of a handful of VMs is.
15:30 ChoHag Anyway if you want to look at an alpha product to turn nothing into a puppetised debian host, it's on my github.
15:30 ChoHag It did have support for centos but that lapsed, and I just patched it to make it cmdb agnostic.
15:30 ChoHag There is no documentation.
15:30 forrest booo
15:31 ChoHag Sorry. I know puppet better.
15:31 forrest I'm joking
15:31 forrest I do as well
15:31 ChoHag My friend has just started a contract deploying salt for HMG so he said he'll add salt in.
15:31 ChoHag We're getting big on open source over here apparently.
15:32 forrest better support/turnaround on issues than most paid products
15:32 ChoHag And as the puppet-specific parts are about 25 lines of 2 shell scripts, porting shouldn't be hard.
15:34 bhosmer_ joined #salt
15:36 UtahDave joined #salt
15:38 ChoHag Right, if anyone groks pki here's a question: The process I have is to create a gold image (whatever VM model is in use) which when cloned will check for a gpg-signed script on an inserted cd, this script will install and run the cmdb (and configure the network etc.)
15:38 ChoHag Do I have to implicitely trust the gold image, and thus the keypair generated by the cmdb agent?
15:38 ChoHag I don't want to, but I don't think it's avoidable.
15:40 ChoHag And thinking carefully about trust and getting an entire company migrated and stable are not easy to do together.
15:51 gordonm joined #salt
15:53 Jahkeup joined #salt
15:53 Jarus I want to run state.highstate but I got only: <hostname>:
15:54 Jarus Any idea what this could mean?
15:54 schrierc joined #salt
15:56 EugeneKay Nothing is returning; I see that when my highstate ends up restartin my salt-minion, are you doing something similar maybe?
15:57 KennethWilke i think github.com needs some lovin'
15:57 EugeneKay DDoS this morning
15:57 Jarus EugeneKay, No
15:58 EugeneKay Does test.ping work?
15:58 dthom91 joined #salt
15:58 napperjabber joined #salt
15:58 Jarus EugeneKay, yep works very well
15:59 UtahDave Jarus: You might be getting a stacktrace on the minion that's not getting back to the master
15:59 UtahDave I'd recommend ssh'ing into your minion and running the minion in the foreground
15:59 UtahDave in debug mode    salt-minion -l debug
16:00 UtahDave then run the hightstate from the master and see if the minion tells you anything or gives a stacktrace
16:00 EugeneKay ChoHag - "yes"
16:00 Jarus UtahDave, I found a rendering error in the minion log
16:01 mgw joined #salt
16:02 ksalman hm..is it possible to not update svn checkout on consecutive runs?
16:03 ksalman I tried "externals: False" but it still updates. I am not sure what externals: False does
16:04 lemao joined #salt
16:04 p3rror joined #salt
16:05 z0rkito ksalman: you could probably write up a grain.  Have the svn up script check to see if the grain is set to True or '', if it is do the update and create a file that teh grain reads that says False.  so first run is always true, and unless you change the file to true or remove it it'll skip the update.
16:05 UtahDave Jarus: gotcha.
16:06 UtahDave left #salt
16:06 UtahDave joined #salt
16:07 Jarus UtahDave, a nice "TypeError encountered executing state.highstate: list indices must be integers, not str" but it's very easy to find the mistake in the sls file ;)
16:07 ksalman z0rkito: i'll try that
16:07 UtahDave ah, good.
16:08 UtahDave Jarus: I thought that the minion would have returned the error to the master.
16:08 Jarus UtahDave, nope the minion was very quiet
16:09 Jarus the debug log is very lengthy
16:14 alekibango joined #salt
16:15 jschadlick joined #salt
16:15 alunduil joined #salt
16:16 jaequery joined #salt
16:17 mechanicalduck joined #salt
16:18 ksalman z0rkito: if i write a script to do a svn up then id be using the cmd module, instead of the svn module, no?
16:20 z0rkito ksalman: no i mean state, you can do something like {% if grain['svn_update'] == ''%} at the top of the section that's doing the update.
16:20 ksalman ohhh
16:20 jacksontj joined #salt
16:21 ksalman z0rkito: thanks =)
16:21 StDiluted joined #salt
16:23 ksalman I need to remember that i can wrap a  state within a jinja template conditional
16:25 mechanicalduck joined #salt
16:25 juanlittledevil joined #salt
16:25 juanlittledevil good morning guys
16:27 ksalman morning
16:27 juanlittledevil I've got a question/problem I'm hoping one of you guys might shed some light on.
16:27 juanlittledevil I've some centos5 and redhad5 machines that are loosing connectivity to my salt-master.
16:28 juanlittledevil I can do salt-call from the minions but the master simply looses connection to the host. The master is on centos 6
16:28 juanlittledevil has any of you have had this issue?
16:29 UtahDave juanlittledevil: That means you're minions are on zmq 2.x   If you upgrade them to zmq 3.2.x your problems will magically go away.   :)
16:29 UtahDave s/you're/your
16:29 troyready joined #salt
16:29 juanlittledevil heh… I tried that but ran into some dependency problems with the epel salt-minion package.
16:29 juanlittledevil should I build my own salt package also?
16:30 ksalman i have a bunch of centos 4 boxes i have to support =(
16:30 robertkeizer joined #salt
16:32 juanlittledevil UtahDave: Do you know anyone keeping any rpm builds which support the later version of zmq? I found this one http://zeromq.org/distro:centos
16:33 UtahDave juanlittledevil: I'm not sure. You might search the mailing list and see what other people have done.
16:33 juanlittledevil UtahDave: will do, thanks for the help!
16:34 TJ1980 joined #salt
16:36 Lue_4911 joined #salt
16:40 Linz joined #salt
16:41 Linz_ joined #salt
16:44 alunduil joined #salt
16:45 DerekRBN joined #salt
16:45 zonk1024 joined #salt
16:46 DerekRBN Hey there guys. I normally run things with sls files but i need to test a service.running state. I havent ran service.running from the command line successfully how would i do that?
16:46 DerekRBN I've tried salt '*' service.running rpcbind
16:47 robertkeizer DerekRBN: Use `salt '*' sys.doc service`.
16:48 robertkeizer In particular what you're looking for is service.status <servicename>.
16:48 UtahDave DerekRBN: salt '*' state.single service.running name=rpcbind
16:48 DerekRBN Nice! thanks for the quick answers
16:48 jkleckner joined #salt
16:50 jmpf joined #salt
16:52 mechanicalduck joined #salt
16:54 saurabhs joined #salt
16:56 jschadlick Hey all. I am playing around with the minion swarm test stuff, its pretty cool. (5 sec for 1000 minions nice). Is there a way to set up a swarms on other servers, so I can distribute the memory load and maybe test some latency issues?
16:58 JasonSwindle joined #salt
17:01 UtahDave jschadlick: Yeah, just run the swarm directly on each server. You can pass in an option to specify a master so each swarm on each host points back to the same master.
17:02 jschadlick Hmm, im getting an import error for the salt modules on the other servers
17:04 alekibango joined #salt
17:06 KyleG joined #salt
17:06 KyleG joined #salt
17:11 bhosmer joined #salt
17:12 mechanicalduck joined #salt
17:12 mgw joined #salt
17:13 devinus joined #salt
17:13 KennethWilke howdy guys, i'm trying to track down an odd issue i'm having with service.restart on some remote master
17:13 whiskybar joined #salt
17:14 KennethWilke basically i'm testing the salt-formula on CentOS 6.3, Fedora 18, Ubuntu 12.04, Debian 7 and Gentoo. on centos, debian and gentoo my salt \* service.restart salt-master doesn't return
17:15 KennethWilke and for each, there are defunct processes on the minions under the salt-minion process
17:16 KennethWilke all the operations seem to have completed properly, but salt-minion isn't cleaning up the child pids: https://gist.github.com/KennethWilke/6242422
17:18 craig_ whiteinge: https://github.com/saltstack/salt/issues/6717
17:18 JasonSwindle KennethWilke:  Stop breaking stuff. :P
17:18 craig_ from yesterday
17:18 KennethWilke JasonSwindle: you broke it! didn't you!
17:18 KennethWilke git blame coming at you!
17:18 craig_ btw, i see the error is now printed out :)
17:19 KennethWilke craig_: oh wow, i hate except: pass
17:23 echos joined #salt
17:24 craig_ ya, i spent about 3 hours on that yesterday :(
17:24 craig_ i wrote a test and it was working and i was sooooo confused
17:24 craig_ never even thought to look for a bad import :/
17:25 KennethWilke yeah i had that issue with the gitfs python module, it'd error if it failed to import but failed silently when it was not a sufficient version
17:27 KennethWilke craig_: bam! https://github.com/saltstack/salt/pull/6718
17:28 craig_ nice
17:28 craig_ thanks
17:29 craig_ i'm going to add some more stuff
17:29 craig_ oen sec
17:29 ksalman what's the difference between states.file.exists and states.file.touch?
17:30 devinus joined #salt
17:32 Gifflen joined #salt
17:36 scalability-junk ksalman: I would say that touch upgrades the times value
17:36 scalability-junk and exists would just create if not present
17:36 craig_ KennethWilke: sorry, work stuff is getting in the way :)
17:36 KennethWilke craig_: darn work!
17:37 KennethWilke craig_: if it didn't pay i'd so be done with that stuff
17:37 craig_ YA!!! stupid pay checks...
17:37 scalability-junk KennethWilke: hehe my work doesn't really pay :) but I do it anyway :)
17:37 troyready joined #salt
17:38 craig_ essentially, i want to add "_IMPORT_LDAP = False" to that try block
17:38 craig_ then do a more severe error when ldap fails
17:38 KennethWilke that makes sense
17:38 KennethWilke i'll push that up too
17:39 craig_ i'll try to get that loaded into my repo and send you a diff
17:39 KennethWilke just for auth()
17:39 KennethWilke or other func's as well?
17:39 craig_ maybe in the connect?
17:39 craig_ sorry, still trying to grok the rest of the file
17:39 craig_ AND there's that stupid work thing.. ;)
17:43 opapo joined #salt
17:44 dthom91 joined #salt
17:48 KennethWilke craig_: my first PR on that one got shot down, but I made a new one that sets a var true/false based on load success and raises an exception from the connection function
17:51 opapo joined #salt
17:52 craig_ KennethWilke: ya, that's pretty much what i was doing
17:52 craig_ i put the HAS_LDAP before the try, but either works :)
17:56 lemao joined #salt
17:58 druonysus joined #salt
18:03 faldridge joined #salt
18:06 druonysuse joined #salt
18:08 mmilano_ joined #salt
18:08 druonysus joined #salt
18:08 druonysus joined #salt
18:10 fxdgear joined #salt
18:13 troyready joined #salt
18:25 mmilano joined #salt
18:26 helderco joined #salt
18:28 opapo joined #salt
18:29 Thiggy joined #salt
18:31 kstaken joined #salt
18:37 whit joined #salt
18:37 waverider joined #salt
18:42 rberger joined #salt
18:48 dstanek joined #salt
18:55 opapo joined #salt
18:56 bhosmer joined #salt
18:58 lempa joined #salt
18:59 jkleckner joined #salt
19:02 napperjabber joined #salt
19:07 Linz joined #salt
19:07 dthom91 joined #salt
19:07 chrisgilmerproj1 joined #salt
19:08 Linz joined #salt
19:11 m_george|away joined #salt
19:14 bhosmer joined #salt
19:21 JasonSwindle1 joined #salt
19:26 ipmb joined #salt
19:29 juanlittledevil joined #salt
19:36 robertkeizer joined #salt
19:37 platforms joined #salt
19:39 jslatts joined #salt
19:43 dthom91 joined #salt
19:45 dthom91 Suppose that I have a salt  hierarchy with three layers, bottom running minion, middle being intermediary masters running syndic, and top being the master-of-masters. If I execute a highstate on a minion from the master-of-masters, will the SLS and files be pulled from an intermediate master or the master-of-masters?
19:45 m_george left #salt
19:45 jschadlick joined #salt
19:49 SEJeff_work dthom91, the intermediate master. That is why it is best to use something like a git post-receive hook to have all of your masters refresh their repo when a push is made
19:52 dthom91 Hm, gotcha. My concern is actually that I'd rather not maintain state data on the intermediary masters because they are more exposed from a security perspective. Considering GitFS, though.
19:52 SEJeff_work dthom91, gitfs isn't really going to help you in that regard
19:53 SEJeff_work dthom91, You could likely only distribute out the states that are relevant to the subset of minions an intermediate master is responsible for, but that might be a bit tricky
19:53 dthom91 I understand, but it would help with maintaining sync between various masters
19:53 david_a joined #salt
19:53 SEJeff_work gitfs is quite buggy
19:53 SEJeff_work post receive hooks aren't very hard either. If you've never done it, it isn't any harder than a shell script
19:53 SEJeff_work Just a suggestion
19:54 dthom91 SEJeff_work I'll look into that. Thanks for the heads-up about gitfs, since this is a production system I guess we'll wait until it's fully baked to evaluate
19:54 SEJeff_work terminalmage, ping re: gitfs.
19:55 SEJeff_work dthom91, terminalmage has a good bit of experience with gitfs and salt. He now works at saltstack after he worked heavily on fixing it
19:56 terminalmage well, I haven't done *that* much with gitfs
19:57 terminalmage but I might be able to help
19:59 terminalmage dthom91: would the git servers on which the information is stored be clone-able over http(s)?
19:59 terminalmage or on something like gitolite via SSH
19:59 dthom91 SEJeff_work, terminalimage: right now I'm just considering future architecture for our Salt infrastructure… right now, we have a pretty simple setup with single master, states in git repo and manually pulled, but multiple file_roots for multiple environments
20:00 JasonSwindle joined #salt
20:00 hazzadous joined #salt
20:00 dthom91 To clarify, right now we use github but would consider an intermediary git server if needed
20:00 terminalmage the one roadblock I encountered with gitfs was GitPython doing asserts on the number of lines in the output from our git server, and our /etc/issue was breaking that assert and the checkout would then fail
20:00 chrisgilmerproj joined #salt
20:01 JasonSwindle terminalmage:  git_pillar is nice looking
20:01 terminalmage JasonSwindle: I'm not responsible for it, but thanks :)
20:01 JasonSwindle Ah, ok
20:01 terminalmage brb, heading home from a very late lunch
20:01 nonuby joined #salt
20:01 nonuby joined #salt
20:03 xt git pillar is even more immature than gitfs, I think
20:04 Jarus Is it possible to change the cwd for the django.command module?
20:04 blee joined #salt
20:07 devinus joined #salt
20:08 derelm joined #salt
20:15 mechanicalduck joined #salt
20:16 dthom91 joined #salt
20:18 UtahDave Jarus: most of those commands take a cwd argument
20:19 mike25ro joined #salt
20:19 mike25ro hey guys
20:19 VertigoRay Hey guys.  Writing a #!py init.sls and think I am have issues formatting my returned highstate datastructure properly.  Anyone know of a good tutorial?  Not really finding anything on the ether.
20:19 jmpf joined #salt
20:20 Jarus UtahDave, I look in the code (https://github.com/saltstack/salt/blob/develop/salt/modules/djangomod.py) but there is no pass-through of the cwd kwarg
20:20 mike25ro Guys ... stupid Q> ... i am adding a header to a file manged by salt... and the header says .. ### file managed by salt ### ... IS THERE a way to add a timestamp to that file ... like the last time the file was updated by salt... or smth like that... ?
20:22 UtahDave Jarus: Looks like you're correct.
20:22 jmpf I don't know if I'm breaking some etiquette rules here but we're looking for a salt/devops person in SF if anyone is interested
20:23 UtahDave no worries, jmpf.  Job openings are cool as long as things don't get spammy.  :)
20:24 UtahDave mike25ro: Yeah, it would be pretty easy to do that.
20:24 dthom91 joined #salt
20:25 UtahDave dthom91: Hey, I just wanted to mention that while there are a few idiosyncracies to gitfs, it's used in production by a lot of people. It's quite a popular feature.
20:26 mike25ro AND .. is also a way ... ..to get the output of a .sh script into a state...  and ... do smth with it? for example copy the file from master only if the result of a bash script is true ?? UtahDave
20:26 mike25ro UtahDave: how do i add the timestamp to the header file ... with jinja?
20:27 * mike25ro tell me to shut up if i ask too many Questions
20:27 UtahDave yeah, you can use cmd.script to execute a bash script and get it's output.  cmd.script_retcode
20:27 UtahDave mike25ro: yeah, with jinja
20:28 mike25ro UtahDave:  thanks a lot .. i will look for a soluytion
20:28 TJ1980 joined #salt
20:29 dthom91 UtahDave: We'll probably trial it in our dev env, and if it bears up then we'll schedule it for prod. Thanks for the clarification.
20:30 UtahDave cool
20:30 timl0101 joined #salt
20:30 dthom91 any ETA on the 0.16.2 Enterprise RPM?
20:30 kiorky basepi: hi
20:31 kiorky basepi: toward https://github.com/saltstack-formulas/salt-formula/pull/5
20:31 kiorky basepi: why files are now removed again inside a subdirectory ?
20:31 UtahDave dthom91: 64bit?
20:31 dthom91 Preferably, yeah
20:32 UtahDave Yeah, I've got that ready.
20:33 dthom91 Cool!
20:34 jacksontj joined #salt
20:35 blee_ joined #salt
20:36 Xeago joined #salt
20:40 Crunch joined #salt
20:40 Crunch Hello
20:40 Crunch I seem to be having some trouble getting some information out of the mine that I put in there...
20:40 bluemoon joined #salt
20:41 Crunch salt \* mine.send grains.items
20:41 Crunch that works just fine
20:41 bluemoon left #salt
20:41 Crunch now I want to just get one grain out of it, like with a grains.get
20:41 Crunch like so...
20:42 Crunch salt \* mine.get \* grains.get ec2_public-hostname
20:42 Crunch but that returns empty for every computer
20:43 Crunch I'm sure I'm not asking right, what is the command to just get one grain from the mine for each computer?
20:43 MK_FG joined #salt
20:43 UtahDave Crunch: let me check the docs
20:43 MK_FG joined #salt
20:45 joehoyle joined #salt
20:46 joehoyle Hey, I had some questions about using salt to do code deploy to the minions, and how I could possible to about allowing team members to make those deploys, presumably via the master
20:46 joehoyle Anyone know of anything that is using Salt to do somehting like that?
20:47 blee joined #salt
20:47 UtahDave I'm not sure you can do that, Crunch. the reason I think that's the case is the you have to ask mine.get for the exact command you initially executed.
20:47 UtahDave In your case mine.get   returns each minion's   grains.items.
20:48 UtahDave joehoyle: client_acl will allow you to give specific rights to each user
20:48 joehoyle UtahDave: ahh ok, havn't heard of that, will read up on it, thanks!
20:49 Crunch UtahDave: sounds find with me
20:49 Crunch so if I mine.send grains.get ec2_public-hostname it should work?
20:50 Crunch actually this might answer that question...
20:50 Crunch Traceback (most recent call last):       File "/usr/lib/python2.6/site-packages/salt/minion.py", line 626, in _thread_return         ret['return'] = func(*args, **kwargs)       File "/usr/lib/python2.6/site-packages/salt/modules/mine.py", line 99, in send         func_data[arg_data[ind]] = args[ind]     KeyError: 0
20:50 Crunch :(
20:51 Crunch I wonder, this is a grains.module
20:51 Crunch would that have anything to do with it?
20:52 MK_FG joined #salt
20:52 MK_FG joined #salt
20:52 Crunch wait, belay that
20:52 Crunch okay, I tried it twice, same result
20:53 Crunch the command is..
20:53 Crunch salt \* mine.send grains.get ec2_public-hostname
20:53 juanlittledevil joined #salt
20:58 forrest joehoyle, are you trying to allow users to run actual sls updates and such? If so can you let me know how that works? The example only shows the usage of ping and pkg.
20:59 joehoyle forrest: I think I would create a custom runner for "deploy", and give them access to that command only
20:59 forrest makes sense
20:59 joehoyle the custom runner basically needs to cmd.run a few things on the minions
20:59 forrest ahh ok
21:00 joehoyle but, I am not sure how I am going to couple that with different users have access to different mininos
21:01 forrest yea that seems problematic
21:01 jacksontj joined #salt
21:01 forrest any idea on that UtahDave?
21:02 Crunch hmm
21:02 Crunch I'm sure I don't know how this works
21:02 Crunch I tried `salt \* mine.send grains.item os` to which each computer said "True"
21:03 Crunch then I tried to get it with `salt \* mine.get \* grains.item os` to which it each computer replied, but the response was blank
21:04 jbean joined #salt
21:04 druonysus joined #salt
21:04 druonysus joined #salt
21:04 Crunch btw, `salt \* mine.get \* grains.items` works
21:04 cgarvis joined #salt
21:05 cgarvis Hey guys, i playing around with salt-cloud and i'm having some issues getting EC2 configured
21:05 cgarvis i'm getting:
21:05 cgarvis [WARNING ] The profile 'ubuntu' is defining 'ec2' as the provider. Since there's no valid configuration for that provider, the profile will be removed from the available listing
21:15 dstanek joined #salt
21:16 UtahDave cgarvis: you can ignore that warning
21:16 cgarvis the problem is that i can't deploy
21:17 cgarvis i got that warning to go a way and it now attempts to deploy to ec2 by changing the provider name to "ec2"
21:17 cgarvis so in cloud.providers.d/ec2.conf change "my-ec2-config" to "ec2"
21:18 cgarvis https://github.com/saltstack/salt-cloud/blob/develop/saltcloud/clouds/ec2.py#L39
21:19 UtahDave that shouldn't matter cgarvis
21:19 cgarvis i know but it did
21:19 UtahDave cgarvis: what does your profile look like?
21:19 cgarvis in my profile i have "provider: ec2"
21:19 jschadlick1 joined #salt
21:19 cgarvis so maybe if i set my provider in the profile to "my-ec2-config" it would work?
21:20 UtahDave your profile should refer to the name you set in your provider.   so   my-ec2-config   in that example
21:20 cgarvis ah
21:20 cgarvis docs are very confusing
21:20 juicer2 joined #salt
21:20 UtahDave yeah, they need some polishing
21:21 jslatts joined #salt
21:21 mechanicalduck joined #salt
21:21 cgarvis i'm having some issues with availablity zone
21:22 cgarvis http://pastebin.com/6PC1XpLN
21:23 robertkeizer cgarvis: You want to remove that right away.
21:23 juanlittledevil joined #salt
21:23 robertkeizer cgarvis: In particular you're id and key for aws.
21:24 cgarvis fuck thanks
21:24 robertkeizer np.
21:24 cgarvis lol can't delete cause it's a guest account :P
21:24 cgarvis made inactive
21:24 cgarvis oh well
21:25 cgarvis so it looks like "location" in my provider config is not taking over
21:25 cgarvis i have it set to "us-east-1" but salt-cloud is trying to build in "us-west-1"
21:25 robertkeizer cgarvis: You made the aws key inactive?
21:25 cgarvis yeah
21:26 robertkeizer Good stuffs.. just thought I'd make sure.
21:26 robertkeizer Anyways. I'm off. cya.
21:26 robertkeizer left #salt
21:27 cgarvis nvm figured it otu
21:27 cgarvis my profile had it set to ec2-west
21:27 kstaken joined #salt
21:29 L2SHO does include: include states that are in the same directory? or do I need to specify a full id?
21:37 juicer2 joined #salt
21:37 dthom91 Do IDs need to be globally unique in the state tree? It seems like the example in http://salt.readthedocs.org/en/latest/topics/tutorials/starting_states.html#moving-beyond-a-single-sls violates this with the /etc/ssh/sshd_config ID that is overridden.
21:38 SEJeff_work dthom91, Yes
21:38 david_a joined #salt
21:38 Linz joined #salt
21:39 dthom91 SEJeff_work: is the example just incorrect, then?
21:39 SEJeff_work dthom91, No, you're just not paying attention :)
21:40 SEJeff_work /etc/ssh/sshd_config vs /etc/ssh/ssh_config :)
21:40 SEJeff_work sshd vs ssh
21:40 dthom91 ugh, yep.
21:40 dthom91 ty
21:40 Linz joined #salt
21:41 mike25ro SEJeff_work:  sorry to disturb you .... i use a header in all files managed... it looks like ### managed by SALT ### ... BUT i want to add a timestamp each time the state that pushes that files has run... how can i add that timestamp - i suppose i have to use jinja...
21:44 dthom91 Suppose I create a tomcat.sls, and then include it in each specific web application that runs on tomcat. Further suppose that I want to specify a default tomcat.conf in the tomcat.sls, but sometimes override that with a custom tomcat.conf for the particular application. Would I do that by using a different ID but the same name in a file.managed element in the tomcat.sls and application.sls?
21:44 SEJeff_work mike25ro, ### managed by SALT  {{ salt['cmd.run']('date') }} ###
21:45 druonysus joined #salt
21:45 druonysus joined #salt
21:46 MK_FG joined #salt
21:47 L2SHO dthom91, http://docs.saltstack.com/topics/tutorials/starting_states.html#extending-included-sls-data
21:48 dthom91 L3SHO: perfect, thank you
21:53 mike25ro SEJeff_work: thanks!
21:53 SEJeff_work mike25ro, it is kind of scary how flexible salt is sometimes :)
21:54 mike25ro SEJeff_work: i didn't know that i can use ... that in jinja.... indeed SEJeff_work TOO flexible
21:54 SEJeff_work mike25ro, It is kind of crack
21:55 SEJeff_work I've got a mysql state that if it notices pacemaker (cluster resource software) is running, will only start mysql if pcs status says that mysql should be running on that server
21:55 UtahDave lol   SEJeff_work was my dealer
21:55 SEJeff_work otherwise (if pacemaker isn't running), it just starts up and configures mysql normally
21:55 SEJeff_work UtahDave, ;)
21:55 mike25ro SEJeff_work: in the same .. order of things... does this mean that i can get inside a jinja an output of a shell script as well?
21:56 SEJeff_work mike25ro, It does
21:56 SEJeff_work cmd.run_script or whatever
21:56 SEJeff_work Or use file.managed to put the script in place, then use jinja to execute it
21:57 mike25ro SEJeff_work: thanks buddy
21:57 SEJeff_work np
21:57 mike25ro ..indeed too flexible... :)
21:58 rrauenza joined #salt
21:59 L2SHO does saltstack have the ability to install freebsd ports?
22:00 rrauenza If I want to manage a file with both file.append and file.comment -- how do I express that?  Can I have two rules for the same file?
22:02 UtahDave cedwards: do you know the answer to L2SHO? ^^
22:02 SEJeff_work rrauenza, Yes, can you gist to two individual parts for me?
22:03 whit joined #salt
22:03 cedwards L2SHO: do you want ports or packages?
22:04 cedwards L2SHO: there isn't currently a ports module (eg; portmaster), but there are two pkg(ng) modules
22:06 * cedwards really should just sit down and hack together a portmaster module
22:06 L2SHO cedwards, I was specifically asking about ports, not pkg's
22:06 L2SHO for instance to compile nginx with specific options turned on like LUA
22:07 cewood joined #salt
22:07 cedwards L2SHO: the way I handle that is to compile (with options) my own packages and serve them via an internal repo using poudriere
22:09 L2SHO cedwards, ya, thats the only option I guess.  I feel like it could be kind of a hassle to have to rebuild a repo for each release
22:10 L2SHO I could always just run a shell script that runs portmaster too
22:10 ezraw left #salt
22:11 cedwards L2SHO: have you used poudriere?
22:12 cedwards L2SHO: it's really simple. Makes my BSD hosts + numerous jails much easier to maintain.
22:12 L2SHO no, I haven't heard of it until just noe :)
22:12 L2SHO now*
22:12 Joe630 left #salt
22:12 rrauenza SEJeff_work: https://gist.github.com/rrauenza/9dfcdf787c78d9324072
22:13 whiskybar joined #salt
22:13 rrauenza (That's from memory -- I just used file.managed for now.)
22:14 SEJeff_work rrauenza, What is the error it gives?
22:14 SEJeff_work That looks right. I'd likely quote the regex, but other than that, it looks correct
22:16 devinus joined #salt
22:16 rrauenza Name "/tmp/ntp.conf" in sls "ntpd" contains multiple state decs of the same type
22:16 joehoyle joined #salt
22:16 kermit joined #salt
22:17 SEJeff_work rrauenza, Perhaps the "old style" decs will work
22:17 SEJeff_work Just a second
22:18 joehoyle Hey, I am trying to make a salt runner, but can't find where I am supposed to put my .py file?
22:18 rrauenza then I would have two keys in the yaml dict, both file:
22:19 L2SHO rrauenza, you could try something like this: http://pastebin.com/5wEhtgV1
22:19 SEJeff_work rrauenza, You can hack around it with the comment I just added
22:19 SEJeff_work :)
22:19 SEJeff_work exactly what I did
22:19 DanGarthwaite joined #salt
22:20 rrauenza ohhhh... so I can have two rules point to the same file as long as they have different names.
22:20 rrauenza as long as the rules have different names
22:20 L2SHO different ID's technically
22:20 SEJeff_work rrauenza, I think there is a bug in the state compiler
22:20 rrauenza ID's, right.
22:20 L2SHO I ran into that same issue :)
22:20 SEJeff_work rrauenza, Honestly I think that should work. Please file a bug
22:20 SEJeff_work file.command and file.append are different
22:20 SEJeff_work It shouldn't complain
22:21 UtahDave No, you can't do that.
22:21 UtahDave You can't call the same state multiple times under the same ID declaration
22:22 rrauenza ok, here's another weird one.  I don't know if this is a centos 6.4 issue or what, but I installed the ntp and ntpdate modules and ntp won't run.  ntp user doesn't exist.
22:22 SEJeff_work UtahDave, Perhaps the state compiler could use a list to allow that
22:22 SEJeff_work Provided the function is unique
22:22 rrauenza So I yum removed ntp and reinstalled it.  Still doesn't exist.  yum removed ntpdate and ntp, and reinstalled and now they exist.
22:22 SEJeff_work Seems like an obvious limitation of the state compiler
22:23 rrauenza But this is the 2nd package I've noticed where the user doesn't get created, and the package is being installed under salt.
22:23 UtahDave Tom and I went through this several times.  There's some major reasons on the backend that it's a dict.  I can't remember them all.  :(
22:24 L2SHO rrauenza, if you install the packages by hand does it create the user?
22:24 rrauenza Is it because file.bar and file.foo get reinterpreted as a single file entry in the dict?
22:24 rrauenza L2SHO: sometimes
22:25 L2SHO rrauenza, or do you already have a user with UID 38?
22:25 L2SHO rrauenza, the user creation is built into the RPM install scripts
22:25 rrauenza I can't imagine how salt could be affecting yum to not create users
22:25 rrauenza let me try to reproduce.
22:26 UtahDave file.bar and file.foo  are just shorthand  for:
22:26 L2SHO I can't either, maybe something else is broken?
22:26 UtahDave file:
22:26 UtahDave - bar
22:26 UtahDave "file" becomes a key in the dict.
22:26 DanGarthwaite joined #salt
22:26 UtahDave keys must be unique
22:29 rrauenza ok, yum removed ntp and ntpdate, userdel'ed ntp, and reran it.  User doesn't exist.
22:30 rrauenza (reran salt, not yum)
22:30 L2SHO rrauenza, you're not doing a user.absent in salt are you?
22:32 rrauenza nope
22:32 rrauenza let me look at the rpm script
22:32 rrauenza and see if it happens outside of salt sometimes.
22:32 L2SHO ntp and ntpdate are in the same package on centos aren't they?
22:32 rrauenza no, two different pkgs
22:32 L2SHO are you using some strange repo?
22:33 oz_akan_ joined #salt
22:33 L2SHO hmm, you're right.  For some reason I thought they were both part of the ntpd package
22:35 rrauenza base, epel, extras, updates
22:36 rrauenza I think this also happened with postgres user, and I wrote it off as postgres just not making the user
22:40 L2SHO rrauenza, http://pastebin.com/3PxUZ9tF  there's the relevant part of the rpm spec file.  Looks like the ntpdate package adds the ntp user
22:40 rrauenza right, I see it now with rpm -qp --scripts ntpdate-4.2.4p8-3.el6.centos.x86_64.rpm
22:45 rrauenza ok uninstalled both .. user doesn't exist, ran salt, it installs ntpdate, then ntp, user doesn't exist.
22:45 L2SHO what if you just use yum or rpm to install ntpdate yourself
22:45 rrauenza uinstalled both, installed ntpdate by hand, user exists
22:46 blee joined #salt
22:47 joehoyle so, I thought I had to put runners in /etc/salt/runners or file_roots:_runners but that doesn't seem to be working
22:48 zooz joined #salt
22:50 dthom91 joined #salt
22:52 L2SHO rrauenza, can you post the sls you're using?
22:52 druonysus joined #salt
22:53 rrauenza http://pastebin.com/H8cS7mvs
22:53 druonysus joined #salt
22:53 druonysus joined #salt
22:54 jslatts joined #salt
22:55 L2SHO rrauenza, you've got some weird spacing in your sls.  Yaml is whitespace sensitive afaik
22:55 rrauenza I think pastebin is doing that ...
22:55 rrauenza for some reason it is showing the 2nd item in the list as indented
22:55 rrauenza http://pastebin.com/raw.php?i=H8cS7mvs
22:57 L2SHO rrauenza, are you running salt-minion as a non-root user?
22:59 rrauenza I'm running -local with sudo
22:59 jacksontj joined #salt
22:59 rrauenza which is also how I run yum
23:00 rrauenza I'm doing an strace :(
23:00 L2SHO rrauenza, maybe you have something weird in your yum.conf?  I think salt calls yum through and API and not the CLI.
23:01 L2SHO rrauenza, I'm stumped, but I run the minion as a daemon and push my configs from a master.  I haven't had and issues with users
23:01 rrauenza It would have to read my yum.conf both ways to go through the proxy ...
23:01 andredublin joined #salt
23:01 rrauenza and it is stock centos except for the proxy line
23:02 rrauenza I'm diving into the strace... be back in a few
23:03 rrauenza execve("/usr/sbin/useradd", ["/usr/sbin/useradd", "-u", "38", "-g", "38", "-s", "/sbin/nologin", "-M", "-r", "-d", "/etc/ntp", "ntp"], [/* 20 vars */]) = -1 EACCES (Permission denied)
23:05 L2SHO rrauenza, maybe SELinux?
23:05 rrauenza argh.  I might stll have selinux enabled.
23:05 L2SHO rrauenza, setenforce 0
23:05 jacksontj joined #salt
23:06 rrauenza I have a salt rule to disable it.
23:06 rrauenza but:  if selinuxenabled; then echo yes;  fi
23:06 rrauenza returned yes
23:07 rrauenza http://pastebin.com/TjhW40q7
23:12 L2SHO rrauenza, you need to reboot after changing that config file
23:13 cxz joined #salt
23:13 L2SHO rrauenza, or you can run 'setenforce 0' to change to permissive without rebooting
23:14 L2SHO gotta run, see ya
23:15 mikedawson joined #salt
23:16 rrauenza I have rebooted :(
23:17 rrauenza so it didn't take.  I've done it before, so just gotta see what I missed.
23:17 dthom91 joined #salt
23:28 druonysus joined #salt
23:28 druonysus joined #salt
23:33 Thiggy joined #salt
23:36 david_a joined #salt
23:37 jslatts joined #salt
23:42 brianhicks joined #salt
23:46 dthom91 joined #salt
23:48 druonysus joined #salt
23:53 felixhummel joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary