Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-09-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jefferai joined #salt
00:02 svx_ joined #salt
00:03 ldlework cmd.script is failing to download the script from the master without error
00:10 imaginarysteve joined #salt
00:11 cshuman joined #salt
00:11 UtahDave joined #salt
00:16 kenbolton joined #salt
01:08 redondos joined #salt
01:22 kenbolton joined #salt
01:33 woebtz joined #salt
01:40 faldridge joined #salt
01:53 justlooks joined #salt
01:54 justlooks hi, is there any easy way to comment a block of sls file code?
01:59 m_george|away joined #salt
02:01 sssslang joined #salt
02:02 shinylasers joined #salt
02:09 Nexpro1 joined #salt
02:09 L0j1k joined #salt
02:09 L0j1k ahoy
02:10 L0j1k so let's say i'm trying to cmd.run a bash script, but it's a script that *requires* input... how can i have my master input the correct arguments at the right time?
02:11 shinylasers joined #salt
02:11 L0j1k for example, i'm trying to generate SSL keys and self-signed certs... i'm using easy-rsa but the build-ca script requires inputting the certificate information, and i can't figure out how to do this from teh master
02:14 L0j1k anybody?
02:15 ldlework L0j1k: heh I'm trying to figure out input-less ssl key generation right now
02:19 ldlework L0j1k: http://superuser.com/a/299524
02:19 L0j1k haha :)
02:20 L0j1k ldlework is that working for you?
02:20 ldlework I'm testing right now
02:20 m_george left #salt
02:22 L0j1k i'll give it a shot in place of build-ca
02:22 L0j1k build-ca == easy-rsa
02:22 ldlework It seems to work
02:23 faldridge joined #salt
02:25 L0j1k that did work by itself... i'm wondering if that will work in place of the normal easy-rsa build-ca/build-key-server
02:27 L0j1k thanks for the link, ldlework :)
02:30 cedwards have you guys looked at using the tls salt module to manage certs?
02:31 cedwards http://docs.saltstack.com/ref/modules/all/salt.modules.tls.html
02:32 ldlework oh god
02:32 L0j1k well that's nice
02:33 L0j1k is that module in the base salt install?
02:35 L0j1k pardon my french, but fucking shit that's beautiful... salt just keeps making my day by making my day lots easier
02:35 ldlework hmm, its a shame that it requires special configuration on the minion
02:36 Jahkeup joined #salt
02:37 L0j1k yeah but just: salt 'instance' cmd.run 'echo "ca.cert_base_path: '/etc/pki'" >> /etc/salt/minion' and restart, amirite?
02:37 ldlework I don't know why they would design that module to /require/ custom changes in the config that you can't pass to the function itself :(
02:37 ldlework L0j1k: sure but where does that fit into my overall automation?
02:37 ldlework Can I somehow make salt-cloud do that when it spins up a new node?
02:38 L0j1k i'm having the same problem... trying to automate this for a situation where the solution is going to be enormously highly-visible, so i can't afford to look like a moron :P
02:38 L0j1k i'll settle for a few commands to the minion in place of trying to wrestle independently creating CA/Certs/keys
02:38 ldlework They should just accept all the values in the sls. Odd to require special config.
02:38 L0j1k i do agree with you there
02:39 ldlework I dunno that one command creates the cert in one go
02:39 L0j1k definitely
02:39 L0j1k one go, no i don't think so
02:39 ldlework and I can tell it where to put the keys. I think I'm gonna go with the openssl command
02:39 ldlework yeah, it makes a key and cert in one command
02:40 L0j1k heh, the other way suits my situation. :) thanks for the info, cedwards, and thanks for the other link, ldlework :)
02:41 xl1 joined #salt
02:49 cshuman joined #salt
02:57 JaredR joined #salt
03:17 s0undt3ch joined #salt
03:27 Kraln- joined #salt
03:28 SEJeff_work2 joined #salt
03:28 scofflaw_ joined #salt
03:29 Heartsbane joined #salt
03:29 6JTAACVD4 joined #salt
03:29 justlooks hi,i am developing the auto install hadoop sls file, i use grains to judge the box which i need install different software package,one question is i need modify the node name each time i install a new cluster
03:29 justlooks and how to make my life easy?
03:31 justlooks i do want to modify my sls file each time,is it any easy way to handle this satuation?
03:36 Lue_4911 joined #salt
03:36 pabelanger joined #salt
03:37 pabelanger evening!
03:37 pabelanger Just finished adding support to salt-cloud for floating IPs in OpenStack, if anybody want to try it out: https://github.com/saltstack/salt-cloud/pull/835
03:53 woebtz joined #salt
03:55 mwillhite joined #salt
04:05 benno joined #salt
04:05 benno left #salt
04:35 forrest Does anyone know exactly how this function works: https://github.com/saltstack/salt/blob/97e21b02f02d1d5ba8b7e0af7d64d1a3ab11b59f/salt/roster/flat.py#L16
04:36 forrest It seems to state you can havce a different roster file location than /etc/salt/roster, but that value isn't defined in the master conf.
04:36 redbeard2 joined #salt
04:58 polaco_zZz joined #salt
05:07 dthom91 joined #salt
05:21 sgviking_ joined #salt
05:21 eliasp joined #salt
05:24 shennyg joined #salt
05:26 forrest Hmm, has anyone tested out the roster system where you don't define the user? Does it default to the root user?
05:35 blast_hardcheese joined #salt
05:35 MTecknology 100% off topic, but.... http://i.imgur.com/UHafp9y.jpg  (next time, i'll watch the pot)
05:36 forrest what is that liquid
05:37 MTecknology marmalade
05:37 MTecknology super hot pepper marmalade that I was making
05:42 linjan joined #salt
05:44 forrest s0undt3ch are you around?
05:45 forrest MTecknology, ahh yea I wouldn't be looking forward to those fumes
05:47 MTecknology forrest: I wear a respirator and nitrile gloves when I do things like this. I learned once... I learned a very very very painful lesson. It ended with me pouring vinegar, milk, and water on my member as slowly as I could for 45min and then ending up in the fetal position in my bed and going to sleep.
05:47 MTecknology forrest: What's the issue you're having?
05:48 forrest MTecknology
05:48 forrest lol
05:48 forrest And it's not an issue, it's related to the default user for the roster system
05:48 forrest The code isn't clear if it defaults to the root user when you don't set a value (at least I'm not seeing it on here).
05:48 MTecknology I know nothing about roster.. :(
05:49 forrest Yea it's brand new, I've been updating the docs
05:49 forrest and I want to work on getting a thorough example of all the possible combos,.
05:49 MTecknology oh... it's a whole new system
05:50 forrest the roster system is associated with salt-ssh, which (in the sense of using it as opposed to the minions) is brand new.
05:50 MTecknology I was figuring you were talking about a module or state
05:50 forrest ahh, nope
05:50 MTecknology damn... I can use the reactor, state, and module systems... I don't know if I want to learn anything else... :(
05:51 forrest you don't have to
05:51 forrest salt-ssh is specifically if you don't want to use the minion/master setup
05:51 forrest and want to just run a master.
05:51 MTecknology oooh
05:51 forrest Yea, it's slower obviously
05:51 forrest but it's good for 'those people'
05:51 MTecknology oh.. and pillar and ext_pillar... those too
05:51 forrest I'm just trying to add additional information to the docs before there are a bunch of questions regarding the roster system/salt-ssh
05:52 MTecknology you're adding docs.. you rock
05:52 forrest *shrug* I like documentation.
05:52 MTecknology do ya now?
05:52 MTecknology so... you wanna help me out with another documentation project?
05:52 forrest lol no
05:52 MTecknology nginx
05:52 forrest One open source project is enough.
05:53 forrest My nginx foo isn't that great :\
05:53 forrest I run my blog off of it, but that's about it as far as it goes configuration wise.
05:53 MTecknology care if I see your config?
06:17 justlooks how to copy dir tree to new location?
06:18 MTecknology file.recurse
06:24 goodwill hmmmm
06:24 goodwill I'll recurse you!!!
06:26 blast_hardcheese joined #salt
06:29 justlooks MTecknology: i get error use file.recurse https://gist.github.com/justlooks/6749876
06:30 gildegoma joined #salt
06:34 justlooks MTecknology: i figure out,the source directory should locate in master ,not minions
06:34 linjan joined #salt
06:46 justlooks problem is if i use file.recurse to send all config to minion ,i can not config file content for each minion ,
06:46 sgviking joined #salt
06:48 sgviking joined #salt
06:53 matanya joined #salt
06:53 t1744Gues joined #salt
06:56 matanya joined #salt
07:03 MTecknology justlooks: that's what pillars are for
07:18 Lue_4911 joined #salt
07:38 matanya joined #salt
08:02 justlooks https://gist.github.com/justlooks/6750274  config master to use pillar ,but when i restart master get parse error
08:06 justlooks i miss the whitespace in front the pillar_roots ,now it's ok
08:15 sssslang joined #salt
08:16 Nexpro joined #salt
08:24 az87c joined #salt
08:26 flebel joined #salt
08:29 justlooks yes ,i think pillar is very useful ,i can put the setup option in pillar sls file ( use grains ) ,and now if i deploy a new cluster i just modify pillar sls ,very nice
08:33 sssslang joined #salt
08:44 sgviking joined #salt
08:54 justlooks the sls file is parsed in master then is send to minion or it is send minion first then parsed on minion?
08:55 eX4n1m0 joined #salt
08:58 hjubal joined #salt
09:23 unicoletti_ joined #salt
09:24 creasy joined #salt
09:45 ml_1 joined #salt
09:45 ml_11 joined #salt
09:55 derelm joined #salt
09:56 higgs001 joined #salt
10:12 Furao_ joined #salt
10:15 HastaJun joined #salt
10:16 HastaJun left #salt
10:58 mjulian joined #salt
10:58 mjulian joined #salt
10:59 zooz joined #salt
11:00 SEJeff_work2 joined #salt
11:01 jslatts joined #salt
11:01 jfalco joined #salt
11:14 jslatts joined #salt
11:28 xl1 left #salt
11:51 mapu joined #salt
12:25 rmt_ joined #salt
12:29 faldridge joined #salt
12:38 xl1 joined #salt
12:40 qba73 joined #salt
12:57 aparashar joined #salt
12:58 xerxas joined #salt
12:58 joehh joined #salt
13:03 SEJeff_work2 joined #salt
13:09 xl1 left #salt
13:27 bhosmer joined #salt
13:28 djn Isn't 0.17 officially out yet? Because this channels topic still says 0.16.4 and it seems that 0.17 has not been packaged for debian yet?
13:32 SEJeff_work2 joined #salt
13:33 teebes joined #salt
13:46 terminalmage joined #salt
13:49 joehh djn: 0.17.0 is not officially out yet
13:49 joehh djn: it is up on pypi, but there are still a few packaging issues we are working through
13:50 joehh there is going to be a new binary package (salt-ssh) and I need to make sure the dependencies are refactored properly
13:51 joehh I expect to finalise it in around 24 hours from now (whatever time that is in your part of the world...)
13:52 linjan joined #salt
13:53 joehh Once it is finalised it, I'll probably put it somewhere accessible, but I'll probably hold off a general upload until the formal announcement
13:54 rmt Hmm, to do an SLS run against a single .sls file?
13:54 joehh If you email me (joehealy@gmail.com) and I finalise it before the annoucement, I can let you know when it is ready for wider testing...
13:55 rmt (local on minion)
13:55 joehh rmt: salt '*' state.sls statename (without the .sls) on the master
13:55 joehh I think it is salt-call state.sls statename on the minion
13:55 joehh but I am very rusty on my salt-call usage
13:55 joehh very rusty
13:56 Vivek joined #salt
13:57 derelm werd mal nicht übermütig
13:57 derelm oh, wrong channel :)
14:00 ronc joined #salt
14:03 rmt joehh, it has to be relative to the base, but yes.
14:03 joehh good to hear
14:07 rmt Hm.. so, one flow I'd like to see is for minions to come up pre-configured with a config (eg. from an AMI snapshot), and to re-run their most recent states on boot..  I suppose I want a separation between getting new states from the master and running states..
14:12 rmt You also want to be able to do state enforcement/auditing based on the last expected state, without the chance of configuration change upstream.
14:12 djn joehh: thanks for the info ;) it's just 0.17 seems to be everywhere and even the releasenotes are out already, so I thought it 'official'. Guess I'll just have to be patient :)
14:13 joehh rmt: yeah - one of the admins at $dayjob was asking for that - I'm not too sure how to acheive it, but maybe you are on the right track with
14:13 joehh local salt-call runs
14:14 joehh ie distribute enough state to the minion and have them run highstate etc against that regularly
14:14 joehh use the master to update the minions /srv/salt then the minion from there...
14:14 joehh issue is just dealing with disconnected minions when they come up
14:15 joehh maybe UtahDave or one of the other salt guys will have some ideas
14:15 rmt That's more a policy or deployment decision.
14:16 joehh djn: you're not running unstable are you?
14:29 geak joined #salt
14:33 mohae joined #salt
14:34 rmt Hm.. does the Salt master broadcast all requests to all minions, or can it do 1-1 ?
14:38 scalability-junk rmt: it does not broadcast afaik it uses one connection per minion.
14:52 djn joehh: nope, I am running wheezy and one or two squeeze even
15:00 joehh djn: thought so - I've got close to ready unstable packages around, but probably best to wait
15:02 rmt renderer's always execute on the minions?
15:05 rmt If that's true, that would mean that the salt master needn't execute any potentially insecure code (from a source repo), right?    It's one thing that's irked me with puppet (server-side puppet functions that can be included in any module)
15:06 joehh rmt: I think so, I've had to install python-mako on each minion when I've wanted mako templates
15:18 * rmt looks at salt-ssh and smiles.. a little dirt kicked in the face of ansible..
15:24 Eugennerz "But wait, there's more!" ?
15:29 redbeard2 joined #salt
15:29 Katafalkas joined #salt
15:35 rmt I think that Ansible started out with too limited a vision, and growing's hard.  It's nice to see that Salt can "simplify" to do ssh too.  Although I do like Ansible's concept of just passing around JSON (or the even simpler KEY=VALUE format), allowing language-independent modules.
15:38 rmt Heh, but cmd.run seems to support that just fine too. :)
15:59 ronc joined #salt
15:59 joehh yeah - the no agents idea seems "nice", but the benefits you get from having an agent under your control are huge
15:59 joehh especially cross platform
16:02 blee joined #salt
16:03 faust joined #salt
16:03 piffio joined #salt
16:08 rmt I do use ansible with a custom inventory and wrapper script so I can run ad-hoc commands on arbitrary nodes though, and make use of its pretty output format. ;-)
16:10 rmt ans tag1=foo tag2=bar -o -a 'tail -1 /var/log/important.log' -- matches all nodes in my inventory where tag1 and tag2 match.
16:20 bpgoldsb joined #salt
16:27 higgs001 joined #salt
16:32 felixhummel joined #salt
16:36 copelco joined #salt
16:38 xl1 joined #salt
17:08 jbunting joined #salt
17:11 troyready joined #salt
17:11 ronc joined #salt
17:14 tethra__ joined #salt
17:20 bhosmer joined #salt
17:23 xl1 left #salt
18:02 bhosmer_ joined #salt
18:26 jdenning joined #salt
18:28 scottvdp joined #salt
18:32 robbyt joined #salt
18:34 sibsibsib_ joined #salt
18:44 opapo joined #salt
18:45 bhosmer joined #salt
18:46 ekarlso joined #salt
18:46 ekarlso yo
18:46 ekarlso can salt target xenserver like it does with KVM?
18:49 geak joined #salt
19:01 SpX joined #salt
19:03 rmt ekarlso, it seems to have a generic libvirt module.. so anything that libvirt targets should work, it seems.
19:04 ekarlso k
19:06 rmt You might want to integrate with something like cobbler for managing DHCP, DNS, etc.
19:10 ekarlso rmt: don't need that though, just need the other stuff
19:15 scottvdp joined #salt
19:23 xl1 joined #salt
19:24 micah_chatt joined #salt
19:28 tseNkiN joined #salt
19:56 danielbachhuber joined #salt
20:03 jslatts joined #salt
20:09 ekarlso joined #salt
20:20 zooz joined #salt
20:22 boite joined #salt
20:25 aboe joined #salt
20:26 bhosmer joined #salt
20:28 ekarlso joined #salt
20:29 opapo joined #salt
20:38 rmt Hmm.. why does "salt '*' test.ping" with down hosts take 10 seconds, when the timeout in /etc/salt/master is set to 5?
21:09 faldridge joined #salt
21:18 Thiggy joined #salt
21:21 copelco is it possible to run salt-call in test mode? e.g. so i can see what my custom state returns when checking for __opts__['test']
21:28 ronc joined #salt
21:30 CheKoLyN joined #salt
21:30 geak joined #salt
21:38 micah_chatt anyone familiar with writing tests for salt modules?
21:52 sgviking joined #salt
22:02 patyx7 joined #salt
22:02 Ryan_Lane joined #salt
22:07 cshuman joined #salt
22:09 higgs001 joined #salt
22:12 geak joined #salt
22:16 torandu joined #salt
22:17 goodwill micah_chatt: you are funny
22:17 micah_chatt goodwill: why is that?
22:18 piffio joined #salt
22:18 torandu joined #salt
22:22 nocturn joined #salt
22:22 nocturn joined #salt
22:23 Ryan_Lane joined #salt
22:35 packeteer hmm, doesn't topic need changing?
22:35 mianos joined #salt
22:36 packeteer nm, i read up
22:42 imaginarysteve joined #salt
22:43 xl1 left #salt
23:04 ricicle joined #salt
23:17 forrest joined #salt
23:17 mianos joined #salt
23:33 higgs001 joined #salt
23:36 msheiny joined #salt
23:38 cshuman joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary