Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-10-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 berto- mgw1: oh yeah, zero doubt about that.
00:00 mgw1 basepi can probably answer the release date question
00:00 berto- so it only remains broken when the pillar is bad?  now that i have refreshed manually so long as the pillars are good it'll continue working?
00:00 mgw1 looks like that from the ticket
00:01 mgw1 just run refresh_pillar once after you break things
00:01 mgw1 on all your minions
00:01 cshuman joined #salt
00:01 pipps joined #salt
00:04 basepi I will cherry-pick that fix. 0.17.1 is due in the next day or two. Just a couple of big bugs we want to fix.
00:05 * basepi is away for now.
00:05 berto- awesome, thanks to both of you!
00:08 agtilden left #salt
00:13 andrej Hmmm ... what am I doing wrong?  http://pastebin.com/fhCsxU5f
00:13 justlooks joined #salt
00:13 andrej My highstate invocation is not working, and I don't understand why
00:19 sgviking joined #salt
00:27 mofomikes joined #salt
00:32 SgtMalicious joined #salt
00:34 SgtMalicious Ryan_Lane: heh, figured you might be in here
00:34 Ryan_Lane ;)
00:37 krissaxton joined #salt
00:38 fxhp {% if grains.get('environment') in ('stage','production') %}
00:38 fxhp is this valid?
00:39 Jahkeup joined #salt
00:39 fxhp because I have """environment: stage""" on a masterless minion and it works
00:39 Jahkeup_ joined #salt
00:40 fxhp but it doesn't seem to work in "production" with a dedicated salt-master and remote salt-minion
00:40 Jahkeup_ joined #salt
00:40 oz_akan_ joined #salt
00:42 drags joined #salt
00:42 Ryan_Lane fxhp: is production actually an environment you are using?
00:43 Ryan_Lane fxhp: have you run 'salt-call grains.items' on a minion in production to see if that grain is set and if it is, if it is set to production?
00:43 fxhp I'm using quotes because its not a masterless minion
00:44 fxhp all the grains are set
00:44 Ryan_Lane is the value of environment production?
00:44 fxhp yet that if statement tests to False
00:44 fxhp no the value of evironment is stage
00:44 Ryan_Lane you said it wasn't working in production?
00:45 fxhp its not working in stage
00:45 travisfischer joined #salt
00:45 Ryan_Lane is that something you are putting into an sls file?
00:45 Ryan_Lane on your minion, run:  salt-call grains.item environment
00:45 fxhp I'll BRB
00:45 fxhp sorry
00:46 fxhp I don't want to waste you time.
00:46 fxhp its stage
00:48 Ryan_Lane fxhp: I think you want to use: {% grains['environment'] in ('stage','production') %}
00:48 Ryan_Lane if you are writing this in a state file
00:48 fxhp Does this syntax matter:
00:48 fxhp -{% if grains.get('environment') in ('stage','production') %}
00:48 fxhp +{% if salt['grains.get']('environment') in ('stage','production') %}
00:48 Ryan_Lane if you are trying to call a module I believe it does
00:49 Ryan_Lane but you don't need to call a module
00:49 drags joined #salt
00:49 Ryan_Lane you can access grains directly
00:49 Ryan_Lane using the syntax I showed above
00:50 liamc joined #salt
00:58 pipps joined #salt
01:15 cro joined #salt
01:17 cachedou_ joined #salt
01:26 avienu joined #salt
01:28 Lue_4911 joined #salt
01:29 cshuman joined #salt
01:31 cshuman joined #salt
01:33 taylorgumgum joined #salt
01:33 xmltok joined #salt
01:36 taylorgumgum joined #salt
01:38 cshuman joined #salt
01:39 Lue_4911 joined #salt
01:41 fragamus joined #salt
01:42 fragamus joined #salt
01:47 Marion_ joined #salt
01:50 cshuman joined #salt
01:54 devawps joined #salt
01:54 devawps Is there any mechanism in salt to pass down results from one stage to another?
01:55 alrs joined #salt
01:55 Kraln joined #salt
01:58 xmltok_ joined #salt
01:58 fragamus joined #salt
01:59 andrej devawps : what do you mean by 'stage'?
01:59 devawps State, sorry
02:01 mofomikes joined #salt
02:07 Marion_ jcockhren: are you online at the moment?
02:07 zwe joined #salt
02:15 jefimenko joined #salt
02:16 jcockhren Marion_: yeah
02:16 Marion_ hi
02:17 jcockhren ready. Let's get it
02:17 jcockhren \o/
02:17 Marion_ in regards to having my minions "dump their keys and reregister" ...
02:17 Marion_ rm -rf /etc/salt/pki/*; restart the minion
02:18 Marion_ is that rm cmd issued on my vm?  not host.
02:18 Marion_ Because I did that, and now I don't have any keys at all.
02:18 oz_akan_ joined #salt
02:20 jcockhren Marion_: refersh my memory. your host&master is your mac and you're running vagrant vm as a minion?
02:20 Marion_ yes, yes!  good job
02:21 jcockhren Marion_: and what errors did you have when restarting your salt-minion service?
02:21 Marion_ that command is just salt-minion restart, right?
02:22 Marion_ I don't believe I had any error.  How can I check if salt-minion is running?
02:22 jcockhren sudo service salt-minion status
02:22 jcockhren will tell your status
02:23 jcockhren restart, instead of "status" restarts the service
02:23 Marion_ ok, I didn't use "service".  just hangs when I issue w/o it.
02:24 jcockhren that's b/c it's running at the command line
02:24 Marion_ for status, returned, start/running.  Does that mean it just now started it?
02:24 jcockhren in fact that's how we're going to debug it
02:25 jcockhren if you have iTerm2, go ahead an full screen your terminal
02:25 jcockhren do these steps -> sudo service salt-minion stop, sudo salt-minion -l debug
02:25 jcockhren and watch the log
02:26 alrs joined #salt
02:26 Marion_ sudo salt-minion -l debug … did you omit "service"?
02:27 jcockhren yeah. sudo running the binary like that allows us to watch the printout from it's processes
02:29 jcockhren so... what do you see Marion_ ?
02:30 Marion_ gist.github.com/my4skcg/3f9af28d31fd8990b472
02:30 Marion_ looks ok to me
02:31 jcockhren Attempting to authenticate with the Salt Master at 127.0.0.1
02:31 Marion_ ah, waiting for minion key to be accepted by the master
02:31 jcockhren is your minion on the same machine as the minion?
02:31 jcockhren (no)
02:31 jcockhren that'll mean you've installed salt-master and salt-minion on the vm
02:32 jcockhren did you?
02:32 jcockhren update that gist with you minion config
02:33 Marion_ not on purpose.  master is on my host/mac.  I issued sudo salt-master -c salt -l debug in terminal
02:33 Marion_ k
02:33 Marion_ done
02:34 Marion_ I have had the salt-key stuff working.  I don't know what I did to screw it up.
02:34 jcockhren the "master" key should point to the master you want to accepts the keys
02:35 jcockhren you'll see that running "salt-key" in the vm will show the accepted key
02:35 matanya_ joined #salt
02:35 jcockhren however, I imagine you want to be run ther "salt-key" command on your host machine (the mac)
02:36 jcockhren the config should be like, "master: ip.address.of.host.machine"
02:37 jcockhren be mindful of what terminal is which ;)
02:37 jcockhren black screens all look the same after a while ;)
02:37 Marion_ yes, I know which terminal I'm using.  I don't always know which terminal i SHOULD be using.  LOL
02:38 Marion_ so, there are 4 files … two for minion, two for master; in each of those, there is a pub and pem.
02:39 krissaxton joined #salt
02:39 Marion_ in /etc/salt/pki
02:41 jcockhren on a minion, there should only be a subfolder "minion"
02:42 AdamSewell joined #salt
02:42 jcockhren (inside pki)
02:42 jcockhren in the vm: sudo apt-get remove salt-master
02:42 jcockhren b/c it'll just confuse you
02:43 Marion_ package is not installed so not removed
02:44 jcockhren so that's within the vm?
02:44 Damoun joined #salt
02:44 dh joined #salt
02:44 cwright joined #salt
02:44 alrs joined #salt
02:44 Odd_Bloke joined #salt
02:44 pexio joined #salt
02:44 defunctzombie joined #salt
02:44 namtab joined #salt
02:44 charlton joined #salt
02:44 rmt_ joined #salt
02:44 toddejohnson joined #salt
02:44 travisfischer joined #salt
02:44 Vivek joined #salt
02:44 bawnzai joined #salt
02:44 reinsle joined #salt
02:44 pexio joined #salt
02:44 joehh joined #salt
02:44 robawt joined #salt
02:44 ktenney joined #salt
02:44 jeddi joined #salt
02:44 lemao joined #salt
02:44 Marion yep
02:44 scalability-junk joined #salt
02:45 jcockhren is the salt-master running on your mac?
02:45 dave_den joined #salt
02:45 joonas joined #salt
02:45 pviktori joined #salt
02:45 Marion yes, in debug mode
02:46 jcockhren when you restart the minion service, you should see the master authenticating the minion
02:46 ninkotech joined #salt
02:46 jcockhren if you don't, that means the minion isn't reaching the master
02:46 cowmix joined #salt
02:47 Marion the minion isn't reaching the master.
02:48 Marion okay, about the keys ...
02:49 jcockhren that means, you won't see keys the minion wasn't able to submit it's public key
02:49 Chocobo joined #salt
02:49 Chocobo joined #salt
02:49 higgs001 joined #salt
02:49 aptiko joined #salt
02:49 jcockhren so the "master" key in the minion config is incorrect
02:50 Marion I was given a private key and a public key.  How do those go in the pem and pub files we were talking about?
02:50 mgw1 luminous: https://github.com/saltstack/salt/pull/7749/files
02:50 jcockhren umm.... private+public keys can be for anything.
02:50 jcockhren salt makes their own
02:51 jcockhren so you wouldn't be "given" them
02:51 jcockhren (maybe that's for ssh)
02:51 Marion yes, ok
02:52 andrej Not that I know much about salt yet at this stage ... but what is the network relationship between the VM and the Mac host?
02:52 jcockhren andrej++
02:53 Marion ok.  So lets start over from the beginning with my keys.  I wasn't the one who originally set this up.
02:53 jcockhren first let's make sure th vm can talk to the host
02:54 Marion why would it if I don't have this setup correctly?
02:55 alrs joined #salt
02:55 sgviking joined #salt
02:55 mianos joined #salt
02:55 andrej Marion what are the IPs of the host and the vm respectively?
02:55 Boohbah joined #salt
02:55 Marion I can ssh into the vm.
02:55 andrej and can the vm ping the host (as in network ping, not test.ping within salt)
02:56 andrej and the other way round?
02:56 Marion vm is … 10.11.12.14
02:56 andrej and what's the default route in the VM?
02:57 Marion host: typical localhost; whatever that # is.  :-)
02:57 jcockhren Marion: actuially it's not
02:57 Marion 127.0.0.1
02:57 jcockhren nope
02:57 Marion no?
02:57 andrej localhost is a reference to the VM itself, 127.0.0.1 is the loopback interface
02:57 Marion oooo kayyyyy then!
02:58 jcockhren a breakthrough
02:58 andrej :}
02:59 Marion I'm a programmer, NOT a sys admin.
02:59 andrej What does "ip route" on the VM give you?
02:59 Marion There's so much I don't understand
02:59 jcockhren uh oh
02:59 Marion uh oh???
02:59 andrej Marion, that's fine
03:00 andrej You'll get there ... if you can code you have the ability to walk through hese things
03:00 Marion default via 10.0.2.2 dev eth0
03:01 Marion 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
03:01 andrej ok ... I assume that 10.0.2.2 is the Mac, then .. does it respond to pings?
03:01 Marion yes
03:02 Marion I appreciate the help.  :-)  If I ever sound rude, I'm being sarcastic.
03:02 jcockhren are you on wifi?
03:03 andrej Now I don't know anything about vmware on Mac ... does it make it's 10.x interfaces known to the host OS?
03:03 jcockhren (doesn't matter... just see 10.x.x.x)
03:03 scalability-junk joined #salt
03:03 pviktori joined #salt
03:03 Boohbah joined #salt
03:03 Marion I'm not using vmware … was asking about it.  using virtualbox
03:03 jcockhren doesn't matter
03:03 andrej Ah OK
03:04 Marion no, plugged in
03:04 jcockhren the vm will grab an IP from the dhcp
03:04 Marion yes
03:04 andrej will the salt master be sent the packets from that interface?
03:05 jcockhren change the salt-minion config "master" key to:
03:05 jcockhren master: 10.0.2.2
03:05 jcockhren then restart the salt-minion service
03:06 Marion does that go in both the .pub and .pem file?  should they contain the same value?
03:06 jcockhren don't edit the pub pem files
03:06 jcockhren I mean
03:07 jcockhren (on the vm) /etc/salt/minion
03:07 jcockhren that's the config file for the minion
03:07 jcockhren Marion: or was that sarcasm? ;)
03:07 Marion I'm the one who put shit in those files
03:08 jcockhren why?
03:08 Marion lol,  no that wasn't sarcasm.  not yet.
03:08 jcockhren yeah... don't mess with any pub/pem file (in life)
03:09 Marion why?  good question.  I thought I was doing the same thing the other person did when originally setup this stuff.
03:09 Marion nothing was explained to me.  When I had problems, I started looking at the history, and trying to remember the few things I saw him do.
03:09 rhand joined #salt
03:10 jcockhren are those edited pem/pub files in /etc/salt/pki?
03:10 Marion yep
03:10 jcockhren LOL
03:10 jcockhren ok. mv those files somewhere
03:10 Marion that's why I said let's wipe my keys and start from the beginning
03:11 Marion I don't need to mv them.  I can trash them.
03:11 jcockhren cool
03:14 Marion trash /etc/salt/pki/master/master.pem, master.pub ???  /etc/salt/pki/minion/minion.pem, minion.pub, minion_master.pub ???  all those files will be created during the salt-key stuff?
03:15 Marion where are you jcockhren ?  what time is it?
03:18 jcockhren Marion: I'm in Nashville
03:18 jcockhren trash those file "where" though? the vm?
03:19 Marion oh, very pretty!  guess it's getting late there.  on host.  minion files on vm.
03:20 jcockhren Marion: which is it? "on host" or "minion files on vm"?
03:21 Marion it's both.  on my host, I can ls /etc/salt/pki and it has both the master and minion directories with the files.  the vm has /etc/salt/pki/minion w/ .pem and .pub files
03:22 jcockhren did you edit the pem/pub files on your host?
03:22 jcockhren definately, trash the /etc/salt/pki on the vm
03:23 jcockhren then trash the /etc/salt/pki/minion on your host
03:23 Marion yes, i edited on host
03:23 jcockhren well trash them all
03:24 jcockhren (then re-run the salt-master command on your mac)
03:25 Marion what about garbage in the .pem/.pub in master dir?
03:25 jcockhren trash all of it
03:28 Marion why are multiple salt workers started?
03:28 mgw joined #salt
03:34 jpcw joined #salt
03:34 larstr joined #salt
03:34 Odd_Bloke joined #salt
03:34 mortis joined #salt
03:34 emilisto joined #salt
03:34 idkfa joined #salt
03:34 Lue_4911 joined #salt
03:35 tseNkiN joined #salt
03:35 Ryan_Lane joined #salt
03:35 joonas joined #salt
03:35 balltongu joined #salt
03:35 Ryan_Lane joined #salt
03:35 matanya_ joined #salt
03:35 cro joined #salt
03:36 ipmb joined #salt
03:36 jslatts joined #salt
03:36 jcockhren Marion: that's fine. salt is async
03:36 Marion k
03:37 Marion still no keys w/ salt-key -L
03:38 pentabular joined #salt
03:40 alunduil joined #salt
03:44 jcockhren did you modify /etc/salt/minion with the IP address of the mac
03:44 jcockhren ?
03:44 jcockhren (in the vm)
03:44 Marion oh yeah.  duh!  I'm tired.
03:45 Marion bummer, I hate it when I can't see what I've typed.
03:45 Marion there we go.
03:55 drags Marion: if your shell goes batty you can try Ctrl+L (force redraw) or if it really goes nutty run the command `reset`
03:56 Marion k
03:58 Marion ty!
03:58 Marion jcockhren: I'm going to bed.  I'm so very tired.  I'll be working on this tmrw.  I will research the salt-key stuff and see what I can figure out on my own.  Will try not to take up your entire day.  again, thx!
03:59 alunduil joined #salt
04:00 jcockhren Marion: later
04:00 Marion yes.  have a good night.
04:02 berto- joined #salt
04:04 mofomikes joined #salt
04:13 robawt joined #salt
04:19 toofer joined #salt
04:46 charlton joined #salt
04:59 Niichan joined #salt
05:05 mianos joined #salt
05:07 mofomikes joined #salt
05:08 idkfa joined #salt
05:09 mianos_ joined #salt
05:13 Katafalkas joined #salt
05:16 dork joined #salt
05:18 mianos joined #salt
05:18 Katafalk_ joined #salt
05:34 mmilano joined #salt
05:39 matanya_ joined #salt
05:40 Katafalkas joined #salt
05:41 krissaxton joined #salt
05:44 Katafalkas joined #salt
05:56 idkfa joined #salt
05:58 felix__ joined #salt
06:15 aleszoulek joined #salt
06:28 krissaxton joined #salt
06:35 ml_1 joined #salt
06:39 mofomikes joined #salt
06:47 elfixit joined #salt
06:52 SgtMalicious joined #salt
06:52 SgtMalicious joined #salt
06:53 aleszoulek joined #salt
07:11 unicoletti_ joined #salt
07:15 [M7] joined #salt
07:16 ndrei joined #salt
07:16 ckao joined #salt
07:16 ndrei joined #salt
07:19 ndrei joined #salt
07:20 thehyper_ joined #salt
07:20 balboah joined #salt
07:21 ndrei joined #salt
07:22 az87c joined #salt
07:22 az87c_ joined #salt
07:27 krissaxton joined #salt
07:28 giantlock joined #salt
07:36 giantlock joined #salt
07:45 it_dude joined #salt
07:58 thehyperadvisor joined #salt
07:59 george_torwell joined #salt
08:00 felixhummel joined #salt
08:08 zooz joined #salt
08:11 mofomikes joined #salt
08:20 frommelmak joined #salt
08:23 ggoZ joined #salt
08:27 xet7 joined #salt
08:30 Nexpro joined #salt
08:31 alunduil joined #salt
08:32 malinoff Hi all
08:38 mua joined #salt
08:50 justlooks joined #salt
08:56 krissaxton joined #salt
09:01 felixhummel hi
09:02 felixhummel Is there some way to list hosts where a job did not succeed? Currently I use "salt-run jobs.lookup_jid ..." and look for red entries. This feels wrong.
09:03 yota joined #salt
09:04 leo_33\ joined #salt
09:13 justlooks felixhummel: check for  Result:    True in each state
09:13 justlooks sorry False
09:13 felixhummel :>
09:14 mofomikes joined #salt
09:14 justlooks i think a job is always success ,if it can start to run
09:14 felixhummel good idea. this way i can check if there were any failures, but still do not get the list of failed hosts
09:15 felixhummel i'm thinking of continuously running salt on staging CI
09:16 justlooks felixhummel:  awk is the good tool for handling the job output
09:17 justlooks felixhummel: or maybe salt offer the python API for what you want ,i have not use yet ,so just guess :)
09:18 felixhummel justlooks: yes, i will investigate if the python api does what i need. i guess so too
09:19 dcmorton joined #salt
09:20 felixhummel https://github.com/saltstack/salt/blob/develop/salt/runners/jobs.py#L61 seems like a good start
09:21 malteo joined #salt
09:22 Martinez joined #salt
09:24 Martinez joined #salt
09:25 Martinez joined #salt
09:26 justlooks felixhummel:  you can do like this https://gist.github.com/justlooks/6932013
09:26 Martinez joined #salt
09:28 felixhummel justlooks: wow. that's some cool black magic in awk.
09:28 justlooks felixhummel: that's why i love it :)
09:28 Furao felixhummel: i'm doing that, and it worth it.
09:28 justlooks felixhummel:  you can modify it to fit you need
09:29 felixhummel Furao: also in awk?
09:29 felixhummel justlooks: Thanks! :)
09:29 Furao the CI thing
09:29 felixhummel how do you check success?
09:29 Furao and I also wrote my own salt testing framework and all states are constantly executed independently and/or by chunk. so if any .sls miss a - rsquires I know it before it get into prod
09:30 Furao everything that we have come with monitoring integration
09:30 Furao I recycle monitoring check to make sure everything is alright
09:30 Furao such as open TCP port, HTTP reply, process running
09:30 Furao or more complex workflow, such as send a log to graylog2 ends in elasticsearch
09:31 justlooks Furao: sounds complex
09:31 felixhummel i see. real end to end ops tests: deploy, monitor, assert
09:31 Furao python unittest that check if state execute properly, at the end run all monitoring checks
09:31 Furao justlooks: I had been working on this since march
09:32 Furao but it worth it, I don't have any more bad surprise
09:32 Furao as we're now a team of 7 working on those states
09:32 Furao a single test run of a single git branch take more than 12 hours on a VM with SSD
09:33 dcmorton joined #salt
09:33 Furao https://www.dropbox.com/s/u674kyeg7vetawk/Screen%20Shot%202013-10-11%20at%205.33.14%20PM.png
09:34 felixhummel Furao: I think that's the way I will go. Seems sound idea and is battle proven by you. :)
09:34 felixhummel s/Seems/Seems to be/
09:38 Furao felixhummel: I use python metaclass to automatically create test units using http://docs.saltstack.com/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_states
09:38 Furao it used to be a big .py file where all dev had to implement their own unittest def, but now it's automatic. huge time saver
09:42 jumperswitch joined #salt
09:44 tru_tru joined #salt
09:45 jumperswitch_ joined #salt
09:58 elfixit joined #salt
10:01 [M7] joined #salt
10:03 helderco joined #salt
10:05 kyusan joined #salt
10:45 chubrub joined #salt
10:46 mofomikes joined #salt
10:46 chubrub hey :) how can i achieve multiple conditions in if statements? Have {% if grains['role'] == 'psql*' %} and I want have something like {% if grains['role'] == 'psql*' and grains['env'] == 'prod' %}
10:47 ddv can't you use && or and?
10:48 Furao chubrub: if grains['role'] == 'psql*' is invalid
10:48 chubrub I don't know the syntax :/ i thought that asking here would be quickest way. Sorry for my laziness :)
10:48 Furao it's python
10:49 bhosmer joined #salt
10:49 Furao so it's if grains['role'].startswith('psql')
10:49 chubrub @Furao: hmm... it's working for me
10:49 Furao isn't that too soon to drink already?
10:49 chubrub ok, maybe it's working accidentally
10:49 chubrub it's after noon, so enjoy the weekend ;)
10:50 Furao I mean you :P
10:50 Furao it's 18h50 here
10:50 Furao it can't works (really)
10:50 Furao but .startswith will
10:50 Furao so it's {% if grains['role'].startswith('psql') and grains['env'] == 'prod' %}
10:51 chubrub :)
10:51 chubrub thanks
10:51 Furao or grains['role'][0:4] == 'psql'
10:51 Furao the first one is more readable
10:52 giantlock joined #salt
10:52 chubrub thanks again Furao!
10:57 jslatts joined #salt
10:58 Furao I don't know why so much of you guys use role as a single value, what if an host got multiple roles?
11:06 chubrub hmm... I'm using different variables then
11:07 chubrub honsetly I'm starting learning python, so don't know yet how to use multiple roles in one value
11:09 chubrub but what you said is really usefull
11:13 Furao I mean role in term of salt architecture
11:13 Furao it's not python specific
11:13 Furao what if you have those roles: db-srv, front-end, backend
11:13 Furao and you have a dev VM you need with all those 3 roles in paralels
11:13 Furao on the same host
11:14 Furao i got nearly 20 different roles and sometimes they're mixed together
11:15 chubrub I'm using different grains names to achieve it, but I see that I'm going wrong direction
11:16 Furao and don't abuse grains
11:16 Furao they're on the minion side
11:16 Furao grains are on the master side and are more flexible
11:17 Furao you can change values of all minions from a single place (such as a git repo)
11:17 Furao while changing grains isn't as much convenient
11:17 chubrub yeah, you're right
11:18 Furao this is my top.sls https://gist.github.com/bclermont/54427942425fa8182e96
11:19 Furao global_roles is the list of all roles available
11:21 chubrub nice! that's simplifying a lot!
11:24 malinoff Hey Furao. Could you please give an advice? :)
11:26 Furao malinoff: on?
11:27 higgs001 joined #salt
11:28 malinoff Furao: I'm a bit frustrated on salt's namespaces. For example, i have a project directory in /srv/salt/project_name; i have a pillar directory in /srv/salt/project_name/pillar
11:29 malinoff Furao: I must specify outer dict in a pillar because all of them are shared in one namespace
11:29 malinoff I'm targeting with grains, e.g. -G 'roles:project-webnode' and i must specify env='proj_name'
11:30 malinoff so many repetitions of project identifier
11:31 malinoff Can i decrease this somehow?
11:31 Furao my deployments are different (custom inventory system [webapp + rest api], ext_pillar that connect to that api), so i never used grains target before, and I sort things differently
11:32 Furao you can't do grains targeting in top.sls ?
11:32 Furao and then specify the env there?
11:34 malinoff Furao: top.sls is not a silver bullet... In our company, we've discussed this and decided that highstate hides the deployment process. It's way better to use separate stages like build.sls, backup.sls, deploy.sls and so on
11:34 Furao you want it automated or not? :)
11:34 Furao I don't see how you can handle that
11:35 Furao you did that because you couldn't fix all requires/watch and make everything works in a  single highstate shot?
11:35 jumperswitch joined #salt
11:36 Kraln- joined #salt
11:38 malinoff Automated but clear. Highstate is not clear at all. And no, it's not about requires/watch, only because of a separate-stages deployment. Maybe, somewhen we will use highstate, but not right now. I can say, we're almost the pioneers, who use salt in Syberia
11:41 Kraln joined #salt
11:42 leo_33\ joined #salt
11:42 ggoZ joined #salt
11:43 [M7] joined #salt
11:44 Furao malinoff: Омск?
11:45 malinoff Furao: Хах, да. Омск :)
11:45 Furao I understand so far :P
11:46 malinoff Furao: Екатеринбург?
11:46 Furao just got a US keyb mapping
11:47 Furao you think I can be at Екатеринбург?
11:47 Furao that sound german :)
11:48 Furao I mean  the бург part
11:49 malinoff Furao: You said that it was 18.50 1 hour ago. It's Екатеринбург's time zone. Where are your from? :)
11:50 Furao here http://goo.gl/maps/c412J
11:50 Furao not from, but here
11:50 Nexpro2 joined #salt
11:50 Furao I can read cyrillic and bunch of russian words
11:52 Furao last summer I was in Болгарии, Солнечный берег
11:52 malinoff Furao: Wow. How do you know that i'm from Омск? :) whois on 'realname'?
11:52 ipmb joined #salt
11:52 sixninetynine joined #salt
11:52 Furao http://dazzlepod.com/ip/8.8.8.8.json replace 8.8.8.8 with your IP
11:53 Furao I wonder where in siberia you were :)
11:57 lemao joined #salt
11:59 malinoff Furao: https://maps.google.ru/maps?q=54.98543,73.38748&num=1&vpsrc=0&ie=UTF8&t=m&z=18&iwloc=A
11:59 viq Hm, halite-git fails to build for me on archlinux
11:59 Furao pranova?
11:59 Furao or slododskaya
12:00 malinoff Furao: Маршала Жукова :)
12:00 Furao ah i see now
12:00 Furao ah it's in non-cyrillic too :)
12:00 malinoff Furao: How do you know a bunch of cyrillic?
12:00 malinoff Furao: Hm. What 'non-cyrillic' do you see? :)
12:00 Furao I spent a while in bulgaria and I learn it for fun
12:01 Furao if you scroll up you can see some street name not in cyrillic
12:01 Furao as I said Furao: last summer I was in Болгарии, Солнечный берег
12:01 Furao and there it's filled with russian
12:01 jetblack joined #salt
12:02 malinoff Furao: Strange :) Maybe, it's gmaps bug or something
12:02 Furao so I ended drinking ЗАГОРКА with russian very often and they teach me nasty words I since then forgot
12:02 malinoff Furao: :D
12:03 bhosmer joined #salt
12:03 blee joined #salt
12:06 pentabular joined #salt
12:07 Furao if russia wasn't so dumb regarding visa I would probably be there already
12:07 Furao i'm from canada I'm not afraid of siberia :P
12:09 malinoff Furao: Well, yes, we have a lot of bureaucracy
12:10 malinoff Furao: Do you like hockey? :)
12:10 Furao I should, but no
12:10 Furao everyone loves it there
12:10 Furao it's a religion
12:10 malinoff Furao: That's why i asked
12:11 Furao and so much canadian players/coach ends in russia
12:11 Furao when NHL is on strike/lockout
12:13 malinoff Furao: In Omsk, we have a very strong team called Авангард. Actually, it was, right now it's not the best time for it. And in Omsk we love hockey too. If you will go here, you will see many similarities (especially, when it's a day with a game in the evening)
12:13 Furao avanguard :)
12:13 Furao guard for the goalie?
12:13 copelco1 joined #salt
12:13 Furao or it's a company that sponsor it (i guess)
12:15 malinoff Furao: No, it's the name of the club. ГазпромНефть sponsors it. Btw, in many cases Авангард is called 'Омские ястребы' - Omsk Hawks - because of it's label. http://hawk.ru - if you are interested :)
12:16 Furao well, they probably sponsor everyone :)
12:16 Furao they at least have the money for it
12:16 diegows joined #salt
12:16 malinoff Furao: Yes, you are right
12:16 Furao yastrebu
12:16 Furao hawks?
12:17 malinoff Yep
12:17 malinoff yastreb == hawk
12:17 Furao ы isn't much used in bulgarian
12:18 malinoff Well, ы is very often used in Russian - it shows us that a word is in the plural
12:19 mofomikes joined #salt
12:19 Furao летс трй тиз кйбоард
12:19 Furao not used to this mapping :)
12:19 malinoff y should maps to ай
12:19 Furao oh really? that's very usefull
12:20 Furao (the plural)
12:20 Furao that explain a lot :)
12:20 xl1 joined #salt
12:20 malinoff And i'd rather type "летс трай зис кейбоард" =)
12:20 Furao ok, well I didn't know how to convert that sound in russian :) english isn't my native language either
12:21 Furao zis instead of tiz?
12:21 xt please join #offtopic-cyrllic
12:21 xt :)
12:21 gildegoma joined #salt
12:21 Furao at least we cover the silence
12:21 Furao :P
12:22 Furao it's friday!
12:22 Furao you know off topic friday?
12:22 malinoff Furao: Yep, we're saying 'з' - z on th
12:22 malinoff xt: Salt - connecting people
12:23 Furao I hired 3 guys here
12:23 Furao well one that left...
12:23 malinoff Furao: Oo
12:23 Furao but #salt is not just for support
12:23 liamc joined #salt
12:24 Furao it's just hard to find a girlfriend here
12:25 jumperswitch joined #salt
12:26 malinoff Furao: It shouldn't be - any girl must know how to use salt :)
12:26 Furao in the kitchen
12:26 Furao i know :P
12:27 malinoff Furao: You got it :D
12:31 leo_33\ joined #salt
12:35 mmilano joined #salt
12:36 mmilano left #salt
12:37 timoguin joined #salt
12:38 ndrei joined #salt
12:40 krissaxton joined #salt
12:44 mapu joined #salt
12:45 dpac Hey guys, is there an easy way of pulling log files from salt minions to master periodically?
12:47 amahon joined #salt
12:50 mpanetta joined #salt
12:53 berto- joined #salt
12:55 timoguin dpac, yes. you could use cron or the salt scheduler to periodically call cp.push on those files
12:55 timoguin http://docs.saltstack.com/ref/modules/all/salt.modules.cp.html
12:57 dpac timoguin: Thanks, exactly what I needed!
12:57 timoguin and scheduler docs: http://docs.saltstack.com/topics/jobs/schedule.html
12:59 oz_akan_ joined #salt
12:59 dpac timoguin: Yup, found the scheduler docs already. Is there any more information about returners in docs? I don't seem to be able to find it
12:59 timoguin yea: http://docs.saltstack.com/ref/returners/
13:00 dpac timoguin: Thanks! :)
13:00 timoguin welcome :)
13:02 jrdx joined #salt
13:10 MTecknology restructuring all of the salt layout I have is daunting and not fun... :(
13:11 juicer2 joined #salt
13:12 sgviking joined #salt
13:13 N-Mi joined #salt
13:15 MTecknology I made it to centric to one type of server instead of making it not care about the server type/roll
13:16 berto- does salt have a notification mechanism for minions that connect and disconnect from the master?
13:16 MTecknology probably with the reactor, you could make ore
13:16 MTecknology one*
13:16 mapu joined #salt
13:16 Kholloway joined #salt
13:17 mapu Does anyone have experience with the formulas at https://github.com/saltstack-formulas? Specifically the mysql and apache formulas?
13:19 ddv just ask your question, mapu
13:19 ddv don't ask to ask
13:19 mapu Oh- sorry- got redirected :)
13:20 mapu I have the apache formula in place.
13:20 mapu I created the pillar (using the pillar.example file ) as /srv/salt/pillar/apache/init.sls
13:21 mapu and copied the apache-formula/apache directory to /srv/salt/apache
13:21 mapu then, I added apache to my /srv/pillar/top.sls file
13:21 zwevans joined #salt
13:21 brianhicks joined #salt
13:21 mmilano joined #salt
13:21 mapu and then added apache.vhost.standard to /srv/salt/top.sls
13:22 berto- MTecknology: thanks for the reactor suggestion.
13:22 mapu (also tried with just apache)
13:22 krissaxton joined #salt
13:22 mapu when I run this (either a pillar refresh or state.highstate), I get the following error:
13:22 mapu (just the last line- I can paste the whole if needed)
13:22 mapu UndefinedError: 'id' is undefined
13:23 eclectic joined #salt
13:23 mapu my guess is that I have something misnamed or wrong
13:23 ipmb joined #salt
13:23 timoguin i wonder if it's referring to this from the pillar.example: ServerName: {{ id }}
13:23 timoguin could be a bug in the formula
13:24 timoguin i'll be working to get that formula working on my setup this weekend probably
13:25 timoguin mapu, are you using 0.17?
13:25 mapu I am not yet as the package for raring is not available yet. My next step was to install .17 as a separate instance to test
13:27 timoguin I know some of the formulas are only compatible with 0.17
13:27 timoguin If you're using the pillar.example as your base, and the formula as is, I'd think it should just work.
13:28 mapu That's what I imagined.
13:29 mapu Ok- before I head down this road further- I am going to install .17 and try the apache and mysql formulas again
13:29 mapu I'll update here my resullts
13:30 timoguin gl!
13:31 oz_akan_ joined #salt
13:33 oncell_jeff joined #salt
13:36 toastedpenguin joined #salt
13:41 jonet joined #salt
13:42 jonet Why is it that I can't use {{ grains.get_or_set_hash('mysql:root_password') }} in a statefile? I'm running 0.17.
13:42 jonet All it says is that Jinja doesn't recognize it as a variable.
13:42 racooper joined #salt
13:44 jonet Doh, possibly because it's not there in 0.17 >.<
13:44 mmilano left #salt
13:48 fragamus joined #salt
13:51 mofomikes joined #salt
13:52 kaptk2 joined #salt
13:52 Brew joined #salt
13:54 alrs joined #salt
13:55 pabelanger joined #salt
13:55 pabelanger left #salt
13:55 mgw joined #salt
13:55 tyler-baker joined #salt
14:00 micah_chatt joined #salt
14:04 aberant joined #salt
14:06 Furao jonet: interesting
14:07 Furao I got a password.py module and a password.random_pillar('mysql:root_password') that generate a password for you if that pillar key isn't defined
14:08 sashka_ua joined #salt
14:08 Furao and I found a way to safely shared password across multiple minions trough mine and peer module, not just yet implemented :(
14:09 mannyt joined #salt
14:10 Furao peer suck, mine is better, but yeah it's just a matter of implement it :) but that's a good news grains implement that
14:11 jbunting joined #salt
14:11 ndrei joined #salt
14:11 mua joined #salt
14:14 Gifflen joined #salt
14:15 oncell_jeff Anyone have any ideas on the best way to download a big file securly
14:15 oncell_jeff securely* using a state?
14:16 hotbox joined #salt
14:16 Furao source: https:// ?
14:16 mapu Updated to .17 and I am still seeing errors with the apache formula
14:16 mapu One thing I see in the pillar.example:
14:16 mapu near the end: {{UNQIUE}}: ?
14:16 mapu should that be UNIQUE ?
14:18 jslatts joined #salt
14:19 mgw joined #salt
14:19 DredTiger joined #salt
14:20 druonysus joined #salt
14:20 druonysus joined #salt
14:22 mofomikes joined #salt
14:23 jrdx joined #salt
14:29 backjlack joined #salt
14:30 cnelsonsic joined #salt
14:31 srage_ joined #salt
14:33 danielmcbawse joined #salt
14:33 srage joined #salt
14:33 Drawsmcgraw joined #salt
14:35 pentabular joined #salt
14:35 ndrei joined #salt
14:39 srage joined #salt
14:40 leo_33\ joined #salt
14:41 amahon joined #salt
14:44 saysjonathan joined #salt
14:44 quantumsummers|c joined #salt
14:45 teskew joined #salt
14:45 danielmcbawse joined #salt
14:53 oz_akan_ hi all
14:53 oz_akan_ anyone knows how to refresh pillar files on a minion?
14:53 oz_akan_ except saltutil.refresh_pillar
14:54 oz_akan_ which doesn't seem to help in my case
14:54 terminalmage oz_akan_: pillar files are not compiled on the minion
14:54 terminalmage saltutil.refresh_pillar does it, and it is also done when you run a state.highstate
14:55 oz_akan_ I made a mistake in pillar file, fixed it then, but on these minion which I ran, it still gives the error
14:55 oz_akan_ other minions are fine
14:56 terminalmage oz_akan_: check the master log, there may still be errors rendering the pillar
14:56 DredTiger joined #salt
14:57 aleszoulek joined #salt
14:57 oz_akan_ I think I need to start master with more detailed logging
14:57 oz_akan_ I see no errors
14:57 xmltok joined #salt
14:57 terminalmage no, the default loglevel is warning
14:57 danielmcbawse joined #salt
14:59 lemao_ joined #salt
14:59 brimpa joined #salt
15:02 uta joined #salt
15:03 uta hey guys, is there a way to disable the installation part of the salt-cloud scripts? like in the config some way
15:03 pipps joined #salt
15:03 timoguin uta, you mean like if salt is already installed on the machine?
15:05 uta timoguin: yeah, we're provisioning machines on amazon using an AMI that already has salt installed. We're having some trouble because the AMI has 0.17 installed, but salt-cloud tries to install/update 0.16.4
15:05 jalbretsen joined #salt
15:05 Jahkeup joined #salt
15:06 timoguin uta, ah, i'm sure there is, but i'm not sure how. i never had to deal with multiple versions.
15:07 lineman60 joined #salt
15:08 timoguin uta, i want to say you can pass an option to salt-cloud to tell it not to run the bootstrap script
15:08 timoguin having trouble finding it though. salt-cloud docs are kinda cryptic.
15:09 uta timoguin: yeah I've had the same problem with the docs. I'll have a look through the source when I get a chance I think. It's partly a versioning problem, but there would also be the small benefit of being able to provision machines faster.  thanks for the help! :)
15:11 Jahkeup joined #salt
15:12 Katafalkas joined #salt
15:18 bhosmer joined #salt
15:21 jslatts joined #salt
15:21 aberant joined #salt
15:22 cnelsonsic joined #salt
15:22 jonet Furao: Well, it wasn't implemented in 0.17 though, but listed in the docs for 0.16.2 for some raeson, was it removed perhaps? Anyway, I'd be interested in seeing that password module of yours if you care to share?
15:23 jonet For now I sorted it inside the template, calling through to generate a password and setting it as a grain. Although, as you said; it's not very safe.
15:26 Jahkeup joined #salt
15:26 oz_akan_ terminalmage: I deleted these servers and created again, for sure it is something cached in minions
15:26 oz_akan_ terminalmage: as it works now
15:28 aberant joined #salt
15:29 xmltok joined #salt
15:29 bitz joined #salt
15:33 StDiluted joined #salt
15:33 ndrei joined #salt
15:37 jefimenko joined #salt
15:38 SgtMalicious joined #salt
15:39 nocturn joined #salt
15:40 xl1 joined #salt
15:41 cron0 joined #salt
15:44 shinylasers joined #salt
15:44 oldhack joined #salt
15:45 swa_work joined #salt
15:46 pipps joined #salt
15:49 gaoyang joined #salt
15:50 druonysus joined #salt
15:52 higgs001 joined #salt
15:52 opapo joined #salt
15:56 pdayton joined #salt
16:00 pipps joined #salt
16:02 unicoletti_ left #salt
16:03 Lue_4911 joined #salt
16:04 mua joined #salt
16:06 Katafalkas joined #salt
16:06 adepasquale joined #salt
16:07 redondos joined #salt
16:08 Jahkeup_ joined #salt
16:10 timoguin_ joined #salt
16:10 toguin__ joined #salt
16:13 KyleG joined #salt
16:13 KyleG joined #salt
16:15 colinbits joined #salt
16:17 mapu joined #salt
16:19 luminous is it possible to install salt directly from git, and get all dependencies?
16:19 pentabular joined #salt
16:19 luminous eg, is it possible to install a release tag from git and not get stuck in version hell?
16:21 SgtMalicious fO><65$kDvr@7
16:21 SgtMalicious oops
16:21 luminous OOPS
16:21 luminous :P
16:22 luminous too bad I don't work for a three letter agency and could have seen what you were connecting too..
16:22 SgtMalicious nothing they don't already have
16:23 luminous SgtMalicious: if you're doing random, auto-generated passwords, why not push up the bits? 13 chars isn't much :P
16:23 luminous SgtMalicious: you're using telnet still?
16:23 eliasp luminous: use salt-bootstrap
16:23 luminous :P
16:23 luminous eliasp: and that'll take care of all dependencies?
16:23 SgtMalicious haha, no def. not telnet, but the system I'm accessing is gov so they already have it all anyway
16:23 eliasp luminous: yes: https://github.com/saltstack/salt-bootstrap
16:23 luminous hmmm
16:24 luminous I should look into how that is done or what is available
16:24 eliasp luminous: make sure to read the README first
16:24 luminous eliasp: yea, I'm well aware of salt-bootstrap
16:24 eliasp luminous: ok
16:24 luminous I actually don't use it anymore because I have my own way of installing the package like they do in bash
16:24 luminous but written in python
16:25 luminous I have NO idea why that was written in bash..
16:25 luminous ><
16:25 eliasp luminous: because you can use it without any other previous dependencies on nearly any system
16:25 eliasp luminous: and btw: it's plain sh without bashisms ;)
16:26 eliasp luminous: I see your reasons why sh is bad for that kind of script, but I also see the reasons why anything else than sh is bad ;)
16:27 luminous https://github.com/saltstack/salt-bootstrap/blob/develop/bootstrap-salt.sh#L1307 << that could be problematic if installing an older version of salt, no?
16:27 eliasp anything a bit more advanced than sh allows a more "metaprogramming" style for this kind of script which is solved in salt-bootstrap with weirdly named/chained function names etc.
16:28 luminous yea, I see why anything but sh is bad
16:28 luminous but I would have a sh script to install python, then do the rest in python
16:28 luminous :P
16:28 eliasp :)
16:29 uta joined #salt
16:30 bhosmer joined #salt
16:32 luminous eliasp: ugh... this crap is so unreadable!
16:32 luminous well, as readable as I've seen complicated sh in a while, but still
16:33 eliasp luminous: sure, I don't really like this code too… :)
16:33 luminous I wonder if pedro agrees
16:34 eliasp :)
16:36 taylorgumgum joined #salt
16:40 opapo_ joined #salt
16:40 krissaxton joined #salt
16:42 Katafalkas joined #salt
16:45 g4rlic joined #salt
16:46 g4rlic I have a question.
16:46 g4rlic Salt, as config management, allows me to use state functions.
16:46 g4rlic But, I'm curious if I can use some of the remote-execution commands in a sls file?
16:47 g4rlic eg: salt.modules.archive.unzip
16:51 SgtMalicious luminous: I just change all my passwords to "correct horse battery staple" anyway
16:52 mgw g4rlic: I think you can get at it from within jinja, but I'm not sure how well that would work out
16:54 mgw g4rlic: I can't find the docs, but I think something like this might work: {{ salt['modules.archive.unzip'](arg1, arg2) }} — however, I don't know how you would make that idempotent.
16:56 luminous SgtMalicious: hah
16:57 luminous I'd like to believe those are more secure or less crackable
16:58 SgtMalicious probably, to bad most systems won't let you use something like that
16:58 luminous now it only takes a sufficiently large database of common words. you've essentially reduced the length of your password to 4 characters (while lengthening the alphabet to 100,000 or 1,000,000)
16:58 micah_chatt joined #salt
16:59 luminous given that we can blow through millions/billions of attempts / second..
16:59 mgw luminous: So this is the issue I was having the other day: https://github.com/saltstack/salt/issues/3665
17:00 luminous mgw: I saw your commit, awesome to have another bug closed!
17:00 luminous mgw: this is why I asked about cache testing :P
17:04 leo_33 joined #salt
17:12 ml_1 joined #salt
17:12 george_torwell joined #salt
17:12 g4rlic mgw: that sounds janky, I think I'll just use file.managed and cmd.run.
17:13 g4rlic But boy, stateful zip file management would've been useful today. ;)
17:13 mgw g4rlic: Yeah, I was just thinking about an archive state module
17:14 mgw archive.unzipped
17:14 mwillhite joined #salt
17:14 mgw taking a source and destination, but only unzipping if needed, and triggering watches etc
17:14 eliasp oh yes, please! ;)
17:15 taylorgumgum joined #salt
17:16 JaredR joined #salt
17:22 Thiggy joined #salt
17:23 jslatts joined #salt
17:23 cnelsonsic joined #salt
17:25 toofer joined #salt
17:28 xmltok joined #salt
17:32 plethora joined #salt
17:36 Ryan_Lane joined #salt
17:37 DredTiger joined #salt
17:38 jkleckner joined #salt
17:39 jslatts joined #salt
17:42 toofer joined #salt
17:43 copelco joined #salt
17:44 Ryan_Lane joined #salt
17:50 brianhicks joined #salt
17:56 travisfischer what's the syntax for setting a grain value to a list using grains.setval?
17:56 jslatts joined #salt
17:56 travisfischer grains.setval key "['val1', 'val2']" ?
17:56 travisfischer I see you have append now
17:57 travisfischer but pre 0.17 what did you do?
17:58 danielmcbawse joined #salt
17:58 danielmcbawse joined #salt
17:58 Gifflen joined #salt
17:59 Gifflen joined #salt
18:02 seanz Quick question: Is there a known "good" way to retrieve a file from a git repository directly?
18:02 crane seanz, you mean the repo or just one file of the repo?
18:06 thehyperadvisor joined #salt
18:06 seanz crane: One file.
18:07 micah_chatt joined #salt
18:07 leo_33\ joined #salt
18:16 cachedou_ seanz: 'git archive' is probably what you're after
18:16 copelco1 joined #salt
18:18 seanz cachedou_: Interesting, but I'm not sure that will help. We've got some Java code that we distribute as a .war file. I'm actually thinking it would be better to distribute this code as a debian package instead (we're running Ubuntu).
18:19 * cachedou_ nods
18:19 seanz I was just trying to assess if there was some functionality I wasn't aware of for plucking files from git.
18:19 seanz Without having to check the repo out and do other such things.
18:20 cachedou_ git archive can pluck a file from a remote repo without cloning it first, I believe.
18:20 cachedou_ But packaging is good too :]
18:24 taylorgumgum joined #salt
18:29 Gifflen joined #salt
18:35 it_dude joined #salt
18:35 Jahkeup joined #salt
18:37 Cidan does anyone know how to update a package when it's defined with pkg.installed AND a salt source is given?
18:37 Cidan ie: I have version 1 installed, I want to install version 2
18:38 Cidan but simply changing the package in sources for pkg.installed won't upgrade
18:38 klb joined #salt
18:39 berto- joined #salt
18:40 ndrei joined #salt
18:41 toofer Isn't there something like '- latest' for package management? I could be wrong. I'm very new to Salt myself.
18:41 Katafalkas joined #salt
18:41 Cidan there is, but it doesn't work with "sources"
18:41 toofer http://docs.saltstack.com/ref/states/index.html (look for latest on that page).
18:42 toofer Hmm…
18:42 * toofer shrugs
18:42 klb Two part question: A) Does salt support doing something like configuring a windows service (snmp in this case) 2) If A is true, where can I find an example?  So far, uncle google hasn't been very forthcoming with relevant information.
18:44 or1gb1u3 joined #salt
18:46 Cidan annoying, I need to manually uninstall the package
18:46 Cidan then kick off highstate to update
18:48 opapo joined #salt
18:52 toofer Cidan, I have a script that I like to have on a server and the procedure described in the link I sent earlier works for me to update my script.
18:53 Cidan For file.managed it works great
18:53 toofer Okay.
18:53 Cidan for pkg.install it does not, likely by design
18:53 Cidan which I think might be an oversight
18:55 tyler-baker joined #salt
18:55 tyler-baker joined #salt
18:56 jslatts joined #salt
18:59 pentabular joined #salt
18:59 g4rlic mgw: yes, archive.unzipped would be a wonderful addition to the salt state tree.
19:01 mmontgomery joined #salt
19:01 Jahkeup joined #salt
19:03 Gifflen joined #salt
19:03 helderco joined #salt
19:05 klb hm... from the logs here "It's not quite as full featured as on the *nix platforms.  But you can install software, create and manage users, install server roles, get system status, disk usage, service status, restart"
19:06 klb Would seem to indicate 'no'. A mechanism to watch/set registry keys could be handy
19:08 opapo_ joined #salt
19:11 zooz joined #salt
19:12 klb aaaaand there's salt.modules.reg
19:14 drags /win 21
19:15 aberant joined #salt
19:21 bhosmer joined #salt
19:24 woebtz joined #salt
19:25 it_dude joined #salt
19:29 oncell_jeff \join #ssh
19:30 narekb joined #salt
19:32 m0hit joined #salt
19:33 m0hit Was trying out 0.17.0 and the minions are giving the error
19:33 m0hit KeyError: 'ext_job_cache'
19:33 m0hit as soon as they authenticate with the master
19:33 m0hit salt-minion without master is working fine.
19:33 m0hit Any ideas about what this issue might be.
19:33 Brew joined #salt
19:34 taylorgumgum joined #salt
19:38 drags basepi: re: the minion ID issue. I am very aware of the key re-acceptance issue (both of the examples I presented in the ticket are things I've actually done in my month of salt already)
19:38 drags I wanted to open a separate issue for the key re-acceptance, but I hadn't had a chance to look at the code yet
19:38 drags a couple questions arise: 1) Do the minion keys change when their ID changes?
19:39 drags 2) any reason the master couldn't (or shouldn't, say for performance reasons) keep a lookup table of key fingerprints to compare "new" keys against?
19:39 drags Lastly, tying back into both issues: if the minion ID should be immutable, then defaulting it to the initial hostname seems like a poor choice
19:40 drags hostnames are mutable, and having minion IDs sort-of-but-not-really match hostnames is rather confusing
19:40 toofer left #salt
19:41 aberant joined #salt
19:42 m0hit Hi. Any suggestions on why 0.17.0 minion is returning a KeyError for ext_job_cache
19:42 m0hit I'm hitting this particular line: https://github.com/saltstack/salt/blob/develop/salt/minion.py#L894
19:44 m0hit joined #salt
19:51 avienu joined #salt
19:51 temujin9 joined #salt
19:51 eliasp I'm just experimenting with saltmaster + halite… having a separate Docker container for each of them, running saltmaster from git (develop) and halite from git (master)… I share the directories /etc/salt, /var/cache/salt/master and /var/run/salt/master from the saltmaster container as Docker volumes  with the halite container, but when trying to authenticate through halite's web-ui, I run into a 401 because of a
19:51 eliasp timeout: {"error": "EauthAuthenticationError(\"Authentication failed with SaltReqTimeoutError('Waited 60 seconds',).\",)"}
19:52 eliasp hmm, wait… I think I messed the shared volumes up…
19:53 temujin9 having trouble getting s3.get to work from an SLS file. I can invoke it successfully with salt-call, but every variant of the SLS I try results in 'State s3.get found in sls s3 is unavailable'.
19:53 eliasp ok, shared volumes are fine… so any idea why I run into this timeout? through which socket file is halite supposed to communicate with the master?
19:55 mapu Interesting. Upgraded my master to 0.17. In salt cloud profile, add script_args: git 'v0.17.0' so that the correct minion version is installed. I run salt-cloud, and - while the instance is brought up successfully with the minion running, I get the following error: http://pastie.org/private/scggm4kunpvryqkoxdxeyq
19:55 Gifflen_ joined #salt
19:55 rgbkrk joined #salt
19:56 opapo joined #salt
20:02 helderco joined #salt
20:03 josephholsten joined #salt
20:04 jumperswitch joined #salt
20:08 cnelsonsic joined #salt
20:08 cbloss I can't seem to find an answer for this…Is there a way to watch a pip package, similar to an apt package? just using - watch: - pkg  doesn't work
20:09 narekb left #salt
20:09 bhosmer_ joined #salt
20:10 srage_ joined #salt
20:13 rgbkrk Do top.sls files get executed in order?
20:14 g4rlic cbloss: does using require: pip: <pipname> work?  (assuming you've tried that.)
20:14 rgbkrk Let me clarify, do the states listed in a top.sls file get executed in order?
20:14 rgbkrk I'm experiencing the state_auto_order for my individual state files but not for top.sls
20:15 darien joined #salt
20:15 g4rlic rgbkrk: I can't say definitively, but it appears that it does.  AT least in our case.  We have a '*' target at the top of top.sls, and it sure appears tahn everything there gets run before our more specific targeting later.
20:15 g4rlic (we're using 0.16.4, so take that as you will.)
20:16 Corey Yes, as of 0.17.0.
20:16 darien g4rlic: is this about which order host rules get run in? because that's been my experience as well with 0.17
20:16 MTecknology *grumble*
20:17 cbloss g4rlic: that worked, thanks. should have been obvious to me
20:17 rgbkrk Yeah, this is the order of host rules
20:17 Corey darien: In 0.17.0 ordering works, prior to that it was semi-random.
20:17 MTecknology I do refactoring of configs and a whole one thing stops working. I can't explain this one either...  http://dpaste.com/1413598/
20:17 rgbkrk base:
20:17 ipmb joined #salt
20:17 temujin9 okay, I think I get what's failing. I was trying to treat the s3 module as a state module, which it isn't. any suggestions as to how to get a file from s3, and dump it somewhere locally, in an SLS file?
20:17 darien Corey: that's good to know, since I was relying on that stupidly
20:17 Corey MTecknology: What did you change?
20:17 rgbkrk https://gist.github.com/rgbkrk/6941349
20:18 Corey darien: Yeah, I think that's a neat feature. :-)
20:18 g4rlic cbloss: glad I could help. ;)
20:18 srage joined #salt
20:18 darien temujin9: have a python script or something as a command, and then watch it?
20:18 rgbkrk My python state file gets executed after, resulting in deps not being met
20:18 m0hit joined #salt
20:19 Gifflen joined #salt
20:19 g4rlic rgbkrk: ah, I see what you're getting at.
20:19 mwillhite joined #salt
20:19 g4rlic So, let me clarify what I said: the targets in top.sls appear to be executed in order.
20:19 MTecknology Corey: I took a bunch of states and separated them into different files and rearranged where things were located. The states themselves and the data being pushed didn't change, but most everything else did
20:20 g4rlic Once you get below the target into the individual states, I believe corey's right, prior to 0.17.0, the order is uh, non-deterministic. ;)
20:20 temujin9 it's already built in to salt as a module, and I can invoke it via salt-call. Is there any way to avoid doing a cmd reaching back into salt-call?
20:20 rgbkrk g4rlic - I only have one target
20:20 rgbkrk Namely because I'm learning and building at the same time
20:21 g4rlic rgbkrk: I understand.  Sadly, I don't have an answer for you.  We're still on 0.16.4, and well, have just accepted needed to run highstate twice in some cases to get things done correctly.
20:21 darien temujin9: you mean to avoid running a command if <condition>?
20:21 rgbkrk oh wow
20:21 rgbkrk That's what I had to do yesterday. Felt gross, was hoping to find a better way.
20:21 g4rlic We have an additional problem, in that we're running with SELinux turned on.
20:21 g4rlic So that's where a lot of issues come from.
20:21 darien g4rlic: there's probably a salt state to fix that as well ;)
20:22 Corey g4rlic: patches accepted. :-)
20:22 g4rlic Corey: you wanna do my job while I patch salt?  If so, great, I'll get right on it. ;)
20:22 darien has anyone had problems with salt's fileserver module being unable to read the hash for a given file and erring out?
20:22 g4rlic (tbh, all you need is a good policy, salt itself doesn't need much fixed.)
20:22 darien I've patched around it for now but it feels like a strange sort of bug
20:23 thehyper_ joined #salt
20:23 darien (details/patches provided on request)
20:23 g4rlic rgbkrk: Personally, I'm getting a lot of mileage out of "Require:"
20:23 g4rlic that's helped a lot.
20:23 Corey g4rlic: Absolutely. I can sit around telling people "No" all the time. :-)
20:23 rgbkrk Sooo… I can't use require with pip
20:23 rgbkrk Or so it seems
20:23 rgbkrk And I'm installing pip + setuptools directly
20:24 MTecknology Corey: It's only really a headache because the users state wasn't changed in any way there's no reason it shouldn't be able to set a home dir for the user
20:24 g4rlic rgbkrk: I just answered that for cbloss a second ago. ;)
20:24 ange joined #salt
20:24 ange hi
20:24 rgbkrk g4rlic: oh what?
20:24 g4rlic require: pip: <pipname>
20:24 rgbkrk https://github.com/rgbkrk/salt-nbviewer/blob/master/python/init.sls
20:25 g4rlic just can't use pkg
20:25 Corey MTecknology: Is the user logged in when that state is called?
20:25 g4rlic to require pip
20:25 xl1 joined #salt
20:25 logix812 joined #salt
20:25 rgbkrk That actually works? It seemed like there weren't states.
20:25 g4rlic http://docs.saltstack.com/ref/states/all/salt.states.pip_state.html#module-salt.states.pip_state
20:26 g4rlic cbloss reported that it did indeed work. ;)
20:26 cbloss seemed to work for me. I am not 100% positive though
20:26 temujin9 darien: I'm trying to run s3.get in a state file, to pull a file from S3 down locally. Short of using cmd.run to invoke salt-call, is there some way to do this?
20:26 MTecknology Corey: nope; but no home directory is created either.. user is created... I'm wondering if somewhere in the code it fails to set the home dir if it can't create the dir.... so... I guess now I try to figure out why it won't create the directory
20:28 g4rlic cbloss: remove the dependency with pip, then re-run salt and see if it installs it. ;)
20:28 darien temujin9: nothing I can see, no :/ That seems odd though.
20:28 Corey MTecknology: If you crank up debugging, what command is it trying to run-- and does it when when run by hand? :-)
20:28 temujin9 right? I guess it makes sense to have it so that it can back the s3fs, but why not be able to pull a file direct without that?
20:29 jumperswitch_ joined #salt
20:30 rgbkrk g4rlic - That solves another issue, but doesn't fix the top.sls ordering
20:30 rgbkrk :-/
20:30 rgbkrk Wonder if I'm just not organizing this layout appropriately
20:30 rgbkrk Care to take a look g4rlic? https://github.com/rgbkrk/salt-nbviewer
20:30 _ikke_ joined #salt
20:31 rgbkrk I had this all working earlier before I switched supervisor to a pip installed version (and needed upgraded setuptools+pip)
20:31 darien So this is the problem I've been having, and it's REALLY strange that it just started today, since it worked last night before I left work and nothing's changed that I can think of: https://gist.github.com/danudey/e82784456e0fe4e8b692
20:33 darien The symptom is that state.highstate returns 'cannot open file salt://some/path/to/filename.conf' as if the file didn't exist on disk, because an uncaught exception is raised in that code so the whole thing fails
20:34 MTecknology Corey: heh.. It's executing   usermod -d /home/<user> <user>    and saying    usermod: user '<user>' does not exist in /etc/passwd
20:34 darien my guess is that it's a race condition, since there don't appear to be any exception handlers that would silently hide a failed fopen(), so the file must be opening correctly
20:34 Corey MTecknology: And does it?
20:34 MTecknology id <user>  <-- claims that it does
20:34 darien 'id <user>' can use many databases
20:34 MTecknology eh... it's probably using the AD server..
20:35 darien grep <user> /etc/passwd
20:35 g4rlic MTecknology: getent passwd <user> will guarantee use the local files.
20:36 g4rlic rgbkrk: let me see if I understand the problem..  at this point, you've installed supervisor via pip, as opposed to your native package management repository tools.
20:36 rgbkrk Well, not even that far.
20:36 darien g4rlic: nope, getent will use any user databases available
20:36 rgbkrk pip doesn't get installed and the python state never got run
20:36 MTecknology getent will check what nsswitch.conf tells it to.. getent resolves the user; the user is indeed not present in passwd
20:36 rgbkrk Same with the virtualenv installation
20:37 MTecknology I actually don't want that user to be present in /etc/passwd
20:37 darien MTecknology: so you'll have to set the user's home directory in wherever it's actually set (AD?)
20:37 g4rlic darien: so it does, I stand corrected!  (getpwnam(3) confirms.)(
20:38 g4rlic rgbkrk: I know it's kind of a yak shaving issue, but I would be very careful using remote locations for things in your salt config.
20:39 g4rlic https://github.com/rgbkrk/salt-nbviewer/blob/master/python/init.sls#L19  <-- that kind of thing rustles my jimmies.
20:39 Corey I'm with g4rlic on this one.
20:39 Corey If you need it, host it locally.
20:40 g4rlic rgbkrk: also, it's very hard to require: against a remote command like that.
20:41 darien alternately: store all your stuff on S3 and configure your fileserver to use that. Which sounds like a terrible idea to me.
20:41 rgbkrk Spookily, that's how Chef has been doing it
20:41 rgbkrk https://github.com/opscode-cookbooks/python/blob/master/recipes/pip.rb#L42
20:41 rgbkrk And it behaves much better than system pip
20:42 darien I forgot how ugly chef configs were
20:42 darien <3 salt
20:42 g4rlic rgbkrk: I wouldn't take cues from Chef or puppet, personally.. ;)
20:42 rgbkrk lol
20:42 rgbkrk Heh. I needed a better way to install pip.
20:42 g4rlic rgbkrk: your distro's pip sucks, is that the issue?
20:43 g4rlic I'm curious as to the need for the newer pip, is all.
20:43 MTecknology darien: fun! It looks like the homeDirectory attribute is set in AD, but libnss-ldap must not be taking care of that
20:43 rgbkrk Wasn't finding any good pointers for salt + pip
20:43 rgbkrk In reality, my system's setuptools / pkg_resources are bunk
20:43 MTecknology should be... nss_map_attribute homeDirectory unixHomeDirectory
20:43 rgbkrk Ubuntu 12.04 in this case
20:43 Corey MTecknology: If you're using AD for user management, why are you trying to create / modify users locally
20:43 Corey ?
20:44 g4rlic Well crap.  I would've advised packaging a new package and having salt install that, but making deb files was an exercise in pain last time I tried.
20:44 darien MTecknology: that's weird, since I use homeDirectory in LDAP (not AD) and it works fine
20:44 rgbkrk http://www.pip-installer.org/en/latest/installing.html
20:44 rgbkrk pips docs say to do the same for installation as well.
20:44 darien MTecknology: I guess if homeDirectory is a Windows file path, that won't work though…
20:44 rgbkrk pip install with upgrade for setuptools (in Salt) was not working right
20:45 MTecknology darien: It's the linux path
20:45 rgbkrk Which led me down this yak shaving path of installing direclty
20:45 darien MTecknology: how odd
20:45 Corey g4rlic: It's not that bad if you use fpm
20:45 rgbkrk Which would work, but the python state doesn't run through first
20:45 g4rlic Corey: noted, but thankfully, I work in a REdhat shop now. ;)
20:45 g4rlic rgbkrk: OK, so you're having trouble getting the deps to order correctly, I see..
20:45 Corey I work in everything now. :-)
20:46 MTecknology heh.... I'm going to have to do a lot of thinking on this one.... :(
20:46 MTecknology darien: Corey: http://img.pandawhale.com/post-10513-Code-Refactoring-Cat-in-Bathtu-yRZT.gif
20:46 g4rlic specifically, inside python/init.sls, yes?
20:46 darien MTecknology: pretty much
20:47 MTecknology It was going sooooo well
20:48 gadams joined #salt
20:48 gadams joined #salt
20:48 rgbkrk inside python/init.sls is fine
20:48 g4rlic ok
20:48 rgbkrk When I run state.highstate
20:48 MTecknology somehow I had this working earlier... Thinking over it, there was one big change... ldap servers -> ad servers; I thought this wouldn't touch that at all... I think it's very obvious that it did...
20:48 toofer joined #salt
20:48 g4rlic so where is the ordering failing?  Because I see some room to improve ordering there.
20:48 rgbkrk It doesn't run python first.
20:48 MTecknology so... time to do more AD fixing
20:49 xmltok joined #salt
20:49 Marion joined #salt
20:49 forrest joined #salt
20:50 cshuman joined #salt
20:50 g4rlic I See.
20:50 g4rlic fwiw, here's a slightly reworked state for python: http://pastebin.centos.org/4941/
20:50 g4rlic in this case, there's an order:  directive in 0.17.x that you can use.
20:51 g4rlic It places whatever is tagged with that integer into the same tier.
20:51 g4rlic so, for example, if you had order:0 in python, salt should run that first, and then run the others in lexical order.
20:52 temujin9 joined #salt
20:52 g4rlic That's what my interpretation of the docs is, at any rate.  Could someone more familiar confirm?
20:52 isomorphic joined #salt
20:53 cshuman joined #salt
20:54 Marion Hi jcockhren!  The person who originally set all this up, said he worked on things.  I got his most current Vagrantfile, minion.  It is now a masterless setup, and so I don't need salt-keys.  When I follow his instructions, I'm having issues with SSH connection refused.  I can ssh into the vagrant vm.  Is this issue familiar to you?
20:55 jefimenko joined #salt
21:01 liamc joined #salt
21:04 MTecknology fuck...
21:05 MTecknology darien: So... apparently I'll have to add these users by manually editing the passwd file...
21:08 darien MTecknology: what exactly are you trying to do?
21:08 MTecknology don't ask me that.... :(  ... lemme try
21:09 temujin9 anyone familiar with cmd.call? it seems the 'more correct' way to do what I want than cmd.run (namely use s3.get to pull a file from s3 to minion, without setting up s3fs on master), but I'm getting errors trying.
21:10 temujin9 namely, I am getting "global name '__salt__' is not defined" within the called function
21:11 kermit joined #salt
21:12 xl1 joined #salt
21:12 MTecknology We have an environment where users have a home directory set up (/home/<facility>/<user>) in AD for samba connections. They can connect to \\server\homes and it'll serve their home directory data. That part works. We also have administrators that need to authenticate using AD credentials, but locally. So instead of using the AD provided home directory, I need to set in passwd what I actually want
21:12 MTecknology it to be (/home/<user> and have pam still use AD for the authentication. I want salt creating that directory and managing what's in /etc/passwd.
21:15 giantlock joined #salt
21:16 rgbkrk Posted my question to StackOverflow: http://stackoverflow.com/questions/19327272/what-order-do-states-in-top-sls-get-executed
21:18 MTecknology darien: How's that sound for fun?
21:18 DredTiger joined #salt
21:19 toofer left #salt
21:20 MTecknology I really don't understand why this was able to work at all when I was using the same user states but pointing libnss-ldap at ldap servers instead of AD servers.
21:20 MTecknology I should have run into the exact same issue...
21:20 darien MTecknology: so you want local admin accounts as well as AD accounts? or you want local home directories for remote AD users?
21:22 josephholsten joined #salt
21:23 MTecknology I want the user jdoe to be able to log in locally (via ssh) and use /home/jdoe; but if they connect to a samba share, I want it to be using /home/1230/jdoe
21:23 MTecknology both using AD user/pass
21:24 druonysus I want vm-guest machines to mount a gluster filesystem that is built out of space that is available on the vm-host. No matter if I use NFS or the Native Gluster fuse client I have to specify the server the client needs to looks to (i.e. mount -t glusterfs server1:/test-volume /mnt/glusterfs). Since the vm-guests are dependent on the vm-host anyways, I want to tell the guests to use the host they are running on as their glusterfs server. Is there a
21:24 druonysus way for me to get this information without having to craft either a custom grain or pillar data for this?
21:25 MTecknology darien: I also just realized why it worked before, but not now... before it was creating the user before installing and configuring libnss-ldap, so AD wasn't checked for useradd
21:25 darien ah
21:25 MTecknology So regardless of what I did, this was going to pop up eventually
21:26 basepi drags: sorry i took so long to respond, just noticed your mention.  Could you take all of those ideas and put them into an issue?  It warrants more discussion.  To answer your questions, no, the key doesn't not change in minion ID change.  So we could theoretically compare to all our existing keys, that doesn't seem like it would have security implications, but I haven't really thought it through.
21:26 basepi drags: go ahead and create a new issue, otherwise it's easy to lose the discussion in favor of "open" issues.
21:27 drags basepi: will do, I might hold off til tomorrow. I haven't looked at the code yet, and want to provide something constructive :)
21:27 basepi drags: but i did want to hit your last point, too:  if we don't use socket.getfqdn() for the minion ID, what do we use?  the string "minion" followed by a sha of the time of creation?  IP address?  hostname is really all we have for a good default.
21:28 basepi i'm very open to suggestions, just being the devil's advocate.  =)
21:28 MTecknology darien: I get the feeling that the best way to do this is going to be making a separate state for these users that edits /etc/passwd and creates those directories will be the best option....
21:28 cjh joined #salt
21:29 MTecknology Sounds like a job for Monday!!!
21:29 drags basepi: absolutely.. I hadn't considered generating alternatives yet, but will do
21:29 Corey basepi: Have a pillar question for you.
21:29 basepi drags: ya, we love improving the minion id guessing.  because it's definitely not perfect.  so suggestions are very welcome.  =)
21:29 Corey I have a users.sls in my pillar tree. Up until now it's simple; contains a list of users and relevant values.
21:29 basepi drags: once you create that issue we can talk more there where the discussion is logged more permanently.  =)
21:29 Corey What I want to do is provide different users per system via pillar; the state enumerates the users iteratively.
21:30 Corey So if I have userA, I only want to have them live on a subset of my nodes.
21:30 basepi Corey: ok, sounds pretty straightforward.  running into problems?
21:30 Corey COnceptually. :-)
21:30 Corey base:
21:30 Corey '*':
21:30 Corey - users
21:30 Corey That's what top.sls says at the moment.
21:30 basepi careful.  if you're going to paste a lot, let's move into a PM conversation
21:30 basepi this channel already has enough noise.  ;)
21:30 Corey Nah, it was three lines. I'm done pasting. :-)
21:30 basepi kk
21:31 MTecknology darien: thanks for making me think through this!
21:31 darien MTecknology: it's the least I can do!
21:31 KyleG Hey Corey, ever seen this error before?  https://gist.github.com/kylegato/ce90e7d16225592085f4
21:31 Corey basepi: The state is looking for pillar:users.
21:31 Corey KyleG: I have not.
21:31 pdayton joined #salt
21:31 darien MTecknology: after ten years of this, just joining an IRC channel is usually enough to make me seriously rethink the issue before I ask the question, and I usually find the problem then :p
21:32 basepi Corey: so are you having trouble building pillar:users?
21:33 Corey No, everything works now-- but I'm trying to extend this.
21:33 basepi ah.  so what exactly is the problem?  =P
21:33 Corey Let me explain this a bit better. :-) The user state file iterates like so: {% for name, user in pillar.get('users', {}).items() %}
21:34 Corey How do I present different users to different minions via pillar?
21:35 basepi Corey: well, the simple answer is to assign different pillar files to each minion with different users in each, via the pillar top file
21:35 mgw Corey, I do it like this:
21:36 mgw One second, I'll paste my pillar.example
21:37 mgw Corey: https://gist.github.com/mgwilliams/9684f51513c7a8edf559
21:38 mgw I then have a user/group/sudo formula that utilizes that data to make users present or absent (they're #py sls files)
21:38 mgw basepi: I avoided that solution, since it required repeated definition of the same users.
21:39 basepi mgw:  right.  that's definitely the drawback.
21:39 uta joined #salt
21:39 basepi i like yours better
21:39 Corey Not necessarily, let me check something.
21:44 Corey mgw: From your example, aren't you provisioning John into all environments?
21:44 mgw Corey, what do you mean?
21:44 Corey John doesn't have privs except in sandbox from your pillar-example.yaml, but if I'm reading that properly he will exist in all environments?
21:45 mgw no
21:45 mgw the state formula ensures he's *absent*
21:45 temujin9 okay, finally figured it out. for a cmd.call against an existing module function, you have to reference it through __call__[]
21:45 temujin9 e.g. - state().cmd.call( __salt__['s3.get'], ... )
21:49 george_torwell joined #salt
21:50 ktenney joined #salt
21:56 Katafalkas joined #salt
21:57 krissaxton joined #salt
22:01 Ryan_Lane I have an issue where running salt-call on a module that accesses pillars works fine, but when called from the master it fails to access the pillars properly.
22:01 Ryan_Lane restarting the minion works, but I don't have a really simply way to restart the minions...
22:02 g4rlic salt '*' cmd.run 'service salt-minion restart' ? ;)
22:03 Ryan_Lane the last time I tried that all of my minions died
22:03 Ryan_Lane because salt effectively kills itself, which also kills its children (which is also the restart)
22:04 Ryan_Lane hm. seems that's working now
22:04 Ryan_Lane thanks
22:05 g4rlic TBH, I was half-joking.
22:05 thehyperadvisor joined #salt
22:05 darien I did that exact thing today
22:05 g4rlic I've run that myself, and it worked, but I felt like I was living dangerously when I did it.
22:05 darien it's how I got my adrenaline rush before my starbucks kicked in
22:06 g4rlic cmd.run 'service network restart' will do that too, as I discovered earlier.
22:06 darien I feel as though I should hack ufw to not allow me to do anything unless there's a root shell logged in at the console
22:08 g4rlic ufw?
22:09 darien ubuntu's default firewall thing
22:10 krissaxton joined #salt
22:12 g4rlic That's not a half bad idea..
22:12 g4rlic But I like Juniper's way of doing it slightly better:
22:12 g4rlic whyen you make a change, you type "commit <seconds>"
22:13 g4rlic If you don't type "commit" a second time within <seconds>, the commit rolls back.
22:13 Corey I like that.
22:13 g4rlic As do I.
22:13 g4rlic some engineer at Juniper was bit by typing the wrong command into a router 10000 mi away, and forgetting to cron a restart.
22:13 honestly I think iptables comes with a script that does that
22:13 honestly in some tool package
22:20 wrale joined #salt
22:21 g4rlic Man.  salt even has useful error messages..  "there's whitespace in your state.  Did you miss a : ?"
22:21 g4rlic sure enough..
22:22 wrale hello again room.. quick question.. is there any subsystem in salt or salt-cloud for creating vpc's and/or cloudformation stacks in aws?  also, if i should create a manifest in which i create something with cloudformation, is there a good way of retaining the api output aws will generate?  you know, facts for later operations (typically, immediately in succession, but perhaps on a following day/month)?
22:22 darien g4rlic: that's pretty fantastic
22:22 g4rlic Right? :)
22:25 blee joined #salt
22:27 bhosmer joined #salt
22:28 rgbkrk joined #salt
22:29 robawt hey guys! congrats on salt 17.0.1
22:30 robawt how do I pin to version 16.4 from ubuntu?!
22:31 rockey robawt: https://help.ubuntu.com/community/PinningHowto
22:31 goodwill Corey: ping
22:31 goodwill Corey: what happened to 0.16 in PPA?
22:32 Corey Holy crap you're still alive?
22:32 goodwill yeah
22:32 robawt rockey: we're still looking for the version 16.4 :\
22:32 goodwill Corey: what happened to 0.16.4 ppa debian package buddy?
22:33 goodwill Corey: whyyyyyyy
22:33 goodwill Corey: why is it gone?
22:33 eliasp I'm struggling with getting eauth working for Halite… I have in /etc/salt/master.d/external_auth.conf: http://pastebin.kde.org/pkebtri8c but when trying to login via Halite, salt-master's debug log says "Authentication failure of type "eauth" occurred." (full output: http://pastebin.kde.org/pwm4omysn )
22:33 Corey goodwill: That's a Launchpad question.
22:33 Corey It's how they run their stupid PPAs.
22:33 goodwill did the build fail?
22:34 Corey I'm not entirely sure what you're asking about?
22:34 zwevans joined #salt
22:34 goodwill Corey: 0.16 version is gone from PPA
22:34 goodwill https://launchpad.net/~saltstack/+archive/salt?field.series_filter=precise
22:34 goodwill Corey: you rebuild it yesterday
22:34 goodwill Corey: whyyyyyyyyyyyyyyyyyyyyyyy
22:34 Corey goodwill: I didn't touch it yesterday. Hmm.
22:34 ndrei joined #salt
22:35 goodwill salt 0.17.0.1-1precise Corey Quinn (2013-10-09)
22:35 Corey That was the wee hours of the morning two days ago.
22:35 goodwill day before yesterday
22:35 goodwill right
22:35 Corey But yes, launchpad only retains the most recent versions.
22:35 goodwill o_O
22:35 Corey Lovely, no?
22:35 depercated joined #salt
22:36 g4rlic I wonder if that's where FEdora got their habit of removing old packages came from..
22:36 Corey Yeah, I'm not happy.
22:36 depercated Question: Why is runas being depercated?  It doesn't make sense to me because some functions have user as a parameter that doesn't necessarily mean that's the user it's running as
22:36 depercated For example: file.managed
22:37 depercated or postgresql_database.present
22:38 Cidan depercated: because "user" is the param now
22:39 depercated right, but in some cases it's ambiguous now
22:39 depercated for file.managed, that's not what you're running the command as
22:39 erasmas joined #salt
22:39 goodwill Corey: so ... any thought on how we can get 16?
22:39 depercated you're running it as root and then assigning the file to the user defined by user
22:39 erasmas is there a changelog for salt?
22:39 Cidan correct
22:40 Cidan the point is to have a universal "user" param
22:40 Corey goodwill: cd ~/src/salt; git checkout v0.16.4; debuild?
22:40 Cidan and not user vs runas
22:40 goodwill Corey: and why is raring package is still on 0.16.4
22:40 Corey goodwill: Build failure with sphinx for 0.17.0 that we're working through.
22:40 goodwill ah
22:41 depercated Cidan: why wasn't runas chosen as the default then?
22:41 goodwill Corey: launchpad really does not maintain multiple version
22:41 eliasp ok, seems I found the reason, why I can't authenticate via Halite: https://github.com/saltstack/salt/issues/4046
22:41 depercated then there wouldn't be this ambiguity
22:41 depercated e.g. https://github.com/saltstack/salt/blob/develop/salt/modules/postgres.py
22:41 Corey goodwill: Not unless you know something I don't. :-)
22:41 depercated User does not mean the same as runas in that file
22:41 Cidan why was user chosen as the default?
22:41 goodwill FUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
22:42 Corey One moment.
22:42 goodwill no you
22:42 goodwill launchpad
22:42 goodwill thats so weird
22:42 goodwill its not like debian repos do not allow that
22:43 wyyang joined #salt
22:43 Corey goodwill: Let me fix this for you.
22:43 goodwill wait
22:43 goodwill so it can retain multiple versions?
22:43 Corey Building a 16 PPA for you, Princess.
22:44 xmltok joined #salt
22:44 goodwill well thank you Daddy
22:45 goodwill Corey: you get beer at scale buddy
22:45 eliasp yehaw, got my master + halite up'n'running in a Docker container… now need to merge my changes back into the Dockerfile…
22:46 thehyperadvisor joined #salt
22:47 pdayton joined #salt
22:47 Corey Yay beer.
22:49 mgw joined #salt
22:51 cshuman joined #salt
22:52 fxhp http://docs.saltstack.com/topics/releases/index.html
22:53 jslatts joined #salt
22:56 packeteer topic not yet updated?
22:56 forrest ?
22:56 packeteer 0.17.0 ?
22:56 forrest what about it?
22:56 packeteer topic still says 16.4
22:56 packeteer :)
22:57 forrest what
22:57 forrest Where do you see that?
22:57 fxhp SaltConf in January!! http://saltconf.com | 0.16.4 is the latest
22:57 forrest oh the IRC topic
22:57 forrest Yea I don't know, I haven't seen UtahDave around a whole lot this week (granted I've been MIA during the day)
23:00 ipmb joined #salt
23:03 Cidan does anyone know how to start halite from the server?
23:03 Cidan from salt-master, sorry
23:04 forrest are you running it on the salt master?
23:05 Cidan I don't know?
23:05 goodwill Corey: is it still building?
23:05 Cidan there are literally no docs for it outside of the halite repo
23:05 cshuman joined #salt
23:05 Cidan " The Halite UI can be started from within the Salt Master,"
23:05 Cidan From the release notes
23:05 forrest Cidan, good point, I'll see about getting a tutorial together this weekend.
23:05 forrest so you can run it from cherrypy
23:06 Cidan Ah, cool, okay
23:06 forrest so depending on your OS if you do an updatedb command, then locate server_bottle.py
23:06 forrest then just run it like ./server_bottle.py -s cherrypy
23:07 forrest Honestly it's been a bit since I looked at this readme, I don't SEE anything that would prohibit you from running it through a different web server with a restful interface, but I don't know for sure.
23:07 Cidan odd, I don't have it.
23:07 Cidan was it supposed to be a part of the ppa packages?
23:08 forrest not as far as I am aware
23:08 Cidan Ah, the release notes are a bit misleading then, okay, makes sense now
23:08 Cidan thanks, :D
23:08 forrest the salt packages usually just contain the base stuff to get salt up and running (no salt-ssh, etc.)
23:08 Corey goodwill: Which release?
23:08 forrest yea np, maybe whiteing build a package for it, but I don't know
23:09 goodwill Corey: 16, precise
23:09 goodwill Corey: I thought you said you were building it now
23:09 Corey goodwill: I am. Wondered which version you wanted built first.
23:10 forrest Cidan, I sent myself an email to try and get to that this weekend. I'll test piping it through a different server front end as well.
23:10 forrest really I should just write a salt formula to do the install
23:10 Cidan It seems to work well enough
23:11 forrest halite?
23:11 Cidan yes
23:11 Cidan and I think it'll be fine in front of a proxy
23:11 Cidan I can test in a sec
23:11 forrest yea it's pretty cool from what I've seen
23:11 forrest I don't mean a proxy, I mean through nginx or apache
23:11 forrest as opposed to straight through cherryp
23:11 forrest *y
23:11 jetblack joined #salt
23:11 Cidan right, that's what nginx is doing, a forward proxy
23:11 forrest gotcha, I thought you meant a squid proxy or something
23:11 Cidan er, reverse proxy
23:11 forrest was like 'where did we discuss that??'
23:12 Cidan hehehe
23:13 Corey goodwill: Should be building / built shortly in saltstack/salt16
23:19 seanz Has whiteinge changed his nick or something? I don't see him around, and he usually always is.
23:19 seanz Anyone seen him?
23:20 forrest Haven't seen him in a few weeks seanz
23:20 seanz Hm. That just seems odd to me.
23:20 forrest He probably got tired of us calling him 'white-ing'
23:20 forrest Really? He's always seemed in an out to me.
23:20 forrest *and
23:20 forrest just depends what is going on I think
23:20 seanz forrest: Ah, ok then.
23:21 forrest err white-inge, not whiteing
23:21 seanz forrest: I haven't been around long enough to know his "presence habits", I guess.
23:21 forrest seanz, I've only been hanging out daily for a few months now, so I might not know the history
23:22 forrest You could always try saying 'halite' 3 times
23:22 forrest might summon him :P
23:22 seanz haha! Maybe I'll save that for when I'm really bored.
23:22 seanz Though I did want to congratulate him on the hard work he's done there.
23:23 goodwill Corey: thank you sir ...
23:23 goodwill Corey: beersky is on me
23:23 forrest I imagine goodwill at Scale
23:23 Corey goodwill: Should be good.
23:23 forrest line out the door for beers
23:25 m0hit joined #salt
23:26 goodwill forrest: thats not entirely untrue
23:27 goodwill forrest: at last PyCon we had a booze RV where I ordered 3 kegs
23:28 thehyperadvisor joined #salt
23:29 forrest goodwill, Aww man I was at pycon 2013 :\
23:29 goodwill forrest: did you know of Plone Booze RV?
23:29 forrest nope
23:29 goodwill bummer
23:29 goodwill forrest: have I met you?
23:29 goodwill forrest: did you come to Pyramid booth?
23:29 forrest Yea I did
23:29 goodwill I am the community organizer for Pyramid
23:30 goodwill forrest: did anyone hug you at the Pyramid booth?
23:30 forrest Hmm, I don't remember very well, I remember talking about messing with Pyramid on 3k, and the dude I was talking to said he hadn't done so that much
23:30 forrest I did not get hugged.
23:30 goodwill hmmm
23:31 goodwill forrest: what do you look like?
23:32 Cidan like a bunch of trees
23:32 Cidan I imagine
23:32 forrest Lol, tall white nerdy dude with glasses, so 50% of the con :P
23:32 forrest There were two guys at the pyramid booth I think?
23:34 forrest anyways I've gotta run, I'll be back later.
23:34 Cidan forrest: reverse proxy works just fine fyi, using nginx, but pam login does not
23:34 seanz Anyone else here using salt to check out code from svn?
23:35 seanz I'm getting an error message that svn.latest in my sls file in unavailable. I'm not sure what that means.
23:37 goodwill probably not
23:39 taylorgumgum joined #salt
23:39 pdayton joined #salt
23:41 danielmcbawse joined #salt
23:42 bhosmer joined #salt
23:51 diegows joined #salt
23:52 liamc joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary