Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-10-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 jslatts joined #salt
00:11 higgs001 joined #salt
00:21 m_george|away joined #salt
00:35 redondos joined #salt
00:37 mwillhite joined #salt
00:44 oz_akan_ joined #salt
00:46 pdayton joined #salt
00:53 Jahkeup joined #salt
01:03 justlooks joined #salt
01:06 oz_akan_ joined #salt
01:07 oz_akan_ joined #salt
01:16 jslatts joined #salt
01:20 oz_akan_ joined #salt
01:21 liamc joined #salt
01:31 mgw joined #salt
01:36 ddv joined #salt
01:39 jslatts joined #salt
01:48 mgw joined #salt
01:49 fragamus joined #salt
01:51 Jahkeup_ joined #salt
02:10 Gifflen joined #salt
02:16 druonysus joined #salt
02:16 druonysus joined #salt
02:22 malinoff joined #salt
02:25 xmltok joined #salt
02:28 oz_akan_ joined #salt
02:32 mannyt joined #salt
02:32 druonysus joined #salt
02:32 malinoff Hi all
02:41 oz_akan_ joined #salt
02:43 cbloss is it possible to see what command salt used to run a specific state?
02:45 goodwill cbloss: it should be in the debug logs
02:46 malinoff cbloss: Could you clarify your question? Any single state runs by sls function in state.py module
02:46 malinoff cbloss: Debugging won't help with it
02:46 diegows joined #salt
02:47 Lue_4911 joined #salt
02:47 cbloss well, I guess let me start over. I am trying to setup a webhook from git to tell salt-master to do a git-update on a specific minion
02:47 akasto joined #salt
02:47 cbloss trying to figure out the best way to do this
02:48 cbloss i don't want to run highstate, just either a specific state, or command
02:50 xl1 joined #salt
02:54 malinoff cbloss: I'm not very familiar with git-update, but autocomplete says theres no git-update, there are git-update-index and -ref
02:55 __number5__ cbloss: have you look at event/reactor system? http://docs.saltstack.com/topics/reactor/index.html
02:56 cbloss yeah, git-update isn't a command, it is git pull or fetch or something similar (what salt runs)
02:56 cbloss __number5__: never heard of that before, not exactly sure what it does. let me look at it for a bit
02:59 malinoff cbloss: http://docs.saltstack.com/ref/modules/all/salt.modules.git.html?highlight=git#salt.modules.git
03:00 m0hit joined #salt
03:01 malinoff cbloss: You can use salt 'minion-id' git.pull path_to_git
03:01 cbloss malinoff: thanks, trying that now
03:02 justlooks is salt-ssh faster than salt?
03:02 malinoff cbloss: Np :)
03:02 malinoff justlooks: No, of course
03:02 justlooks malinoff:  why need salt-ssh?
03:03 malinoff justlooks: There are many situations when you need to configure your host without installed salt-minion
03:05 druonysus joined #salt
03:06 __number5__ justlooks: salt-ssh much slower than normal master/minion
03:06 justlooks malinoff:  is there any example to show the power of salt-ssh? i can not see any demo from the doc
03:07 malinoff justlooks: The power is that you can use your states, modules and other cool things but without installing salt-minion, that's all.
03:08 __number5__ justlooks: http://www.youtube.com/watch?v=uWGDC1PdySQ
03:09 redondos joined #salt
03:09 redondos joined #salt
03:10 justlooks malinoff:  if i use salt-ssh ,should i set the no password visit for each client?
03:11 malinoff justlooks: What?
03:12 justlooks malinoff:  because it use ssh , and ssh login need password ...
03:14 justlooks malinoff: if you run script though ssh ,you must set ssh key ,so you can login without password
03:18 gldnspud_ joined #salt
03:19 malinoff justlooks: I haven't used salt-ssh yet, but i think you could login without password only from the master
03:19 druonysus joined #salt
03:19 druonysus joined #salt
03:22 pdayton joined #salt
03:22 jefimenko joined #salt
03:23 anuvrat joined #salt
03:25 Nexpro joined #salt
03:26 mianos joined #salt
03:29 carmony hrm, I'm getting an error: Detected conflicting IDs, SLS IDs need to be globally unique. The conflicting ID is "core" and is found in SLS "base:common" and SLS "base:common"
03:29 carmony it happens when I have two state files including the same state file
03:30 carmony this hasn't been a problem in the past with 0.16, but 0.17 is giving me this error
03:33 druonysus joined #salt
03:42 cshuman joined #salt
03:46 malinoff carmony: Could you pastebin your state file?
03:46 carmony malinoff: yeah, one second
03:46 druonysus joined #salt
03:46 druonysus joined #salt
03:47 joehh carmony: https://github.com/saltstack/salt/issues/7526
03:48 jaequery joined #salt
03:51 carmony joehh: yup
03:52 carmony so what fixed it for me was to move those "common" includes into other state files
03:53 cshuman joined #salt
03:54 cshuman joined #salt
03:54 oz_akan_ joined #salt
03:54 carmony I'll add some details to the issue
03:56 justlooks carmony: seems no error in 0.16
03:58 carmony so it seems the problem is if you declare an include in your top.sls, and then somewhere else in your state files, its a problem
03:58 carmony but including the same state file multiple times in other files isn't a problem
03:59 jeddi joined #salt
04:08 berto- joined #salt
04:22 jaequery_ joined #salt
04:24 miao9611 joined #salt
04:26 jumperswitch joined #salt
04:43 goodwill 0.17 broke a few things
04:43 goodwill for example hostnames are name give as short not FQDN
04:44 jaequery joined #salt
04:45 goodwill a whole other small hosts of things
04:45 goodwill and if halite works I am mickey mouse
04:48 Gifflen joined #salt
04:49 sgviking joined #salt
05:08 josephholsten joined #salt
05:17 Katafalkas joined #salt
05:28 justlooks why sometime i execute the salt command not output?
05:29 rmt_ justlooks, I had a similar, yet slightly different, problem last night.  I had to refill the shaker.
05:32 malinoff justlooks: Take a look on logs
05:32 jumperswitch joined #salt
05:32 justlooks malinoff: on master?
05:32 malinoff justlooks: On the master, AND on a minion
05:35 Katafalkas joined #salt
05:39 cshuman joined #salt
05:42 anuvrat joined #salt
05:45 cshuman joined #salt
05:46 EugeneKay joined #salt
05:46 justlooks malinoff:  The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
05:49 malinoff justlooks: Is this minion accepted on the master?
05:50 TheCodeAssassin joined #salt
05:52 charlton joined #salt
05:57 justlooks malinoff: i use cobbler install the os and salt ,sometimes i forgot clean old key ,it will happen
05:58 malinoff justlooks: Try to delete old key and accept the new one
06:00 anuvrat joined #salt
06:08 cmthornton joined #salt
06:16 berto- joined #salt
06:17 justlooks malinoff: if i remove the old one , need restart minion ?
06:19 malinoff justlooks: I don't think so, a minion should request the master periodically
06:21 bud joined #salt
06:22 justlooks malinoff: how long the interval?
06:22 malinoff justlooks: >this salt minion will wait for 10 seconds before attempting to re-authenticate
06:24 justlooks malinoff: it seems not correct
06:25 justlooks malinoff:  i remove the key from master ,and sleep 40 in master ,then check  no  new key caming ,
06:26 druonysus joined #salt
06:27 malinoff justlooks: Try to restart the minion
06:27 justlooks malinoff: that's ok if the minion restart
06:27 malinoff justlooks: Cool
06:28 justlooks malinoff: it seems minion dose not know it's key removed on master,will not resend the auth request
06:31 jumperswitch joined #salt
06:34 sgviking joined #salt
06:47 az87c joined #salt
06:47 matanya_ joined #salt
06:48 tomeff joined #salt
06:53 matanya_ joined #salt
06:59 matanya_ joined #salt
07:00 sm1ly joined #salt
07:00 sm1ly re2all. guys, when I try to use iptables.check - it writes iptables.check is not available. why?
07:07 shomodj joined #salt
07:13 charlton joined #salt
07:14 webben joined #salt
07:14 LucasCozy joined #salt
07:15 webben Has something untoward occurred to the Ubuntu Raring PPA? When I apt get I see
07:15 webben *apt-get update
07:15 zooz joined #salt
07:15 webben W: Failed to fetch http://ppa.launchpad.net/saltstack/saltw/ubuntu/dists/raring/main/binary-i386/Packages  404  Not Found
07:15 adepasquale joined #salt
07:17 ckao joined #salt
07:31 sm1ly re2all. guys, when I try to use iptables.check - it writes iptables.check is not available. why?
07:32 miao9611 have some one met the prolem ? when I run salt \* state.sls mystate, if the hosts byond 100 hosts some hosts does not reponse
07:33 [M7] joined #salt
07:40 jonet joined #salt
07:43 jonet How are you guys adding new modules to salt? As far as I can tell the only way is to add directly to salt/modules. But since my salt installation comes from a debian package this doesn't seem optimal, considering it might just disappear once I've updated it.
07:47 felixhummel joined #salt
07:50 mgw joined #salt
07:59 ramteid joined #salt
08:08 N-Mi joined #salt
08:12 zooz joined #salt
08:12 balboah joined #salt
08:17 bud jonet: _modules directory within file_roots - http://docs.saltstack.com/ref/modules/
08:22 justlooks malinoff: i am wrong ,minion will resend the auth request,but you need wait a long time ,not 10 seconds
08:23 bud I am running latest Salt from Git and I am trying to create a seeded LXC container. The seed modules exists with "OSError: [Errno 16] Device or resource busy: '/tmp/tmp8GhgFGH'".
08:23 bud Manually umount-ing '/tmp/tmpXXX' works.
08:23 druonysuse joined #salt
08:24 tomeff joined #salt
08:31 bud The seeding works without using LVM as backing for the LXC containers.
08:32 middleman_ joined #salt
08:34 matanya_ joined #salt
08:43 middleman_ joined #salt
08:46 qba73 joined #salt
08:46 vsg joined #salt
08:47 qba73 left #salt
08:51 scott_w joined #salt
08:53 jonet bud: Thank you!
09:00 backjlack joined #salt
09:06 jumperswitch joined #salt
09:09 justlooks anyone can help this https://gist.github.com/justlooks/6947011
09:11 az87c joined #salt
09:16 matanya_ joined #salt
09:17 bud mgw hey there, are you around?
09:17 mgw bud: yeah, but about to head to bed. What's up?
09:20 bud I have found why the LXC seeding wasn't working.
09:21 mgw what was it?
09:21 bud Using LVM backing the seed module umount at the end the LV.
09:21 bud And existed with cannot umount resource busy.
09:21 mgw i see
09:21 mgw hmm
09:22 bud I have inserted a 5 seconds sleep before umount in seed module and works.
09:22 mgw can you open a ticket on it and mention me in it?
09:22 bud Of course, I will do that.
09:22 mgw it probably just needs to remount it
09:22 bud Thanks, have a good night sleep :).
09:22 mgw thanks
09:23 bud No need to remount it because the process of seeding is over.
09:24 bud https://github.com/saltstack/salt/blob/develop/salt/modules/seed.py#L142 before that I have inserted sleep(5).
09:24 matanya_ joined #salt
09:32 matanya_ joined #salt
09:35 anuvrat joined #salt
09:38 matanya_ joined #salt
09:42 Narven joined #salt
09:46 matanya_ joined #salt
09:52 matanya_ joined #salt
09:54 bhosmer joined #salt
09:56 matanya_ joined #salt
10:01 kiorky joined #salt
10:07 jumperswitch joined #salt
10:09 tomeff joined #salt
10:17 zooz joined #salt
10:25 sm1ly hmmm. I got 57 minions, but over sometime it disconnects from master... and there is no anything interested in debug ((
10:25 sm1ly and it wasnt work before I restart the salt-minions
10:40 exanimo joined #salt
10:40 exanimo hellos
10:41 joehh sm1ly: which os and zmq version/
10:42 joehh ?
10:43 sm1ly joehh, what is zmq? os master centos 6.4 minions - centos 5
10:45 joehh sm1ly: what happens when you run: salt --versions-report
10:45 packeteer zeromq is what underpins salt
10:45 joehh and salt-minion --versions-report
10:46 joehh looking particularly at the PyZMQ and ZMQ lines
10:47 sm1ly http://pastebin.com/srsqurCq
10:48 sm1ly pyzmq 2.2 vs 2.1 and zmq 3.2 vs 2.1
10:48 ml_1 joined #salt
10:50 joehh sm1ly: looks like you need a newer version of zeromq (and pyzmq) on your centos 5 machines
10:50 joehh until then you will get these lost connections
10:51 joehh the issue you should watch (and maybe comment on) is https://github.com/saltstack/salt/issues/5318
10:51 joehh You could try using a cron job with salt '*' test.ping at some interval
10:51 joehh that may work?
10:55 sm1ly joehh, no  cron test.ping wasnt work cause if I use salt-call on minions - it works great, so its looks like a problem with master, but there is no issues. helping only restart salt-minions... i understand... I ll try...
10:59 ramteid joined #salt
11:00 qba73_ joined #salt
11:09 matanya_ joined #salt
11:13 matanya_ joined #salt
11:15 jumperswitch joined #salt
11:15 logix812 joined #salt
11:18 matanya_ joined #salt
11:18 sm1ly joehh, maybe the way to use salt-minion restart in cron?
11:24 sm1ly oooh really its the versions... baad( okey thx. i try to resolve it
11:26 sm1ly joehh, how do u think, can it helps me? http://pastebin.com/ZXYD5JwE
11:26 srage joined #salt
11:28 jarias joined #salt
11:28 joehh sm1ly: I think that will only work on zmq 3 and above
11:29 jslatts joined #salt
11:29 joehh maybe salt-ssh will be workable once 0.17 stabilizes a little
11:29 srage_ joined #salt
11:30 sm1ly oh, its just a park of freepbx'es... and i cant just upgrade the system
11:33 packeteer how can i do a package update in a state file?
11:35 malinoff packeteer: pkg.latest ?
11:36 patrek joined #salt
11:37 ronc joined #salt
11:41 packeteer thought that was only for individual packages
11:42 malinoff packeteer: http://docs.saltstack.com/ref/states/all/salt.states.pkg.html?highlight=pkg.latest#salt.states.pkg.latest
11:42 malinoff It's not
11:44 packeteer still not the same as running: salt '*' pkg.upgrade
11:46 malinoff So do you need a package update or a system upgrade?
11:46 packeteer system
11:48 giantlock joined #salt
11:49 malinoff packeteer: System upgrade is not a state - it's an action. Actions in salt are called modules. When you run salt '*' pkg.upgrade - you run module pkg, not state pkg
11:49 packeteer oic, thx
11:50 blee joined #salt
11:50 packeteer so is it possible to acheive, or do we need to shell out etc ?
11:52 gildegoma joined #salt
11:53 malinoff packeteer: What's your point? To do periodical upgrades?
11:56 packeteer currently testing slaty-vagrant. it would be good to have a 'update+upgrade' happen post boot
11:57 matanya_ joined #salt
11:59 rgbkrk joined #salt
12:04 jbunting joined #salt
12:06 malinoff packeteer: You can set up a init script, you can catch 'minion_start' event on the master, you can use prepared box
12:06 malinoff So many ways to do just a single action
12:06 kyusan joined #salt
12:07 joehh sm1ly: then salt-ssh may be the best option for yuo - no requirement for a minion, just a ssh server
12:09 sm1ly joehh, does it work in 0.16.4 ? or only in 0.17 ?
12:11 ipmb joined #salt
12:17 bud sm1ly salt-ssh only works in 0.17.0 and beyond.
12:22 [M7] joined #salt
12:23 liamc joined #salt
12:23 Narven joined #salt
12:25 Narven_ joined #salt
12:30 benno joined #salt
12:30 benno left #salt
12:31 sm1ly bud, thx. I ll w8 for release
12:32 lemao joined #salt
12:33 jslatts joined #salt
12:34 backjlack joined #salt
12:36 gldnspud joined #salt
12:38 Furao joined #salt
12:44 or1gb1u3 joined #salt
12:45 diegows joined #salt
12:55 ml_1 joined #salt
12:59 saysjonathan joined #salt
13:00 amahon joined #salt
13:03 jumperswitch joined #salt
13:05 oz_akan_ joined #salt
13:06 ggoZ joined #salt
13:08 Gifflen joined #salt
13:08 oz_akan_ joined #salt
13:09 ipmb joined #salt
13:10 jpcw_ joined #salt
13:10 mwillhite joined #salt
13:10 cwarner joined #salt
13:10 juicer2 joined #salt
13:10 jarias_ joined #salt
13:11 clone1018_ joined #salt
13:12 Iwirada joined #salt
13:13 eskp joined #salt
13:13 nocturn joined #salt
13:13 eskp joined #salt
13:13 djinni` joined #salt
13:13 dcolish joined #salt
13:13 luminous joined #salt
13:16 matanya_ joined #salt
13:21 ewong- joined #salt
13:25 Kholloway joined #salt
13:26 toastedpenguin joined #salt
13:33 brianhicks joined #salt
13:35 mua joined #salt
13:38 ml_11 joined #salt
13:41 Narven joined #salt
13:41 krissaxton joined #salt
13:42 ml_1 joined #salt
13:44 qba73 joined #salt
13:45 krissaxton joined #salt
13:46 luminous left #salt
13:46 krissaxton left #salt
13:50 cshuman joined #salt
13:50 tomeff joined #salt
13:50 beardo joined #salt
13:57 mannyt joined #salt
13:58 Jahkeup joined #salt
13:59 blee joined #salt
14:03 cshuman joined #salt
14:12 cnelsonsic joined #salt
14:20 pdayton joined #salt
14:20 kermit joined #salt
14:25 middleman_ joined #salt
14:30 tomspur joined #salt
14:30 teskew joined #salt
14:35 luminous joined #salt
14:36 _chjohnstwork joined #salt
14:37 liamc joined #salt
14:39 terminalmage joined #salt
14:44 elfixit joined #salt
14:45 lmickh joined #salt
14:46 hsteak__ joined #salt
14:46 hsteak__ oh hai everyone
14:46 hsteak__ is this channel about saltstack?
14:47 hsteak__ (is* about)
14:48 hsteak__ anyway, i have several host with removable hard drive, using full disk encryption (with cryptsetup)
14:48 ddv no
14:49 supplicant hsteak__: go on
14:49 hsteak__ any idea on how to manage these disk with salt?
14:50 supplicant hsteak__: I'd love to know if you find out
14:50 * supplicant has been wondering
14:50 hsteak__ how to input the passphrase without stocking it on the host etc
14:50 hsteak__ s/stocking/storing/
14:51 hsteak__ i have the feeling that with volume_key (this is a file containing the key) and maybe a tmpfs, it might work
14:52 hsteak__ and was wondering if any of you guys had any experience in that
14:54 rgbkrk joined #salt
15:02 bhosmer joined #salt
15:05 wrale luminous: huff and puff, but you won't blow the house down :)
15:05 luminous O.o
15:06 wrale that's storybook for .. i'm not against using salt, just not in my docker containers
15:08 krissaxton joined #salt
15:08 Jahkeup joined #salt
15:09 kaptk2 joined #salt
15:13 m_george left #salt
15:16 JaredR joined #salt
15:17 forrest joined #salt
15:19 neilf joined #salt
15:20 ronc joined #salt
15:20 sgviking joined #salt
15:21 cshuman joined #salt
15:25 SunSparc joined #salt
15:26 ncjohnsto joined #salt
15:27 opapo joined #salt
15:29 higgs001 joined #salt
15:32 pentabular joined #salt
15:32 pentabular joined #salt
15:33 Jahkeup joined #salt
15:34 MTecknology I'm writing a state for system users on servers that have ldap authentication available that I need to override given the same username. What's a two word way to say that?
15:35 MTecknology notsamba_users.sls?
15:37 lineman60 joined #salt
15:41 druonysuse joined #salt
15:41 druonysuse joined #salt
15:45 mlanner_ joined #salt
15:45 jumperswitch joined #salt
15:45 UtahDave joined #salt
15:47 mlanner_ forrest: i had dropped off on sat eve. you had a question?
15:47 pipps joined #salt
15:47 forrest mlanner_, I don't remember what it was.
15:47 forrest I'm sure it wasn't that important though
15:48 mlanner_ k. just wanted to check.
15:48 forrest Thanks
15:51 jrdx joined #salt
15:56 pentabular1 joined #salt
15:57 pdayton joined #salt
16:00 UtahDave Feels nice to be back in #salt after being gone for 2 weeks!
16:00 Furao joined #salt
16:00 MTecknology MISSED YOU!
16:00 pentabular1 :)
16:01 UtahDave :)
16:01 MTecknology I hate having to do this...
16:02 pentabular1 do not hit yourself in the face with a hammer
16:02 jalbretsen joined #salt
16:02 MTecknology I don't wanna :(
16:03 MTecknology I'm considering telling everyone that they can't use their usual credentials for logging into servers and instead need to use their first name with a password that they have to set up with me
16:03 MTecknology Then I don't need to fight winh AD credentials conflicting with system credentials and the states won't break because they can't set a home dir
16:05 qba73 joined #salt
16:07 berto- joined #salt
16:09 jbunting joined #salt
16:09 redondos joined #salt
16:09 redondos joined #salt
16:11 jumperswitch joined #salt
16:12 KyleG joined #salt
16:12 KyleG joined #salt
16:12 jdenning joined #salt
16:12 toofer joined #salt
16:14 Lue_4911 joined #salt
16:14 NV joined #salt
16:15 Iwirada left #salt
16:16 codeinthehole joined #salt
16:16 forrest MTecknology, that is a horrible idea
16:17 forrest What happens when you have two David's? Then you have to figure out that naming scheme, like DavidA, and David, so then what happens when you have another DavidA? You have to change it to DavidAdams, or whatever.
16:17 forrest It's horrible
16:18 NV I for one welcome our new numbered username overlords
16:18 jefferai joined #salt
16:18 forrest Heh
16:18 forrest If you're going to do that you need to consider those edge cases, and plan accordingly, so something lame like firstname_lastname or something that sucks like that
16:18 NV at the university i work at we used to have <2 letter faculty code><3 initials> as a username
16:19 forrest that's a good idea NV
16:19 NV was all sorts of pain because when someone changed faculty, their username changed...
16:19 forrest oh you guys would update it?
16:19 NV uh-huh...
16:19 forrest what happened when you had two people in the same dept. that had the same initials?
16:19 NV not sure tbh, this was a long time ago
16:19 forrest Ahh
16:20 NV nowadays we just have a two letter prefix (initials of the university) followed by a 6 digit number
16:20 saurabhs joined #salt
16:20 saurabhs left #salt
16:20 forrest If I were going to design it, I'd probably do firstname<joindate> or something like that.
16:20 saurabhs joined #salt
16:20 NV to the day?
16:20 forrest NV, oh nice, get that lack of personalization going on
16:20 NV what happens if you get two john's on the same day? :P
16:20 forrest yes, 20131014
16:20 forrest Yea, a problem to consider
16:20 NV seems a tad long
16:20 forrest *shrug*
16:21 NV 8 digit number + potentially long username
16:21 forrest my current username is my firstname, then my last name with an underscore
16:21 NV we have some indian staff members
16:21 forrest as do we
16:21 NV with like 20+ character first names
16:21 NV fuck typing that shit out
16:22 forrest my username is 15 characters, sucks
16:22 fxhp joined #salt
16:22 forrest I wish I could have just used my usual system nick
16:22 forrest that I use at home, would have made it a lot better
16:22 eliasp mine is 7 characters… university with ~80k users
16:22 forrest or just my first name since I'm the only forrest.
16:22 NV meanwhile you know an 8 digit username (two fixed letter prefix + 6 digits) gives you _LOTS_ of options (we're not running out any time soon), no issues with usernames too long, no questions about capitalisation, and usernames are immediately identifiable as being usernames
16:23 saurabhs joined #salt
16:23 forrest Yea, do you guys keep a database of which username applies to which person though?
16:23 NV yeah, we have a fully blown identity management system
16:23 forrest What happens when AB102356 is screwing your system up, or is overrunning their disk space? I assume you have a lookup/database?
16:23 eliasp forrest: linked with the staff DB here
16:23 forrest yea that's nice then
16:23 NV ties in with our hr system, student management system, etc
16:23 NV ldap and ad contain first/last names as well
16:24 forrest Yea that's a pretty good idea
16:24 NV cause lets face it, 'john smith' tells me just as much as ab123456 does in any large organisation
16:24 forrest entering almost 20 characters every time I log in sucks
16:24 NV you're going to have to look up who the hell it is anyway
16:24 krissaxton joined #salt
16:24 eliasp whatever is possible is linked via LDAP or Shibboleet to the central LDAP/AD
16:24 NV and find their job title, phone number, etc
16:24 eliasp NV: ACK
16:24 NV haha yeah we run shib too
16:25 mgw joined #salt
16:25 NV feeds off our dedicated ldap infrastructure though (not aids directory ldap)
16:25 NV (ok, ad isn't that bad, but i like to keep my ad for windows and everything else out of it - tends to make for a happier everyone)
16:26 eliasp NV: yes, my personal environment runs OpenLDAP, but the university unfortunately runs AD/2008 ;/
16:26 NV hah
16:26 NV we were on server 2000 functional level until 2 weeks ago
16:26 NV (we're now on 2003)
16:27 eliasp ouch ;)
16:27 NV in the process of bringing in server 2012 DC's to decomission all the old shit
16:27 NV (at which point we'll be raising up to 2008 r2 functional level at least)
16:27 eliasp ok, that sounds like a plan ;)
16:28 NV yeah
16:28 eliasp decommissioning (and especially seeing everything still running afterwards) is one of the best feelings in IT
16:28 NV haha, haven't gotten quite to that stage yet
16:28 NV running with new and old dc's at the moment
16:28 NV someone decided to make one of the dc's also the domain ca
16:29 NV probably going to just rebuilt the ca entirely
16:29 m0hit joined #salt
16:29 eliasp eek, how do you ensure everyone get's a new cert in time…? ;)
16:29 NV i believe you can force clients to renew
16:29 eliasp rebuilding a CA from scratch sounds like a lot of pain, but well, sometimes that's less pain than keeping it… ;)
16:30 pdayton left #salt
16:30 eliasp NV: well, the CA might also be used for other stuff (webservers, etc.) completely out of the AD scope
16:30 NV create ca, push out via gpo (alongside old ca), add certificate templates to new ca, remove cert templates from old ca, force clients to renew certificates, decommission ca
16:30 NV ah, thankfully we have _NONE_ of that crap happening
16:30 NV the CA is only for AD-related shiz
16:30 jumperswitch joined #salt
16:31 NV real certificates are all issued by an actual CA
16:31 eliasp NV: ok, as long as all certs are used within your infrastructure and you didn't hand out anything to sub-orgs etc.
16:31 eliasp ah, ok
16:31 eliasp luckily ;)
16:31 NV yeah, we're members of auscert - and as a member you get unlimited number of real certs from them for your organisation
16:31 NV so we make use of it :D
16:31 eliasp hehe
16:32 NV it's amazing how liberal one gets with ssl when you have /16 of address space and $0 certs (even wildcards!)
16:32 lmickh joined #salt
16:32 eliasp auscert… aren't you part of big#5, so the NSA has got your root-certs' keys? ;)
16:32 NV probably :P
16:33 NV needs more HSTS certificate pinning!
16:33 eliasp NV: well, as long as MS can update the cert-store with arbitrary trusted CAs, windows just sucks for security :)
16:34 jdenning joined #salt
16:34 eliasp anyways… back to finishing https://github.com/saltstack/salt/pull/7799 (improved LDAP support for eauth)
16:34 NV yeah i know... :(
16:34 redondos joined #salt
16:34 redondos joined #salt
16:35 NV man, i want to build vyatta support into salt, would be awesome... (see: vyatta-based edgemax routers are winsauce, and cheap as chips)
16:35 redondos joined #salt
16:35 redondos joined #salt
16:35 NV but so much of salt's code (and vyattas for that matter) is black magic to me... need to sit down one time and figure out how said black magic works
16:36 eliasp ;)
16:38 UtahDave eliasp++
16:39 redondos joined #salt
16:39 redondos joined #salt
16:39 eliasp UtahDave: review/comments welcome… also testing… I'm pretty sure I miss at least 5 corner-cases ;)
16:43 ronc joined #salt
16:43 taylorgumgum joined #salt
16:57 honestly joined #salt
16:57 honestly joined #salt
17:00 g4rlic joined #salt
17:01 danielbachhuber joined #salt
17:02 evax left #salt
17:03 jacksontj joined #salt
17:03 taylorgumgum joined #salt
17:07 logix812 joined #salt
17:09 sgviking joined #salt
17:10 Katafalkas joined #salt
17:10 blee joined #salt
17:12 bhosmer joined #salt
17:20 jefimenko joined #salt
17:28 brianhicks joined #salt
17:29 akoumjian Oh man! http://www.cvent.com/events/saltconf-2014/event-summary-3aef0eba23dd49a1bd9ffcaaf83d657e.aspx
17:29 akoumjian Exciting, UtahDave :-)
17:30 gildegoma joined #salt
17:31 austin987 joined #salt
17:33 UtahDave yep!!
17:33 Corey In the event that my talk doesn't get picked I intend to sneak into the con disguised as catering staff.
17:33 UtahDave Can't wait to hear your talk, akoumjian!
17:34 akoumjian I'm thinking about it. :-)
17:35 premera joined #salt
17:37 cro joined #salt
17:38 MeanderingCode left #salt
17:38 MeanderingCode joined #salt
17:38 mgw UtahDave (or anyone): any ideas why I had to make this change to carbon_returner to get it to work? https://gist.github.com/mgwilliams/5f25e32c86c7837d9ba1
17:39 matanya_ joined #salt
17:39 mgw Is it a difference in how returners are called by schedulers on the master vs the minion?
17:40 mgw (I'm using it to return data from a minion-side schedule)
17:40 redondos joined #salt
17:40 redondos joined #salt
17:41 UtahDave mgw: Hm. I'm not really sure.
17:42 mgw I'm guess that's the reason, as what I removed, was the iteration over each minion's result
17:43 UtahDave could be. Do you think this is something the other returners are going to have issues with?
17:43 Katafalkas joined #salt
17:43 mgw quite likely
17:43 mgw I've not tried the others
17:44 mgw However, I was under the impression the returners were called minion-side regardless of where the process is invoked.
17:44 mgw so i'm a little puzzled
17:45 taylorgumgum joined #salt
17:45 mgw btw, the diff is backwards
17:45 mgw I removed what it shows was added
17:45 Linz joined #salt
17:47 UtahDave ok.  Yeah, returners are called minion side
17:47 mgw UtahDave, looking at the other returners… I don't think they have this issue
17:47 cachedout joined #salt
17:47 mgw The others seem to just dump the data wherever
17:47 UtahDave ok, cool
17:47 mgw But carbon parses the data that's dumped into the returner
17:48 mgw So I'm puzzled why it's iterating over a name/val dict where name is hostname based on that code
17:48 mesmer joined #salt
17:48 mgw (or id)
17:48 pass_by_value joined #salt
17:48 mgw I bet I know
17:49 mgw UtahDave: how does a returner interact with a runner?
17:49 rhand joined #salt
17:51 mgw I don't want to just "fix" it and break it for someone else's use case, so I'm not sure how to resolve this.
17:52 UtahDave Hm. I wonder who wrote the carbon returner originally?
17:54 mgw thorve
17:54 mgw or torhve rather
17:54 mgw I don't see him here
17:56 mgw interestingly, his use case is minion side: http://www.bidne.org/salt-munin-carbon-graphite
17:56 mgw did something change in the returner api since then?
17:56 mgw UtahDave ^
17:57 jacksontj joined #salt
17:57 UtahDave mgw: I'm not sure. I don't remember anything drastic, but I could have missed something.
17:58 mesmer joined #salt
17:59 Jahkeup joined #salt
18:00 Katafalkas joined #salt
18:00 basepi returners now expose args and kwargs, dunno if that's relevant.
18:00 basepi that's post 0.17.0 though
18:01 * basepi goes back to lurking
18:02 mannyt_ joined #salt
18:03 oz_akan_ hi all
18:03 lesnail joined #salt
18:03 oz_akan_ are jinja templates in a pillar file also interpreted in minions?
18:05 UtahDave oz_akan_: no, pillar files are completely rendered on the Master
18:05 oz_akan_ that is nice
18:05 oz_akan_ UtahDave: thanks !
18:05 Corey Which is a feature, not a bug!
18:08 mgw basepi: the returners expose args and kwargs, or they're exposed to the returner?
18:08 mgw basepi, UtahDave: https://github.com/saltstack/salt/blob/develop/salt/minion.py#L814-L820
18:08 mgw That seems to be the 'definition' of the return API
18:08 mgw s/return/returner/
18:09 basepi mgw: good question?  let me find the issue
18:10 mgw basepi: afaik, there's no open issue
18:10 codeinthehole joined #salt
18:10 mgw I can open one though
18:10 basepi i closed one just today
18:10 basepi about returners.  dunno if it's relevant to your question (wasn't really paying attention) but i'll grab it
18:10 mgw oh, ok
18:10 basepi mgw: https://github.com/saltstack/salt/issues/7352
18:11 basepi that's the only thing that comes to mind about returner changes, but i haven't been paying very close attention
18:11 basepi and it might not be relevant at all
18:12 lesnail What is the preferred way for a 3rd party tool, e.g. jenkins, to make use of the salt event system? For example, firing an event about a successful build to the master.
18:12 terminalmage joined #salt
18:13 mgw basepi: doesn't seem to be, the value of data['return'] has not changed
18:13 basepi then sorry i made noise
18:13 basepi carry on
18:13 mgw and that's what the carbon_return is grabbing
18:13 mgw and then expecting to be a k/v of minion_id/return data
18:14 lesnail The way I do it right now is using a setuid program to execute salt-call event.fire_master ... but I was wondering if there was a more elegant way, without needing root privileges
18:14 mgw UtahDave: any idea how to resolve this? I'd say it's a bug in the carbon_return, except that Tor obviously had it working at one point.
18:15 UtahDave lesnail: That's basically what I've been doing.
18:16 UtahDave lesnail: I set up a sudoer to just allow that command.
18:17 jacksontj joined #salt
18:19 bhosmer joined #salt
18:19 lesnail UtahDave: Thanks, I will give it a try, seems less overhead than having a c programm for this one usecase
18:19 lesnail :)
18:21 zooz joined #salt
18:25 UtahDave FYI, I just announce on the mailing list a new effort to have the Salt Docs translated.  You can see the current status here: https://www.transifex.com/projects/p/salt/
18:25 felixhummel joined #salt
18:25 mgw UtahDave, I think I figured it out
18:26 mgw It's a case of the returner being tailored to a specific module.
18:26 UtahDave mgw: ah, cool
18:26 mgw well, not really
18:26 mgw b/c If I "fix" it, it will break for him
18:27 UtahDave ok, lets consult with him and see if we get a response.
18:29 mgw I'll open an issue.
18:29 mgw Now that I know what the issue is.
18:29 jrdx joined #salt
18:29 UtahDave cool.  Thanks, mgw!
18:35 forrest UtahDave, are you gonna learn Russian?
18:35 matanya_ joined #salt
18:35 TheCodeAssassin joined #salt
18:38 UtahDave forrest: not yet!   :0
18:38 forrest Psssh, who is gonna translate the docs and go take care of clients in Russia then?
18:39 alunduil joined #salt
18:39 jesusaurus what is the "Hydrogen" version?
18:39 forrest It's odd to me that Spanish is considered (United States)
18:39 UtahDave forrest: I hear you speak Russian!
18:40 forrest I wish
18:40 KennethWilke joined #salt
18:40 UtahDave forrest: I just chose (united states) since that's what I'm most familiar with. If someone cares, we could change that to spain or latin america
18:40 UtahDave jesusaurus: That's the codename of the next release of Salt
18:40 forrest ahh ok cool, I thought that was auto-selected.
18:41 forrest Oh for whoever was asking about the halite docs, I didn't finish them this weekend, had too many problems setting it up to get them all done. I made the changes to the release notes though, just need to put in a merge request.
18:41 forrest I can't remember who I was talking to about that, the joys of multiple machines
18:48 mgw UtahDave: https://github.com/saltstack/salt/issues/7821
18:48 UtahDave cool, thanks, mgw
18:49 UtahDave glad you tagged tor there, too.
18:49 EHLOVader joined #salt
18:49 mwillhite joined #salt
18:51 mgw UtahDave: np… I'd like to reconcile my modified code with develop.
18:51 mgw UtahDave: do you think my recursion idea would be acceptable/workable?
18:53 m0hit joined #salt
18:54 UtahDave Hm. that might work. Have you attempted an implementation?
18:55 rgbkrk joined #salt
18:56 jesusaurus UtahDave: why is salt changing its versioning scheme?
18:57 mgw UtahDave: trying one now
18:58 UtahDave Tom wants to move to a more time based release. Until the release date is determined we'll be calling it by a code name pulled from the periodic table of elements
18:58 UtahDave Hydrogen being the first.
18:59 jesusaurus are you aware that pip 1.5 is going to have stricter versioning requirements than pip 1.4? (im trying to get some details on those requirements for you)
18:59 felixhummel joined #salt
19:02 UtahDave jesusaurus: Hm. I'm not, actually.
19:06 bhosmer joined #salt
19:06 UtahDave xt: did you create the carbon returner?
19:08 _ikke_ joined #salt
19:11 shomodj joined #salt
19:15 Jahkeup joined #salt
19:16 codeinthehole left #salt
19:17 Jahkeup joined #salt
19:17 lesnail UtahDave: is there a way to restrict the sudoers solution to using salt-call event.fire_master ?
19:17 pdayton joined #salt
19:18 lesnail if the user can use any module with salt-call he basically has root privileges
19:19 UtahDave lesnail: Yeah, you can. Let me see if I can find the example I used with the openstack-infra team.
19:19 lesnail UtahDave: That would be great, thank you
19:19 Jahkeup_ joined #salt
19:20 UtahDave Here's you go: https://github.com/openstack-infra/config/blob/master/modules/openstack_project/files/salt-trigger.sudoers
19:21 UtahDave lesnail: that will allow the sudo user to call salt-call event.fire_master  and pass in any options it needs
19:21 jimallman joined #salt
19:21 lesnail UtahDave: thanks a lot, this is great :)
19:21 UtahDave lesnail: you're welcome!
19:22 jimallman left #salt
19:23 UtahDave lesnail: Are you using this with Jenkins?  I'm just curious on how you're using this.
19:26 sgviking joined #salt
19:26 lesnail UtahDave: I think i'll be using a similar setup to what wikimedia is using. Thomas H.described it at a meetup in San Francisco last week. So what I'll be doing is jenkins informing the master about successful builds. The master then should pull the new packages and distribute them onto live test servers for acceptance tests and afterwards to production
19:26 berto- joined #salt
19:27 giantlock joined #salt
19:27 UtahDave ah, cool.  openstack-infra is doing something similar
19:27 lesnail I will let you know how it worked out, got to go right now, but will be back later, thanks again for your help!
19:28 pentabular joined #salt
19:29 UtahDave you're welcome!
19:32 pentabular joined #salt
19:33 xt UtahDave: yes
19:34 troyready joined #salt
19:34 TheCodeAssassin2 joined #salt
19:34 UtahDave xt: did you see the open ticket on it?  mgw seems to have found a bug in it, but it unsure how to fix it without breaking current api.
19:35 xt I have no strong opinions on it
19:35 ClausA hmm, no salt community @ http://cfgmgmtcamp.eu/ ?
19:36 xt mgw: im torhve :-)
19:37 UtahDave ClausA: Hm. I'm not sure that event has come across our radar yet.  I'll forward that link internally
19:37 UtahDave ClausA: are you involved in that?
19:38 ClausA UtahDave: No, just heard about at monitorama.eu a couple of weeks ago.
19:38 ClausA http://cfgmgmtcamp.eu/#deadlines - 10/10/2013 : Call for Communities Ends
19:39 ClausA Not sure how strict they are about deadlines
19:39 xt mgw: maybe this will shed some light on why the carbon returner is what it is: http://hveem.no/salt-returner-for-carbon
19:41 srage joined #salt
19:43 UtahDave thanks, xt
19:43 taylorgumgum joined #salt
19:43 xt it should probably just be modified to accept any sort of datastructure
19:47 mgw xt: I was reading one of your other blogs
19:48 mgw but I think I understand why
19:48 mgw Here's my patch
19:48 mgw https://gist.github.com/mgwilliams/bd9e94b89d6f2d88dd78
19:49 xt + # TODO: Is this a good idea? Wouldn't the 'id' remain stable anyway?
19:49 xt mgw: the id changes if you migrate a VM from one host to another :-)
19:49 mgw the minion id?
19:49 xt no
19:49 xt or
19:49 xt yes
19:49 xt that is.. the host
19:49 xt the host's minion id
19:50 xt IIRC the key will be host.vm.metric
19:50 xt so then the vm is boudn to that specific host
19:50 mgw so you're thinking like virt.info type stuff
19:50 xt yea
19:50 mgw i see
19:50 mgw ok, i'll take the note out
19:50 xt that was my initial use case, as you can tell from the blog
19:50 xt but extending it to walk the structure is a good change
19:50 krissaxton joined #salt
19:51 mgw xt: does the patch look reasonable/non-breaking otherwise?
19:51 xt even if it breaks it's probably for the better
19:51 mannyt joined #salt
19:51 xt it should support as many structures as possible
19:51 mgw I tested with this dict:
19:51 mgw ret = {'fun': 'fun1', 'return': {'bar': 1, 'biz': {'baz': 1}}, 'id': 'foo'}
19:51 xt I think I only tested with basic stuff like virt and munin
19:52 mgw ok, I'll push what I have then
19:55 blee joined #salt
19:55 mgw UtahDave: https://github.com/saltstack/salt/pull/7822
19:55 EHLOVader left #salt
19:55 mgw So I think that takes care of that. Thanks xt!
19:56 xt I'll come back in anger in a few months when I have a chance to test it!
19:56 xt (if it breaks anything!)
19:56 xt hehe
19:56 UtahDave merged.
19:57 Cidan psst
19:57 Cidan update topic
19:57 Cidan :D
19:57 mgw UtahDave: that was fast! thanks!
19:58 mlanner- joined #salt
19:58 mgw xt: Just don't break *my* setup when you "fix" it ;-).
19:58 xt mgw: what if you broke mine by "fixing" it now !?
19:59 mgw I gave you the chance to review it :-)
19:59 mgw btw, great blog posts xt.
20:00 xt thanks!
20:02 retrospek joined #salt
20:02 jacksontj joined #salt
20:03 retrospek left #salt
20:03 rmt_ UtahDave, I created https://github.com/saltstack/salt/issues/7669 based on what I got from your email reply, btw. Salt's definitely missing some architecture docs though, esp. around message flows & encryption.
20:03 QauntumRiff joined #salt
20:04 dstufft joined #salt
20:04 qba73 joined #salt
20:04 dstufft left #salt
20:05 UtahDave rmt_: cool. I'll get Tom to take a look at that.   Yeah, we could definitely use more docs on those internals
20:06 shinylasers joined #salt
20:07 rmt_ I don't have a lot of time to dig deep myself, or I would.. between work & moving house, I'm lucky to get any time to myself. ;-)
20:11 cshuman_ joined #salt
20:19 jumperswitch_ joined #salt
20:21 mesmer joined #salt
20:31 forrest hey ifnull are you around?
20:31 krissaxton joined #salt
20:32 ggoZ joined #salt
20:36 jesusaurus UtahDave: it looks like i was misinformed about the version thing. as long as the version is pep-440 compliant it's fine.
20:38 UtahDave OK.  I'll discuss it with Tom to make sure that type of thing has been taking into account.
20:39 rgbkrk Is there a way to use the bootstrap script so that it sets the minion config up to point at a master?
20:39 rgbkrk (and if not, would that be appropriate to send a PR for?)
20:40 Corey I'd prefer SEMVER but... :-)
20:40 seanz Quick question: I have a file.absent that is reported to be executed, but only on the second highstate call do I actually see the file get removed. Is this possibly a known issue?
20:40 jesusaurus Corey: same here
20:40 Gareth 'lo
20:40 Corey Gareth!
20:41 Gareth howdy :)
20:41 Corey Gareth: Don't tell me $DAYJOB is using Salt now...?
20:43 Gareth Corey: Nope.  Pretty heavily engrained with Puppet and Ruby.  I'm here for other nefarious reasons. :)
20:45 Corey Gareth: I figured I'd leave the salt talks this year to others; my proposal's a bit... different.
20:45 Corey I *think* it was submitted properly.
20:47 luminous question on salt-cloud: are the maps at all dynamic? eg, as I understand things, I can define some VMs in a map, with some number of VMs for each type.. but if I want to add more VMs on a particular type, I'm not really able to do so and later redeploy the map and see everything as I had it after the initial build.. or am I miss understanding something about salt-cloud?
20:47 UtahDave rgbkrk: yeah, I'm pretty sure you can do that.
20:48 Gareth different, huh?
20:48 * Gareth looks
20:48 Gareth Corey: interesting.  not a bad topic idea.
20:49 UtahDave luminous: you should be able to add minions to your map and when you execute that map salt-cloud will only create the missing minions
20:49 jumperswitch_ joined #salt
20:49 Corey Gareth: Yeah, I liked it.
20:51 Gareth Corey: definately an important topic and one thats overlooked a lot.
20:52 Ryan_Lane UtahDave: I'm trying to make my states somewhat modular and there's an issue I have with dependencies...
20:52 Ryan_Lane if I have one module that depends on another, I have to list the exact dependency from the other module
20:53 Ryan_Lane for instance, if I need to require apache
20:53 Ryan_Lane but I don't really need to require apache, I need to require a webserver
20:53 Ryan_Lane it would be nice if resources could say: I provide x
20:53 viq joined #salt
20:53 viq joined #salt
20:54 Ryan_Lane then have another module say "I require x"
20:54 Ryan_Lane so, the apache module could say: "I provide a webserver", and my other module could say "I need a webserver"
20:54 Ryan_Lane then I could switch out apache and nginx or lighttp without needing to modify my modules
20:54 Henry_ joined #salt
20:54 Ryan_Lane or to write some compatibility layer of states
20:54 Ryan_Lane (this is how apt handles this, btw)
20:55 josephholsten joined #salt
20:56 Ryan_Lane I'll open an issue for this, but I thought I'd ask in here first as a sanity check :)
20:59 xmltok joined #salt
20:59 bhosmer joined #salt
21:00 matanya_ joined #salt
21:00 isomorphic joined #salt
21:00 Katafalkas joined #salt
21:01 Ryan_Lane https://github.com/saltstack/salt/issues/7824
21:02 saurabhs Hi I wanted to know what all option are there to auto accept the salt key for a minion on the master. I am using autosign_file which allows me to specify the regex that if matches with the minion name will be accepted automatically. But that is very insecure, that way anybdoy with that name can get access to my pillar. I wanted to know if I can add a check on key fingreprint along with autosign_file ?
21:03 lesnail joined #salt
21:04 Corey saurabhs: I'd probably also restrict via IP, and not make the master reachable from the internet at large if you can swing it.
21:05 cewood joined #salt
21:06 luminous UtahDave: ok, how about later, when I deploy anew elsewhere, I have to update that map with the correct numbers of VMs, yea?
21:06 mafro joined #salt
21:07 gldnspud i'm doing a lot of work in a vagrant VM using "sudo salt-call --local state.highstate" -- is there a way to get it to output "mixed" in the same way that "sudo salt [somehost] state.highstate" would?
21:07 saurabhs corey: yeh thats for sure, I am doing that with firewall by restricting access to the salt ports from the IP range. But does salt have some setting that will provide this restriction
21:07 luminous UtahDave: and similarly, when creating a VM, can you specify a map?
21:07 luminous I'm not seeing this detail in the docs, apologies if I am overlooking
21:07 jacksontj joined #salt
21:08 gldnspud i tried putting "state_output: mixed" and "state_verbose: False" in /etc/salt/minion but that isn't having an effect... the output is still very verbose.  also tried --out=mixed to no avail
21:08 UtahDave Ryan_Lane: that's a very cool idea.
21:08 Corey saurabhs: Not today, unfortunately.
21:08 mafro bonjour
21:09 mafro I wondered if anyone might have an opinion on this?
21:09 mafro https://groups.google.com/forum/#!topic/salt-users/WTvxRnqjvs4
21:09 Ryan_Lane UtahDave: thanks. we've been wanting to switch to nginx on webplatform for a while, but this complicates things :)
21:09 Ryan_Lane so I wanted a generic way to handle this
21:09 saurabhs Corey: also there is no way to restrict on the slat key fingerprint or something like that right?
21:09 Corey saurabhs: Correct.
21:09 mafro I'm looking for comments before considering a port of the gifts stuff into the minion
21:09 jacksontj joined #salt
21:09 saurabhs Thanks just wanted to make sure I am not missing anything obvious
21:09 UtahDave luminous: yeah.  I think there could definitely be some improvements to maps. I think they should be pluggable so they could exist in a database or git or something
21:10 luminous UtahDave: yea, that's the direction I'm going in
21:10 luminous good to know
21:11 luminous I'll look into the code to see if I can do anything there
21:11 UtahDave mafro: Yeah, I think gitfs would be awesome to have working on the minion
21:12 Ryan_Lane it would be cool to have them distributed across minions
21:12 Ryan_Lane with git on the master and git pulls on the minions
21:12 Ryan_Lane then you don't have a SPOF
21:12 Ryan_Lane and you also have less contention on one spot for reading
21:12 mafro Ryan_Lane: interesting idea
21:12 mafro I'm talking about masterless operation at present, though
21:13 Ryan_Lane oh, so no peer calls available?
21:13 Ryan_Lane :(
21:13 mafro UtahDave: good to hear - I might hack something together today
21:13 mafro Yeah that's right - I use salt to manage single machine configs, and for testing salt trees with Vagrant
21:13 mafro no master involved at all
21:13 * Ryan_Lane nods
21:15 Ryan_Lane another consideration (if you had a master) would be to store the data on the master in a sqlite database, make it an external source of pillars and distribute the data to the minions via the pillar system
21:16 Ryan_Lane then you can do reads locally, and can publish data to the master using publish calls :)
21:16 jacksontj joined #salt
21:16 matanya_ joined #salt
21:17 LGSilva joined #salt
21:20 sgviking joined #salt
21:21 ndrei joined #salt
21:21 LGSilva hey guys. Running salt 0.17.0 here and running highstate on 4 new boxes but just 1 returns the minion output. The othe boxes just returns blank after some time. salt-util lookup_jid have no output as well. Any ideas where I should start looking? salt-minion -l debug shows the state running fine. I rebooted the servers and ran the high state again but same thing, no output after it's done.
21:22 UtahDave what OSes?
21:22 luminous maybe I'm crazy.. are maps known under a different term in the salt-cloud source?
21:23 LGSilva @UtahDave: Arch Linux
21:23 LGSilva 64bit
21:24 mafro UtahDave: I had a different question for you too actually
21:24 mafro :)
21:24 luminous nvm!
21:24 UtahDave LGSilva: Have you tried running one of the non-returning minions in debug mode in the cli?
21:24 UtahDave mafro: what's the question?
21:25 mafro what do you think about porting the salt-contrib Riak state/module I wrote into salt proper?
21:25 LGSilva @UtahDave, yes but I didn't see anything wrong
21:25 mafro you write the existing one, and I believe it has a more advance status method than the one I wrote which lives in contrib
21:26 mafro wrote*
21:26 aleszoulek joined #salt
21:26 UtahDave mafro: yeah, I need to get to that.  Basically we need to update your module to put the output in dictionaries.
21:26 taylorgumgum joined #salt
21:26 oz_akan_ joined #salt
21:26 mafro UtahDave: is that all?
21:26 UtahDave mafro: then update the states to use the new output.
21:27 UtahDave yep
21:27 UtahDave But we should definitely get that into salt proper
21:27 mafro I'll find the time for that
21:28 mafro I've been meaning to bring it up again for ages - and your salt-ssh video last week made me think of it again!
21:28 UtahDave ok, that would be cool.  Have you looked at how some of the execution modules return their data?  I'm not even sure they are all correct yet.
21:28 UtahDave :)  that was a cool video, huh?
21:28 mafro yeah :P
21:29 mafro so there isn't a risk state in there at present?
21:29 mafro I also have something for saltstack-formulas on the riak front
21:30 mafro I'll take a look at how the modules are supposed to return data correctly, and work from there
21:33 UtahDave mafro: that sounds really awesome.
21:33 UtahDave mafro: Yeah, there's no proper riak state yet.
21:33 UtahDave Let me know if you have any questions
21:33 mafro no worries
21:34 mafro actually, if you can recommend a module to work from wrt proper return dicts that would be useful
21:34 mafro or I can go take a look ;)
21:35 tempspace Question: Is the highstate output format in .17.0 a bug or is it going to look like this moving forward?
21:36 UtahDave mafro: something like this: https://github.com/saltstack/salt/blob/develop/salt/modules/riak.py#L92
21:36 mafro tempspace: I think it's a bug
21:36 UtahDave tempspace: what are you seeing?
21:36 mafro waiting on 0.17.1 to see what it looks like
21:36 jacksontj i seem to remember being able to have multiple top files and merging them? But the docs don't seem to have anything about that.
21:36 mafro UtahDave: thanks
21:37 UtahDave jacksontj: yeah, each environment can have its own top.sls
21:37 tempspace UtahDave: stuff like this host_|-co_hosts_|-fqdn_|-present:
21:37 UtahDave all the top files will get merged.
21:37 UtahDave tempspace: Yeah, that's definitely a bug. I believe that has been fixed in develop and will be in 0.17.1
21:37 jacksontj UtahDave: ok :) the docs weren't quite clear on that
21:38 tempspace UtahDave: awesome, what's the new ETA on 0.17.1? I thought I heard last week
21:40 UtahDave jacksontj: that can get complicated quickly, so I'd recommend using that feature lightly.  :)(
21:40 jacksontj yea, for our particular setup i have a different path in svn for each environment (to overwrite base)
21:40 jacksontj that way i can have different ACLs in place per env
21:40 UtahDave tempspace: we're trying to get 0.17.1 out soon.  In a day or two.
21:40 UtahDave jacksontj: ah, nice
21:41 jacksontj the thought being that anyone can make changes to the VM environment (for example) but have to get signoff before prod
21:41 tempspace UtahDave: good deal, you guys are the cat's pajamas and bee's knees
21:41 tempspace UtahDave: deciding if I want to fly out to Utah for SaltCon
21:42 jacksontj another silly question, is there a way in the top file to assign a host to an env without giving it an SLS (i think the answer is no)?
21:42 alunduil joined #salt
21:42 jacksontj yea, i just got that email about the saltconf
21:42 jacksontj :D
21:42 adepasquale joined #salt
21:42 jacksontj that will be awesome!
21:47 cachedout joined #salt
21:48 throwanexception joined #salt
21:48 Ryan_Lane Yay SaltConf! I've already submitted a talk :D
21:48 pentabular joined #salt
21:50 pentabular1 joined #salt
21:51 UtahDave jacksontj: nope. that's how the env is specified.
21:51 pentabular1 left #salt
21:51 UtahDave tempspace: You have to come to SaltConf!  :)   It's going to be awesome.
21:54 pdayton joined #salt
21:54 xmltok are there any best practices to organizing a tree of states? especially states downloaded from the internet, and the versioning of them? I come from Chef, where I am used to uploading a versioned cookbook and controlling the release by changing the version in an environment
21:55 mgw xmltok: Are you looking at the states in the saltstack-formulas repositories?
21:55 mgw If so, I believe the recommended method is with gitfs.
21:55 xmltok yeah
21:56 Ryan_Lane UtahDave: so, you guys are reading my mind again. http://docs.saltstack.com/ref/modules/all/salt.modules.grains.html#salt.modules.grains.append
21:56 mgw just add each formula you want to you use to your gitfs_remotes
21:56 xmltok so i would list out all of my state repostories, goti t
21:56 mgw e.g.,   - https://github.com/saltstack-formulas/dnsmasq-formula.git
21:57 Ryan_Lane I wrote a small python utility to do this, because I needed it for puppet integration
21:57 mgw I have my internal formulae set up the same way
21:57 xmltok and i would just control my releases through whatever is latest in the master branch
21:57 ipmb joined #salt
21:57 Ryan_Lane and went to upstream it, just to notice you guys already beat me to it
21:57 Ryan_Lane UtahDave: I do have one question regarding it, though. We check to see if the value is set before appending it. I don't see a really simple way to do that here
21:58 Ryan_Lane basically, puppet says: append this value to the grain, but only if the value doesn't already exist
21:58 Ryan_Lane doing an only-if ensures that other events won't be triggered, so it's necessary to have it
21:58 UtahDave Ryan_Lane: :) lol yep!
21:59 Ryan_Lane so, I need a way to get back a true/false like response for checking a value in a grain
21:59 Ryan_Lane is that doable?
21:59 UtahDave Ryan_Lane: I think that would be a fine addition to that.
22:00 Ryan_Lane ok. I'll add an issue for this and maybe upstream it myself if I get the chance
22:01 taylorgumgum joined #salt
22:03 adepasquale joined #salt
22:04 jslatts joined #salt
22:06 UtahDave cool, thanks, Ryan_Lane!
22:07 Ryan_Lane yw
22:08 UtahDave Ryan_Lane: just tested and it looks like grains.append does indeed check for the value.
22:08 Ryan_Lane yeah, but I need to check separately
22:08 Ryan_Lane if I just run append, it'll return success and puppet will trigger events based on that
22:09 UtahDave oh, i see.
22:09 Ryan_Lane if it doesn't return success, then it fails and it'll mess up execution
22:09 Ryan_Lane so, I need to put in an only-if which can indicate success or failure to stop it from being evaluated
22:09 mianos joined #salt
22:10 Ryan_Lane things would be so much easier if I didn't need to integrate with puppet :)
22:10 Ryan_Lane but hey, it's a good stepping stone for people currently using puppet :)
22:13 adepasquale joined #salt
22:14 UtahDave :)
22:20 nod joined #salt
22:21 nod hi.  running into interesting error trying to create minion on hpcloud.   "Could not find image 120: <LibcloudError in None 'Could not find specified endpoint'>"
22:21 nod google says others in this chan have encountered this issue, but i couldn't seem to find the solution
22:22 nod btw, this is with salt-cloud
22:22 ingwaem joined #salt
22:22 pass_by_value joined #salt
22:24 nod also - i've tried the latest git and the one available via apt
22:24 josephholsten joined #salt
22:24 UtahDave nod: can you pastebin your sanitized configs?
22:25 nod sure
22:25 nod i'm quite certain it's user error ;)
22:25 nod <-- very new to salt
22:26 ingwaem Greetings everyone! Quick question about states…I have a bunch of states with cmd.wait. Wanted to know whether it's possible for several cmd.waits to execute on a specific command. For example, right now I have cmd1, cmd2, cmd3. Cmd2 waits for cmd1 to have executed. Cmd3 waits for 2 to complete. Can I set it up so that 2 and 3 wait for 1?
22:27 kermit joined #salt
22:27 forrest basepi, I saw your response on this thread regarding 0.17 and halite docs, has someone already written them and they really just aren't referenced?
22:28 basepi possible.  let me do a little checking
22:28 nod UtahDave: http://33ad.org/pb/oT0  <-- conf  and err -->  http://33ad.org/pb/61e
22:28 krissaxton1 joined #salt
22:28 forrest basepi, ok thanks. I checked when I pulled the develop branch down on Saturday but maybe I missed it.
22:29 Ryan_Lane ingwaem: if make the states depend on each other in the proper chain, I'd imagine that would work fine
22:29 ingwaem forrest: is halite and 0.17 actually working yet? I see that 0.16.4 is still the latest in the channel, but tags show there are a couple of 0.17 releases…I had had issues when I first spotted 0.17 was released and I upgraded..killing my halite with a horrid death
22:29 forrest 0.17 works fine, halite is not compatible going backwards apparently
22:29 ingwaem Ryan_Lane: Chained as in one after another or can I chain multiple against a single?
22:29 forrest I'm running salt 0.17 on my test machines at home, working on getting halite working :\
22:29 basepi true on both counts
22:29 UtahDave nod: your size and image config items must be names that match one of the output of   salt-cloud --list-images=ALL    and salt-cloud --list-sizes=ALL
22:30 Ryan_Lane ingwaem: you can do either
22:30 Ryan_Lane ingwaem: use the require parameter
22:30 nod UtahDave: btw, the "120" comes from  "nova image-list" for Ubuntu 12.04 LTS, from hpcloud
22:30 Ryan_Lane and it'll create a dependency chain
22:30 nod UtahDave: ahhh.. .hmmm k. let me try that.
22:30 packeteer joined #salt
22:31 Ryan_Lane ingwaem: you can define cmd1, then have cmd2 and cmd3 depend on cmd1
22:31 ingwaem Ryan_Lane: Thanks :) I'll try that.
22:31 Ryan_Lane yw
22:31 nod hrmmm....
22:31 nod Error: There was an error listing images: No cloud providers matched 'ALL'. Available selections: openstack
22:31 elfixit joined #salt
22:31 nod tried replacing "ALL" with OPENSTACK and got same err, but about openstack as the arg
22:32 nod i must not be configured properly.  let me double check things here and report back.
22:32 basepi forrest: found them!  https://github.com/saltstack/halite
22:32 basepi just the readme.  =P
22:32 basepi we need to incorporate them into salt's docs
22:32 pentabular joined #salt
22:33 ingwaem Oooh, one other question about states…so in my state I look for a state change of a command right…would I have to re-run the state every time something within the watch changed? So if I was watching for example /tmp/myfile.txt, and it had stuff appended to it, would a command watching that state automatically fire off?
22:33 UtahDave nod: also, you're using the old format for the config. You might consider using the newer config
22:33 nod UtahDave: oh?  i thought i had built on the new config.  alright - thx.  I'll check that also.
22:35 UtahDave nod, your /etc/salt/cloud is using the older version, I believe.
22:37 oz_akan_ joined #salt
22:39 nod UtahDave: i appreciate your help. i need to bail (wife starting to give me the angry eye :)  thx for your help. will hack on this later tonight
22:40 UtahDave nod: sounds good.  Avoid the angry eye!   :)
22:41 ingwaem greetings UtahDave! hope things are well with you
22:42 UtahDave ingwaem: thanks!  Yep, doing well!   How about you?
22:42 ingwaem UtahDave: All good thanks :) Been doing some awesome magic with salt yet again…building up my system really nicely. The more I use it, the more awesome sauce it has to show me :)
22:44 cro joined #salt
22:49 ifnull_ joined #salt
22:51 cachedout joined #salt
22:51 jbub joined #salt
22:51 pdayton joined #salt
22:51 pentabular1 joined #salt
22:53 mlanner_ joined #salt
22:53 ifnull_ Does anyone know where bootstrap-salt.sh is pulled from for Salty Vagrant when salt.bootstrap_script is not set?
22:54 josephho_ joined #salt
22:57 amahon joined #salt
22:58 xmltok_ joined #salt
22:59 xmltok_ joined #salt
23:01 forrest basepi, yea that is what I was working on Saturday already
23:01 forrest Since the readme is about as friendly as chopping off your arm
23:02 akoumjian ifnull_: It is harded coded into the package, pulled from stable releases every once in a while
23:03 rgbkrk joined #salt
23:03 josephholsten joined #salt
23:04 basepi forrest: you should open issues for specific areas that are confusing or could be improved.  sam wrote it, so it's hard for him to realize which parts need improvement.
23:04 ifnull_ is there anyway to identify what version vagrant is using?
23:05 ifnull_ @akoumjian
23:05 forrest basepi, yea I figured I'd just write the docs since you guys are so busy
23:05 akoumjian ifnull_: "vagrant --version" ?
23:05 akoumjian you mean what version of the script?
23:06 basepi forrest: we love pull reqs too!  ;)
23:06 ifnull_ akoumjian: sry, i mean the bootstrap version
23:06 forrest basepi, oh I know.
23:06 akoumjian Are you using the plugin, or the new built in version?
23:06 josephho_ joined #salt
23:06 akoumjian ifnull_: Latest stable release is using https://github.com/saltstack/salt-bootstrap/tree/dd5a17f9c8a25b3a41a246a5c3bfd52389cb7d07
23:06 ifnull_ member:akoumjian: the plugin
23:07 ifnull_ but i think i found the answer… "vagrant plugin list"
23:07 forrest hey ifnull_, are you gonna leave that pull request open on the bootstrap?
23:07 akoumjian ifnull_: But if you need to, just specify bootstrap_script
23:08 ifnull_ akoumjian: thanks
23:09 ifnull_ forrest: has it been rejected?
23:09 forrest Not yet, did you read my comment and review the issue I linked?
23:09 jslatts joined #salt
23:10 ifnull_ yes. i see the argument for both side.
23:10 ifnull_ i am using the same method as guru at the moment
23:10 ifnull_ https://github.com/saltstack/salt-bootstrap/issues/245#issuecomment-25388762
23:10 ifnull_ *xuru
23:11 forrest Yea I just wasn't sure if you were gonna close it or wait for it to get rejected.
23:11 cro joined #salt
23:11 ifnull_ does it make sense to have it as an optional install triggered by a flag?
23:11 middleman_ joined #salt
23:13 forrest from the comments on #245, it doesn't seem as though that will be accepted. I don't know if there is concern the bootstrap might get bloated.
23:13 pass_by_value joined #salt
23:13 forrest the other thing is that in the other appsi t doesn't pass options by defaul
23:13 forrest t*default
23:14 cro1 joined #salt
23:17 josephholsten joined #salt
23:18 ifnull_ the problem is that it is a dependency for a built in module
23:19 ifnull_ the issue i have is that we are only using gitfs and only pillars live in the local filesystem
23:20 ifnull_ initially we just customized bootstrap but i would rather not have to manually apply patches.
23:25 forrest ifnull_, yea I don't disagree with you
23:26 forrest maybe adding it as an option to do that would result in an acceptables olution
23:26 forrest *solution, man I cannot type today
23:26 ifnull_ :)
23:27 brutasse joined #salt
23:28 UtahDave ingwaem: :)  nice, man.  Next time I'm in socal you'll have to show me what you've been working on!
23:28 tempspace basepi: Is the multi include issue difficult because of the new ordering stuff?
23:29 basepi tempspace: what's the issue number?  just so i make sure i'm thinking of the same issue as you?  =P
23:29 basepi (i have way too many issue floating around in my head -- dangers of triage)
23:29 tempspace basepi: https://github.com/saltstack/salt/issues/7526
23:30 basepi i don't actually know what's hard about that issue, because i'm not sure what's causing it
23:30 basepi Tom says he's going to work on it tonight
23:30 basepi it's *probably* related to the new ordering stuff
23:30 basepi but i'm not 100% sure
23:30 tempspace sounds logical to me
23:38 cbloss according to the docs for .17 gitmodule you are supposed to use "user" instead of "runas" but it doesn't work, but runas still does
23:39 lineman60 joined #salt
23:41 UtahDave cbloss: Would you mind opening an issue on that?
23:41 jumperswitch joined #salt
23:41 cbloss UtahDave: no problem.
23:41 UtahDave thanks!
23:42 cbloss UtahDave: also, when controlling salt with salt, when requiring a restart of the master or minion service, the output is not shown. Is this something I should open an issue for or is this expected behavior?
23:43 UtahDave Hm. Yeah, I think that's normal. Has this behavior been consistent?
23:45 cbloss I don't think anything has changed, but shows some weird behavior when bootstrapping/updating minions
23:45 cbloss I should probably use -order: first on the salt state
23:45 edroid joined #salt
23:46 josephholsten joined #salt
23:47 josephholsten joined #salt
23:49 edroid Where's my kwargs when module is called from salt.states.module?   Details at https://groups.google.com/forum/#!topic/salt-users/_hrsQd5CLvM
23:49 josephholsten joined #salt
23:50 blee joined #salt
23:57 xmltok joined #salt
23:57 xmltok joined #salt
23:58 g4rlic left #salt
23:58 g4rlic joined #salt
23:58 druonysuse joined #salt
23:58 druonysuse joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary