Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-11-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 lemao joined #salt
00:01 Gifflen joined #salt
00:03 SEJeff_work joined #salt
00:12 Gifflen_ joined #salt
00:13 jhulten joined #salt
00:13 aleszoulek joined #salt
00:14 jhulten joined #salt
00:20 mpanetta joined #salt
00:25 teebes joined #salt
00:28 munhitsu joined #salt
00:34 scott_w joined #salt
00:36 jeffrubic left #salt
00:45 druonysuse joined #salt
00:47 bemehow joined #salt
00:47 teebes joined #salt
00:49 copelco joined #salt
00:49 bhosmer joined #salt
00:51 mpanetta joined #salt
00:51 shinylasers joined #salt
00:51 bemehow_ joined #salt
00:58 Chocobo joined #salt
00:58 nineteeneightd joined #salt
00:58 drogoh joined #salt
00:58 LarsN joined #salt
00:58 bashcoder joined #salt
00:58 alexandrel joined #salt
00:58 Chocobo joined #salt
00:58 JesseC joined #salt
00:58 d10n joined #salt
00:58 wibberwock joined #salt
00:58 copelco joined #salt
00:58 jhulten joined #salt
00:58 yota joined #salt
00:58 [ilin] joined #salt
00:58 SEJeff_work joined #salt
00:58 VSpike joined #salt
00:59 d10n joined #salt
00:59 [ilin] joined #salt
00:59 esogas joined #salt
00:59 marcinkuzminski joined #salt
01:02 octarine joined #salt
01:03 xerxas joined #salt
01:04 eskp joined #salt
01:04 eskp joined #salt
01:04 pcarrier joined #salt
01:04 aparashar joined #salt
01:04 tseNkiN joined #salt
01:04 akitada joined #salt
01:05 mgw is roster data available to minions?
01:09 srage joined #salt
01:10 auser joined #salt
01:11 malinoff joined #salt
01:20 alunduil joined #salt
01:22 vkurup joined #salt
01:23 ekaqu joined #salt
01:23 ekaqu heya, new to salt and trying to figure out how to make installing a package dependent on the creation of a directory
01:24 ekaqu under the package, i have - require:\n - file: /var/run/jenkins, and my file id is /var/run/jenkins:\n file.directory: \n - mode: 755
01:24 ekaqu when i run i see the dir created after the package
01:25 ekaqu am i misunderstanding how require works?
01:25 pears I would guess you have to require file.directory?
01:26 pears and not just file
01:27 ekaqu that looks to have done it
01:27 ekaqu so when i require a package, i don't say pkg.installed, but i need to for files?
01:33 travisfischer ekaqu, that doesn't sound right. If that is actually what solved it I think that's a bug because that's not how it's supposed to work. Did you manually remove the directory the second time you ran it because otherwise that directory was there from the first run of the state. "- require: -file: /var/run/jenkins" should work.
01:34 ekaqu i did sudo salt-call state.highstate on one node to see why jenkins was failing, then saw that it needed the dir.  On that node I added the dir and reran it passed
01:35 Guest17361 If I go and swap out the master (e.g. chane DNS to point somewhere else) ... will the minions complain or make as if nothing happened?
01:35 ekaqu so i added that action to the jenkins/init.sls and dir was created but package failed.  so I removed the package then deleted the dir and the node passed
01:35 ekaqu let me reremove on one node
01:36 andrej joined #salt
01:36 ekaqu ah, you are right.  it doesn't link properly
01:36 ekaqu my history shows i deleted jenkins, but didn't remove dir
01:37 auser left #salt
01:37 ekaqu so require: - file, and - file.directory doesn't link them properly?  let me send out a gist
01:38 ekaqu https://gist.github.com/dcapwell/7312449
01:38 malinoff Hi all
01:41 ekaqu so how do i properly link pkg install to a dir existing?
01:43 travisfischer ekaqu: your requisite statement is just backwards. You are using require_in which means your file.directory is going to wait until the pkgrepo.managed has executed
01:43 ekaqu i just saw that
01:43 ekaqu so adding file to pkg install should fix this
01:43 goodwill Gareth: ping
01:43 bemehow joined #salt
01:43 goodwill uh oh, travisfischer is helping now
01:44 travisfischer "pkg.installed: - require: - file.directory: /var/run/jenkins" should do it ekaqu
01:44 goodwill travisfischer: do not accidentally become an IRC junkie
01:44 tremendous joined #salt
01:45 travisfischer goodwill, I'm just "helping". blind leading the blind and all that. :) While I wait for my salty vagrant bootstrap, I "help"
01:45 Gareth goodwill: pong
01:46 ekaqu so question.  if i say - require:\n - file, that means that this command depends on all file commands for that id?
01:48 andrej If I go and swap out the master (e.g. chane DNS to point somewhere else) ... will the minions complain or make as if nothing happened?
01:49 andrej Where I'm headed with this: would it be possible to do a "man in the middle" attack on a salt-minion by poisoning DNS?
01:49 goodwill Gareth: just sent you email re: postgres :)
01:50 Gareth yup. I got it.  should be fine.
01:50 goodwill Gareth: you have room in your heart for postgres love
01:50 goodwill awesome
01:50 goodwill Gareth: any chance for a email confirmation I can forward them
01:50 goodwill ?
01:50 goodwill :-D
01:50 Brew joined #salt
01:50 goodwill sorry to bug ya
01:51 travisfischer ekaqu: yes but can't actually use the same id more than once (and is consequently part of why I like to explicitly use the -name parameter rather than relying on the ID Declaration to serve that purpose). However, the salt docs seem to encourage using the implicit "name" via ID Declaration so my prefence of using the explicit -name parameter is just that. my preference
01:51 jhulten joined #salt
01:51 travisfischer I guess "yes" isn't the correct answer because what you scenario you asked about can't actually happen
01:52 bhosmer joined #salt
01:52 Brew1 joined #salt
01:53 Brew joined #salt
01:53 honestly joined #salt
01:53 honestly joined #salt
01:56 ekaqu thanks for the feedback
01:56 bemehow_ joined #salt
01:57 chjohnst_work joined #salt
01:57 Gareth goodwill: yeah.  I'll respond in a bit.
01:58 goodwill Gareth: thank you sir
02:00 * Gareth returns #salt back to it's regular SALTy programming.
02:01 heewa joined #salt
02:01 cachedout joined #salt
02:03 liwen joined #salt
02:03 bemehow joined #salt
02:04 scott_w joined #salt
02:08 Gifflen joined #salt
02:09 foxx[cleeming] joined #salt
02:09 foxx[cleeming] joined #salt
02:12 younqcass joined #salt
02:19 flebel joined #salt
02:22 imaginarysteve joined #salt
02:26 mgw joined #salt
02:30 teebes joined #salt
02:31 josephholsten joined #salt
02:37 mpanetta joined #salt
02:37 lemao joined #salt
02:48 jasiek joined #salt
02:57 xl1 joined #salt
03:05 scott_w joined #salt
03:06 mannyt joined #salt
03:07 Furao joined #salt
03:07 pentabular joined #salt
03:08 Brew joined #salt
03:08 defunctzombie joined #salt
03:09 pentabular joined #salt
03:19 Jahkeup joined #salt
03:20 honestly joined #salt
03:23 ajw0100 joined #salt
03:25 mapu joined #salt
03:27 pentabular1 joined #salt
03:27 ajw0100 joined #salt
03:30 redondos joined #salt
03:30 redondos joined #salt
03:30 ajw0100 joined #salt
03:30 malinoff joined #salt
03:32 Teknix joined #salt
03:37 Tekni joined #salt
03:37 mpanetta joined #salt
03:42 forrest joined #salt
03:48 funzo joined #salt
03:48 mannyt joined #salt
03:57 pentabular joined #salt
04:01 Gifflen joined #salt
04:05 apergos joined #salt
04:07 _ilbot joined #salt
04:07 Topic for #salt is now Welcome to #salt - SaltConf in January!! http://saltconf.com | 0.17.1 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
04:08 Brew joined #salt
04:16 Jarus joined #salt
04:21 redondos joined #salt
04:21 redondos joined #salt
04:30 Brew joined #salt
04:42 vlcn joined #salt
04:47 oz_akan_ joined #salt
04:52 jrgifford joined #salt
04:52 oz_akan__ joined #salt
04:53 dottedmag joined #salt
04:54 linuxnewbie joined #salt
04:54 linuxnewbie joined #salt
05:02 xmltok joined #salt
05:02 kolaman joined #salt
05:02 kolaman hi all, Can i set the minions hostnames with saltstack ?
05:03 forrest I'm not sure kolaman, I only see this issue: https://github.com/saltstack/salt/issues/4390
05:06 scott_w joined #salt
05:09 kolaman forrest: I think this feature is not yet available. Actually our scnereo is a bit complex, we have hundereds of sites running like a.mydomain.com b.mydomain.com under the hud of tomcat. So hostname should be the same as site deployed on that host like a.mydomain.com for the host hosting a.mydomain.com etc
05:10 forrest oh you mean a domain name within a file?
05:11 forrest or you want your server hostname, and the configured domain to be the same?
05:11 forrest the only way I can think to do that woul be via managing the file
05:11 kolaman forrest: actually each instance hosts a single(different) website so each insatnce will have different hostname similar to the website hosted on that instance.
05:12 forrest ahh
05:12 Sl1nksh0t joined #salt
05:13 kolaman previously I was fetching hostname information using a one-liner bash script something like       ls /opt/tomcat/webapps/|grep  .war|sed 's/\(.*\)..../\1/'              and that was the only way (If i am correct) to fetch hostname information
05:14 forrest yea, I mean you could always run that as a cmd in salt :\
05:14 forrest Hmm, I wonder if you could set that data in a template, based on the grain
05:16 kolaman there are hundereds of machine like ~500 in prod and each day more are added so I am thinking to automate the stuff a bit
05:16 forrest yea
05:25 karlgrz joined #salt
05:26 bhosmer joined #salt
05:35 elfixit joined #salt
05:43 noob21 joined #salt
05:43 noob21 i'm getting an odd message after doing a dist-release-upgrade on ubuntu
05:43 noob21 Detected conflicting IDs, SLS IDs need to be globally unique.
05:43 noob21 The conflicting ID is "salt-master" and is found in SLS "base:core.salt-minion" and SLS "base:salt-master"
05:45 liwen joined #salt
05:49 noob21 nvm i fixed it :)
05:49 noob21 duplicate definition
05:51 hazzadous joined #salt
05:52 middleman_ joined #salt
05:53 oz_akan_ joined #salt
05:53 shinylasers joined #salt
05:59 ar left #salt
05:59 NV http://docs.saltstack.com/topics/pillar/#including-other-pillars is it just me, or is that wrong?
06:00 NV more specifically, defaults should be a dict not a list of dicts
06:02 pears NV: are you talking about just from a design standpoint?
06:03 Tyttt joined #salt
06:07 druonysus joined #salt
06:07 scott_w joined #salt
06:09 NV pears: no, I'm talking from a stacktrace standpoint :P
06:10 NV and the failure mode minion side appears to be spawn a bajillion processes
06:10 NV (at ~1.5k salt-minion processes)
06:10 NV thankfully was only a test box... was...
06:11 druonysus joined #salt
06:11 druonysus joined #salt
06:17 druonysus joined #salt
06:17 druonysus joined #salt
06:19 steveoliver i want to sync userfiles across specific minion.  i know master can manage files from master, but to synchronize "user" (i.e. website) generated files between minion, I think I'll need something along the lines or rsync…  I came across Unison http://www.markus-gattol.name/ws/unison.html   and think it'd be a good option.  Does anyone have any recommendation in any case?
06:21 jcockhren steveoliver: could the file be saved to an external datastore like s3 or cloudfiles?
06:21 jcockhren userfile(s)
06:26 IJNX joined #salt
06:30 ipmb joined #salt
06:39 lemao joined #salt
06:54 oz_akan_ joined #salt
07:05 druonysus joined #salt
07:05 druonysus joined #salt
07:08 scott_w joined #salt
07:24 pniederw joined #salt
07:25 vkurup joined #salt
07:25 scalability-junk joined #salt
07:26 IJNX joined #salt
07:26 IJNX yo
07:27 pniederw what's the purpose of the --priv option of salt-ssh, and why does it ask to overwrite (!) the private key?
07:28 pniederw how does it relate to "priv:" in the roster file?
07:28 IJNX Any easy to on how to automatically get the IP address of vbox guest linux after switching networks (e.g. when moving between home, iphone, work).
07:28 IJNX I have osx and I'm using bridged mode....
07:29 IJNX One of those linux machines is the salt-master and others are minions.
07:29 prooty joined #salt
07:34 matanya joined #salt
07:40 gildegoma joined #salt
07:45 scott_w joined #salt
07:52 aynik joined #salt
07:53 alunduil joined #salt
07:53 pniederw another salt-ssh question: is it possible to set the user: for a node in the roster file to the user executing salt-ssh, without explicitly naming that user? omitting user: doesn't seem to do it.
07:54 oz_akan_ joined #salt
07:54 scott_w joined #salt
08:02 carlos joined #salt
08:03 slav0nic joined #salt
08:03 slav0nic joined #salt
08:06 redondos joined #salt
08:07 kolaman
08:07 UtahDave joined #salt
08:10 gasbakid joined #salt
08:13 scott_w joined #salt
08:14 alunduil joined #salt
08:16 balboah joined #salt
08:17 joehh Morning UtahDave - crazy time for you now isn't it?
08:19 scott_w joehh: another brit? :P
08:23 Furao it's 16h20 here
08:23 backjlack joined #salt
08:23 UtahDave joehh: I'm in Hong Kong right now!
08:24 Furao UtahDave: when did you arrived?
08:24 UtahDave it's 4:24 pm right now
08:24 UtahDave Furao: I got here on Sunday
08:24 linuxnewbie joined #salt
08:24 linuxnewbie joined #salt
08:24 Furao same for me
08:24 Furao I saw a guy in IFC with a t-shirt of the conference, but it was probably not you
08:26 TonnyNerd joined #salt
08:28 joehh ahhh - makes sense
08:28 mastrolinux joined #salt
08:29 sebgoa joined #salt
08:30 gasbakid joined #salt
08:31 mastrolinux1 joined #salt
08:34 UtahDave Furao: I fly out Saturday.  Do you still want to get together?
08:35 UtahDave joehh: yeah, it kind of works out great with having video calls with my wife and daughters.
08:36 UtahDave joehh: I call them in the morning before heading out for the day and they're home from school.
08:38 scott_w joined #salt
08:39 scott_w_ joined #salt
08:40 liwen joined #salt
08:41 Furao UtahDave: yes it can be wed night or friday anytime
08:41 gasbakid joined #salt
08:41 Furao you had been able to visit around?
08:41 Furao it could also be thursday during the day
08:43 UtahDave Furao: no, I haven't really gotten to do anything touristy yet
08:44 Nexpro1 joined #salt
08:52 scott_w joined #salt
08:54 UtahDave cool, what time Wednesday or Friday?  I have a meeting that ends at 6;30 on wednesday.
08:54 Furao Wed after 6h30 PM is good. Friday it's anytime, if you have more free time I can show more stuff around.
08:55 oz_akan_ joined #salt
09:04 scott_w joined #salt
09:10 gasbakid joined #salt
09:12 cowmix joined #salt
09:23 UtahDave joined #salt
09:23 ashtonian joined #salt
09:24 VSpike UtahDave: Have you done much with Rackspace + salt-cloud + Windows?
09:29 UtahDave VSpike: I've used Salt Cloud to spin up windows vms, but not installing the minion automatically because they have windows port 445 closed by default.
09:29 UtahDave VSpike: what have you tried so far?
09:30 VSpike Yes, that was as far as I got. I was puzzled why salt-cloud was trying to ssh to my Windows VM's, but I found adding the windows_installer key (having downloaded the installer) fixed that problem, but then I hit the port 445 closed issue
09:31 VSpike Do you know if I can get salt-cloud to use one of my own snapshots to make VM's instead of a standard one?
09:36 UtahDave VSpike: Yeah, I know you can do that with aws, I'm not 100% if salt-cloud can do that with rackspace
09:45 zooz joined #salt
09:51 N-Mi joined #salt
09:51 N-Mi joined #salt
09:55 micko joined #salt
09:56 oz_akan_ joined #salt
09:59 slav0nic this is ok when i called  salt centos64 state.highstate -l debug and salt exit without any infor about states before munin finished it?
10:00 slav0nic *minion
10:01 honestly slav0nic: it has a 60 second timeout by default
10:01 honestly that usually isn't enough :|
10:01 honestly add "-t 3600"
10:01 scott_w joined #salt
10:02 slav0nic hm, and what will be happened after? job will cancel?
10:02 honestly for full debug info, run "salt-call -l debug <your stuff>" on the minion
10:02 honestly no
10:02 honestly the job will just complete in the background
10:02 honestly there is an api to find info about running jobs
10:02 honestly it's called jobs
10:04 matanya joined #salt
10:05 slav0nic honestly, tnx for info
10:08 zloidemon Hello
10:10 matanya joined #salt
10:14 hazzadous joined #salt
10:16 gasbakid joined #salt
10:20 _ikke_ Salt requires two ports to be opened. Anyone know a descriptive name for each port?
10:20 UtahDave _ikke_:  one is known as the pub port and the other is known as the ret port
10:21 linjan joined #salt
10:22 _ikke_ Ok
10:26 Destro joined #salt
10:27 networkpadawan joined #salt
10:29 viq https://gist.github.com/viq/7306831 here are my pillars, basing off of https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/map.jinja  - how do I say "this for Debian, that for everything else" ?
10:30 slav0nic can anybody help with example state for building something from source?
10:31 viq slav0nic: here's an example I saw http://www.nineproductions.com/saltstack-ossec-state-using-reactor/
10:31 slav0nic viq, tnx!
10:33 creich joined #salt
10:33 creich hi
10:33 creich i am new to salt and just started playing around a bit
10:33 creich till now i found most of the config things very intuitv and easy to undertand
10:34 creich now i am starting to test some more "complicated" things
10:34 creich is it possible somehow to trigger some command after changing some file
10:34 viq creich: 'watch'
10:34 viq in cmd.wait
10:35 bhosmer joined #salt
10:35 creich in my actual case, i want to set-up a new source to apt and after that start an "apt-get update"
10:35 viq creich: usually any apt command will do an update, AFAIK
10:35 creich thx, i'll have a llok at it
10:36 creich ah ok
10:36 viq creich: http://docs.saltstack.com/ref/states/all/salt.states.cmd.html  - it has some examples of watch and such
10:36 creich thank you :)
10:38 slav0nic salt does't have any state for download file from external source i must use wget/curl via cmd.run?
10:38 viq slav0nic: it does
10:38 viq file
10:38 slav0nic i can set http:// ?
10:38 viq yup. But you also need to set checksum
10:39 viq slav0nic: http://docs.saltstack.com/ref/states/all/salt.states.file.html#salt.states.file.managed
10:39 slav0nic ops, tnx miss this
10:43 mattmtl joined #salt
10:43 diegows joined #salt
10:46 scott_w joined #salt
10:50 srage joined #salt
10:52 liwen joined #salt
10:56 scott_w joined #salt
10:56 srage joined #salt
10:57 oz_akan_ joined #salt
10:57 scott_w_ joined #salt
10:59 mekstrem does the salt-minion set runlevels on per default when it gets installed?
10:59 mekstrem seems like it did on 0.15.3 but not in 0.17.1
11:00 viq mekstrem: platform would be useful ;) I guess it depends on how it's packaged.
11:00 mekstrem viq: sorry it's on SLES
11:00 mekstrem however i think personally that salt should have it by default.
11:00 viq mekstrem: you're using system packages, or the bootstrap script, or what? (no, I have no idea, but it may give hints as to where to look)
11:01 mekstrem yeah downloaded rpms that i manually install
11:01 viq mekstrem: then you can look inside what they do
11:06 Teknix joined #salt
11:07 lemao joined #salt
11:09 Furao joined #salt
11:15 creich ich bekomme jetzt die ganze zeit folgende meldung im log:
11:15 creich jenkins-nightly.carradio.technisat-digital
11:15 creich 2013-11-05 12:14:49,141 [salt.loaded.int.module.debconfmod][INFO    ] Package debconf-utils is not installed.
11:16 creich oh sry english please ;)
11:16 creich so i got the following messages in my logfiles
11:16 creich 2013-11-05 12:14:49,141 [salt.loaded.int.module.debconfmod][INFO    ] Package debconf-utils is not installed.
11:16 kyusan joined #salt
11:16 creich i found some tickets regarding that problem
11:17 creich but all are closed and said shoudl be done in version XYZ
11:17 creich so i'm using 0.17.1
11:17 creich what am i missing?
11:18 creich why am i supposed to install that package manually
11:18 creich ?
11:18 creich should'nt it be done while installing salt
11:18 creich i used the bootstrap script btw
11:27 creich is it normal that running salt to bring up some highstate runs into an timeout
11:27 creich i mean if i want to install some pacakges and maybe that can take long
11:27 creich maybe i am not able to estimate the time it will take
11:28 viq There is a timeout, you can override it with -t flag
11:28 creich is there a way just to start the jobs and w8 till they're finished?
11:28 creich i am aware of that
11:28 creich but there is no other way?
11:28 viq I don't know enough to answer that, sorry
11:29 creich not your fault, just answering :)
11:29 creich just questioning... sry ma einglish.... ;)
11:29 creich you helped me a lot anyway
11:29 creich :)
11:29 viq And I'm just saying, I don't know (yet?) an answer to this ;)
11:38 joehh creich: debian or ubuntu?
11:40 joehh creich: I'm guessing debian as debconf-utils is recommended by the ubuntu packaging
11:41 joehh I'll add it as a recommends for the next release in debian
11:41 joehh it=debcon-utils
11:42 whiskybar joined #salt
11:46 bhosmer joined #salt
11:51 VSpike Does salt-stack have the ability to configure IIS? Or am I going to have to use scripts?
11:51 joehh VSpike: we've done it with powershell scripts
11:52 gasbakid_ joined #salt
11:52 joehh not entirely happy with it but it works sufficiently well that we have "bigger" challenges to work on at the moment
11:57 oz_akan_ joined #salt
11:58 viq https://gist.github.com/viq/7306831 here are my pillars, basing off of https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/map.jinja  - how do I say "this for Debian, that for everything else" ?
12:01 VSpike joehh: ah OK, thanks. I thought that might be the case.
12:04 rawzone joined #salt
12:04 creich joehh, ubuntu
12:04 creich thx
12:05 srage joined #salt
12:05 blee joined #salt
12:05 joehh VSpike: http://pastebin.com/htYdCzsE shows the powershell commands for the adding windows features
12:06 joehh that was the most painful bit for us to figure out (more familiar with linux that win)
12:10 Psi-Jack Windows? Is for Masochists, those that really like pain.
12:10 VSpike joehh: ahh thanks!
12:11 Psi-Jack Windows: It whips the sense right out of you. :)
12:11 VSpike Psi-Jack: agreed. Managing Linux and Windows side by side just makes you hate Windows more and more
12:11 Psi-Jack Heh
12:11 Psi-Jack I hated Windows all the way back when it was 1.0.
12:12 nkuttler i didn't even care. was a happy amiga user back then
12:12 VSpike I only encountered it at about 3.11 in my first job. Coming from RISCOS, I hated it right away too
12:12 Psi-Jack I was an Irix, AIX, and Solaris user back then. :)
12:12 Psi-Jack Err, rather, SunOS.
12:12 nkuttler yeah, never used any unix before '96.. i'm young :)
12:12 Psi-Jack heh
12:13 nkuttler and then only remotely. locally from 2000
12:13 VSpike I think I first installed Debian (first *nix experience) in about '96. Took me about a month to get X11 running :) But tinkered on and off ever since and then made the switch on desktop in 2006 and never looked back.
12:13 Psi-Jack Yeaah. I've been personally using Linux since it was a wee little baby. In between MCC and SLS, I started with SLS. :)
12:14 VSpike But every I work seems to have a nasty Windows habit :/
12:14 Psi-Jack I still miss Yggdrasil. It still, to this day, made Red Hat look like trash, but oh well. Red Hat won out and beat down Yggdrasil.
12:15 Psi-Jack Heh. The only Windows stuff I do where I work, is occasionally RDP into a server to manage local DNS. Because they use ADS and don't want to use bind. It's an acceptable annoyance since it's the only type of annoyance. :)
12:16 VSpike Windows 2012 server is insane
12:17 Psi-Jack Yeah, how to make Windows Server UI bad. Make it so you have to bounce the mouse cursor in a corner to get a menu, through an RDP session.
12:17 Psi-Jack Someone at Microsoft should've been fired for that crap.
12:17 Psi-Jack In fact, the whole design team should've been fired for that. LOL
12:18 VSpike Yes, that's fun isn't it? On the plus side, they have now got to the point where most things on Windows can be done via the command line, and you can run a server with no GUI....
12:18 Psi-Jack Sorta.
12:18 VSpike on the minus side, the CLI interface is so actively hostile you'd need to be a lunatic of the most depraved type to actually do it
12:18 Psi-Jack If you want to actually /manage/ the server, you still need some kind of GUI tool.
12:18 Psi-Jack LOL
12:18 __number5__ It still need those who GUI but you don't have to look at it...
12:18 __number5__ s/who/whole/
12:18 mekstrem I think Metro is a huge mistake.
12:20 __number5__ / Anyone knows when 0.17.2 will be released?
12:20 Psi-Jack Not sure, I know I have a bug report to file for 0.17.1
12:20 amahon joined #salt
12:24 Iwirada joined #salt
12:28 Psi-Jack heh
12:30 UtahDave joined #salt
12:37 snikkers joined #salt
12:39 Psi-Jack Ahh, there's UtahDave . ;)
12:40 UtahDave hey!
12:40 Psi-Jack Heh.
12:41 Psi-Jack Where are bugs for salt reported/searched? I found one yesterday that's rather.. Interesting, yet persistently random. :)
12:41 mekstrem https://github.com/saltstack/salt/issues?state=open
12:41 mekstrem ?
12:43 amahon joined #salt
12:44 Psi-Jack Hmmm
12:44 Psi-Jack Really? Github's interface? With no search?
12:44 mekstrem at the top
12:44 mekstrem search this repository
12:44 Psi-Jack YEah, doesn't seem to actually search issues.
12:44 mekstrem it does :)
12:45 Psi-Jack I literally just put in the top issue showing, #8720, the subject line, and it didn't match it.
12:45 mekstrem i searched for my issue that i posted today and found it
12:46 __number5__ put less in your search string :P
12:46 mekstrem try "Distribute win32gui module"
12:46 Psi-Jack I did.
12:46 mekstrem and you will get a hit for that #8720
12:46 Psi-Jack I did Distribute win32gui, and it failed to match.
12:47 mekstrem i have no problems
12:47 Psi-Jack Ahh now it works. So, it's basically, fulltext search, which is horrible. :(
12:47 * Psi-Jack will not be using this for filing bugs.
12:47 mekstrem how will you be filings bugs if not this way?
12:48 Psi-Jack Well, since there's no other way, I'll report bugs by IRC at best. Let the devs handle if they want to acknowledge it. :)
12:48 mekstrem I think they will tell you to create an issue at github xD
12:49 Psi-Jack But, when the bug reporting system itself is so horrible and broken, and can't be used to identify if the bug you're considering reporting is already reported or not, then I don't feel the desire to waste my time on it.
12:50 mekstrem Tbh i do not get what you mean with broken reporting system or search? I think it's fine.
12:50 _ikke_ How can I put files in the home dir a of a user? I see only ways to put them in a static place
12:50 Psi-Jack I mean, yesterday, I found a really wierd and unusual bug that just makes no sense, and it's totally random. Random hosts, random state that uses either a sourced file or directory.recurse, it just randomly faults with an error.
12:53 UtahDave Psi-Jack: I had someone report what sounds to be the same issue you're running into today
12:53 mekstrem Psi-Jack: i tried to search for "win32gui" and i got hit on issue #8720. Here i did just search for a keyword and got hit. I still can't get what you mean with full text search
12:53 mekstrem githubs search is fine :)
12:53 Psi-Jack mekstrem: It means it only searches whole words. If you did a search for "win32" it won't hit that. :p
12:53 UtahDave Psi-Jack: are you able to reliably trigger it?
12:54 mekstrem Psi-Jack: well you can filter by code or issue
12:54 Psi-Jack UtahDave: I am actually. I have a 21-node setup where any of my states that source a file, or source a directory.recurse (which is most, since they pull in PAM rules and zabbix trapper agent scripts on every server), it will randomly fail one node during a state.highstate,.
12:55 Psi-Jack Well, not fail the node, but fail the actual state within that node, and any required states related to it.
12:55 Psi-Jack Bug in 0.17.1 -- http://paste.hostdruids.com/view/c8c9ba54  -- here's a likely bug I found that randomly keeps popping up with various sourced files and directory.recurse's. And the stack dump related to it, same thing for both, every time this error randomly pops up, on random hosts.
12:56 Psi-Jack That stack dump and output is related to a single sourced file, while I have other situations where it happends on a directory.recurse, which makes my error count 10, because of requires. :)
12:57 Psi-Jack Exact same Traceback on every case, though.
12:58 oz_akan_ joined #salt
12:59 jslatts joined #salt
13:13 VSpike UtahDave: is bootstrapping Windows on EC2 any easier, out of interest? :)
13:15 VSpike I created a rackspace windows instance and opened port 445, then created an image of it which takes about 30 minutes. Turns out you can use a saved image from salt-cloud, but creating a VM from the saved image takes > 15 minutes and eventually Openstack just seems to give up and delete it.
13:16 VSpike That's not a salt-cloud issue - same from their web interface
13:16 VSpike Rackspace Cloud has a very half-finished feel to it :/
13:17 Psi-Jack Heh.
13:17 Psi-Jack Rackspace.. My last company I worked for used them. Never ever EVER, will I recommend their trash to anyone.
13:18 ingwaem joined #salt
13:21 sebest joined #salt
13:21 frantou joined #salt
13:22 sebest joined #salt
13:24 VSpike Hm, really?
13:24 VSpike Why's that?
13:25 Psi-Jack Yes. They had literal days of downtime because of a bad hardware setup. (They call it "Cloud", I call it what is it), a server with a RAID-10 4-disk setup shared with 7 other users, they had a single HDD go down, and it was literally 2 days to recover.
13:25 Psi-Jack Stuff like that, happened multiple times a year.
13:26 debasish joined #salt
13:26 VSpike that's not good.
13:26 Psi-Jack Yeah. My best example, too, because that was a critical database server.
13:27 VSpike The people who work there are really friendly, the support people are generally knowledgeable, and the corporate culture is appealing
13:27 VSpike But if their product is no good, none of that really helps
13:27 Psi-Jack Sure. Friendly. Apologetic. They'll kindly apologize to you repeatedly, while you yell at them for telling you the already 1-day time span of your server being down is still being worked on.
13:28 Psi-Jack heh
13:28 VSpike I worked for a company before that got pushed into buying a really expensive hardware MS-SQL cluster with SAN backend which was not really needed. Then they wouldn't let them out of it.
13:28 Psi-Jack Their backup system is flawed too.
13:28 VSpike I've mentioned that to the sales people this time around and they keep insisting that should never happen, that they are totally flexible, etc etc
13:29 Psi-Jack They claim it's just tarring up the files. But tar doesn't have issues with directories with 2M indexes, theirs magically seems to fail and time out trying.
13:29 VSpike Are any of the other public clouds any better, though?
13:30 Psi-Jack Which, if you have 30 servers all waiting for backup, your whole line will fail because one timed out trying.
13:30 Psi-Jack Absolutely.
13:30 Psi-Jack Amazon's alone is miles better. LIterally, miles better.
13:31 VSpike Interesting
13:31 Psi-Jack In 2012 alone, I had to call Rackspace over 100 times, easily.
13:31 viq No idea about how good they are, but I heard about https://www.oktawave.com/index.html and their machines are insane fast, as they keep storage on ramdisks
13:31 Psi-Jack I've called Amazon a grand total of 0 times. ;)
13:32 VSpike I had a short-list of 3 in the end. Racksapce, AWS and Azure
13:32 Psi-Jack I use Digital Ocean for a personal tiny VPS, because it was $5/mo on SSD storage.
13:32 blee_ joined #salt
13:32 Psi-Jack Their system isn't perfect, but I don't have high demands on them. :)
13:32 VSpike What I wanted to do was build my stuff on all 3, since a lot of these problems and irritations you only find out when you try to use the product. Then, I wanted to run tests and benchmarks on all of them. Unfortunately, the PHB said that would take too long
13:32 Psi-Jack heh
13:33 VSpike So I had to pick the top one on the list and go with that... and only fall back to #2 if that one proved unworkable or unsatisfactory
13:33 Psi-Jack Amazon is nice, though their enterprise cloud stuff can be a bit confusing and all, at first.
13:33 Psi-Jack Or whatever they call their "private" cloud groups.
13:33 VSpike The ordering was fairly arbitrary. The prices were similar, although AWS was only competitive if you go for the reserved instances.
13:34 VSpike VPC
13:34 Psi-Jack Yes, VPC. :)
13:34 VSpike Yeah, that is confusing. Also, none of the routers we have want to connect to their VPNs
13:34 Psi-Jack Their VPC's is excellent stuff.
13:34 Psi-Jack I think we're connected using a Cisco ASA, no issues.
13:35 VSpike We use pfSense here, and I've not seen any info on anyone actually making it work
13:35 Psi-Jack All internet traffic is routed via our VPN and out through our own network.
13:35 VSpike Seems if you use Cisco or Juniper you're good, otheriwse you're SOL
13:35 Psi-Jack Oh... Bleh.
13:35 Psi-Jack yeah, pfSense.. No thanks. :)
13:35 __number5__ AWS required BGP routing for VPC/VPN
13:35 Psi-Jack I /hate/ BSD's pf.
13:35 VSpike Aw, I love pfSense :)
13:36 Psi-Jack pfSense itself is okay. It's pf that sucks about it. :)
13:36 __number5__ but they dropped the requirements few months ago I think
13:36 VSpike What's wrong with pf?
13:37 Psi-Jack Last matching rule wins, instead of first matching rule. Bass-ackwards.
13:37 VSpike I've never noticed that in pfSense. That works as you'd expect.
13:37 Psi-Jack Organizing in reverse is just silly. :)
13:37 slav0nic does salt have any states for create temp dir? (it will be remove after state finished)
13:37 Psi-Jack pfSense is the same. It's still bass ackwards. :)
13:38 Psi-Jack If you setup any kind of complex firewall rules, it will bite you if you don't know that.
13:38 viq Psi-Jack: or you could just use 'quick' in rules if that bothers you
13:38 viq Psi-Jack: not knowing the software you're configuring will bite you, no matter what it is
13:40 VSpike My pfSense book here says "Remember the first matching rule wins - no further rules are evaluated"
13:40 Psi-Jack This is true.
13:40 Brew joined #salt
13:40 ipmb joined #salt
13:40 Psi-Jack VSpike: Then current versions of pfSense are making all rules "quick" by default.
13:42 brianhicks joined #salt
13:42 VSpike Could be. This book was written about 1.2.3 but mentions upcoming 2.0
13:42 Psi-Jack heh
13:43 Psi-Jack My firewall/routers are CentOS 6-based virtual machine instances utilizing shorewall for structured rule management. :)
13:44 krak3n` joined #salt
13:44 Psi-Jack In an HA setup. I can shutdown one firewall and the other will immediately takeover with only a minimal packet loss (maybe 2 packets will be lost in high traffic situations).
13:44 VSpike Yeah, the pfSense ones do that too
13:44 ipmb_ joined #salt
13:44 Psi-Jack Using CARP, sorta-kinda, but not nearly as good. Much higher packet loss rate than mine. :)
13:45 IJNX joined #salt
13:45 VSpike Fair point, I've never tried to measure it
13:46 Psi-Jack hehe
13:46 mgw joined #salt
13:46 VSpike What does it use for HA?
13:47 Psi-Jack Pacemaker and ConntrackD. Pacemaker for the CRM, and conntrackd to track and replicate connection details. So literally, both firewalls knows what's going in and out, but only the active one handles them.
13:47 Psi-Jack As it's failing over, it flushes the connections on the old, and the new activates them all on itself, and keeps them going.
13:48 Psi-Jack I shut the virtual power off one firewall during the time my roommate was playing a high speed game, League of Legends, and he never knew. Never had any issues, or bad ping. It just flawlessly continued like nothing happened. ;)
13:49 VSpike Nice
13:51 jankowiak joined #salt
13:53 jY maybe i'm overlooking this in the docs.. but if I have - source: salt://tripwire/Makefile where should the Makefile be located on the filesystem on the master?
13:54 __number5__ jY: normally /srv/salt/tripwire/Makefile
13:54 jY ok thanks
13:55 __number5__ that's based on your file_roots settings in /etc/salt/master
14:02 brimpa joined #salt
14:02 jumperswitch joined #salt
14:05 mapu joined #salt
14:07 shinylasers joined #salt
14:09 imaginarysteve joined #salt
14:12 Niichan joined #salt
14:12 slav0nic can anybody help with state http://bpaste.net/show/zGgw0BjLcYVNovIBUd4b/ ? as i can run `download-src` only if it needed in `build` (when unless failed)?
14:12 Gifflen joined #salt
14:13 oz_akan_ joined #salt
14:15 oz_akan_ joined #salt
14:16 racooper joined #salt
14:17 teebes joined #salt
14:18 juicer2 joined #salt
14:22 bhosmer joined #salt
14:23 halfss joined #salt
14:24 halfss joined #salt
14:27 scott_w joined #salt
14:28 halfss joined #salt
14:31 halfss joined #salt
14:36 halfss joined #salt
14:36 linuxnewbie joined #salt
14:36 linuxnewbie joined #salt
14:39 mannyt joined #salt
14:41 halfss joined #salt
14:43 halfss joined #salt
14:43 alunduil_ joined #salt
14:43 elfixit joined #salt
14:44 halfss joined #salt
14:45 halfss joined #salt
14:47 halfss joined #salt
14:48 halfss joined #salt
14:49 halfss joined #salt
14:51 jumperswitch_ joined #salt
14:51 kaptk2 joined #salt
14:55 gmoro joined #salt
14:56 mgw joined #salt
15:00 mannyt_ joined #salt
15:02 halfss joined #salt
15:04 Chocobo joined #salt
15:04 Chocobo joined #salt
15:06 tdillio joined #salt
15:13 halfss joined #salt
15:15 scott_w joined #salt
15:16 quickdry21 joined #salt
15:18 PoLuX joined #salt
15:24 sciyoshi joined #salt
15:25 forrest joined #salt
15:25 sroegner joined #salt
15:25 opapo joined #salt
15:36 mapu joined #salt
15:41 Gifflen joined #salt
15:43 halfss joined #salt
15:49 smccarthy joined #salt
15:49 imaginarysteve joined #salt
15:51 Khollowa_ joined #salt
15:52 forrest basepi, whiteinge did a way better job explaining merge in formulas than I would have. Still needs some fleshing out via example, but his explanation is great.
15:54 oz_akan_ joined #salt
15:56 pdayton joined #salt
15:56 mapu joined #salt
15:57 HeadAIX joined #salt
15:58 fink_ployd joined #salt
15:58 amahon joined #salt
15:59 dan_johnsin joined #salt
15:59 cachedout joined #salt
16:00 dave_den slav0nic: you can just move the '- unless: test -e /usr/local/bin/python2.7' to download-src. Since 'build' requires download-src, it makes sense to do your check to see if python is already installed in download-src.
16:01 jumperswitch joined #salt
16:01 viq forrest: do you have a link to that explanation?
16:01 bemehow joined #salt
16:02 esogas left #salt
16:02 Ryan_Lane joined #salt
16:02 forrest https://github.com/saltstack/salt/commit/0683224e10cb646a117e4dabde8df474663452af
16:02 forrest the docs haven't been rebuilt yet today viq
16:02 forrest I think whiteinge might still be doing it manually
16:02 m_george joined #salt
16:02 forrest or the automated procedure broke sometime in the last week :P
16:02 viq hehe
16:02 slav0nic dave_den, will try, but file.managed have unless condition?
16:03 m_george left #salt
16:03 forrest If he doesn't beat me to it I'll add some examples showing how a map relates to the pillar, what get's modfied, etc. As I think for that examples are the easiest way to understand it.
16:03 mgw joined #salt
16:04 viq That would be great
16:04 basepi forrest: woot! Thanks for the update.
16:05 forrest basepi, I didn't update it, all credit to whiteinge :P
16:06 utahcon can sls files only access the variables set within themselves?
16:06 viq utahcon: pillars are a good place to set variables
16:06 utahcon alright
16:06 btorch morning
16:07 utahcon perfect thanks viq
16:08 dave_den slav0nic: good point. make a new state called 'check_for_python27' and have it run the check and use the unless. have the other states require that
16:08 slav0nic heh, tnx for idea
16:08 viq utahcon: but be aware, if you want to reference other pillar data in a pillar, you're in for a world of pain
16:09 utahcon hmm, I'll keep that in mind
16:09 cheus_ joined #salt
16:09 matanya joined #salt
16:11 basepi forrest: I know, but you still made it happen. ;-)
16:12 cheus_ Hi, is it possible to have a 'dynamic' state tree that can blend roots from a master as well as local application-specific states?
16:12 forrest Woooo, filing issues because I'm too dumb to figure it out myself, aww yes.
16:12 viq cheus_: "if <something> include state", yes
16:13 forrest viq++
16:13 viq cheus_: though, uhm, what do you mean "local application-specific states"
16:13 cheus_ Hi, is it possible to have a 'dynamic' state tree that can blend roots from a master as well as local application-specific states?
16:13 cheus_ ack, sorry
16:13 cheus_ I have a situation where we have roughly 20 applications each load balanced, on average, across four nodes. I'd like all 80 machines managed by a master but want to be able to package application-specific states with the deployed applications rather than pollute my master tree with application-specific contributions from 20 different dev teams of questionable trust/quality.
16:14 Gifflen_ joined #salt
16:14 forrest so you want to pull from local states on the minions?
16:14 mr_chris dave_den, forrest, and fatbox. The advice you gave me was useful. We're in a much better state now.
16:14 cheus_ forrest, during deployment, yes, without the master having to know about the application local pieces
16:14 forrest mr_chris, sweet! Did the suggest dave_den provide regarding the file handles clear things up?
16:15 forrest cheus_, Is there a reason you don't want to write application specific states, then configure your top file so only specific machines get those states from 'questionable' teams?
16:15 forrest bah meeting, back in a few
16:15 mr_chris forrest, That was likely it. I also moved the high.state calls on each minion out of cron and into the scheduler.
16:15 mr_chris Other thing I need to do is stagger when each one hits. It floors the CPU when they all run at the same time.
16:19 modafinil quick question about custom grains: if i have one on my master, when my minions FIRST highstate, can i use that grain? or does it take one run to 'distribute' before i can look at the values?
16:19 Jahkeup joined #salt
16:19 cheus_ forrest, I want the devs for each respective app to be responsible for the app states (eg, a django app needs python, a drupal needs php-mysql, etc) but I don't frankly trust them enough to give them the ability to commit their changes to the master tree where every minion could be affected. At the same time I don't want to slow deployment, qa, etc by forcing every 'update' from dev to have to go through a review by me.
16:20 gmoro joined #salt
16:20 viq cheus_: I believe environments and gitfs could be what you're looking for
16:22 mohae joined #salt
16:22 blafountain joined #salt
16:22 viq Or maybe even without environments
16:23 blafountain any salt-cloud users here?
16:24 viq blafountain: are you conducting a survey, or have an actual question? ;)
16:24 blafountain actual question :)
16:24 viq Then asking it may be an idea ;)
16:25 blafountain so i was able to run salt-cloud locally on my development machine and using all of the command line switches pass all of the configuration files (instead of using the defaults) and was able to create a remote machine from my local development machine
16:26 blafountain where normally all of the documentation talks about running it on the same machine as the master
16:26 bitz joined #salt
16:26 carmony UtahDave: whoa, you're up still? :P
16:26 cheus_ vitq, Already using the gitfs backend but since it's a single repo it doesn't save me from having to either give all app dev teams access to all states or, having to set up one gitfs backend on the master for every application. The latter I could do, it would just be clumsy.
16:27 blafountain viq: so the only weird thing about it, is i need to run it as sudo locally.. if i don't i get an error talking about running it as the same user as salt-master (ie root)
16:27 btorch is it possible to add comments to sls files ?
16:27 viq btorch: # usually works
16:27 blafountain [CRITICAL] Salt configured to run as user "root" but unable to switch. Usage: salt-cloud  salt-cloud: error: salt-cloud needs to run as the same user as salt-master, 'root', but was unable to switch credentials. Please run salt-cloud as root or as 'root'
16:27 viq cheus_: well, ideally they would have their own repos anyway to track their own changes, neh?
16:27 blafountain viq: but... there is no real reason that it needs to run as the same user as salt master
16:28 Jahkeup joined #salt
16:28 blafountain in this case i'm not even running a salt master yet, i'm trying to bootstrap that process
16:28 viq blafountain: I know nothing about salt-cloud, but maybe someone here does. Asking the question gives them a chance to pipe up instead of guessing ;)
16:29 IJNX joined #salt
16:30 gkze joined #salt
16:31 smkelly joined #salt
16:31 blafountain viq: okay, thanks anyways
16:32 cheus_ viq, Absolutely.
16:33 heewa joined #salt
16:33 viq cheus_: then what's the problem? ;)
16:35 jalbretsen joined #salt
16:35 ddv joined #salt
16:36 kermit joined #salt
16:36 viq cheus_: alternatively, you could set up a syndic/master per group, and all of them tied to a central master
16:37 viq cheus_: so a central master could push out global settings, but each group would have a local master they have full control over
16:37 cheus_ viq, Well in my head (because I'm just sketching it out right now), it would happen through  minion-specific file roots (eg, a minion might have the master root but also some type of local gitfs directive)
16:38 cheus_ viq, Really??? Now that's neat, I'll admit that I last really dug in around 14.0 and it was just quietly working in the background, I didn't realize grouping like that was possible. That might change how I decide to architect things
16:39 viq cheus_: that's what I gathered from articles and docs I saw. That's the conclusion I reached, but I don't have absolute certainty that it is true and works.
16:40 tdillio On the topic of changing the salt-master user... I just tried to change my salt master to use a user I created called 'salt', when I try to start the master I get an error: "AttributeError: 'pwd.struct_passwd' object has no attribute 'gid'" any idea what this means?
16:41 dave_den tdillio, does the 'salt' user belong to any group?
16:41 lineman60 joined #salt
16:42 dave_den blafountain: you may want to post on the salt-users mailing list.
16:42 tdillio dave_den: just it's own group 'salt'
16:42 blafountain dave_den: okay, willdue
16:43 cheus_ thanks viq, I'll look into the syncdic bits and try to re-think some of this architecture
16:45 druonysus joined #salt
16:45 druonysus joined #salt
16:46 jumperswitch_ joined #salt
16:47 troyready joined #salt
16:47 tdillio dave_den: uid=500(salt) gid=500(salt) groups=500(salt)
16:47 dave_den tdillio: what version salt master?
16:47 tdillio dave_den: 0.17.1
16:48 xmltok_ joined #salt
16:49 carmony ok, salt-ssh, I have my ssh key that gets deployed to all the servers. However, that key has a passphrase, so salt-ssh asks if it wants to overwrite it
16:49 carmony I'd prefer to use that key then have to worry about deploying another key on there
16:49 dave_den tdillio: https://github.com/saltstack/salt/issues/8176
16:50 VSpike I think the ec2 windows bootstrapping in inherently broken
16:50 VSpike On salt-cloud, that is
16:50 tdillio dave_den: Thanks, I will try the workaround listed there
16:52 mapu joined #salt
16:54 btorch is salt ready for upstart scripts ?
16:54 VSpike Wah! Why does bootstrapping Windows have to be so /hard/??
16:55 forrest VSpike, look don't get angry at us that you actually have to do some work on Windows ok? :P
16:55 dave_den btorch: yes, salt has upstart scripts
16:56 VSpike forrest: heh. Don't you have a magic wand that can just make Windows vanish forever?
16:56 dave_den carmony: i don't think salt-ssh supports a passworded ssh privkey.
16:56 carmony dave_den: yup, that looks correct
16:56 forrest carmony, I can't find anything on that :\
16:57 forrest VSpike, nope, you have to suffer, sorry.
16:57 btorch dave_den: sorry I may have been a bit confusing there ... what I meant was, salt.states.service is capable of checking on services that uses upstart scripts ... right now I'm having issues due to that it seems
16:57 VSpike Damn. I thought when I started using salt it would be all unicorns and rainbows :/
16:57 forrest VSpike, heh.
16:57 heewa joined #salt
16:58 forrest VSpike, when UtahDave returns he might be able to offer some help on salt for windows. He might be at a client site this week though.
16:58 VSpike Yeah, he was here earlier but I think he's in Hong Kong, so he'll be asleep now
16:58 forrest ahh ok
16:59 modafinil for the record: it does appear that you can use custom grains on the initial minion run :D
17:00 dave_den btorch: what distro?
17:00 btorch dave_den: ubuntu 12.04
17:01 dave_den btorch: yes, it should use upstart on ubuntu for service.* functions
17:01 dave_den what's your issue?
17:02 KyleG joined #salt
17:02 KyleG joined #salt
17:03 btorch dave_den: sometimes is not able to reload/restart the services, upstart thinks it's still running when there is no process running ... I'm diging into it more but I think it may be some startup script issue actually
17:04 viq btorch: I've seen startup scripts (not upstart though) that would work from local terminal, but hang remotely
17:05 dave_den botrch: ok.  FYI, https://github.com/saltstack/salt/blob/develop/salt/modules/upstart.py is the module that is registered for 'service.*' functions on ubuntu minions.
17:05 mr_chris So if I needed to do an emergency downgrade to 0.16.4 on centos because 17 just royally broke our production environment, how would I do it? Unfortunately, we're not caching yum packages.
17:06 dave_den mr_chris: is the master also 0.17.1?
17:06 mr_chris It is.
17:06 dave_den what broke?
17:06 mr_chris It's not playing nice with my mysql user manage system that I used salt to build.
17:06 mr_chris So salt 17 is somehow doing something different with it.
17:08 redondos joined #salt
17:08 redondos joined #salt
17:08 backjlack joined #salt
17:09 BrendanGilmore joined #salt
17:10 BrendanGilmore joined #salt
17:12 dave_den mr_chris: http://rpmfind.net/linux/RPM/epel/6/x86_64/salt-0.16.4-1.el6.noarch.html
17:13 dave_den good luck
17:16 forrest :\
17:17 forrest yea the downgrade path.... is painful
17:17 Iwirada left #salt
17:18 dave_den mr_chris: also, you can install from git into a virtualenv and set SALT_USE_VIRTUALENV in /etc/default/salt-minion
17:18 forrest oh that's a good idea dave_den
17:18 dave_den https://github.com/saltstack/salt/blob/develop/pkg/salt-minion.upstart
17:19 mwmnj joined #salt
17:19 mr_chris Found the problem.
17:19 mr_chris War story in a few minutes.
17:19 gldnspud joined #salt
17:20 mgw1 joined #salt
17:39 amckinley joined #salt
17:39 quickdry21 I'm using the git state, with the rev = some tag. I've updated the tag (git tag -f mytag), but when I run state.highstate, the minions don't pick up on the fact that the tag has been updated. Is this normal behavior?
17:39 rajul joined #salt
17:43 dccc joined #salt
17:43 cachedout quickdry21: There was an issue fixed with the rev argument int the git state not too long ago. Have a look and see if it's similar to what you might be seeing. https://github.com/saltstack/salt/issues/8163
17:44 bhosmer joined #salt
17:49 cnelsonsic joined #salt
17:54 mr_chris OK kids. Story time.
17:56 g4rlic joined #salt
17:57 rgarcia_ joined #salt
17:57 mr_chris So there's this. http://docs.saltstack.com/ref/states/all/salt.states.mysql_user.html
17:57 anuvrat joined #salt
17:57 druonysus I am trying to make /etc/salt/minion dir read-only and 0.17.1 doesn't seem to like this, though 0.16.4 didn't really have a problem with this.
17:57 mr_chris In 0.16.4 you had to put a \ before a * in  password_hash.
17:58 mr_chris In 0.17 you don't have to anymore. In fact, the \ really throws things off.
17:58 KyleG left #salt
17:58 mr_chris So the MySQL user and grant system I built with salt suddenly changed all of our MySQL passwords on all of our servers with incorrect hashes.
18:00 viq ooh, how fun
18:01 UtahDave mr_chris: ouch!
18:01 mr_chris Now I feel like an ass for not testing more thoroughly.
18:02 g4rlic bet you wont' make that mistake again. :)
18:02 someguy joined #salt
18:02 mr_chris g4rlic, No indeed.
18:04 cachedout mr_chris: 0.17 or 0.17.1?
18:05 mr_chris 0.17.1
18:05 Psi-Jack utahcon: Yeah, MEGA ouch.. heh
18:05 alunduil joined #salt
18:06 Psi-Jack UtahDave: ^^
18:06 carmony UtahDave: dude, its 2 am there :P
18:06 bhosmer_ joined #salt
18:08 hazzadous joined #salt
18:09 UtahDave carmony: yeah, i woke up because I had left the tv on.
18:09 carmony UtahDave: lol, hows the jet lag?
18:09 dave_den mr_chris: were you setting the password with 'password' or password_hash?
18:10 someguy was looking through the docs... basically want to know if i have two roles that overlap if i can guarantee an override.  for example. a core role for all servers that includes management of resolv.conf.   a dns_cache role for dns_caching servers that also manages resolv.conf.  is an override like this possible or must everything be mutually exclusive?
18:10 jhulten joined #salt
18:11 UtahDave carmony: not bad at all, actually.  I stayed awake the entire flight here so when I got here at 8 pm I was able to go to sleep fairly quickly
18:11 carmony UtahDave: thats the best way to do it
18:13 cro UtahDave: Going that way has never been a problem for me.  It's coming home that wipes me out.
18:13 cro Your trip is relatively short though.
18:14 UtahDave cro: Yeah, I'm a bit worried about that. I'm planning on being in bed the rest of the weekend when i get home.  :)
18:14 carmony UtahDave: good plan :)
18:14 carmony then again, if you keep staying up late
18:15 carmony you might be just wrecked mid-trip :P
18:15 diegows github issues require approval?
18:15 diegows or github is failing ? :P
18:16 UtahDave Psi-Jack: Hey, that's some great info on that bug.  Could you open an issue on that on Github?
18:17 Psi-Jack That one I mentioned from earlier?
18:17 Psi-Jack This early AM?
18:17 ajw0100 joined #salt
18:18 Psi-Jack The one where I mentioned I /hate/ github's bug tracking system and that I won't use because it's a horrible system that's too flawed for practical use?  :)
18:22 UtahDave Psi-Jack: :)
18:22 amckinley joined #salt
18:22 UtahDave Psi-Jack: don't worry about searching.
18:23 Psi-Jack Heh
18:23 UtahDave crud, looks like github is having issues creating new issues right now.   :)
18:24 mr_chris dave_den: password_hash
18:24 UtahDave Psi-Jack: just click this link: https://github.com/saltstack/salt/issues/new
18:24 forrest UtahDave, is Singapore awesome? You're eating good food I hope! :P
18:25 UtahDave Psi-Jack: then paste in what you did earlier
18:25 Psi-Jack UtahDave: Alright. I'll report it in a short bit, since you've at least requested it. ;)
18:25 Psi-Jack However, that link is fail. :)
18:25 Psi-Jack Well, it required me to login, anyway.
18:26 UtahDave thanks, Psi-Jack. That will be very very helpful.  I want to get that error fixed quickly
18:26 UtahDave forrest: food is great!
18:27 forrest Nice
18:27 forrest 2:30 AM there though and you're still up?
18:27 forrest lol
18:27 Psi-Jack UtahDave: No problem. I don't mind putting in bug reports, but when I can't search to determine if it's reported yet or not, that's a flaw I won't work around, except by communication. ;)
18:28 UtahDave Psi-Jack: thanks!
18:30 gkze joined #salt
18:30 scott_w joined #salt
18:30 Psi-Jack UtahDave: Kinda mid-changing out my work desktop when a whole slew of things happened. :)
18:31 UtahDave forrest: I fell asleep with the tv on and the noise woke me up a bit ago.  Then I made the mistake of opening my computer up.  lol
18:31 forrest Oh yea that was a bad plan
18:31 scott_w joined #salt
18:32 _ikke_ joined #salt
18:35 Geoff_ joined #salt
18:37 mapu joined #salt
18:37 Psi-Jack UtahDave: #8278 BTW. :)
18:38 Psi-Jack And as said, this happens on both source'd files, and directory.recurse. Very important. :)
18:39 UtahDave perfect, thanks!
18:39 Psi-Jack No problem.
18:39 UtahDave the guy I talked to today also saw it when using file.recurse, too
18:39 xmltok_ can a masterless salt minion use gitfs?
18:39 ctdawe joined #salt
18:40 forrest xmltok_, yea mine does
18:40 forrest oh gitfs, sorry I mean git resources
18:41 forrest xmltok_, my bad
18:41 xmltok_ yeah, i am trying to figure out a workflow for working on states in vagrant
18:41 mr_chris Has this been looked into yet by anyone? https://github.com/saltstack/salt/issues/8176 It's marked as closed but setting verify_env to False does not resolve it for me. I'd like to put some energy into it but wanted to know if anyone else has yet.
18:41 xmltok_ its fine if everything is in the repo i am working on, but if i want to pull in another formula, i need to clone it into the directory and the .git directories collide
18:42 mgw joined #salt
18:42 forrest xmltok_, yea. Uhh I'm not sure, I don't see why it wouldn't work, but I haven't tried it.
18:42 xmltok_ i think the salt provisioner was written to configure the vagrant vm with salt to do other things, not to work on salt configs themselves
18:43 xmltok_ or at least it doesnt jive well with the salt-formulas repos
18:43 forrest yea
18:43 forrest It doesn't explicitly say anywhere that it will work on the gitFS backend walkthrough
18:43 forrest but it does mention that the MASTER creates the bridge, so perhaps it can't
18:44 xmltok_ i set it up with the full master config but then when it runs state.highstate i cant see the output until its done, so that is kind of a bad experience for testing your local changes
18:44 forrest are you running it with -l debug?
18:44 mr_chris Nevermind. Just saw that it's fixed in the dev branch.
18:44 xmltok_ yeah, its here https://github.com/mitchellh/vagrant/blob/d154aafc0d7d8b9e4fe9242ab1c4ad313afa13ad/plugins/provisioners/salt/provisioner.rb#L301
18:44 Gifflen joined #salt
18:45 rlarkin joined #salt
18:47 matanya joined #salt
18:49 blee joined #salt
18:49 tdillio Can I use a directory with require_in? Do I use require_in: file.directory: /path/to/dir ?
18:51 matanya joined #salt
18:51 forrest tdillio, you should be able, I think require_in is one of the global items that you can use almost anywhere.
18:52 rgbkrk joined #salt
18:52 tdillio forrest: I'll give it a try, at least
18:52 forrest cool
18:55 tdillio forrest: yup, that worked, thanks forrest
18:56 matanya joined #salt
18:56 g4rlic UtahDave or forrest, any ideas why /etc/salt/pki/minion can't be mounted read-only?  When I try that, it gives me a traceback during salt-call.
18:57 amahon joined #salt
18:59 someguy so if i have two roles that would be applied to a server and the states in the roles conflict... would it be best to filter one of the states using the roles grain or is there something else built in?
19:00 btorch can the salt-master also be a minion to itself ?
19:01 racooper btorch,  yes, it can.
19:03 zz_Cidan joined #salt
19:03 UtahDave g4rlic: I'm not sure.
19:08 ajw0100 joined #salt
19:09 MTecknology btorch: I think that's rather standard practice
19:10 g4rlic UtahDave: Ok.  I ask because when it's mounted read-write, everything's cool..  It doesn't modify the contents of any of the files (verified by sha1sum), I think it just wants to update the file timestamps or something like that.
19:10 MTecknology someguy: If a grain is enough to distinguish them, then in top.sls, only apply each state to servers matching that grain
19:10 g4rlic I can probably get away with what I'm doing just letting that one particular portion be mounted read-write, but I was hoping to get all of it read-only.
19:11 UtahDave g4rlic: you might try setting  verify_env: False   in your config
19:11 g4rlic Will try that momentarily. ;)
19:11 MTecknology someguy: example that I use... http://dpaste.com/1443530/
19:15 fishpen0 joined #salt
19:15 scott_w joined #salt
19:21 imaginarysteve joined #salt
19:23 hazzadous joined #salt
19:26 zooz joined #salt
19:29 dfinn joined #salt
19:29 dfinn is it possible to have salt run through all the minions and if it finds a certain file then it runs a command?
19:30 ddv joined #salt
19:30 jslatts is anyone here using gitfs for their state/pillar backend?
19:31 jgelens joined #salt
19:31 jesusaurus jslatts: ive played with it and plan on moving my staging and then production environments to it soon
19:31 gkze joined #salt
19:32 someguy MTecknology:  Thanks, concluded it would be best if I just have one state file.  I want to use a different source for a managed file depending on the grain... whether or not it is a dns caching server.  I was thinking I would need to do something like this  http://pastebin.com/EtzQCKMs
19:33 jslatts dfinn: salt '*' cmd.run 'if [ -e /home/jslatts/somefile]; some command; fi
19:33 dfinn well, that's pretty simple.  and easy.  thanks!
19:33 karlgrz joined #salt
19:34 jslatts dfinn: bash script may need some help, but thats what i would do
19:34 jslatts jesusaurus: how do you currently keep your prod and staging environment separate? I am using the environments feature right now and it seems like using branches to manage that would be annoying
19:34 gkze ^ seconded, I am also interested in separating envs
19:34 MTecknology someguy: that sounds like a fine use case for pillars
19:35 karlgrz jslatts: agreed...pillars
19:35 jesusaurus jslatts: i use a single state environments and multiple pillar environments
19:35 MTecknology dfinn: cmd.run with -unless:
19:35 jslatts karlgrz, jesusaurus: i do use pillars as well and I was going to put them on gitfs as well which just pushes the problem to the pillar side
19:35 jesusaurus the hard part is testing formulae before committing them to master
19:36 jslatts its not like you can really merge between the "environment" branches... they really should be separate subdirectories in a single branch on git
19:36 gkze well you'd test the dev pillar first on a separate branch before merging to master right?
19:37 gkze so how do you actually deploy changes that you have been testing on dev?
19:37 jesusaurus gkze: yeah, but how do you test changes to your top file if your top file is only active in the master branch?
19:37 jslatts gkze: if you are using the pillar system to managing thing like production IPs (like the location of a DB) then it may not ever match between dev and prod
19:37 Khollowa_ joined #salt
19:37 gkze oh right
19:37 jslatts i was thinking I would actually just have a single state and single pillar env and use separate salt masters
19:37 someguy MTecknology:  good point... thanks for the redirect.  got into the jinja tutorial and got some tunnelvision i think.
19:38 jesusaurus my plan is to use gitfs for the state directory, which is only a single environment. then use multiple git repositories for pillars: putting each environment in its own git repo
19:38 jslatts and have each master point to a specific branch. that would mean that I have to do something funky to manage values that diverge between environments
19:38 gkze jslatts: if you use separate salt masters would you always have to keep the branches separate too?
19:39 gkze sorry you answered it
19:39 amahon joined #salt
19:39 jslatts gkze: yeah, not ideal
19:39 jslatts which is why I'm asking around
19:39 gkze you could have one repo just for states and two separate repos for pillar envs
19:39 jesusaurus yeah
19:40 gkze and you would deploy them onto the masters accordingly
19:40 jslatts well, if you use separate masters you can point each one to a folder within the repository
19:40 gkze that's also true
19:40 jslatts so pillar/qa and pillar/prod could be used
19:40 gkze yeah something like that
19:40 gkze still sounds funky to me
19:41 gkze not as streamlined as a Puppet workflow
19:41 jslatts ideally, I could take the existing file mapping style which allows that on the file system and use git the same way
19:41 jesusaurus gkze: i agree, puppet's dynamic environments is nice
19:41 jesusaurus jslatts: what do you mean?
19:42 noob2 joined #salt
19:42 jslatts let me make a gist
19:43 gkze jesusaurus: the reason I can't be at ease with that is because that makes a pillar repo per env and you don't know how many envs you may scale to
19:43 gkze so you could try submodules
19:43 MTecknology gkze: I have one environment... It's called ProTest
19:44 jslatts this is kind of what I would like:
19:44 jslatts https://gist.github.com/jslatts/7324951
19:45 jslatts whups
19:45 jesusaurus gkze: i dont think that using submodules is any more scalable than just using separate modules, but i also dont think that your environments will scale out to the numbers that would cause problems
19:45 jslatts formatting
19:45 jslatts one sec
19:45 jslatts updated
19:46 bemehow joined #salt
19:46 Striki joined #salt
19:47 ckao joined #salt
19:49 jesusaurus jslatts: oh, so you want the environment to be independent of the git branch?
19:50 jslatts jesusaurus: yes. I would like to use the git branching as a way to move between test and prod versions of the repo. My config values are different per environment and i will never be able to merge dev into qa anyway
19:50 jslatts it seems like abuse of source code control to me :)
19:51 g4rlic UtahDave: verify_env: False totally did the trick.  Thank you. ^_^
19:51 jslatts branches are meant to be merged. but if master is not meant to represent the current trunk of the source tree, then things get very strange
19:51 jgelens joined #salt
19:51 bemehow joined #salt
19:51 jesusaurus true
19:53 jslatts guess i'll stick with filesystem for now
19:59 SEJeff_work Does anyone know why salt 0.17.1 would say "Undefined jinja variable" for loop.counter?
19:59 SEJeff_work which is a native jinja variable?
19:59 SEJeff_work UtahDave, ^^
19:59 SEJeff_work It is most def a bug
20:01 jhulten joined #salt
20:02 MTecknology SEJeff_work: an o "oh" and 0 "zero" are not the same thing!
20:03 hazzadous joined #salt
20:04 bemehow joined #salt
20:05 jhulten_ joined #salt
20:06 forrest tdillio, np.
20:06 forrest g4rlic, sorry I was at lunch, looks like you got it though.
20:07 forrest g4rlic, I'll make a note to update that.
20:08 KyleG1 joined #salt
20:10 forrest g4rlic, https://github.com/saltstack/salt/issues/8281 if you wrote up docs by chance :P
20:10 MTecknology Is there anything yet that exists to have salt build reports of minions? disk usage, updates available, etc.
20:10 AdamSewe_ joined #salt
20:12 forrest Mtecknology, not as far as I'm aware. Halite has some general reporting regarding jobs run and grains from the minions, but other than that, nope.
20:13 micko joined #salt
20:14 forrest I've actually never even pulled what updates are available for a system using salt..
20:15 terminalmage joined #salt
20:16 MTecknology I'd like to do that...
20:17 forrest yea I honestly don't know how you would.
20:19 MTecknology I could probably write a quick little system to go pull available updates, format them, and export a nice pretty html page; I'd just prefer avoid reinventing the wheel if possible.
20:19 forrest are you talking about available updates from states?
20:20 forrest or actual package updates that are available?
20:20 forrest I've never tried to query all package updates via salt, what command would you use?
20:21 MTecknology for debian; apt-get -u upgrade
20:21 forrest oh you wanna run it as a normal command
20:21 forrest sorry I meant salt module command
20:21 forrest not just a standard cmd call
20:22 MTecknology I'd end up parsing return from cmd.run
20:22 forrest yea
20:22 forrest that's how I'd do it too, ok cool. I thought you were using some other module
20:22 MTecknology I don't think any module does that...
20:22 forrest That's why I was so curious :P
20:22 MTecknology Maybe this is an opportunity for me to make another contribution!
20:23 forrest that could be cool
20:26 MTecknology forrest: aptitude -F%p --disable-columns search ~U
20:26 MTecknology I bet there's a way to use dpkg for that...
20:26 sciyoshi MTecknology: salt '*' pkg.list_upgrades
20:27 MTecknology or... if we read the docs, as sciyoshi did, we would know it's already been done...
20:27 TheRealBill grrr. with 0.17.1 I am getting new minions unable to authenticate w/the master (which is 0.17.1 as well), followed by a "update to 17.1 or remove the master public key" in the log. removing it causes an RSA error follwed by a repeat of the cycle,
20:27 sciyoshi :P i use it a lot so i knew about it
20:28 TheRealBill it appears to be issue 6699 all over again.
20:28 sciyoshi MTecknology: but nothing i know of that takes all of those things and makes a nice report out of them
20:31 MTecknology salt '*' pkg.list_upgrades --out json > /var/www/data/updates_available.json  ;; then a bottle.py application that reads and renders that file
20:32 MTecknology I think I might build something like that and then toss it onto github. It would be really really simple, but also effective.
20:32 _ikke_ joined #salt
20:33 forrest bootstrap3 + google graphs go!
20:33 jgelens joined #salt
20:33 MTecknology I have a tendency to use rather raw stuff...
20:33 craig joined #salt
20:34 bemehow joined #salt
20:37 viraptor_ joined #salt
20:38 forrest sciyoshi, awesome
20:38 hjubal joined #salt
20:38 hjubal joined #salt
20:40 viraptor_ hi all, does anyone know how to add a custom state to the system? when I added it to {extension_modules}/states/ufw.py it works for state.single, but not for state.highstate ("State ufw.logging found in sls ufw is unavailable")
20:41 cheus_ joined #salt
20:43 KyleG1 viraptor_: You have to setup your top.sls file
20:44 cheus_ joined #salt
20:44 KyleG http://docs.saltstack.com/ref/states/top.html
20:44 KyleG joined #salt
20:45 GradysGhost joined #salt
20:45 viraptor_ KyleG: err... I guess I didn't explain enough - the top itself is setup as I want, but I've got a custom state I created (ufw.py) - now I'd like it to be found when I reference it in the .sls files
20:46 GradysGhost I'm back with details on a problem I've been seeing for a few days and wasn't confident enough in my config to note here. The following is a portion of the output of a show_highstate run against a particular server: http://pastebin.com/veFSRuPF
20:47 ajw0100 joined #salt
20:47 GradysGhost It shows that a managed upstart script should be placed. However, running a highstate on the same server results in no changes or mention of this change.
20:47 GradysGhost And the file is certainly not in place.
20:47 jgelens joined #salt
20:47 viraptor_ KyleG: (without rebuilding the salt package itself to properly add it preferably)
20:47 GradysGhost What might cause salt to report a correct definition of a highstate, but not to actually apply that.
20:49 hazzadous joined #salt
20:51 karlgrz Anyone know how to call rake using a specific ruby@gemset version?
20:51 karlgrz Or, any command, for that matter?
20:52 karlgrz A gist may help explain....
20:58 fwiles joined #salt
20:58 isomorphic joined #salt
21:01 karlgrz Ok, here's the states in question re: rake with rvm problem
21:01 karlgrz https://gist.github.com/karlgrz/7326233
21:01 karlgrz Of particular attention is in rake generate
21:01 karlgrz Desired outcome is to have rake generate executed within the rvm ruby and gemset I specify there, but it looks like it doesn't successfully use rvm
21:04 dave_den karlgrz: cmd.run will not be using rvm
21:05 karlgrz dave_den: no matter what I specify, I take it? So do I need to use a script that sources rvm/gemset and call THAT from the state?
21:06 dave_den no, looking at your gist
21:06 dave_den you have rvm installed under the 'services' user
21:07 dave_den so, you can either set a default rvm and any cmd.run with '- runas: services' should default to that ruby/gemset
21:07 karlgrz yes, which is exactly what I want
21:08 karlgrz hmm...I'm ok with that
21:08 dave_den or you can use cmd.run to call the full path of your rvm@gemset
21:08 karlgrz I thought the require would have specified that
21:08 karlgrz I have zero problems with a default, I'll try that. Thank yoU!
21:09 dave_den which would be something like /home/services/.rvm/wrappers/ruby-1.9.3-p286@mygemset
21:10 dave_den rather /home/services/.rvm/wrappers/ruby-1.9.3-p286@mygemset/ruby
21:10 g4rlic forrest: What would you like me to add to that issue?
21:10 _ikke_ I have a set of php scripts, that each return the firewall rules for a specific machine. Is there a good way to manage this with salt (run the script, put the output in a file on the minion)?
21:11 forrest g4rlic, nothing
21:11 forrest g4rlic, I was just saying if you wanted to add a note to the docs I created an issue for it
21:11 dave_den _ikke_: what do you want to do with the output from php?
21:11 _ikke_ dave_den: The output is basically a bash script
21:12 dave_den so what do you want to do with it?
21:12 g4rlic forrest: got it.  But I'm thinking that what I'm doing here is so corner-case left-field that I can't imagine anyone else really running into this problem.
21:12 _ikke_ It needs to be placed on the minion, and be executed
21:12 g4rlic how often do you see someone who's bind-mounted /etc/salt/pki/minion read-only?
21:12 forrest g4rlic, all the more reason for it to be documented.
21:13 g4rlic fair point, since it does throw a stack trace when it happens.
21:13 forrest Probably no one else, so I'll have forgotten what the issue is.
21:13 _ikke_ dave_den: Currently, we manually execute the script, put the output in a firewall script, and execute it on the server (and have an init.d script to execute it on boot)
21:14 karlgrz It looks like everything I'm expecting to be there is in default gemset
21:14 dave_den _ikke_: either copy the php script down to the minion from the master with file.managed and execute it with cmd.wait, or just use cmd.script.
21:14 karlgrz Think I need to dig a bit deeper...
21:15 _ikke_ dave_den: Problem is that the php script is not on it's own, it uses a few other base scripts
21:16 dave_den _ikke_: http://docs.saltstack.com/ref/states/all/salt.states.file.html
21:16 errr joined #salt
21:17 karlgrz dave_den: typo in my rvm state...defaut instead of default...derp
21:17 _ikke_ dave_den: You mean the recurse option?
21:19 dave_den _ikke_: yes, you can use recurse to copy down an entire directory and subdirectory
21:20 dave_den or you can use jinja templating to loop a file.managed for each file you need.
21:21 _ikke_ Is it easy to create a php renderer?
21:22 g4rlic forrest: Ok, i've added a bit of background to the issue.  I'm guessing there's going to be some other folks working with template VM's that are salt controlled, as we are.  So probably good that it's a known gotcha.
21:23 forrest Yea I'm not even working with template VMs, I just like to have the docs as complete as possible
21:23 forrest this is a great update though.
21:23 forrest your comment
21:23 cewood joined #salt
21:24 g4rlic N/p, always happy to help out.
21:26 dave_den _ikke_: renderers are what provide the state data in proper format for salt to process.
21:27 _ikke_ right
21:27 _ikke_ But I was thinking about how one could juse jinja markup in managed files
21:27 _ikke_ s/markup/tags
21:28 _ikke_ But I guess that is executed on the minion, not on the master
21:28 gildegoma joined #salt
21:28 dave_den _ikke_: you can use jinja in file.managed.
21:28 indygwyn joined #salt
21:29 dave_den so if your files are php with embedded jinja to set things like variables or whatnot, you can use '- template: jinja' in file.recurse
21:29 _ikke_ yeah, but that's not really what I'm looking for
21:30 scott_w joined #salt
21:30 _ikke_ The ideal situation is something that does: php machine.php > machine.sh, and then use machine.sh as a managed file
21:30 dave_den if you can explain what you need, i'm sure there's a way :)
21:31 dave_den ok, and you are saying machine.php is executed on the master?
21:31 _ikke_ yeah, ideally, yes
21:33 dave_den i would create a custom runner that executes the php on the master, then let the minion's call it using peer_run
21:33 _ikke_ hmm, ok, going to read about runners
21:33 xl1 Is there a way to parameterize a state without having to write a group of sls/pillar/grain files? For example to assign a unique database name for each server, if the database state having a "name" parameter
21:34 gkze joined #salt
21:35 bemehow joined #salt
21:36 bemehow joined #salt
21:39 errr Is Joseph Hall in here?
21:39 forrest x11, in what sense do you mean 'unique'? I mean you could append grain data, but you don't wanna do that?
21:39 dave_den xl1: not quite sure what you mean. can you explain further?
21:39 forrest errr, I've never seen techhat in here (Joseph Hall)
21:40 errr forrest: ah ok thanks
21:40 forrest np
21:45 xl1 I find that I can edit /etc/grains for each minion, or write a pillar file for each of them, or a sls each, but I want to learn if there is there a centralized way to do so
21:45 scott_w joined #salt
21:46 MTecknology Cannot extend ID /etc/ferm/ferm.conf in "base:sys.packages.base". It is not part of the high state.   --  what?
21:46 xl1 the state is like "db:    database.present:    - name: a01" but "a01" need to be a different value for each minion
21:46 _ikke_ xl1: You could use jinja for this
21:47 xl1 _ikke_: but I don't know where to put the parameters for all the minions :(
21:48 _ikke_ xl1: What about pillars?
21:48 xl1 _ikke_: that's still one file per minion I guess?
21:49 _ikke_ Nope
21:49 dave_den xl1: if it's ok that your database minions know the other database minion's database.present 'a01', etc. names, then you can create one pillar file and apply that one file to all the database minions.
21:51 xl1 dave_den: that'll work :) thanks
21:52 dave_den MTecknology: ca you gist your state files with context?
21:52 dave_den xl1: no prob :)
21:53 dave_den MTecknology: or at least a bit more info
21:53 MTecknology I figured it out. I thought -require_in: would ignore things that didn't exist
21:53 dave_den ah
21:53 MTecknology dave_den: thanks, though! :)
21:53 dave_den glad you found it
21:54 MTecknology I'm trying to take my existing states and make them work with rhel crap too.
21:54 MTecknology Going from having salt do almost strictly debian states to moving those to handle rhel too... this will indeed a headache.
21:55 jslatts jesusaurus: you around?
21:55 jesusaurus jslatts: yep
21:56 jslatts jesusaurus: so I changed my mind and went ahead and made a test repo for git pillar. Did you end up having to do anything special to get it to work? salt keeps complaining when it tries to merge the pillar
21:56 jslatts "TypeError: list indices must be integers, not str"
21:56 foxx joined #salt
21:56 dave_den jslatts: what's the full traceback?
21:57 jslatts https://gist.github.com/jslatts/7327059
21:57 jslatts originally it was throwing that same error in the salt master process and i added a base: level into my single top.sls
21:58 jslatts but i'm not using any environments at all now and getting that from the minion
21:58 jslatts oh
21:58 dave_den formatting?
21:59 jslatts no, but i just had a thought that i need a base env for the states as well
21:59 jslatts i thought it was asumed
22:00 scott_w joined #salt
22:00 ctdawe joined #salt
22:01 jslatts that appears to have been it, now i'm getting more normal compile errors
22:02 dave_den haha
22:03 dave_den anything short of a traceback is an improvement i suppose
22:03 dave_den good luck. i'm out for the day.
22:03 jslatts thanks. ttyl
22:03 KyleG left #salt
22:06 jacksontj joined #salt
22:15 travisfischer joined #salt
22:26 whitepaws hi i have a minion specification question. how can i match several hosts with a regex. like -E 'ip-172-12-12-{15,30,71}*' ends up saying "minion did not return"
22:30 whitepaws hey, solved. -E 'ip-172-12-12-(15|30|71).*'
22:34 druonysus joined #salt
22:34 druonysus joined #salt
22:39 krak3n` joined #salt
22:39 scott_w joined #salt
22:39 faldridge joined #salt
22:44 bemehow joined #salt
22:45 kermit joined #salt
22:47 Teknix joined #salt
22:48 gkze joined #salt
22:51 btorch am I doing this wrong on a .sls ?
22:51 btorch {% if salt['file.exists']('/etc/swift/account.ring.gz') %}  .... {% endif %}
22:52 btorch I only want a service.running state action to happen if that exists
22:52 SEJeff_work MTecknology, I don't follow
22:52 foxx[cleeming] joined #salt
22:52 foxx[cleeming] joined #salt
22:56 shinylasers joined #salt
22:56 SEJeff_work MTecknology, loop.counter is a native jinja variable in a for loop: http://wsgiarea.pocoo.org/jinja/docs/loops.html#loop-variables
22:57 Ahlee Thoughts? Missing arguments executing "saltutil.sync_modules": ArgSpec(args=['env', 'refresh'], varargs=None, keywords=None, defaults=(None, True))
22:59 shinylasers joined #salt
23:01 bhosmer joined #salt
23:02 pears btorch: that seems like it should work, what are you seeing?
23:04 btorch pears: some render error http://goo.gl/BSdVuT
23:06 fishpen0 I am looking at the pkg module for yum and it looks like there is not currently a way to add excludes to packages.  I just want to verify this is true before I add yum.conf as a managed file
23:06 whiteinge btorch: you want `file_exists`
23:06 whiteinge http://docs.saltstack.com/ref/modules/all/salt.modules.file.html#salt.modules.file.file_exists
23:06 whiteinge btorch: 'file.file_exists'
23:07 btorch thanks
23:07 btorch I was checking stuff under http://docs.saltstack.com/ref/states/all/salt.states.file.html#module-salt.states.file
23:08 * whiteinge nods
23:09 whiteinge i would like errors messages for this sort of thing to be much more clear :-/
23:11 crane joined #salt
23:13 Ryan_Lane joined #salt
23:19 MTecknology SEJeff_work: I was trying to be funny. :(
23:20 SEJeff_work MTecknology, the actual fix was jinja version 1 uses loop.counter and jinja2 uses loop.index. /me shakes his fist at armin r
23:20 morton joined #salt
23:21 MTecknology heh.. ouch
23:21 worstadmin joined #salt
23:22 seanz whiteinge: Greetings!
23:28 MTecknology It seems like some people actively engage in trying to break servers
23:29 MTecknology I'm the server admin. I did things a specific way for a good reason. You're the app admin. It is NOT your job to fuck with the system.
23:31 MTecknology 45min to upgrade a server to debian 7, fix anything that breaks, get home, shower, and then get back across town.
23:33 NV 085214 < btorch> I only want a service.running state action to happen if that exists
23:33 NV why not use a require statement?
23:34 amckinley joined #salt
23:37 scott_w joined #salt
23:39 Ryan_Lane joined #salt
23:40 dfinn I have a minion that is saying this in the logs "The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate" but I don't see any sign of that key request on the master.  any way to make it generate a new one?
23:42 MTecknology dfinn: salt-key -L  shows nothing?
23:42 dfinn on the master right?
23:43 dfinn it shows nothing for that client
23:44 dfinn http://pastebin.com/HDKDG23i
23:45 Jahkeup joined #salt
23:45 MTecknology salt-key -l un
23:45 dfinn none listed there
23:45 dfinn 0 un, 0 rejected
23:46 dfinn dns on the client is resolving to the correct master
23:46 dfinn sorry, minion ;)
23:46 MTecknology on the minion, kill the process and run salt-minion -l debug
23:47 MTecknology make sure it's trying to reach the correct master
23:47 dfinn ok
23:47 MTecknology verify by name and ip
23:47 dfinn it's the correct IP
23:48 MTecknology I'm out of ideas then... You can delete the stuff in /etc/salt/pki/ on the minion for the master keys and look through that on the master
23:48 dfinn this is odd, what does this mean?
23:48 dfinn [DEBUG   ] Minion "ironport2.vwdl.bcinfra.net" trying to tune in
23:48 dfinn that's a different server here
23:48 MTecknology no idea..
23:49 MTecknology I need to go check on a non-responsive server... bbl
23:49 dfinn yeah, for some reason it thinks that is it's hostname
23:49 dfinn [INFO    ] Setting up the Salt Minion "ironport2.vwdl.bcinfra.net"
23:49 dfinn reverse DNS is the culprit
23:50 logix812 joined #salt
23:51 MTecknology yay!
23:56 lebe joined #salt
23:56 bhosmer joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary