Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-12-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 fllr joined #salt
00:21 zandy joined #salt
00:35 zwe joined #salt
00:35 blast_hardcheese joined #salt
00:39 fllr joined #salt
00:39 redondos joined #salt
00:39 heewa joined #salt
00:40 higgs001 joined #salt
00:55 cowyn_ joined #salt
01:01 zandy joined #salt
01:10 Ryan_Lane bleh. git-python is basically unmaintained
01:10 Ryan_Lane any chance we can move to dulwich?
01:11 Ryan_Lane I'm writing something that I'd like to keep salt compatibility with, but git-python is buggy and there hasn't been a release in two years
01:15 fatbox_ personally I think using the sh module (http://amoffat.github.io/sh/) with the git command line tools is the most productive way to work with git in python. dulwich seems to lack things like submodule support and, while I support the idea of a pure python git implementation, I think a tool like salt requires the stability of the official binaries
01:21 Loo joined #salt
01:22 Loo hey guys, seems like freebsdpkg (bunch of errors when using pkg module) not working well with pkgng-1.2.1, did anyone manage to find a workaround ?
01:24 heewa basepi: So, having an issue where minion names can be bad sometimes. Is there a spec for what a minion can be named? Like maybe a regex? I'm going to make a pull request either enforcing a nice name by rejecting a bad one, or by transforming it into a nicer one for filesystem usage (eg, key paths).
01:25 heewa For ex, can't have a / in it, cuz that's a dir separator in unix. Probably \ would be bad for cross-platform, and maybe some other stuff?
01:25 forresta heewa, he probably isn't around, or if he is it will be on his phone
01:25 heewa forresta: hey! didn't see you there
01:25 forresta was just about to get up to go get some dinner started
01:26 forresta though the name enforcement sounds like a good idea, granted I've never seen a server name with a slash in it
01:26 heewa you can slap me around on the review if you'd like to think about it later?
01:26 heewa heh, maybe I'm maybe kinda dumb when I set up my minions... maybe...
01:26 basepi heewa: yes, I don't think we do any checking on the minion name. That will be good to get in.
01:26 forresta It seems common sense to me, but some sort of enforcement of specific disallowed characters might be good.
01:26 basepi And yes,  forresta, on my phone.
01:26 basepi =)
01:26 forresta yea I figured, you put the new video card in?
01:27 basepi Yep, it's great. =D
01:27 forresta nice
01:27 basepi And so much quieter -- the fan on my old one was dying and loud.
01:27 forresta hah
01:28 basepi Anyway, I'm afk again, ping me if you need me.
01:32 zandy joined #salt
01:32 kermit joined #salt
01:35 zandy joined #salt
01:40 redondos joined #salt
01:43 xmltok joined #salt
01:45 Nexpro1 joined #salt
01:46 fandikurnia01 joined #salt
01:48 anuvrat joined #salt
01:48 scristian joined #salt
01:55 blast_hardcheese joined #salt
01:59 hellome joined #salt
02:05 smccarthy joined #salt
02:06 anuvrat joined #salt
02:07 hellome joined #salt
02:12 quanta_ joined #salt
02:18 mgw joined #salt
02:19 hellome joined #salt
02:26 AdamSewell joined #salt
02:37 mgw joined #salt
02:37 fandikurnia01 joined #salt
02:40 redondos joined #salt
02:44 mgw joined #salt
02:45 nmistry joined #salt
02:51 nmistry joined #salt
02:54 xl joined #salt
02:58 mgw joined #salt
03:09 higgs001 joined #salt
03:11 bhosmer joined #salt
03:14 favadi joined #salt
03:18 BrendanGilmore joined #salt
03:42 redondos joined #salt
03:57 Sheco joined #salt
04:08 anuvrat joined #salt
04:13 fandikurnia01 joined #salt
04:14 fllr joined #salt
04:23 Daviey joined #salt
04:33 kermit joined #salt
04:41 alunduil joined #salt
04:42 redondos joined #salt
04:43 cachedout joined #salt
04:49 mgw joined #salt
04:58 Sheco joined #salt
05:06 jeddi joined #salt
05:07 BrendanGilmore joined #salt
05:08 fllr joined #salt
05:19 UtahDave joined #salt
05:20 zandy joined #salt
05:20 cowyn_ 0.17.3 is the latest
05:21 redondos joined #salt
05:34 elfixit joined #salt
05:42 ckao joined #salt
05:53 zandy joined #salt
05:57 sandGorgon joined #salt
05:59 zandy joined #salt
06:05 quanta_ joined #salt
06:09 Destro joined #salt
06:13 Destro joined #salt
06:32 prooty joined #salt
06:33 prooty hi. is there a way to put grains in the mine?
06:34 malinoff prooty, Yes. Just use `grains.get somewhat` in mine
06:35 prooty nice, thanks malinoff.
06:41 Daviey joined #salt
06:45 zach_ joined #salt
06:53 xl joined #salt
06:56 favadi joined #salt
07:03 quanta_ joined #salt
07:04 sandGorgon joined #salt
07:10 sandGorgon joined #salt
07:12 quenode joined #salt
07:16 quenode Hi I work small company maintaining remote locations with our Linux systems. I heard/read that salt stack is not very secure using minions is there any alternative/recommendation how enable more security using saltstack?
07:16 quanta_ left #salt
07:16 _ikke_ quenode: How do you define secure?
07:17 rockey you mean remote site infrastructure?
07:17 rockey solution there might be ipsec tunnel or similar solution for remote sites
07:17 quenode _ikke_: encryption / ssh has decent security ?
07:18 quenode rockey: well that would be overhead for us to much vpn tunnels
07:18 rockey i would say that ssh is enough encryption tbh
07:18 _ikke_ quenode: salt uses encryption..
07:18 rockey but as ikke says, salt uses encryption
07:19 _ikke_ That's why I ask how you define secure
07:19 apergos left #salt
07:20 _ikke_ "use a secure and encrypted protocol"
07:20 _ikke_ "Salt uses public keys for authentication with the master daemon, then uses faster AES encryption for payload communication; authentication and encryption are integral to Salt."
07:20 MrTango joined #salt
07:22 quenode _ikke_: Yes I heard the saltstack uses own cryptosystem also there couple of post about problems with it. But I think this is more bias. ex. http://www.cryptofails.com/2013/07/saltstack-rsa-e-d-1.html
07:26 quenode _ikke_: So AES is decent security for me. But what is wondering me is broken people saying that saltstack has broken cryptosystem ? http://www.nycbug.org/pipermail/talk/2013-July/015107.html
07:26 matanya joined #salt
07:27 quenode _ikke_: I don't say this true but would like an comment about this. Thank you
07:28 _ikke_ quenode: I'm not a developer, and myself quite new to Salt too, so I can't help you with specifics
07:29 UtahDave quenode: That security issue has been fixed.
07:30 quenode UtahDave: I tough so :)  It really brave to have own cryptosystem but I think this good decision.
07:31 quenode s/tough/thought/g
07:32 UtahDave We take security very seriously.  When that issue was discovered we had it fixed in just a couple of days.
07:32 apergos joined #salt
07:33 MohShami joined #salt
07:33 sandGorgon joined #salt
07:34 MohShami hey guys, I'm migrating my anti-spam gateways to salt, love it, but I'd like to not repeat the same information in multiple files, is there a way to have a list of domains in a text file, one domain per line, and have salt read that?
07:34 _ikke_ MohShami: pillars
07:34 _ikke_ ?
07:35 MohShami ikke: I'm still not clear on pillars, so I just add those domains as properties of the servers, and then load them with jinja?
07:36 _ikke_ Pillars is just arbirtrary data that you can assign to a host or a group of hosts
07:36 _ikke_ Or even every host
07:37 MohShami I see, I can't believe I didn't think of this, thanks a million mate :)
07:38 MohShami can you point me to an example of variables?
07:39 UtahDave MohShami: assuming you've set up your domains as a list in your pillar:
07:40 UtahDave {{ salt['pillar.get']('domains') }}
07:40 gammalget joined #salt
07:40 MohShami thanks UtahDave, that's the thing, it might be I'm getting stupid, but I can't figure our how to save that list :$
07:41 UtahDave MohShami: sure, just a sec
07:41 MohShami thanks mate
07:42 UtahDave http://pastebin.com/yYx7df0x
07:44 MohShami checking, thanks mate
07:44 rockey magical yaml, looking good
07:45 sandGorgon joined #salt
07:46 MohShami UtahDave: Thanks a million mate, got it
07:47 UtahDave you're welcome, MohShami!
07:58 MohShami is there a way to remove any trailing new lines from configuration files generated with jinja?
07:58 malinoff MohShami, use {%- and -%}
07:59 MohShami malinoff: I did, doesn't do the trick
07:59 malinoff MohShami, it should
07:59 malinoff Can you pastebin you state file?
07:59 MohShami let me show you
07:59 MohShami was about to put it :)
07:59 junedm joined #salt
07:59 MohShami http://pastebin.com/hxpDJH4u
08:00 MohShami this generates a new line at the end
08:02 malinoff MohShami, try to use {%- endfor %}
08:02 malinoff http://jinja.pocoo.org/docs/templates/#whitespace-control
08:03 Ryan_Lane joined #salt
08:03 MohShami already have, this makes all entries in the file appear on a single line
08:03 MohShami @domain1.com                   OK@domain2.com                OK
08:10 junedm left #salt
08:11 harobed_ joined #salt
08:13 fllr joined #salt
08:14 Ryan_Lane joined #salt
08:16 malinoff MohShami, I'm not sure, is this a jinja issue, but I found this: https://github.com/saltstack/salt/pull/2773
08:16 juasiepo joined #salt
08:16 MohShami checking
08:17 MohShami so it can't be done?
08:17 malinoff MohShami, I don't know exactly, but it looks like it can't
08:17 malinoff You should ask basepi or UtahDave
08:18 giantlock_ joined #salt
08:18 MohShami thanks mate :)
08:19 malinoff No problem :)
08:28 favadi_ joined #salt
08:29 sandGorgon joined #salt
08:30 malinoff UtahDave, are you here?
08:31 sandGorgon joined #salt
08:32 Katafalkas joined #salt
08:35 bhosmer joined #salt
08:37 mikkn Anyone knows how to access grain data from other grains? For instance, I want to make a grain that uses total available memory to calculate a value and I don't want to copy/paste the memory data method... and it is private, so question is if there is a magic grain variable available in the global scope in grains?
08:39 malinoff mikkn, I'm not sure what are you talking about, since 'grains' is a simple key-value storage...
08:45 blast_hardcheese joined #salt
08:47 mikkn You can write custom python scripts to generate grains in the _grains folder, if you look at the source under salt/grains/core.py, there's a bunch of them already. :)
08:50 malinoff Sooooo? After a generation, it is a simple key-value storage, isn't it?
08:51 malinoff What do you mean by saying 'to access grain data from other grains`?
08:53 mikkn Yeah, it is. I want to access that key-value storage from my own custom grain, but I don't know the variable name I should do that through in the python module.
08:54 mikkn malinoff: As I mentioned, I want the total amount of system memory and I want to do some math on it for my custom grain. Something that would be rather complicated to do in a jinja-template. :)
08:55 sandGorgon joined #salt
09:00 mikkn malinoff: Ah, seems to be __grains__ from within modules at least. I'll give that a try. :)
09:00 sandGorgon joined #salt
09:01 malinoff Understood. I think, you're penny-wise and pound-foolish. Salt communicates via the network and it uses mr slow pyyaml
09:02 malinoff Can you write your grain as simple as possible?
09:02 mikkn malinoff: Not sure I'm following...
09:06 agh joined #salt
09:06 agh hello
09:06 agh is there a way to override pillars with Salt ?
09:06 mikkn malinoff: Afaik grains are generated on the minion itself so there would be no network communication except copying the grain script to the minion?
09:06 agh for instance, in my pillar/top.sls i want to do so :
09:06 agh 'dc1-*': env.dc1
09:07 agh 'dc1-test-*': env.test
09:07 malinoff mikkn, yes, you're right
09:07 agh with in both env/dc1.sls and env/test.sls the same variable, for instance : "server: 127.0.0.1"
09:07 mikkn agh: https://github.com/saltstack/salt/issues/3991
09:09 slav0nic joined #salt
09:10 carlos joined #salt
09:13 fllr joined #salt
09:15 agh mikkn: so, for the moment, it's not possible yet, that's it ?
09:18 balboah joined #salt
09:22 juasiepo joined #salt
09:26 higgs001 joined #salt
09:37 favadi_ joined #salt
09:39 mikkn agh: at the bottom, there is a proposed workaround
09:39 mikkn agh: I have never tried it myself, but it seems fairly easy
09:40 mikkn The discussion in the issue mentions more than one workaround, actually. It depends on what you want, really. The primary thing is that the behaviour right now is that it's the latest included value for 'server:' that will be valid. If you're including different env. files like you are, it should be fine
09:43 londo_ joined #salt
09:50 networkpadawan joined #salt
09:54 agh mikkn: here is what i want to do exactly
09:54 agh in top.sls :
09:54 agh 'dc1-*':
09:54 agh - default
09:54 agh 'dc1-test-*':
09:54 agh - test
09:54 agh cat default.sls
09:54 agh server: 127.0.0.1
09:55 agh cat test.sls
09:55 agh server: 8.8.8.8
09:56 agh if I do that, dc1-test-1 minion will have "sever: 127.0.0.1" value.Which is not what i wan :/
09:56 NV use a compound match
09:57 NV 'L@dc1-* and not L@dc1-test-*':\n  - match: compound
09:57 NV for the default one
09:57 NV http://docs.saltstack.com/topics/targeting/compound.html
09:59 robinsmidsrod joined #salt
10:00 robinsmidsrod joined #salt
10:01 dvogt_ joined #salt
10:01 agh NV: yes, it's what i've done... as a workaround
10:01 agh thanks
10:04 steveoliver joined #salt
10:05 bhosmer joined #salt
10:06 jasonrm joined #salt
10:07 mikkn agh: Ah, I missed that the first one matched. From what I understand, it should be working if the include statements are listed in the "correct" order, that is, the default one is before test, but it seems to be something not really supported right now so they can probably not guarantee the behaviour...
10:08 agh mikkn: no. I've tested to change the order, it does not work :( I think that it last take the most "global" target ("dc1-*" after "dc1-test-*")
10:09 abele joined #salt
10:10 cyrusdavid joined #salt
10:10 rjc joined #salt
10:12 anitak joined #salt
10:13 jschairb joined #salt
10:13 fllr joined #salt
10:15 twinshadow joined #salt
10:17 mhayden joined #salt
10:20 crazysim joined #salt
10:20 jasonrm joined #salt
10:21 monokrome joined #salt
10:23 bretep joined #salt
10:31 ntt_ joined #salt
10:32 pengunix joined #salt
10:32 ntt_ Hi. I'm using this -> http://docs.saltstack.com/ref/states/all/salt.states.network.html  for network configuration on a minion. How can i manage the case where i have many minions. Should i create more sls files with different network ip address (for minion) ?
10:35 safdsa joined #salt
10:45 sroegner joined #salt
10:53 MZAWeb joined #salt
10:53 harobed joined #salt
10:56 ncjohnsto joined #salt
10:59 gammalget joined #salt
11:13 fllr joined #salt
11:19 joehh1 ntt_: can you use jinja templates?
11:19 ntt_ i don0t know jinja.....
11:20 joehh1 http://docs.saltstack.com/topics/tutorials/starting_states.html#getting-to-know-the-default-yaml-jinja
11:20 ntt_ ok. can i use hostname as argument in the if statement?
11:21 joehh1 yes
11:21 ntt_ i'm searching for a "canonical" way
11:21 joehh1 a little while back, I had a number in the hostname ie minion-67 and split on the - to use 67 as the final partt of the ip address
11:22 joehh1 I believe it could be done in jinja, but I used mako templates
11:23 ntt_ But can i use jinja or make in .sls files ? What i should to install?
11:23 ntt_ mako*
11:24 joehh1 you'll need to have the relevant package installed for your os
11:25 joehh1 python-mako in the case of debian/ubuntu
11:25 joehh1 I'm just trying to track down my old example
11:25 ntt_ just on the master node?
11:26 davidone joined #salt
11:26 joehh1 no, it will be needed on the minions
11:26 ntt_ ok. So i should do a "general" package installation on all nodes and after i'm setting network ip per node.
11:27 joehh1 yes
11:28 ntt_ (at the beginning i have a minion with internet access with a dedicated - not salt configured - interface)
11:28 ntt_ ok. i'm trying it. Thank You.
11:28 joehh1 that was how I used to work - then I would get salt to configure based on hostname
11:32 bhosmer joined #salt
11:32 ntt_ joehn1: I have a /srv/salt/minion1 folder with a file named network.sls
11:32 ntt_ but when i launch sudo salt 'saltminion.convergenze.it' state.sls minion1 i have an error: "No matching sls found for 'minion1' in env 'base'"
11:33 ntt_ what happens?
11:34 joehh1 the minion1 file should be called minion1.sls
11:34 ntt_ i dont have a minion1 file. I have /srv/salt/minion1/network.sls
11:35 joehh1 ok - you shuold then do ... state.sls minion1.network
11:35 ntt_ i'd like to launch all *.sls in the minion1 folder
11:35 ntt_ state.sls minion1.* ????
11:36 joehh1 could be another way, but I would make a init.sls file
11:36 joehh1 and have it include the other files
11:36 joehh1 http://docs.saltstack.com/ref/states/include.html
11:44 nicksloan joined #salt
11:50 alunduil joined #salt
11:52 blee joined #salt
11:58 ntt_ joehh1: grains['id'] has the same value of the hostname on the node?
12:04 sroegner joined #salt
12:10 nicksloan left #salt
12:12 jeddi ntt_: technically the 'id' field, which defaults to the hostname, yeah.
12:12 jeddi you can configure the minion to have a different id if you prefer.   you can see what it is by showing the list of grains for a given host.
12:13 ntt_ thank You jeddi
12:13 jeddi salt minionname grains.items
12:13 ntt_ yes
12:13 fllr joined #salt
12:14 krak3n` joined #salt
12:14 ntt_ i have another question: I'd like to install  a software on many minions. This is easy with saltstack, but this software needs a config file. The config file is the same on all minions except for some per-minion lines. How can i set this lines with saltstack?
12:15 _fllr_ joined #salt
12:19 mike251 joined #salt
12:19 * mike251 hi from Frankfurt
12:21 y0j joined #salt
12:34 agh joined #salt
12:35 giantlock_ joined #salt
12:48 ipmb joined #salt
12:51 slav0nic joined #salt
12:53 whiskybar joined #salt
12:54 aleszoulek joined #salt
12:59 mike251 hey guys ... have you used ORDER so far?
12:59 mike251 http://docs.saltstack.com/ref/states/ordering.html?
13:07 JulianGindi joined #salt
13:11 cowyn__ joined #salt
13:12 Sheco joined #salt
13:12 cowyn__ joined #salt
13:13 sroegner joined #salt
13:13 fllr joined #salt
13:17 bhosmer joined #salt
13:21 Rojematic joined #salt
13:22 sinh_ joined #salt
13:22 eculver_ joined #salt
13:23 vipuls joined #salt
13:23 prooty1 joined #salt
13:23 che-arne joined #salt
13:23 nocturn00 joined #salt
13:27 Chrisje joined #salt
13:31 dlloyd left #salt
13:39 slav0nic joined #salt
13:41 brianhicks joined #salt
13:42 jslatts joined #salt
13:46 unxmaal joined #salt
13:47 zandy joined #salt
13:59 alunduil joined #salt
13:59 BrendanGilmore joined #salt
14:00 zandy joined #salt
14:02 slav0nic joined #salt
14:03 jrdx joined #salt
14:06 smccarthy joined #salt
14:07 Gifflen joined #salt
14:07 bhosmer joined #salt
14:08 juicer2 joined #salt
14:10 Iwirada joined #salt
14:13 fllr joined #salt
14:17 JasonSwindle joined #salt
14:18 bhosmer joined #salt
14:21 fllr joined #salt
14:23 moos3 joined #salt
14:23 _fllr_ joined #salt
14:24 ccase joined #salt
14:26 juicer2 joined #salt
14:33 elfixit joined #salt
14:34 prooty1 is there something like a global salt variable that all minions can access and update? i was thinking of using something like it to setup mysql replication, because it needs a unique numeric server id.
14:36 pdayton joined #salt
14:43 quickdry21 joined #salt
14:44 mattmtl joined #salt
14:44 bhosmer_ joined #salt
14:46 Brew joined #salt
14:48 unxmaal hi all. i'm using salt-cloud 0.8.11. trying to set it up. when i run 'salt-cloud -m mapfile' it complains about my cloud.profile.conf, saying "mapping values are not allowed here"
14:51 th3reverend joined #salt
14:52 quickdry21_ joined #salt
14:52 slav0nic joined #salt
14:53 tqrst joined #salt
14:53 snuffeluffegus joined #salt
14:53 th3reverend left #salt
14:54 vejdmn joined #salt
14:56 toastedpenguin joined #salt
14:57 tqrst I'm seeing very slow response times to all commands on a new test setup. "salt machine1 test.ping" takes 700ms to return, and "salt '*' test.ping" takes 10 seconds despite there being only 3 machines in there for now. Same for cmd.run. There isn't anything in the salt logs. Any ideas why this is so slow? This is 0.17.2 on centos.
14:58 mike251 tqrst: i have centos 6.4 with 0.17.1 ... but it works ok
14:58 mike251 what about normal ping? ... how is that?
14:58 mike251 ping saltmachine1 what time returns?
14:59 tqrst < 0.2ms
14:59 cortrigl they on the same switch?  their DNS resolution working properly?
14:59 tqrst same switch, dns is fine
14:59 lemao joined #salt
15:00 mike251 hmm... i haven't updated yet to 0.17.2
15:00 mike251 not sure.... but i suppose that has nothing to do with it.
15:00 donatello joined #salt
15:00 jean-phi1ippe joined #salt
15:01 pass_by_value joined #salt
15:03 tqrst strace isn't very informative either
15:03 \ask joined #salt
15:03 jkyle joined #salt
15:04 rgbkrk joined #salt
15:04 opapo joined #salt
15:04 copelco_ joined #salt
15:05 cortrigl yeah, I'm running 17.2 on CentOS 6.5 without issue so I'm guessing the salt version's not at issue
15:05 indymike joined #salt
15:05 mike251 salt version should not be... otherwise ..this page will be full with remarks like that :)
15:06 cortrigl true enough
15:06 tqrst running salt-minion with log-level=debug shows that the minion returns instantly
15:06 cortrigl so *each* minion takes 700ms to respond to a directed ping?
15:06 mike251 i do think .. the master... is dodgy ...
15:07 tqrst each takes 700ms, aggregate of 3 takes 10s...
15:07 bhosmer_ joined #salt
15:07 tqrst wait, there's something else on the minion
15:07 Guest3737 joined #salt
15:07 carnedepassaro joined #salt
15:07 drogoh joined #salt
15:07 godber joined #salt
15:07 jpaetzel joined #salt
15:07 codysoyland joined #salt
15:07 brutasse joined #salt
15:07 _FL1SK joined #salt
15:07 NV joined #salt
15:07 mirko joined #salt
15:07 tqrst http://pastie.org/private/u9ivriippsux0sz9wir2g
15:08 shennyg_ joined #salt
15:09 chitown joined #salt
15:09 donatello has anyone tried using gevent and salt?
15:09 carnedepassaro joined #salt
15:10 davidfischer joined #salt
15:10 AdamSewell joined #salt
15:10 AdamSewell joined #salt
15:10 mike251 donatello: i have no idea what gevent is :) but you made me curious
15:12 donatello mike251: :) gevent is pretty cool to make blocking calls asynchronous. i am also new to it.
15:12 donatello wondering if there are any monkey-patching gotchas specific to salt
15:12 bhosmer joined #salt
15:14 mike251 donatello: let us know if you find anything weird
15:14 donatello cool
15:15 rlarkin joined #salt
15:16 cortrigl tqrst: that's odd, I get the first part of your log output in my debug log but nothing that resembles the part that comes "a few seconds later"  not sure what that is
15:16 tqrst now that I've added 40 more minions, '*' test.ping takes 700ms and '*' cmd.run hostname takes 1s. hrm.
15:17 cortrigl wow, ok - strange
15:18 tqrst vaguely amusing
15:19 mike251 :)
15:19 EugeneKay Methinks you're seeing a slow minion. Calls to salr wait until all minions have returned or a timeout.
15:20 EugeneKay Minions might still finish post timeout
15:20 tqrst EugeneKay: but it was the same slowness on every single minion
15:21 EugeneKay Network?
15:21 tqrst gigabit, same rack
15:22 EugeneKay Fun. Try beer
15:22 tqrst s/was/is (salt $foo test.ping still takes 700ms, although the aggregate is now 1-1.5s instead of 10)
15:22 tqrst gluten intolerant, guess I'll go for cider
15:23 kaptk2 joined #salt
15:23 tqrst on the bright side, I'll only be using cmd.run for aggregate runs so it doesn't really matter. Still curious, though.
15:24 fandikurnia01 joined #salt
15:25 baffle What would be the best way to build a ssh known_hosts file on a server based on the host keys of other servers? Salt Mine? Custom grains? Anyone have any states that does this?
15:27 teskew joined #salt
15:30 fishpen0 joined #salt
15:31 forresta joined #salt
15:35 dccc joined #salt
15:35 tyler-baker joined #salt
15:38 brad_ joined #salt
15:39 bradnow I am having a strange error where, when I use saltstack to instll mysql it breaks mysql http://pastebin.com/DTWtHSCt
15:39 Marion__ joined #salt
15:40 forresta bradnow, what does your state look like?
15:40 bradnow you mean the mysql-server.sls file?
15:40 forresta and if you grep for mysql in /etc/group (depending on distro), do you see a group called mysql:mysql?
15:41 jergerber joined #salt
15:41 forresta seems like the user is messed up
15:41 forresta bradnow, yea the mysql server state
15:41 bradnow nope, it does not make it for some reason when I use saltstack to do the install, but it works when I do it from hand doing a yum install mysql-server
15:42 bradnow http://pastebin.com/DTWtHSCt  < it is pretty short, I took a bunch of the other stuff out that to try and eliminate any other issues
15:43 forresta oh that's your whole state? Hmm
15:43 bradnow it is a fresh install of centos 6.5 that I have been testing on
15:44 bradnow forresta: yes I took the other stuff out to try and narrow down the issue
15:46 forresta bradnow, does the mysql user get created properly when you run through with Salt?
15:46 forresta and are the associated files owned by the correct user. I'm just comparing what you have against https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/server.sls to see if I'm missing something
15:46 bradnow nope, I tried copying it over but there are still other issues
15:46 forresta so the user isn't even created?
15:46 forresta Hmm, selinux issue like in the mysql state I linked perhaps?
15:47 bradnow no user is created either
15:47 unxmaal hi all. i'm using salt-cloud 0.8.11. trying to set it up. when i run 'salt-cloud -m mapfile' it complains about my cloud.profile.conf, saying "mapping values are not allowed here"
15:48 bradnow I will try try that out on another vm, please bare with my like 30 min on another vm
15:48 Ryan_Lane joined #salt
15:48 forresta bradnow, ok, can you also try disabling selinux?
15:48 unxmaal the answer to my own question: you left off ':' at the top of the profile definition.
15:49 bradnow forresta: so are you saying disable selinux, then run my mysql-server.sls file to check to see if that is the issue
15:49 forresta after removing the mysql-server package on the minion, correct.
15:54 renoirb is there a way to make sure the host.present state to have names: in always the same order?
15:56 mike251 you can use the order statement
15:56 JasonSwindle or set your require's correctly
15:57 bradnow forresta: so it appears that it is a selinux issue, on a fresh install vm I turned off the selinux, and ran the same mysql-server.sls file and it installed properly
15:57 forresta ok cool, you might want to steal some of the code from that state file I linked from the formulas repo above then to add to your state.
15:58 bradnow forresta: the big problem is that if you install it with out knowing about the selinux issue it breaks mysql and makes it really hard to fix becuase simply rum remove mysql-server and  yum install mysql-server doees not fix it
15:59 bradnow I had been going nuts for a couple of days because a cloud vm everything would work find but then my vm on my how server would not work!
15:59 forresta bradnow, yea. That might be worth opening a discussion topic on the mailing list about, I don't know why it would specifically happen with mysql-server though..
15:59 forresta bradnow, yea I hate those kinds of problems
16:00 mike251 i really hate the selinux crap :)
16:00 bradnow I am going to check now, but that is really shitty that the cloud vm provider turns off selinux
16:00 forresta mike251, I think everyone does.
16:00 forresta bradnow, Yea I wouldn't be surprised if they did, or if they had some sort of very specific permissive style setup.
16:00 bradnow you might hate selnux but I am sure it helps secure linux like a good os should be
16:00 forresta Keep your logic out of this bradnow!
16:01 forresta Let us hate on selinux in peace :P
16:01 bradnow I am spinnning a vm up now, I will report back shortly
16:01 forresta sounds good
16:01 mike251 haha forresta yeah... let's hate selinux in silence
16:01 nmistry joined #salt
16:03 mgw joined #salt
16:04 jaustinpage joined #salt
16:04 seanz joined #salt
16:09 kuznetsovrv joined #salt
16:10 bradnow it appears that my cloud vm provider disables selinux by default   "SELinux status:                 disabled"
16:13 forresta awesome
16:15 mike251 in top.sls PILLAR file ... can use this:    'role:pillartest':
16:15 mike251 - match: pillar
16:15 mike251 - minions.pillartest
16:15 mike251 i want to add pillar data to a group of minions based on the existance of a pillar already
16:18 mike251 or... to include a pillar inside another pillar?
16:20 forresta mike251, I haven't messed with adding pillar data based on the existence of another pillar, but you should be able to create groups of pillars, sort of like I've done here: https://github.com/gravyboat/hungryadmin-sls/tree/master/pillar
16:20 forresta granted that example is pretty simple
16:21 mike251 yeah i see what you mean
16:21 mike251 i was curious if i can include a pillar based on annother pillar :)
16:22 whiteinge forresta, bradnow: the selinux thing is a pita
16:22 mike251 pita?
16:22 forresta pain in the ass
16:22 JasonSwindle Pain in the Butt
16:22 mike251 aaaa RIGHT ... agree
16:22 JasonSwindle or a tasty bread
16:22 forresta though I could go for some pita
16:22 bradnow double edge sword
16:22 whiteinge we added a FAQ entry for it but that's not enough imo
16:22 forresta mike251, you eating a lot of doner kebabs?
16:22 whiteinge http://docs.saltstack.com/faq.html#i-m-seeing-weird-behavior-including-but-not-limited-to-packages-not-installing-their-users-properly
16:22 JasonSwindle Or the male lead from Hunger Games.
16:22 mike251 forresta:  YEAH!
16:23 cowyn_ joined #salt
16:23 whiteinge i know crap about selinux but i gather there's an "official" way to fix this by writing an selinux policy for salt
16:23 mike251 forresta:  donner is good :) especially here in Germany .. there are a lot of turkish that prepare kebabs
16:23 forresta whiteinge, yes, an selinux policy would probably solve it
16:23 forresta mike251, yea I ate a ton of doner kebabs when I went, cheap and delicious food
16:24 forresta they suck in the US compared to over there
16:24 whiteinge https://github.com/saltstack/salt/issues/1392
16:24 forresta I think I actually remember seeing this a few months ago now that I'm reading it whiteinge
16:25 whiteinge ~2 years ago, sheesh
16:25 forresta was there ever an update from dan walsh?
16:25 faldridge joined #salt
16:25 forresta 2 years? That's like 30 seconds in redhat time.
16:25 whiteinge hahaha
16:26 whiteinge not sure if we reached out to him. i'll ask around
16:26 forresta oh that reminds me whiteinge, if you have time today can you add me to the saltstack-formulas group on github?
16:26 anuvrat joined #salt
16:26 whiteinge can do
16:26 forresta thanks
16:29 bhosmer joined #salt
16:31 whiteinge forresta: done
16:31 forresta awesome thanks!
16:31 viq WTF? CentOS as minion, "salt minion pkg.install java-1.7.0-openjdk" works while in a state referencing pkg: java-1.7.0-openjdk yum complains that it can't find it...
16:33 jaustinpage joined #salt
16:34 mike251 guys have you used include with pillars ?
16:35 viq mike251: tried, it's tricky
16:35 vejdmn joined #salt
16:35 forresta viq, what release are you on?
16:35 mike251 viq:  pfff... if i use only the include: newPillar .. it works
16:36 mike251 viq:  BUT if i want to add the option to nest the included pillar into an existing KEY... it is not working
16:36 viq forresta: all is latest, centos 6.5, salt half an hour ago updated to 0.17.2
16:36 forresta viq, yea that's because of this then: https://github.com/saltstack/salt/issues/8614
16:36 forresta we found that a couple weeks ago :\
16:36 viq graah
16:36 forresta yea
16:36 mike251 :)
16:37 forresta granted, whoever is putting versions inside of a package name deserves to be slapped around, but what are you gonna do
16:37 viq hm, so if I added architecture it would work?
16:37 forresta yea just apply the fix manually
16:38 viq or that. Just pondering if specifying the package name as java-1.7.0-openjdk.x86_64 would make it work
16:38 forresta looks like there was some extra work done, so it might just be worth overwriting the file depending on when the last commit was pushed.
16:38 forresta I don't believe it does
16:38 viq ok
16:38 jaustinpage joined #salt
16:39 forresta I don't remember if we tried it though, so it might be worth a shot. I'm pretty sure it splits on the first decimal
16:40 mike251 can anyone take a look? ...  http://pastebin.com/yR4xZZDN
16:40 viq forresta: yeah, didn't work
16:40 forresta bummer
16:41 benno joined #salt
16:42 benno left #salt
16:44 viq forresta: replaced the file and it worked
16:44 hunternet93 joined #salt
16:45 forresta viq, awesome. That should be in the 0.17.3 release.
16:46 jaustinpage joined #salt
16:46 jaustinpage joined #salt
16:47 viq How do I tell salt that a file should be a concatenation of multiple source files?
16:47 jaustinpage joined #salt
16:47 mike251 viq:  i was looking into that as well
16:48 amahon joined #salt
16:48 troyready joined #salt
16:48 mike251 and the only thing i came up with is to .. put everything in one file, but use multiple jinja files...
16:48 mike251 to define ... variables
16:48 jacksontj joined #salt
16:51 ollins joined #salt
16:52 pipps_ joined #salt
16:53 networkpadawan joined #salt
16:55 bitz joined #salt
16:56 dustyfresh joined #salt
16:58 tyler-baker joined #salt
16:58 tyler-baker joined #salt
16:58 heewa left #salt
16:58 bemehow joined #salt
16:59 mgw joined #salt
17:03 bemehow_ joined #salt
17:03 MrTango joined #salt
17:03 bemehow__ joined #salt
17:06 xinkeT joined #salt
17:07 nebuchadnezzar hello
17:08 nebuchadnezzar I'm wondering if someone has shared some kind of “big config” to new commers like me to see what could be done, and most importantly how
17:10 bhosmer joined #salt
17:11 davet joined #salt
17:11 xmltok joined #salt
17:12 forresta nebuchadnezzar, check out https://github.com/terminalmage/djangocon2013-sls
17:12 forresta If you wanna look at something more complex take a look at https://github.com/jesusaurus/hpcs-salt-state
17:14 bhosmer_ joined #salt
17:15 zandy joined #salt
17:15 nebuchadnezzar thanks a lot
17:16 forresta np
17:18 druonysus joined #salt
17:18 druonysus joined #salt
17:18 nebuchadnezzar as starting, I would like to configure my DNS and wonder what to store in pillar and how for my DNS minion to configure the zone for which he's master
17:24 avienu joined #salt
17:25 Nazca__ joined #salt
17:26 kermit joined #salt
17:26 shinylasers joined #salt
17:27 redondos joined #salt
17:33 jankowiak joined #salt
17:37 seanz joined #salt
17:39 fridder joined #salt
17:40 jesusaurus im assuming by dns, you mean bind
17:40 * Gareth waves
17:41 jesusaurus i would start by looking too see if anybody has already written a formula for bind. that probably wouldnt be an easy first formula to write.
17:42 JulianGindi joined #salt
17:42 redbeard2 joined #salt
17:42 redbeard2 left #salt
17:42 forresta https://github.com/saltstack-formulas/bind-formula
17:42 frosty996 joined #salt
17:42 forresta it's a bit old, but it has support for map.jinja stuff
17:42 forresta granted this is a pretty basic bind config
17:43 jesusaurus i wonder if it's actively used
17:43 jesusaurus but either way its better than starting from scratch
17:43 danielbachhuber joined #salt
17:43 forresta jesusaurus, yea I have no idea
17:45 KyleG joined #salt
17:45 KyleG joined #salt
17:45 jcsp joined #salt
17:48 nebuchadnezzar jesusaurus: yes, I mean a master DNS server ;-)
17:48 nebuchadnezzar I saw the bind formula, but it does not populate the zone files
17:48 jesusaurus well, there's more than just bind... just not much more
17:49 lineman60 joined #salt
17:49 smccarthy joined #salt
17:50 jesusaurus nebuchadnezzar: ive never tried to use the formula, but please make it better :)
17:50 nebuchadnezzar jesusaurus: I'll try
17:51 nebuchadnezzar I thought about telling my bind minion that he is the master for zone1 and zone2 and the slave of zone3, then it should gather all hosts in zone1 and zone2 to configure A records
17:52 jesusaurus the way i usually write a formula is actually to start with the pillar: design the pillar in a way that makes sense then have the formula templates translate the pillar into the actual config file
17:53 nebuchadnezzar that's where my brain starts to burn ;-)
17:53 JasonSwindle Hmm, that is one way to do it.  I sadly just use my pillar as a key:value private data system.
17:54 jesusaurus JasonSwindle: its that too, but yaml is pretty powerful so you might as well design a smart data-structure :)
17:54 JordanRinke morning
17:55 JasonSwindle jesusaurus: I agree.  When I started Salt, I was a total N00b to Python / YAML / JINJA2
17:55 JasonSwindle I feel I understand it, but not at the Neon-Matrix level.
17:55 nebuchadnezzar I'm not familiar with pillar, I wonder how to organize it for some kind of hierachical structure, I have a global zone where I define some data like DNS recursors, I would like sub-zones to use them by default but if a recursor is define for that sub-zone, it must supeseed the top ones
17:56 renoirb Is there a way to make a service restart/reload when an other service has been restarted?
17:56 druonysuse joined #salt
17:56 nebuchadnezzar if I understand that, most of my questions will be solved
17:56 jesusaurus renoirb: yeah, but using a watch statement
17:56 nebuchadnezzar time to start my water-colling system
17:57 nebuchadnezzar s/water/beer/
17:57 JasonSwindle JordanRinke:  Howdy
17:57 renoirb jesusaurus: yes, that's what I think. If I have two service that are service.running
17:57 renoirb I guess I could do a watch_in: service: otherservice right?
17:57 jesusaurus nebuchadnezzar: im not familiar with bind configs, but that seems like a somewhat common pattern for any form of templating
17:58 jesusaurus renoirb: if you put a watch on serviceB in serviceA, then serviceA will restart if serviceB restarts
17:58 cachedout joined #salt
17:58 nebuchadnezzar jesusaurus: probably, looping on every name/IP under a domain to fill a text file
17:59 unxmaal has anyone been able to use salt to provision into vmware esxi?
17:59 jacksontj joined #salt
17:59 vejdmn joined #salt
18:00 * nebuchadnezzar receives a SIGBEER: exit
18:00 jesusaurus nebuchadnezzar: i would probably use a dict of names to IPs then loop over them in the template with iteritems()
18:00 Voziv I have a package that relies on my nginx sls. How can I get nginx to restart when an update occurs to a file within my package? (Without modifying the nginx package since my package may or may not be installed on a server)
18:00 renoirb jesusaurus: If I have a file.managed on ServiceB configuration file, and a watch_in: service: ServiceB....  and in serviceA: watch: ServiceB
18:00 forresta unxmaal, via salt-cloud or something you mean? I spoke with the Salt team about this, and apparently there is vmware support, but it's not publicly available yet.
18:00 renoirb Am I confusing things aroung jesusaurus ?
18:01 renoirb In other words, I have nginx and php-fpm. If I change or add a file in a sites-enabled. I want to restart both nginx and php-fpm
18:01 forresta unxmaal, we were evaluating the enterprise version, and they said I could use it if I wanted to for testing purposes, but I'm not sure if that's just because it isn't super stable yet or what.
18:01 jesusaurus nebuchadnezzar: are you in UTC?
18:01 unxmaal forresta: yeah, i'd like to be able to provision vms in esxi.
18:01 * jesusaurus is just starting his day
18:01 nebuchadnezzar jesusaurus: +1
18:01 unxmaal forresta: does that imply it requires the enterprise version?
18:01 zandy joined #salt
18:01 forresta unxmaal, yea I don't know what's up with it for the open source version right now, might be worth opening a topci on the mailing list.
18:02 nebuchadnezzar Dijon, France :-D
18:02 forresta unxmaal, really I don't know. It doesn't seem like that was how it was implied
18:02 forresta but I'm not sure, Salt has everything else out there, so I don't see why this wouldn't be.
18:02 unxmaal right :D
18:02 forresta maybe it has something to do with vmware *shrug*
18:02 JasonSwindle renoirb: here is an example from my sls
18:02 JasonSwindle service.running:
18:02 JasonSwindle - name: uwsgi
18:02 JasonSwindle - watch:
18:02 JasonSwindle - git: app_install
18:02 unxmaal did you get it working?
18:03 forresta unxmaal, no, we never pursued interest past that, we're a RHEL shop and those bastards are going with Puppet for satellite 6, so I'm most likely stuck with that.
18:03 JasonSwindle So if there is an update from GIT, uWSGI is bounced
18:03 unxmaal i'm still using puppet for parameterization. just looking at salt for the 'deploy the vm' bit
18:04 renoirb So, JasonSwindle, when the app_install git state is ran, service.running is .... not refreshed, nor reloaded
18:04 renoirb ... but ensured to be running
18:04 unxmaal i would rather not rewrite deploy.sh code every time the openstack guys decide to revamp their api, or vmware increments a version
18:04 renoirb ... unless I mix default refresh and reload value in service.running state defn
18:05 forresta unxmaal, yea I don't blame you. I'd either start something on the mailing list, or you could always call up the sales team and ask them for it.
18:06 lineman60__ joined #salt
18:09 colbyo joined #salt
18:12 eculver joined #salt
18:13 jalbretsen joined #salt
18:13 pipps_ joined #salt
18:20 scoates is it absolutely necessary to give my minions an `id` in the minion config? I assumed (according to the docs?) it would use the hostname if not provided. If I comment it out in my test config, I get this in my Virtualbox/Vagrant VM: https://dl.dropboxusercontent.com/1/view/jimx5tzq6so9s1v/Captured/PqCxt.png (I think these are related; I've run it in both configs a couple times today, and it seems to be connected). Ideas?
18:21 zandy joined #salt
18:21 Brew joined #salt
18:22 forresta scoates, I never configure unique minion configs, I just start the salt-minion service, then on the master it prompts me with the hostname of the server, granted openbsd might be different.
18:22 zach_ scoates: you shouldnt have to, there will be a file (with 0.17.2 at least) called minion_id or similar in /etc/salt that will get set afaik
18:23 forresta err replace configs with IDs
18:23 scoates hmm. ok. there's a chance they're just not related and something else is blowing up, but it seems to be if I comment it, I get that.
18:23 dave_den scoates: that has nothing to do with salt, most likely. it's probably an issue with your inittab config
18:23 scoates also: init failing like that is mildly concerning (-:
18:24 dave_den scoates: for example: http://www.unixguide.net/linux/faq/09.24.shtml
18:24 zach_ yeah, that's nothing to do with salt
18:24 scoates ok. thanks for the sanity check.
18:24 scoates will poke at Vagrant, I guess. /-:
18:26 [diecast] joined #salt
18:28 Brew joined #salt
18:29 shinylasers joined #salt
18:30 scoates and now it just booted with #id commented out. No idea why, but thanks anyway, all.
18:30 shinylasers joined #salt
18:31 jaustinpage joined #salt
18:34 jacksontj joined #salt
18:36 forresta I take all credit for this solution of doing nothing.
18:36 forresta High fives all around :P
18:36 jcockhren o/
18:36 forresta o/\o
18:37 nahamu forresta: good work!
18:37 dave_den heh
18:37 erchn joined #salt
18:37 forresta yep, this is why they pay me the big dollars nahamu
18:38 higgs001 joined #salt
18:39 unxmaal forresta: googling confirms. looks like no cloud provider exists for esxi. oh well. stupidbashdeployer.sh wins this round.
18:40 dave_den make one!
18:40 dave_den :)
18:40 unxmaal i may have to. everyone would hate it though.
18:40 dave_den that's usually my reaction to vmware*
18:41 unxmaal it'd be all in bash, with one big function called 'main'. i'd probably make it run a BASIC interpreter just to exec some goto statements.
18:42 Ryan_Lane joined #salt
18:42 Ryan_Lane joined #salt
18:44 donatello joined #salt
18:48 slav0nic joined #salt
18:50 kaptk2 joined #salt
18:54 neganov joined #salt
18:54 amckinley joined #salt
18:57 JulianGindi joined #salt
18:59 pipps_ joined #salt
19:02 jcsp joined #salt
19:04 shinylasers joined #salt
19:07 pipps_ joined #salt
19:09 jcsp joined #salt
19:11 vejdmn joined #salt
19:13 KyleG1 joined #salt
19:14 JasonSwindle left #salt
19:20 anitak joined #salt
19:21 zandy joined #salt
19:22 jimallman joined #salt
19:28 austin987 joined #salt
19:30 dvogt joined #salt
19:35 pipps_ joined #salt
19:40 seanz joined #salt
19:40 amahon joined #salt
19:45 pdayton joined #salt
19:46 forresta unxmaal, good to know, I hadn't looked into it in a while.
19:47 forresta actually let's ask, hey basepi, what's going on with the vmware integration stuff for esxi hosts? I know the sales guys said it is apparently available for enterprise , do you know what it's looking like at getting that into the open source release?
19:48 pipps_ joined #salt
19:49 jacksontj joined #salt
19:50 scoates when I do my first highstate on an otherwise-naked minion, it takes a long time, and all -v tells me is "Execution is still running on minionname" … is there a way to get more detail about what's still running?
19:50 anitak joined #salt
19:50 Katafalkas joined #salt
19:50 jacksontj joined #salt
19:50 forresta scoates, your best bet would be to go onto the minion
19:51 _ikke_ naked minions...
19:51 forresta are you running debian/ubuntu?
19:51 scoates debian, yeah
19:51 forresta are you run an apt update?
19:51 scoates yeah. and we have a bunch of custom repos, so the first apt-get update is big
19:52 forresta scoates, is there any info in the minion log?
19:52 scoates not really. the last message I see in /var/log/salt/minion is the [new] pubkey failure
19:57 zandy joined #salt
20:02 Brew joined #salt
20:02 echos joined #salt
20:04 Brew joined #salt
20:06 KyleG joined #salt
20:06 KyleG joined #salt
20:07 pass_by_value left #salt
20:07 ncjohnsto joined #salt
20:09 shinylasers joined #salt
20:09 pass_by_value joined #salt
20:09 bhosmer joined #salt
20:09 jdenning joined #salt
20:12 ajw0100 joined #salt
20:19 Psi-Jack I'm trying to wrap my head around file_roots, and why conflicts can exist when two file_root's top.sls defines the same state., I would expect that dev override what's in base.
20:19 Psi-Jack Or.. Similar anyway.
20:25 Katafalkas joined #salt
20:25 pipps_ joined #salt
20:26 ipmb joined #salt
20:27 dave_den Psi-Jack: for gitfs the docs say top.sls from branches are merged. it may be the same with multiple file_roots. http://docs.saltstack.com/topics/tutorials/gitfs.html#branches-environments-and-top-sls-files
20:27 Psi-Jack Yeah, I'm not using gitfs.
20:27 dave_den i think it's recommended to only have top.sls in base even with file_roots.
20:28 dave_den i can't check the source right now to confirm to
20:28 dave_den tho
20:31 Psi-Jack Well, I define it in only base's top.sls, and I still get the conflict.
20:32 Psi-Jack If I make a minor adjustment to the dev:state, it runs both. No matter what, but when I name the state the same, it conflicts. This is not the same behavior it used to have, I'm pretty sure.
20:33 dave_den you'll have to gist your config. i am not clear on what you are doing
20:34 jdenning joined #salt
20:41 mgw joined #salt
20:42 Psi-Jack http://paste.linux-help.org/view/844c225f
20:45 pdayton joined #salt
20:46 pinge joined #salt
20:47 zz_Brew joined #salt
20:47 echos joined #salt
20:47 Damoun joined #salt
20:48 pinge i'm using salt in a masterless configuration.. i got everything working with all the dependencies i needed.. but now i want to start splitting the formulas/states into different environments and i'm having an issue with the base and development environment
20:49 pinge my top file looks like this:
20:49 pinge base:   '*':     - core     - elasticsearch     - keychain     - grunt  development:   'roles:database':      - match: grain      - mysql
20:49 Psi-Jack Heh, I sure hope it doesn't look like that. :)
20:49 jesusaurus pinge: can you use gist.github.com?
20:49 pinge 1sec
20:49 pinge i can
20:49 pinge https://gist.github.com/pinge/7880602
20:49 pinge (i was expecting the web based irc client to deal with newlines :))
20:50 pinge so, when i try to provision a box with a minion explicitly set with environment: development
20:50 pinge shouldn't it go through all the base states PLUS the development states?
20:52 robbyt joined #salt
20:52 foxx joined #salt
20:56 jcsp joined #salt
20:58 hunternet93 left #salt
21:07 bemehow joined #salt
21:08 jesusaurus pinge: im not sure about explicitly setting the environment, but i would expect explicitly setting it to ignore states in other environments
21:08 Brew_away joined #salt
21:09 zandy joined #salt
21:12 pinge jesusaurus: but wouldn't it make more sense to structure the environments in a way i could reuse them?
21:12 Brew_away joined #salt
21:12 seanz joined #salt
21:12 pinge what you're saying allows me to reuse them, but it's kinda "use everything, except this, this and this" for each environment
21:13 jesusaurus how are you explicitly setting the environment? and if you are setting it explicitly why do you expect states from other environments to also be included?
21:13 pinge i'm setting the environment explicitlty in the minion configuration
21:14 pinge environment: development
21:14 pinge like this
21:14 pinge i'm basically using vagrant.. and for the development environment i'm using a different minion config file than for production
21:14 pinge for development, i'm using vagrant + virtualbox
21:14 pinge for production, i'm using vagrant + aws
21:15 pinge (and ideally, a staging environment would also be available)
21:15 jesusaurus if you just go off the top file, then a minion can be in multiple environments. if you explicitly set the environment then i would expect that to be the one and only environment the minion is in
21:15 pinge ok, understood
21:16 jesusaurus but i havent actually tested that and dont know if its expected behaviour
21:16 pinge so what you're saying is that the first thing to do is to remove the explicit environment declaration, right?
21:16 jesusaurus yeah
21:16 pinge but i should have multiple top.sls files, right?
21:16 jesusaurus personally, i have a single state environment but multiple pillar environments
21:17 jesusaurus so im probably not the best person to help
21:17 william20111 joined #salt
21:17 pinge hmmm.. is that strategy working well for you? what advantages do you see over having multiple state environments?
21:18 pinge https://gist.github.com/pinge/7881047 (this is my minion config file)
21:18 jesusaurus having a single state environment forces me to be modular in my formulas so  that the same formula is used across all my 'environments' (that term is a little over-used)
21:18 dave_den pinge: http://docs.saltstack.com/ref/states/top.html#environments
21:19 pinge dave_den: i've been through that page quite some time
21:19 pinge but maybe i'm missing something and maybe i'm not understanding completely the concept of 'environment' in salt stack
21:19 [diecast] joined #salt
21:19 jesusaurus and then the only environment differences are the pillar values (passwords, ip addresses, app-specific configs)
21:19 jeter___ joined #salt
21:19 dave_den your development minions should get your core, elasticsearch, keychain, and grunt states from base, yes
21:20 cewood joined #salt
21:20 pinge dave_den: ok, so something is definitely wrong because they can install mysql but the other salt formulas are not run
21:20 jeter___ hi guys, does salt have an equivalent to puppet's "puppet agent disable 'Message'"
21:20 pinge dave_den: any idea on how to debug or can you point me the direction on what to look for?
21:21 dave_den pinge:  try checking to see what 'salt "yourdevminion" state.show_top env=development' shows
21:22 dave_den Psi-Jack: the conflicting ID declarations make sense to me when you have salt.tag included from both base and dev
21:24 pinge dave_den: thanks a lot. will debug the issue with your tip
21:24 dave_den Psi-Jack: salt is going through both top.sls files. when it sees a match for your states, it then compiles 'base:salt.tag' and dev:salt.tag'. The tag.sls files from /prod/sal.. and /dev/salt… both have the same ID. so salt complains about the conflict
21:25 dave_den right?
21:26 dave_den Psi-Jack: did this work with a previous salt version?
21:27 pinge dave_den: here's the output https://gist.github.com/pinge/7881223
21:27 pinge it looks good :(
21:27 dave_den there was a bug where if you did multiple 'include's of the same state file within a state run then salt would complain about a conflict - if this was working previously then it is probably related to that change.
21:28 dave_den pinge: is core being applied with mysql, but not the others?
21:28 pinge but i'm getting this when i try to run salt: https://gist.github.com/pinge/7881269
21:29 pinge dave_den: core is not being applied, only mysql
21:30 networkpadawan joined #salt
21:30 dave_den pinge: do you have multiple top.sls files?
21:31 pinge dave_den: only one top.sls file
21:31 dave_den hrm
21:35 bemehow_ joined #salt
21:36 pinge dave_den: i'll take another shot at it (looks like i'm in the right direction at least).. thanks a lot for helping out
21:37 dave_den i'm testing now. one sec
21:37 dave_den pinge: what version are you running on the minion?
21:37 pinge i believe the last one
21:37 pinge when i do 'vagrant up' it always bootstraps salt
21:39 zandy joined #salt
21:40 dave_den pinge: it may be a bug in the develop branch. i just tested on 0.17.2 and it applies the base states and the development states
21:41 pinge oh, bootstrap fetches develop?
21:41 forresta the bootstrap does not fetch develop unless you specify that it should
21:42 dave_den pinge: salt-call —versions-report
21:42 dave_den yeah, i just looked at bootstrap and it looks like it installs the latest stable version
21:42 pinge ok, i'm not specifying the version. here's the vagrant provisioner: https://github.com/mitchellh/vagrant/blob/master/plugins/provisioners/salt/bootstrap-salt.sh
21:42 forresta dave_den, yep
21:43 pinge $ sudo salt-call —versions-report Function —versions-report is not available
21:43 pinge missed a dash
21:43 pinge Salt: 0.17.2
21:45 pinge i'm gonna test with a project from scratch with only one dependency in each environment.. thanks
21:46 pinge oh, another question.. i've built a gvm (groovy environment manager) state and module based on the ones from rvm
21:46 pinge should i just open a new issue in github for contribution?
21:47 pinge or can i just open a pull request?
21:48 dave_den you can just open a pull request
21:49 pinge cool
21:54 MZAWeb joined #salt
21:55 dave_den pinge: yeah, i can't reproduce your issue on my 0.17.2 minion
21:55 dave_den not sure what's going on
21:57 Katafalkas joined #salt
21:58 pinge dave_den: ok, that way i know it should work with 0.17.2 :]
22:02 * nahamu discovers 0.17.3 is out...
22:02 * nahamu packages the esky for SmartOS
22:02 dave_den odd though, my 0.17.2 state.show_top looks like this:  https://gist.github.com/dlanderson/46e89a0541d784ca5d85
22:02 nahamu done
22:04 FL1SK joined #salt
22:06 pinge dave_den: just figured it out.. it actually works when i remove the explicit environment declaration.. the problem is that i had to start the provisioning from scratch (e.g. with vagrant up)
22:06 pinge kudos
22:07 networkpadawan joined #salt
22:07 networkpadawan left #salt
22:09 pipps_ joined #salt
22:13 dave_den ah, glad you found it
22:14 mgw joined #salt
22:17 nicker joined #salt
22:19 pinge :]
22:19 rcg_re joined #salt
22:21 bemehow joined #salt
22:21 zandy joined #salt
22:24 Ryan_Lane is it possible to do batch calls via http://docs.saltstack.com/ref/clients/index.html ?
22:26 Ryan_Lane I need to do batch calls via a runner
22:27 jdenning joined #salt
22:27 dave_den Ryan_Lane: i don't think so.
22:27 Ryan_Lane uuugghhhh
22:28 dave_den i haven't looked at how salt batches, but i assume it compiles the list of minions from your tgt and expr_form into a list, then iterates that in your batch size
22:28 lpmulligan joined #salt
22:28 dave_den you could easily do that yourself in a runner module
22:28 backjlack joined #salt
22:28 Ryan_Lane how do you compile the list?
22:30 dave_den Ryan_Lane: this is how I did it in the utils/master.py file:  https://github.com/saltstack/salt/blob/develop/salt/utils/master.py#L204
22:30 Ryan_Lane oh. it seems it does it via a ping
22:30 dave_den i suppose tgt_to_list could be made a public function. seems like people ask about this somewhat often
22:32 rcg_re joined #salt
22:32 Ryan_Lane heh. so, there's two different ways this is implemented?
22:32 dave_den what do you mean
22:32 Ryan_Lane __gather_minions
22:32 Ryan_Lane in cli/batch.py
22:33 Ryan_Lane does a ping, then adds them into a list
22:36 dave_den that may be more effective for a runner module
22:36 dave_den the ckminion approach uses the data found on the master
22:37 dave_den the ping method actually publishes the ping over 0mq using the tgt/expr_form and lets the minion reply. minions that don't reply are not included in the list
22:38 * Ryan_Lane nods
22:38 Ryan_Lane I wonder if it's possible to just use a batch object
22:39 Ryan_Lane then do a batch.run
22:39 Ryan_Lane it would really be ideal if the client and cli code were more coverged
22:39 utahcon Is it possible to cascade values in pillar?
22:39 Ryan_Lane *converged
22:41 Ryan_Lane https://github.com/saltstack/salt/issues/1237?source=cc
22:41 Ryan_Lane :D
22:46 Ryan_Lane oh
22:46 Ryan_Lane cmd_batch in LocalClient
22:46 Ryan_Lane I can use LocalClient in runners
22:47 Ryan_Lane it's not documented...
22:51 mgw1 joined #salt
22:51 torrancew b
22:51 pipps_ joined #salt
22:52 harobed joined #salt
22:55 higgs001 joined #salt
22:55 bhosmer joined #salt
22:59 rcg_re left #salt
22:59 sroegner joined #salt
23:03 vejdmn1 joined #salt
23:10 dvogt joined #salt
23:10 vejdmn joined #salt
23:15 amckinley joined #salt
23:17 pipps joined #salt
23:21 zandy joined #salt
23:31 quickdry21 joined #salt
23:32 pniederw joined #salt
23:32 mgw1 has anyone given thought to an encrypted pillar module?
23:35 jslatts joined #salt
23:35 smccarthy joined #salt
23:36 NV I notice there's a 0.17.3 release tagged in git and on pypi - are the release notes anywhere?
23:37 forresta not yet NV
23:39 pniederw I'm trying to download a file over HTTP unless the target path already exists. Can't use `file.managed` because that requires me to specify a source hash, and there is no stable hash (file changes occasionally). I can't use `cp.get_url` because `module.run` doesn't support `unless`, and (I think) `cp.get_url` redownloads the file each time. Any ideas?
23:41 pniederw (`file.managed` even requires a hash when using `replace: False`.)
23:42 KyleG Why not use unless
23:42 KyleG Have a "file" or "stat" command against the file using unless
23:42 KyleG If the file isn't there, execute command.
23:42 KyleG If it's there, do nothing!
23:42 hellome joined #salt
23:42 KyleG That's how I do it with automating installing splunk forwarding
23:43 pniederw as I said, `module.run` doesn't support `unless`. Are you suggesting to use `cmd.run` instead?
23:43 KyleG That's what I use, yes.
23:43 KyleG You could call the module from the cmd possibly
23:43 KyleG using salt-call
23:43 KyleG or just call the script/module directly
23:44 KyleG Might not be the most organized direct way of doing it, but it'll work
23:45 pniederw true, there are workarounds, but then I'll have to implement this separately for each supported platform.
23:46 pniederw at least when using cmd.run + wget
23:48 pniederw if there is no better solution for one-time downloads, i'll go down that road
23:52 pniederw perhaps a better solution is to write my own execution function that, unless the target path exists, delegates to `cp.get_url`
23:52 smccarthy joined #salt
23:52 KyleG yeah that's pretty good.
23:54 babilen joined #salt
23:55 jacksontj joined #salt
23:57 dvogt joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary