Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-12-16

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 rojem joined #salt
00:08 psyl0n joined #salt
00:14 penguin_dan joined #salt
00:15 dnkstation joined #salt
00:26 elsmorian joined #salt
00:26 xmltok joined #salt
00:32 penguin_dan joined #salt
00:32 rojem joined #salt
00:36 rojem joined #salt
00:42 rojem joined #salt
00:43 rojem joined #salt
00:44 zandy joined #salt
00:46 rojem joined #salt
00:47 pdayton joined #salt
00:49 rojem joined #salt
00:56 psyl0n joined #salt
01:02 rojem joined #salt
01:07 zandy joined #salt
01:13 mgw joined #salt
01:16 mgw joined #salt
01:25 elsmorian joined #salt
01:34 psyl0n joined #salt
01:44 fandikurnia01 joined #salt
01:44 rojem joined #salt
01:48 mgw joined #salt
01:50 higgs001 joined #salt
01:59 fandikurnia01 joined #salt
02:02 dstanek joined #salt
02:06 oz_akan_ joined #salt
02:07 logix812 joined #salt
02:08 jfzhu_us joined #salt
02:14 cachedout joined #salt
02:16 smccarthy joined #salt
02:19 rojem joined #salt
02:22 xl1 joined #salt
02:25 higgs001 joined #salt
02:25 quanta_ joined #salt
02:29 raj_ joined #salt
02:29 raj_ Hi All
02:29 raj_ how to replace IP address in a configuration file using saltstack after deploymnet of rpm through salt
02:30 halfss joined #salt
02:31 quanta_ left #salt
02:32 forresta raj_, you mean after you start the service? Or you want to change the IP that the minion is pointing at for the master?
02:34 raj_ Not exactly. after deployment of rpm , rpm source's has differnt IP ranges. we need to replace these IP with our New IP ranges.How do we do this using saltstack
02:34 forresta a deployment of your own RPM?
02:34 raj_ thx for your replt
02:34 halfss Hi. does saltutil.sync_modules work well on 0.17+?
02:34 raj_ yes
02:34 dvogt joined #salt
02:34 raj_ thank you... can you pleas let me know in brief
02:35 forresta depending on how the configuration file is set up, I'd suggest file.append, file.replace, or if you can manage the whole file with salt, file.managed. Take a look at these docs: http://docs.saltstack.com/ref/states/all/salt.states.file.html
02:37 raj_ file.managed will replace file with what we have in Master ... !!! it may miss some update later. so we need to keep on tracjking our source filw which is already present in our salt master ... right!
02:37 forresta well, the goal would be that you would run salt against that minion more than a single time, whenever you need to apply changes.
02:38 raj_ No... when i run state.highstate . it install my update rpm and should replace IP based on New Environment
02:39 raj_ both done in single run
02:39 forresta right, but if you run it again, the RPM would already be installed, so it won't install it again, it will just apply the changes that you have made to the file.
02:39 raj_ Ok. how do i do tht
02:40 mgw joined #salt
02:41 forresta it just happens, if you have a state for your package install, and the managed file. The first time you run it, the package will be installed, and the managed file will be put in place
02:41 forresta if you run it again, it will confirm the package is installed, and the managed file matches what is on your master
02:41 forresta if you change the managed file on the master, and run salt again, it will confirm the package is installed, then make the changes to the file
02:42 fxdgear can I avoid having a separate repo for pillar data by using a _pillar dir in my salt repo?
02:44 fxdgear and then point the pillar_roots to the _pillar dir referenced above?
02:45 forresta I haven't tried that before fxdgear, I'd say just give it a shot
02:49 higgs001 joined #salt
03:02 mgw joined #salt
03:08 sgviking joined #salt
03:19 zandy_ joined #salt
03:19 terminalmage joined #salt
03:20 halfss /join #salt-devel
03:22 zandy_ joined #salt
03:23 anuvrat joined #salt
03:23 ajw0100 joined #salt
03:25 mgw joined #salt
03:26 che-arne joined #salt
03:30 mgw joined #salt
03:33 NotreDev joined #salt
03:37 fxdgear is there a gitfs for pillar roots?
03:37 fxdgear or is it easier to create a repo for pillar data, then have a state state manage that repo?
03:38 fxdgear ideally I'd rather just have pillar data in my salt repo...
03:41 dstanek joined #salt
03:44 malinoff fxdgear, there is
03:45 fxdgear malinoff I see it now here: https://github.com/saltstack/salt/issues/3745
03:48 fxdgear and more here... http://docs.saltstack.com/topics/tutorials/gitfs.html#using-git-as-an-external-pillar-source
03:48 fxdgear thx
03:51 jergerber joined #salt
04:04 quanta_ joined #salt
04:07 quanta_ State pip.removed found in sls nrpe is unavailable
04:07 quanta_ which python
04:07 quanta_ /usr/bin/python
04:07 quanta_ which pip
04:07 quanta_ /usr/local/bin/pip
04:08 quanta_ https://github.com/saltstack/salt/issues/7659
04:09 quanta_ I already set `bin_env` to `/usr/local/bin/pip`
04:09 quanta_ but still get this error
04:10 quanta_ As of Salt 0.17.0 the pip state needs an importable pip module. This usually means having the system's pip package installed or running Salt from an active http://www.virtualenv.org/.
04:11 quanta_ If pip module can be import from the command line, do I need to install system's pip package?
04:11 jcsp joined #salt
04:15 ConceitedCode joined #salt
04:20 luketheduke joined #salt
04:41 ajw0100 joined #salt
04:41 MK_FG joined #salt
04:56 ravibhure joined #salt
05:02 zandy joined #salt
05:04 zandy_ joined #salt
05:14 ravibhure1 joined #salt
05:15 anuvrat joined #salt
05:18 ravibhure joined #salt
05:21 dvl joined #salt
05:26 fandikurnia01 joined #salt
05:28 quanta_ joined #salt
05:35 elfixit joined #salt
05:36 Ryan_Lane joined #salt
05:40 MK_FG joined #salt
05:41 jslatts joined #salt
05:48 ckao joined #salt
06:05 zandy joined #salt
06:08 zandy_ joined #salt
06:15 middleman_ joined #salt
06:28 quanta_ joined #salt
06:37 Ryan_Lane joined #salt
06:38 fxdgear so if I've setup an ext_pillar, via github... how can I verify that the pillar data I'm trying to use is syncing? How can I debug that it isn't?
06:57 Furao joined #salt
07:08 BenCoinanke left #salt
07:08 junedm joined #salt
07:11 MrTango joined #salt
07:14 anuvrat joined #salt
07:14 BenCoinanke joined #salt
07:15 druonysus joined #salt
07:15 druonysus joined #salt
07:21 juasiepo joined #salt
07:27 kh4z joined #salt
07:30 junedm left #salt
07:38 Ryan_Lane joined #salt
07:39 nebuchadnezzar fxdgear: maybe by just calling “salt '*' pillar.items” ?
07:40 fxdgear nebuchadnezzar turns our I needed to delete the folder in the /var/cache/salt/pillar_gitfs or what ever...
07:40 fxdgear once I did that it just refreshed the pull from github
07:47 ml_1 joined #salt
07:55 matanya joined #salt
08:05 balboah joined #salt
08:06 fllr joined #salt
08:07 harobed joined #salt
08:08 aleszoulek joined #salt
08:08 _fllr_ joined #salt
08:09 fxdgear why would a file.managed object, when specifying a ``- context`` attribute... not fill in the {{ vars }} with the value from the context?
08:13 gammalget joined #salt
08:16 fxdgear ugh forget me... forgot to include the `- template: jinja` attr... :/ (getting tired I supposed)
08:19 quanta_ joined #salt
08:24 ssshi joined #salt
08:29 zooz joined #salt
08:31 dvl joined #salt
08:31 Ash__ joined #salt
08:31 giantlock_ joined #salt
08:34 che-arne joined #salt
08:50 elsmorian joined #salt
09:00 rojem joined #salt
09:13 carlos_ joined #salt
09:26 Damoun joined #salt
09:34 zooz joined #salt
09:38 fllr joined #salt
09:40 krak3n` joined #salt
09:41 matanya joined #salt
09:45 che-arne joined #salt
09:51 fllr joined #salt
09:52 juasiepo joined #salt
09:54 dvl joined #salt
09:54 ckao joined #salt
09:54 luketheduke joined #salt
09:54 ConceitedCode joined #salt
09:54 xt joined #salt
09:54 Nazzy joined #salt
09:54 echos joined #salt
09:54 dpac|away joined #salt
09:54 chutzpah joined #salt
09:54 nliadm joined #salt
09:54 MTecknology joined #salt
09:54 pnl joined #salt
09:54 [vaelen] joined #salt
09:54 seanz joined #salt
09:54 Jahkeup joined #salt
09:54 pmrowla joined #salt
09:58 nkuttler joined #salt
10:04 druonysus joined #salt
10:07 bhosmer joined #salt
10:08 fllr joined #salt
10:13 psyl0n joined #salt
10:22 ravibhure joined #salt
10:25 pengunix joined #salt
10:29 Whissi joined #salt
10:32 JasonG_TA joined #salt
10:39 anuvrat joined #salt
10:40 Ryan_Lane joined #salt
10:43 bhosmer joined #salt
10:45 ConceitedCode joined #salt
10:55 zooz joined #salt
11:00 achileuss joined #salt
11:01 achileuss hi guys, i have an unexpected error(msgpack.exceptions.UnpackValueError ) on one of the minions and google did not help a lot. Can someone take a look http://pastebin.com/hve44p8m
11:04 achileuss ok solved it... i have just cleaned the salt cache dir /var/cache/salt and it works
11:06 diegows joined #salt
11:08 fllr joined #salt
11:08 mbr_ joined #salt
11:21 elfixit joined #salt
11:22 the_drow joined #salt
11:22 the_drow Hi I'm getting Detected conflicting IDs, SLS IDs need to be globally unique.     The conflicting ID is "/home/vagrant/.bashrc" and is found in SLS "base:python.virtualenvwrapper" and SLS "base:python.pyenv"
11:23 the_drow What exactly should I do?
11:23 Furao the_drow: use different id's
11:23 the_drow Furao: but I need to use the file. Should I use name instead?
11:25 uomobonga joined #salt
11:25 Furao the_drow:  yes
11:25 anuvrat joined #salt
11:26 the_drow Furao: Hold on, I'm trying something. If it won't work I'll share the stateconfs
11:26 Furao but you should not have separate states to do the same thing
11:26 Furao you should have one that include the other
11:29 JasonG_TA joined #salt
11:33 the_drow "Unable to determine upstream hash of source file http://download.jetbrains.com/webstorm/WebStorm-7.0.2.tar.gz" this is for archive.extracted
11:36 pengunix joined #salt
11:41 Ryan_Lane joined #salt
11:49 zandy joined #salt
11:54 APLU joined #salt
11:54 matanya joined #salt
11:57 JasonG_TA joined #salt
12:00 derelm joined #salt
12:07 pdayton joined #salt
12:08 fllr joined #salt
12:10 blee joined #salt
12:14 teddy_dona joined #salt
12:20 mbr_ joined #salt
12:21 derelm joined #salt
12:21 mbr_ how do i write an .sls file that stops a service, modifies a file, then restarts it? do i simply use order or dependencies or will that conflict if i require a service to be started and stopped at the same time?
12:26 _ikke_ mbr_: An sls file defines a state, not a series of steps to take
12:27 mbr_ _ikke_, i see. so how do i update cups' printers.conf ?
12:27 mbr_ _ikke_, (which has a big fat "# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING" at the top)
12:27 malinoff mbr_, You can have a state 'mod file' that modifies a file, and a state 'restart service' that watches 'mod file' state and restarts a service on demand
12:27 _ikke_ You can let the service watch the conf file
12:27 _ikke_ ah ok
12:28 malinoff http://docs.saltstack.com/ref/states/all/salt.states.service.html#module-salt.states.service
12:30 pengunix joined #salt
12:30 mbr_ malinoff, hmm, how do i declaratively perform the steps i need in order?
12:30 malinoff mbr_, http://docs.saltstack.com/ref/states/ordering.html
12:30 malinoff mbr_, Read about state_auto_order - it's cool option
12:31 mbr_ malinoff, and salt is fine with me  having .stop, file.managed, .start in there, without the first and last conflicting?
12:31 xl1 left #salt
12:33 malinoff mbr_, http://pastebin.com/JHYqsWzr something like that
12:34 malinoff mbr_, actually this one: http://pastebin.com/4zz56sZw
12:34 mbr_ malinoff, if i read that right, if i change mycoolfile, the service will be restarted - however, i need to account for the case where salt is run for the first time and service is already running. in that case, the service needs to be stopped, before updating the file
12:34 Sheco joined #salt
12:35 malinoff mbr_, If you change mycoolfile on the master (or where is lives (HTTP, git, etc)), and file.managed will run, service.running will understand that mycoolfile changed and mycoolservice needs to be restarted
12:35 mbr_ malinoff, in this case it's CUPS - it will be running in a default installation, now i want to edit printers.conf. but cups will write that file when exiting (i assume), so i need to stop cups, edit printers.conf, then restart
12:35 malinoff mbr_, You don't need to stop CUPS, you need to restart it
12:36 mbr_ malinoff, it says # DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING at the top of the file though
12:36 malinoff mbr_, okay, so you really need to stop it
12:36 malinoff Give me a second
12:36 mbr_ yep =)
12:37 pengunix joined #salt
12:39 derelm joined #salt
12:40 malinoff http://pastebin.com/iYw7nbh9
12:41 mbr_ malinoff, thanks. i do need to enable the ordering for this to work though, right?
12:41 malinoff mbr_, yeah
12:42 Ryan_Lane joined #salt
12:43 mbr_ hmm, so the last thing i need is a conditional file edit. cups is a bit strange in that it edits its own configuration files to store runtime info
12:43 malinoff mbr_, {% if condition %} {% endif %}
12:44 mbr_ malinoff, and that will be run on the slave? i thought the sls files were processed on the master
12:44 elsmorian What is the best way of carrying out a load of similar configs in a jinja for loop, and then get the next state to require them all to have run?
12:44 malinoff mbr_, Nope. Salt is blazingly fast because all rendering is doing on a minion
12:45 mbr_ malinoff, ah, thanks.
12:46 elsmorian Can I declare a variable outside of the loop, and us ethat to set each looping config to require the previous by storing it's name in said var, and then use that var outside the loop to point to the last item in the loop?
12:46 malinoff elsmorian, {% set myvar = 'myvalue' %}
12:46 malinoff google: jinja variables
12:47 quanta_ joined #salt
12:49 mbr_ malinoff, i worked, thanks
12:49 mbr_ elsmorian, a better idea is probably using the last filter or loop.last
12:50 mbr_ elsmorian, http://jinja.pocoo.org/docs/templates/ - ctrl+f, "last" =)
12:50 quanta_ joined #salt
12:51 elsmorian I guess my Q was more the scoping of vars, asin- can I do http://pastebin.com/FzAXaMHk and is it a good idea?
12:51 elsmorian mbr_:  aha, the loop.last is handy
12:52 ConceitedCode joined #salt
12:53 mbr_ elsmorian, in your case, it'd probably pay off a lot reading through that whole page. its not too long and there are some neat shortcuts
12:55 kh4z joined #salt
13:00 bhosmer joined #salt
13:02 Whissi The "foo" service stores its configuration ({1..100}-file.conf) in "/etc/foo.d". That's not a problem, I can push the folder with Salt.
13:02 Whissi But "{2,11,53,77}-file.conf" for example contain client specific information.
13:02 Whissi Can I use templates within a "managed" folder or would I have to push "foo.d" in the first step and in a second step I would use file.managed for "/etc/foo.d/{2,11,53,77}-file.conf"?
13:04 harobed joined #salt
13:05 bhosmer joined #salt
13:08 fllr joined #salt
13:18 [diecast] joined #salt
13:24 fllr joined #salt
13:24 oz_akan_ joined #salt
13:25 Whissi Seems like salt.states.file.recurse will do the job.
13:25 jasg75 joined #salt
13:26 _fllr_ joined #salt
13:26 oz_akan_ joined #salt
13:30 mbr_ does salt handle arch package groups?
13:32 dstanek joined #salt
13:39 mgw joined #salt
13:42 Ryan_Lane joined #salt
13:43 krak3n` guys, does salt cloud let you set the private ip of the box? can't see anything in the docs
13:44 sroegner joined #salt
13:48 rockey krak3n`: nothing correctly configured on internet will allow RFC 1918 addresses on it
13:48 rockey so as long as you don't have some sort of tunnel linking the private networks together, no
13:49 rockey and I believe that saltcloud doesn't currently support that, but haven't looked that deeply
13:50 mgw joined #salt
13:51 krak3n` k, thanks, Elastic Search needs to know ips to unicast since multicast is not supported on AWS, i guess i'll have to use the salt mine to get ips of minions with specific roles
13:51 JasonSwindle joined #salt
13:51 bhosmer joined #salt
13:52 ipmb joined #salt
13:54 pengunix joined #salt
13:55 quanta_ joined #salt
13:58 Iwirada joined #salt
13:59 jslatts joined #salt
14:02 psyl0n joined #salt
14:02 bhosmer joined #salt
14:04 pengunix_ joined #salt
14:08 fllr joined #salt
14:09 che-arne joined #salt
14:12 juicer2 joined #salt
14:14 brianhicks joined #salt
14:14 andresr joined #salt
14:15 kiorky_ joined #salt
14:15 kiorky_ joined #salt
14:17 dave_den1 joined #salt
14:17 clone1018_ joined #salt
14:18 dstanek_afk joined #salt
14:19 racooper joined #salt
14:19 whaterverman joined #salt
14:20 NVX joined #salt
14:22 cyrusdav- joined #salt
14:23 \ask_ joined #salt
14:23 blee_ joined #salt
14:23 quanta_ joined #salt
14:25 drogoh joined #salt
14:25 giantlock joined #salt
14:25 hotbox joined #salt
14:26 mayfield joined #salt
14:28 codysoyland joined #salt
14:29 mpanetta joined #salt
14:30 godber joined #salt
14:31 penguin_dan joined #salt
14:31 bbinet joined #salt
14:31 cortrigl joined #salt
14:34 JasonG_TA joined #salt
14:35 vejdmn joined #salt
14:35 teddy_dona left #salt
14:41 kaptk2 joined #salt
14:42 mattmtl joined #salt
14:43 Ryan_Lane joined #salt
14:43 pengunix_ joined #salt
14:45 vortec hi, i'm trying to build a virtualenv in my salt state like this: https://gist.github.com/vortec/7988102 .. it says "State virtualenv.create found in sls cate2 is unavailable", is the "virtualenv" module not available via states?
14:46 Iwirada vortec: afaik the're not available
14:47 backjlack joined #salt
14:47 Iwirada vortec: you want to try this: http://docs.saltstack.com/ref/states/all/salt.states.virtualenv_mod.html#module-salt.states.virtualenv_mod
14:48 Iwirada ?
14:48 quickdry21 joined #salt
14:50 vortec thank you Iwirada
14:52 Iwirada vortec: you're welcome :)
14:56 th3reverend joined #salt
14:56 th3reverend left #salt
14:58 Whissi Is there a way to test my jinja template without executing it against a minion?
14:58 netzmonster joined #salt
15:01 _ikke_ Whissi: you could append test=True to the salt command, but not sure if that's enough
15:02 rgbkrk joined #salt
15:03 harobed_ joined #salt
15:03 Gifflen joined #salt
15:05 Whissi Mh, no. I need to see the output. But if I create a test.sls and write the file to a test location, I should get what I want.
15:08 rojem joined #salt
15:10 funzo joined #salt
15:10 cowyn__ joined #salt
15:11 mpanetta_ joined #salt
15:11 pengunix joined #salt
15:11 giantlock__ joined #salt
15:12 jpaetzel_ joined #salt
15:12 jpcw_ joined #salt
15:12 balboah_ joined #salt
15:12 rlarkin joined #salt
15:13 andresr_ joined #salt
15:13 balltongu_ joined #salt
15:13 clone1018 joined #salt
15:14 hhenkel joined #salt
15:14 Damoun_ joined #salt
15:14 vejdmn1 joined #salt
15:14 jhermann_ joined #salt
15:14 jakubek_ joined #salt
15:14 kaiyou_ joined #salt
15:14 APLU joined #salt
15:15 agh joined #salt
15:15 BenCoinanke joined #salt
15:15 jslatts joined #salt
15:15 vkurup joined #salt
15:15 _ikke_ joined #salt
15:17 _ikke__ joined #salt
15:17 pass_by_value joined #salt
15:18 sroegner joined #salt
15:18 yota Hi
15:18 yota I use salt-call --local withou zmq
15:18 yota I use salt-call --local without zmq
15:19 yota It works great
15:19 yota now I want call salt from Python scripts
15:19 yota and i find the same behavior (aka w/o zmq)
15:19 Iwirada google said this: http://stackoverflow.com/questions/89228/calling-an-external-command-in-python
15:20 Iwirada from subprocess import callcall(["ls", "-l"])
15:20 Iwirada from subprocess import call
15:20 Iwirada call(["ls", "-l"])
15:20 Iwirada otherwise i guess you have to digg the code
15:20 yota salt doesn't have an api for that?
15:20 yota I see salt.client.Caller
15:20 yota ``Caller`` is the same interface used by the :command:`salt-call`
15:20 yota command-line tool on the Salt Minion.
15:21 yota but I want zmq
15:21 nebuchadnezzar yota: maybe doing the same as /usr/bin/salt-call ?
15:21 nebuchadnezzar from salt.scripts import salt_call
15:21 pass_by_value yota: there is also salt.client.APIClient that you might be able to use.
15:22 Iwirada good to know :)
15:22 pass_by_value :)
15:22 yota thanks
15:22 pass_by_value I have found that you can call most of salt's functionality using that class' run method
15:23 Nazca__ joined #salt
15:23 pass_by_value np :)
15:25 pass_by_value This is a very introductory example for APIClient
15:25 pass_by_value http://pastebin.com/hsAKGVQR
15:26 dvogt_ joined #salt
15:27 EugeneKay joined #salt
15:27 \ask joined #salt
15:27 zgre joined #salt
15:27 vipul joined #salt
15:33 yota pass_by_value: APIClient seems low in the stack
15:34 yota I want just "salt-call -c /path/to/master --local state.highstate" :)
15:34 yota the goal is to get the result in the python script
15:34 yota (w salt structures)
15:35 fllr joined #salt
15:35 Iwirada yota: http://docs.python.org/2/library/subprocess.html
15:35 timoguin joined #salt
15:36 yota yeah but with subprocess, you are out salt
15:36 Iwirada yota: a quick-and-dirty approach
15:36 Iwirada your script does care?
15:37 jergerber joined #salt
15:37 jergerber joined #salt
15:37 yota I want to know if I have errors and in this case, which ones
15:37 Iwirada ah, ok
15:38 Iwirada isn't there a Success/Fail thing at the end of the output?
15:38 yota and it's a pity to parse the result if I can use Salt API
15:38 Iwirada true
15:38 alunduil joined #salt
15:38 yota yeah somethin like the shell output
15:56 _ilbot joined #salt
15:56 Topic for #salt is now Welcome to #salt - SaltConf in January!! http://saltconf.com | 0.17.2 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
15:56 zgre joined #salt
15:57 bhosmer joined #salt
15:57 yota Iwirada: I think I will use subprocess with a yaml output
15:57 marcinkuzminski joined #salt
15:58 Iwirada yota: ah ok
15:58 yota I can see any API who simulate salt-call --local
15:59 pass_by_value joined #salt
15:59 Iwirada yota: i think the api is more precise and clean
15:59 yota maybe a bug
15:59 Iwirada but if you need a result soon, i would go with the subprocess, first
15:59 yota do you talk about ClientAPI
15:59 Iwirada cleanup later ;)
15:59 yota ?
15:59 Iwirada yes
15:59 yota hmm
16:00 cro_ joined #salt
16:00 cachedout joined #salt
16:01 yota to use APIClient, it seems I must learn many internal structures
16:01 tseNkiN joined #salt
16:01 Iwirada input is yaml, output json
16:01 tyler-baker joined #salt
16:01 tyler-baker joined #salt
16:01 cyp___ joined #salt
16:01 Iwirada but i guess you have to understand pretty much what is going on under the hood
16:02 yota I think so
16:03 pass_by_value yota: I agree that you have to know the data structure to make the APIClient call. However in most cases the data structure is very similar with only the 'fun' and the 'kwarg' keys being different for different functions
16:03 quickdry21 joined #salt
16:03 yota pass_by_value: understood
16:03 pass_by_value cmd = {'username': 'adi', 'password': 'abc', 'eauth': 'pam', 'fun': 'state.highstate', 'kwarg': {}, 'tgt': '*'}
16:03 yota I will take a llok
16:03 yota look
16:03 pass_by_value is what I used for running a highstate call
16:03 welby_away joined #salt
16:04 rojem joined #salt
16:04 nkuttler joined #salt
16:04 nkuttler joined #salt
16:04 ipmb joined #salt
16:04 harobed_ joined #salt
16:04 yota where I can specify the conf file ?
16:04 yota the file is not at the default path
16:04 yota s/at/in/
16:05 zach joined #salt
16:06 pass_by_value Hmm I am not sure how the conf file can be specified for APIClient
16:07 pass_by_value that (-c) looks to be an option to salt-call
16:07 yota so I can use APIClient :(
16:07 yota btw thanks packeteer
16:07 yota btw thanks pass_by_value
16:08 pass_by_value I am not sure if you can; there *might* be a way to have the api get that option from one of the conf files, but I am not sure about it
16:09 micw joined #salt
16:09 mnemonikk joined #salt
16:09 micw hi
16:10 patrek joined #salt
16:10 micw is there some concept like puppet's "exported resources" in salt? what i want:
16:10 txmoose_ joined #salt
16:10 rockey_ joined #salt
16:10 namtab_ joined #salt
16:11 Corey joined #salt
16:11 carmony_ joined #salt
16:11 micw add some "backup" formula to a node. that sets up everything client specific on this node + something on a backupserver for each node that uses this formula
16:11 rjc_ joined #salt
16:12 micw 2nd thing: realizing something like in the puppet  "concat" plugin: several services export small file parts (e.g. nagios config file segements) which are colelcted on a nagios server node
16:12 jY- joined #salt
16:13 pass_by_value yota: I found some other classes that might be some help (http://docs.saltstack.com/ref/clients/index.html). The LocalClient class has an option to specify the conf file
16:14 MSeven joined #salt
16:15 marcel_ joined #salt
16:15 Ahlee gitfs backend - how do you view the contents?
16:16 Ahlee i have a few gitfs remotes defined, and it appears at least one isn't updating
16:16 jkyle_ joined #salt
16:17 bawnzai joined #salt
16:17 mayfield joined #salt
16:17 Voziv joined #salt
16:18 doki_pen joined #salt
16:21 jakubek joined #salt
16:21 zach_ joined #salt
16:21 blast_hardcheese joined #salt
16:21 kamyl_ joined #salt
16:21 smccarthy joined #salt
16:21 esogas` joined #salt
16:21 ckao joined #salt
16:21 rojem joined #salt
16:21 quickdry21 joined #salt
16:21 cro_ joined #salt
16:21 bhosmer joined #salt
16:21 fishpen01 joined #salt
16:21 cryptomnesia_ joined #salt
16:21 Balu__ joined #salt
16:21 AdamSewell joined #salt
16:21 z3uS joined #salt
16:21 fxdgear_ joined #salt
16:21 Bosse_ joined #salt
16:21 jefferai_gone joined #salt
16:21 imil_ joined #salt
16:21 Kraln- joined #salt
16:21 pcarrier joined #salt
16:21 JasonG_TA joined #salt
16:21 whiskybar joined #salt
16:21 pmrowla joined #salt
16:21 Jahkeup joined #salt
16:21 seanz joined #salt
16:21 [vaelen] joined #salt
16:21 pnl joined #salt
16:21 MTecknology joined #salt
16:21 nliadm joined #salt
16:21 chutzpah joined #salt
16:21 dpac|away joined #salt
16:21 echos joined #salt
16:21 xt joined #salt
16:21 honestly joined #salt
16:21 Gifflen joined #salt
16:21 \ask joined #salt
16:21 dvogt joined #salt
16:21 Nazca__ joined #salt
16:21 sroegner joined #salt
16:21 mpanetta joined #salt
16:21 Furao joined #salt
16:21 Guest74111 joined #salt
16:21 mhayden joined #salt
16:21 jasonrm joined #salt
16:21 tzero joined #salt
16:21 xinkeT joined #salt
16:21 fivethreeo joined #salt
16:21 schristensen joined #salt
16:21 shadowsun joined #salt
16:21 lv_ joined #salt
16:21 sirtaj joined #salt
16:21 copelco__ joined #salt
16:21 abele joined #salt
16:21 PoLuX joined #salt
16:21 mau_ joined #salt
16:21 ahale joined #salt
16:21 kyusan_ joined #salt
16:21 Linuturk joined #salt
16:21 EntropyWorks joined #salt
16:21 chitown joined #salt
16:21 indymike joined #salt
16:21 nocturn00 joined #salt
16:21 steveoliver joined #salt
16:21 rope_ joined #salt
16:21 Striki joined #salt
16:21 AlcariTheMad joined #salt
16:21 eliasp joined #salt
16:21 whiteinge joined #salt
16:21 dcmorton joined #salt
16:21 bigmstone joined #salt
16:21 jfalco joined #salt
16:21 jeffrubic joined #salt
16:21 dcolish joined #salt
16:21 EWDurbin joined #salt
16:21 renoirb joined #salt
16:21 b-jazz joined #salt
16:21 sashka_ua joined #salt
16:21 twiedenbein joined #salt
16:21 totte joined #salt
16:21 andrej joined #salt
16:21 nn0101 joined #salt
16:21 jeblair joined #salt
16:21 emilisto joined #salt
16:21 djinni` joined #salt
16:21 alexandrel joined #salt
16:21 eightyeight joined #salt
16:21 lahwran joined #salt
16:21 cwright joined #salt
16:21 kevinbrolly joined #salt
16:21 akoumjian joined #salt
16:21 utahcon joined #salt
16:21 aurigus joined #salt
16:22 ClausA joined #salt
16:22 cdk joined #salt
16:23 Marion joined #salt
16:23 jperras joined #salt
16:23 Ixan joined #salt
16:23 Ixan joined #salt
16:23 1JTABHCUM joined #salt
16:23 beardo__ joined #salt
16:23 vbabiy_ joined #salt
16:23 ede joined #salt
16:23 lahwran joined #salt
16:24 cdk if I have a state "foo: file.managed.name: foo" can I access the name field of the foo state in another state? Something like this "bar: file.managed.defaults: FOO: foo.name"
16:24 Kraln joined #salt
16:24 Daviey joined #salt
16:25 mtaylor joined #salt
16:25 kermit joined #salt
16:25 bawnzai_ joined #salt
16:25 racooper_ joined #salt
16:26 jergerber joined #salt
16:26 pmrowla joined #salt
16:26 honestly joined #salt
16:26 brutasse_ joined #salt
16:27 marcel- joined #salt
16:27 vmdsch joined #salt
16:27 Ryan_Lane joined #salt
16:27 penguin_dan joined #salt
16:27 tyler-baker joined #salt
16:28 kermit joined #salt
16:28 rjc joined #salt
16:28 doki_pen joined #salt
16:29 aarontc joined #salt
16:31 Marion__ joined #salt
16:32 zloidemon joined #salt
16:32 racooper joined #salt
16:32 cachedout joined #salt
16:32 vbabiy_ joined #salt
16:33 joelperras joined #salt
16:33 tseNkiN joined #salt
16:33 honestly_ joined #salt
16:34 Kraln- joined #salt
16:36 doki_pen joined #salt
16:36 Kraln- joined #salt
16:38 mgw joined #salt
16:38 vmdsch joined #salt
16:38 opapo joined #salt
16:39 dstanek joined #salt
16:40 Ixan joined #salt
16:42 kermit joined #salt
16:47 mackstick joined #salt
16:48 scoates 'morning
16:51 cachedout joined #salt
16:54 higgs001 joined #salt
16:55 cachedout joined #salt
16:57 davet joined #salt
16:58 byte-syze joined #salt
16:58 micw is "saltmine" what i need e.g. to collect all minons with role "backup client" on a minion with role "backup server"?
16:58 nebuchadnezzar good evening, I have a question about some pillar layout best practice, I want to have some kind inheritance, a minion request pillar.get("foo") and the result should come from: 1) minion pillar if defined, 2) minion domain pillar if defined, 3) a default value
16:58 junedm joined #salt
16:58 nebuchadnezzar the idea is to define common values for every hosts in a DNS domain, and override per minion if necessary
16:59 jrdx joined #salt
16:59 nebuchadnezzar I do not see how to layout my pillar
16:59 nebuchadnezzar any hints?
17:00 jcsp joined #salt
17:00 Sheco joined #salt
17:01 cachedout joined #salt
17:01 bbinet joined #salt
17:01 scoates in Pillar's `include`, when specifying a `key`, is there a way for me to specify a key deeper than the top level of the structure? ie, I'd like to specify `vpn.client` (but if I try that, I get the literal string)
17:02 MTecknology I have servers that are named  server.XXXX.domain.tld where XXXX is a four digit number. If the first digit is not zero, I have no issues. If, however, the XXXX is 0010, then this {{ grains['id'].split('.')[1] }} (or in my template where I use {{center}} get's truncated to 10. 0010 != 10 and this is causing issues for me. How can I fix that?
17:02 nebuchadnezzar salt['pillar.get']('vpn:client') http://docs.saltstack.com/topics/pillar/index.html#pillar-get-function
17:03 scoates nebuchadnezzar: I don't mean in get. I mean in include (when I'm declaring pillar data)
17:04 gmoro_ joined #salt
17:04 nebuchadnezzar MTecknology: it may be related to YAML idiosyncrasies http://docs.saltstack.com/topics/troubleshooting/yaml_idiosyncrasies.html#integers-are-parsed-as-integers ?
17:04 Veticus joined #salt
17:05 Veticus joined #salt
17:05 bemehow joined #salt
17:07 nebuchadnezzar scoates: sorry, I and did not read correctly and I'm quite new to salt, you mean including a file from a subdirectory? maybe “include vpn/client” ?
17:07 nebuchadnezzar scoates: no, that's a point: http://docs.saltstack.com/ref/states/highstate.html#include-declaration
17:07 scoates nebuchadnezzar: that'd be include: vpn.client , but no. I mean key assignment. http://salt.readthedocs.org/en/latest/topics/pillar/#including-other-pillars
17:08 nebuchadnezzar erf
17:08 nebuchadnezzar thanks for the link
17:08 scoates nebuchadnezzar: and that's for states, not pillar
17:08 scoates (the one you sent)
17:08 KyleG joined #salt
17:08 KyleG joined #salt
17:08 troyready joined #salt
17:08 MTecknology nebuchadnezzar: that was exactly it - thanks
17:08 nebuchadnezzar scoates: ok, now I see
17:09 matanya joined #salt
17:09 UtahDave joined #salt
17:09 sinh joined #salt
17:12 bitz joined #salt
17:13 jdenning joined #salt
17:14 chjohnst_work joined #salt
17:15 abe_music joined #salt
17:16 abe_music What would cause "The function "state.sls" is running as PID 12636 and was started at 2013, Dec 16 16:23:45.254504 with jid 20131216162345254504" when using the overstate system? It appears that the first stage doesn't completely finish before moving on to the second stage.
17:17 vmdsch joined #salt
17:17 Iwirada left #salt
17:18 UtahDave abe_music: what version of Salt are you running on?
17:19 abe_music UtahDave: don't get mad, but i'm on the develop branch...we had to :-/
17:19 UtahDave :)
17:19 abe_music you should know my MO by now :)
17:19 UtahDave lol,  I do the same thing.
17:19 abe_music we like to live dangerously...and then ask tons of irrelevant questions later haha
17:20 Ahlee lol
17:20 UtahDave cachedout: hey, does that look familiar to you? ^^
17:20 cachedout UtahDave: The overstate question?
17:21 cachedout abe_music: What Salt version?
17:21 abe_music cachedout: develop branch hash = f5810fdc79a6a51c06f20c631ee2ffe4ae7bd2ef
17:21 Ahlee so running salt '*' state.sls env=UAT foo.bar, i'm getting Comment:   Unable to cache script salt://foo/file_in_bar from env 'None'
17:21 Ahlee UAT is a branch in the gitfs file systems
17:22 JasonSwindle UtahDave:  Howdy!
17:22 diegows joined #salt
17:22 cachedout abe_music: I was looking at the overstate system on Friday and I suspect some bugs might have been introduced. If you want to PM me, I can give you some things to try.
17:22 abe_music cachedout: awesome thanks
17:22 MrTango joined #salt
17:25 jcsp joined #salt
17:25 UtahDave cachedout: yeah
17:29 dvl joined #salt
17:29 shinylasers joined #salt
17:30 shinylasers joined #salt
17:31 jalbretsen joined #salt
17:33 UtahDave joined #salt
17:36 zloidemon Hello
17:37 TheRealBill_ joined #salt
17:38 UtahDave hey, zloidemon
17:47 jasg75 joined #salt
17:49 [diecast] joined #salt
17:52 matanya joined #salt
17:54 frosty996 joined #salt
17:55 druonysus joined #salt
17:56 backjlack joined #salt
17:58 y0j joined #salt
17:59 majoh joined #salt
18:01 dfinn1 joined #salt
18:01 rofl____ joined #salt
18:01 dvogt joined #salt
18:01 dfinn1 is there a salt command that can be run from the master to quickly copy files from the master to the minions?
18:02 vejdmn joined #salt
18:03 UtahDave dfinn1: cp.get_file   http://docs.saltstack.com/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file
18:03 dfinn1 thanks!  puppet broke some servers, I think I'll be able to use salt to quickly fix them ;)
18:03 rgarcia_ joined #salt
18:04 UtahDave dfinn1: or you could use a file.recurse state.     http://docs.saltstack.com/ref/states/all/salt.states.file.html#salt.states.file.recurse
18:04 UtahDave :)  cool. Let me know if you need any help, dfinn1
18:04 dfinn1 i'm just looking for a quick way to do it on the command line, I think the first should work
18:07 meteorfox joined #salt
18:07 [diecast] joined #salt
18:07 iMil joined #salt
18:08 ml_1 joined #salt
18:08 druonysuse joined #salt
18:09 meteorfox basepi: Hi, I'm trying to deploy 6 VMs across three regions in Rackspace (2 per region), using salt-cloud. When I use the parallel flag, it fails to ssh and bootstrap the minions, but if I do it serially it works fine. Any ideas?
18:10 forresta joined #salt
18:10 meteorfox forresta: Hey, I'm trying to deploy 6 VMs across three regions in Rackspace (2 per region), using salt-cloud. When I use the parallel flag, it fails to ssh and bootstrap the minions, but if I do it serially it works fine. Any ideas?
18:10 basepi meteorfox: what version?
18:11 meteorfox basepi: salt 0.17.0-5810-g781bfe2
18:12 basepi you just have salt installed, right?  none of the old salt-cloud packages installed?
18:13 KyleG left #salt
18:13 Corey Salt-bootstrap apparently doens't work properly in OS X.
18:13 forresta meteorfox, I'm not super great with salt-cloud since I don't use it much, but is there a chance that trying to open too many connections at the same time is causing an issue? What happens when you strace the process? Can you confirm that you're seeing the calls out?
18:14 Gareth ahoy
18:14 basepi people have also had issues with parallel mode if your machine isn't powerful enough.  memory constraints, etc
18:15 forresta Corey, yea I don't think support exists for it: https://github.com/saltstack/salt-bootstrap/blob/develop/bootstrap-salt.sh#L634 (though I could be missing it somewhere)
18:15 forresta hey Gareth
18:15 forresta no wave?
18:15 meteorfox forresta: Well, using -l debug, for each VM it tries to ssh, using the password, it tries 15 times, and gives up
18:15 basepi (apparently -- I'm talking to Joseph, I'm not a salt-cloud expert)
18:15 * Gareth waves at forresta
18:15 joshe joined #salt
18:15 forresta heh
18:15 forresta basepi, but is 6 machines considered a lot?
18:15 forresta doesn't seem like it should be a concern
18:16 basepi forresta: i wouldn't think so.  but i guess it depends on how many it's doing in parallel
18:16 forresta fair enough
18:16 giantlock joined #salt
18:16 Whissi Is https://groups.google.com/d/msg/salt-users/CgAjdk1l_7M/tygfYX7yqlEJ still state of the art (the way to provide host specific states/pillar)?
18:16 basepi Joseph says it depends on the server you're executing from -- he wouldn't do it on a micro instance, for example.
18:17 meteorfox forresta: since not all the vms start at the same time, I think that there's mostly 2-3 connection in parallel
18:17 forresta meteorfox, hmm, there's nothing on the rackspace side that would flip out over a bunch of connections right?
18:18 meteorfox forresta: I don't think so, I've opened a lot more connections than this. I'm a performance engineer here in Rackspace ;)
18:19 forresta meteorfox, yea that's why I was asking
18:19 Ahlee any theories on why if i specify a env=<git branch> on 0.17.2 it comes back with Unable to cache script salt://scripts/foo from env 'None'
18:19 forresta I honestly have no idea why that would break it, can you try as basepi suggested to scale up the instance if you're using a really small one to see if that resolves the error, then we can at least narrow down resources as a non-issue
18:20 forresta unless you're already on some beastly box
18:20 meteorfox forresta: I haven't tested it yet, but my hunch is that salt-cloud is mixing up the passwords between the vms, I can try with ssh keys.
18:20 UtahDave meteorfox: are the correct usernames and passwords being used?
18:20 forresta meteorfox, ahh yea that's a good idea. Seems weird it would screw that up, but like I said, I don't know enough about salt-cloud to say how it passes that data through :P
18:21 amckinley joined #salt
18:21 meteorfox forresta: It's not big, 1 CPU 1 GB, performance flavor, I believe should be enough.
18:21 forresta yea that seems like it should...
18:21 meteorfox UtahDave: It works serially with the same settings, only fails if I try parallel
18:21 UtahDave meteorfox: yeah, so when in parallel, is it using the correct credentials?
18:22 [diecast] joined #salt
18:22 meteorfox UtahDave: I believe so.
18:22 forresta can you try the ssh keys?
18:23 meteorfox sure
18:24 meteorfox forresta: also, parallel delete works fine
18:24 forresta weird
18:24 meteorfox forresta: that gives me confidence is not a network problem, but who knows
18:24 forresta lol yea
18:25 vmdsch joined #salt
18:25 jslatts joined #salt
18:25 vbabiy Do you have to tell salt to refresh pillar data if keys changes, I see pillar data with old and new keys
18:26 whiskybar joined #salt
18:26 forresta vbabiy, that should be getting refreshed when you run a highstate, this is the third report of that happening in the past week...
18:26 vbabiy forresta is restarting the master the best solution?
18:27 vbabiy even saltutil.refresh_pillar doesn't remove the bad data
18:27 forresta vbabiy, you shouldn't need to do that, but you can trash /var/cache/salt, then restart the master to see if that resolves it.
18:27 forresta or backup /var/cache/salt first..
18:27 vbabiy is that still true if your using gitfs?
18:27 forresta uhhh you know I'm not really sure
18:28 forresta I believe it should still be updating it, but I could be wrong
18:28 vbabiy I will let you know what I find
18:28 forresta awesome
18:28 druonysuse joined #salt
18:28 druonysuse joined #salt
18:29 vmdsch joined #salt
18:29 bhosmer joined #salt
18:30 vbabiy So removing the salt dir worked fine
18:30 vbabiy but the pillar data is still there :(
18:30 cdcalef joined #salt
18:30 vbabiy not sure how
18:30 vbabiy When I look at the checked out repo it is correct
18:30 seanz left #salt
18:31 vmdsch joined #salt
18:31 vbabiy do the minions cache it also?
18:31 forresta yes
18:31 forresta but you said you ran saltutil.refresh_pillar right?
18:32 vbabiy yeah
18:32 forresta salt '*' saltutil.refresh_pillar should have grabbed the new data
18:32 forresta on the minions
18:32 vbabiy The output I get is None for each server when I run refresh_pillar, is that correct?
18:32 rgbkrk Yeah
18:32 rgbkrk It always returns None
18:34 vbabiy Wow sorry it was me
18:34 vbabiy just found what I was doing wrong
18:34 bhosmer joined #salt
18:34 vbabiy when I moved to gitfs I didn't remove the old pillar data in the /srv/pillar
18:34 vbabiy so it was merging the data together
18:34 forresta oh that makes sense.
18:34 druonysus joined #salt
18:34 druonysus joined #salt
18:34 scooby2 joined #salt
18:34 forresta so once you trashed that and refreshed the data you were good to go?
18:35 vbabiy Yeah
18:35 forresta great
18:35 vbabiy thanks for your help forresta
18:35 forresta vbabiy, yea np, you pretty much solved it yourself!
18:37 psyl0n joined #salt
18:41 dvl joined #salt
18:42 wendall911 joined #salt
18:42 jesusaurus has anyone ever run into an issue with cache files being created with mode 600?
18:42 wendall911 left #salt
18:43 jesusaurus s/600/400
18:44 scoates I'm trying to use this: http://docs.saltstack.com/ref/states/all/salt.states.iptables.html … salt seems to be appending magic variables (`--__env__ base --__sls__ vpn`) which iptables complains about. Any ideas?
18:45 forresta scoates what does your state look like?
18:45 scoates forresta: http://paste.roguecoders.com/p/0f0cee7e3a294a1d8122b427a26f2cd7.txt
18:46 jslatts joined #salt
18:46 forresta does jinja work ok when you don't put a space between the {{ and the first character? I've never done it that way.
18:47 scoates yeah. the jinja is fine. looks like its implicitly passing __env__ and __sls__ over to the iptables module…
18:47 scoates were those "magic" vars introduced recently, maybe? and the module just doesn't know?
18:48 jcsp joined #salt
18:48 xsemen joined #salt
18:48 scoates heh https://github.com/saltstack/salt/pull/7932
18:50 forresta scoates, hmm
18:51 scoates side question: can I *override* default modules with my _modules directory? (effectively monkey-patching them)?
18:51 jesusaurus scoates: yeah, i do it
18:52 scoates interesting. that's probably a much better/smarter way to do my deploy keys patch, then, too.
18:52 jesusaurus i test my modules that way, then when im happy with them i make the changes upstream
18:53 forresta scoates, here's the only issue I see that's close to what you're encountering: https://github.com/saltstack/salt/issues/8419
18:53 forresta but this guy is on Ubuntu
18:53 scoates forresta: I linked pull/7932
18:53 forresta oh did that work?
18:53 forresta you're running a release older than that?
18:54 scoates https://github.com/saltstack/salt/blob/develop/salt/modules/iptables.py#L87 <-- not yet in master; only in develop
18:55 scoates oh. heh. that IS develop…
18:55 forresta yea was gonna say
18:55 scoates maybe it was reverted?
18:55 forresta a change from 2 months ago should be on 0.17.2
18:55 forresta no I checked
18:55 forresta it's still there
18:55 forresta https://github.com/saltstack/salt/blob/develop/salt/modules/iptables.py#L87
18:55 scoates https://github.com/saltstack/salt/commit/a9604d7f44d809a6b4e6d31a9a373b792102f8bc#diff-7503c18e1d67c491c6ee9152f1b712f4
18:55 scoates oh. _STATE_INTERNAL_KEYWORDS
18:56 forresta scoates, but it's missing here: https://github.com/saltstack/salt/blob/v0.17.2/salt/modules/iptables.py
18:56 forresta :(
18:56 forresta which seems weird
18:56 forresta since that doesn't have the state internal keyword
18:56 jesusaurus not really, branch 0.17 is a bit behind develop
18:56 forresta *s
18:56 jesusaurus you cant cherry-pick everything back
18:56 forresta this is the tag for 0.17.2
18:56 pengunix joined #salt
18:57 forresta the commit in question that fixed the error scoates was encountering is from 2 months ago
18:57 scoates yep. my installed module is for ignore in '__id__', 'fun', 'table', 'chain':
18:57 jesusaurus forresta: im pretty sure the tags come from the 0.17 branch, which was forked from develop before 0.17.0
18:57 forresta ahh fair enough
18:58 redguard joined #salt
18:58 forresta basepi, getting a bit ahead of yourself on the release notes ehh? http://docs.saltstack.com/topics/releases/0.17.4.html :P
18:58 wkf joined #salt
19:00 scoates also, I haven't submitted this as a pull request yet, because it still shows an error in the logs, but it *does* solve my deploy keys problem, if anyone would care to take a look and possibly shame me for doing things in an ugly way (-: https://github.com/fictivekin/salt/commit/4ab592f29d48a75cc11fc6c4ac21d030f6e6c5dc (feel free to ignore the inline notes)
19:04 basepi forresta: nope. It's on PyPI. =)
19:04 forresta basepi, I meant more that there were no 0.17.3 notes
19:04 forresta should have clarified
19:05 Veticus joined #salt
19:05 basepi I just reused the 0.17.3 notes for 0.17.4, since very few people picked up 3. Fast release, didn't even get on all the package managers.
19:06 forresta Gotcha that makes sense, I haven't been watching the releases that closely
19:08 meteorfox forresta: I tried the ssh keys, I can see in the debug trace that is using it but still fails. The weird thing is that I tried ssh into the VM just when salt was trying and it worked. Here's the pastebin http://pastebin.com/WRa80myi
19:09 meteorfox forresta: You can see it gives up for the instance with IP 23.253.54.48, it might be confusing, some of the others traces are interleaved in the log
19:09 forresta meteorfox, they all use the same key?
19:09 meteorfox forresta: yup
19:10 forresta and you confirmed the ssh keys work in serial?
19:10 meteorfox yes
19:10 forresta weird
19:11 meteorfox forresta: do you know where in the code forks the processes? I just want to follow it, and see if I can spot something. This is hard to debug, because you have to attach to the right process
19:12 forresta meteorfox, I don't. Can you try to reduce the number of machines you're pushing to down to a single instance?
19:12 forresta then we can see if running in 'parallel' with a single machine causes an issue
19:13 jesusaurus basepi: i think you should still have release notes for 0.17.3, even if you don't expect people to use it
19:13 jesusaurus i mean, that release still exists. there is a git tag for it
19:13 basepi jesusaurus: true. my rationale was that since so few would be on 0.17.3, i didn't want to "waste" my finely-crafted release notes there, and it seemed odd to have the exact same release notes for 0.17.3 and 0.17.4
19:13 meteorfox forresta: great idea! I'll try that. Also, I pull the latest code from the develop branch, and still the same problem, just as heads up
19:14 forresta meteorfox, good to know.
19:14 basepi jesusaurus: but i mean, i could copy them over to 0.17.3 as well
19:14 UtahDave basepi: good idea
19:14 jesusaurus that would be better than not having any for 0.17.3
19:15 basepi meh, barely.  i'll do it, by popular demand.  ;)
19:15 basepi but for the record, you shouldn't be using that release.  ;)
19:15 forresta rabble rabble
19:16 UtahDave basepi: add that to the notes.  :)
19:16 Ryan_Lane joined #salt
19:22 basepi https://github.com/saltstack/salt/pull/9296
19:25 meteorfox forresta: Still one instance, with parallel flag failed. Here's the output, http://pastebin.com/k4cDzB3P at the end of the file you can see that I was able to ssh even when salt couldn't
19:26 forresta awesome, good to see at least it appears to be an issue strictly with parallel mode, if you can find where it exists in the code, I'd say open an issue on it.
19:26 scoates is there a best practices document for deploying a salt master on a public network?
19:27 forresta scoates, there actually isn't one that I know of.
19:27 meteorfox forresta: cool. I have to grab something to eat now, but I'll investigate it further, later. Thanks for your help
19:27 forresta meteorfox, yea np, you're doing 99% of the work.
19:29 scoates should it generally be "safe" then to just put it up and manage keys manually? do I have to do something to enable ssl?
19:30 forresta scoates, well, I'd be concerned about man in the middle attacks on a public network since your minions are connecting over 4505 and 4506.
19:32 scoates suggestions, then?
19:32 forresta salt-ssh is what most people have been doing
19:32 forresta granted you won't get quite as much functionality, but it's more secure.
19:32 forresta You could try to lock down regular salt as well, I just haven't investigated it fully
19:33 scoates I'll have to do some more reading, I guess. which side initiates the SSH connection?
19:33 basepi forresta: i don't think MIM attacks are a problem on public networks, unless i missed something.....
19:33 basepi everything is encrypted
19:34 Psi-Jack Heh
19:34 scoates NSA notwithstanding (-:
19:34 Psi-Jack basepi: I was juuuuuuust responding to you. :)
19:34 cro forresta: And I just implemented additional cryptographic signing on messages published from the master as another layer.  It's in develop right now.
19:34 scoates (I don't care about that level of attack right now. I just don't want to accidentally expose my states/pillars etc)
19:35 bbinet joined #salt
19:35 basepi ya, all communication between master and minions is encrypted.  so you should be good.
19:35 basepi Psi-Jack: on which?
19:35 Psi-Jack basepi: 9262 :)
19:35 JordanRinke_afk joined #salt
19:36 rgarcia_ joined #salt
19:36 basepi Psi-Jack: you're erenfro?
19:37 forresta basepi, I was talking about more when you joined a minion to your master, if someone was spoofing you there.
19:37 Psi-Jack Yes
19:37 Psi-Jack heh
19:37 basepi forresta: right, accepting keys is the least secure part.
19:37 forresta Yep
19:37 basepi Psi-Jack: then while I've got you, let me ask you more questions, because if this is a bug i can't believe we haven't seen it before
19:37 forresta that's the only part I've come up with for people who are concerned about security really
19:37 basepi Psi-Jack: are you using any includes in any of your pillar files?
19:37 forresta so if you're cool with that scoates, go for normal salt
19:38 Psi-Jack basepi: Yeah, me neither! I was furiously pissed when I saw it, but I started to investigate it to see, because I'd seen other circumstances with others asking for help here, so I went in deep to investigate and found it.
19:38 Psi-Jack basepi: Negative. No includes in pillars.
19:38 scoates ah. that's how we manage puppet now. (we know when people are establishing new connections, so the opportunity window is pretty small).
19:38 forresta scoates, fair enough then
19:39 basepi Psi-Jack: hrm.....is it possibly a caching issue?  did a reference to the dev version of salt.grains exist previously?
19:39 Psi-Jack I have cleared pillar caches as need-be, but no. Not a caching issue.
19:39 Psi-Jack I am solid on that, fully.
19:40 Psi-Jack I've replicated this in a VM infrastructure.
19:40 Psi-Jack Clean.
19:40 scoates forresta: thanks
19:40 forresta scoates, np. Good thing basepi came in to save you from using salt-ssh when you didn't have to!
19:40 basepi Psi-Jack: cool
19:41 Psi-Jack heh
19:41 basepi forresta: HA!  ya, salt-ssh *definitely* deserves the alpha warning we have at the top of the docs
19:41 Psi-Jack Yeah, I was surprised.
19:41 basepi forresta: needs some work, for sure.
19:41 forresta basepi, I don't mean it in that sense, it just isn't as flexible as normal salt
19:41 forresta salt-ssh is pretty awesome thus far for having as much functionality as it does.
19:41 basepi forresta: sure.  it also has its share of bugs
19:41 forresta yea
19:42 basepi Psi-Jack: well......i guess you've convinced me it's a bug.  now to find time to set up a test environment.....  =\
19:42 Psi-Jack heh
19:42 Psi-Jack basepi: Was even more interesting.
19:42 JordanRinke_afk joined #salt
19:42 Psi-Jack When defining dev in top.sls but putting no pillar states to load. NO states were loading anymore.
19:43 oc joined #salt
19:44 basepi So you're saying with dev defined but with no states defined underneath it, nothing loads?  It probably suppresses a yaml warning or something, we should probably fix that
19:44 oc I have a pillar (dict) like foo: with a key /key: http://val
19:44 meteorfox joined #salt
19:44 oc I keep getting ""found unknown escape character %r" % ch.encode('utf-8'), self.get_mark())"
19:45 oc ScannerError: while scanning a double-quoted scalar
19:45 oc in "<unicode string>", line 140, column 260:
19:45 Psi-Jack basepi: Hmmm, possibly, but literally so far, caused all states (not pillars, states), to not do anything anymore. Which I found kinda wierd.
19:46 oc ... foo': '{\'/bar\': "{\'baz\': \'http:// ...
19:46 Psi-Jack Hosts would respond, but states that should run every highstate hit, didn't.
19:46 oc This pillar used to work perfectly
19:47 oc I suspect it having to do with the prefix / in the key... however I can't seem to find a way to escape it
19:47 oc suggestions?
19:49 basepi Psi-Jack: can you gist an example?  want to make sure i'm understanding
19:50 oc two secs
19:50 basepi oc: anything change in that pillar recently?  sounds like it probably got a bad char somehow
19:50 oc came after i upgraded from 0.16 to salt 0.17.1
19:50 Psi-Jack basepi: Yeah, I'll do that in a bit. ABout to be in a meeting.
19:51 basepi Psi-Jack: no hurry
19:51 Psi-Jack basepi: I'll ammend it more on what's here to point out what we've discussed thus far, and point out that one with an example state that I use that runs every hightstate, a simple date > file state that stopps working when dev:  is in the top.sls without any definition.
19:54 oc https://gist.github.com/oc/7993252
19:55 oc any suggestions why the location_proxy should suddenly not parse anymore? :~
19:55 oc (deep dict)
20:04 basepi oc: definitely doesn't seem like that would cause problems
20:04 basepi and the weird part is how deep in the YAML calls it is -- leads me to believe it's not a salt issue but rather a yaml issue
20:05 oc basepi: this used to work fine:~
20:05 JordanRinke_afk joined #salt
20:05 basepi oc: i understand, but i can't imagine what could have changed in salt in that time that could cause YAML to stacktrace deep in its depths
20:05 abe_music UtahDave: that issue i was working through with cachedout didn't get anywhere, but i filed this ticket: https://github.com/saltstack/salt/issues/9297
20:05 basepi oc: wondering if maybe you upgrade YAML recently as well, maybe?
20:06 abe_music UtahDave: i'm wondering how stabile the overstate system is at this point for orchestrating large clusters
20:07 jcsp joined #salt
20:07 oc basepi: which v of pyyaml (debian: python-yaml) is suggested?
20:08 basepi oc: i can't think of any specific incompatibilities that we've found -- but perhaps you just found one, I'm not sure
20:10 UtahDave abe_music: I'm not sure. How large of a cluster are you talking about?
20:10 basepi oc: maybe shove it through a YAML syntax checker, just to make sure?  if you remove that bad line, does it start working?  sometimes YAML doesn't always point to the correct failure point in the string
20:10 oc basepi: it passes all yaml checkers
20:10 abe_music UtahDave: only 50 nodes at this point....we'll probably top out around 300 if all goes well
20:11 UtahDave abe_music: yeah, that shouldn't be a problem.
20:11 basepi oc: really weird......can you file an issue on github?  i don't have any time at the moment to do more in-depth investigation, but don't want to forget about it.
20:12 jesusaurus oc: out of curiosity, what yaml checkers do you use?
20:15 cdk I'm using file.recurse to copy a directory to a minion. That directory contains a file that I want to template using jinja, what's the best way to do this?
20:16 meteorfox joined #salt
20:16 JordanRinke_afk joined #salt
20:16 oc i tried ruby yajl, pyyaml (v3.10 on mac) and snakeyaml now
20:17 forresta cdk, pretty sure you can just set the template variable equal to jinja and you'll be good
20:17 cdk forresta: will that try to template every file in the directory? I'd like to be more specific if possible
20:18 forresta it should only take effect for files which you're using jinja in
20:18 oc really weird thing; if i python (repl) -> print yaml.load(open('init.sls', 'r'))
20:18 oc that prints out fine
20:20 kermit joined #salt
20:21 forresta cdk, the template option just specifies what templating engine you are using
20:23 pmrowla joined #salt
20:25 pengunix joined #salt
20:25 UtahDave cdk: if you specify - template: jinja   with a file.recurse it will search every single file for jinja to evaluate
20:26 UtahDave cdk: it's pretty fast, so if it's only a handful of files, then that shouldn't be a problem.
20:26 forresta UtahDave, right but it won't negatively impact his other files.
20:26 forresta Maybe I misunderstood the previous question
20:26 UtahDave cdk: if it's a lot of files, then I would not use template: jinja on the file.recurse and have a file.managed that happens after the file.recurse that templatizes that one particular file
20:26 cachedout joined #salt
20:26 cdk UtahDave: my directory is not very large, but I'm just hesitant to use a sledgehammer when I'd really just like a scapel
20:27 UtahDave either of those 2 options should work fine for you, then.
20:27 JordanRinke_afk joined #salt
20:27 cdk can I use file.managed after the file.recurse, even if the file is already "managed" by the file.recurse?
20:27 jeddi joined #salt
20:27 UtahDave cdk: yes
20:27 cdk okay, I think I'll try that then. thanks
20:30 oc I fixed the error by upgrading to 0.17.2
20:30 oc :~
20:30 jpcw joined #salt
20:30 forresta oc, woooooo
20:33 terminalmage anyone have an ARM device onto which they can install Fedora or another RedHat-based spin?
20:33 JordanRinke_afk joined #salt
20:34 terminalmage Element14 is taking their sweet time shipping me a beaglebone black
20:34 terminalmage and I'd like to see if others can test a commit I just submitted as a pull req
20:38 oc omg
20:39 Psi-Jack oc: Yes, my son?
20:39 oc why doesn't the jinja renderer report which missing variables? fC!
20:39 oc Comment:   Undefined jinja variable; line 372 in template (is of little help, as the line number is wrong!) :(
20:39 Psi-Jack heh
20:39 Psi-Jack 372 being the last line of the file, I presume.
20:40 oc the template is only 230 lines :~
20:40 Psi-Jack Generally means some kind of parsing error somewhere, I've seen salt do that a lot.
20:40 oc well, the obvious thing would be to print the stack trace, is there an option for that?
20:46 dvl joined #salt
20:46 vahidden joined #salt
20:49 Gareth terminalmage: I can reinstall one of my Pi's with Fedora at some point.  but won't be for a bit.
20:50 terminalmage Gareth: I just realized I have a spare Pi, so it will probably not be necessary
20:50 terminalmage but thanks!
20:50 terminalmage I just need to find an SD card somewhere in the house....
20:51 Gareth no worries.
20:51 KyleG joined #salt
20:51 KyleG joined #salt
20:51 terminalmage wonder if my wife would notice if I took the one from her digital camera, made a backup of it using dd, then restore it later....
20:51 terminalmage hehehe
20:52 Gareth covert mission.
20:52 Gareth if you do that...You HAVE to hum the mission impossible theme the whole time.
20:54 terminalmage lol, duly noted
20:54 terminalmage the jig is up in another 90 mins when she gets home though, if I am not finished
20:55 terminalmage ahh, we have an SD card in the camcorder
20:55 terminalmage sweet
20:56 Corey terminalmage's wife is lovely.
20:56 Corey And she will shatter every bone in his body if he screws it up. :-)
20:57 dwfreed joined #salt
20:57 terminalmage haha
20:57 dwfreed Corey: hi
20:58 Corey dwfreed: Helo.
20:58 bhosmer joined #salt
20:58 terminalmage Corey: Well, dd is safe, right? It's not like it's nicknamed "disk destroyer" or anything like that... ;)
20:58 forresta heh
20:59 Corey terminalmage: Just brought that up a few minutes ago in Tom's training during a break. "Oh, salt has modules that'll repartition disks. THat's only moderately horrifying..."
20:59 terminalmage hahaha
20:59 terminalmage that's what backups are for, right? :)
21:02 Corey terminalmage: brb restoring 2000 servers because I fatfingered a state.
21:02 _ikke_ wait, wut
21:02 forresta Corey you're in training? I thought you were a consultant
21:02 _ikke_ 2k servers?
21:03 terminalmage Corey: hehehe
21:03 Corey forresta: I am a consultant.
21:03 dwfreed forresta: consultants never stop learning
21:03 dwfreed nobody should ever stop learning
21:03 Corey _ikke_: I was making a joke. :-)
21:03 forresta dwfreed, oh yea I don't disagree. Was just confused there for a second
21:03 backjlack joined #salt
21:03 Corey forresta: I work for a company that's ~400 consultants or so. I sorta kinda thumbtwisted SaltStack into doing a training for us.
21:03 jcsp joined #salt
21:03 forresta Corey, ahh nice
21:04 Corey forresta: And then they sent out Tom to pay for his sins.
21:04 forresta lol
21:05 ConceitedCode joined #salt
21:05 * _ikke_ creeps back under rock
21:06 cewood joined #salt
21:10 JasonSwindle forresta:  Training for all!
21:10 forresta JasonSwindle, yea man
21:10 JasonSwindle I am hoping to do some training soon as well
21:11 forresta for what?
21:12 JasonSwindle SaltStack
21:12 JasonSwindle and Python
21:12 forresta nice
21:12 JasonSwindle Odd, I have a Linux + uWSGI + Django + Logstash / Kibana + Postgres stack
21:12 forresta JasonSwindle, are you gonna come to pycon?
21:12 JasonSwindle If I can get someone to pay for it.
21:13 forresta pssssssssh
21:13 jcockhren JasonSwindle++
21:13 forresta just dig into your deep pockets, problem solved
21:13 JasonSwindle Most likely not in the budget
21:13 forresta I looked at it, and if you split the hotel cost, I was able to get there for around a grand.
21:13 forresta doesn't help it's in Canada.
21:13 jcockhren welp
21:14 JasonSwindle Yeah, good think I have my passport.
21:14 JasonSwindle *thing
21:14 forresta I just wish it wasn't so far.
21:16 jdenning_ joined #salt
21:18 Whissi I want to use the "grains[id]" as state file name to include minion specific states, but I guess I have a problem (specified SLS 'hosts.foo.example.org' in environment 'base' is not available on the salt master), because the ID is a FQDN and the dots are treated like subfolder?
21:21 Whissi top.sls: http://pastebin.com/raw.php?i=vvPzUk5e
21:22 JasonSwindle Whissi:  I did something like this....
21:22 JasonSwindle Whissi: http://pastebin.com/raw.php?i=e3CtuZyR
21:23 zandy joined #salt
21:23 JasonSwindle Not the same, but works great.
21:23 JasonSwindle and I set the node_type grain in SaltCloud on build, so it can never be changed
21:24 Whissi So you introduced an ID replacement so you don't run into the dot problem, right?
21:25 JasonSwindle I was using JINJA like this in other places, so I just used it here
21:25 JasonSwindle Never really ran into a dot issue.
21:26 rgarcia_ joined #salt
21:29 Whissi Mh... maybe I'll find another way to use the ID value. But thank you for sharing your solution, JasonSwindle.
21:29 JasonSwindle Any time! :)
21:29 JasonSwindle JINJA is pretty awesome, but if you find a better way; do share. :)
21:30 KyleG1 joined #salt
21:31 KyleG joined #salt
21:32 oc how do i print jinja debug when running salt highstate?
21:32 oc Jinja2: 2.6
21:32 rgarcia_ joined #salt
21:33 oc with the dreaded: Comment:   Undefined jinja variable; line 372 in template"
21:33 oc (there is no line 372)
21:36 davet joined #salt
21:40 KyleG joined #salt
21:40 KyleG joined #salt
21:43 jimallman joined #salt
21:49 JasonSwindle oc:  Do you have the full error?
21:51 oc I wish....
21:51 oc that's what I wish to accomplish ;)
21:51 mpanetta Does salt have a restful API?
21:51 oc i.e. print the exception
21:52 JasonSwindle mpanetta:  Yes
21:52 mpanetta Is it part of halite?
21:52 JasonSwindle https://github.com/saltstack/salt-api
21:52 oc JasonSwindle: all i get is "2013-12-16 22:49:09,376 [salt.state                                  ][ERROR   ] Undefined jinja variable; line 372 in template
21:52 mpanetta Oh thanks :)
21:52 JasonSwindle http://salt-api.readthedocs.org/en/latest/
21:52 JasonSwindle Halite uses the API, if I remember right
21:52 JasonSwindle oc:  Sounds like it is time to run in full debug mode?
21:52 whiteinge mpanetta: halite doesn't use salt-api
21:53 mpanetta Oh halote uses the direct API
21:53 whiteinge halite wanted the ability to be not backward-compat so it has it's own interface
21:53 JasonSwindle And whiteinge shows up. :)
21:53 * whiteinge whooshes his cape
21:53 zandy joined #salt
21:54 mpanetta whiteinge: what does halite expose, if anything in terms of api?
21:55 whiteinge it doesn't
21:55 mpanetta Ah ok
21:55 oc JasonSwindle: well, it is in debug mode
21:55 oc unless there is another way than salt-minion -l debug that i'm unaware of?
21:56 _ikke_ oc: in the config files, but it does the same as -l debug
21:57 oc shrug
21:57 * oc goes to sleep
21:57 oc maybe fresh eyes tomorrow will spot the obvious
22:06 mirko_ joined #salt
22:12 Nazzy_ so anyone know which process the returners run in? minion, master or client?
22:13 sroegner joined #salt
22:14 higgs001 joined #salt
22:14 psyl0n joined #salt
22:14 whiteinge returners get run from each minion
22:15 Nazzy_ rats, I though that was the case ... would be nicer if they ran on the master
22:15 diegows joined #salt
22:15 whiteinge iirc, one of them does get routed through the master...
22:15 * whiteinge looks
22:16 sroegner_ joined #salt
22:17 younqcass joined #salt
22:18 psyl0n_ joined #salt
22:19 whiteinge Nazzy_: i know i've heard of one that uses zmq to queue the returns and goes through the master. looks like it isn't in salt core though
22:20 whiteinge sorry, wish i could remember where i heard of it. mailing list or something :-P
22:22 forresta Man whiteinge, I thought you knew better than that, NEVER wear a cape, this is super hero 101, jeez...
22:25 whiteinge :D
22:28 Nazzy_ I could probably write such a thing, it would just have been nice to have it built in heh
22:30 amckinley joined #salt
22:30 jfzhu_us joined #salt
22:35 zandy joined #salt
22:38 whiteinge Nazzy_: might be worth running past the mailing list. this question has come up a couple times before
22:40 sdh_ joined #salt
22:43 jergerber joined #salt
22:46 diegows joined #salt
22:46 ajw0100 joined #salt
22:48 Nazzy_ whiteinge, I'll try and grab a dev when I get home mid week
23:00 ChrisCook joined #salt
23:03 _ikke_ joined #salt
23:04 sroegner_ joined #salt
23:05 sroegner_ joined #salt
23:08 logix812 joined #salt
23:08 gadams999 joined #salt
23:09 bt joined #salt
23:14 xmltok_ joined #salt
23:15 ConceitedCode joined #salt
23:24 ChrisCook new to salt, but have a working CLI environment; I'm trying to get halite working but I'm getting "Authentication failure of type "eauth" occurred." logged from the master when trying to log in. Where can I look for more detail on why this error has occurred?
23:24 forresta ChrisCook, did you configure it for the root user?
23:24 forresta when you set up the auth section?
23:25 shinylasers joined #salt
23:25 ajw0100 joined #salt
23:25 forresta I assume you are going through: docs.saltstack.com/topics/tutorials/halite.html ?
23:25 ChrisCook no I set it up as a regular pam user
23:26 forresta anything more useful in the halite logs?
23:27 jdenning joined #salt
23:29 ChrisCook halite specific logs? don't see any, or don't know where to look.
23:29 forresta are they not in /var/log? I can't remember.
23:30 forresta ChrisCook, they should be in /var/log/salt/master
23:30 forresta if you tail -f that when you try to log in, does it provide any additional details?
23:31 ChrisCook I launched server_bottle  with debug level logging but nothing comes to the console after startup .. salt/master doesn't show anything halite specific
23:32 forresta but you're able to view the gui?
23:33 ChrisCook then I try to log in I get these two  lines:
23:33 ChrisCook 2013-12-16 15:32:54,724 [salt.master                                 ][INFO    ] Clear payload received with command mk_token
23:33 ChrisCook 2013-12-16 15:32:57,413 [salt.master                                 ][WARNING ] Authentication failure of type "eauth" occurred.
23:34 forresta This is when you're on the webpage trying to log in right?
23:34 bezaban is salt a sane way to do package management?
23:35 bezaban ie sudo salt -N debian cmd.run apt-get update && apt-get -y upgrade ?
23:35 bezaban seems hazardous
23:35 zandy joined #salt
23:35 forresta bezaban, you can use it to do that, but I imagine most people are going to recommend you make a unique state that exists for that exact purpose, and isn't part of your normal runs, and is run manually
23:36 oz_akan_ joined #salt
23:36 bezaban I am still having problems grouping hosts
23:36 ChrisCook forresta:  yes the 8080:/app/console page
23:36 forresta ChrisCook, yea, hmm
23:36 bezaban group by distrib/role/subnet/what?
23:36 forresta totally depends on your setup bezaban
23:37 forresta ChrisCook, what does the external_auth: section look like in your master conf?
23:37 bezaban forresta: yeah, guess it's there. most of my nodegroups are subnet/os/prod/test/role
23:37 bezaban but net is a mess anyway
23:38 bezaban can grab some metadata from hostname (zone/role) but meh, a mess
23:38 alunduil joined #salt
23:39 bezaban got different distributions and os in various security zones in test and production in differnent roles
23:40 bezaban ph and development and managment machines
23:40 bezaban all hail organic growth
23:40 forresta bezaban, yea, you might have to get clever
23:40 JasonSwindle joined #salt
23:41 bezaban not to mention that people have messed up the naming
23:41 bezaban but if we ignore that. Is there a way to get minions to re-generate keys?
23:41 oz_akan_ joined #salt
23:42 ChrisCook forresta:  external_auth:
23:42 ChrisCook pam:
23:42 ChrisCook ccook:
23:42 ChrisCook - .*
23:42 ChrisCook - '@runner'
23:42 ChrisCook - '@wheel'
23:42 bezaban got a lot of .local machines etc. and key names are messing up my nodegroup naming schemes
23:42 forresta bezaban, yea --gen-keys: http://docs.saltstack.com/ref/cli/salt-key.html#cmdoption-salt-key--gen-keys
23:42 bezaban forresta: lovely!
23:42 forresta ChrisCook, and you restarted the master service?
23:43 xmltok_ is it possible to include pillar data in a formula repo, or should i just make some kind of variables file and include that?
23:43 ChrisCook forresta:  many times ;)
23:44 forresta xmltok_, there's usually an example pillar in with the formulas.
23:44 forresta xmltok_, are you looking at https://github.com/saltstack-formulas ?
23:44 bezaban forresta: a flag to salt-key?
23:44 xmltok_ forresta: right, but i dont want to have to add another git repo to my master configuration for a new set of configuration variables. especially when the data is things like sysctl settings and not authentication/private info
23:45 bezaban will that re-gen keys for a host based on default key gen?
23:45 xmltok_ i guess i can just put those configurations in the top of my .sls like a bunch of constants
23:45 forresta xmltok_, well, what I do is make my repos for those sorts of things include the directories, then I check it all out to /srv. Might not be the 'best' way though
23:45 forresta bezaban, I'm not sure.
23:46 bezaban forresta: ok. I will test, but thanks
23:46 forresta pass_by_value, are you around?
23:46 forresta bezaban, np, let me know what happens
23:46 bezaban forresta: trying to incorporate a horribly managed network into something that will work
23:47 forresta I understand
23:47 pass_by_value yes, I am on a google hangout but I am here
23:47 bezaban systems are ranging from ubuntu 6.06 to centos 5 to who knows what
23:48 __number5__ ubuntu 6.06? really?
23:48 xmltok_ man i also wish gitfs took a github parameter where you could use wildcards like github: /myaccount/*-formulas.git
23:48 forresta ChrisCook, has gone through the tutorial for halite: http://docs.saltstack.com/topics/tutorials/halite.html but he's getting eauth authentication failure errors, did you guys change anything with how the master config needs to be configured since I wrote up those docs a few months back?
23:48 bezaban __number5__: that's why I'm here, but argh
23:48 forresta pass_by_value ^
23:49 bezaban some person along the way thought 'linux just works'
23:49 pass_by_value We did not change that file forresta.
23:49 pass_by_value s/file/functionality
23:50 forresta pass_by_value, hmm ok thanks
23:50 pass_by_value are there any errors on the logger?
23:51 forresta he's getting:  2013-12-16 15:32:54,724 [salt.master                                 ][INFO    ] Clear payload received with command mk_token
23:51 forresta and then the eauth error
23:51 xmltok_ forresta: so you would use the git state to check out your pillar to /srv/_pillar or something like that?
23:51 forresta xmltok_, I didn't know you were using gitfs, I thought you meant just general checkouts
23:51 pass_by_value is he able to ssh thatuser@thatmachine ?
23:51 xmltok_ yeah i am using gitfs
23:52 forresta pass_by_value, I hope so, I believe he's logged in as that user now on the master, ChrisCook, can you confirm?
23:52 forresta xmltok_, yea then my suggestion is worthless :P
23:52 xmltok_ i could keep my pillar data in the repo for that formula and just copy the directory to /srv/_pillar i guess
23:52 ChrisCook pass_by_value:  forresta correct..
23:52 forresta xmltok_, I think your best bet is to use http://docs.saltstack.com/ref/pillar/all/salt.pillar.git_pillar.html
23:53 whiteinge ChrisCook: what HTTP status code are you getting back after a failed login?
23:53 xmltok_ forresta, i think if i do that then i need to set up another repo for just the pillar data for just that formula
23:53 xmltok_ actually im not totally sure, its like pillars are the wrong solution for what i am doing anyway
23:54 xmltok_ what i need is the 'metadata' type directory like you get with chef cookbooks
23:54 forresta xmltok_, well, let's explore what you're trying to do then
23:54 forresta metadata in what sense?
23:54 ChrisCook No http failures it the halite page shows in red "Login Failed!" above the user and password boxes
23:54 forresta like a package name being different between one OS and another?
23:54 xmltok_ so, i have a formula that loops through a sysctl dictionary and creates a bunch of sysctl settings
23:54 xmltok_ it reads them from a pillar now, i want to read them from some configuration file. it doesnt have to be a pillar
23:54 whiteinge ChrisCook: can you open the developer toolbar and look for the HTTP status code in the network tab?
23:55 forresta xmltok_, hmm, while maybe not perfect have you looked at map.jinja files?
23:55 xmltok_ yeah the other thing is that i want to use pydsl, everyone hates yaml
23:55 forresta ahh
23:55 whiteinge death to yaml!
23:55 xmltok_ so with pydsl i could literally include a file that has my configs in it
23:55 xmltok_ i may do that
23:56 forresta whiteinge, it's not that bad, makes it easier to teach people that's for sure
23:56 whiteinge i love yaml's syntax and hate *everything* else about it :)
23:56 whiteinge i want json simplicity with yaml syntax :)
23:56 whiteinge the yaml spec is huuuuuuuuuuge
23:56 ChrisCook whiteinge:  it does show 8080/login 401 (unauthorized)
23:57 xmltok_ i love pydsl so far, my only concern is that people will start to write complicated python code rather than using already defined states
23:57 whiteinge ChrisCook: ty for finding that
23:57 forresta ChrisCook, can you do me a favor and create a new user, then add that user to the ex auth?
23:57 forresta xmltok_, you mean like people do with chef?
23:57 forresta :P
23:57 xmltok_ yep
23:58 whiteinge ChrisCook: will you try this at the CLI for that user?   salt -a pam '*' test.ping
23:59 ChrisCook whiteinge:  forresta so the system is using pam.. but pam is using ldap.. is that going to be a factor?
23:59 ChrisCook [WARNING ] Failed to open log file, do you have permission to write to /var/log/salt/master?
23:59 ChrisCook username: ccook
23:59 ChrisCook password:
23:59 ChrisCook Failed to authenticate, is this user permitted to execute commands?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary