Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-01-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 shadowsun joined #salt
00:03 psyl0n joined #salt
00:04 shadowsun Yo. Why is halite trying to do runner.manage.present
00:04 UtahDave shadowsun: to find out which minions are actually up
00:05 UtahDave andrej: Yeah, the module.run   state will let you call any regular execution module from within a state
00:05 ekristen is there anyway to share info between hosts? ie webserver ask the master where the database is?
00:05 shadowsun UtahDave: there is no runner.manage.present
00:06 shadowsun ret: Exception occured in runner manage.present: Function 'manage.present' is unavailable
00:06 UtahDave shadowsun: what version of Salt are you running?
00:06 shadowsun epel-testing of course
00:06 shadowsun 0.17.4
00:07 shadowsun and right now I'm really regretting letting pip update halite
00:07 UtahDave I think halite requires 2014.1.rc1 or develop
00:07 shadowsun ...
00:08 shadowsun ARGH.
00:08 Gifflen joined #salt
00:08 UtahDave ekristen: yeah, you can use either the Salt Mine or the Peer interface
00:08 shadowsun UtahDave: then why in gods name is it in pip?
00:08 shadowsun err, pypi
00:09 UtahDave pip install the version you need and you should be back to where you were.
00:09 shadowsun I'm trying to
00:11 mnemonikk joined #salt
00:13 Gifflen joined #salt
00:13 * shadowsun kicks the googles for being wrong
00:15 Corey Because reasons.
00:16 shadowsun UtahDave: Maybe I'm just sleep deprived, but how do I get it to actually install an older version? It'll happily tell me I requested version X, but it's installing 0.1.15
00:16 ekristen UtahDave: thanks, I’ll read up on it
00:17 andrej Thanks UtahDave ... I hope that one day soon I'll stop asking questions and start answering ;}
00:17 whiteinge shadowsun: try deleting the folder that pip downloaded that version to
00:18 Ahlee i have halite running against 0.17.2, for what it's worth UtahDave
00:18 UtahDave You're welcome, andrej.  We're glad to have you here!
00:18 UtahDave Ahlee: the latest halite?
00:18 Ahlee though, I'm not sure if it's updated recently
00:18 Ahlee did not scroll back far enouhg.
00:18 Ahlee apologies
00:19 whiteinge shadowsun: i forget where that is by default, but i seem to recall there's a hint in the install output
00:19 UtahDave Hm. It could be that 0.17 is the requirement.  Let me make sure.
00:19 shadowsun whiteinge: Where in gods name is that -.-
00:19 UtahDave Ahlee: :)  no apology needed!
00:19 shadowsun whiteinge: looks like it's in debug output
00:19 Ahlee logging into work
00:19 shadowsun whiteinge: it's in /tmp
00:19 whiteinge ah ha
00:19 Ahlee this is a mistake. ;)
00:20 shadowsun Ahlee: Don't upgrade halite
00:20 Ahlee shadowsun: word. not that we do alot with it anyway.
00:20 shadowsun lucky
00:20 shadowsun I've only got a bunch of people who have to have it working tomorrow
00:20 shadowsun mein gott
00:21 Ahlee python-halite-0.1.02-1.el6.noarch
00:21 Ahlee so i'm assuming hta'ts no longer newest
00:21 shadowsun whiteinge: you're a genious
00:22 whiteinge perhaps. although i've also seen pip do that to halite before ;-)
00:22 * whiteinge shakes his fist in pip's direction
00:22 Ahlee shadowsun: what do you actually use halite for?
00:23 Ahlee and have you extended it?
00:23 shadowsun Ahlee: The non-geeks that also do a lot of stuff through it use it, because cli scary
00:23 shadowsun And no, not atm
00:23 shadowsun We've considered it
00:23 shadowsun But we're short on time atm
00:23 Ahlee yeah, that's my use as well
00:23 shadowsun omg it works again.
00:23 Ahlee monitoring by a manager, and one user uses it as he finds it easier than the cli
00:27 tollmanz joined #salt
00:28 shadowsun whew.
00:29 shadowsun UtahDave, whiteinge, and Ahlee: I've had five hours of sleep in the last like 30, thank you for significantly lowering my stress level.
00:30 UtahDave :)  whiteinge the white wizard rode in on his white horse and saved the day!
00:30 shadowsun Yaaaaaay
00:32 mirko joined #salt
00:32 unixpenguin joined #salt
00:37 UtahDave troubleshooting some Windows file.managed issues.  I have no idea where this mode 666 is coming from, lol  http://pastebin.com/HA05QPrE
00:38 Gareth UtahDave: you have successfully proved that Windows really is evil? :)
00:38 UtahDave :)  It appears so!
00:40 fllr joined #salt
00:42 blarghmatey joined #salt
00:43 Ryan_Lane2 joined #salt
00:45 Gareth If one was so inclined to add the ability to manage ip6tables using salt.  Should it be new module/state or an addition to the existing iptables module/state?
00:46 Ryan_Lane2 joined #salt
00:46 alunduil joined #salt
00:52 dangra joined #salt
00:58 wonhunawks joined #salt
01:04 fllr joined #salt
01:14 druonysus I am signing up for SaltConf right now.. anyone know of a discount code I could use to get a bit off regular price?
01:20 xzarth_ joined #salt
01:23 Mua joined #salt
01:24 higgs001 joined #salt
01:24 malinoff joined #salt
01:36 oz_akan_ joined #salt
01:38 KyleG joined #salt
01:38 KyleG joined #salt
01:40 zzzirk joined #salt
01:41 Dale_8 joined #salt
01:45 KyleG joined #salt
01:45 KyleG joined #salt
01:46 Ryan_Lane2 joined #salt
01:47 steveoliver joined #salt
01:47 steveoliver joined #salt
02:02 davidfischer joined #salt
02:04 rojem joined #salt
02:10 Shish_ joined #salt
02:11 munhitsu_ joined #salt
02:12 tollmanz joined #salt
02:13 oz_akan_ joined #salt
02:13 doki_pen_ joined #salt
02:13 pyykkis_ joined #salt
02:14 puppet joined #salt
02:14 scassidy_ joined #salt
02:14 rojem joined #salt
02:15 munhitsu_ joined #salt
02:17 zloidemon joined #salt
02:17 dave_den joined #salt
02:18 brutasse joined #salt
02:19 nineteeneightd joined #salt
02:22 sroegner__ joined #salt
02:22 amckinley joined #salt
02:33 dpn` https://gist.github.com/dpnova/b9d79f03613794fe4839
02:33 dpn` anyone know what might be causing this segfault?
02:33 dpn` vagrant with salt provisioner
02:35 jalbretsen joined #salt
02:36 shadowsun https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1015257
02:39 jimallman joined #salt
02:40 Ryan_Lane2 joined #salt
02:41 mgw joined #salt
02:42 tollmanz joined #salt
02:45 lzhang joined #salt
02:45 lzhang I'm trying out the new docker functionality in the develop branch
02:45 juicer2 joined #salt
02:47 dpn` interesting.. thanks shadowsun
02:47 lzhang I'm getting this error when trying to invoke the state docker.running TypeError: start() got an unexpected keyword argument 'privileged'
02:47 lzhang is there a specific version of docker-py I should be running?
02:49 Gifflen joined #salt
02:53 xl1 joined #salt
02:54 Ryan_Lane joined #salt
02:54 Gifflen_ joined #salt
02:57 Gifflen_ joined #salt
02:59 dangra lzhang: I think you need current master branch from docker-py
02:59 jmccree anyone seen this error with git.latest "cannot concatenate 'str' and 'float' objects"
02:59 dangra 0.2.3 won't suffice
02:59 jmccree it worked the first time and checked out the repo, but now seeing that
03:05 dangra lzhang: I am using docker states from develop branch, it works for me installing docker-py with: pip install git+https://github.com/dotcloud/docker-py@2891c638#egg=docker-py
03:05 cachedout joined #salt
03:05 lpmulligan joined #salt
03:07 jmccree DUH! moment.. my branch name was being interpreted as a float.
03:08 malinoff jmccree, Please, create issue on github
03:09 jmccree I can do that
03:09 shadowsun dpn`: welcome
03:10 AdamSewell joined #salt
03:16 lzhang dangra: Thanks! That worked
03:18 dangra lzhang: you welcome
03:33 mgw joined #salt
03:33 bhosmer joined #salt
03:35 sroegner joined #salt
03:36 sroegner joined #salt
03:43 tollmanz joined #salt
03:45 Nexpro1 joined #salt
03:49 srage joined #salt
04:01 ConceitedCode joined #salt
04:04 forresta joined #salt
04:08 vipul joined #salt
04:08 sinh joined #salt
04:09 thrashr888 joined #salt
04:10 troyready joined #salt
04:17 tseNkiN joined #salt
04:31 jdenning joined #salt
04:40 zzzirk joined #salt
04:41 cachedout joined #salt
04:41 nliadm anyone have a good example of using the reactor system? it seems like it's very much a one-way thing
04:42 malinoff joined #salt
04:43 tollmanz joined #salt
04:44 joonas joined #salt
04:46 wonhunawks joined #salt
04:47 oz_akan__ joined #salt
04:48 helminthe1 joined #salt
04:48 beanux joined #salt
04:49 eric_ joined #salt
04:49 anuvrat joined #salt
04:49 vipuls joined #salt
04:50 tseNkiN1 joined #salt
04:50 jgiraldo_ joined #salt
04:50 pyykkis joined #salt
04:50 bejer_ joined #salt
04:50 brutasse_ joined #salt
04:53 anuvrat joined #salt
04:53 smkelly_ joined #salt
04:57 ecdhe joined #salt
04:57 MTecknology joined #salt
04:57 joonas joined #salt
04:57 Nexpro joined #salt
04:57 giantlock joined #salt
04:57 joonas joined #salt
05:01 philipsd6 joined #salt
05:02 numberx joined #salt
05:05 cachedout joined #salt
05:08 cachedout_home joined #salt
05:14 jdenning joined #salt
05:14 markm joined #salt
05:17 philipsd6 joined #salt
05:22 ravibhure joined #salt
05:27 ravibhure1 joined #salt
05:30 zzzirk joined #salt
05:33 oz_akan_ joined #salt
05:35 oz_akan_ joined #salt
05:36 ravibhure joined #salt
05:41 MTecknology joined #salt
05:43 tollmanz joined #salt
06:01 ossalt joined #salt
06:03 taion809 joined #salt
06:03 ajw0100 joined #salt
06:07 Ryan_Lane joined #salt
06:12 srage joined #salt
06:17 jfzhu_us joined #salt
06:36 oz_akan_ joined #salt
06:43 tollmanz joined #salt
06:50 srage joined #salt
06:51 elithrar joined #salt
06:53 middleman_ joined #salt
06:56 MedicalJaneParis joined #salt
06:57 MedicalJaneParis is it possible for a salt master to run a state on itself?
06:57 malinoff MedicalJaneParis, salt-run state.sls yourstate
06:58 backjlack joined #salt
06:58 NV its better to use salt-call and have a salt minion installed on the master though
07:03 elithrar_ joined #salt
07:09 MedicalJaneParis joined #salt
07:09 MedicalJaneParis nvm, think it was just an issue with my state :)
07:10 gildegoma joined #salt
07:22 srage joined #salt
07:35 Shenril joined #salt
07:37 oz_akan_ joined #salt
07:37 pmcg joined #salt
07:40 juasiepo joined #salt
07:42 ml_1 joined #salt
07:43 gammalget joined #salt
07:43 tollmanz joined #salt
07:50 srage joined #salt
08:00 ossalt How can I test -->  minion has a tag: win_server check test.ping  :   salt -I "tag:win_server" test.ping   ?
08:00 matanya joined #salt
08:01 pmcg joined #salt
08:02 ossalt tag is genereted from a pillar file
08:03 malinoff ossalt, yes, something like that
08:03 ossalt but doesn't work :(
08:04 ekarlso is there a easy way to test salt ?
08:04 ossalt salt "*" pillar.item "tag" returns  test.mydomain.com  tag : win_server
08:04 ossalt but salt -I "tag:win_server" test.ping returns nothing
08:05 malinoff ossalt, can you pastebin the output of pillar.item 'tag' ?
08:09 ossalt just a sec
08:09 martoss joined #salt
08:10 martoss1 joined #salt
08:17 harobed_ joined #salt
08:28 juso joined #salt
08:32 fllr joined #salt
08:33 sroegner joined #salt
08:35 Guest26569 joined #salt
08:35 dpn` joined #salt
08:38 oz_akan_ joined #salt
08:38 giantlock_ joined #salt
08:43 tollmanz joined #salt
08:46 ajw0100 joined #salt
08:47 linjan joined #salt
08:53 srage joined #salt
08:58 srage_ joined #salt
09:03 gasbakid joined #salt
09:07 Hipikat joined #salt
09:09 Hipikat hello salt people, i have a question… if i am writing an sls file using the py renderer (for a pillar), is there any way to import functions defined in other (py-rendered) sls files?
09:10 Hipikat so far i have gotten as far as working out `import wub from bar` in /srv/pillar/foo.sls will not import from /srv/pillar/bar.sls
09:12 g_r_n joined #salt
09:13 Furao this won't work
09:13 Iwirada joined #salt
09:17 Hipikat and i can't `import pdb; pdb.set_trace()` to drop into the debugger to look at the python paths either ;_;
09:24 Hipikat and "Attempted relative import in non-package" even when there's a __init__.py present <.< i guess i could try to keep things that need to be imported in regular .py files and add to sys.path and it wouldn't be getting *too* dirty…
09:25 ckao joined #salt
09:32 fllr joined #salt
09:38 Hipikat there's gotta be a function in __salt__ i can use to "import" other pillars, surely?
09:38 krak3n` joined #salt
09:38 oz_akan_ joined #salt
09:42 david_a joined #salt
09:43 tollmanz joined #salt
09:43 Furao Hipikat: other pillars?
09:48 Hipikat what i'm trying to do: my /srv/pillar/top.sls includes one minion-per-vm, and these minions define arrays of projects - potentially with different config for each - with the basic template for the projects being in /srv/pillar/projects/
09:48 Hipikat i was winding up with more jinja than yaml. i may be going about this wrong. i'm new here. ;P
09:49 jpihl joined #salt
09:49 srage joined #salt
09:53 aleszoulek joined #salt
10:00 Gifflen joined #salt
10:05 Furao you can use include (the key value) and jinja include too
10:05 Furao and {% extends
10:06 Furao in some more complex situation I even use a django based inventory system that feed pillars keys using ext_pillars
10:09 networkpadawan joined #salt
10:11 Gifflen joined #salt
10:12 slav0nic joined #salt
10:21 sroegner joined #salt
10:27 Gifflen joined #salt
10:32 fllr joined #salt
10:39 oz_akan_ joined #salt
10:42 BbT0n_ joined #salt
10:43 tollmanz joined #salt
10:51 ggoZ joined #salt
10:54 jarek_ joined #salt
10:58 srage joined #salt
11:02 numberx can i access other pillar data from within a pillar ?
11:06 psyl0n joined #salt
11:10 sp4wnz joined #salt
11:10 sp4wnz left #salt
11:11 Furao numberx: no
11:11 Furao but you can use macro
11:11 numberx macro ?
11:12 Furao jinja2 macro
11:12 Furao to have variable across pillar .sls files
11:12 Furao not just macro but regular {% include
11:14 Hipikat Furao: I was deep into macros; it was when the pillars started looking much more like Python than YAML that i thought maybe the Py renderer would be more appropriate...
11:14 Hipikat but given what i've found, i'll stick to YAML/Jinja :)
11:16 kedo39 huh, why is there both a openssh-formula and an ssh-formula in saltstack-formulas?
11:20 bhosmer joined #salt
11:31 njpatel joined #salt
11:32 fllr joined #salt
11:36 esoel__ joined #salt
11:37 che-arne joined #salt
11:40 oz_akan_ joined #salt
11:43 tollmanz joined #salt
11:57 psyl0n joined #salt
12:00 zzzirk joined #salt
12:07 helderco joined #salt
12:07 helderco Hey, anyone using salt with vagrant? I'm having this issue http://irclog.perlgeek.de/salt/2013-06-28#i_7264608
12:10 sroegner joined #salt
12:11 krak3n` @helderco salt will run as root unless the git clone state has a user set, set the user correctly that has the right pub / priv keys for cloning the repo, should work
12:11 helderco krak3n`: No, i'm running with the correct user
12:12 krak3n` hmmm
12:13 helderco When running highstate with -l debug, and execute the exact same thing, it works
12:14 helderco Although when I'm in root and use: su vagrant -c 'ssh -T git@bitbucket.org', then it doesn't work
12:14 helderco If I'm running the same command as user vagrant it does work
12:14 helderco It must be environment
12:15 helderco I don't know if salt is running commands like that, i.e., su [user] -c COMMAND
12:18 oz_akan_ joined #salt
12:19 networkpadawan left #salt
12:21 helderco Found a workaround in https://github.com/mitchellh/vagrant/issues/1303
12:21 helderco It's working now.
12:21 krak3n` cool
12:22 krak3n` never knew about that
12:22 ekristen joined #salt
12:24 dangra joined #salt
12:24 helderco Yes, here's another https://github.com/mitchellh/vagrant/pull/1307
12:25 gadams999 joined #salt
12:27 unixpenguin joined #salt
12:28 mnemonikk joined #salt
12:28 Iwirada joined #salt
12:28 bhosmer joined #salt
12:32 pdayton joined #salt
12:32 fllr joined #salt
12:39 gadams9992 joined #salt
12:41 backjlack joined #salt
12:42 srage joined #salt
12:43 tollmanz joined #salt
12:47 srage joined #salt
12:48 srage_ joined #salt
12:49 sroegner joined #salt
13:03 cachedout joined #salt
13:07 gmoro joined #salt
13:10 jrdx joined #salt
13:15 gadams999 joined #salt
13:16 srage joined #salt
13:18 JasonSwindle joined #salt
13:19 gadams999 joined #salt
13:32 fllr joined #salt
13:38 blarghmatey_ joined #salt
13:41 gmoro joined #salt
13:41 clone1018_ joined #salt
13:42 jpihl Hi yesterday I asked if anyone knew if a master 2014.1.0rc is compatible with 0.17.4 slaves (because I was having problems with the opposite setup).. No one could answer, so today i decided to a bit of testing myself. It turns out that a 2014.1.0rc1 master is compatible with 0.17.4 slaves (i tested debian & arch). I hope this helps someone :)
13:43 tollmanz joined #salt
13:43 ossalk joined #salt
13:44 krak3n` joined #salt
13:44 jslatts joined #salt
13:48 Ahlee That's good to know, thanks jpihl
13:50 Gifflen_ joined #salt
13:51 ekristen joined #salt
13:51 ekristen I’m trying to understand gitfs
13:55 ktenney joined #salt
13:55 jpihl Ahlee, you are very welcome :) Also i just tried with Ubuntu, and unsurprisingly it works as well..
13:56 elithrar joined #salt
13:57 oz_akan_ joined #salt
13:57 elfixit joined #salt
13:57 Ahlee Now here's hoping 2014.1.0 will be able to update to 2014.1.1.
13:57 ekristen whats the recommended way to souce control your states?
13:58 ekristen I was just planning on sourc controlling my /srv directory which currently contains my pillar and salt directories
13:59 Ahlee ekristen: I use gitfs for states
13:59 Ahlee personally i think it complicates matters more than helps
13:59 ekristen your gitfs complicates more things?
13:59 Ahlee I feel it does.
13:59 Ahlee As you don't see files on disk
13:59 Ahlee so you end up having to ask a minion to pull the file down to view the contents
14:00 Ahlee my troubleshooting is salt 'testminion' cp.list_master
14:00 Ahlee then cp.get_file <state in question> <some tmp place on disk>
14:00 Ahlee then viewing the file
14:00 Ahlee then waiting for the 60 second update cycle tick, checking logs to make sure hte git update worked
14:00 Ahlee then running hte get_file again
14:01 Ahlee whereas when i was on disk, i at least had a good sense of what the minions would see
14:01 Ahlee but that's just me.
14:01 scuwolf joined #salt
14:02 njpatel joined #salt
14:02 Ahlee gifts is nice in that i can push a branch up and target it when env=that_branch
14:02 ekristen yeah I was just thinking of just checking out formulas and adding them to my own salt git repo
14:09 _ilbot joined #salt
14:09 Topic for #salt is now Welcome to #salt - SaltConf Jan 28-30, 2014! http://saltconf.com (reg deadline January 3) | 0.17.4 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers - Channel logs are available at http://irclog.perlgeek.de/salt/
14:12 sgviking joined #salt
14:12 racooper joined #salt
14:13 juicer2 joined #salt
14:13 sroegner ekristen: just adding them as gitfs remotes and referencing in my top file had worked pretty well for me - whats missing?
14:14 ekristen rather have them all in a single tree, especially to reduce complexity and getting other people to understand the salt infrastructure
14:16 wkf joined #salt
14:16 thoht hey
14:16 thoht quand on a joute un torrent, et qu on selectionne le numero de l episode, ca bloque a 60
14:17 thoht pour naruto c est 344
14:17 thoht left #salt
14:17 sroegner ekristen: i run hadoop infrastructure setup with this and _not_ having all in one (which is what we started with) has tremendously reduced teh complexity
14:20 smkelly joined #salt
14:20 ekristen are you cloning each formula into your own github account?
14:21 sroegner ekristen: absolutely, yes
14:21 sroegner nope
14:21 sroegner :-)
14:21 sroegner ekristen: repo - not account
14:22 brianhicks joined #salt
14:23 sroegner ekristen: the part that sold me on this was the gitfs remotes - the server (whatever salt server) pulls in everything
14:23 sroegner ekristen: including updates
14:24 ekristen hrm
14:24 sroegner ekristen: you make a minor fix to one formula and your salt master (in ec2) can just pull it
14:25 vejdmn joined #salt
14:26 ekristen but if I just git repo my entire /srv directory I get the same effect by git pull origin master
14:26 gmoro joined #salt
14:27 sroegner ekristen: technically yes - but who does this?
14:27 ekristen me ;)
14:27 sroegner ekristen:  if you just run one environment this is sure feasible
14:28 ekristen sroegner: you have more then one salt-master?
14:29 sroegner ekristen: yes - we provision independent clusters with their own masters using salt-cloud
14:29 blee joined #salt
14:29 ekristen nice
14:30 sroegner ekristen: for any sort of test or problem i can setup a cluster for a couple of days with about any permutation on the components/versions inside and free choice of the nodes
14:30 sroegner ekristen: usually within an hour
14:31 sroegner ekristen: the formulas as they are make this possible, and salt-cloud
14:32 fllr joined #salt
14:32 ekristen hrm
14:32 ekristen so you run salt-cloud from your primary master?
14:32 ekristen are you doing this inside of ec2 or ec2-vpc?
14:33 sroegner ekristen:  so to speak
14:33 martoss1 joined #salt
14:33 sroegner it doesn't really do much other then provising a base for salt-cloud
14:34 ekristen guess you could run salt-cloud from your local workstationt hen
14:34 ekristen workstation*
14:35 diegows joined #salt
14:36 oz_akan_ joined #salt
14:36 ekristen sroegner: I’m reading over the salt-cloud docs now
14:37 ekristen sroegner: I don’t see anything about where you can define a template of systems to bring up, so is that all something you have scripted?
14:37 ekristen sroegner: nm, just found it, profiles
14:38 sroegner :-)
14:38 ekristen can salt-cloud do AWS ELB
14:39 redmin joined #salt
14:40 sroegner ekristen: i don't believe so
14:40 sroegner ekristen: haven't hecked in a while
14:41 ekristen ok, np
14:42 ekristen I wonder if you can pin a gitfs repo to a commit or tag
14:43 tollmanz joined #salt
14:45 sroegner ekristen: i haven't played much with branches or tags because of the number of formulas i use
14:45 gmoro joined #salt
14:46 sroegner ekristen:  need to keep things simple, need to keep master working
14:46 ekristen I like gitfs, just don’t know if I’ll use it
14:46 ekristen I’ll either end up using it and have it point to my main salt repo
14:47 ekristen the thing I don’t like is that my pillars have ot be in a separate repo
14:47 backjlack joined #salt
14:48 sroegner ekristen: once again: that eneded up being a good thing for our environment because it adds flexibility
14:48 ekristen sroegner: are you using the feature where salt master can control another salt master?
14:48 ekristen sroegner: yeah I understand
14:48 JasonSwindle joined #salt
14:48 tessellare joined #salt
14:49 sroegner ekristen: i don't use federation, i have the make_master flag in my salt-cloud profiles
14:50 sroegner ekristen:  the provisioned masters are unaware of the super master
14:50 ekristen but the provisioned minions are somehow aware of their cluster master?
14:50 scott_w joined #salt
14:50 Whissi joined #salt
14:51 sroegner ekristen: their /etc/salt/minion file is automatically pointed to the provisioned master
14:52 sroegner ekristen: salt-cloud does that part
14:52 ekristen ah
14:52 ekristen yeah I’m trying to understand
14:53 pdayton joined #salt
14:53 sroegner ekristen: here is a profile for illustration: https://raw.github.com/accumulo/accumulo-saltstack/master/test/jenkins/amazon_os/amazon_os.profiles
14:54 sroegner this one i use in jenkins
14:56 ekristen ok
14:56 racooper where can I find changelogs for 0.17.4? I'm not locating them on github or saltstack.com
14:57 racooper gahh of course I find them right after I ask. nevermind.
14:58 Iwirada http://docs.saltstack.com/topics/releases/0.17.4.html
14:58 juso @terminalmage: above you was talking about files and permissions issue, is it somehow related to https://github.com/saltstack/salt/issues/9604
14:58 ekristen sroegner: so then how do you actually execute a profile and also how do you indicated how many slaves to come up?
15:00 sroegner ekristen: the latter you use a map file for which is referenced with the profile when you run salt-cloud to start (or do whatever with) the cluster
15:00 ekristen sroegner: oh ok, yeah I read about maps, just didn’t put it together
15:01 terminalmage juso: not sure
15:01 ekristen sroegner: I’m sorta liking the idea that eavh environment has its own salt master
15:01 terminalmage I believe UtahDave was looking into this last night
15:01 Iwirada anyone ever tried to use a 0.17.4 master and a 0.16.4 minion? does such a constellation work?
15:01 gadams9991 joined #salt
15:02 ekristen sroegner: so do you have a super master then in ec2 that the cloud configs reside on?
15:02 juso ah, ok, will wait for his comments.
15:02 ekristen sroegner: or do you do it from like a workstation?
15:02 terminalmage Iwirada: I would not recommend it: http://docs.saltstack.com/topics/releases/0.17.1.html
15:02 jimallman joined #salt
15:02 Iwirada terminalmage: thank you for the hint.
15:03 terminalmage Iwirada: no problem
15:05 fllr joined #salt
15:06 th3reverend joined #salt
15:06 th3reverend left #salt
15:06 ekristen sroegner: am I missing something, it looks like salt-cloud is apart of salt now, but I don’t have it available and the salt-cloud install instructions don’t seem to work from git
15:07 juicer2 joined #salt
15:08 sroegner ekristen: salt-cloud will be in hydrogen release
15:08 ekristen ah
15:08 ekristen is there a release date on that?
15:08 vejdmn1 joined #salt
15:08 sroegner ekristen: it's tricky right now - i run the command out of a virtual-env build of salt develop
15:09 sroegner ekristen: all in ec2 agains a 0.17.4 master
15:09 ekristen ok
15:10 ekristen ugh looks like vpc isn’t 100% supported
15:11 sroegner ekristen: works well enough for me
15:11 ekristen oh you have it working in a vpc?
15:12 sroegner ekristen: only use vpc, yes
15:12 * krak3n` uses salt-cloud inside a vpc too
15:13 ekristen ok I’ll try and follow the virtualenv install guid
15:13 ekristen guide
15:14 ekristen I’m not familiar with the virtualenv, am I just providing any path to it?
15:15 davidfischer joined #salt
15:16 scoates always run every app in a virtualenv. (-:
15:17 yawniek joined #salt
15:17 ekristen scoates: I use docker
15:18 vejdmn joined #salt
15:19 numberx joined #salt
15:21 juicer2 joined #salt
15:21 ekristen yeah this virtualenv is a disaster the instructions don’t work
15:22 ekristen keeps crashing on swig failure, tells me I need to install via apt-get, but its already installed
15:22 ekristen finally get salt-cloud installed but salt.crypto isn’t available, assuming because I need to install salt in the virtualenv, so I try to do that and I’m back to the swig command failing again
15:24 micah_chatt joined #salt
15:25 pmcg joined #salt
15:28 sroegner ekristen: there is a paragraph on the swig stuff in http://docs.saltstack.com/topics/hacking.html
15:29 ekristen followed it, unfortunately does not work
15:30 ekristen and —system-site-packages isn’t valid for apt-get or pip
15:31 alunduil joined #salt
15:33 ekristen I think I might have found the problem
15:34 gmoro joined #salt
15:34 ekristen sroegner: so do I need to source into my virtualenv anytime I want to use salt-cloud?
15:35 sroegner no - you just call salt-cloud from there direcly
15:35 ekristen cool, so I can add the path
15:35 sroegner this will all disappear when hydrogen comes out
15:36 sroegner thats what i do
15:37 networkpadawan joined #salt
15:38 tollmanz joined #salt
15:39 ekristen ok
15:39 ekristen cool
15:39 ekristen got it working
15:39 ekristen ok
15:39 ekristen so now to configure my salt cloud files
15:41 ekristen sroegner: you defined your own provider?
15:41 sroegner have to - it basically holds tha amazon account stuff
15:41 ekristen oh, nm I read about that change
15:42 ekristen yeah
15:42 ekristen sroegner: so do you version control your /etc/salt directory?
15:42 sroegner no
15:43 sroegner probably should but it is nothing too elaborate
15:43 viq Is there any way to define a state that would do equivalent of 'yum groupinstall' ? Or do I have to specify all component packages?
15:43 ekristen sroegner: your master file? your cloud profiles/providers/maps?
15:44 sroegner ekristen: i keep the provider in /etc/salt/cloud.providers.d/
15:45 sroegner ekristen: profiles and maps are always together in git repos, a shells cript calling salt-cloud from the virtenv pulls it all together
15:46 ekristen gotcha
15:47 jdenning joined #salt
15:49 diegows joined #salt
15:51 jaykumar joined #salt
15:52 jaykumar hello everyone...I have scenario I need help with
15:53 juicer21 joined #salt
15:54 jaykumar i have few minions running a simple service and few minions without the service, how can I create a salt state where only if the process is running on the minion the salt state would be executed...
15:54 jaykumar hope it makes sense
15:55 viq jaykumar: how about assigning some pillar to the machines where it is (or is not) running? Or do you really want it dynamic?
15:55 jaykumar yup...i need it to be dynamic
15:56 rci joined #salt
15:56 jaykumar i don't want to rely on static configuration
15:56 jaykumar for example,,,if apache is running then push httpd.conf...if not...don't do anything
15:57 viq Hm, something with http://docs.saltstack.com/ref/modules/all/salt.modules.ps.html#salt.modules.ps.pgrep ?
15:58 viq Though that sounds hackish
15:58 scoates could maybe somehow have the minions set a grain if the process exists?
15:59 viq scoates: but grains change only on salt-minion restart
15:59 jaykumar yeah ps.pgrep would need some hacks to make it work
15:59 scoates that might satisfy jaykumar's needs. not sure.
16:00 jaykumar is there any other better way...
16:01 funzo joined #salt
16:02 fllr joined #salt
16:02 ccase joined #salt
16:04 martoss joined #salt
16:04 jalbretsen joined #salt
16:04 martoss1 joined #salt
16:05 ekristen sroegner: how do you add new nodes to a cluster?
16:05 ekristen like an existing one?
16:05 sroegner ekristen: haven't tried
16:06 xt left #salt
16:06 sroegner add to the map and run again?
16:06 martoss1 joined #salt
16:06 timoguin joined #salt
16:06 martoss joined #salt
16:07 martoss left #salt
16:08 ekristen idk, I’ll have to try it later
16:09 ekristen sroegner: I’m looking at your profiles example you gave me
16:09 ekristen the minion: providers: pkg: yumpkg5, what is that?
16:10 sroegner ekristen: a workaround for a ec2-related bug in 0.17.2 - probably unnecessary now
16:10 martoss joined #salt
16:10 d10n joined #salt
16:11 ekristen ok
16:12 jtrucks joined #salt
16:16 gasbakid joined #salt
16:16 dave_den joined #salt
16:16 jtrucks joined #salt
16:18 jdenning joined #salt
16:19 ekristen sroegner: how are you deploying into a subnet?
16:19 mikkn Can you use context for a jinja template to import a proper dictionary and then loop over it? I'm getting odd errors and jinja googling hasn't been very helpful. :/
16:20 micah_chatt joined #salt
16:20 mikkn "{%- for zone, masters in zones.iteritems() %}" gives me this as error: "Jinja variable parameter 'masters' was not provided;"
16:22 terminalmage joined #salt
16:22 sroegner ekristen: a subnetid in the provider
16:22 ekristen ah
16:22 sroegner all i have goes into the same subnet
16:22 gasbakid joined #salt
16:23 jtrucks joined #salt
16:23 ekristen kk
16:23 ekristen what does the peer: .* - grains.* do?
16:23 quickdry21 joined #salt
16:23 sroegner ekristen: provider also holds a basic list of securitygroupids, but i usually overwrite that in the profiles
16:24 ekristen oh cool, I can add a security group in the profile? sweet
16:24 jtrucks joined #salt
16:24 meteorfox joined #salt
16:24 sroegner ekristen: enables peer communication
16:26 sroegner ekristen: you can basically get instant inventory (for example querying roles)
16:26 ekristen so I’m assuming you can use the securitygroup in a profile
16:26 sroegner ekristen: but so far salt mine has been quite sufficient
16:27 ekristen so I guess you have to have the security groups in place ahead of time
16:27 mikkn sroegner: Hmm. How would you use that in a state file, for instance?
16:27 gasbakid joined #salt
16:28 cachedout joined #salt
16:29 sroegner mikkn: can't find that example but it would have to end up looking like a mine call i think
16:30 jtrucks joined #salt
16:31 kermit joined #salt
16:31 mikkn Ah, yes. Well, thanks for that idea. It will solve a couple of problems I was having ^^
16:32 davet joined #salt
16:32 gasbakid joined #salt
16:34 ekristen sroegner: so once an env is up, then you login to the master and run state.highstate?
16:34 sroegner nah
16:35 ekristen does salt-cloud do that for you?
16:35 blee_ joined #salt
16:35 sroegner the same script thats starts the cluster runs an ugly piece of python that parses salt-cloud output - then i have the master ip and run ssh against that
16:36 jtrucks joined #salt
16:36 ekristen so its not as simple as just running salt-cloud then eh
16:36 sroegner never is
16:37 kaptk2 joined #salt
16:37 sroegner on the other hand there is a better solution to this part for sure
16:38 sroegner just haven't gotten around to it
16:38 mpanetta joined #salt
16:38 mjulian joined #salt
16:38 mjulian joined #salt
16:39 ekristen hrm salt-cloud isn’t picking up my profiles :/
16:40 mpanetta joined #salt
16:41 kermit joined #salt
16:42 ekristen so I have my profiles in /etc/salt/cloud.profiles
16:42 jtrucks joined #salt
16:44 ekristen sroegner: any ideas?
16:44 sroegner wouldn't that have to be /etc/salt/cloud.profiles.d ?
16:44 ekristen yeah I had them there originally and that wasn’t working either
16:45 ekristen oh
16:45 ekristen wait
16:45 UtahDave joined #salt
16:45 ekristen I misread the error message
16:45 Mua_ joined #salt
16:45 ekristen it says my provider isn’t defined therefore the profile won’t be used
16:46 ekristen hrm I put my cloud provider in cloud.providers.d
16:48 ekristen oh, you can chain providers?
16:50 ekristen when I run salt-cloud —list-providers I get
16:50 ekristen myprovider:
16:50 ekristen ----------
16:50 ekristen aws:
16:50 che-arne joined #salt
16:50 ekristen ----------
16:51 sroegner oh
16:51 sroegner you're referencing aws
16:51 sroegner use ec2 instead in the provider
16:51 sroegner aws is deprecated or sth
16:51 ekristen same output this time, just ec2 instead of aws
16:52 sroegner that's all i get
16:52 ekristen hrm
16:52 sroegner the name and ec2
16:52 ekristen my profiles say that myprovider isn’t valid
16:52 sroegner that is likely to be a yaml problem
16:52 ekristen I’m using 2 spacing for providers, does it need to be 4?
16:53 sroegner i suspect it needs to be consistent
16:53 ekristen my profiles use 2 as well
16:53 ekristen I’ll try 4
16:53 sroegner i have 4
16:58 ekristen hrm that didn’t fix it
16:58 xmltok joined #salt
16:59 sroegner i would first strace the call to see if the provider really is picked up from there
16:59 Gifflen joined #salt
17:00 sroegner then take out almost everything and see if anything changes
17:00 sroegner i went through the same cycle two months ago
17:01 dangra salt-jenkins can be spammy when it wants to :)
17:01 dangra 10 IRC messages in 30 minutes, I hope it stops there. https://gist.github.com/dangra/8337753
17:02 Iwirada left #salt
17:02 * nahamu just "/ignore"s salt-jenkins. ;)
17:03 dangra it got my attention at least, all salt builds looks very cloudy and rainy
17:03 nahamu oh wait, does it /msg you directly if it's your commit?
17:03 Mua joined #salt
17:04 dangra yes
17:04 KyleG joined #salt
17:04 KyleG joined #salt
17:04 nahamu ah
17:04 sroegner ekristen: here is an example: https://gist.github.com/sroegner/8337806
17:04 aynik joined #salt
17:05 ekristen ok, let me compare
17:08 socks joined #salt
17:09 Guest26569 joined #salt
17:11 socks hi all.  is there a way with jinja to do something like the following?   {% if grains['host'] contains [ 'web', 'app' ] %}      i'm basically looking for a way to have salt do something if the strings 'web' or 'app' are in the hostname.
17:18 krak3n` @socks {% if 'web' in grains['host'] or 'app' in grains['host'] %} should do it
17:19 socks ha, that makes total sense.  thank you!
17:20 xmltok whiteinge: you around?
17:20 whiteinge xmltok: yessir
17:20 tollmanz joined #salt
17:21 xmltok whiteinge: ive been working on a formula for openstack, starting with keystone. the problem is that i cant configure the keystone module from the configurations in my defaults.json, since its not really pillar data. im wondering now if it would have been better to implement the defaults file by loading it under the pillar data, rather than adding a module to read it
17:22 fishpen0 joined #salt
17:24 xmltok im thinking the defaults processor may have been better as a grain
17:25 xmltok well, like a grain
17:26 mprymek joined #salt
17:27 carmony UtahDave: looks like Tom is on board with the Saltfile idea
17:28 UtahDave yeah, it's a good idea.   I think that for the people that want it it will be really awesome.
17:28 UtahDave I know I will use the crap out of it.
17:28 UtahDave I do a lot of testing and stuff and this will be nice for me
17:28 dave_den what's the saltfile idea?
17:29 troyready joined #salt
17:30 carmony https://github.com/saltstack/salt/issues/9639
17:31 whiteinge xmltok: not sure i follow. couldn't the keystone module pull values from defaults.json *via* pillar as things are now?
17:32 dave_den ah, yeah saw that on the mailing list. i like it
17:33 bhosmer joined #salt
17:33 xmltok whiteinge: nah, because the defaults data doesnt make it into the pillar, its only read if you use defaults.get
17:33 carmony one question on salt-ssh, is it roadmaped to use the user's pub/priv keys instead of generating it's own?
17:33 networkpadawan left #salt
17:34 xmltok i think the defaults.py logic would have been better placed in the pillar.py module -- if everything that reads from a pillar would read from the pillar.py module and not the pillar directly. if things read from the pillar directly (they might), itd be better off processing the defaults file when it creates the piillar data
17:36 psyl0n joined #salt
17:37 whiteinge xmltok: so you're saying you want the values in defaults.json to be in pillar without having to call defaults.get()?
17:37 xmltok yeah, i think that would be the only wayt to use the defaults values from other modules
17:38 xmltok so more like pillar_defaults.yaml than defaults.yaml
17:39 Gifflen joined #salt
17:39 UtahDave carmony: I'm not sure. Tom designed it to avoid flinging the user's personal keys all over the place.  I haven't heard if he's going to make that an option or not
17:40 diegows joined #salt
17:40 Gareth 'lo
17:41 carmony hmmm, interesting point
17:42 carmony one issue I see is then I have to store the salt keys in my repos and such if I want more than 1 person to be able to use the salt-ssh stuff, right?
17:43 blee joined #salt
17:43 njpatel joined #salt
17:44 joehillen joined #salt
17:44 xmltok whiteinge: so instead of doing what it does now, it would be better implemented in the code where salt scans for state files. if it finds a pillar_defaults.* it can then load it into the pillar data
17:44 dave_den carmony: their public keys, yeah
17:45 dave_den or just make sure when you create the minion you are putting any public keys for userst that shoudl have access into the proper authorized_file location
17:46 dave_den err _keys
17:46 Ryan_Lane2 joined #salt
17:46 whiteinge xmltok: i'm partially with you. where/how are you thinking the pillar data will be consumed? you mentioned the keystone module, can you give me a quick example?
17:47 UtahDave carmony: I think you can use multiple keys, so they would use their own salt-ssh built keys for the minions.
17:47 carmony so maybe its just a training/documentation issue
17:47 UtahDave carmony: Having multiple people use salt-ssh to manage servers sounds like a disaster waiting to happen
17:48 carmony true
17:48 UtahDave carmony: how do you ensure that they all have the correct sls and config files?
17:48 carmony we'd manage it all in git
17:48 UtahDave how do you make sure they don't stomp on eachother's toes?
17:48 carmony but if they hadn't pulled
17:48 xmltok whiteinge: im going by the doc on https://github.com/saltstack/salt/blob/develop/salt/modules/keystone.py, i could shove the connection args into every state request with defaults.get, but otherwise it wants to read it from the pillar or minion config file
17:48 UtahDave carmony: exactly
17:48 carmony it could be an issue
17:49 UtahDave If you wanted multiple people to use salt-ssh, i think I'd still force them to log in to a central master
17:49 UtahDave carmony: that way everyone is pushing from the same sls files.
17:49 UtahDave carmony: that's my personal opinion, anyway.  I'd never trust that everyone has updated their git clone correctly.
17:50 matanya joined #salt
17:51 xmltok whiteinge: i can get around this particular issue, i dont know if it would come up again with some other module later. i think it would be more intuitive/seamless to have the defaults imported into the pillar directly -- it looks like the Loader is what would be right
17:57 jdenning joined #salt
17:57 cdcalef joined #salt
17:58 whiteinge xmltok: you could do this with an ext_pillar module, i'll bet. basically the module would grab defaults.json off the file system if it exists, check the current pillar values and insert the default values if we don't have values already defined
17:59 xmltok that sounds good
17:59 foxx joined #salt
17:59 ajw0100 joined #salt
17:59 xmltok hmm, would ext_pillar be able to read off the filesystem if its on the master -- with gitfs?
18:00 whiteinge good question
18:00 whiteinge i'm not sure
18:01 UtahDave xmltok: yeah, I'm pretty sure it could. ext_pillar gives  you the full power of python to modify the pillar dict
18:02 UtahDave xmltok: actually, I know you can.  The cmd_yaml and cmd_json ext_pillars do exactly that.
18:02 UtahDave carmony: Am I being too paranoid on that?  :)
18:03 tollmanz joined #salt
18:04 anuvrat joined #salt
18:05 forresta joined #salt
18:05 carmony UtahDave: it depends on the size of the team and how often you're updating it
18:06 xmltok so then there is two problems to solve, how to ensure that the defaults from the ext_pillar do not override other pillar values and how to scan the tree of state files if its on fs or in gitfs
18:07 carmony_ joined #salt
18:07 xmltok oh, would ext_pillar be called if you are using salt-call --local? that may be a deal breaker with ext_pillar
18:08 dave_den yes, if it's in the configuration file
18:08 xmltok i don't see ext_pillar in the minion config
18:10 Ahlee UtahDave: happen to have any release date estimates for salt proxy?
18:11 dave_den xmltok: it's not a default minion opt, but i'm pretty sure you can do it
18:12 mgw joined #salt
18:12 xmltok looks like its a hot topic https://github.com/saltstack/salt/issues/9494 :)
18:12 faeroe joined #salt
18:13 dave_den xmltok: from the comments it says it works in .16 and .17
18:13 xmltok yeah, the configuration can be added to the minion config, its just undocumented
18:13 dave_den right
18:14 xmltok off the top of your head, do you know what variables i should look at to find out what directories to scan?
18:14 xmltok otherwise ill just dig around in the config dict
18:15 unixpenguin joined #salt
18:15 aleszoulek joined #salt
18:17 UtahDave xmltok: no, I don't think salt-call --local has access to ext_pillar.  I think there's an open issue requesting it, though
18:17 UtahDave Ahlee: I'm not sure. I think it's set to be merged into Salt proper soon.  cro, do you know what the timeline is?
18:19 cro Ahlee: I'm presenting it at SaltConf, so it'll be merged in around that time.
18:20 ajw0100 joined #salt
18:21 faeroe joined #salt
18:22 ekristen sroegner: how are you handling dns internally for your stuff?
18:22 ekristen I noticed you used aws-ci.com
18:22 carmony You guys getting excited for SaltConf?
18:25 ekristen hrm I got “NameError: global name 'RSA' is not defined”
18:25 ekristen I guess RSA crypto not installed?
18:25 forresta carmony, yes.
18:27 carmony next two weeks are going to be busy. ngconf, skiphp, and salt-conf
18:27 juicer2 joined #salt
18:28 forresta carmony, remind me to not breath the air around you, you'll be a germ warfare machine!
18:28 Gareth forresta: pack a hazmat suit.
18:28 forresta Gareth, it would be funny
18:29 sroegner ekristen: i don't have a good solution for the dns part
18:30 Ahlee cro: looking forward to it
18:30 rlarkin joined #salt
18:30 Ahlee cro: I've let terminalmage know in the past, but if you need some aristas to test against I've offered our env
18:30 ekristen sroegner: seems to be a common thread with AWS VPC
18:31 cro Ahlee: excellent!  I may take you up on that.
18:31 abe_music joined #salt
18:33 ekristen sroegner: so my salt-cloud -m is just sitting at … proceeding
18:33 sroegner ekristen: it doesn't hit us that hard because the clusters usually only last days
18:34 ekristen ah
18:34 ekristen sroegner: are you doing anything similar for production or long lasting clusters of servers?
18:34 sroegner not yet
18:34 sroegner on our way
18:34 sroegner but i wouldn't mind seeing the salt eco system mature a little
18:35 * Gareth heads off to the dentist
18:35 sroegner before i take it into production
18:35 ekristen oh, not a fan of it for production use?
18:37 xmltok whiteinge/UtahDave: I believe I can use the __opts__['file_roots'] to scan, but wouldn't that be empty/missing the defaults files since the minion wouldn't copy it over from the master?
18:38 whiteinge xmltok: ext_pillar will get executed on the master
18:38 timoguin joined #salt
18:38 xmltok unless i am using salt-call --local, then its executed on the minion
18:38 xmltok man, this feels wrong
18:39 whiteinge sure but then it's executed on a minion that is configured to pretend to be a master :)
18:39 xmltok so i should be able to scan file_roots in either case?
18:39 sroegner ekristen: i guess it depends - stability wise it looks ok to me
18:39 carmony forresta: lol
18:40 UtahDave ekristen: Salt is used in production all over the world in some of the largest environments.
18:40 ekristen UtahDave: good to know
18:40 ekristen so salt-cloud is just sitting at proceeding ..
18:40 ekristen no output other then that
18:40 UtahDave ekristen: I'd always recommend testing that the latest version works in a smaller test environment before upgrading all your production servers.
18:40 forresta ekristen, can you hook onto the process with strace and see what is going on?
18:41 kermit joined #salt
18:41 UtahDave ekristen: also, you might try adding    -l debug  to the salt-cloud command
18:41 Ryan_Lane2 joined #salt
18:42 ekristen I’ll try the debug,
18:43 whiteinge xmltok: last i checked gitfs didn't work on a minion with --local
18:43 whiteinge terminalmage: ^^ is that still the case
18:43 whiteinge ?
18:43 xmltok yeah its not. so i have my formula checked out into /srv/salt on my vagrant machine, but on my master its used through gitfs
18:44 * whiteinge nods
18:44 whiteinge ok
18:44 terminalmage whiteinge: not sure, I'd need to look at how the fileserver works in masterless mode
18:44 terminalmage if it uses the LocalClient fileclient class, then yeah, the answer is no
18:44 xmltok either way, i want the thing to work in both cases :)
18:45 ekristen hrm it says its waiting on VM IP
18:45 whiteinge terminalmage: ok, thanks. i'm pretty sure it relies on a loop that only exists in the master process (currently)
18:45 ekristen but it clearly has the private IP in the returned query data
18:46 ekristen ack I typo’d my config
18:46 ekristen ssh_interface: private_ips not ssh_interfaces*
18:46 terminalmage ok
18:46 fishpen0 joined #salt
18:47 ekristen so UtahDave does salt-cloud run state.highstate when it brings up a node?
18:47 timoguin ekristen, haven't had time to scroll up. are you trying to provision an instance on AWS and it's sticking at "Waiting for IP" ?
18:48 fishpen0 joined #salt
18:48 timoguin ah nevermind you had a typo in your config.
18:48 ekristen timoguin: I think it is because I typo’d my config
18:49 ekristen yeah ok so that fixed that part
18:49 ekristen so whats the way that highstate is suppose to get run on servers brought up by salt-cloud
18:50 UtahDave ekristen: Not by default.
18:50 timoguin don't you have to put 'state: highstate' in the minion cloud config for that?
18:50 UtahDave ekristen: You can set the minion's config to have      startup_states: highstate
18:50 timoguin there is is
18:51 Ryan_Lane2 joined #salt
18:52 amckinley joined #salt
18:52 ekristen timoguin: I have ssh_username set to ubuntu but I’m seeing errors in the logs stating that it is using root
18:52 ekristen UtahDave: thanks, I’ll take a look
18:57 forresta UtahDave, that reminds me as I keep forgetting to ask. Are there plans to take down the readthedocs site for salt cloud? It still shows up in a lot of search results as the first item as opposed to docs.saltstack.com
18:58 UtahDave forresta: not sure.  Makes sense to me to take them down once Hydrogen is released
18:58 forresta Cool
18:58 gadams999 joined #salt
18:59 forresta hey whiteinge, did you notice that https://github.com/saltstack/salt/issues/8351 cropped back up again?
19:00 ekristen so can I chain providers?
19:01 forresta only happens in google now though, bing is good to go it seems.
19:01 ekristen for salt-cloud?
19:02 mesmer joined #salt
19:02 whiteinge forresta: no :(
19:04 forresta :( indeed
19:04 rgbkrk joined #salt
19:06 toguin__ joined #salt
19:07 ekristen sroegner: I used a file similiar to yours for profiles
19:07 ekristen I just logged in to my salt master but salt doesn’t appear to be installed
19:07 rojem joined #salt
19:08 gadams999 left #salt
19:08 sroegner ekristen: what can i say?
19:08 forresta install salt?
19:09 ekristen salt-cloud is suppose to install that though right? with the make_master flag?
19:09 sroegner make_master is set and you really are on the right node then this usually works
19:09 sroegner is salt-minion up?
19:10 druonysus joined #salt
19:10 druonysus joined #salt
19:10 ekristen hrm it seems that no salt got installed on the master
19:10 ekristen the minions seemed to get their salt-minion installed
19:11 ekristen hrm and their master got setup right
19:11 sroegner ekristen: sounds like the salt-bootstrap part didn't work on the master
19:11 sroegner which might be an issue with your version of salt-cloud
19:12 ekristen kk, well I can always try it again ;)
19:12 sroegner *just speculating*
19:13 gadams999 joined #salt
19:13 ekristen hrm odd
19:13 foxx joined #salt
19:13 ekristen so for the master, salt-cloud used root instead of ubuntu even though the config says to use ubuntu
19:14 ekristen hrm
19:14 ekristen ok, I’ll redo it
19:14 sroegner just leave the master then, in you map
19:15 ekristen k
19:16 jacksontj joined #salt
19:16 ekristen running it again
19:17 ekristen is there a way to transfer files using salt-cloud? I ask because some of my repos will be protected via ssh and I’ll need a deployment key
19:18 druonysus we are using 17.1 and we are having an issue with pkg.latest not getting the latest version of a package. http://paste.opensuse.org/27713981
19:19 rgbkrk joined #salt
19:19 matanya joined #salt
19:19 Gifflen_ joined #salt
19:19 Gifflen_ joined #salt
19:20 forresta druonysus, can you upgrade our test environment if it exists to at least 0.17.2?
19:21 ekristen sroegner: (or anyone else) http://pastebin.com/du36Pa7s
19:23 sroegner looks like master was well installed and then died?
19:23 ekristen logging in to check
19:24 ekristen minion is running, master is not
19:24 sroegner check /var/log/salt/master then
19:25 ekristen Git fileserver backend is enabled in configuration but could not be loaded, is GitPython installed?
19:25 sroegner aahhhh
19:25 ekristen so I guess I need to get that installed somehow during the init process
19:26 sroegner ekristen: my inelegant solution to that was building AMIs with gitpython installed
19:26 ekristen ugh
19:26 ekristen probably the only way to do it
19:26 sroegner i wouldn't know - i suspect there has to be
19:27 sroegner basically a pre-bootstrap hook script
19:27 ekristen UtahDave: >
19:27 ekristen s/>/?/
19:28 unixpenguin joined #salt
19:29 seanz joined #salt
19:29 alunduil joined #salt
19:29 ekristen sroegner: looks like there is a script: option
19:30 gadams999 joined #salt
19:30 ekristen just not sure how to use it
19:31 ekristen can you use salt-cloud to “re-bootstrap” an already running system
19:32 druonysus forresta: not super easily, one of the reason why we have not upgraded yep... working on a deadline and didn't want to spend some time mucking with getting the the newer version in our repo... but this is a show stopper so I think I can spend some time on getting us onto a newer version
19:32 zach Does anyone know where I can buy some saltstack stickers?
19:32 kermit joined #salt
19:33 UtahDave ekristen: yeah, use the "saltify" salt-cloud driver
19:33 UtahDave zach: I've got some you can have! Are you coming to SaltConf?
19:33 ekristen UtahDave: ok, I’ll go look for the docs
19:34 ekristen ah Saltify is for existing gotcha
19:34 ekristen UtahDave: is there a solutoin to install GitPython during salt-cloud init?
19:35 jslatts joined #salt
19:37 UtahDave ekristen: not exactly.  I would add an sls file to your master that installs gitpython then restarts the minion service. Then it should catch your gitfs backed states
19:37 ekristen UtahDave: I’m trying to figure out how I can sls files to a master through salt-cloud
19:38 sroegner UtahDave: i think the absence of gitpython keeps the master from starting as long as gitfs remotes are in the config
19:39 sroegner UtahDave: that state transistion seems fairly complex to me
19:39 UtahDave wait, I thought he was spinning up a minion?
19:40 sroegner both
19:40 UtahDave Ah, I see. using make_master: True?
19:40 ekristen yes
19:40 sroegner make_master: True in the profile
19:40 sroegner i have the same problem
19:41 Mua joined #salt
19:42 Gifflen joined #salt
19:42 UtahDave Hmm.
19:45 ekristen I’m fine with not using gitfs, but I need to figure out how to provide salt states to the master
19:47 zach UtahDave: unfortunately I'm not :( I had approval then approval was stolen away from me :(
19:55 ekristen so when using salt-cloud to create a master is there anyway to install pillars and states without using git?
19:55 ekristen gitfs*
19:56 UtahDave ekristen: I don't think there's a way right now
19:56 UtahDave ekristen: Salt Cloud does push a few files over right now, like configs
19:56 ekristen ugh, so close to getting this all working without headache
19:56 UtahDave ekristen: so theoretically it could push a bunch of files to file_roots, but I don't think it's set up for that right now
19:57 UtahDave ekristen: you could open an issue requesting that.
19:57 sroegner couldn't GitPython be made an (optional) part of salt-bootstrap?
19:58 sroegner i am not ready to give up on gitfs
19:58 ekristen where is deploy.sh come from
19:59 sroegner might be your virtualenv
19:59 sroegner in which case you could hack that in
19:59 ekristen yeah not there though at least not under “deploy.sh"
20:00 sroegner no
20:00 sroegner in the sources
20:01 carmony_ joined #salt
20:01 ekristen it gets create as a tmp file then ssh’d acrossed
20:01 ekristen or scp’d across
20:03 abe_music anyone know why destroying hosts with salt cloud is not done in parallel?
20:03 timoguin ls
20:03 timoguin whoops...
20:03 abe_music i thought it was at one point, but maybe i'm mistaken
20:05 ekristen sroegner: http://docs.saltstack.com/topics/cloud/misc.html?highlight=cloud%20master%20states
20:05 ekristen I think I can use that
20:05 ekristen just not sure how yet
20:06 sroegner ekristen: sorry - you can only sync whats already on the master
20:06 ekristen sroegner: no I mean to change the bootstrap script
20:07 ekristen to install GitPython
20:09 ekristen I think I can just modify the bootstrap-salt script
20:09 sroegner it is definitely doable - i changed salt/cloud/deploy/bootstrap-salt.sh
20:09 sroegner yes
20:09 ekristen just need to figure out where to place it on the fs
20:09 ekristen oh ok
20:09 anuvrat joined #salt
20:11 ekristen I’m trying to find that on my filesystem right now
20:11 forresta druonysus, Yea that is totally fair.
20:11 sroegner it is under sources/salt/salt/cloud
20:12 ekristen right I see it in my home directory where I clone the repo
20:12 druonysus forresta: thank. I will let you know if the newer version helps... I hope it does
20:13 ekristen but is salt-cloud just going to automagically know to use that?
20:13 rojem joined #salt
20:13 sroegner that is where salt-cloud pulls it from
20:13 ekristen is that cause I used the pip install -e ./salt-cloud to install it?
20:14 sroegner ekristen: i have no clue
20:14 ekristen :/
20:14 ekristen ok
20:20 timoguin ekristen, what version of salt are you using?
20:21 ekristen salt-cloud 0.8.11
20:21 timoguin what version of salt
20:21 ekristen salt 0.17.4
20:21 forresta druonysus, sounds good, I hope it does as well since I haven't heard of anyone having that issue on 0.17.4 or 0.17.2. Keep in mind that 0.17.4 has problems with multiple includes breaking stuff in your top, so you might want to go with 0.17.2
20:22 timoguin ekristen, sroegner might be talking about the newer version that has salt-cloud merged in.
20:22 druonysus forresta: thanks for the heads up
20:22 ekristen timoguin: where does the non-merged salt-cloud get it from?
20:22 timoguin in 0.17.4 i *think* it pulls hte bootstrap from the official saltstack url
20:23 timoguin ekristen, it pulls it from http://bootstrap.saltstack.org
20:23 ekristen timoguin: so I see script: bootstrap-salt in one of the docs
20:23 ekristen can I override that?
20:23 timoguin probably, but I'm not sure how
20:23 ekristen doh
20:24 forresta druonysus, yea np
20:24 ekristen seems to be a recurring theam
20:24 ekristen theme*
20:24 druonysus forresta: is there any more info you can provide on the 17.4 issue? I am not super clear on what you mean by "multiple includes breaking stuff in top"
20:24 forresta druonysus, https://github.com/saltstack/salt/issues/7526
20:24 forresta that's the issue.
20:24 forresta conflicting IDs is the true problem
20:25 forresta but most people encounter it because they have multiple items that include something like ssh for example, so then it thinks there are two ssh IDs, and that breaks it.
20:25 gadams999 left #salt
20:25 forresta This is fixed in the more recent releases, but it's present with 0.17.4, and can cause a lot of headaches depending on how you have your states laid out. Does that make more sense
20:25 forresta *?
20:25 gadams9991 joined #salt
20:25 bhosmer joined #salt
20:26 forresta but if I remember correctly this was fixed in 0.17.2, the cropped back up in 0.17.4
20:26 forresta I could be wrong now that I'm reading the hundred comments on this issue though :P
20:26 martoss joined #salt
20:27 forresta druonysus, https://github.com/saltstack/salt/issues/7526#issuecomment-31273312 is the most relevant comment
20:28 martoss1 joined #salt
20:29 druonysus forresta: thanks for the links
20:29 forresta np
20:30 forresta I wouldn't want you to upgrade and be totally screwed!
20:30 Ryan_Lane2 joined #salt
20:31 bhosmer joined #salt
20:31 unixpenguin joined #salt
20:32 druonysus forresta: yeah... that would be no good
20:35 jdenning joined #salt
20:36 forresta yup
20:37 ekristen alright, back to Salt-Cloud so I could just use one master for my salt-cloud deployments
20:37 ekristen and just use environments?
20:38 ekristen so a profile can reference minion: master: IP/HOSTNAME_OF_MASTER yes?
20:38 ekristen I can also assign grains to profiles
20:38 ekristen so maybe I’ll just do that
20:40 aleszoulek joined #salt
20:43 diegows joined #salt
20:44 utahcon am I up in the night? I get the following error when I run this https://gist.github.com/anonymous/8341656
20:44 utahcon State require.internal_reset_ots found in sls repo.creditrepair.internal is unavailable
20:44 sgflt joined #salt
20:44 utahcon is it not possible to extend and require something in this manner? do I have my syntax wrong?
20:45 utahcon I am calling: salt 'myserver' state.sls repo.cr.internal_force
20:45 utahcon basically I want to force my reset, before calling the checkout
20:46 utahcon since in 17.4 the force arguments aren't active yet
20:47 rojem joined #salt
20:48 bowen joined #salt
20:51 UtahDave utahcon: that's not how includes work.
20:52 UtahDave you need to have internal_reset_ots "require_in" repo_cr_ots
20:53 UtahDave the include should happen at the top of your sls, though it may still work where you have it
20:55 utahcon maybe require is the wrong thing...
20:55 utahcon I want the checkout to happen after the reset, but only if the reset exists...
20:55 utahcon so I figured I would create a reset, and then extend the checkout to say "wait for the reset"
20:55 utahcon does that makes sense? possible?
20:55 cewood joined #salt
20:58 njpatel joined #salt
20:58 forresta utahcon, why not include the reset, but then use the unless statement perhaps?
20:58 forresta I mean if you do the include, then use a require, it's going to ensure the reset runs first.
20:59 utahcon forresta: isn't that what I have?
20:59 utahcon I am confused
20:59 UtahDave utahcon: I'm wondering if somewhere in there the dots or periods in your filenames are getting converted into system paths.
21:00 vbabiy Is there any way to set explicit branches to use for env
21:00 utahcon UtahDave: sorry, gist freaks on me when I use /
21:01 utahcon the filenames are repo/cr/internal.sls and repo/cr/internal_force.sls
21:02 UtahDave vbabiy: the top file matching sets the minion's env, or you can hard fix it in the minion's config file
21:02 vbabiy UtahDave what do you mean hard fix in the minion
21:02 UtahDave there's an environment config option in the minion's config
21:03 vbabiy UtahDave thanks I will look in to it
21:04 vbabiy UtahDave so setting the environment to base
21:04 SEJeff_work joined #salt
21:04 vbabiy then it will ignore all other branches in gitfs
21:04 Ryan_Lane2 joined #salt
21:04 UtahDave yeah
21:05 vbabiy okay
21:06 vbabiy The issue we are running in to is that we use PR and it was merge the topfiles and breaking the current setup.
21:06 indymike joined #salt
21:08 jacksontj joined #salt
21:08 tollmanz joined #salt
21:08 UtahDave vbabiy: you're using more than one topfile?
21:08 vbabiy UtahDave the branches have top files, since they a dev branches
21:09 imaginarysteve joined #salt
21:13 forresta utahcon, I commented on your gist.
21:13 forresta oh just updated it, forgot something
21:13 forresta utahcon, ^
21:14 utahcon oh!
21:14 forresta I don't know if that will fix it
21:14 forresta but maybe?
21:14 utahcon worht a shot
21:14 utahcon thanks
21:14 forresta np
21:16 utahcon forresta: thanks, that worked
21:16 jgiraldo_ how do I check if there are any pending jids from a minion
21:16 jgiraldo_ not the master
21:17 tollmanz joined #salt
21:19 rojem joined #salt
21:21 kermit joined #salt
21:24 forresta utahcon, glad to hear it!
21:25 rojem joined #salt
21:26 jeffmendoza joined #salt
21:31 david_a joined #salt
21:35 bhosmer joined #salt
21:36 taion809 joined #salt
21:37 martoss joined #salt
21:39 troyready joined #salt
21:50 diegows joined #salt
21:51 ekristen so how do I match a custom grain like environment: test with the salt command
21:51 ekristen salt ‘environment:test’ test.ping
21:51 ekristen doesn’t seem to work
21:52 ekristen oh -G option?
21:53 forresta ekristen, http://docs.saltstack.com/topics/targeting/compound.html. and yea -G matches on grain data.
21:54 ekristen forresta: so ig -G matches on grain data
21:54 ekristen salt ‘*’ is matching on what?
21:54 ekristen hostname?
21:54 forresta the name registered with salt (usually hostname)
21:54 forresta '*' is just matching everything
21:54 ekristen but specifically by hostname
21:55 forresta by whatever ID you registered salt with
21:55 forresta you might have a different hostname versus the name specified when you joined the machine to salt.
21:59 bowen ekristen: If you run "salt-key -L" on your master, this is the list that you're matching against when using '*' or 'your-hostname-here' etc
21:59 Ahlee boo, i do'nt see a MAC grain in develop
22:00 thrashr888 joined #salt
22:00 vbabiy Is there any way to disable the branches are environments features in gitfs?
22:01 vbabiy Or how do people use gitfs with pull requests
22:01 Ahlee vbabiy: my minions track specific branches that I merge into
22:02 Ahlee so servers in Staging are in environment: Staging
22:02 Ahlee tht way I can test in newfeature, target env=newfeature, merge into Staging
22:03 vbabiy Does your staging branch have a top file?
22:03 Ahlee all environments do
22:03 Ahlee i have top.sls in Staging, UAT, and master
22:03 Ahlee though I'm told those merge down into one
22:03 Ahlee I don't see that
22:03 vbabiy Yeah I am seeing that
22:04 vbabiy and it breaking stuff for me
22:04 vbabiy since If I have an old feature branch it merges down and overrides my top file with old data.
22:07 vbabiy Ahlee do your top file override states?
22:07 Ahlee override states?
22:08 diegows joined #salt
22:10 Ahlee i think you're doing something far more advanced than I, so I humbly bow out of this conversation with apologies
22:10 bowen vbabiy: I haven't used your deployment model before, so I dont' have much to contribute to this discussion, but is this documentation of any help to you? - http://docs.saltstack.com/ref/states/top.html#how-top-files-are-compiled
22:11 Thiggy joined #salt
22:11 * Thiggy Anybody doing anything fun combining saltstack and docker?
22:12 forresta Thiggy, there is actually docker support in the new release candidate.
22:12 Thiggy I saw that. I was wondering what people are doing with it?
22:12 Thiggy My mental model of what they both do seems to have a fair bit of overlap. Was curious if anyone had any real world examples of awesome neat-o stuff.
22:13 bowen Thiggy: This same question was posted on the salt-users group a while back. I'll see if I can find the link for you.
22:13 Thiggy bowen thanks! I should have checked there first.
22:13 Thiggy I can self-google if you're not already there.
22:13 Ahlee i really need to get around to digging into how docker/containers handle scheduling to see how much of a hit there is
22:14 Thiggy @bowen this one? https://groups.google.com/forum/#!searchin/salt-users/docker/salt-users/m6cvazNTsm4/Q4ivLhsuKtgJ
22:14 forresta Thiggy, https://gist.github.com/dcapwell/7309603 was what someone was doing before, I don't know who that is in the IRC, I can't remember :\
22:14 bowen Thiggy: That's the one
22:15 robbyt joined #salt
22:15 Thiggy I'll read up. Thanks!
22:15 bowen Thiggy: I guess I already put more than my $0.02 in to that thread. Happy to answer further questions about what I wrote if you have any.
22:16 Furao joined #salt
22:19 bowen I've actually started putting together a PoC on github to try out ChatOps (like Github tout frequently). I'm planning to use docker containers instead of Vagrant. The idea being that you use docker build files which will run salt to configure the docker images.
22:19 bowen Like most things I start, it will probably never get finished (it's very much in-development at the moment) but you can have a look at the docker build files to get an idea of how I'm using it with Salt if you'd like - https://github.com/bdenning/chatops-poc
22:20 bowen The README is actually wrong. You can build the docker image by cloning the repo and then running "docker build -t xmpp - < docker xmpp.docker"
22:21 bowen Whoops, that command should have been: "docker build -t xmpp - < docker/xmpp.docker"
22:21 Ryan_Lane2 joined #salt
22:22 cdcalef what support does the salt candidate have for docker?
22:22 cdcalef it'd be pretty sweet to compose images in salt and have it run the docker container
22:25 jfzhu_us joined #salt
22:28 zzzirk joined #salt
22:32 Corey_the_Clown joined #salt
22:32 Corey_the_Clown Hello everyone
22:33 Corey_the_Clown I noticed there is a module for making SSL certs (modules.tls)
22:33 Corey_the_Clown is there anyway to make self-signed certs in the state files?
22:35 taion809 joined #salt
22:35 Corey_the_Clown and then make that cert available to be added to keystores on other computers in a dynamic, as it is installed, way?
22:36 imaginarysteve joined #salt
22:36 * Corey eyes Corey_the_Clown suspiciously
22:36 forresta lol
22:36 Corey_the_Clown nuk nuk
22:37 Corey_the_Clown trust me, we aren't related :)
22:37 Corey Always good to double check these things. :-)
22:37 Corey Corey_the_Clown: That said, I generally don't like having the cert generation process be automated except in very narrow use cases.
22:37 Corey_the_Clown howso?
22:38 Gareth Two of them?
22:38 forresta Corey_the_Clown, you can use http://docs.saltstack.com/ref/states/all/salt.states.module.html to reference a module within the salt state if you want, but to add it to the keystore you'd have ot do something like a file.append, which would be pretty meh
22:38 forresta Gareth, I know, the stuff of nightmares
22:38 Corey Gareth: We're breeding.
22:38 Corey It happened in a Quinntimate moment.
22:39 kickerdog joined #salt
22:40 heewa joined #salt
22:40 Corey_the_Clown hmm, actually putting it there is easy enough, its a java keystore
22:40 Corey_the_Clown but making it available to be put there, that is what I'm trying to figure out
22:40 troyready joined #salt
22:40 forresta Gareth, pretty sure this is them: http://i.imgur.com/p5x13cz.jpg
22:41 forresta the names might need to be reversed.
22:41 Gareth forresta: haha
22:41 forresta I still don't see how that llama doesn't poop in your office, it has to have happened to someone.
22:41 Corey forresta: Dammit so much.
22:42 forresta it's a funny picture, gotta use it at every opportunity
22:42 Gareth forresta: well trained llama
22:42 heewa I'm getting: Jinja syntax error: no filter named 'urlencode'  Isn't that standard with jinja? My template looks like: {{ value|urlencode }}
22:42 forresta Gareth, yea I guess.
22:43 Gareth forresta: I'd be more concerned about Corey than the llama.
22:43 forresta LOL
22:43 forresta heewa, http://jinja.pocoo.org/docs/templates/#urlencode
22:43 Corey Usually I don't have a llama. Here I am with Corey_the_Clown: http://www.sequestered.net/~cquinn/corey.jpg
22:43 forresta what is your dog wearing?
22:43 jfzhu_us You guys work in an interesting environment
22:43 forresta like a monster hoodie?
22:44 Corey forresta: She's a dinosaur.
22:44 forresta ahhh ok
22:44 Corey_the_Clown so let me back up and explain a bit better
22:44 forresta I see you are also a fan of amazon Corey
22:44 Corey_the_Clown really the problem I'm trying to get around is making a cluster talk through SSL in EC2
22:44 Corey_the_Clown my basic requirement is to get each a self-signed cert, and have that accepted by the others
22:44 heewa forresta: Sorry, I don't get it. By that, it looks like I'm doing it correctly, no? (value is a variable)
22:45 Corey_the_Clown The cluster is too big to use EIP's and the names change each time the machine goes down and up
22:45 forresta heewa, yea I am agreeing with you, sorry. Got distracted.
22:46 heewa forresta: Ok, cool. I'll try debugging a bit, I guess.
22:46 Corey_the_Clown I do have a way to add id's to a host-file so I don't need to rely on the ec2 public names
22:46 Corey_the_Clown Salt, thankfully, provides that too
22:46 forresta heewa, as dumb as it sounds, maybe you have to call it like {{ value|urlencode() }} ?
22:46 Corey_the_Clown so the process looks something like this so far...
22:47 heewa Corey_the_Clown: The other solution is to run internal DNS. That allows for faster updating (just salt that one DNS server).
22:48 Corey_the_Clown ...
22:48 heewa forresta: Good thought, but it didn't work.
22:48 Corey_the_Clown yeah, we've thought of that
22:48 heewa sorry, late to the party!
22:48 forresta heewa, huh, can you make sure it is infact jinja 2.7 that you're using?
22:48 Mua joined #salt
22:48 Corey_the_Clown I can't remember why at the moment that we ruled that out, dynamic DNS would be fine enough for that
22:48 forresta * in fact
22:49 Corey_the_Clown but it all still boils down to making the certificates for each new machine, and adding those certs to the keystore on all of the others
22:53 bowen Corey_the_clown: I've done something similar but wrote a state that would generate a private key and CSR (if one didn't already exist) and then email it to a person with access to sign it using the CA. Then it's just a case of copying the signed certificate back to the right location on the server.
22:54 srage joined #salt
22:58 dave_den Corey_the_Clown: i originally wrote MasterPillarUtil in utils/master.py to do real-time SSL cert generation and signing
22:58 martoss joined #salt
22:58 dave_den i combine that with the peer_run system
22:59 clearclaw Umm, are the pillar SLS files not processed by jinja?
22:59 dave_den clearclaw: yes, they are
23:00 clearclaw They are?  This: http://pastebin.com/WpQgvsXK is not resulting in any useful pillar data.
23:00 bowen clearclaw: Just be aware that you can't reference pillar variables/items from within pillar - for obvious reasons
23:00 martoss1 joined #salt
23:00 troyready joined #salt
23:01 clearclaw Yeah, I'd love to have that sort of introspection (nest values in particular) but this is a simpler case.
23:01 UtahDave joined #salt
23:01 Ryan_Lane2 joined #salt
23:02 clearclaw That silly bit of jinja in top.sls looks good to me, but salt is now telling me that my pillars are empty, whereas they're fully of juicy goodness if I do that expansion manually.
23:02 * clearclaw assumes PEBKAC and goes debugging.
23:02 Ryan_Lane2 joined #salt
23:03 Corey_the_Clown thanks bowen and dave_den, I'll look into those
23:03 Corey_the_Clown bowen, salt can copy files back to the server now, no?
23:04 bowen Corey_the_Clown: Yes, salt has this ability
23:05 bowen Corey_the_Clown: I chose to send the CSR via email (from the server) just so it goes to the person, with access to sign it using the CA, directly
23:06 Corey_the_Clown bowen: That is a great idea, and probably better than what we are planning
23:06 Linz joined #salt
23:06 bowen Corey_the_clown: if all you're after is selfsigned certs you should be able to do what you're after with a bunch of "cmd.run" (and the right dependencies using "requires"). But it won't be as pretty as writing a custom state to do it. I haven't come across a state that takes care of certificate generate, at least not when I last looked
23:07 Corey_the_Clown at one point when we looked at this we thought about auto-signing, but then decided that just accepting anything self-signed was just as secure
23:07 Corey_the_Clown but it would be best to actually have a auditable signing process
23:07 Linz joined #salt
23:07 Corey_the_Clown bowen: the tls module will
23:08 bowen Corey_the_Clown: Definitely using a CA is a much better option, and you can use Salt to take a lot of the pain out of the process.
23:08 Corey_the_Clown http://docs.saltstack.com/ref/modules/all/salt.modules.tls.html
23:08 Corey_the_Clown bowen: the only thing we lose is auto-scaling
23:08 bowen Corey_the_Clown: Kick ass! Guess I'll be replacing my custom module now ;-)
23:09 Corey_the_Clown but it would make it semi-auto scaling
23:10 bowen Corey_the_Clown: Agreed, auto-scaling is bit of a special case.
23:10 Corey_the_Clown thinking about it though, we don't need fully auto
23:11 bowen Corey_the_Clown: It depends what the cert if for. If it's for https traffic, then you'll need the certificate pretty quickly, but if it's to secure logging, then a slight delay while someone approves and returns a valid certificate might not be so bad.
23:12 rojem joined #salt
23:14 psyl0n joined #salt
23:17 AdamSewell joined #salt
23:20 clearclaw Found the problem: a dedent error later in the YAML which caused the parse to break silently other than in the debug logs
23:20 forresta clearclaw, aww yea syntax errors!
23:22 clearclaw It would be kinda nice if the system were noisier about such.
23:22 clearclaw Instead it went silent.
23:22 forresta yea I think kiorky has been working on better error reporting lately
23:23 clearclaw I do appreciate tools STFU when things are working well.  But not so much when there's an error.
23:23 ConceitedCode joined #salt
23:24 psyl0n joined #salt
23:24 forresta agreed
23:24 forresta was it still silent with -l debug?
23:30 sgviking joined #salt
23:35 clearclaw I'll check.  Just a mo, I'll have to recreate the problem.
23:36 Corey I forget, whose bastard stepchild is that bootstrap script?
23:36 Corey Because I believe I've found a bug with it.
23:36 clearclaw Yes, it is silent with -ldebug.  Detection requires the master to be logging at debug:  http://pastebin.com/y2e5CPtu
23:37 clearclaw There should be 3 pages of pillar values from that query...
23:39 clearclaw Can someone give me a quick pointer on how to have one minion query another minion's grains?  More specifically I need to have a state write a script for MinionA which contains the IP address if MinionB.
23:39 clearclaw (and no, I can't use DNS)
23:39 psyl0n joined #salt
23:40 Ryan_Lane2 joined #salt
23:40 jacksontj joined #salt
23:42 brutasse joined #salt
23:49 Linz joined #salt
23:50 Ryan_Lane2 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary