Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-02-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 alexthegraham joined #salt
00:00 hunter http://pastebin.com/wNJG3H2p
00:01 hunter I was inspired by the jinja docs forrest posted about whitespace control - their suggested syntax is {{ '{{' }} so I extrapolated out from that.
00:03 hunter Working wireless here would improve life too
00:03 terminalmage hunter: what are you trying to do with {{'{{repo}}'}} ?
00:04 terminalmage encode jinja into your pillar variable?
00:04 hunter get the literal text '''{{repo}}''' past the jinja step that pillar files go through so its interpreted in the state file.
00:04 hunter terminalmage: yes - exactly.
00:05 hunter again, this is just me futzing around with earlier questions
00:07 dave_den hunter: i don't recommend doing it that way, but the answer is to change your pillar file to yaml only. right now it's jinja then yaml.
00:07 terminalmage hunter: so if you're doing that in the pillar data, I don't understand why you then need {{ repo }} at the end of line 36
00:07 fragamus joined #salt
00:08 hunter Oh - that was just a placeholder for the one that worked - I used the "mre" line for testing
00:08 hunter dave_den: uhm, I think given that I need this understandable by others I'm going to back off and leave it alone.
00:08 hunter But this is how I really learn something - explore.
00:09 hunter http://pastebin.com/Y8XrvTrk
00:10 hunter Whats better is I've turned the all the boilerplate get calls into a loop.
00:10 hunter Now I'm trying to figure out if I can drive that list of keys from the default data while still special casing the baseurl one.
00:12 hunter My god emacs needs a better yaml mode
00:12 Corey hunter: It's called vim.
00:13 hunter indeed
00:13 terminalmage Corey: bazinga
00:13 Corey hunter: Why not just switch?
00:13 hunter To what?
00:13 hunter vim?
00:13 hunter Why?
00:14 kermit joined #salt
00:14 dave_den hunter:  you don't really need to if/else the baseurl one
00:14 dave_den just do the same thing you do for the others
00:14 dave_den but leave it outside the loop
00:14 hunter Corey: sorry - I'm not about too - the editor wars are over and people should use what they like.
00:14 Corey hunter: I was kidding. :)
00:14 hunter dave_den: hmm. Let me try.
00:14 Corey Sorry, I'll try to troll more subtley.
00:15 hunter Corey: cool - cuz a bunch of people don't kidd and its ever so tiresome.
00:15 hunter dave_den: baseurl needs that extra {{repo}} at the end though
00:16 dave_den - baseurl: {{ args.get('baseurl', repos_default['baseurl'] + repo }}
00:17 dave_den but with a parenthesis at the end that i forgot
00:18 hunter Oh - I was trying this: http://pastebin.com/cqGT9Qdj
00:20 dave_den right, you can replace the entire if/else with that line ^^
00:20 hunter Got it
00:20 dave_den bbl
00:21 hunter But my attempt to get rid of hte hard coded list of keys is failing
00:21 * Heartsbane is still reading documentation, 4 state files written.
00:22 hunter http://pastebin.com/fBFDTmez
00:22 hunter hmm
00:23 dave_den you still need the '- ' at the beginning of the baseurl line
00:23 hunter Heartsbane: I'm roughly at the same place you are.
00:24 Heartsbane hunter: don't blame terminalmage he is grouchy
00:24 hunter dave_den: opps - but it still doesn't like my .keys() call
00:24 smcquay joined #salt
00:24 hunter http://pastebin.com/fBFDTmez   -- I've updated that with the error
00:28 synfin joined #salt
00:29 synfin I just ran salt-ssh, manually entered the password (as /etc/salt/roster was not honored due to sshpass not being available) and now I do not have to enter the password anymore.  Where did it save the password or upload the key to?
00:34 gnugnu6 joined #salt
00:35 rojem joined #salt
00:35 Corey synfin: Diagnostic time. Did the modification time on authorized_keys change?
00:35 Corey synfin: Second question! Did you apply my ControlMaster and ControlPersist tips to your ssh configuration? :-)
00:36 gnugnu6 joined #salt
00:37 synfin Corey: Of course I checked the authorized_keys file :) .  There is no such file on the host for the user or for root.  Hence why I am very perplexed
00:38 synfin Corey: no to the second
00:39 Corey synfin: I'm not sure how salt-ssh approaches connection reuse; when the run finishes are there still ssh connections being held open?
00:41 synfin Corey: There are no leftover ssh connections.
00:41 tr_h joined #salt
00:41 synfin Corey: Well, I guess I can read the code.
00:41 synfin Corey: At thsi point I'm stumped.
00:42 Corey synfin: Yeah, that seems definitely odd. You're not doing something nutty like bootstrapping a minion via salt-ssh, are you?
00:42 Corey So now it's working over the zmq bus...
00:43 synfin Corey: Nah, I'm just doing a simple salt-ssh on grains.items to see how it works.
00:43 synfin Corey: gonna read some code.....
00:44 alexthegraham I'm having a hell of a time nailing down a problem w/ 2014 installed on openSuSE 13. It seems like the minion isn't getting pillar data so it's not looking in the right place for sls files.
00:44 alexthegraham "No matching sls found" for every state in env 'base'.
00:45 alexthegraham salt-call pillar.items returns nothing on the minion.
00:46 swa_work joined #salt
00:47 alexthegraham But it's only being this way for one minion out of almost 20.
00:47 alexthegraham This one minion also happens to be the only one running 2014.
00:49 alunduil joined #salt
00:50 ajw0100 joined #salt
00:57 budrose joined #salt
00:57 hunter joined #salt
01:06 cachedout joined #salt
01:06 Katafalkas joined #salt
01:06 fragamus joined #salt
01:07 ajw0100 joined #salt
01:09 elfixit joined #salt
01:10 smcquay joined #salt
01:11 synfin Corey: Found it.
01:11 synfin Corey: /var/cache/salt/master/minions/name_of_minion_in_roster_file/data.p
01:12 synfin Corey: Delete the file and the password has to be reentered.  it also appears that if you change the contents of /etc/salt/roster (or perhaps there is a timeout?) it will force you to reenter the password
01:16 ajw0100 joined #salt
01:18 TheRealBill_here joined #salt
01:20 fllr joined #salt
01:25 Ryan_Lane I have salt installed via debs, but we have a number of requirements that live in a virtualenv, is there anything I can do about this?
01:25 cnf idno, i don't install anything python through debs
01:25 cnf everything lives in virtualenvs
01:25 diegows joined #salt
01:25 Ryan_Lane including salt itself?
01:25 cnf \o/ virtualenvwrapper
01:25 cnf ye[
01:25 cnf yep
01:26 Ryan_Lane how difficult is it to deal with via pip?
01:26 HeadAIX joined #salt
01:26 cnf what do you mean?
01:26 Ryan_Lane well, init scripts and such
01:27 Ryan_Lane the debs install a user, an init script, etc, etc.
01:27 cnf takes some getting used to, nothing too hard
01:27 Math` joined #salt
01:27 cnf but what do you have that must live in a virtualenv that salt needs?
01:28 Ryan_Lane well, we could use system things for some of them, but for instance, we're using a much newer version of boto
01:28 jeffro_ joined #salt
01:34 munhitsu_ joined #salt
01:35 nextdoorwarren joined #salt
01:38 hunter joined #salt
01:38 tyler-baker left #salt
01:38 dave_den Ryan_Lane: if you use upstart, the upstart scripts can activate a virtualenv:  https://github.com/saltstack/salt/blob/develop/pkg/salt-minion.upstart#L20
01:38 Ryan_Lane oh. awesome
01:40 Ryan_Lane dave_den: what if I'm using masterless salt?
01:40 runnyspot joined #salt
01:41 zzzirk joined #salt
01:41 Ryan_Lane just activate a virtualenv before calling salt-call?
01:41 dave_den yes
01:41 Ryan_Lane great. thanks
01:42 hunter dave_den: Thanks for your help earlier
01:48 liwen joined #salt
01:49 pdayton joined #salt
01:49 dave_den hunter: no prob.  fyi, this pastebin is incorrect. http://pastebin.com/fBFDTmez  you should do http://pastebin.com/0vQRUpgp
01:50 hunter I thought there was a python syntax for that.
01:50 hunter but now I need it to exclude _two_ keys... :)
01:51 fllr joined #salt
01:51 hunter I thought there was a "not in [list]" syntax '
01:51 ch0pstick joined #salt
01:53 dave_den there is
01:53 dave_den {% for key in repos_defaults.keys() if key not in ['baseurl', 'somethingelse'] %}
01:53 hunter shucks
01:54 hunter danke
01:54 dave_den now you must go 48 hours without any help.
01:54 dave_den :D
01:55 hunter awww
01:55 hunter actually with what I've learned today I might be able to crank thorugh the fs states
01:55 yomilk joined #salt
01:55 clintonius joined #salt
01:55 hunter at least the linux ones which are full minions
01:57 yomilk joined #salt
01:59 DaveQB joined #salt
02:00 Math` joined #salt
02:03 _bt joined #salt
02:03 tr_h joined #salt
02:05 clintberry joined #salt
02:07 hunter joined #salt
02:11 clintberry okay guys, I am stupid, I know, but how do I get salt-master to refresh gitfs
02:11 Ryan_Lane1 joined #salt
02:11 clintberry I restarted and it didn't seem to do the pull
02:11 Katafalkas joined #salt
02:12 clintberry should have checked the logs before I messaged here, sorry. It says permission denied :-)
02:13 schimmy joined #salt
02:19 faldridge joined #salt
02:20 jeffro joined #salt
02:20 nextdoorwarren joined #salt
02:21 Gifflen joined #salt
02:24 Guest72558 joined #salt
02:25 xl joined #salt
02:27 ch0pstick joined #salt
02:28 l0x3py joined #salt
02:31 rojem joined #salt
02:32 rojem joined #salt
02:33 baniir joined #salt
02:36 test_salt joined #salt
02:37 thayne joined #salt
02:45 bhosmer joined #salt
02:46 n8n joined #salt
02:46 hunter joined #salt
02:48 schimmy joined #salt
02:49 faldridge joined #salt
02:49 taion809 joined #salt
02:55 atealtha joined #salt
02:55 ravibhure joined #salt
02:55 ravibhure left #salt
02:55 jalbretsen joined #salt
02:58 ravibhure1 joined #salt
02:58 ravibhure1 left #salt
03:10 sijis left #salt
03:10 krow joined #salt
03:16 ThomasJ|d joined #salt
03:18 zzzirk joined #salt
03:20 TheRealBill_here joined #salt
03:22 rostam joined #salt
03:26 sgviking joined #salt
03:26 oz_akan_ joined #salt
03:26 d10n joined #salt
03:26 nyx joined #salt
03:27 mwmnj joined #salt
03:28 thayne joined #salt
03:30 defen joined #salt
03:30 defen salt
03:31 defen left #salt
03:34 Guest57824 Hi all, could anyone explain what I need to do to get salt-cloud make a new master with a specified master key?  I've created a profile with 'make_master: true' and specified 'master_pub' and 'master_pem' paths at the same level with no luck yet
03:38 zzzirk joined #salt
03:38 hunter joined #salt
03:40 forrest Furao, you around?
03:41 ipalreadytaken joined #salt
03:45 faldridge joined #salt
03:46 pydanny joined #salt
03:48 lizhenda joined #salt
03:49 lizhenda help
03:51 smcquay joined #salt
03:51 sgviking joined #salt
03:53 AndChat|359961 joined #salt
03:54 fllr joined #salt
03:54 cachedout joined #salt
03:55 smcquay joined #salt
03:58 tr_h joined #salt
04:02 forrest Does anyone else have an epel account that can do a quick test of salt from epel-testing, then comment over here saying it works for them: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0643/salt-2014.1.0-1.el6
04:05 ch0pstick joined #salt
04:06 cweisel joined #salt
04:08 mgw joined #salt
04:12 Corey forrest: Yeah, hang on.
04:12 forrest Corey, sweet!
04:12 Corey Er... I seem to have lost my build env.
04:13 Corey forrest: Wait. epel-testing doesn't *require* a build account.
04:13 forrest right
04:13 forrest but you should test before just approving :P
04:13 Corey Oh, I see!
04:15 yomilk joined #salt
04:15 Corey Looks solid.
04:16 Corey That's two!
04:16 forrest yea it worked fine on my box as well
04:16 forrest yea if Furao was around that would be 3
04:16 forrest for some reason terminalmage's didn't count
04:16 Corey aHe's the submitter.
04:16 forrest yea Furao said that didn't matter
04:16 Corey Furao seems mistaken.
04:17 forrest indeed
04:17 forrest we can poke fun at him when he shows up
04:17 Corey Hooray!
04:17 Furao I said what?
04:17 Corey Ahah!
04:17 forrest that the submitter could +1 his own submission
04:18 Corey Furao: Test and say nice things about the salt build plz.
04:18 forrest Furao, https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0643/salt-2014.1.0-1.el6
04:18 Furao centos? I never used that unless forced at gunpoint
04:18 forrest Furao, spin up a VM
04:18 forrest cost me... 2 cents on digital ocean
04:18 forrest if that
04:18 forrest you can use fedora if you want
04:19 rojem joined #salt
04:19 Corey Furao: Or you could take our word for it. It's a Salt release; what could go wrong?
04:19 Corey BRB, datacenter just caught fire and sank into a swap.
04:19 forrest should still test it
04:19 Corey swamp*
04:20 Corey forrest: There... may have been some sarcasm in that statement. :-)
04:20 forrest :P
04:20 Furao I have a bad experience with new salt releases
04:20 Furao I always wait for >= x.y.1
04:20 Corey Furao: Oh you're just saying that because of disasters in the past.
04:21 Furao I had some with every releases since 0.11.0
04:21 forrest scumbag Furao, says at saltconf everyone should bump things out of test, doesn't want to bump things out of test :P
04:21 Corey Seems moar verbose.
04:22 Corey I don't think I had the pleasure of meeting Furao this trip.
04:22 forrest really?
04:22 Furao what?
04:22 Furao I wasn't at saltconf
04:22 forrest He was hiding in that corner of the big room during s0undt3chs' talk...
04:22 Furao I was in Hong Kong
04:22 forrest Furao, wait, who was I talking to then
04:22 zzzirk joined #salt
04:22 Furao I'm doing a conference speech but in 3 weeks in PyCon Malaysia
04:23 forrest hmmm
04:23 forrest well that's quite embarrassing
04:23 Corey forrest: So what did not-Furao look like?
04:23 Corey Was it Clint, was it Trevor...
04:23 jalbretsen joined #salt
04:23 forrest I don't remember
04:23 Corey Was there a beard involved?
04:24 forrest that's like 90% of the people who were at the conference
04:24 Furao me my.linkedin.com/in/brunoclermont/
04:24 frasergraham joined #salt
04:24 Furao (with a beard)
04:25 forrest Furao, oh nope totally not you
04:25 forrest my apologies
04:25 Corey Hmm, this is interesting. Again.
04:25 forrest who the hell am I thinking of...
04:25 Furao I did and said a lot of things on salt testing, such as a formulas testing frameworks
04:25 Furao but I wasn't there :)
04:25 Corey I updated the master to the new release, and every minion shows up in manage.down
04:26 forrest Furao, yea understandable, as I said, my apologies.
04:26 Furao hehe it's just funny
04:27 forrest here we go I'm thinking of herlo
04:27 davet joined #salt
04:27 forrest https://fedoraproject.org/wiki/User:Herlo
04:27 forrest so yea it was Clint Corey
04:27 Corey I saw him two days ago.
04:27 forrest you should tel him to approve this so it moves on from testing
04:27 forrest since he wanted us to do it
04:30 jeremyfelt joined #salt
04:30 krow joined #salt
04:32 jeffro joined #salt
04:33 hunter joined #salt
04:33 jamesf_ joined #salt
04:35 linjan joined #salt
04:39 xDamox joined #salt
04:42 ipalreadytaken joined #salt
04:48 aarontc joined #salt
04:49 christopherl joined #salt
04:52 thayne joined #salt
04:56 hunter joined #salt
04:58 chitown joined #salt
05:00 hunter__ joined #salt
05:00 joehillen joined #salt
05:01 hunter__ joined #salt
05:02 djfiii joined #salt
05:05 ipalreadytaken joined #salt
05:08 ipalreadytaken joined #salt
05:11 bones050 joined #salt
05:11 bones050 hi guys
05:12 ajw0100 joined #salt
05:12 bones050 Does anyone know if it possible to dynamically add hosts to a nodegroup? I'm trying to maintain host groupings without usings Grains, as not all hosts will have minions.
05:14 terminalmage bones050: nope
05:14 terminalmage nodegroups are a master config parameter, and can only be modified by editing the master config file and restarting
05:16 thayne joined #salt
05:17 xDamox Hello, I am trying to loop through a list and I get the following error
05:17 xDamox failed: Conflicting ID
05:18 bones050 xDamox: is the ID unique for each iteration of the loop?
05:18 kedo39 joined #salt
05:19 xDamox I am using /tmp/myfile:
05:19 xDamox with file.append
05:19 xDamox I am trying to append multiple lines
05:31 xDamox bones050 the template I am using is http://pastebin.com/g20VdwQC
05:32 xDamox Ahh fixed
05:33 dave_den xDamox: http://pastebin.com/g9Nun6wt
05:33 xDamox Yeah, I got that :)
05:33 xDamox Thanks Dave Den
05:34 dave_den yep, it's all about the ID
05:35 xDamox With states are you are to use the following: pillar[{{ role }} + '_users']
05:35 dave_den sorry, i don't follow. can you explain a bit more?
05:36 xDamox Are you able to concatenate strings in Jinja?
05:39 dave_den oh, yes
05:40 dave_den but pillar[{{ role }} + '_users'] is probably not possible, depending on where you're using that
05:41 xDamox Ahh OK
05:41 dave_den by default it's one layer of jinja
05:41 dave_den so you can't do that kind of interpolation
05:43 xDamox Cool, thanks
05:43 dave_den it's technically possible, but just don't try it
05:43 dave_den :)
05:53 bhosmer joined #salt
05:54 yongkang left #salt
05:56 kadel joined #salt
06:10 jeffro joined #salt
06:19 yomilk joined #salt
06:25 leonardinius joined #salt
06:26 frasergraham joined #salt
06:31 srfwii joined #salt
06:33 christopherl joined #salt
06:35 schimmy joined #salt
06:41 yomilk joined #salt
06:43 nyx joined #salt
06:43 jeffro joined #salt
06:45 Guest79250 for anyone watching - I had thought you could specify paths to a new salt master created by salt-cloud when make_master is true, from my tracing that appears to be false.  would be nice.
06:46 Guest79250 correction: paths to a new salt master's keys
06:49 terminalmage Guest79250: mentioning a feature request randomly in IRC is unlikely to yield anything
06:49 terminalmage you'd be better off using the issue tracker and filing a feature request
06:50 kermit joined #salt
06:58 CeBe joined #salt
07:03 fllr joined #salt
07:19 kadel joined #salt
07:21 Kenzor joined #salt
07:21 justlooks joined #salt
07:28 justlooks hi,i use salt to get bash file ,but i have problem because the bash code has some conflict with jinjia ,here is the detail  https://gist.github.com/justlooks/9204426 anyone know how to handle this?
07:34 ndrei joined #salt
07:39 justlooks anyone?
07:53 Guest97228 joined #salt
07:54 lessismore joined #salt
07:54 fllr joined #salt
07:59 n8n joined #salt
07:59 ipalreadytaken joined #salt
08:03 ndrei joined #salt
08:06 harobed joined #salt
08:08 ml_1 joined #salt
08:09 ndrei joined #salt
08:11 anuvrat joined #salt
08:11 carlos joined #salt
08:12 schimmy joined #salt
08:14 xmj Morning
08:15 xmj is 2014.1.0 released yet? :)
08:22 krow joined #salt
08:25 fllr joined #salt
08:26 faldridge joined #salt
08:29 ipalreadytaken joined #salt
08:30 giantlock_ joined #salt
08:34 kadel joined #salt
08:36 MrTango joined #salt
08:42 l0x3py joined #salt
08:45 schimmy joined #salt
08:46 jrdx joined #salt
08:47 miguitas joined #salt
08:47 jeffro joined #salt
08:48 Katafalkas joined #salt
08:48 terminalmage xmj: did you see the topic?
08:48 Katafalkas joined #salt
08:48 terminalmage xmj: also https://groups.google.com/d/topic/salt-announce/s1oYmaeN00I/discussion
08:49 terminalmage xmj: and https://pypi.python.org/pypi/salt
08:49 terminalmage all places you can check to find this information
08:49 yomilk joined #salt
08:50 gildegoma joined #salt
08:50 terminalmage http://www.freshports.org/sysutils/py-salt/
08:50 terminalmage port needs to be updated, should be done soon
08:52 terminalmage xmj: FreeBSD port was submitted on Friday
08:52 terminalmage don't know how long that usually takes
08:54 xmj terminalmage: I did find that after asking the question :)
08:54 xl1 joined #salt
08:55 xmj I'm actually much more interested in salt on RHEL, so it's good that EPEL already packaged it
08:55 terminalmage it should be in epel-testing
08:56 terminalmage I packaged it on Thursday
08:56 xmj saw it :)
08:58 xmj how uptodate is http://docs.saltstack.com/topics/virt/index.html ?
08:59 xmj asked differently, can salt-virt run with containers, or does it (at this time) only work well with KVM ?
09:00 terminalmage kvm only, as far as I know
09:00 terminalmage xmj: why not look at http://docs.saltstack.com/ref/modules/all/salt.modules.lxc.html#salt.modules.lxc ?
09:01 xmj hm
09:01 terminalmage OK I am heading to bed
09:01 xmj good night, keep up the good work
09:05 malinoff joined #salt
09:07 cro joined #salt
09:20 yomilk joined #salt
09:21 sfello joined #salt
09:30 ipalreadytaken joined #salt
09:31 fragamus joined #salt
09:34 kadel joined #salt
09:39 Katafalk_ joined #salt
09:50 tomspur joined #salt
09:50 tomspur joined #salt
09:55 fllr joined #salt
09:58 Katafalkas joined #salt
10:02 che-arne joined #salt
10:04 jrdx joined #salt
10:11 Sypher_ joined #salt
10:12 Katafalkas joined #salt
10:28 sfello joined #salt
10:31 ipalreadytaken joined #salt
10:32 sulky joined #salt
10:37 Iwirada joined #salt
10:45 aleszoulek joined #salt
10:46 canci joined #salt
10:51 leonardinius Hi guys. I'm trying to wrap my head aroung gitfs. I have 1 box with salt-master on it, no salt-minion. I have specified fileserver_backend anf gitfs_remotes. I could see some sort of activity present in /var/cache/salt/master/gitfs. How could I chjeck what is the actual/effective salt state tree? I tried to run salt-call --local cp.list_master, however it seems it does not talk to master but instead tries to work in masterless mode with default conf
10:51 leonardinius iguration on.
10:52 viq salt 'minion' state.show_highstate     ?
10:55 leonardinius viq, it does not help. I don't have minnions at the momenbt
10:55 fllr joined #salt
10:55 leonardinius I'm trying to setup gitfs stuff so I could move forward with minions/states
10:55 xl1 joined #salt
11:00 ndrei joined #salt
11:01 viq leonardinius: try salt-call without --local
11:01 viq leonardinius: though any particular reason why you're not running salt-minion on your master?
11:04 leonardinius viq, ee I thought I dont need one. So, you are saying - the default salt-master configuration is to ave both master and minion deployed on hte same box?
11:04 ndrei joined #salt
11:04 leonardinius viq, sorry for so many typos ;( hard to read
11:05 viq leonardinius: well, it depends on your preference. I prefer to be able to manage all my machines if I deploy automation
11:08 leonardinius viq, ok, thanks. will try to troubleshoot it that way than
11:09 leonardinius viq, one more newbie question - you have mentioned you manage salt-master as well. how do you do it? Initially install salt-master and salt-minion on hte same machine and afterward leverage salt-call to update salt-master configuration?
11:09 sgviking joined #salt
11:10 leonardinius viq, what's the know/how or idiomatic salt way to address this?
11:10 viq leonardinius: you could use https://github.com/saltstack-formulas/salt-formula though I don't yet
11:11 viq I don't manage salt itself with salt, but I manage the parts of that machine that I manage on others as well, eg users, snmp and the like
11:13 leonardinius viq, got you. thanks a lot for sharing your expertise!
11:13 Iwirada is it possible that 2014.1.0 minions cant work with 0.17.5 masters?
11:14 malinoff Iwirada, of course
11:14 yomilk joined #salt
11:14 Iwirada malinoff: of course it is possible, or of course they should work togehter?
11:14 Iwirada ;)
11:14 viq Iwirada: it is usually recommended to have master same or newer than minions. On the other hand I have 2014.1.0 minion that responded yesterday to a 0.17.4 master
11:14 malinoff Iwirada, of course it is possible :)
11:15 Iwirada damn
11:16 malinoff Iwirada, salt is not stable - what do you expect :)
11:16 ndrei joined #salt
11:16 mike25ro malinoff: salt is not stable?!
11:16 malinoff Yes :O
11:16 mike25ro what do you mean?
11:16 mike25ro is it dodgy?
11:16 viq mike25ro: code changes all the time, including APIs I believe
11:16 malinoff I mean, there is no guarantee that API won't change
11:16 mike25ro ah ok.. right
11:17 malinoff And I faced some issues like broken pkgrepo
11:17 mike25ro true..
11:18 malinoff In our team, we've decided to move from salt
11:18 mike25ro really? :(
11:18 Iwirada this is what i am considering atm
11:18 malinoff Especially after the announce about implementing RAET
11:18 mike25ro i have no idea what raet is
11:18 Iwirada what is that?
11:18 viq malinoff: why so?
11:18 viq RAET is a new transport protocol they're working on
11:19 malinoff https://groups.google.com/forum/#!topic/salt-users/eY9HiwqFCUg
11:19 mike25ro and is it... better or worse..?
11:20 viq malinoff: and a follow up question, what do you intend to move to?
11:20 MrTango joined #salt
11:21 malinoff Well, there are things like RabbitMQ which have proved it's stability
11:21 malinoff I don't know why salt don't want to use them
11:21 jrdx joined #salt
11:21 scott_w joined #salt
11:22 malinoff viq, we will use ansible and chef, and we will decide. 6 months ago salt was very promising - but I don't like what's going on right now
11:22 Iwirada puppy then it is - i have to test it first, though
11:22 malinoff Also, I'm working on my own remote execution tool based on celery
11:22 Iwirada malinoff: chef is better than puppy?
11:22 malinoff Iwirada, for me - yes
11:23 malinoff I like that ansible and salt are for remote execution at first - but chef/puppet are for configuration management
11:23 malinoff My opinion is to choose ansible
11:24 Iwirada can you point out some points chef hat over puppet?
11:24 ndrei joined #salt
11:25 viq From my having a look around ansible is much, much faster to wrap your head around - I'm no programmer, and especially not a ruby programmer, so chef is a bit of a challenge for me
11:25 malinoff I've dropped puppet after just one thing - I can't enforce applying my states, I should wait - jesus - 30 minutes
11:25 malinoff viq, this is simple - I hate ruby at all
11:25 viq malinoff: huh?
11:26 Iwirada both are based on ruby
11:26 viq malinoff: what do you mean, you can't enforce applying states?
11:26 Iwirada like salt '*' state.highstate, i guess
11:26 malinoff Yes.
11:27 malinoff Iwirada, that's why I like ansible
11:27 malinoff Python is my favorite :3
11:27 viq malinoff: please elaborate, how is chef different in that respect? Both are just running a client
11:28 viq And both you can tie in with eg mcollective
11:28 Iwirada malinoff: i c. but i need something which connects back to the controll server to check for new states
11:28 viq Iwirada: you can tell ansible to do that
11:29 Iwirada i would prefer python over ruby, tbh
11:29 viq and ansible is in python
11:30 Iwirada viq:  i know
11:31 Iwirada damn, salt was so promising, but if i risk to not be able to connect master and minion if the version differs, then it is not for me :/
11:32 Iwirada ok, i have to run for lunch
11:32 ipalreadytaken joined #salt
11:32 Iwirada i will talk back to you about this topic.
11:32 Iwirada thanks for the input, so far.
11:33 malinoff viq, I was talking about server-client architecture. I write a manifest on the server, and a client every 30 minutes asks the server about manifests
11:34 ndrei joined #salt
11:37 viq malinoff: you said like with chef you can force "sync now" and with puppet you can't. Or did I misread you?
11:40 Katafalkas joined #salt
11:50 DaveQB joined #salt
11:51 ckao joined #salt
11:52 jeddi joined #salt
11:55 fllr joined #salt
12:01 malinoff viq, I'm not very familiar with chef. Just googled and yes, chef works just like puppet. Damn.
12:03 bhosmer joined #salt
12:03 christopherl joined #salt
12:04 malinoff Well, we will choose ansible, as I said :)
12:09 yomilk joined #salt
12:11 ndrei joined #salt
12:11 viq malinoff: ah, ok :P Though there are ways around it. When you work with chef you work using knife, and you can tell knife to ssh into machines and kick off a chef run. Also you can use mcollective, using which you can kick off puppet/chef/whatever runs
12:11 Teknix joined #salt
12:11 viq Or, well, for that matter, you can use salt to kick off chef/puppet/whatever runs :P
12:12 malinoff I know you like node provisioning, so I built a system to provision a system to provision nodes
12:12 viq On the other hand you can tell ansible to set up daemon on controlled machines that will connect periodically to a central server and apply states.
12:12 leonardinius regarding gitfs stuff. I get some weird log warning >> [DEBUG   ] Updating fileserver cache
12:12 leonardinius [WARNING ] Exception caught while fetching: len([]) != len(['@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@', '', '', '', '', '', '', '', '', '', 'and the repository exists.'])
12:12 viq Somewhat as an answer to "what happens if one of your nodes is offline when you apply the states?"
12:13 leonardinius Anyone has had anything similar?
12:13 viq leonardinius: rm -rf /var/cache/salt/* and try again, see if it persists. Could be a good idea to restart master in between
12:15 leonardinius viq, still present ;
12:15 millz0r_ joined #salt
12:15 leonardinius ;
12:16 anuvrat joined #salt
12:17 viq leonardinius: maybe show the relevant parts of your config
12:18 leonardinius viq, might it be the issue with particular version of GitPython? hmmmm
12:18 viq leonardinius: no idea. What are you running this on?
12:20 viq malinoff: alos earlier you mentioned RabbitMQ, mcollective uses that for the messaging bus, like I said people use that for remote execution stuff, eg kicking off puppet/chef runs or installing packages
12:20 malinoff viq, cool
12:21 malinoff I just found celery - it's really awesome
12:21 malinoff I did not see such a modular system
12:21 mike25ro celery?
12:21 malinoff Y
12:21 viq malinoff: also chef should "soon" open the sources for their 'pushy', which is a way for chef server to tell nodes to do something now
12:21 leonardinius viq, GitPython=0.3.2.RC1
12:22 che-arne joined #salt
12:22 malinoff Celery is not a remote execution tool, but framework to build your own remote execution system
12:22 viq leonardinius: apparently I'm running with the same version, and I use gitfs
12:22 malinoff You can choose between many brokers, serializers, backends and so on
12:23 viq malinoff: sadly I'm currently next to programming-illiterate
12:23 malinoff Awesome thing you can even change bootsteps
12:24 viq What are bootsteps?
12:24 mike25ro malinoff:  seems awesome
12:25 malinoff viq, if you don't want event system, you can exclude it from the worker boot
12:25 simnet joined #salt
12:25 malinoff Or you can write your own bootstep, for example, configuring
12:25 malinoff mike25ro, it is :)
12:26 simnet Could someone please point me to configurations specific to freebsd ?
12:26 viq simnet: what do you mean?
12:27 leonardinius viq, https://gist.github.com/leonardinius/9207898
12:27 leonardinius it's basically my complete /etc/salt/master
12:27 simnet working examples of salt freebsd installing packages both pkgng and ports etc.
12:27 leonardinius viq, what salt version do you run?
12:28 viq simnet: on freebsd 10 pkg.installed should just work, I don't think there's support for using ports
12:28 viq leonardinius: currently 0.17.5
12:29 viq leonardinius: try commenting out gitfs_provider, see what happens - I don't have that defined
12:30 simnet vic: thanks.
12:30 viq simnet: I was mistaken, http://docs.saltstack.com/ref/modules/all/salt.modules.freebsdports.html
12:32 viq simnet: generally in descriptions there are examples, have a look through http://docs.saltstack.com/ref/states/all/index.html and http://docs.saltstack.com/ref/modules/all/index.html
12:32 Iwirada left #salt
12:32 ipalreadytaken joined #salt
12:33 simnet viq: I have been looking through these links. I just wondered if someone had an example of working sls
12:34 ipalreadytaken joined #salt
12:36 linjan joined #salt
12:36 leonardinius viq, provider change didn't help. trying out v0.17.5 tag
12:36 leonardinius viq, before that I tried latest develop
12:40 leonardinius viq, didn't helped. I've run salt-master --versions-report, posted it here https://gist.github.com/leonardinius/9207898#comment-1179543
12:40 leonardinius viq, maybe you could spot difference with your environment
12:43 viq leonardinius: here's mine http://pbot.rmdir.de/6TYjbx9-B6uhjWDDZ6B77A
12:47 Gifflen joined #salt
12:53 christopherl joined #salt
12:55 fllr joined #salt
12:59 bhosmer joined #salt
13:00 leonardinius viq, thanks for your help. however I chose to drop it. I've already spent a almost day trying things out. Not worth it.
13:01 leonardinius viq, btw the only change I see so far is minor python version difference
13:01 viq And that gitfs_root setting
13:03 blee joined #salt
13:06 diegows joined #salt
13:07 ndrei joined #salt
13:07 elfixit joined #salt
13:17 thayne joined #salt
13:17 gfa joined #salt
13:18 Iwirada joined #salt
13:19 dstanek joined #salt
13:24 jaimed joined #salt
13:28 akoumjian joined #salt
13:28 astol joined #salt
13:28 astol hi all, is there a way to display last applied highstate (current state of system) on minion?
13:29 blee_ joined #salt
13:33 eclectic joined #salt
13:33 Ahlee astol: well, there's always state.highstate test=True to see what is different
13:33 yomilk joined #salt
13:34 Ahlee if you have an external job cache defined and/or keep your history for longer than the default 24 hours you could check it as well
13:35 ipalreadytaken joined #salt
13:36 liwen_ joined #salt
13:40 giantlock joined #salt
13:43 ipmb joined #salt
13:46 R_Shackleford joined #salt
13:47 jeffrubic joined #salt
13:55 liwen joined #salt
13:55 fllr joined #salt
13:58 ndrei joined #salt
13:58 juicer2 joined #salt
14:00 ndrei joined #salt
14:02 zzzirk joined #salt
14:05 johtso joined #salt
14:07 liwen_ joined #salt
14:08 ndrei joined #salt
14:08 racooper joined #salt
14:11 jankowiak joined #salt
14:12 cweisel joined #salt
14:14 mgw joined #salt
14:18 HeadAIX joined #salt
14:19 budrose joined #salt
14:20 bhosmer joined #salt
14:23 sfello joined #salt
14:23 nobody_314 joined #salt
14:23 basepi joined #salt
14:24 bhosmer joined #salt
14:25 cnelsonsic joined #salt
14:25 Chrisje joined #salt
14:26 faldridge joined #salt
14:26 Gifflen joined #salt
14:30 quickdry21 joined #salt
14:31 mpanetta joined #salt
14:31 vlcn joined #salt
14:32 faldridge joined #salt
14:35 vejdmn joined #salt
14:36 fllr joined #salt
14:36 ipalreadytaken joined #salt
14:37 timoguin joined #salt
14:37 _fllr_ joined #salt
14:38 Mr_N Anyone have particularly strong opinions on the various methods of inventory management?  (e.g. reclass, or other stuff via ext_pillar)
14:38 Gifflen joined #salt
14:38 Saint-N interns
14:38 Saint-N they're much better at it ;)
14:39 Mr_N Hah.
14:39 madduck Mr_N: I do ;)
14:39 Saint-N and free!
14:39 madduck but I am unfortunately about to head out of office
14:39 madduck and you know my opinion anyway ;)
14:39 Mr_N I do? O.o
14:40 Mr_N Saint-N: Unfortunately, this shop is very very bad at hiring people as needed.  Thank academia for that.
14:40 Mr_N So I'm trying desprately to come up with a solution that'll outlive my being here.
14:41 bryano__ joined #salt
14:41 Saint-N oh
14:41 Saint-N im lazy(about scripting and finding a managed solution) for inventory
14:41 Saint-N i just cheat really and do blasts grepping dmesg n stuff
14:42 madduck Mr_N: I wrote reclass ;)
14:42 Saint-N hah
14:42 Saint-N im sensing a bias ;)
14:45 Mr_N madduck: :o
14:45 Mr_N I legitimately had no idea.  (only saw the formal name in the copyright string)
14:45 TheRealBill joined #salt
14:45 Mr_N Well, thanks, then XD
14:46 Mr_N Saint-N: Problem is, we run a few thousand machines in clustered configurations.  So without proper inventory management all of this (cfg management, monitoring, etc.) becomes highly unmaintainable
14:47 Saint-N ahh
14:47 Saint-N that kind of inventory
14:47 cweisel joined #salt
14:47 Saint-N for some reason since it's 4th quarter i always default to "asset tags" and physical inventory for the accountants
14:48 Mr_N Hah
14:48 Saint-N what base is yer os farm? or is it mixed?
14:48 Mr_N we solve that problem by literally shoving stickers with barcodes on machines.
14:48 Saint-N hah
14:48 Saint-N yeah
14:48 Mr_N We're primarily SL+windows.
14:49 Saint-N sl=suse linux?
14:49 Mr_N sci linux
14:49 Saint-N ahh
14:49 Mr_N centOS derivate
14:49 Mr_N or something
14:49 * Mr_N is notoriously bad at his *nix pedigree memory
14:49 Saint-N for rhel stuff you can use skywalker(i think thats the name)
14:49 Mr_N spacewalk do you mean?
14:49 Mr_N we use it for deployment.
14:49 Saint-N yeah
14:49 Mr_N and we use WDS for windows deployment
14:49 frasergraham joined #salt
14:50 Saint-N you know you can extend it to be a wsus for nix yeah?
14:50 Mr_N Which, spacewalk?
14:50 Saint-N yup
14:50 Mr_N Yeah, I know.
14:50 Saint-N so what more do you need?
14:51 Mr_N I have no great way to word this; but a "single source of knowledge" for all of my cfg management/monitoring systems.
14:51 mattmtl joined #salt
14:51 Saint-N in most cases i end up using icinga+pnp4nag+splunk(for logs)+ansible(and now salt)
14:51 Mr_N Currently we run nagios, salt, spacewalk, wds, splunk, and munin
14:51 Saint-N covers pretty much everything you'd need to know about everything ;)
14:51 Saint-N so you really just want it all in one place?
14:52 Mr_N That's the dream.
14:52 Saint-N icinga
14:52 Mr_N Shall google, thanks for the pointer :)
14:52 Saint-N it allows you to create web2.0 pages for all the addons
14:52 Saint-N its basically an overlay for nagios
14:52 Mr_N (I'm a systems coder being thrown headlong into devops, so I'm not really familiar with what tooling is even available until someone tells me ><)
14:52 Saint-N so per user dashboards let you specify all the sub apps as you listed as simple clicks
14:53 vejdmn1 joined #salt
14:54 astol joined #salt
14:54 nobody_314 joined #salt
14:54 Mr_N To be clear; I don't want to replace our entire toolkit with a single tool, I'm not sure that's even possible
14:54 Saint-N oh no thats not it
14:54 Saint-N its more or less just a way to make it all in one spot
14:54 Mr_N Ah ok.  Was just being clear :)
14:55 Saint-N sorta like making a stupid html page with l;inks to each page
14:55 vejdmn joined #salt
14:55 Saint-N but having the ability to have it all single browserwindow tabbed as needed
14:55 Mr_N I'm digging into their FAQ and stuff, but I wanted to make sure I wasn't going in a different direction
14:55 fllr joined #salt
14:55 Saint-N and yer current nag will import into it
14:55 mattmtl Using bootstrap with (git develop) on centos 6.5, I am not able to make the minion start after a system reboot... how come?
14:55 Saint-N its really a nagios alternative like nms and stuff
14:55 tyler-baker joined #salt
14:56 Mr_N See; my pipe dream is something like, I add a node into a DB consisting of like [host, variables] and it detects this addition and pushes the "appropriate files" to each of nagios, spacewalk, salt, etc.
14:56 Saint-N but its webside is a bit more advanced and flexible
14:56 Mr_N And that DB is now the authoritative source for our deployment
14:56 Saint-N well salt/ansible can totally do that ;)
14:56 Mr_N We looked at some other nagios alternatives (zenoss, mostly) but they all had different things missing
14:56 Saint-N yeah icinga IS nagios
14:56 Saint-N just pretty
14:57 Saint-N thats what i like most about it
14:57 Saint-N they didnt try to reinvent anything but how it looked
14:57 Saint-N and it hooks into nconf nicely as well
14:57 Saint-N and of course jenkins is another good thing for running salt/ansible automagically with hooks
14:58 Saint-N thats what im doing right now actually
14:58 Saint-N is refactoring our salt
14:58 GradysGhost joined #salt
14:58 Mr_N See; this is what breaks my brain about all of this
14:58 Mr_N so many possible ways to solve any given problem
14:58 Saint-N so i can spawn a vm and set it up with base crap and have it automagically add itself to splunk and nag
14:58 Mr_N and most of the time at the onset I have no idea if I'll hit a pitfall on one of them.
14:59 Mr_N Saint-N: Yeah; that sounds similar to the configuration I'm approaching now; we kickstart a node from spacewalk and it automagically adds itself to salt, which automagically adds it to nagios.
14:59 Mr_N Different 'root of authority' but similar concept.
14:59 Mr_N route of authority, rather*
14:59 jeremyBass1 joined #salt
15:01 liwen joined #salt
15:02 Rusty_Shacklefor joined #salt
15:04 Gifflen joined #salt
15:06 aleszoulek joined #salt
15:06 markm joined #salt
15:07 sfello hey folks. can anyone point me to a guide of how to make the master also manage itself as a minion?
15:08 Ahlee sfello: install salt-minion, in /etc/salt/minion set master: localhost
15:08 sfello ok, i installed salt using bootstrap.saltstack.org script - there is no minion file in /etc/salt - is it a case of apt-get?
15:10 johtso joined #salt
15:11 Ahlee I believe if you used the bootstrap there's an option to install a minion via it
15:11 sfello ah ok
15:13 mwmnj joined #salt
15:14 Math` joined #salt
15:14 yomilk joined #salt
15:16 vejdmn1 joined #salt
15:17 mwmnj joined #salt
15:17 xt Saint-N: you switched from ansible to salt?
15:19 marsdominion joined #salt
15:20 Gordonz joined #salt
15:20 marsdominion join #rundeck
15:22 Gordonz joined #salt
15:22 Rusty_Shacklefor joined #salt
15:23 rojem joined #salt
15:24 anuvrat joined #salt
15:27 ndrei joined #salt
15:27 nobody_314 joined #salt
15:27 rostam joined #salt
15:28 Mr_N Oh man; I love creating exceptions deep within salt-ssh.
15:28 Mr_N -.-
15:29 ajw0100 joined #salt
15:31 mattmtl how can I make bootstrap to install salt as a service on centos 6.5?
15:32 nyx joined #salt
15:33 rgbkrk joined #salt
15:34 Mr_N salt-ssh could be worlds better about masking internal errors into something more sane, but damn do I love it in general :|
15:35 Mr_N and mattmtl: something like curl -L <bootstrapaddress> | sh -s
15:35 sroegner joined #salt
15:35 Mr_N rather; that trailing -s may be unneccesary
15:35 Mr_N (I ran it as sh -s -- git develop, because LIVING ON THE EDGE or something)
15:37 ndrei joined #salt
15:37 ipalreadytaken joined #salt
15:37 pdayton joined #salt
15:39 MrTango joined #salt
15:39 giantlock_ joined #salt
15:41 frasergraham joined #salt
15:43 marsdominion joined #salt
15:45 frasergr_ joined #salt
15:46 rallytime joined #salt
15:47 frasergraham joined #salt
15:47 Rusty_Shacklefor joined #salt
15:48 forrest joined #salt
15:48 xmj whenever i see someone piping stuff from the internet to sh i cringe and add them to the 'do-not-hire' list.
15:49 Mr_N xmj: Two points of note; first; these are the explicite documentations on the (if I recall correctly) official quickstart guide
15:49 jrdx joined #salt
15:49 forrest for the bootstrap? Yea
15:49 xmj Mr_N: doesn't make it better
15:49 mgw1 joined #salt
15:50 xmj an official guide with curl | sh -s in it is inherently worse
15:50 marsdominion joined #salt
15:50 Mr_N xmj: When you can tell me that you sysadmin with 0 bad practices, I will bow down and worship you :/
15:50 bt joined #salt
15:50 jcsp xmj: .rpms and .debs all contain executables.  Downloading a piping into .sh. isn't any different from adding a GPG key and adding an apt repo, you're downloading and running executable code as root.
15:50 timoguin I've seen some interesting arguments about how that install method is actually pretty transparent. I mean, you *can* read the script.
15:51 Mr_N For the record; I use yum to deploy, but for a trusted site in a situation like this, you don't have many better options
15:51 Mr_N jcsp put it better than I did.
15:51 xmj timoguin: the idea is that you let a potentially compromised site execute code without verifying its non-harmfulness.
15:52 liwen joined #salt
15:52 timoguin yea i get it
15:52 xmj jcsp: rpm/deb packages usually have an SHA/md5 hash endorsed by someone who reviewed the package's correctness
15:53 Mr_N They have an alternative for not bypassing cert checks; which is "something"
15:54 christopherl joined #salt
15:54 teskew joined #salt
15:54 xmj i just told about what I do. if you do that differently and hire curl | sh -s people... okay.
15:54 xmj rejoice; more hireable people for you
15:55 Mr_N No; you implcitely shit on everyone who follows the official salt doc, without talking about meaningful alternatives.
15:55 Mr_N Maybe I'm speaking out of turn, but you approached it in a rather insulting way, as someone who is a "curl | sh -s" person for a site I frankly trust on machines I already consider insecure.
15:55 fllr joined #salt
15:57 Mr_N (and, to be completely honest, I consider putting a client on a desktop to be FAR MORE of a security hole than piping just about anything from the whole wide net through sh)
15:58 Ztyx joined #salt
15:58 Katafalkas joined #salt
15:58 elfixit joined #salt
15:59 Ztyx Hey, if I define an environment in my pillar's top.sls, why do I need to defined one in pillar_roots on my master?
15:59 jcsp xmj: hashes don't matter, anyone can modify something and generate a fresh hash.  You're thinking of signatures.  Your trust of the signature comes from your trust of the public key of the signer, which you download *drumroll*… from the internet.
15:59 jcsp the only time you have a real root of trust is if you've got something signed by e.g. your OS vendor, or if you have an out-of-band way of verifying the public key such as phoning up the vendor and having them read out the fingerprint.
15:59 jcsp I'm not saying signing packages isn't a good thing (it definitely is), but it doesn't magically make code you download from the internet safe.
15:59 Mr_N jcsp: "thank god for package maintainers", is all I have to say :/
16:00 nobody_314 joined #salt
16:00 xmj jcsp: I use freebsd, we have ports, before someone packages stuff things get verified and their SHA256?512? hashes of the distfiles taken.
16:01 ndrei joined #salt
16:01 xmj yes, given that I maintain enough ports to know how to do it (and how tedious the review process is), I do mostly trust that system. :-)
16:03 hunter__ joined #salt
16:04 Mr_N xmj: Honest question though; do you just never use salt on windows in that case?  since they hand you a raw .exe with no checksum/validation; which is on par with curl | sh
16:04 abe_music joined #salt
16:04 Mr_N You could build from sort, but I sure as hell don't have time to do that :/
16:05 Mr_N s/sort/source blah
16:06 xmj Mr_N: why would I use windows? the license costs as much as three really good steaks, and I do like steak.
16:07 Mr_N This was a question under the assumption that you're managing a deployment you don't have authority to make that sort of decision on
16:07 Mr_N (as is pretty much always the case in industry above a certain scale; as is the inevitability that windows will be in the picture)
16:09 ipalreadytaken joined #salt
16:11 jrdx joined #salt
16:11 christopherl joined #salt
16:12 twobitsprite joined #salt
16:13 twobitsprite is it better to schedule states in cron on the minions or to schedule them to be run from the master?
16:13 cachedout joined #salt
16:13 twobitsprite The doc page on using cron mentions using salt-call on the minion, but it seems like it'd be simpler to just cron a highstate run from the master... is there some downside to doing it that way?
16:14 Katafalkas joined #salt
16:21 forrest twobitsprite, look at the scheduler as well: http://docs.saltstack.com/topics/jobs/schedule.html
16:23 xmj Mr_N: won't happen to me :-p
16:24 xmj i'm religiously against it and if someone tries me to do that, here's my notice.
16:24 Ztyx :q
16:24 Ztyx Ooops, not vim!
16:25 frasergraham joined #salt
16:27 Mr_N s
16:27 Mr_N ~/
16:27 Mr_N ~/~.
16:27 Mr_N Apologies.
16:27 Mr_N I can't type.
16:28 Mr_N xmj: Unfortunately, one of the job descriptions on my business card is "sysadmin" so, I'm a bit unable to make that sort of choice ><
16:28 xmj Mr_N: you can always fire clients that insist on windows ?
16:28 timoguin totally practical.
16:28 jforest joined #salt
16:29 Mr_N Given that much of data science in academia is backed by Sql Server, that's not really a reasonable response.
16:29 jeremyfelt joined #salt
16:30 jergerber joined #salt
16:31 budrose joined #salt
16:31 nobody_314 joined #salt
16:31 xmj fire your boss (:
16:32 Mr_N Because that totally solves the problem of "researchers in general tend to use sql server"
16:33 Mr_N (FWIW, I can't speak on the validity of that claim, I'm certainly not a DBA, and don't know whether it's "the right choice")
16:34 Mr_N (I just know that it's how things pan out, pragmatically.)
16:35 vejdmn joined #salt
16:36 Ztyx joined #salt
16:37 chrisjones joined #salt
16:37 hunter joined #salt
16:37 UtahDave joined #salt
16:43 pass_by_value joined #salt
16:43 Math` let's say I want to add my own roster programmatically, without adding a file in the system's master config (we're deploying a key so I don't want the password hitting the db), can I add my function somewhere in the loader?
16:45 Iwirada left #salt
16:45 hunter joined #salt
16:45 viq Does salt-ssh do the same key exchange that normal salt client does, so that if later I were to enable salt-minion on that node it would "just work" with the keys being already cached in place?
16:46 philipsd6 Mr_N: I *am* a DBA, and SQL Server is almost never "the right choice" (But then, that's just my opinion.)
16:47 Math` viq: salt-ssh calls ssh with (for passwd auth) ControlMaster=auto -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o ConnectTimeout=60 -o PasswordAuthentication=yes -o PubkeyAuthentication=no -o Port=22 -o User=xxxx
16:47 GarlicOnionSalt joined #salt
16:47 Math` for key-based auth it specifically uses salt's ssh key
16:48 viq Math`: yeah, that's the ssh part, but what about the salt part?
16:48 UtahDave Math`: the roster system is designed to be pluggable. The first two roster plugins are the file based rosters and the scan roster.  It should be possible to create one to do what you want
16:48 Math` UtahDave: yes I have that working, my question is about adding it programmatically, right before calling SSHClient()
16:48 thayne joined #salt
16:48 Math` instead of registering globally
16:48 Math` I only want that roster for the duration of this script
16:48 UtahDave Math`: that being said, I don't think Tom has documented the roster plugin system at all, you might have to code dive
16:48 philipsd6 UtahDave: Documentation on the roster plugins is still scarce.
16:48 UtahDave yep
16:49 Math` it seems to be the same kind of loader system than with a lot of components
16:49 viq Namely: if I use salt-ssh from my workstation, once I tell the machines to connect to our real salt-master, will I have to remove the master's key from them, or will it work as if they never connected to any master?
16:49 Math` it uses salt.loader
16:49 madduck what does the roster system do, in a sentence or less? enumerate hosts?
16:49 cachedout There's some. It will be more visible when I finish this massive re-org of the docs this week.
16:49 Math` madduck: yeah, it give out params (user,pass,key,etc) so that SSH can connect
16:49 UtahDave viq: it will work as if it never had connect to any master
16:49 viq madduck: yeah, like ansible's host inventory, where to connect and how
16:49 madduck Math`: oh, for salt-ssh only?
16:49 danielbachhuber joined #salt
16:50 viq UtahDave: sweet, thanks
16:50 Math` viq: it does everything via stdin/stdout with the injected script
16:50 viq UtahDave: also, to make sure, I need the master running on the machine I'm running salt-ssh from, it can't be just the proper config in place?
16:51 GarlicOnionSalt Salt n00b here, was recently turned on to it by a co-worker.  Has anyone used a master-less minion on Windows?  I'm looking to have a minion create a Windows service user, group, install JDK, a Java program, and send some CLI commands to the Java program.  Does that sounds like a good idea or bad idea?
16:51 UtahDave viq: I'm not sure what you mean
16:52 viq UtahDave: do I need to 'service salt-master start' before I run salt-ssh
16:52 Math` no
16:52 UtahDave GarlicOnionSalt: That should work great!
16:53 UtahDave viq: no. Salt-ssh doesn't use the salt-master service at all
16:53 viq Awesome. It will know about pillars as well?
16:53 GarlicOnionSalt OK excellent!  Thanks UtahDave!  Just wanted to make sure!
16:54 timoguin UtahDave, the windows minion will work in masterless mode?
16:54 UtahDave timoguin: I haven't tested it myself in a little while, but yeah, it should.  Have you had issues with it?
16:55 timoguin I haven't tried it. Didn't even think it would work.
16:55 timoguin But that's good to know.
16:55 srage joined #salt
16:56 GarlicOnionSalt great, thanks guys
16:56 xmj left #salt
16:56 GarlicOnionSalt for what we are doing, masterless would be ideal, but we can use a master if we have to
16:57 GarlicOnionSalt I'll let this chat know how it goes, thanks! :)
16:57 UtahDave GarlicOnionSalt: There were a few corner cases where we had some issues with the masterless minion on Windows, but I think they've been sorted for the most part.
16:57 GarlicOnionSalt OK
16:57 UtahDave GarlicOnionSalt: Please do!  Let me know if you run into any issues.
16:57 hunter viq: what version are you running?
16:58 GarlicOnionSalt Will do thanks UtahDave!
16:58 hunter viq: in my experience with 0.17.{4,5} salt-ssh pillars work ok if you remember to delete the pillar cache file for the client.
16:59 lpn joined #salt
16:59 hunter viq: pretty much exactly what you need for a minion, except saltutil.refresh_pillar is spelt 'rm -f /blah/blah/data.p' or whatever it was. I have a script if you want it
16:59 jalbretsen joined #salt
16:59 * Gareth waves a tired wave
17:00 UtahDave Gareth: still recovering?
17:01 UtahDave I heard lots of praise for this year's scale!
17:01 viq hunter: most my machines have 0.17.5, but the machine I'd be running salt-ssh from would have 2014.1.0
17:01 ml_1 joined #salt
17:01 Gareth UtahDave: yeah :) mostly there.  but still recovering.
17:01 viq hunter: yeah, please, useful to know
17:01 Gareth UtahDave: and thanks :) it was a great show :)
17:03 hunter Other than that, I've found salt-ssh to be quite decent, at least on solaris nodes.
17:03 KyleG joined #salt
17:03 KyleG joined #salt
17:04 viq hunter: cool. I have mostly debian boxes in mind, right now thinking of dealing with them until network is rearranged so they can connect to the salt master we have
17:04 hunter viq: http://pastebin.com/aFT5Hs70
17:04 hunter viq: I don't know how well 2014 handles the pillar/grain cache.
17:04 nobody_314 joined #salt
17:04 hunter Maybe instead of month, the second number is the "quarter" of the year its released. :)
17:04 viq :P
17:04 viq hunter: awesome, thank you
17:05 hunter My understanding of the bug is that its just early days (relatively) for salt-ssh in 0.17.X and I hope that eventually saltutil.refresh_X affects salt-ssh clients as well.
17:06 * viq nods
17:07 hunter I should add that script to the bug report as a workaround for other users
17:08 viq Or maybe just add file.absent to highstate ;)
17:13 hunter https://github.com/saltstack/salt/issues/10553 is the bug report I filed - if you hit it you might watch that bug. If you DONT hit it, let me know. :)
17:15 * viq nods
17:18 dave_den since you have ssh on the minion accessible from the master, you might be better off just creating som autossh tunnels and use a regular salt-minion instance
17:19 ndrei joined #salt
17:19 xmltok joined #salt
17:19 dave_den and if your salt master is also a minion you can automatically manage them
17:20 yano joined #salt
17:20 viq I don't.
17:21 viq I don't have minions accessible from the master.
17:21 sfello joined #salt
17:21 dave_den how are you using salt-ssh?
17:21 viq I want to run salt-ssh from my workstation
17:21 dave_den ah
17:21 dave_den gotcha
17:22 f001 joined #salt
17:22 ipalreadytaken joined #salt
17:24 f001 hello! relatively new to salt, can i make a state to always return true, regardless of what happens? i want to run a command and i dont care if it fails...
17:26 mgw joined #salt
17:28 lude f001: i don't know if this is the "salt way"
17:28 dave_den f001: if you mean a cmd.run command, then you can just add " | true " for *nix/bsd minions
17:28 joehillen joined #salt
17:28 lude but i just do "[ cmd || true]": cmd.run
17:29 ndrei joined #salt
17:30 diegows joined #salt
17:30 f001 lude:  ah, right, i hadn't thought of that, thanks
17:30 jdenning joined #salt
17:31 smcquay joined #salt
17:33 akoumjian joined #salt
17:35 christopherl joined #salt
17:35 Gifflen joined #salt
17:37 forrest f001, is there a specific reason you don't care if the command fails?
17:37 rgbkrk joined #salt
17:38 schimmy joined #salt
17:39 Ztyx Having an issue with my pillars not getting picked up by the salt master. Here's my setup https://gist.github.com/JensRantil/9213838 I've started the master in foreground with debug logging and can't see any references to /srv/salt/pillar/test when starting up. Have I missed something obvious?
17:41 viq Ztyx: I think top.sls should have test, not base at the top
17:41 viq oh, erm
17:41 viq what happens if you remove the production line?
17:41 f001 forrest: yes, under normal conditions it will most likely fail, but it's not a problem, on the other hand i want it to always run for the times when it is needed. I could put some specific unless clauses... but it is such a simple thing it's not worth the trouble, it's perfectly fine like this
17:43 Ztyx viq: that made things work. Hm, isn't it possible to have multiple roots?
17:44 Ztyx viq: I was expecting the test directory holding fallback pillars in case they weren't defined in production.
17:44 dave_den Ztyx: yes, but the pillar only reads one top.sls from each environment path
17:44 astol joined #salt
17:44 dave_den so in this case production had the empty top.sls
17:44 viq Ztyx: investigating
17:45 ecdhe joined #salt
17:45 dave_den Ztyx: it would merge the multiple tops if you split the path for test out into an actual test environment
17:47 opapo joined #salt
17:47 Ztyx dave_den: I see. My use case I'd rather not check in some sensitive pillars in VCS, so I thought I could use the test pillar directory for "fake sensitive data".
17:47 kaptk2 joined #salt
17:48 thayne joined #salt
17:48 schimmy joined #salt
17:48 Ztyx dave_den: While I'm at it, do you know why I need to specify variable (base, in this case) both in file_roots _and_ top.sls?
17:48 Ztyx dave_den: Eh — s/variable/environment
17:49 dave_den 'base' is just a special environment name
17:49 Gifflen joined #salt
17:49 Ztyx So, if I moved /srv/salt/pillar/test into a "test:" environment, you'd think that would make things happy?
17:50 dave_den http://docs.saltstack.com/topics/tutorials/states_pt4.html#environment-configuration
17:50 pvi00 joined #salt
17:55 ipalreadytaken joined #salt
17:55 ipalreadytaken joined #salt
17:57 shadowsun joined #salt
17:57 opapo joined #salt
17:58 shadowsun Okay, what's up with multi master configuration in salt 2014.1.0? It's causing my minions to fail to start with a StopIteration. It works if I change the minion config file to have only one master. My format is correct according to http://docs.saltstack.com/topics/tutorials/multimaster.html
17:58 shadowsun Is this a known bug, or do I get to be really, really greatful that my dev boxes are set up to update first?
17:59 ml_1 joined #salt
17:59 Ztyx dave_den: Have read it last week. Reread it now. Still not comprehending fully I think. Will think about this until tomorrow. Thanks anyhow.
18:00 nahamu is @JonGretar in here?
18:04 rojem joined #salt
18:04 aedocw joined #salt
18:06 nineteen2ightd joined #salt
18:07 jdenning_ joined #salt
18:07 faldridg_ joined #salt
18:07 mgw1 joined #salt
18:07 DaveQB_ joined #salt
18:07 millz0r left #salt
18:08 austin987 joined #salt
18:09 ndrei joined #salt
18:11 jeffro joined #salt
18:12 jeffrubi` joined #salt
18:14 jeremyBass1 joined #salt
18:16 shadowsu1 joined #salt
18:17 shadowsun -.-
18:17 shadowsun Okay, what's up with multi master configuration in salt 2014.1.0? It's causing my minions to fail to start with a StopIteration. It works if I change the minion config file to have only one master. My format is correct according to http://docs.saltstack.com/topics/tutorials/multimaster.html  -- anyone have any ideas?
18:17 SEJeff_work joined #salt
18:20 forrest joined #salt
18:21 shadowsun forrest: Hey maybe you know :P
18:21 opapo joined #salt
18:21 munhitsu_ joined #salt
18:21 forrest the master config in salt 2014.1.0?
18:21 shadowsun yeah
18:21 forrest shadowsun, I honestly don't, haven't played with 2014.1.0 yet
18:21 shadowsun Minions with multiple masters configured can't start
18:22 shadowsun :}
18:22 shadowsun :| even
18:22 brutasse left #salt
18:23 forrest shadowsun, what happens when you start the minion service with the debug call?
18:23 UtahDave I haven't tested it myself yet, either, shadowsun.  Would you mind opening an issue on that?
18:23 nobody_314 joined #salt
18:23 shadowsun UtahDave: Not at all.
18:23 che-arne joined #salt
18:23 jgelens joined #salt
18:23 shadowsun I've just been crazy busy disabling epel completely on everything, since it looks like this version of salt already made it to epel and not just epel-testing
18:23 Nazzy joined #salt
18:23 Nazzy joined #salt
18:24 shadowsun <all the things gif here>
18:24 timoguin that's no good. :(
18:24 shadowsun It's not good if it's an actual bug
18:24 shadowsun It's good if it's just something I've mucked up
18:24 Xe joined #salt
18:24 forrest shadowsun, negative, EPEL is still 0.17.5
18:25 shadowsun forrest: uhm
18:25 forrest shadowsun, at least it should be :P
18:26 forrest we tried to make a push last night to get the 3 required approvals in testing, but only made it to 2 of them, and even then technically it takes 3 days I think?
18:26 forrest shadowsun, unless something awesome happened that is! :D
18:26 shadowsun Okay
18:26 shadowsun that's weird.
18:27 shadowsun You're right; it's currently not there
18:28 forrest UtahDave, I thought terminalmage was saying something about multi-master, but that might have been him just saying that Tom and Sam broke the master in dev...
18:28 forrest can't remember and I don't have my history on this box
18:28 shadowsun Maybe I hit a misconfigured mirror off that box or something elsewise bizarre, or didn't catch a line wrap
18:28 shadowsun but in epel itself it's not on that version of salt yet
18:28 forrest shadowsun, it's ok to admit you just enabled testing...
18:28 forrest you like to live dangerously!
18:28 shadowsun forrest: Only on my dev boxes
18:28 forrest heh
18:29 shadowsun my entire dev environment is down atm
18:29 shadowsun lol
18:29 forrest :(
18:29 forrest as in nonresponsive? Or down for salt
18:29 shadowsun down for salt
18:29 forrest at least people can still work then
18:29 shadowsun there's a reason I have a dev environment
18:29 shadowsun yes, exactly
18:29 shadowsun thanks to dev environment, no unexpected explosions elsewhere!
18:29 forrest yea
18:30 ajw0100 joined #salt
18:32 chrisjones joined #salt
18:32 srage_ joined #salt
18:37 Ryan_Lane joined #salt
18:37 terminalmage forrest: yeah I was just talking about the ioflo stuff breaking the master. that is fixed now
18:38 mwmnj joined #salt
18:39 terminalmage that was only broken in develop btw
18:40 shadowsun UtahDave: https://github.com/saltstack/salt/issues/10732
18:41 jrdx joined #salt
18:45 shadowsun Btw
18:46 nahamu Is there a variant of __salt__['cmd.run'] that doesn't smoosh stdout and stderr together?
18:46 shadowsun adjusting the timeout for a minion to respond in a timely fashion to 10 seconds before "minion did not return" caused things to run a lot smoother
18:47 forrest terminalmage, ahh gotcha, yea then that issue is not associated with what shadowsun is encountering.
18:48 forrest shadowsun, for your multi-master setup?
18:48 shadowsun forrest: Remember like a month ago I edited
18:48 forrest shadowsun, dude I can't remember everything in the IRC from yesterday :(
18:48 shadowsun :(
18:49 forrest 15 hours a day will do that to you :P
18:49 cweisel joined #salt
18:49 druonysus joined #salt
18:49 viq shadowsun: http://docs.saltstack.com/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run_all  ?
18:49 viq erm, sorry
18:49 viq nahamu: http://docs.saltstack.com/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run_all ?
18:50 shadowsun no
18:50 zwevans joined #salt
18:50 shadowsun the binary name is salt-run
18:50 shadowsun on cli
18:50 shadowsun i.e. look it up after it's run
18:50 hardwire anybody familiar with the windows minion enough to suggest a simple method of installing extra python modules within the salt python module path?
18:51 Gifflen joined #salt
18:51 hardwire looks dubious
18:51 nahamu salt.modules.cmdmod.run_stdout might be what I need.
18:51 nahamu viq: thanks!!
18:51 BrendanGilmore joined #salt
18:51 rojem joined #salt
18:52 Ztyx joined #salt
18:52 robawt UtahDave: I didn't see you at Scale :\
18:52 forrest hardwire, take a look here: https://github.com/saltstack/salt/issues/8405 looks like python and the salt deps get frozen for windows deploys.
18:53 hardwire that's what I'm seeing on the filesystem
18:53 forrest robawt, he wasn't there
18:53 robawt forrest: aw bummer
18:53 shadowsun forrest: Blah. Somewhere in the source is a timeout for how long we wait for a minion to reply to a request
18:53 forrest robawt, was too busy cooking pancakes back in salt lake and shipping them to california :D
18:54 forrest shadowsun, yea the timeout value, you modified it in your master conf?
18:54 shadowsun It's set at like 2 seconds, I ended up changing it to ten to test and it worked a lot better
18:54 hardwire since salt uses it's packed interpreter... it makes it really difficult to install anything short of doing some evil.
18:54 shadowsun no
18:54 shadowsun it's not in the master conf
18:54 forrest shadowsun, oh the secondary timeout
18:54 forrest yea
18:54 shadowsun I'm talking about something that's only in the source
18:54 shadowsun yea
18:54 forrest shadowsun, I still have that issue open to make that configurable I believe.
18:54 shadowsun Sometimes our datacenter gets under sttack and it actually takes over two seconds for the minions to receive the command and respond back
18:54 shadowsun Cool.. pm me with a link later
18:54 forrest shadowsun, yea I'm not surprised at all
18:54 shadowsun I have to log out
18:55 shadowsun well
18:55 shadowsun detatch screen
18:55 * shadowsun waves
18:55 Ztyx left #salt
18:55 forrest later
18:55 dcmorton joined #salt
18:56 marsdominion joined #salt
18:56 zwevans left #salt
18:58 xinkeT joined #salt
18:59 schimmy joined #salt
18:59 octarine joined #salt
19:00 rojem joined #salt
19:02 baniir joined #salt
19:02 schimmy joined #salt
19:03 madduck is there a recipe/state out there to maintain a stable Salt checkout from Git on the clients and ensure the minion runs from it?
19:04 Nazzy "the road to hell is paved with good intentions" :( https://github.com/saltstack/salt/issues/10733
19:04 Gareth forrest: so I forgot to mention...I managed to get a salt minion installed and running on a synology disk stations.  I cheated a bit though.
19:05 Gareth station.
19:07 liwen joined #salt
19:08 NotreDev joined #salt
19:08 aedocw Hi, I'm just getting started with salt, and had a question about best approach for make cross-distro states. Looking at apache, this example (https://github.com/saltstack/salt-states/blob/master/http/init.sls) seems inefficient.  Is there a "best case" example I could learn from for mapping different package names, for instance between centos and ubuntu?
19:09 jacksontj joined #salt
19:10 NotreDev i'm having a bad time checkout out a tagged release of a git repo: http://pastebin.com/9efQx6Sj
19:10 timoguin aedocw, yea, the formulas. lemme get you a link
19:10 aedocw Thanks!
19:10 timoguin aedocw, https://github.com/saltstack-formulas/
19:11 timoguin and the apache one: https://github.com/saltstack-formulas/apache-formula
19:11 timoguin you can see in the map.jinja file how it's defining different names and locations per distro: https://github.com/saltstack-formulas/apache-formula/blob/master/apache/map.jinja
19:11 NotreDev anyone know why git.latest won't let me check out a tag?
19:11 madduck NotreDev: it does, but it puts you in a detached head, which is perfectly normal Git behaviour
19:12 kermit joined #salt
19:12 jrdx joined #salt
19:12 NotreDev madduck: i might be an idiot. just a sec
19:13 aedocw timoguin, thanks, that looks like exactly what I had in mind and makes a lot more sense to me
19:15 NotreDev madduck: is there anyway i can get git to tell me that the hash i'm at is a tagged release?
19:17 christopherl joined #salt
19:17 NotreDev i assumed that checking out a tagged release would not put me in a detached state, but something that looked more like a branch. of course, this was due to my misunderstanding of git
19:22 rgbkrk joined #salt
19:23 jeremyfelt joined #salt
19:24 krow joined #salt
19:25 alunduil joined #salt
19:25 madduck NotreDev: git describe?
19:25 NotreDev madduck: got it! thanks
19:26 jankowiak joined #salt
19:26 schimmy joined #salt
19:28 Vye_ Anyone know what ^{commit} is doing on this line http://git.io/2y9MnA ? It doesn't look like it fits. In my dev env I am getting this output from that line: https://gist.github.com/Vye/7104e8f0efc4c4508b54
19:29 twobitsprite If I want to use a module.run state, and the module I want to run has a "name" kwarg, how would I handle that? Wouldn't I end up with 2 "name" arguments to the module.run state?
19:31 twobitsprite here's basically what I have: http://pastebin.ca/2646399
19:32 twobitsprite the maxdays and mindays are different because I was getting an error about duplicate "shadow.set_maxdays" key and I haven't updated the mindays one yet,
19:32 twobitsprite I just noticed that I'm going to have duplicate "name" arguments...
19:32 crazysim joined #salt
19:34 n8n joined #salt
19:35 christopherl joined #salt
19:37 zooz joined #salt
19:38 Networkn3rd joined #salt
19:39 ml_1 joined #salt
19:41 Ryan_Lane joined #salt
19:41 Ryan_Lane joined #salt
19:42 kainswor joined #salt
19:42 Kenzor joined #salt
19:42 Vye I'm trying to understand that line so I can submit a working PR.
19:43 kainswor jw- what is required for a returner to get recognized by the master? I've got an executable .py file with a 'returner' method in the _returners directory of my base env but I don't see any report of it when I do a sync_all
19:46 thayne joined #salt
19:46 takeda joined #salt
19:52 lionel joined #salt
19:53 GradysGhost_ joined #salt
19:55 jeremyfelt joined #salt
19:56 toastedpenguin joined #salt
19:58 Gareth hm. there is a salt command to see if a node is managed by the salt master.  can someone remind of that command? :)
19:58 GradysGhost_ salt-key -L
20:00 rallytime joined #salt
20:00 takeda Hi, I have an issue with salt 17.5 on FreeBSD 10; pkg.running assumes that the package is already running and never starts it
20:01 takeda is this a known issue?
20:01 kainswor pkg.running? service.running?
20:01 takeda sorry
20:01 takeda service.running
20:01 takeda my bad
20:01 Gareth GradysGhost: hm. there was a different one.
20:01 kainswor ah- and not that I'm aware of
20:01 Gareth something like salt managed.
20:01 kainswor check the init script properly reports status
20:02 takeda it does, I can start the service manually
20:02 kainswor if your service doesn't support 'service blah status' then it probably wont work
20:02 jaimed joined #salt
20:02 takeda root@salt-testing:~ # service nslcd status
20:02 takeda nslcd not running?
20:02 takeda root@salt-testing:~ # service nslcd start
20:02 takeda Starting nslcd.
20:02 takeda root@salt-testing:~ # service nslcd status
20:02 takeda nslcd is running with PID 66551.
20:02 takeda root@salt-testing:~ # service nslcd stop
20:02 takeda Stopping nslcd.
20:02 takeda root@salt-testing:~ # service nslcd status
20:02 takeda nslcd not running?
20:04 kainswor hm. well that's the extent of service debugging I've had to do :/
20:05 jankowiak joined #salt
20:05 takeda I'm really new to salt, how does salt check service status
20:05 takeda maybe I can find the issue and issue a patch
20:05 cedwards Gareth: are you looking for salt-run manage.{up,down,status}?
20:05 takeda I just started learning salt literaly yesterday
20:06 cedwards takeda: service management should work on FreeBSD. can you share your .sls file?
20:07 takeda cedwards: I actually posted issue, with it it is here
20:07 takeda https://github.com/saltstack/salt/issues/10720
20:07 Gareth cedwards: yes. :) just found it.
20:07 takeda Though I just realized right now that service nslcd status always returns 0
20:07 rgbkrk joined #salt
20:08 takeda even when service is not running
20:08 takeda is saltstack checking rc?
20:10 cedwards takeda: perhaps you're not far enough along yet, but do you have this issue with other services, or just nslcd?
20:10 kermit joined #salt
20:12 lionel joined #salt
20:13 takeda it happened to be the first service I was running it with
20:15 Kenzor joined #salt
20:17 takeda ok looks like that's the problem:
20:17 takeda if sig:
20:17 takeda return bool(__salt__['status.pid'](sig))
20:17 takeda cmd = '{0} {1} status'.format(_cmd(), name)
20:17 takeda return not __salt__['cmd.retcode'](cmd)
20:17 takeda nslcd never returns non zero so salt always assumes it is running :/
20:18 pdayton joined #salt
20:19 sschwartz joined #salt
20:21 sschwartz I am getting some very strange behavior from salt-cp; one file copies, then substituting another file in fails. (Ex: salt-cp 'base*' /root/ELB.sh /root/ELB.sh works, while salt-cp 'base*' /srv/salt/prod/PLATFORM /root/PLATFORM doesn't.  In both cases, it's an attempt to overwrite.
20:22 sschwartz Actually -- scratch that. It doesn't work when it's an overwrite, it seems.
20:23 forrest sschwartz, try running it again with -l debug
20:23 forrest see if that returns any other output
20:24 joehillen joined #salt
20:24 sschwartz tried; I get some errors about logstash_zmq_handler and a missing configuration file /root/.salt.  But it works to copy a file over the first time -- just not an overwrite. Should salt-cp overwrite?
20:25 pdayton joined #salt
20:27 forrest sschwartz, I don't know, no options in here for overwrite.
20:28 fuser left #salt
20:28 sschwartz OK. Perhaps its default is no overwrite, and there's something else to do. I'll try a workaround.
20:33 jcockhren fwiw using chef is like going backwards. I'm at a place that's using chef and I've almost raged threw my computer a few times
20:33 jcockhren :(
20:33 sschwartz And now it's not working at all.  I moved the file away, and it won't copy at all.
20:33 forrest sschwartz, sounds good, you could open an issue as well regarding a flag for overwrite.
20:33 forrest jcockhren, yea it's old
20:33 forrest jcockhren, what do you want :P
20:33 bemehow joined #salt
20:34 sschwartz I may well, once I can get it working again. This is very odd -- it worked before, and has suddenly stopped.
20:34 bemehow if my top file for base or any other environments specifies matching against grains and '*' default which one is going to be executed first?
20:35 jcockhren forrest: I wanted to use chef to provision a vagrant but..... apparently it's faster to just shell out
20:35 forrest jcockhren, lol
20:35 jcockhren I really want this company to change to salt
20:35 forrest jcockhren, well, it would take you... 30 minutes to set up
20:35 Kenzor joined #salt
20:36 jcockhren I was trying not to rewrite their configs JUST to get some stuff local but....
20:36 jcockhren this is retarded
20:37 aleszoulek joined #salt
20:37 sschwartz OK. THis is very strange -- it's as if I can only salt-cp a file over once, and once it's been copied, a new copy can't be put in place; if I rm a file, it goes away, but further salt-cps "fail".
20:37 forrest so make it happen!
20:37 forrest sschwartz, you might consider writing a state with file.managed, might be faster than all the workarounds
20:37 Gifflen_ joined #salt
20:37 forrest sschwartz, that's odd
20:38 bemehow i think the decision chef vs salt is not that simple. Correct me if I'm wrong but re-writing just doesn't make sense unless you want to use more salt-features (reactor, pillar etc)
20:38 timoguin jcockhren, yeaaa we're starting to go the Chef route here. :(
20:38 forrest bemehow, yea I was just messing around
20:38 forrest timoguin, why?
20:38 forrest timoguin, has no one looked at what writing chef is like?
20:39 timoguin because OpsWorks
20:39 timoguin that is all.
20:39 timoguin not my decision.
20:39 Vye forrest: The guys here like Test Kitchen
20:39 forrest timoguin, or are you guys a ruby shop
20:40 forrest Vye, kitchen ci?
20:40 forrest timoguin, I feel for you, and for the operations team that is making that decision
20:41 cro joined #salt
20:41 timoguin doesn't matter. OpsWorks.
20:41 * timoguin grumbles
20:41 sschwartz The problem is I am using this for a code push, so I don't want to inflict a state -- a state.highstate for the environment takes too long -- but I may be missing the salt philosophy lesson. ;)
20:41 kainswor you can run individual states
20:41 robawt kainswor++
20:41 timoguin forrest, we are a hodgepodge of .NET and PHP, mainly
20:41 cachedout joined #salt
20:41 forrest sschwartz, if you just wrote a single state, you could use state.sls
20:41 forrest and call just that one state on the associated machines.
20:42 Vye forrest: yeah
20:42 krow joined #salt
20:42 forrest sschwartz, so salt '*' state.sls copy_my_damn_files.sls
20:42 forrest minus the sls
20:43 sschwartz I've got an init.sls for the specific chunk I want to push (I use salt-cloud to build a bunch of stuff on the new servers) -- so salt '*' state.sls /srv/salt/prod/init.sls ?
20:43 forrest salt '*' state.sls prod.init (depending on how your file roots are configured)
20:43 forrest obviously I'd pass it with a test option first
20:45 bemehow forrest: can you point me to the right direction in the code, how the top.sls is evaluated? From my observation it seems that the closest match wins and there is no easy way to create dependency betwen let's say salt-minion.sls and lvm.raid0.create.sls from "common" module
20:45 kainswor i didn't realize you could call an 'init'. the normal way I would call a directory with an 'init.sls' in it is by the directory name, but if both work, cool
20:45 ipmb joined #salt
20:46 bemehow kainswor: you can call state.template on individual templates if you're not using includes
20:46 bemehow timoguin: why OpsWorks is bad?
20:46 gnugnu6 joined #salt
20:47 forrest sschwartz, oh it is actually named init.sls, sorry. in that case you'd just reference it as salt '*' state.sls prod
20:47 forrest if prod isn't an env :P
20:47 forrest kainswor, no you are correct
20:47 forrest kainswor, I thought the init.sls was just an example
20:48 forrest kainswor, the joys of being busy and distracted
20:48 timoguin bemehow, it's not bad. i just would prefer not to lock myself into a platform.
20:49 atealtha left #salt
20:50 bemehow timoguin: I'm trying to make a case in our env against chef but other than personal hatred towards chef syntax and general mess, can't find anything better in salt for package/dir/user management and yet chef is more mature.
20:50 sschwartz Not a problem. Is there a way to kick off a specific sls within a directory? (since I want to use a sub-set of the init.sls code for the push.)
20:53 Guest72558 joined #salt
20:53 Ryan_Lane joined #salt
20:54 jergerber joined #salt
20:55 forrest sschwartz, you mean another state file?
20:55 forrest or a specific section of the init.sls itself?
20:56 forrest bemehow, are you guys a ruby shop?
20:56 hunter I have a pillar structure question.
20:56 sschwartz Indeed. So in /srv/salt/prod, having init.sls and, say, push.sls -- because init.sls has requirements that push.sls doesn't. (I installed a tomcat requirement in init.sls, but I don't want to re-install tomcat every time.)
20:56 bemehow we're everything shop
20:56 forrest hunter, I thought dave_den said you used all your question tokens for the day? :P
20:56 hunter aww
20:56 bemehow forrest: ruby,python,jvm
20:56 hunter please?
20:57 forrest sschwartz, state.sls push.push
20:57 dave_den haha
20:57 forrest sschwartz, it's just name_of_dir.state_name
20:57 hunter Its not a code or error question - does that help/
20:57 hunter ?
20:57 valgrind joined #salt
20:58 hunter I honestly can't tell if you guys are serious or not
20:59 GarlicOnionSalt Hey folks, does anyone know where the top.sls file should be located on a masterless Windows minion?
20:59 Gifflen joined #salt
20:59 cachedout joined #salt
20:59 GarlicOnionSalt I'm looking at this doc: http://docs.saltstack.com/topics/tutorials/quickstart.html
21:00 dave_den hunter: of course not, shoot
21:00 forrest bemehow, ahh
21:00 cachedou_ joined #salt
21:00 forrest GarlicOnionSalt, did /srv/salt/top.sls not work?
21:01 GarlicOnionSalt forrest: is that path relative to the salt install dir C:\salt ?
21:01 forrest GarlicOnionSalt, or c:\salt\srv I think?
21:01 Kenzor joined #salt
21:01 hunter This is for yum repos, but would apply to anything. I have 3 pillar peices of info - defaults (a dict), repokeys (a list) and repos (dict of dict)
21:02 GarlicOnionSalt forrest: the srv directory isn't there by default, I can create it
21:02 hunter Thats the base - those repokeys and repos are all the basic yum repos every machine should have.
21:02 hunter Now I need to add a key and a repo to the list for all the machines that should have zfs.
21:02 forrest GarlicOnionSalt, it's never there by default. check inside the minion config file to see if it mentions the directory path.
21:02 forrest GarlicOnionSalt, for the file roots
21:02 hunter In a pillar sls file, can I extend a previously defined thing?
21:02 GarlicOnionSalt forrest: thanks! I'll check
21:03 forrest GarlicOnionSalt, np.
21:03 forrest GarlicOnionSalt, I don't use windows for salt, so I could be totally wrong :P
21:03 hunter My state/formula file is now nicely templated - but the tempate only knows about the "repos" and "repokeys" - There has to be a way to extend pillar data isn't there?
21:04 mgw joined #salt
21:04 forrest hunter, negative: https://github.com/saltstack/salt/issues/3991
21:04 GarlicOnionSalt forrest: no worries!  :)  that still helps
21:04 cachedo__ joined #salt
21:04 baniir joined #salt
21:05 NotreDev joined #salt
21:05 kballou joined #salt
21:05 cewood joined #salt
21:05 dave_den hunter: as of 0.17.5 you can do top level key merges
21:06 hunter dave_den: example or doc for that?
21:06 hunter A key merge should work here - I'm not trying to override something, but extend it...
21:06 forrest yea, 'extend' is not specifically supported is what I am getting at
21:06 fllr Hey guys. I have a master connected to a couple of minions. Every time I run state.highstate on most of my minions everything works well, except on one of my minions. Whenever I run highstate on that minion, highstate returns the cli before I get back the results of the run, so then I have to do lookup_jid to find out what happened on that run(which is fine, but annoying). Are there any reasons for that, and how can I fix it?
21:07 forrest fllr, that could be a timeout issue, try to run highstate on there with -t 10
21:07 dave_den hunter: no, but for example that pillar in the issue 3991 will actually work as expected
21:07 fllr forrest: kk. hold on...
21:07 hunter the {{ allow_user}} one?
21:07 schimmy joined #salt
21:08 forrest fllr, if that doesn't work, it could be the secondary timeout, and that's a hardcoded value, shadowsun do you remember which file the 2 second timeout is in? I can't remember.
21:08 rgbkrk joined #salt
21:09 dave_den hunter; the love/hate one in https://github.com/saltstack/salt/issues/3991
21:09 dave_den hunter: the pillar just calls pillar.update(key, data) for each rendered sls file
21:10 dave_den http://docs.python.org/2/library/stdtypes.html#dict.update
21:11 hunter dave_den: I just scanned the whole of 3991 and I don't see the section you're referring to
21:11 hunter dave_den: who's the author of the comment I need to look at?
21:11 dave_den hunter: the very first post in https://github.com/saltstack/salt/issues/3991
21:12 AndChat|359961 joined #salt
21:12 dave_den you can also easily try it in a python shell or with example pillars
21:13 hunter Simple update won't solve my problem - I need to add keys... wait. Let me fiddle
21:14 AndChat-359961 joined #salt
21:15 dave_den hunter:  https://gist.github.com/dlanderson/e382e01daf4d0a817958
21:16 Mr_N Hrm.  This is "odd".
21:16 Mr_N salt-key -L thinks it accepted the key of the localhost machine
21:17 forrest Mr_N, is your master a minion?
21:17 Mr_N but test.ping returns nil
21:17 Mr_N It is trying to be
21:17 forrest try test.ping -l debug
21:17 hunter dave_den: that looks promising
21:18 Mr_N forrest: Did that.  after the LocalClientEvent items, nothing.
21:18 Mr_N No evidence as to why it failed.
21:18 forrest odd, the salt-minion is started right?
21:18 Mr_N Indeed.
21:18 harobed joined #salt
21:18 forrest do you see the connection in netstat?
21:18 forrest as it 'loops' back on itself
21:18 hunter dave_den: This is what my base pillar looks like.http://pastebin.com/y6Kxyv6N
21:19 hunter I can leave out the repos_defaults - that won't change.
21:19 hunter But I guess I need to restructure the rest
21:20 david_a joined #salt
21:20 Mr_N Sec forrest; wrestling with netstat :P
21:20 sschwartz Thank you, forrest, that fix worked just fine. salt-cp, however, appears to be b0rked.
21:20 forrest sschwartz, yea, can you open an issue on github about that?
21:20 forrest sschwartz, with as much detail as you can provide of course
21:21 forrest sschwartz, I never use salt-cp, so I'm not familiar with what it does past using the cp module.
21:21 Corey I'm unsure whether the best part of SCaLE was seeing whiteinge or not seeing UtahDave...
21:21 forrest Corey, hah
21:21 UtahDave ????
21:21 Mr_N lsof shows nothing listening as salt-minion
21:21 UtahDave Corey: aw, man.
21:21 Corey UtahDave: It was so quiet! So peaceful!
21:22 Mr_N so, from the look of it, it apparently doesn't seem to be listening.
21:22 forrest Corey, I thought the best part of scale was the pancakes
21:22 sschwartz Sure thing.
21:22 UtahDave Corey: didn't like my snoring??
21:22 Corey (Not really, I lost my voice and am only now starting to recover...)
21:22 forrest Mr_N, odd.
21:22 QuantumRiff joined #salt
21:22 Corey My talk required a fair bit of projecting.
21:22 Gareth UtahDave: You weren't at SCALE were you?
21:22 Corey Gareth: He was not.
21:22 Corey Gareth: Have you met UtahDave?
21:23 Corey He's apparently met everybody else when I wasn't paying attention.
21:23 NotreDev joined #salt
21:23 UtahDave Gareth: no, unfortunately.  My travel schedule has been too crazy. I couldn't fit it in.
21:23 Gareth Corey: ah good.  was afraid he was and I missed him.
21:23 Mr_N forrest: Indeed.  It shows up in pstree; too, so I know it's "really there"
21:23 Gareth Corey: Nope.  Only via skype I think.
21:23 QuantumRiff I'm setting up some new environments, and want to run some command once on a new server.. (in this case, i'm installing PBIS-open (likewise open) to join an AD domain.)  How would I go about doing that in a state? I obviously don't want to rejoin the domain at every state.highstate
21:23 UtahDave Yep
21:23 Corey Nobody misses Gareth because he's something like 7 feet tall.
21:23 Gareth UtahDave: ahh too bad.  next year :)
21:24 UtahDave I hated missing SCALE this year.  I'm going to make sure I do next year.
21:24 Corey Nobody misses UtahDave because they're too busy being glad he's gone. ;-)
21:24 forrest Mr_N, well, can you try to restart the salt minion, and then perhaps strace the process to see what is going on? Also start the minion in debug mode (probably do that before strace!)
21:24 UtahDave In fact, I may bring my daughter, too.
21:24 Gareth Corey: last check according to some volunteers I'm 9' tall.
21:24 Gareth UtahDave: You totall should.  We have more and more stuff for kids each year.
21:24 forrest how tall are you actually Gareth ?
21:24 Mr_N forrest: I'm such a bad sysadmin; I feel mildly nauseous at the thought of stracing :P
21:24 Mr_N oh well, into the void.
21:24 Gareth forrest: 6'5"
21:24 forrest Mr_N, everyone does.
21:25 UtahDave lol, Corey.  You didn't talk that way about me after having 3 Belgian beers that one night
21:25 forrest Gareth, ahh
21:25 srage joined #salt
21:25 forrest Mr_N, but if the debug output from the salt minion on start doesn't show anything, you might have to go down that route.
21:25 Corey UtahDave: There's an entire kids' track; she'd probably get a kick out of it if she's at all technically inclined.
21:26 forrest Oh that reminds me, Gareth do you have an account over at EPEL?
21:26 Mr_N I've been just spinning it up by a service start, I'll do it manually, would have been smart.
21:26 forrest Mr_N, gotcha
21:26 Mr_N Well this is a fun one.
21:26 Mr_N "This master address was previously resolvable but now fails to resolve"
21:26 UtahDave Corey: Yeah, that's what I've heard. She's still pretty young. Only 6, but we'll see how she feels next year.
21:26 Mr_N despite specifying multiple masters.
21:27 Mr_N Good think you reminded me to look here...
21:27 forrest Mr_N, heh
21:27 ndrei joined #salt
21:27 Mr_N From the look of it it's INSISTING that the first master, which is down, should be used, and doesn't appear to be falling back
21:27 forrest Mr_N, that's odd, can you see what happens if you just switch the order in the conf?
21:28 Mr_N Which seems wrong; but experience has taught me to never ever ever ever expect the tool to be wrong.
21:28 Mr_N was just doing that, in fact... one moment
21:28 forrest it should be polling the other one, I wonder if it has to do with it being a local machine...
21:28 Mr_N Oh hell.
21:28 Mr_N I switch the order, it didn't fix, but now given what it said, I'm concerned.
21:28 forrest was it not in there?
21:29 Mr_N One quick question before I give more context; am I being stupid and does salt do any sort of globbing in the master string?
21:29 Mr_N e.g. would it get confused by "slprototype." and think it in any way comperable to "slprototype" (sans period)
21:30 forrest Mr_N, you know, I'm not sure.
21:30 Mr_N Context being, the DNS configuration where I work is hilariously fucked.
21:30 Mr_N There's really no good way prior to full dhcp/dns configuration to determine what resolver it will pull from
21:31 Mr_N and if it pulls from resolver a; slprototype is sufficient.  From b; you have to do slprototype.
21:31 Mr_N I don't have the power to fix this rather unfortunate situation, and was hoping that I could essentially just rely on multi master fallback
21:32 Mr_N What really confuses me is that it was apparently sufficient to get it to do the key exchange
21:32 kryptt joined #salt
21:32 Mr_N but not sufficient to talk in normal behavior
21:32 forrest Mr_N, yea, I'm not sure if it handles that sort of input.
21:33 kryptt I'm trying to the the external_auth feature to work; but running: salt -a pam * test.ping fails
21:33 kryptt with: Failed to authenticate, is this user permitted to execute commands?
21:33 forrest fllr, any luck?
21:34 Mr_N ... my confusion intensifies.
21:34 Mr_N When I only do -slprototype. and remove the fallback, it goes back to being happy
21:34 Mr_N any illusions I had that I knew what was wrong are now out the window ><
21:35 Mr_N Wow.  put an invalid -slprototype after a valid -slprototype. and I immediately break my entire deployment
21:35 Mr_N Bug filing time, I think!
21:36 forrest what release is that Mr_N ?
21:36 Mr_N minion is .17
21:36 forrest 0.17.0?
21:36 Thiggy joined #salt
21:36 Mr_N master is as well.
21:36 Mr_N yes
21:36 forrest ahh, you may want to review the issues first to see if that was fixed.
21:36 Mr_N Indeed; that'd be my first step :x
21:37 Mr_N I was more saying that I've now moved into "dealing with this as if it's a bug rather than user error" mode
21:37 forrest gotcha
21:37 CeBe joined #salt
21:39 Corey Okay, finally got around to playing with salt-ssh.
21:39 UtahDave uh-oh
21:39 Corey It could use some work.
21:39 forrest Corey, yea
21:39 Mr_N Corey: Indeed.
21:39 UtahDave yep
21:40 Mr_N If only in masking raw python exceptions and giving more sane errors
21:40 Mr_N I'd be in heaven
21:40 fllr forrest: Ops. No, sorry. I got distracted with work stuff... Same issue...
21:40 fllr lol
21:41 Corey UtahDave: Am I missing anything here, or is there no way today to define a global ssh key to use, a user to run as instead of root, and that it should use sudo?
21:41 Mr_N forrest: At least from a brief search of issues, I can't find anything relevent under "multiple masters" or "multi masteR"
21:41 cachedout joined #salt
21:41 Mr_N so
21:42 Ryan_Lane joined #salt
21:42 UtahDave you can specify the user in your roster file.
21:42 Corey UtahDave: Per host, not globally.
21:43 Corey Also, is this... order specific?!
21:43 UtahDave I'm not sure if you can have it use sudo
21:43 Corey The example roster file lists #  sudo: True         # Whether to sudo to root, not enabled by default
21:43 Corey Yet it seems to be failing to render in the YAML, which is... bad.
21:43 Mr_N The overall multi master behavior just seems really really broken in .17.0
21:43 Mr_N I should probably upgrade.
21:44 Corey Mr_N: ... .17.0?!
21:44 Corey Yes. Upgrade.
21:44 Corey Seriously.
21:44 Mr_N Corey: Unfortunately, that's what's in SL epel :(
21:44 Corey Wow.
21:44 johtso joined #salt
21:44 Corey Real EPEL now has 0.17.5, and epel-testing has the new release.
21:44 Mr_N Yeah.  An upgrade is about due; but my life is not made easier as a result.
21:45 Corey UtahDave: Further musings: Having to populate IP addresses by hand is annoying (granted, I did it via a bit of shell scripting, but still) when I've already got DNS working in my environment.
21:45 UtahDave you can use hostnames
21:45 Mr_N Oh UtahDave: thanks for your git repo btw, it's been a big help.  (didn't expect to actually run into you though :) )
21:46 Corey UtahDave: Documentation doesn't reflect that.
21:46 UtahDave Corey: I'm not surprised, there's definitely a lot of polishing to still do on salt-ssh
21:46 UtahDave Mr_N: Oh, yeah? which repo?
21:47 Mr_N You have your salt states in some public github
21:47 pydanny joined #salt
21:47 forrest UtahDave, you should sign up over at epel testing
21:47 forrest and help approve this release, we need one more!
21:47 Mr_N It was far more in the way of concrete examples than is in much of the core salt docs.
21:47 UtahDave Mr_N: Ah, cool. Glad they helped!  What urls did you find most helpful?  Maybe we should link to them in the docs
21:48 UtahDave forrest: do you have a link?
21:48 nahamu UtahDave: have you gotten gitfs working in the Windows build?
21:48 Corey UtahDave: Hmm. All of my hosts now return true, except for one. Which returns "deploy"
21:48 forrest not with me unfortunately :(, terminalmage do you have that link from last night for the epel testing repo?
21:48 Corey What exactly did test.ping just deploy? :-
21:48 Corey :-)
21:48 UtahDave nahamu: I haven't had time to even try that yet.  :(
21:48 nahamu I'm trying to get it to work in the SmartOS build.
21:48 Mr_N Chrome lost all my tabs this morning, so I'll have to quickly refind, it was one of the top results from a lazy google.
21:49 terminalmage forrest: I sure do!
21:49 forrest Mr_N, are you talking about the gists?
21:49 Mr_N I had been looking at doing user management
21:49 UtahDave Mr_N: ok, cool
21:49 forrest terminalmage, can you spam UtahDave with it?
21:49 Mr_N Yes, I believe that was it.
21:49 Mr_N https://gist.github.com/UtahDave/3785738
21:49 forrest Mr_N, this one? https://gist.github.com/UtahDave/3785738
21:49 nahamu I tell pip to install it in the build environment, and my code to slurp in everything it can possibly find seems to grab it correctly and jam it into library.zip but it doesn't seem to work.
21:49 forrest hah
21:49 forrest yea
21:49 forrest one of my favorites.
21:49 terminalmage :)
21:49 terminalmage UtahDave: coming soon
21:50 UtahDave cool, thanks, terminalmage!
21:50 UtahDave Mr_N: cool!   I think I snagged that from someone else, actually.  because it is a good example.
21:51 Mr_N Yeah; uggedall (spelling, blah)
21:51 Mr_N you credit him in the top, and now is recursively credited in mine :P
21:52 terminalmage https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0643/salt-2014.1.0-1.el6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0622/salt-2014.1.0-1.el5 https://admin.fedoraproject.org/updates/FEDORA-2014-2891/salt-2014.1.0-1.fc19 https://admin.fedoraproject.org/updates/FEDORA-2014-2912/salt-2014.1.0-1.fc20
21:52 terminalmage UtahDave: ^^^^^
21:52 Mr_N Ok; I'm running full 0.17.5-1
21:52 Mr_N and the problem still occurs
21:52 Mr_N It appears that if I have a non-existent master in my multi master list in the minion file; it refuses to accept even a valid master prior to it.
21:53 Mr_N which seems to me like I'm doing something rather braindead.
21:53 forrest terminalmage, lol I didn't do all of those :P
21:53 UtahDave terminalmage: how do I upvote it?
21:53 forrest UtahDave, https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0643/salt-2014.1.0-1.el6
21:54 forrest UtahDave, you have to create an account, then you can just log in, say it works (if you tested it that is) and you're good to go
21:54 UtahDave Oh, just add a comment?
21:54 forrest UtahDave, or alternatively you can call herlo, and ask him to do it
21:54 forrest UtahDave, after you are signed in
21:55 Guest73961 "how do you upvote" UtahDave too much reddit :P
21:55 forrest UtahDave, no account = no real credit, so it's worthless towards getting the 3 votes we need.
21:55 schimmy joined #salt
21:55 cjbarnes18 joined #salt
21:55 UtahDave lol
21:55 UtahDave I haven an account already.
21:55 UtahDave s/haven/have
21:55 forrest oh sweet, yea just comment on there, and mark as 'works for me'
21:55 nahamu https://github.com/saltstack/salt/blob/develop/salt/fileserver/gitfs.py#L99 <- need to "pip install gitdb" too...
21:55 thayne joined #salt
21:55 terminalmage forrest: well what are you waiting for? ;)
21:55 forrest terminalmage, ?
21:56 * zach rolls in with the troll face gif and says "This does not work on Windows for me. How do you open an RPM?"
21:56 nahamu I should make a requirements file of all the extra libraries I want  in my build environment...
21:56 forrest terminalmage, I already upvoted it
21:56 forrest using my github handle
21:56 terminalmage nahamu: I didn't need to
21:57 Mr_N Strangely, I found this issue https://github.com/saltstack/salt/issues/10732
21:57 gfa i run a state file which does stuff, at the end it launchs an event_master. part of event's data comes from a file, cp.get_file_str, that file is generated at the begin of the state file. when i run the state it fails because the generated file is not there. require does not help
21:57 Mr_N Which describes a similar symptom but with a different manifestation, as that mine doesn't even error :|
21:57 UtahDave lol zach
21:57 timoguin UtahDave, mark it as WORKS IN DEV
21:57 nahamu terminalmage: weird
21:57 terminalmage nahamu: hmmmm.... I see gitdb is in a separate package, must have been installed as a dep
21:58 forrest timoguin, it's already done! We're up to 3 now, that should push it to epel prod in a few days
21:58 nahamu weird
21:58 Mr_N It's now in a rather hilarious state where I can demonstrate it working with master: 127.0.0.1; I can demonstrate it working with master: localhost, but when I add both, it stops.
21:58 terminalmage wonder if it's an optional dep for gitpython? it shouldn't be, since it generates exceptions in that class
21:58 terminalmage nahamu: that's the only reason for that import
21:58 UtahDave terminalmage: have you tried gitfs on windows at all?
21:59 terminalmage oh, no... is that where nahamu is testing?
21:59 terminalmage because gitdb was added pretty recently
21:59 terminalmage 2014.1.0 is the first release that has that import there, I think
21:59 terminalmage because I improved the error reporting
21:59 yomilk joined #salt
21:59 Vye Anyone know what ^{{commit}} is doing on this line http://git.io/2y9MnA ? It doesn't look like it fits. In my dev env I am getting this output from that line: https://gist.github.com/Vye/7104e8f0efc4c4508b54
21:59 terminalmage along with the other stuff I'd been doing to gitfs
22:00 terminalmage UtahDave: yeah it probably needs to be added to the windows build
22:01 hunter UtahDave: I can't duplicate that gist above.
22:01 terminalmage hold up though.... I didn't think you could run the master on a Windows box, yet
22:01 nahamu terminalmage: I'm testing on SmartOS
22:01 terminalmage nahamu: ahh ok
22:01 nahamu but I do an esky build just like is done for Windows.
22:01 terminalmage nahamu: ahh I got it
22:01 NotreDev joined #salt
22:01 hunter UtahDave: I mean i can't duplicate that behavior in a real pillar example here.
22:01 UtahDave terminalmage: people want to use gitfs  in masterless mode
22:01 terminalmage UtahDave: ok
22:01 terminalmage yeah then it should be there in the esky build
22:01 terminalmage sorry, I hadn't considered that
22:02 oraqol joined #salt
22:02 keith4 joined #salt
22:02 Mr_N ... What even
22:02 UtahDave hunter: Hm. I haven't tested that in a LONG time.  Are you getting a stacktrace?
22:02 timoguin yes, gitfs for masterless would be nice.
22:02 Mr_N I run salt in the foreground, it works.
22:02 Mr_N I run it in the background, it fails
22:02 Mr_N I think this is the point where I give up debugging this for the day and go home crying.
22:02 Ryan_Lane1 joined #salt
22:02 nahamu hrm, my auto-crawly thing doesn't find gitdb.
22:03 forrest Mr_N, sometimes it helps!
22:03 UtahDave Mr_N: peanut M&M's
22:03 nahamu more patching!
22:03 hunter UtahDave: no, the merge equivalent completely replaces the original data - HOWEVER, I'm copying exactly your example from the gist to test here. One Second.
22:03 sdouglass joined #salt
22:03 Ryan_Lane1 joined #salt
22:04 fragamus joined #salt
22:04 oraqol So is there a way to schedule highstate on the master in batches by grain?
22:05 forrest UtahDave, thanks for commenting on that!
22:05 nyx joined #salt
22:05 UtahDave yup!
22:05 forrest bodhi in his mightiness has commented, and approved of the stable, huzzah!
22:06 cweisel joined #salt
22:06 rojem joined #salt
22:06 Mr_N UtahDave: While I've still got you here, may I pick your brain on something?  I've been digging through the issue tracker to look for similar things and haven't found anything promising, but I always worry about re-issuing a bug
22:06 Mr_N (or issuing something that isn't a bug)
22:06 schimmy joined #salt
22:06 UtahDave ok
22:07 Mr_N I have a master that is also a minion.  I can get it to behave correctly in a multi master setup if I instruct it to use say, 127.0.0.1 and localhost.
22:08 Mr_N DNS here is a mess.  I would like to specify the hostname by DNS, but to be robust and use the same minion file generically, I have to utilize this same fallback behavior.
22:08 Mr_N So I specify both slprototype and slprototype.
22:08 zain is salt-bootstrap's stable install still supposed to install only 2014.1.0?
22:08 Mr_N (the period on the latter is intentional)
22:08 nahamu I somehow got too old a version of GitPython... weird.
22:08 nahamu why did pip get that wrong?
22:08 Mr_N However, when I change the master to utilize the invalid slprototype as well as the valid slprototype. it suddenly ceases to be able to test.ping.
22:08 Mr_N (in isolation, having ONLY slprototype. as the master works)
22:08 JasonSwindle joined #salt
22:09 hunter UtahDave: https://gist.github.com/dlanderson/e382e01daf4d0a817958   -- just updated with comment
22:09 hunter UtahDave: I'm not seeing the data from merge get introduced at all.
22:09 oraqol Anybody?  schedule highstate from master by grain in batches?  I can't find anything in the documentation.
22:09 zain nahamu: GitPython isn't properly versioned in pypi, you have to manually specify the rc
22:09 hunter UtahDave: not sure why
22:09 Mr_N It seems to me like a potential issue with multi master fallback?  but as I've reiterated multiple times, I'm so so hesitant to ever blame the tool and not myself :/
22:09 zain nahamu: pip install GitPython==0.3.2.RC1
22:10 UtahDave Mr_N: hey, so you're just trying to get around your flaky DNS?
22:10 Mr_N Pretty much.
22:10 nahamu zain: ah
22:10 UtahDave Mr_N: The salt minion resolves the hostname to an ip, and only uses the ip after that.
22:10 pdayton joined #salt
22:10 UtahDave so I don't think you really need the mult-master
22:10 Mr_N Well, it's not flaky in that sense.
22:11 Mr_N It's flaky in the "it's configured ass backwards and instead of using views, there are 3 distinct servers serving slightly distinct namespaces"
22:11 Mr_N and I have no ability to change this.
22:11 Mr_N Thus, to some machines, the salt master will be at slprototype, to others it'll be at slprototype.
22:11 Mr_N (with the period.)
22:12 Mr_N My hope was to cram both potential master options into the minion file for deployment, and have it "do the right thing"
22:12 UtahDave hunter: Hm. I'm going to have to look deeper into that. I don't think I'm going to have time today.
22:12 Mr_N If there's a better tool for accomplishing this, I'd be welcome to be shown the error of my way ><
22:12 hunter shucks:
22:13 hunter UtahDave: is there another tactic that people typically employ where base = abc and foo = base + de ?
22:13 hunter This does severely limit pillars usefulness here.
22:14 UtahDave hunter: Really, if you want to have full control of your pillar, I would create an external pillar.  The external pillar lets you have full programatic control over the pillar dict.
22:14 UtahDave hunter: You don't even have to actually reach out to anything "external" if you don't need or want to.
22:14 hunter was hoping for a simpler solution, but reclass has been on the list of things to do.
22:15 Mr_N ext_pillar isn't just reclass
22:15 hunter I'm aware
22:15 Mr_N that's just one option for which there's already an adapter
22:15 QuantumRiff so for provisioning new servers, I need to run some commands once.. or, only if a "check command" fails... (ie, if the command "get-status") returns with a non-zero exit code, run the command "set-status"
22:15 QuantumRiff what do I want to research to point me in the right directory?
22:16 hunter QuantumRiff: flag files?
22:17 nahamu I guess most salt machines get that package from the OS rather than from pypi...
22:17 QuantumRiff hunter: do you mean like touch a file, then check that its there?
22:18 Mr_N QuantumRiff: fall into python, call the commands via salt[], look at the results, decide accordingly?
22:18 hunter QuantumRiff: yes, but that a poor suggestion.
22:18 hunter QuantumRiff: Mr_N's suggestion while more complicated is probably better
22:19 QuantumRiff basically, i'm running PBIS-open to join to active directory.. want to install the rpm's, and run the domain-join command once, then never again, unless for some reason, it loses its domain status
22:19 Mr_N I'm not sure if it'd even be more complicated, since you'd be trying to manage conditional file operations in raw salt states otherwise
22:20 Mr_N which for the sort of decision making he seems to want, might be difficult to have the right sort of behavior.
22:20 xmltok joined #salt
22:21 QuantumRiff I can kind of see something like 'cmd.run' with an "unless:" command to run
22:21 Mr_N Quantum: don't limit yourself.  Keep in mind that salt states can contain arbitrary python.
22:22 hunter QuantumRiff: there's almost certainly a command that asks "Am I part of the domain - can I see domain items" -- run that in your unless
22:22 timoguin joined #salt
22:22 QuantumRiff Mr_N: that is true.. I'm just an occasional python hacker though :)
22:23 Mr_N Fair enough.  Spend too many years in python land and everything starts looking like a script -.-
22:23 Mr_N Anyway, time to slink home from work, may end up pushing an issue on this multi master thing tomorrow if I can end up reproducing it more
22:23 Mr_N even if it's "expected" it certainly doesn't seem like "desired" behavior
22:24 KyleG joined #salt
22:24 KyleG joined #salt
22:24 utahcon when I pass user to git.latest, does it change to the environment of the user first?
22:24 utahcon if I am reading the code right, it does...
22:24 utahcon so it literally runs as that user... right?
22:24 forrest utahcon, it's supposed to
22:24 forrest utahcon, I haven't messed with it in the latest release. I know on 0.16.4 that it didn't run it properly as the user for me
22:25 QuantumRiff ooh, cmd.run: also has a creates.. that looks like it would run a command, if it doesn't find the config file I point it to..
22:27 utahcon forrest: I think it works right, I just had some bad setup
22:27 utahcon ;)
22:27 utahcon problem solved
22:27 thayne joined #salt
22:28 NotreDev joined #salt
22:28 forrest utahcon, great!
22:29 utahcon now, I need to figure out how to do 'ssh user@host.tld' and then pass 'yes' to accept the host into the known_hosts
22:29 utahcon anyone got a fix for that>
22:29 utahcon lol
22:29 utahcon again, short thinking
22:29 utahcon I need a rabbit.
22:30 david_a joined #salt
22:31 jeremyfelt joined #salt
22:32 baniir joined #salt
22:34 icarus_ joined #salt
22:35 kermit joined #salt
22:36 Networkn3rd joined #salt
22:37 pydanny joined #salt
22:38 cweisel left #salt
22:39 hunter madduck: ping
22:39 vlcn hmm, is there a way I can provide arguments to a state?
22:41 mgw vlcn: i think you can pass pillar='{"some": "value"}' to state.*
22:41 jdenning joined #salt
22:43 jergerber joined #salt
22:43 pydanny joined #salt
22:44 vlcn mgw, any idea where I might find docs about that>?
22:45 iben joined #salt
22:45 iben Hello from the #RSAC in San Francisco everyone...
22:46 kryptt Hi
22:46 kryptt I can't get halite to run with TLS enabled
22:46 iben 3 month contract to help with centos setup, operation, and log collection. Familiar with Saltstack, MySQL, Flume, Splunk, Logstash. email me: salt@ibenit.com
22:47 ipalreadytaken joined #salt
22:47 kainswor I have a git.latest state with rev: 'develop', but after state execution the repo is checked out to the latest commit on master.. any ideas?
22:47 Vye Is there a path where I can install modules (like psutil) for the frozen version of salt on Windows?
22:48 Vye /s/modules/packages
22:52 ipalread_ joined #salt
22:52 jesusaurus do other people have trouble with gitfs?
22:54 bemehow joined #salt
22:55 jesusaurus it seems very NOT fault tolerant to me. it keeps just falling over and silently failing
22:56 faldridge joined #salt
22:57 ipalreadytaken joined #salt
22:58 takeda left #salt
22:59 bretep Does anyone know if there is a way I can import other top files?
22:59 manfred have you tried just using include?
22:59 manfred http://docs.saltstack.com/ref/states/include.html
23:00 bretep That works for states great!
23:00 bretep But not the top http://docs.saltstack.com/ref/states/top.html
23:01 bretep I want to have dev, staging and prod maps in separate files rather than one long one
23:01 bretep it makes it easier to diff when using separate environments
23:01 bemehow joined #salt
23:03 forrest bretep, did you try just using include to see if it returned an error?
23:03 bretep It did
23:03 bretep yes
23:03 forrest bummer
23:03 forrest that would be cool
23:03 manfred oh, what did it return?
23:03 bretep Read the paragraph above this http://docs.saltstack.com/ref/states/top.html#states-top-file-roots
23:04 Ryan_Lane joined #salt
23:04 vlcn with cmd.run how can I escape or otherwise tell salt to ignore dashes in the command name?
23:04 bretep Oh thats for the file_roots... I was hoping it would use dev.sls as top.sls
23:04 vlcn I'm getting YAML renderer errors as a result of -'s
23:04 UtahDave bretep: they get automatically included
23:04 kryptt left #salt
23:05 forrest vlcn, did you try putting it in quotes?
23:05 bretep UtahDave: okay, so I can target minions in dev.sls?
23:05 vlcn forrest, I did both double and single quotes -- no change
23:05 forrest vlcn, odd I thought double quotes were supposed to be how it works...
23:06 forrest vlcn, you did cmd.run\n - name: "ls -la" ?
23:07 forrest none of the cmd.run examples have one using a dash, should fix that
23:07 Gifflen joined #salt
23:07 forrest ahh here we go, it's the |
23:07 forrest vlcn, do cmd.run:\n - name: | command
23:07 bretep From what I am reading, salt wants you to separate environments by directory... causing lots of duplication of files. Where gitfs wants you to separate environments using branch names
23:08 UtahDave bretep: no, in the root of each environment you can have a top.sls.  The top.sls files get merged
23:08 bretep I like the branch way, but I have to keep one large top.sls file
23:08 forrest vlcn, while this isn't exact, it has some examples: http://stackoverflow.com/questions/19640829/how-can-i-execute-multiple-commands-using-salttack
23:08 bretep Yeah, so where do the states for that environment live?
23:08 vlcn oh, excellent!
23:08 vlcn thanks forrest
23:09 bretep like haproxy/init.sls
23:09 forrest vlcn, yea let me know if that works
23:09 bretep UtahDave: I'll create a gist, will you have a minute to correct it?
23:10 bhosmer joined #salt
23:10 UtahDave bretep: sure
23:11 forrest vlcn, if that works can you create an issue/PR to update the docs with an example that uses that?
23:15 bretep UtahDave: https://gist.github.com/bretep/61a6d01e8096604fe5dc
23:17 krow joined #salt
23:17 UtahDave bretep: Yeah, that looks correct.  Salt should merge those top.sls files into one big dictionary in the order they are defined in your "file_roots" config option
23:17 forrest bretep, have you seen the this example: http://docs.saltstack.com/ref/file_server/file_roots.html#local-file-server
23:17 bretep I just posted a question to it
23:17 forrest just above that link
23:18 bretep forrest: yes that's where this example is coming from
23:18 forrest ok
23:18 bretep Can you guys read the question on gist?
23:18 forrest I am right now
23:18 bretep Cool, thanlks
23:18 bretep s/thanlks/thanks/
23:19 UtahDave bretep: qa can access things in another environement by specifying the environment.   Let me find the syntax
23:19 forrest UtahDave, couldn't he just add /srv/salt/base to qa and he would have the sshd content he needs?
23:19 bretep So I'm going to have to copy all the states under the dev folder to the qa folder
23:20 bretep Thus duplicating everything
23:20 forrest bretep, well, no.
23:20 bretep Like haproxy
23:20 forrest are those files identical?
23:20 bretep in the example
23:20 UtahDave bretep: no, hold on. let me find the syntax
23:20 forrest DEEP BREATHS MAN!
23:20 bretep They are for a bit... until someone does development work that's not ready for qa or prod
23:20 aleszoulek joined #salt
23:23 jnials Is the test.ping module symmetrical?  Should I be able to run it from the minion to the server?
23:24 forrest jnials to ping the master from the minion?
23:24 kiorky it is.
23:24 kiorky salt-call test.ping
23:24 ipalreadytaken joined #salt
23:25 jnials ok.  Thanks for that.   Was trying to determine if I had a communications problem.
23:25 diegows joined #salt
23:25 UtahDave bretep: I can't find the exact doc, but in your top.sls you can specify an sls file from another environment something like this:       - sshd?env=base
23:26 bretep I'll post another gist, one sec
23:26 hunter UtahDave: good news! I'm trying to get reclass working - someone else to bother. :)
23:26 jnials Second question has to do with Reclass if anyone here knows:  I've got it up and running on the salt-master just fine.  Do you also need to install it on the minions?
23:26 UtahDave madduck is your man for reclass
23:26 UtahDave jnials: no
23:26 bryano__ joined #salt
23:27 UtahDave jnials: only on the master.  The minion has no idea where the data comes from
23:27 jnials @UtahDave:  Thanks.  Now I know I've got some other problem. :)
23:28 forrest bretep, just as a question, why would httpd not be in a directory?
23:28 hunter UtahDave: I know- I'm in the reclass channel
23:28 hunter UtahDave: was mostly teasing
23:28 bretep forrest: I'm about done with example that will show why
23:28 forrest bretep, ok
23:30 UtahDave bretep: you can also layer your environments over eachother, like forrest was mentioning
23:31 redondos joined #salt
23:31 redondos joined #salt
23:31 forrest bretep, I added a comment onto your gist, but I don't know if adding /srv/salt would work
23:31 forrest I imagine it would because of the way it is treating the path, but it might error *shrug*
23:31 davet joined #salt
23:31 Ryan_Lane joined #salt
23:33 forrest type faster bretep! I want to head home soon! :D
23:35 Vye bretep: are you trying to isolate your environments to normalize them?
23:36 Vye or normalize*
23:36 bretep https://gist.github.com/bretep/93ace132279f2d578a26
23:37 bretep I should be able be in the qa branch and do a `git diff origin dev` and see the changes between the two
23:37 Vye bretep: You might be interested in reading this: https://github.com/saltstack/salt/issues/9616
23:38 hunter I'm guess reclass and grains can't coexist
23:40 bretep Keeping a top.sls file only in one branch is difficult to manage
23:41 bretep Being able to diff a top.sls between environments would be awesome
23:41 bretep Track infrastrucutre changes
23:41 bretep See what top.sls is being used in production
23:42 bretep Rather than a developer making a bad top.sls in the dev branch and now qa and prod will fail on a highstate because it couldn't merge the top.sls between all the branches
23:43 Vye bretep: exactly. What I found in that issue is that you need to use a generic env in the top file if you want to promote the *same* file through dev, qa, prod, etc.
23:43 Vye like base
23:43 bretep so one top.sls
23:43 Vye bretep: OR separate them into dev.top, qa.top, and prod.top
23:44 bretep You can do that?
23:44 bretep That's my origional question
23:44 bretep That'd be fantastic!
23:44 Vye then use state.top to apply them (although that doesn't seem to be quite working yet)
23:44 bretep Do you have a working example?
23:44 Vye bretep: it's all in that issue I linked you to
23:45 bretep Got it. So I can't use state.highstate
23:46 bretep I have to use salt -N qa state.top qa.top
23:46 bretep That seems like a terrible solution. That seems more like a workaround.
23:47 clintberry joined #salt
23:47 bretep Now my developers read in salt documentation that they should just be able to run a state.highstate and it won't apply to us.
23:48 Vye bretep: Not terrible... but definitely kinda wonky. I feel that gitfs, winrepo, and anything else that pulls from git should be able to support references (branches, commits, tags, etc). So far it seems only ext_pillar does it the way I want.
23:48 bretep or rather a salt-call state.highstate if they are on the dev server
23:48 Vye brb
23:49 bretep Vye: It's terrible because it's not a standard way of using states as every example in the documentation and web show.
23:49 bretep It's a workaround, not the norm
23:51 hunter joined #salt
23:52 sroegner joined #salt
23:52 bretep Well a workaround I don't like but can live with is having a 5000 line top.sls file
23:52 bretep :|
23:53 bretep Then at least highstates will work properly
23:53 bretep Sure would be nice if I could break them up and just include them in the top.sls <-- not possible
23:54 vlcn can peer communication work with state files?
23:54 bretep It would also make diff of dev.sls -> qa.sls a lot easier
23:55 bretep Now it's manual diff
23:55 alunduil joined #salt
23:55 bretep vlcn: do you mean when a template is rendered?
23:56 bretep vlcn: If so, I think this is an article that will help you and answer your question. http://developer.rackspace.com/blog/why-i-use-saltstack.html
23:56 bretep You can use salt mine
23:57 vlcn https://gist.github.com/anonymous/32ccf673e3752df1e5d2
23:57 vlcn I have one specific minion that this will always be executed on, but I need to be able to call it from any of them
23:57 bretep Yep
23:57 bretep You can
23:58 bretep one moment I'll get you the configuration
23:59 skullone left #salt
23:59 bretep vlcn search for "Peer Publish settings" on this page. http://docs.saltstack.com/ref/configuration/examples.html

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary