Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-03-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 MTecknology /usr/local/lib/python2.7/site-packages <-- I see nothing in there and no other site-packages
00:02 UtahDave there's no salt directory in there?
00:02 MTecknology nope
00:02 MTecknology I installed this via apt
00:02 UtahDave is there another   *-package directory?  I think some distros have a different location
00:02 kedo39 is it in dist-packages?
00:02 MTecknology I can't remember where that stuff gets stuck- still looking
00:02 UtahDave yeah, that could be it
00:02 garthk joined #salt
00:03 garthk Righty. Let's see how fast we can get a salt stack up.
00:03 MTecknology what's the name of one of the .pyc files I'm looking for?
00:03 kedo39 just do "find /usr/lib.../salt -name '*.pyc' -delete"
00:05 MTecknology I never knew find handled the three dots like that
00:05 kedo39 oh, the 3 dots aren't an actual thing
00:05 kedo39 just put the location of salt in there
00:05 MTecknology ya, I thought it was a given that I wasn't finding salt
00:05 kedo39 oh, i see
00:06 MTecknology dpkg -L salt-common   .... not sure why I didn't think of that
00:06 kedo39 it's not "/usr/lib/pymodules/python2.7/salt/scripts.py" ?
00:06 kedo39 at least, based on the output you pasted
00:06 __number5__ why do you want to manually clean *.pyc?
00:06 MTecknology find /usr/share/pyshared/salt -name '*.pyc'  <-- nothing found
00:07 MTecknology kedo39: thanks for making me feel rather derpy...
00:07 kedo39 no prob :)
00:07 MTecknology :P
00:07 kedo39 __number5__: https://github.com/saltstack/salt/issues/10967#issuecomment-36778959
00:08 kedo39 well, that is a different problem, but the cause might have been the same
00:08 MTecknology UtahDave: after wiping the .pyc files, same thing
00:08 UtahDave Hm. what versions are your minions?
00:09 KyleG joined #salt
00:09 MTecknology I'm not sure what they all are. I was going to try to seek them all out and get them up to 2014.1.1.
00:09 KyleG joined #salt
00:09 MTecknology some might be as old as 0.17.5
00:10 MTecknology pretty please don't tell me I need to update 315 minions before this is going to work....
00:10 MTecknology pretty please.
00:11 garthk First obstacle: salt-minion isn't talking to salt-master on the same host. Make binding to 0.0.0.0 explicit… run both undaemonised with --log-level=debug… nope. No idea why this isn't working.
00:11 UtahDave Hm. I think they should still work.
00:12 UtahDave garthk: what's your "master: " config option set to in the minion's config?
00:12 UtahDave MTecknology: I'm going to have to spin up a debian 7 system to test on. I can do that first thing in the morning
00:12 UtahDave I have to leave to head into our data center right now
00:13 garthk nc: connect to salt-dev port 4505 (tcp) failed: No route to host
00:13 garthk hahahaha
00:13 MTecknology UtahDave: thanks!!!
00:13 MTecknology My brain is fried anyway. I should probably move onto windows stuff.
00:14 garthk Yaay, troubleshooting guide.
00:16 andrej thanks Gareth ... if I had the file locally I'd just replace the url with  file:// syntax?
00:23 dman777_alter joined #salt
00:24 dman777_alter hi, is there a example how to deploy a website from github to a minion?
00:24 mgw joined #salt
00:24 dman777_alter I don't want to have my models on github...I mean the actual source files of the website
00:24 taion809 joined #salt
00:24 Katafalk_ joined #salt
00:24 allanparsons oh gosh: dman777_alter i've been working on that the past 2 days
00:25 allanparsons huge pain in the ass.
00:25 garthk Uh, /etc/salt/master is YAML, right?
00:25 garthk Can I use YAML lists in nodegroups?
00:26 allanparsons @gathk yes
00:26 garthk allanparsons: Relief. Having to get all the commas in the list and the word "or" last, but not the Oxford comma, all right dismayed me.
00:27 garthk Are nodegroups first-match-wins or most-specific-match-wins?
00:27 garthk Oh! Or, multiple-groups? I bet that.
00:27 dman777_alter allanparsons: lol...ya, i'm dreading it
00:28 allanparsons email me
00:28 allanparsons i
00:28 allanparsons i'll send you what i wrote
00:28 allanparsons username@gmail.com
00:30 ajw0100 joined #salt
00:31 dman777_alter allanparsons: it's cool...thanks. I'll do some reading up first.
00:31 allanparsons you have to set your git keys
00:31 allanparsons and do a git.latest
00:31 allanparsons we end up checking out to a folder of the commit hash
00:32 allanparsons then symlinking /srv/deploy/latest to /srv/deploy/<commit_hash> via file.symlink
00:32 allanparsons this allows us to override if we need to do an emergency rollback
00:34 garthk NameError: global name 'zmq' is not defined
00:34 garthk That's from a plain install on Ubuntu 12.04 from the Salt repo.
00:35 jslatts joined #salt
00:38 __number5__ garthk: bootstrap?
00:39 garthk Installing all the Python updates to see if it helps…
00:39 garthk __number5__: ¿que?
00:40 __number5__ garthk: that error looks like you are missing python-zmq
00:40 RandalSchwartz what's the difference between the grains "host" and "localhost"
00:41 garthk __number5__: it's not marked as a dependency for the salt-minion package?
00:41 RandalSchwartz or nodename
00:41 ipalreadytaken joined #salt
00:41 __number5__ garthk: it's in deps of salt-common
00:42 garthk RandalSchwartz -with-an-L? Hey, thanks for your widespread contributions. Onya.
00:42 garthk __number5__: looks like I hosed the minon server with a kernel upgrade, so I'll check that in a little. :)
00:44 rome joined #salt
00:46 kedo39 to someone managing the saltstack-formulas: I made a more flexible nginx formula than the current one. i think people might want to use it. could I link to it from the current nginx-formula, or could i put my repo beside the current one somewhere?
00:46 RandalSchwartz garthk - you're welcome!
00:47 kedo39 (my nginx formula is here: https://github.com/kennydo/salt-nginx-formula)
00:47 RandalSchwartz well - I used "host", and it seemed to work
00:47 RandalSchwartz trying to fake out apache so it can start again
00:47 RandalSchwartz damn mod_unique_id fail
00:48 RandalSchwartz grains[host] ... host.present ... ip: 127.0.0.1  TAKE THAT
00:49 andrej How can I find out WHY a pkg.installed state failed? Trying to install a .deb
00:50 garthk andrej: that'd be in your dpkg logs, no?
00:51 andrej garthk - I'll check ... I wasn't sure whether the message comes out of apt-get or from salt
00:51 andrej Nope
00:52 andrej nothing in dpkg.log
00:52 garthk __number5__: just watched it install python-zmq salt-common salt-minion, yet salt-minion --log-level=debug crashes with ImportError for cffi, zmq
00:52 garthk andrej: dang.
00:53 __number5__ garthk: can you paste the log with trackback somewhere?
00:53 srage joined #salt
00:54 __number5__ garthk: also run salt-call --versions on minion
00:56 krow joined #salt
00:57 krow1 joined #salt
00:58 garthk __number5__: https://gist.github.com/garthk/7a684d53c57d2b546d12
00:59 garthk __number5__: added salt-call --versions to the gist
01:03 __number5__ garthk: your python-zmq is too new (14), salt still using 13 and zeromq 3.x
01:03 garthk Aah; import zmq gives me the cffi import error.
01:03 oz_akan_ joined #salt
01:03 garthk __number5__: so, I need to pin that down?
01:03 __number5__ garthk: remove the chris-lea/zeromq ppa
01:04 __number5__ hmm, better to uninstall python-zmq before removing the ppa
01:04 garthk __number5__: that might cause some fun with another dependency, but OK :)
01:04 garthk __number5__: thanks for nailing that down
01:05 __number5__ garthk: no worries
01:06 __number5__ garthk: you can try manually install cffi, but that will not guarantee salt will work
01:09 ipalreadytaken joined #salt
01:10 fatbox joined #salt
01:13 Kyle joined #salt
01:14 dman777_alter joined #salt
01:14 garthk I'll add an issue for this just to document it.
01:16 transtipper joined #salt
01:16 transtipper Problem for all of you salty cats.
01:16 rglen joined #salt
01:16 transtipper My salt master just crashed and burned for no good reason.
01:16 transtipper Log has this before it crashed and burned: 2014-03-26 19:27:09,163 [salt.utils.verify][WARNING ] Unable to bind socket, error: [Errno 98] Address already in use
01:19 transtipper Reason why this is critical is exactly what happened to this fella: http://irclog.perlgeek.de/salt/2012-05-09#i_5565820
01:19 transtipper Shut down a corporate network is what it did.
01:19 machmalabala joined #salt
01:20 transtipper I've created a state table to limit max connections to my master
01:21 transtipper So I think I have a salt bug and an infrastructure issue concerning my firewall which I believe I have addressed.
01:21 arthabaska joined #salt
01:22 transtipper But I have no idea where to look for more issues with my master. This used to happen a bit more frequently, but has leveled out lately.
01:22 transtipper Version .15xxx was rough.
01:22 transtipper This is the first on .17whatever I have
01:23 transtipper sorry, my version for my master is salt 2014.1.0
01:24 Katafalkas joined #salt
01:25 fllr joined #salt
01:35 RandalSchwartz cmd.run must be doing spooky stuff
01:36 RandalSchwartz it says it is executing my command
01:36 RandalSchwartz but my command looks like (....) | somecommand >/tmp/database_reload 2>&1
01:36 RandalSchwartz and yet the file is not created yet
01:36 RandalSchwartz WTF is it doing
01:37 transtipper is the command still running before it gets piped?
01:37 arthabaska joined #salt
01:38 RandalSchwartz "before"?
01:39 transtipper Yea, poor choice of words there. If you look at running process, is the command still running?
01:39 RandalSchwartz when?
01:39 transtipper now
01:39 transtipper if the file isn't created, then is it still executing?
01:39 transtipper What command exactly are you running?
01:40 RandalSchwartz this is weird... I broke the pipe into (...) >/tmp/xx; othercommand </tmp/xx
01:40 RandalSchwartz and it still isn't creating /tmp/xx
01:40 RandalSchwartz is it intercepting /bin/sh things for itself
01:40 RandalSchwartz and then bloating?
01:40 transtipper can't imagine. just try to do a simple touch with cmd.run
01:40 transtipper see if you can even write to the local. If that doesn't work, make sure you are targeting the right minion
01:41 RandalSchwartz ok - I'll try a touch before the first command
01:41 RandalSchwartz no, this is salt-local
01:41 transtipper oh, well then.
01:41 RandalSchwartz I can't imagine it running the () without having created at least /tmp/xx though
01:41 RandalSchwartz well - there it goes, exceeding swap again
01:42 RandalSchwartz I've execute the same thing from command line, and it works just fine... no breakage
01:42 RandalSchwartz ok - touch /tmp/I_AM_STARTED is touched
01:43 RandalSchwartz but where is the subshell lingering off to?
01:43 RandalSchwartz ok - screw that... no ()
01:43 druonysus RandalSchwartz: did you try wrapping it in shell? something like: cmd.run /bin/bash -c "command | command > file"
01:43 RandalSchwartz no bash on this machine happily
01:43 njs126 joined #salt
01:44 transtipper What shell are you using then?
01:44 druonysus RandalSchwartz: that was just an example... it doesn't have to be bash
01:44 justlooks joined #salt
01:44 Hipikat left #salt
01:45 sijis whiteinge: i think i know what the problem is. i never realized but api is a daemon. ;/
01:45 untamo13 joined #salt
01:45 RandalSchwartz ok - completely separated every step
01:45 sijis whiteinge: i should know more in a few hours when im able to test it
01:45 justlooks hi, how can i disable one of default grain item?
01:45 MindDrive joined #salt
01:45 MindDrive left #salt
01:45 MindDrive joined #salt
01:46 RandalSchwartz python must do some sort of internal sh simulation or something
01:46 RandalSchwartz absorbing the ( ... ) | internally
01:46 transtipper try escaping them
01:47 RandalSchwartz the shell won't like that :)
01:47 RandalSchwartz if this works, I'm moving on
01:47 transtipper are you encapsulating the command in " "?
01:48 RandalSchwartz encapsulating?
01:48 jalbretsen joined #salt
01:48 transtipper yea, for instance, salt '*' cmd.run "touch meow"
01:48 transtipper i totally used '' and ""
01:48 transtipper bad form I know, but I did:)
01:48 RandalSchwartz I'm using name: |
01:48 RandalSchwartz and then next few lines for the shell
01:49 krow joined #salt
01:49 ahammond joined #salt
01:49 renoirb joined #salt
01:49 srage joined #salt
01:49 meteorfox joined #salt
01:49 alunduil joined #salt
01:49 toofer joined #salt
01:49 raizyr joined #salt
01:49 chuffpdx joined #salt
01:49 dpac|away joined #salt
01:49 madduck joined #salt
01:49 [vaelen] joined #salt
01:49 rhand_ joined #salt
01:49 Mr_N joined #salt
01:49 worstadmin joined #salt
01:49 berto- joined #salt
01:49 adpaolucci joined #salt
01:49 canci joined #salt
01:49 tinuva joined #salt
01:49 beardo_ joined #salt
01:49 Damoun joined #salt
01:49 mjulian joined #salt
01:49 Jahkeup joined #salt
01:49 nliadm joined #salt
01:49 scurry joined #salt
01:49 etw joined #salt
01:49 RandalSchwartz artificial_state_name: \n cmd.run: \n -name: |    [command here
01:50 RandalSchwartz aha.. no pipes worked
01:50 RandalSchwartz something is weird there
01:50 transtipper ahhh, I gotcha. I've not messed with salt like that yet.
01:52 transtipper So why are you calling states like that? Is that normal?
01:52 transtipper I'm only asking because it's different then how I call states
01:52 transtipper You might be on something I don't know:D
01:52 RandalSchwartz "like that"?
01:53 transtipper yea, I apply states to minions like this: http://intothesaltmine.org/blog/html/2013/04/19/configuration_management_with_salt_stack_part_2.html
01:53 garthk https://github.com/saltstack/salt/issues/11573 for the next person
01:53 transtipper see the section on applying states
01:56 andrej Aight ...
01:57 andrej so - in pkg.installed syntax/assumption of the file system layout.  where, under /srv/salt/ would e.g. salt://rpms/foo.rpm live? ... most importantly: where does /rpm/ live?
01:58 andrej Package file salt://splunk_forwarder/splunkforwarder-6.0.2-196940-linux-2.6-amd64.deb (Name: splunkforwarder) does not match the specified package name (splunkforwarder-6.0.2-196940-linux-2.6-amd64.deb).
02:01 njs126 joined #salt
02:02 meteorfo_ joined #salt
02:04 jeremyfelt joined #salt
02:08 garthk So, the best way to have a minion of master A send a command to a minion of master B is with salt-syndic?
02:09 l0x3py joined #salt
02:10 yomilk joined #salt
02:14 dvogt joined #salt
02:18 baniir joined #salt
02:18 estjang joined #salt
02:19 rome joined #salt
02:20 rushm0r3 joined #salt
02:22 n8n joined #salt
02:24 hotsnow joined #salt
02:24 Katafalk_ joined #salt
02:28 seapasulli joined #salt
02:28 garthk Regarding nodegroups defined as YAML lists: uh, no. AttributeError: 'list' object has no attribute 'split'
02:28 andrej Is salt's docu mantained on github?
02:29 andrej I'd like to suggest an adddition to http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html?highlight=pkg%20state#module-salt.states.pkg
02:29 Eugene andrej - https://github.com/saltstack/salt/tree/develop/doc
02:29 andrej thanks Eugene
02:30 mgw joined #salt
02:31 RandalSchwartz I've installed a Perl module from the CPAN with salt now :)
02:31 Eugene Not sure what in there you're looking, but pretty sure thats it.
02:31 andrej RandalSchwartz : my commiserations ;}
02:31 RandalSchwartz nearly all the modules I want are already freebsd ports
02:31 RandalSchwartz but I have one that isn't
02:32 rome joined #salt
02:32 RandalSchwartz so I just depend on its dependencies, then execute it as the final step
02:32 Eugene Soooo I'm finally going to tackle setting up Quagga/OSPF for my networks, with Salt's help. Is there any public work on this sort of thing out there?
02:33 ajw0100_ joined #salt
02:33 Eugene andrej - I believe the docs are autogenerated based on the inline stuff. You likely want something in here? https://github.com/saltstack/salt/blob/develop/salt/states/pkg.py
02:33 RandalSchwartz ..... http://pastebin.com/V0M8dNda
02:34 n8n joined #salt
02:37 mattmtl joined #salt
02:37 andrej Thannks again, Eugene
02:38 andrej I couldn't find what I was looking for in the rst's, that would explain it
02:41 deftpunk joined #salt
02:51 TyrfingMjolnir joined #salt
02:53 n8n joined #salt
02:56 Ryan_Lane joined #salt
02:56 TyrfingMjolnir joined #salt
02:56 garthk Hmm. To check files into /srv? Use the same repo as /etc/salt (PKI excluded, of course)? Just make obsessive backups?
03:03 rome joined #salt
03:09 TyrfingMjolnir joined #salt
03:13 bstr joined #salt
03:22 DaveQB joined #salt
03:22 smcquay joined #salt
03:30 justlooks hi,anyone know how to run state under salt-api?
03:32 allanparsons anyone using cloudformation here?
03:34 n8n joined #salt
03:51 Eugene I have /srv/salt/ as a git repo, with pillars/ and states/ inside of that.
03:52 Eugene /etc/salt/{master,minion} are file.managed
03:54 allanparsons @eugene... ok?
04:01 __number5__ allanparsons: you have salt, you don't need cloudformation
04:01 allanparsons ha ha
04:01 allanparsons not true  (yet)
04:02 __number5__ we have a 2.7k LOC cloudformation template, maintaining is really a nightmare
04:03 __number5__ if you have only 2~3 instances and very simple network setup and not complex cloud-init scripts, cloudformation might be the way to go
04:04 __number5__ otherwise, don't consider it
04:04 allanparsons we break ours down
04:04 allanparsons vpc template, rds networking template, elb + X instances template, CDN + S3 template
04:04 allanparsons we like that autoscale groups create on the fly
04:05 svs joined #salt
04:06 allanparsons but man, the syntax sucks giant donky dick.
04:10 mfournier joined #salt
04:11 torrancew joined #salt
04:21 Networkn3rd joined #salt
04:21 meteorfox joined #salt
04:30 hotsnow salt-master -l debug report this msg: Error: [('system library', 'fopen', 'No such file or directory'), ('BIO routines', 'FILE_CTRL', 'system lib'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'system lib')]
04:30 Gifflen joined #salt
04:31 hotsnow I can’t use tls on halite ?
04:31 hotsnow when i set TLS: False, no error message again
04:32 Networkn3rd joined #salt
04:34 garthk Just hit the knee in the learning curve. Bah.
04:35 ajw0100 joined #salt
04:51 yomilk joined #salt
04:51 TyrfingMjolnir joined #salt
04:56 rushm0r3 joined #salt
05:09 krow joined #salt
05:17 TyrfingMjolnir joined #salt
05:20 anuvrat joined #salt
05:24 seapasulli joined #salt
05:28 jdenning joined #salt
05:32 krow joined #salt
05:35 krow joined #salt
05:38 ravibhure joined #salt
05:41 seapasulli joined #salt
05:41 justlooks why i run # salt-run virt.hyper_info say No minions matched the target. No command was sent, no jid was assigned.  ??
05:45 xmj try running it somewhere
06:17 fllr joined #salt
06:22 ChaosPsyke joined #salt
06:38 garthk Is there a way to preview the output of the pyobjects renderer, or any other?
06:49 stanchan joined #salt
06:53 justlooks what wheel use for ?
06:54 faldridge joined #salt
07:06 vbabiy_ joined #salt
07:08 circ-user-Tn1YY joined #salt
07:10 circ-user-tSbDz joined #salt
07:12 dansoap joined #salt
07:13 dansoap left #salt
07:17 nebuchadnezzar joined #salt
07:17 fllr joined #salt
07:22 roolo joined #salt
07:24 shoma Hi
07:24 j4son hi
07:24 bitmand hi
07:26 shoma left #salt
07:27 shoma joined #salt
07:27 rdorgueil joined #salt
07:57 slav0nic joined #salt
07:59 Kenzor joined #salt
08:01 yomilk joined #salt
08:01 rdorgueil joined #salt
08:01 rdorgueil joined #salt
08:02 n8n joined #salt
08:10 googolhash joined #salt
08:12 n8n_ joined #salt
08:14 mike25ro joined #salt
08:15 n8n__ joined #salt
08:17 fllr joined #salt
08:23 martoss joined #salt
08:24 jforest joined #salt
08:24 harobed joined #salt
08:26 martoss left #salt
08:26 MTecknology joined #salt
08:27 CeBe joined #salt
08:30 balboah joined #salt
08:30 garthk joined #salt
08:33 pescobar joined #salt
08:37 topochan joined #salt
08:42 rdorgueil joined #salt
08:43 yomilk_ joined #salt
08:44 scalability-junk joined #salt
08:45 think-free joined #salt
08:49 n8n joined #salt
08:49 Hipikat joined #salt
08:51 n8n_ joined #salt
08:53 swissknife joined #salt
08:57 ze- hi. anyone here using salt acl ?
08:57 swissknife left #salt
08:59 x5257 joined #salt
09:03 carlos_ joined #salt
09:05 hartym joined #salt
09:06 TamCore_ why isn't it possible to specify multiple ranges when using ipcidr matching in top.sls? :(
09:10 johtso joined #salt
09:10 johtso how can I debug where salt is looking for states, and what states it has found?
09:10 yomilk joined #salt
09:11 ze- johtso: what do you mean with "what states it has found" ?
09:12 ze- list of states matching your top file, or list of states available ?
09:12 johtso well, I'm expecting to have a state available but it's telling me it doesn't exist, so I must have some kind of configuration issue
09:12 johtso I'm using salt-ssh, and I'm trying to store the config and states in a non standard location
09:12 ze- I think "salt-call cp.list_states" gives a list of available states.
09:13 ze- i have no experience with salt-ssh
09:13 johtso aha, so that gives me nothing
09:13 babilen TamCore: You can have multiple, but you can't simply combine those that have similar states (i.e. you cannot have an ipcidr compound matcher AFAIUI)
09:14 ze- johtso: try cp.list_master
09:14 ze- it list all files available from master.
09:15 ze- and for debug... have you checked the log ? try to increave verbosity if you don't find enough. :)
09:16 ze- log_level - default to warning,place it to debug or trace if you want more output
09:16 Katafalkas joined #salt
09:17 fllr joined #salt
09:17 johtso ze-, hmm, when I run "salt-call -c . --local cp.list_states --log-level=debug" I see "Configuration file path: /etc/salt/minion"
09:18 johtso that's unexpected.. seems like it's ignoring the -c option?
09:21 johno joined #salt
09:22 ze- johtso: seems so. have you tried with a full-path, instead of . ?
09:22 ekristen joined #salt
09:22 giantlock joined #salt
09:23 TamCore babilen: I was using a single block for each range, but that was bloated as hell. Now I'm using a single block based on match: compound, but specifing all ranges comma separated in a match: ipcidr block would be cleaner
09:23 TamCore so I opened a feature request, hoping this will get implemented someday :)
09:24 johtso ze-, ah, that's working now, think I just had a slightly wrong path. still nothing from cp.list_states though
09:24 johno hi there, i am looking for some kind of best practice how to version our infrastructure configuration. salt and salt-cloud seem to use /etc/salt and /srv/salt /srv/pillar directories. we have multiple developers working on pillars, states and cloud profiles/maps. what is the prefered way to do this. from what i read you just log into master, edit a couple of configs and run commands. surely there is a better way.
09:24 babilen TamCore: I agree. I am simply under the impression that you cannot use ipcidr in compound matching, but that does by no means imply that that is actually the case (quite new to all this)
09:25 johtso ze-, my master config has my path to the directory containing the top.sls file defined in file_roots
09:25 TamCore babilen: you can, 'S@10.0.0.0/8 or S@172.16.0.0/16 or S@192.168.0.0/16' works fine
09:25 babilen johno: We are using GitFS and external git pillars -- http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html -- combined with a number of "blessed" repositories to which selected devs can push and that are being checked out by the master it makes it quite easy to collaborate.
09:26 johno babilen: yup that's what we are trying to do. so you have git repos for /etc/salt and /srv/salt for example?
09:26 babilen TamCore: Oh, that is great. But doesn't seem to be what you want given that you opened a feature request
09:26 ajo_ joined #salt
09:26 johno states and pillars are easy and thats documented.
09:28 TamCore babilen: it is what I want, more or less. i think '10.0.0.0/8,172.16.0.0/16,192.168.0.0/16' as ipcidr-matching would be cleaner
09:28 babilen johno: Well, /etc/salt is simply configured once on the master (we use etckeeper to track changes, but don't do anything fancy with that) but the states and pillars come from multiple git repositories (that are essentially combined into a single "state space")
09:28 ajo_ I have deleted the salt key of one minion from my salt master using salt -d minionname ..... Now I need to add it back. how can this be done?
09:28 babilen TamCore: Okay, but the compound matching isn't that far off ... i mean it is just a bit more typing/line noise but functionally identical
09:29 johno babilen: do you use salt-cloud? since all profiles/maps are stored in /etc/salt
09:29 ajo_ I have installed salt in two ubuntu vms
09:29 elfixit joined #salt
09:29 ajo_ 3 vms. one is master and others minions
09:30 babilen johno: No - but you could probably manage salt with salt itself (cf. https://github.com/saltstack-formulas/salt-formula or something similar if that doesn't do everything you need it to do yet)
09:31 ajo_ helloo
09:31 babilen johno: Can't really help you with the cloud aspect there, but GitFS and external git pillars work great
09:31 babilen ajo_: good morning
09:31 ajo_ Good Morning you too :-)
09:31 babilen ajo_: Is it listed by "salt-key -L" ?
09:31 ajo_ its not showing up now
09:32 johno @babilen: maybe we just symlink the needed /etc/salt dirs to a git repo or look at the etckeeper
09:32 ze- johno: babilen: we have everything (states, pillars, extmods, etc) gathered in a git repository, and just git pull on the master to update and get the latest versions.
09:32 ze- could be hooked to keep fresh. keeps tracks of changes, and makes rollback easy.
09:32 babilen johno: etckeeper is just a tool to track changes to /etc automatically in git, it isn't really a tool that allows you to manage /etc with multiple developers.
09:33 mfournier joined #salt
09:33 bhosmer joined #salt
09:33 babilen ze-: Why that and not GitFS? I am very happy with that functionality and like it that I am able to just "git push customer-master master" to "deploy" those changes.
09:34 ajo_ bablen: My concern is to rename the minion, which ive done.. but it was showing the same name. I deleted the keys from master and from the minion itself
09:35 ajo_ now how do I generate a new key in the minion and add it to master?
09:36 ze- babilen: when I started, it was a paint to have it use a subdirectory of the repository, and not other branches.
09:36 yomilk_ joined #salt
09:36 ze- plus, it doesn't handle extmods that should only be on master
09:37 babilen ze-: Ah, so you keep one subdirectory per, say, customer/other-group-of-minions rather than one repository each?
09:39 x5257 Hi, I'm having trouble installing salt 2014.1.1 from pip on osx; "package init file 'salt/templates/__init__.py' not found". Any ideas what is happening?
09:39 johno babilen: the issue here is that with salt-cloud you have basically 2 directories to manage /srv/salt and /etc/salt. with gitfs for states/pillars its easy because you have support out-of-the-box. something like gitfs for salt-cloud would be awesome
09:40 babilen johno: Sorry, my lack of experience with salt-cloud prevents me from helping you further
09:41 TamCore babilen: I know, but the first thing a normal user would try is a comma separated list of ip ranges, so I think that's something that should be implemented
09:41 johno babilen: ok, thanks anyways.
09:41 babilen TamCore: +1
09:44 ze- babilen: non, in my repo, I have a base directory for pillars (that must NOT be accissible via salt://), one directory for saltfs (salt://), and one for extmods (extension_modules)
09:46 harobed_ joined #salt
09:47 harobed_ joined #salt
09:49 CeBe joined #salt
09:52 babilen ze-: Ah, fair enough. I use GitFS for salt:// (multiple repositories combined) and an external pillar. Have to confess that I am unfamiliar with extension_modules yet ... what are they and why would I want them?
09:56 ze- babilen: where do you have the code for your external pillars ? :)
09:57 ze- I have the code that fetches my external pillar there.
09:57 ze- and recently started with runners
10:01 babilen ze-: Well, I use git as external pillar
10:01 Dave_Kelliher joined #salt
10:02 ze- babilen: git, so they are stored as files. I have them in a more database system, accessed via an api, ... more dynamic than stored in flat files.
10:03 ze- that's why I need some code to get them :)
10:03 Succed joined #salt
10:03 babilen ze-: Sure, thanks for elaborating
10:04 CeBe joined #salt
10:04 ze- and runners. I need to aggregate informatinos from different host to present them together.
10:05 ze- and an other thing will be to use a runner to orchestrate stuffs on a few dynamic hosts, in a way orchestrate wouldn't work well enough.
10:11 che-arne joined #salt
10:16 mikkn Right.. So, I have a module that runs a command with a tool after installing it. The tool connects with a server at http://localhost. When running salt-call --local state.highstate it works fine, both in a testing environment and on the actual server
10:17 mikkn When running it through salt 'server*' state.highstate, the command fails with "binary not found"
10:17 mikkn even though the module is using which imported from salt.utils in the same way found in other modules (and the binary is on the path in /usr/local/bin/)
10:17 mikkn It's using which in a way to determine if the module should be loaded or not depending on if the binary is present or not, so the which check passes, and then when I try running the command I get a 127 error code from /bin/sh with "1: devpi: not found"
10:17 mikkn Anyone has any ideas on what might be going wrong?
10:17 fllr joined #salt
10:27 johtso joined #salt
10:35 MrTango joined #salt
10:40 TyrfingMjolnir joined #salt
10:41 hazzadous joined #salt
10:45 yomilk joined #salt
10:46 andabata joined #salt
10:49 TyrfingMjolnir joined #salt
10:54 harobed joined #salt
11:09 diegows joined #salt
11:19 fllr joined #salt
11:23 clemenko joined #salt
11:23 clemenko left #salt
11:23 jslatts joined #salt
11:41 DaveQB joined #salt
11:48 lynxman joined #salt
11:50 TamCore I have a pillar (lets call it foo) that sets a variable (lets call it xyz). but "salt \* match.pillar foo:xyz" always returns False. The pillar's init.sls only contains "xyz: somestring" and is definitely working (When I request that variable from within a normal state via {{ grains['xyz'] }} it works). Any ideas?
11:53 gadams999 joined #salt
11:54 gadams999 joined #salt
12:04 toastedpenguin joined #salt
12:08 transtipper joined #salt
12:10 mikkn TamCore: Was it a typo that you wrote {{ grains['xyz'] }} instead of {{ pillar['xyz'] }} ?
12:11 mikkn TamCore: In any case, the problem is that you don't match the pillar in foo:xyz, the name of the sls is only for the top.sls in the pillar roots. The name of the sls in other contexts doesn't matter, the data could be anywhere. You should try "salt \* match.pillar xyz" instead
12:12 jcsp joined #salt
12:12 baniir joined #salt
12:15 ekristen joined #salt
12:17 fllr joined #salt
12:22 untamo13 joined #salt
12:26 baniir joined #salt
12:29 sroegner mikkn: i just tried the match.pillar and couldn't get True for a response for anything
12:30 sroegner mikkn: wondering now if that actually works
12:30 harobed joined #salt
12:31 TamCore mikkn: nope, I'm using grains['xyz'] to access that variable from within my state :D
12:35 TamCore however I wasn't able to get a True result from match.pillar :D
12:37 shoma left #salt
12:37 shoma joined #salt
12:41 oz_akan_ joined #salt
12:41 mikkn TamCore: I've never used the match module directly before, but now when trying it a bit you cannot use it to see if a pillar is set, you use it to see if a pillar is a specific value.
12:41 mekstrem joined #salt
12:43 mikkn TamCore: So, what you need to do is "salt \* match.pillar xyz:something", but maybe that is not your use case. And it must be a grain and not a pillar you're setting if you can access it through {{ grains['xyz'] }} or you must have it as both a grain and a pillar. They are two different concepts defined at two different places.
12:44 mikkn TamCore: If you want to see if a value is set in pillar, you can use "salt \* pillar.get xyz" and that should return an empty string if it is not set.
12:45 ipmb joined #salt
12:45 shoma joined #salt
12:47 DelPede joined #salt
12:47 sdlarsen left #salt
12:48 shamil joined #salt
12:48 oz_akan_ joined #salt
12:48 harobed joined #salt
12:52 crane hey ho folks, can someone explain me why salt is not restarting my service if i change my config file salt should watch for? http://dpaste.com/1759052/
12:55 TamCore mikkn: thanks! Got it. Now I'm using "has_xyz: true" in my pillar (along with other variables) and checking it with match.pillar "has_xyz:true" in my states top.sls :)
12:55 Linz joined #salt
12:58 harobed joined #salt
13:05 jaimed joined #salt
13:06 harobed_ joined #salt
13:07 sandbender1512 joined #salt
13:10 rome joined #salt
13:15 mekstrem joined #salt
13:17 mikkn crane: The watch statement should be under the service "group", but right now it is next to the service statement instead. It should look like this: http://dpaste.com/1759180/
13:17 fllr joined #salt
13:20 crane mikkn, ouh... yeah... right. this makes sense.
13:20 harobed joined #salt
13:21 sroegner joined #salt
13:21 patrek joined #salt
13:27 harobed_ joined #salt
13:28 rome joined #salt
13:29 faldridge joined #salt
13:31 dan_johnsin joined #salt
13:31 gtmtech joined #salt
13:31 gtmtech Hi
13:32 gtmtech I can't make any sense out of how to do salt cron http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cron.html
13:32 gtmtech What's all the date > /tmp/crontest nonsense about ?
13:32 shoma joined #salt
13:33 timoguin joined #salt
13:34 gtmtech oh right .. its the command
13:34 faldridge joined #salt
13:36 vejdmn joined #salt
13:38 stanchan joined #salt
13:41 tyler-baker joined #salt
13:42 R_Shackleford joined #salt
13:44 harobed joined #salt
13:44 Gifflen joined #salt
13:45 rome joined #salt
13:45 Gordonz joined #salt
13:46 mtaylor joined #salt
13:47 Ahlee so it doesn't look like salt-call works if salt-minion is not running as daemon mode
13:48 kermit joined #salt
13:48 thedodd joined #salt
13:48 Gordonz joined #salt
13:49 ze- Ahlee: salt-call tend to work even if salt-minion is not running.
13:49 fllr joined #salt
13:49 seapasulli joined #salt
13:49 Ahlee ze-: You'd think so, wouldn't you?  Yet if I have salt-minion running from within supervisord thus not in daemon mode, no returns are making it back to the master
13:49 mpanetta joined #salt
13:50 ze- Ahlee: well, i stopped my salt-minion, and used salt-call.
13:50 ze- I get the return directly in my screen...
13:50 ze- not sure about returns to the master :)
13:51 _fllr_ joined #salt
13:55 rome joined #salt
13:55 Katafalkas joined #salt
13:56 rome joined #salt
13:57 kaptk2 joined #salt
13:58 Dave_Kelliher joined #salt
13:59 CeBe1 joined #salt
14:00 harobed_ joined #salt
14:01 rushmore joined #salt
14:02 mjulian joined #salt
14:04 diegows joined #salt
14:04 krak3n` joined #salt
14:10 seapasulli joined #salt
14:17 fllr joined #salt
14:18 mpanetta joined #salt
14:19 vortec_ joined #salt
14:22 alfborge joined #salt
14:23 alfborge I want to use the Webhooks bit in salt-api, but it seems this hasn't been released yet.  Anyone know when this will be out?
14:23 babilen Not sure if it can be done, but: Is there a way to get a list of all matching minions in a state? I essentially want to generate a configuration file that includes a section for every minion in foo-web*.example.com and I am now listing them manually in a pillar. Can I somehow get that list dynamically from the master?
14:24 fedgoatbah joined #salt
14:28 GradysGhost joined #salt
14:33 obimod joined #salt
14:33 Gifflen joined #salt
14:36 millz0r joined #salt
14:38 jslatts joined #salt
14:39 mgw joined #salt
14:40 mikkn Ahlee: This is a bit of speculation from my understanding of salt. When you do a local state run through salt-call it doesn't get assigned a job id from the master since it's not issued by the master, hence no return is sent back to the master. You should be getting the result of the state run in your console, though.
14:40 mikkn Sorry for the late reply. :)
14:42 grosjean joined #salt
14:42 grosjean hi all
14:42 obimod heyo
14:42 fragamus joined #salt
14:42 grosjean i have a question about salt :)
14:42 grosjean can a master be a minion too ?
14:43 jcockhren grosjean: yes
14:43 obimod master of masters
14:43 grosjean so i can prepare job locally before to push to other minion ?
14:43 jcockhren there's the syndic system
14:44 jcockhren which makes job passthrough to other, lower level minions
14:44 Ahlee mikkn: no worries on being late, and that's actaully a sound theory.  Ultimately my issue is actually when salt's running in the foreground items like cmd.run "su - user" don't return, the only other case I could reproduce it was salt-call which is less odd, in my opinion
14:44 grosjean thanks jcockhren, didn"t knwo about that
14:45 jcockhren to control the syndic itself, it has to be a minion
14:45 obimod does anyone have a good example of the gitfs being used along with remote command runs on those git-pulled files?
14:45 mikkn babilen: Using the same matching logic, you could use the salt mine to get such information. Salt mine is a caching layer, though so it does not get automatically updated if say a minion should drop out of the pool, but you may have a delay of up to 60 minutes depending on the salt mine configuration. You can also allow peer to peer command runs and allow a single command, like test.ping or so.
14:45 obimod i imagine there's some github code i could cheat from
14:46 mikkn grosjean: If it's for purely testing, you should be looking into a masterless minion and running the state runs in a virtual machine or so by issuing "salt-call --local state.highstate"
14:46 mikkn I'm using salts testing dockers for that. :)
14:47 grosjean ok thanks
14:47 mikkn Ahlee: For commands like that you're left in a process that does not terminate
14:47 grosjean my goal is to prepare some jobs before to push them on minion nodes
14:47 mikkn i.e a bash shell
14:48 Ahlee mikkn: Correct. However, in daemon mode, it is functional
14:48 mikkn You can't really have them terminate by using & at the end (I've tried)
14:48 Ahlee so daemon mode and non-daemon mode is treating it differnet
14:48 baniir joined #salt
14:48 Ahlee i can only speculate as to it has to do with tty handling
14:49 alunduil joined #salt
14:49 Ahlee but, sadly items have been built around the functionality, so now I need to determine if it's easier to fix salt or the processes
14:49 alunduil joined #salt
14:49 mikkn Ahlee: That might well be. The bash shell will probably just terminate if it doesn't have a tty to attach to
14:49 mikkn As it won't have in daemon mode
14:49 mikkn It sounds like the script is doing things in an awkward way
14:49 Ahlee That's an understatement. :)
14:50 [diecast] joined #salt
14:50 mikkn Shouldn't be too hard to prepend the lines with "sudo -u user" instead? :)
14:50 Ahlee mikkn: it's more "This thing broke with this change, we don't like things breaking, and we don't like changing things, so figure out the why"
14:51 rgbkrk joined #salt
14:51 GradysGhost joined #salt
14:51 Ahlee The irony is not lost on me that they'd prefer I patch salt than patch their crappy script, but I digress
14:51 mikkn Ahlee: The tty-thing is probably the culprit
14:52 moos3 in a .sls file is there away to get all the nodes that share the same stack like when you do salt 'blah*' cmd.run ... ?
14:52 baniir any thoughts why on freebsd, service.running enabled: true would report back the state successfully completed on its very first run, but actually the service isn't running afterwards. subsequent highstate calls straighten things out though
14:54 mikkn Ahlee: I'm assuming the script isn't working in daemon mode, hence you started debugging it in non-daemon mode? :)
14:55 jergerber joined #salt
14:55 Ahlee mikkn: reverse that, we moved salt-minion to be running under supervisord, and supervisord requires processes to run in the foreground
14:55 Ahlee it works in deamon mode as we get the return immediately that su - foo exits
14:56 Ahlee in non-daemon, we do not get a return so the script hangs
14:57 mikkn Try adding an exit at the end of the script to test our theory :)
14:58 rushmore anyone able to run master as a non priv user ? i've tried setting user & client_acl, changing dir/bin/file permissions etc but either get the unable to change from root error on all salt-* binaries or in some cases "failed to connect to master, is it running" error. starting to reach my wits end here
14:58 ipmb joined #salt
14:59 rushm0r3 joined #salt
15:03 fllr joined #salt
15:04 dave_den joined #salt
15:04 jslatts joined #salt
15:05 mikkn rushmore: Not really able to help, but rather interested in the case that prompts this question.. Why do you want to do that?
15:06 babilen mikkn: I'll look into that, but would prefer deterministic behaviour and will therefore most likely stick to enumerating them explicitly in my pillar (and dealing with the necessity to update that whenever something changes)
15:07 untamo13 joined #salt
15:07 conan_the_destro joined #salt
15:08 x5257 joined #salt
15:09 rushmore mikkn, have several use cases where i need to execute from CLI or have a system user (ie: web app)  execute from CLI where running as root just is a bad idea and running cherrypy isn't an option.
15:10 rtucker joined #salt
15:10 quickdry21 joined #salt
15:10 rallytime joined #salt
15:11 rgbkrk joined #salt
15:12 higgs001 joined #salt
15:13 rushmore in many cases i can get salt by itself to run unprivileged, but trying to use salt-run, -key, etc all implode due to the fact that even if i start up salt-master as unpriv user, some background process creates a su execution to run the first instance while the additional instances run as unpriv, it would appear that all the salt-* binaries take execution command from the priv one
15:13 jeremyBass1 joined #salt
15:14 ze- rushmore: have you set the user: xxx in /etc/salt/master ?
15:15 ze- I have everything as a single non-root user for tests, and it works. not inter-user connection though.
15:15 rushmore ze: yeah, i get mixed results with it.. usually the "can't connect to salt-master, are you sure it's running" issue
15:16 alfborge It seems that I can do: pip.installed: -names: ['list', 'of', 'packages']
15:16 timoguin I run mine as the 'salt' user, Ubuntu 12.04 w/ Salt 2014.1
15:16 alfborge However when I look at the source code I don't see how this can work.
15:16 alfborge Anyone able to explain?
15:16 timoguin I had to set some permissions in /etc/salt and /var/cache/salt. I think that's all I did.
15:16 ze- rushmore: even if you run as the same user as the one that launched the salt-master ?
15:16 rushmore timoguin...using the same setup
15:16 rushmore ze: yep
15:17 rushmore http://pastebin.com/bUvddSAX
15:18 timoguin rushmore, have you tried running the master in debug to see if it's throwing errors?
15:18 rushmore every time
15:18 rushmore no errors
15:18 ze- rushmore: what about the salt -l debug '*' test.ping ?
15:18 ze- debug on the "client" side would also help
15:19 rushmore i'll run one into pastebin here for ya.
15:22 ze- http://pastebin.com/B5ikEkHB
15:23 ze- that's the light debug I get for a working ping.
15:23 ze- running as user
15:23 grosjean arf, i've installed syndic on the master, and get log like this when execute test.ping:
15:24 grosjean An extra return was detected from minion master.local, please verify the minion, this could be a replay attack
15:24 grosjean any idea
15:24 grosjean i'm thinking of misconfiguration ...
15:24 tyler-baker joined #salt
15:24 dmwuw joined #salt
15:27 hunter joined #salt
15:28 obimod can you read / generate files from the pillar?
15:29 obimod i imagine that would be the best way to generate / make available private/public keys
15:30 crane what does a requisite exception man? http://dpaste.com/1759357/
15:30 obimod require: aslongas: or something
15:31 dave_den crane: it means you have a circular dependency between /etc/exports and nfs-server
15:31 mikkn obimod: By writing your own pillar, yes. I made a openssl CA wrapper which is not quite ready for prime time yet
15:31 obimod oh nice! want an extra eye?
15:32 rushmore ze: http://pastebin.com/ukxDFfkX
15:32 obimod eye / pair of hands
15:32 mikkn obimod: It's not so much an extra eye so much as that it's very crude with lots of hard coded stuff in it :)
15:32 obimod ooo
15:33 gammalget joined #salt
15:33 obimod i think i'll use easy-rsa as a git filesystem, pull that in, and run sed / bin exec commands from that to generate ssl certs
15:33 ze- rushmore: rights on /var/run/salt/master/master_event_*.ipc ?
15:33 mikkn I can see if I can extract it, the problem is that you need a pillar, a state, grains and a module for it
15:33 obimod that's a good task for today
15:33 rushmore ze: my first guess would be the .salt file for the user, but it would appear you have that as well
15:36 dave_den rushmore: you should create a /home/colin/.salt config that sets the root_dir and cache_dir to something in your home dir, unless you are really managing permissions to give "colin" ownership of /etc/salt and /var/run/salt*, and /var/cache/salt*
15:36 rgbkrk joined #salt
15:36 ze- rushmore: as said. check rights on the ipc sockets
15:37 rushmore k. thx dave_den. did not see that in the docs anywhere. just copy from /etc/salt/master ? ze: will do
15:37 crane dave_den, thanks, that solved it :)
15:37 dave_den rushmore: yes, you can use /etc/salt/master as a start
15:38 rushmore thx.
15:38 dave_den crane: cool, np
15:38 obimod crane: fix it with cmd.wait?
15:39 crane obimod, no i was refering my config file to a service and told my service to watch out for the config file
15:39 obimod crane: gotchya
15:39 crane indeed ^^
15:40 Miouge joined #salt
15:41 untamo13 joined #salt
15:41 obimod mikkn: maybe a forumla-like architecture would be fitting for this solution?
15:43 meteorfox joined #salt
15:44 obimod http://docs.saltstack.com/en/latest/topics/conventions/formulas.html 404's on me
15:44 obimod might also want to reduce the server info output on that server
15:44 obimod just a thought
15:45 mikkn obimod: The plan is to have it merged in mainline salt since it's pillar, state and module and there's no way you can do a formula that includes an ext_pillar easily. :)
15:46 obimod mikkn: ooo that sounds like the way to go
15:46 mikkn Or well, I plan on putting up a pull request at least and then we'll see if it gets merged :)
15:46 obimod : )
15:46 rushmore ze:, dave_den: thanks. was pulling my hair out on that one. seems to be working now... can i send ya'll a dogecoin tip ? gimme an address if you have one :)
15:46 timoguin yay. :)
15:47 timoguin I did not know about .salt
15:47 timoguin Is that documented?
15:47 jcockhren timoguin: haha no
15:47 rushmore i didn't see it anywhere.
15:47 jmccree Anyone else seeing slowness on the newest minion version?
15:47 ze- rushmore: what did you have to change ?
15:48 alfborge Anyone know if there is a way to have salt reactor files in gitfs?
15:48 obimod mikkn: that's a good idea--ssl generation support is really needed. if you need or want an extra eye on it lemme know.
15:48 obimod mikkn: it would be also nice to have them gracefully expire after X weeks
15:48 rushmore the /var/run/salt/master permissions fixed it immediately... but like dave_dens solution as well. works better for the environment i'll be running this stuff in
15:49 mikkn obimod: Well, you can set for how long the certificate is signed for at least
15:49 dave_den rushmore: heh, no i don't have a dogecoin address. thanks is good enough
15:49 obimod mikkn: ooo good point
15:49 mikkn obimod: I'll put it up somewhere and I'll link you. :)
15:50 obimod mikkn: yay
15:51 Miouge hello, do you guys know of someone working on a windows gpo module/state for salt ?
15:51 seapasulli joined #salt
15:52 alfborge I guess not.
15:53 ChaosPsyke joined #salt
15:53 ajprog_laptop joined #salt
15:54 jalbretsen joined #salt
15:55 frasergraham joined #salt
15:56 ocdmw joined #salt
16:00 Shockwave joined #salt
16:01 Shockwave hi people
16:01 Shockwave how are you!
16:01 Shockwave I need to help me with salt
16:01 Shockwave is very complicated for me
16:04 zirpu left #salt
16:04 rgbkrk joined #salt
16:06 jdenning joined #salt
16:06 whiteinge alfborge: i'm thinking a new salt-api release can be cut by next week
16:06 babilen Shockwave: There is very little we can do if you don't ask a more specific question ;)
16:06 helix7 joined #salt
16:06 KyleG joined #salt
16:06 KyleG joined #salt
16:06 alfborge whiteinge: sweet, thanks
16:06 whiteinge alfborge: what kind of packages do you need?
16:06 smcquay joined #salt
16:07 grosjean i'm a bit confused with the salt-syndic
16:07 grosjean i try to use the salt-syndic on the salt-master
16:07 alfborge whiteinge: I've just started looking at this, so I'm not really sure.  I'm basically just setting up triggering of deployments from our CI server.
16:07 musinsky_ hey guys, im trying to use salt to send a message over xmpp, but when i try to test with 'salt-call xmpp.send_msg blah blah blah' from the minion, i get a message that function xmpp.send_msg is not available
16:08 mikkn obimod: https://github.com/saltstack/salt/pull/11588
16:08 musinsky_ any ideas what im doing wrong?
16:08 whiteinge alfborge: i meant deb/rpm/etc
16:09 alfborge whiteinge: Ah, I've been using the pip.installed state
16:09 whiteinge ah :)
16:09 alfborge whiteinge: But I'm on ubuntu, so I might as well use debs if that's "better" :)
16:09 rgbkrk joined #salt
16:10 mikkn musinsky_: Do you have teh sleekxmpp python module
16:10 whiteinge alfborge: gotcha. well the develop branch is stable, so feel free to pip install that if you want the web hook stuff sooner
16:10 alfborge Currently I'm working around the lack of 0.8.4 by using a vcs reference in pip
16:10 alfborge right :)
16:10 whiteinge ah, great :)
16:10 ravibhure joined #salt
16:10 alfborge This stuff looks awesome by the way.
16:11 whiteinge nice! i'm glad it's useful
16:11 musinsky_ mikkn: i did not, i installed that and now its picked it up. thanks!
16:11 alfborge It's been really nice to work with salt, and the way salt-api even provides a lovely webhook abstraction is great.
16:12 mikkn musinsky_: No worries. :)
16:12 alfborge Anyway, got to run.  Thanks for following up my question whiteinge.
16:13 obimod mikkn: thx!
16:14 bmdesmet joined #salt
16:14 whiteinge kedo39: did anyone follow up with you on your nginx formula?
16:16 sijis whiteinge: hey. so i finally got it working, without ssl though.
16:18 ipalreadytaken joined #salt
16:18 mgw joined #salt
16:18 obimod mikkn: i've stumbled accross this easyrsa shell script which you might be able to wrap around for more power w/ less cost https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/easyrsa
16:18 bmdesmet_ joined #salt
16:19 sijis whiteinge: i didn't realize that api ran as a daemon (which uses cherrypy). i just never put it together. so i didn't need to setup apache at all.
16:19 obimod mikkn: just a thought : ) i like the implementation so far.. you're totally write about the module needing to exist
16:20 mikkn I prefer wrapping openssl directly for many reasons, but the main reason is that it's silly to restrict yourself to a wrapper script when the underpinnings aren't very complicated to start with. :)
16:20 kballou joined #salt
16:21 mikkn obimod: The easyrsa is mainly for direct administration through the command line. :)
16:21 whiteinge sijis: dang! i assumed you had an existing apache set up you wanted to reuse. (that said, i do need to make sure that works as well)
16:21 _jslatts joined #salt
16:21 obimod mikkn: that's another good point : )
16:21 swissknife joined #salt
16:21 sijis whiteinge: yeah. i did have apache already setup and was just going to add another vhost.
16:22 sijis whiteinge: i decided last night to use a vagrant centos vm and build all from begining to see if i missed a step. then i saw the salt-api running since i was seeing port conflicts. then i got a *ohhh* moments
16:23 sijis whiteinge: in either case... i have it working.. but the ssl stuff is just not working. i have disable_ssl: True (things work), comment it out.. stops working
16:24 sijis whiteinge: i did setup the self sign cert with 'salt-call tls.create_self_signed_cert' command. not sure what i'm missing
16:24 swissknife left #salt
16:24 sijis whiteinge: i can't think that port i use (80) is a factor.
16:25 sijis whiteinge: as an added note, some salt-api stuff does to into master log
16:25 whiteinge good to know
16:25 whiteinge what's the SSL issue? is the salt-api daemon starting?
16:26 Linz joined #salt
16:26 KyleG1 joined #salt
16:26 mikkn obimod: I'm heading home for the day, but post any comments on the pull request and I'll be replying and adressing them as much as I can. :)
16:26 obimod mikkn: will do, thx!!
16:26 sijis whiteinge: daemon is starting and accepts connections. i just keep getting 'bad requests'
16:26 obimod mikkn: see you 2morrow
16:27 obimod mikkn: or ttys, rather
16:27 kvbik joined #salt
16:28 sijis whiteinge: if it helps http://paste.fedoraproject.org/89229/37710139/
16:29 KyleG joined #salt
16:31 sijis whiteinge: as a side note.. using apache for api gave a warning about unable to read /etc/salt/master on startup. default perms were 660. i updated it to 666 and it started up.
16:31 sijis whiteinge: anyhow.. right now i'm not using apache at all
16:36 KyleG1 joined #salt
16:38 timoguin rushmore, dave_den, I created an issue to document /var/run/salt and ~/.salt: https://github.com/saltstack/salt/issues/11589
16:38 schimmy joined #salt
16:38 timoguin fyi
16:39 hunter joined #salt
16:39 KyleG joined #salt
16:41 whiteinge sijis: can you try without pepper? might be helpful to narrow down the moving parts
16:41 schimmy1 joined #salt
16:42 sijis sure
16:44 [diecast] joined #salt
16:45 Ryan_Lane1 joined #salt
16:45 rome joined #salt
16:46 joehillen joined #salt
16:46 hunter joined #salt
16:49 spiette joined #salt
16:50 krow joined #salt
16:50 sijis whiteinge: ignore me. i'm an idiot! -- forgot to update http to https
16:51 cj__ joined #salt
16:51 whiteinge :)
16:51 sijis its all good.
16:51 sijis sorry for the bother
16:51 whiteinge no worries
16:52 sijis whiteinge: i would be interested in sending a patch for the 'reading .pepperrc file'
16:54 cj__ Hi. I'm running v 2014.1.0, on RHEL 6.5 and salt isn't seeing the main RHEL repo
16:55 whiteinge sijis: that would be most welcome!
16:55 sijis whiteinge: i'm think .ini style to keep it simple
16:55 Calum joined #salt
16:56 ChaosPsyke joined #salt
16:56 Employee312 joined #salt
16:58 whiteinge sounds good. much easier to write than json
16:58 Eugene <3 ini
17:01 mgw joined #salt
17:02 transtipper joined #salt
17:06 viq I need some help wrapping my head around this. For reference, I'm working on gitlab-formula, https://github.com/saltstack-formulas/gitlab-formula
17:06 JonGretar joined #salt
17:08 viq I check out git, then I create service by symlinking to a file in the git checkout, and of course it depends on that git state, as do other things. Now I want to add a "stop service if git is to change" using prereq, and would be prereq git state, but how would that behave on initial run, when the service to be stopped doesn't exist yet? Wouldn't the whole thing fail?
17:11 sijis whiteinge: is there a way to pass values to the function? like 'pepper * cmd.run touch /tmp/files.txt'
17:11 hunter joined #salt
17:14 baniir joined #salt
17:14 sijis i see the placeholder vars now
17:15 whiteinge it should roughly follow the same semantics as salt's own CLI, even in it's current alpha state. i think the above should work but 'touch and /tmp/files.txt' must be quoted so they're passed as a single argument
17:15 Gareth morning.
17:16 UtahDave joined #salt
17:16 AdamSewell joined #salt
17:16 AdamSewell joined #salt
17:16 druonysus joined #salt
17:16 druonysus joined #salt
17:17 whiteinge Norm!
17:17 sijis whiteinge: that's what i thought. anyhow, i'll keep hacking at it
17:20 UtahDave druonysus: hey, man. you around?
17:20 [diecast] joined #salt
17:21 druonysus UtahDave: yes I am
17:21 gadams999 left #salt
17:22 m0s^away joined #salt
17:23 UtahDave druonysus: I've been testing for that minion flood issue. There's an open issue where other people have seen it with as few as 20 or 30 minons.
17:23 UtahDave So far I haven't been able to reproduce it using master and minions running develop.  I'm going to test now with 2014.1.0
17:23 m0s left #salt
17:23 UtahDave I was testing with almost 100 minions.
17:24 druonysus UtahDave: wow, as few as 20 or 30... that is crazy.
17:25 druonysus UtahDave: thanks for looking into that for us
17:25 UtahDave yeah. exactly.  We've added some flags to add some more debugging capability. We also have someone working on a standard randomized backoff for the minions.
17:25 druonysus UtahDave: Oh awesome
17:26 druonysus it sounds like this will get fixed then with all this effort
17:27 UtahDave Yeah, it definitely will.
17:27 meteorfox joined #salt
17:28 druonysus UtahDave: that is very good. We have not had problems with it since with randomized the reconnect values
17:29 druonysus UtahDave: but it would be much better to just avoid ever getting in that state from the beginning
17:29 UtahDave ah, nice. That's great to hear.
17:29 UtahDave yes, definitely
17:31 untamo13_ joined #salt
17:31 druonysus UtahDave: now I am just wrestling salt's ldap eauth but Seth is helping me
17:31 rdorgueil joined #salt
17:32 UtahDave cool. You're in good hands!
17:33 druonysus UtahDave: haha... yes, that much is clear. He knows his stuff
17:33 ferai joined #salt
17:34 druonysus UtahDave: once that eauth works api will be ready to rock
17:34 UtahDave nice!
17:35 druonysus UtahDave: indeed
17:35 UtahDave how did your opensuse talk go?
17:35 druonysus UtahDave: I think it went well... especially considdering I did not really prepare anything ;)
17:36 UtahDave :)
17:36 Ahlee ok, just had pillars not updating until i restarted salt-minion, any working theories on what could have caused that?
17:36 Ahlee it was pulling in some pillars, just not all until post restart
17:37 druonysus UtahDave: I wanted to cover more but it would have gone too long so I cut it short... kinda works out though, because there will be enough meat on the bones for next time
17:37 Ahlee multimaster, both masters were sync'd, though there was a time when refresh_pillar was run when they were out of sync
17:38 krow joined #salt
17:43 Nexpro1 joined #salt
17:46 jeremyfelt joined #salt
17:46 whiteinge Ahlee: odd. i wonder (don't know) if restarting has the effect of clearing the pillar cache on the master for that minion
17:47 Ahlee whiteinge: that's my guess given the clean restart cleared it up
17:47 icarus_ joined #salt
17:48 whiteinge you can perform that manually if it happens again to troubleshoot via ``salt-run cache.clear_pillar mid``
17:48 rdorgueil joined #salt
17:48 n8n joined #salt
17:48 Ahlee i've got another one
17:49 whiteinge Ahlee: (shifting gears) did you see the vsphere salt-cloud driver go in?
17:49 whiteinge https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/vsphere.py
17:52 Ahlee I did not, thanks for that
17:52 hunter joined #salt
17:52 Ahlee have not touch saltcloud, odds of that being easy to get running with 0.17.5?
17:53 sroegner joined #salt
17:53 bhosmer joined #salt
17:54 hunter ahlee: I'm about to go down that road myself. What are you targetting?
17:54 Ahlee hunter: vsphere
17:55 whiteinge Ahlee: doable with a little fiddling. hasn't seen much (any?) activity since the merge so some code paths have changed
17:55 hunter ah - I'm going after KVM/libvirt and hopefully openstack.
17:55 Ahlee whiteinge: word, added to next sprint to take a gander
17:55 whiteinge Ahlee: ping me when you're ready for that and i'll do as much of that as I can for you
17:55 Ahlee liklihood of that actually happening next sprint is about as good as me winning the lotto, though, and I don't buy lottery tickets
17:58 arthabaska joined #salt
18:02 quickdry21 joined #salt
18:07 rdorgueil joined #salt
18:08 krow joined #salt
18:09 thedodd joined #salt
18:11 danielbachhuber joined #salt
18:11 obimod can file.managed sources read from the pillar?
18:11 noob joined #salt
18:11 noob Anyone able to answer a question regarding salt, RHEL and repos?
18:12 Ahlee obimod: yes
18:12 obimod Ahlee: thx
18:12 Ahlee noob: yes, what's up?
18:13 Guest51346 when i use salt to install a package, like `salt '*' pkg.install httpd` it works fine
18:13 Guest51346 but using a state it fails to install the package
18:13 Guest51346 I get this error:   Comment: The following package(s) were not found, and no possible matches were found in the package db: httpd      Changes:
18:14 Guest51346 I googled for it and found a post, but it basically said to use an rc that isn't avail in EPEL
18:14 Ahlee what version of salt?  I'll verify quick
18:14 Ahlee but sounds like an incorrect state file
18:14 Guest51346 2014.1.0-1.el6
18:15 Guest51346 the state file was verbatim from one of the walkthroughs
18:15 Guest51346 if I installed the package via pkg.install, the state worked properly
18:15 KyleG yeah
18:15 KyleG You're the second person specifically to have a problem with that article
18:15 KyleG Last guy, his issue was the package name is apache2
18:15 KyleG not https
18:15 KyleG httpd*
18:16 Katafalkas joined #salt
18:16 Guest51346 yeah, on RHEL it's httpd
18:16 Ahlee it's httpd in centos, guessing it's not apache2 on rhel
18:16 Guest51346 which is what i specified in the state file
18:17 xunil joined #salt
18:17 boakley joined #salt
18:18 dimeshake can we see the state file
18:18 Guest51346 httpd:   pkg:     - installed   service:     - running     - require:       - pkg: httpd
18:18 Guest51346 sorry, formatting doesn't come through this web interface
18:18 dimeshake formatting is important, can you use a pastebin - sprunge.us for example
18:18 Guest51346 let me see if our proxy allows it
18:18 Guest51346 one sec
18:19 dimeshake formatting is important, can you use a pastebin - sprunge.us for example
18:19 dimeshake whoops sorry
18:19 dimeshake damned up arrow
18:19 Guest51346 http://pastebin.com/1cZDJ25T
18:19 dimeshake i think groups.present is bugged in 2014.1.0
18:20 chrisjones joined #salt
18:21 dimeshake Guest51346: that does indeed look right to me
18:21 bhosmer joined #salt
18:22 n8n joined #salt
18:22 Guest51346 when I list the repos via salt, it's not seeing the main RHEL repo
18:23 Guest51346 but yum list repos from the minion is fine
18:26 sijis whiteinge: i've tried 'pepper '*' "cmd.run" "touch /tmp/sijis.txt"' and 'pepper '*' "cmd.run touch /tmp/sijis.txt"' with no success.
18:26 icarus_ joined #salt
18:32 stephanbuys joined #salt
18:33 bhosmer joined #salt
18:35 Guest51346 okay, i installed the test version (2014.1.1) and this behavior is gone
18:35 hunter joined #salt
18:35 stephanbuys good evening from South Africa :) Can anyone perhaps give me some pointers on how to best go about debugging salt-ssh? My preferred environment is IDEA/PyCharm and I'd like to help stabilising/improving it if possible. Clearly there is a different process that runs on the receiving side - ideally I would like to trace/get my hooks in there somehow.
18:38 fragamus joined #salt
18:42 hunter joined #salt
18:42 cnelsonsic joined #salt
18:42 gadams999 joined #salt
18:44 ajw0100 joined #salt
18:45 viq https://gist.github.com/viq/9815057 - do I need prereq in all those places? Currently salt barfed with RuntimeError: maximum recursion depth exceeded
18:48 n8n joined #salt
18:48 seapasulli joined #salt
18:49 rdorgueil joined #salt
18:52 hunter joined #salt
18:56 williamthekid_ joined #salt
19:00 higgs001_ joined #salt
19:00 djaime joined #salt
19:02 stephanbuys joined #salt
19:05 helix7 Hey, how hard would it be to add Jinja support to win_repo?
19:07 mateoconfeugo joined #salt
19:09 viq helix7: how do you mean?
19:10 viq Hm, is there any point in doing prereq on git states? Seems salt won't know whether they will get updated unless it actually touches them, so prereq won't trigger there...
19:10 vrocha joined #salt
19:12 helix7 viq: There is a genrepo function that processes the sls files. I have a bunch of different versions of a program and it would be nice to template the version, but the sls file has to be yaml only.
19:12 ckao joined #salt
19:12 viq Oh. No idea...
19:14 whiteinge sijis: hm. confirmed
19:14 sroegner joined #salt
19:14 sijis whiteinge: my only thought is that i don't see args going into api.low()....
19:15 sijis and there was a note about 'args = None #placeholder' type thing
19:15 whiteinge yeah. i must have broken that when i moved the standalone lib out
19:16 micko joined #salt
19:16 hunter joined #salt
19:17 druonysuse joined #salt
19:17 druonysuse joined #salt
19:17 sijis whiteinge: ahh. no worries for now. i'll hack through it.
19:20 helix7 genrepo in win_repo is just calling yaml.safe_load(). It seems like it would be simple to render the file first, but there may be more to it.
19:20 Gordonz_ joined #salt
19:22 all_the_fisch joined #salt
19:23 vrocha can a builtin execution module ever be shadowed by a state?
19:23 vrocha I have some custom states with names as those for builtin modules
19:23 vrocha nginx, solr, etc.
19:27 smcquay_ joined #salt
19:27 whiteinge vrocha: modules cannot be shadowed by other module types (e.g., execution modules cannot shadow state modules or vice versa). you can shadow modules that ship with salt, however (by design).
19:28 jaimed joined #salt
19:28 vrocha whiteinge: that was my guess but I could not find any thing in the docs to back up my assumptions.
19:28 smcquay joined #salt
19:29 kvbik joined #salt
19:30 johtso joined #salt
19:30 smcquay joined #salt
19:31 ipalreadytaken joined #salt
19:32 n8n joined #salt
19:34 vrocha whiteinge: Thank you!
19:35 williamthekid_ joined #salt
19:38 viq whiteinge: maybe you'll know. AFAIK state needs to be able to run with test=True to be usable with prereq. And to my understanding git does not fullfil that requirement?
19:41 rushm0r3 joined #salt
19:45 UtahDave viq: Yeah, a state must have test=True for prereq to work.
19:45 viq UtahDave: and git doesn't?
19:45 UtahDave I don't know about git.  All states should support test=True, though
19:46 viq Or rather, is test=True in git.latest able to report anything useful?
19:46 viq Because when running with test=True it usually displays "it's probably going to change"
19:46 viq or something to that effect
19:47 rdorgueil joined #salt
19:48 UtahDave viq: I'd have to go look at the code
19:49 Miouge joined #salt
19:49 whiteinge viq: looking briefly, i think you're right. git.latest isn't returning a changes dictionary that prereq needs
19:50 viq Thank you.
19:50 viq Hm, so I can't use that for prereq. Bah.
19:50 kaictl joined #salt
19:50 whiteinge will you please open a ticket for that?
19:50 viq Sure
19:50 whiteinge if you want to get it working now, there's a quick change you can make
19:51 fragamus joined #salt
19:52 ajw0100 joined #salt
19:52 toastedpenguin joined #salt
19:53 viq whiteinge: https://github.com/saltstack/salt/issues/11595 - good enough description?
19:54 viq whiteinge: I think I've had enough for tonight, but I could try it tomorrow
19:54 whiteinge great. thanks
19:55 n8n joined #salt
19:56 viq :)
19:56 Gifflen_ joined #salt
19:56 viq OK, time to head out, cya
19:57 viq And thanks again for assistance :)
19:58 johtso joined #salt
19:59 ajw0100 joined #salt
20:00 scalability-junk joined #salt
20:00 rgbkrk joined #salt
20:04 vrocha left #salt
20:07 mortis guys, im looking for inspiration here .... we have been struggling to find the right way to deal with release management with salt and git ...and we havent really found a good way to do it. We have the ordinary dev->qa->prod setup, but we want to limit access to all but the devel-environment while still maintaining a good workflow
20:07 mortis im sure lots of you have been thinking this through :)
20:07 mortis if someone has some blogposts, github-repos or something to show off how you solved it, id be very greatful
20:07 mortis grateful?
20:07 mortis grapefruit?
20:07 mortis anyway ...
20:09 UtahDave mortis: do you mean limiting access to the devel-environment git branch?
20:09 mortis UtahDave: we have been discussing several issues really, for instance we want developers to commit to the devel-env in salt
20:09 mortis to make states and what not
20:09 mortis but we dont want to give them the possibility to do stuff on qa or prod
20:10 mpanetta_ joined #salt
20:10 mortis so what we ended up doing, was to create dev,qa,prod file_roots and have prod on top, and then qa and dev under, so that inheritance takes care of it that way
20:11 druonysuse joined #salt
20:11 druonysuse joined #salt
20:11 mortis but should we have each fileroot be a branch of a git repo? that wouldnt be that good i guess, since devs could easily failmerge into qa/prod with git alone
20:12 mortis so we would have to make another repo for dev, which means we will have to manually move files between repos :x
20:12 mortis which is no good
20:12 Gareth mortis: sometimes there are benefits to giving everyone access all the way up the chain.  requiring pull requests by someone else for peer review but this way the developers have ownership through the whole process.
20:12 mpanetta_ joined #salt
20:12 Gifflen joined #salt
20:13 mortis Gareth: for sure, but in this case, thats not gonna happen, since the ops responsible for the prod-env are also on duty 24/7 and wount always be able to fix errors off-hours
20:13 mpanetta joined #salt
20:13 mortis and if our services go down ....we are done :)
20:14 smcquay joined #salt
20:15 ajw0100 joined #salt
20:15 Gareth mortis: true.
20:16 mortis so im really looking for a good workflow for it all
20:16 mortis maybe we can fix it all with good use of git, but im not sure yet ...
20:17 mortis as a sysadmin you dont really wanna stage ALL your changes either
20:17 mortis like installing a tool or whatever
20:17 UtahDave mortis: have you considered having 2 separate repos and merging changes from the devel to the qa/prod?
20:18 mortis UtahDave: yeah that was one of the things we discussed today
20:18 mortis but you cant easily merge between two repos i think
20:18 mortis (<- git noob)
20:19 n8n joined #salt
20:19 [diecast] joined #salt
20:20 UtahDave mortis: yeah, you can set your local clone to have multiple remotes and push and pull from each.
20:21 mortis oh, right, yeah that might work
20:21 garthk joined #salt
20:21 Gareth mortis: http://stackoverflow.com/questions/1425892/how-do-you-merge-two-git-repositories
20:21 mortis hmmm
20:21 mortis nice one
20:21 mortis that could work, if we decide on a workflow around it
20:22 mortis good input UtahDave and Gareth
20:22 mortis thanks
20:22 UtahDave hopefully one or a combination of those ideas will work for you
20:23 mortis yeah, im sure we will find a way :)
20:27 mortis UtahDave: would you then check out the dev-repo in the dev file_root and play with it there on dev-hosts till its all good and you are ready to move it up to qa? (which then, in our case, would be a branch of the prod (master) repo)
20:27 UtahDave Yeah, I think that's how I would try it.
20:28 mortis oki, thanks again, will try it when i get back to work tomorrow morning
20:29 mortis oh, 2014.1.1, did it come out today?
20:30 cewood joined #salt
20:31 yomilk joined #salt
20:32 shoma joined #salt
20:33 UtahDave Yeah, just recently.
20:34 [diecast] joined #salt
20:34 krow joined #salt
20:35 mortis :)
20:35 mortis we had two days of salstack-only at work now
20:35 mortis really fun
20:39 Linz_ joined #salt
20:40 UtahDave nice!
20:40 UtahDave glad to hear!
20:40 mgw joined #salt
20:40 UtahDave how many systems have you started managing with Salt?
20:40 mateoconfeugo left #salt
20:41 mortis right now we just deployed it on a few dev-servers, as we are still screwing up the masterconfig and structure hehe :)
20:41 mortis but we managed to write a pillarmodule to deal with external classifiers from our cmdb
20:41 mortis and i got a wrapper for nagiosplugins working, so we can run all our nagiosplugins via saltstack
20:41 UtahDave :)  very cool.
20:41 jaimed joined #salt
20:42 mortis when we go live, it will be around 300 servers
20:42 UtahDave so are you using salt to install the nagiosplugins or using Salt to pull data to push into nagios?
20:43 mortis i wrote this thing using peers https://github.com/mortis1337/nagios-plugins/blob/master/check_by_saltpeer.py
20:43 mortis cfengine is still installing the nagios-plugins package, but we will be moving that over to saltstack
20:46 pentabular joined #salt
20:46 UtahDave mortis: so your nagios server is running salt-minion and executes whatever nagios plugin through the peer system
20:46 mortis yeah
20:46 roolo joined #salt
20:47 oeuftete would there be any possible issues with a 0.17.5 minion getting a file via salt:// (a requirements in virtualenv.managed) from a 2014.1.1 master?  It works inconsistently for me right now.
20:47 mortis removes the need for ssh-keys or nrpe
20:47 mortis but then again it opens up for cmd.run :o
20:47 mortis hehe
20:47 druonysuse joined #salt
20:47 UtahDave yeah, but you can lock that down.
20:48 mortis yep
20:48 mortis thats the good thing :)
20:48 mortis and i like the idea of running plugins over zmq
20:49 mburns` joined #salt
20:49 UtahDave cool
20:51 alunduil joined #salt
20:51 mburns` Using version salt 0.17.1 I'm having trouble getting a file from an http source here
20:51 mburns`
20:51 mburns` /var/lib/jenkins/plugins/active-directory.hpi:
20:51 mburns` file.managed:
20:51 mburns` - source: http://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/active-directory/1.31/active-directory-1.31.hpi
20:51 mburns` - source_hash: md5=http://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/active-directory/1.31/active-directory-1.31.hpi.md5
20:51 mburns` - user: jenkins
20:51 mburns` - group: jenkins
20:51 mburns`
20:52 mburns` The error I get is:
20:52 mburns`
20:52 mburns` State: - file
20:52 mburns` Name:      /var/lib/jenkins/plugins/active-directory.hpi
20:52 johtso joined #salt
20:52 mburns` Function:  managed
20:52 mburns` Result:    False
20:52 Corey mburns`:Pastebin!
20:52 mburns` Comment:   File sum set for file /var/lib/jenkins/plugins/active-directory.hpi of http://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/active-directory/1.31/active-directory-1.31.hpi.md5 does not match real sum of 45feb723d08d45efd6f9a3ae0efb6a06
20:52 mburns` Changes:   diff: New file
20:52 mburns`
20:52 mburns` if I enter the md5 hash for  the source_hash directly like so
20:52 mburns` - source_hash: md5=45feb723d08d45efd6f9a3ae0efb6a06
20:52 mburns` and it works.  Any ideas why this doesn't work?
20:52 Corey Don't do that again please.
20:52 mburns` sorry
20:52 druonysuse joined #salt
20:52 druonysuse joined #salt
20:53 Corey That's also not readable, try putting it in a pastebin.
20:53 mburns` will do thanks
20:54 UtahDave mburns`: so it looks like the checksums don't match. based on the error you're getting there.
20:54 UtahDave have you manually compared the checksums to make sure they're correct?
20:54 mburns` yes I downloaded both file ran md5 and they matched
20:55 Corey Oh, I see what's going on.
20:56 UtahDave try setting your source_hash option to not use the md5=
20:56 Corey Yeah, that's it.
20:56 Corey Just double checking the docs, but yeah.
20:56 mburns` okay I've tried that before but let me try that again
20:56 UtahDave yeah, the docs aren't super clear on that, but I would try that.
20:57 rome joined #salt
20:59 mburns` no still the same error   I got the md5= syntax from https://github.com/saltstack/salt/issues/3405 as it wasn't in the documentation I was able to find
20:59 Gifflen_ joined #salt
21:01 UtahDave Hm. I just confirmed the md5 hashes match.
21:01 UtahDave mburns`: can you pastebin your sls file so I can test?
21:01 Corey mburns`: Not to tell you your business, but I'd not do that in my state were I you; external dependencies are seldom a good thing at scale.
21:02 Corey But yes, that seems a bug
21:03 mburns` I agree and it was supposed to be a temporary solution.  I appreciate the advice though
21:03 mburns` here is the pastebin http://pastebin.com/w5y1iaSV sorry about that earlier
21:12 mgw joined #salt
21:14 andrej Other than interrogation IPs using "netstat -anp | grep 4505" and working from there - does salt offer any means to determine which IP which minion is coming from?
21:14 [diecast] joined #salt
21:15 Corey UtahDave: I can replicate mburns`'s issue.
21:16 UtahDave Corey: on what version?
21:16 johtso what is the preferred configuration to avoid having salt stuff in the root of your filesystem when developing?
21:16 johtso changing the root path setting?
21:16 Corey UtahDave: 2014.1.0
21:16 UtahDave andrej: salt \* network.ipaddrs
21:17 johtso *root_dir
21:17 whiteinge johtso: yeah, root_dir, and maybe file_roots, pillar_roots, etc
21:17 mburns` Corey I think its probably a bug as well.  Thanks for your help looks like I  have to come up with another solution.  I'm going to check if this was fixed in later release and if not I'll create a bug
21:17 UtahDave mburns`: yeah, please open an issue on that
21:17 mortis UtahDave: do you work at saltstackoffices btw?
21:17 whiteinge johtso: if the place you install to has a long path, you might also need to specify sock_dir
21:18 whiteinge (it'll show an error if that's the case)
21:18 Corey mortis: Oh, he travels all o'er the place.
21:18 mortis Corey: ah ok, but i meant FOR saltstack i guess :)
21:18 johtso whiteinge, just seemed a little odd having an /etc  /srv and /var created in your development directory
21:18 Corey mortis: He does indeed.
21:19 johtso and having all the caching stuff in there
21:19 mortis kk :)
21:19 kedo39 whiteinge: nope, not yet
21:19 whiteinge johtso: agreed. i develop from a virtualenv so my salt install, config files, etc are all self-contained
21:19 whiteinge kedo39: i looked it over. you have some good stuff in there!
21:19 tyler-baker left #salt
21:20 johtso whiteinge, ah, perfect, didn't realise using a virtualenved salt installation would result in that too!
21:20 kedo39 thanks! i made it because the current nginx-formula was too specific for me
21:20 johtso whiteinge, time to brew uninstall and use pip instead
21:20 UtahDave mortis: yes, I do!
21:20 andrej UtahDave : um, no, that lists all the interfaces the box has
21:21 kedo39 so i figured other people might be interested in it too
21:21 andrej I need to specifically find which one talks to the master
21:21 andrej Because I want to write a script that will open port 9997 in iptables on a third machine for the minion
21:21 Corey mortis: We all work for SaltStack; UtahDave just gets paid to do it. :-p
21:21 whiteinge kedo39: definitely. i didn't see anything that conflicted with any states in the existing formula. how would you feel about just putting your states in that same repo?
21:21 mortis Corey: haha true :D
21:22 UtahDave andrej: Hm. I know some presence information was added for halite's benefit.  I'm not sure how to access that.  whiteinge, do you know?
21:22 whiteinge kedo39: most forumlas are pick-and-choose and rarely meant to be used as a whole
21:23 whiteinge andrej: put in your master config: ``presence_events: True
21:23 whiteinge ``
21:23 andrej whiteinge : will do - and then? :)
21:23 UtahDave whiteinge: so do you have to listen to the event bus to get that info?
21:24 whiteinge andrej: Profit!! of course!
21:24 whiteinge er. that's it. the events just start showing up
21:24 whiteinge well, restart the master, of course
21:24 whiteinge johtso: maybe helpful, maybe not: https://gist.github.com/whiteinge/4694319
21:24 andrej whiteinge> andrej: Profit!! of course!
21:24 andrej lol
21:25 johtso whiteinge, thanks for sharing!
21:25 kedo39 ah, that makes sense. i'll merge the repos then
21:25 andrej How do I utilise this for my scripted approach of finding the IP a minion connects from?
21:27 whiteinge andrej: when the minion connects it'll send it's grains up to the master, so you can watch for the event then pull the grains out of the master's cache
21:27 whiteinge salt-run cache.grains <minion>
21:28 * whiteinge didn't read the scroll-back
21:29 kedo39 whiteinge: actually, it would be pretty confusing for someone to use the merged nginx-formula, since the existing one does stuff like changing the the init.d script and whatnot, but my states don't do that
21:29 johtso whiteinge, it still seems to be looking in /etc for configuration, is there something else I need to change?
21:29 andrej whiteinge : hmm. ok, but that still doesn't tell me which IP the minion uses to connect to the master to
21:30 andrej errrh to the master with
21:30 johtso whiteinge, ah right, you're explicitly passing the config location when calling salt, I see
21:30 whiteinge kedo39: can you think of a way to call out in the readme that users need to choose which states in the formula to use?
21:32 ipalreadytaken joined #salt
21:32 whiteinge andrej: sorry, didn't see your convo with UtahDave before i replied. checking to see if the raw IPs are available in that code...
21:33 whiteinge where are you calling this from? custom python code?
21:35 elfixit joined #salt
21:36 whiteinge andrej: salt is grabbing those IPs via: salt.utils.network.local_port_tcp(4505)
21:37 oz_akan_ joined #salt
21:37 DaveQB joined #salt
21:38 oz_akan__ joined #salt
21:40 UtahDave whiteinge: you are a wizard
21:42 mburns` UtahDave: Thanks for your help.  Opened an issue on github https://github.com/saltstack/salt/issues/11600
21:42 jmccree I'm seeing massive unexplained slowness recently. Debug shows a ton of "Loaded minion key: ..." that seem to take forever on the salt-minion.
21:42 Corey https://i.chzbgr.com/maxW500/4192265984/h300683D1/ <-- UtahDave
21:43 kermit joined #salt
21:43 UtahDave :)
21:43 johtso whiteinge, salt is still trying to create /etc/salt, how do I stop it from doing that?
21:46 Thiggy joined #salt
21:46 Thiggy Does `salt-run jobs.active` return running salt runners?
21:48 UtahDave Thiggy: no. It should only return minions that are running jobs
21:48 Thiggy @UtahDave Is there any way to see what runners are running?
21:50 joehillen joined #salt
21:50 UtahDave Thiggy: Hm. I'm not 100% sure, but you might find something on the master in /var/cache/salt/master/proc    or /var/cache/salt/master/jobs
21:50 hazzadous joined #salt
21:52 hazzadous joined #salt
21:53 UtahDave druonysuse: I'm seeing a major performance improvement by setting    recon_randomize: True    in the minion config
21:55 druonysuse UtahDave: With the reconnection?
21:55 druonysuse UtahDave: performance improvement for the minion?
21:55 UtahDave I'm not seeing the flooding nearly as much. it maxes out my cpu and then seems to back off nicely
21:56 druonysuse UtahDave: Nice
21:56 druonysuse UtahDave: yeah... it has really helped
21:56 UtahDave now I'm testing    random_reauth_delay   as well
21:56 druonysuse I just had to restart the master and there was no issue
21:57 UtahDave cool
21:57 whiteinge johtso: using the ``-c`` flag should force all the things
21:57 yomilk joined #salt
21:58 johtso whiteinge, http://hastebin.com/sitehayipu.txt
22:00 johtso whiteinge, with a minion conf like this http://hastebin.com/qunogumuho.yml
22:01 whiteinge johtso: ah, you still need root_dir in there
22:02 whiteinge for both master and minion config. even when using salt-call --local
22:02 johtso ah right!
22:04 mgw salt-ssh: [WARNING ] Unable to bind socket, error: [Errno 98] Address already in use
22:04 mgw what causes that?
22:04 Thiggy @UtahDave Thanks
22:05 UtahDave mgw: I'm not sure. I noticed that last week, too.  It doesn't seem to cause any actual failures
22:05 UtahDave I haven't had time to track it down.
22:05 mgw well, i'm not getting any data back
22:05 UtahDave we should probably open an issue for it so it gets taken care of
22:05 mgw to a test.ping
22:07 mgw UtahDave: -ldebug doesn't help
22:07 UtahDave Hm. what version of salt?  I was using 2014.1.0 last week when I saw it
22:07 mgw i'm on develop on that system
22:08 druonysuse whiteinge:  when I am running "salt -a ldap '*' test.ping" salt prompts me for username and password
22:08 dman777 joined #salt
22:08 druonysuse whiteinge: when providing it for the ldap user, I am still getting the Failed error in the log
22:09 whiteinge druonysuse: is this with the stock LDAP module or the newer one with additional logging?
22:11 mgw UtahDave: https://github.com/saltstack/salt/blob/develop/salt/client/ssh/__init__.py#L184
22:11 mgw I've traced it back that far
22:11 mgw I think
22:11 mgw which looks like it should still do something
22:11 mgw if verify fails
22:12 jmreicha joined #salt
22:12 chuffpdx_ joined #salt
22:14 vbabiy joined #salt
22:15 ajw0100 joined #salt
22:19 druonysuse whiteinge: I am assuming it is stock LDAP module... I have not done anything to the module itself
22:20 ajw0100 joined #salt
22:20 yomilk joined #salt
22:21 whiteinge druonysuse: did my email make sense about how to turn on debug logging and put the module with the improved logging in place?
22:21 druonysuse whiteinge: I am using salt-api 0.8.3 and salt-master 2014.1.0-3583-g7031e4f
22:22 druonysuse whiteinge: I turned on debugging on the master but the only line pertaining to the the curl command I am testing with, is the very line I showed you in the email
22:22 andrej whiteinge : thanks for the follow up; apologies for the late response, had to attend a meeting.  There's no code yet, but I will hack something up
22:23 eliasp is there a way to make a state not fail in case a pkg provided by my winrepo is newer on the client than the latest listed in my repo?
22:23 whiteinge druonysuse: ignore curl until we get this working with salt at the CLI
22:23 druonysuse yes
22:23 druonysuse I am
22:23 Corey Oh, does Salt on Windows support Chocolatey?
22:23 druonysuse same thing
22:23 druonysuse as I said... with the salt proper command I am getting username and password prompt
22:25 whiteinge druonysuse: next step is to put the update module in place that will log the error from the LDAP server we need to see
22:26 druonysuse that might be helpful
22:26 UtahDave eliasp: Hm.  are you getting  a stacktrace?
22:27 eliasp UtahDave: no, it's a simple "The following packages failed to update/install"… http://pastebin.kde.org/pheekohhn
22:27 Ryan_Lane1 joined #salt
22:27 eliasp UtahDave: the client updated to 4.5.216.0 in the meanwhile through Windows Update
22:28 eliasp but I'm fine with clients updating to newer versions than listed in my repo
22:28 UtahDave right.
22:28 UtahDave eliasp: Yeah, we can add that in. Makes sense to me.  Would you mind opening an issue on that?
22:28 eliasp UtahDave: I'll do… one moment
22:28 mgw UtahDave: so that salt-ssh socket warning is just noise after all
22:29 UtahDave thanks, eliasp!
22:29 UtahDave mgw: ah, did you find a different problem?
22:29 timoguin Corey, yea it does
22:29 UtahDave My experience last week was that it was noise, too
22:29 mgw yeah, i just had a silly error
22:30 mgw In short, I wasn't following the docs :-)
22:30 mgw but now, on one of my systems, I'm getting;
22:30 mgw stdout:
22:30 mgw deploy
22:30 mgw ----------
22:30 mgw retcode:
22:30 mgw 1
22:30 mgw instead of True
22:32 andrej So ... looking at minions.py connected_ids is what I could use?
22:32 timoguin is there a way to list all the defined environments on a salt master? either the ones defined for file roots or ones define in top files, or both?
22:32 UtahDave Hm. odd
22:32 l0x3py joined #salt
22:33 andrej I'm still new at python & salt - how would I utilise the connected_ids from my own code? :)
22:34 mgw does somebody have a state handy for installing salt (on ubuntu) over salt-ssh?
22:34 eliasp UtahDave: https://github.com/saltstack/salt/issues/11602
22:34 UtahDave thanks, eliasp!
22:35 eliasp mgw: use "salt-run manage.bootstrap …'
22:35 eliasp mgw: see "salt-run -d manage.bootstrap" for details
22:35 whiteinge andrej: sec. i have an example cooking
22:35 mgw does that wrap salt-ssh?
22:36 jmreicha joined #salt
22:37 RandalSchwartz Hmm.. having chicken and egg problem here
22:37 eliasp mgw: it think so, at least it uses SSH to connect to the host
22:37 RandalSchwartz web has to go down to reload the database
22:37 RandalSchwartz web also can't start ever until the database has been reloaded
22:37 RandalSchwartz given that they need to know about each other, where do I put the proper include?
22:38 mgw eliasp: thanks
22:38 mgw TypeError: sequence item 0: expected string, dict found
22:38 mgw :-/
22:38 bemehow joined #salt
22:38 mgw running manage.bootstrap
22:39 eliasp mgw: how did you call it?
22:39 mgw nm, local issue
22:39 RandalSchwartz thoughts?
22:39 eliasp k ;)
22:40 eliasp RandalSchwartz: use some kind of meta-state which handles this and include this one in both?
22:40 RandalSchwartz if I include it from both web and db though, won't it complain being included twice?
22:41 RandalSchwartz darn it - I thought I had this worked out
22:42 RandalSchwartz if I invoke state.sls web, it's gotta know about the db load
22:42 RandalSchwartz if I inveok state.sls db.reload, it's gotta know to shut down the web
22:45 RandalSchwartz I'm stuck here.
22:46 whiteinge andrej: look here: https://github.com/saltstack/salt/blob/develop/salt/utils/minions.py#L393
22:46 whiteinge you'll probably want to copy most of that function
22:48 SEJeff_work joined #salt
22:48 druonysuse RandalSchwartz: does this help, in your case? http://docs.saltstack.com/en/latest/ref/states/requisites.html?#prereq
22:49 RandalSchwartz I'm staring at that.
22:49 RandalSchwartz just trying to make state.sls still work though
22:49 RandalSchwartz if I state.sls db, then it still needs to know about the webserver
22:50 RandalSchwartz if I state.sls web, then it still needs to know about the db
22:50 RandalSchwartz I can't figure out how it would know, unless I include each to each other
22:51 KyleG joined #salt
22:51 KyleG joined #salt
22:53 andrej thanks whiteinge - I'll do a bit of slice & dice with that, and make it return the ID and its IP :)
22:55 napper joined #salt
22:59 srage_ joined #salt
23:00 ifnull joined #salt
23:02 ifnull Is it possible to specificy a branch for gitfs the same way it is specified for ext_pillar
23:04 johtso how would you go about using the salt-formula to set up a salt master? Isn't it a bit of a chicken and egg situation?
23:07 whiteinge andrej: i think that would be a good upstream change too. https://github.com/saltstack/salt/pull/11608
23:07 bhosmer joined #salt
23:08 druonysus joined #salt
23:10 seblu joined #salt
23:13 RandalSchwartz I think I've solved it
23:13 RandalSchwartz of course, I crashed virtualbox too :)
23:19 johtso does salt-ssh not work with the test=True argument? Am I doing something silly? "salt-ssh -c . 'baobab' state.sls git test=True"
23:24 cyrusdavid joined #salt
23:31 joehh
23:31 rgbkrk joined #salt
23:32 travisfischer joined #salt
23:32 ipalreadytaken joined #salt
23:35 n8n joined #salt
23:45 sharp joined #salt
23:47 flebel joined #salt
23:48 diegows joined #salt
23:51 MSeven joined #salt
23:53 pescobar joined #salt
23:53 pescobar joined #salt
23:56 arrose_ joined #salt
23:56 shadowsu1 joined #salt
23:57 mgw1 joined #salt
23:58 pescobar joined #salt
23:58 pescobar joined #salt
23:59 qybl joined #salt
23:59 n8n joined #salt
23:59 arrose_ what is the easiest way to daemonize salt-minion on startup in OS X?
23:59 xzarth joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary