Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-05-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 dsolsona joined #salt
00:11 googolhash joined #salt
00:13 quickdry21 joined #salt
00:14 jslatts joined #salt
00:16 Joseph [WARNING ] GitPython exception caught while fetching: len([]) != len(['Permission denied (publickey,gssapi-keyex,gssapi-with-mic).', '']) [DEBUG   ] This salt-master instance has accepted 1 minion keys.
00:17 Joseph so i know what the problem is
00:17 Joseph but i don't know why it can't find the key
00:21 Joseph never mind
00:22 Joseph user error with the URL...i need the ssh username there
00:22 Joseph hmm but even with this fixed salt-minion isn't picking up the SLS
00:23 jalbretsen joined #salt
00:23 krow joined #salt
00:23 mgw joined #salt
00:26 meteorfox joined #salt
00:26 timoguin it's only needed on the master
00:26 timoguin so the master is loading everything successfully now?
00:28 Joseph yes
00:28 Joseph fetch succeeds when i am in debug
00:28 Joseph highstate jsut says no topi file or external nodes data matches
00:29 Joseph but in the git master branch i have top.sls
00:29 Joseph and the match is star
00:29 Joseph sooo i am not sure i buy that
00:30 timoguin any other branches?
00:30 timoguin and do they have top files?
00:31 ekristen joined #salt
00:31 Joseph i just have a master branch with a single top.sls
00:31 timoguin that's a common error, and i've ran into it before, but i can never remember how i fixed it
00:32 Joseph where top should work but it doesnt?
00:32 timoguin yea
00:32 Joseph :(
00:32 Luke_ joined #salt
00:33 Joseph i have minion and master in foreground in trace
00:33 Joseph and nothing is spitting out indicating even an idea of what the problem would be
00:33 Joseph i aslo manually cleared /var/cache/salt on both minion and master restarted
00:33 Joseph still no log
00:33 Joseph luck
00:35 agronholm did you enable debug level logging?
00:36 Joseph i am actually at trace
00:36 Joseph though i tried debug before that :)
00:36 ZombieFeynman joined #salt
00:37 Joseph i really hope this isn't user error and somehow i screwed up my top file
00:37 Joseph but i made the top file dirt simple
00:37 Joseph i am like 99% sure its a valid file pointing to a valid sls
00:37 taion809 joined #salt
00:37 timoguin try this: salt 'minion' cp.list_master
00:38 timoguin that should list the state tree on your master
00:38 mgw joined #salt
00:38 Joseph {'minion-1.obt.data': []}
00:38 Joseph should i do a salt-run instead?
00:39 timoguin might work. not sure if the same module is there as a runer
00:39 Joseph its not :)
00:39 Joseph so much for that idea ha
00:40 timoguin i have my master as a minion of itself
00:40 Joseph i do not have that setup
00:40 Joseph i don't run a minion on my master as a general rule
00:40 Joseph it helps avoid configuration changes b lowing away my minion by accident :)
00:40 Joseph master i mean
00:40 Joseph but anyway
00:40 ajolo joined #salt
00:41 Joseph the salt log is mocking me "[DEBUG   ] Updating fileserver cache [DEBUG   ] Fetching from git+ssh://jdoe@salt-master/home/jdoe/slsrepo [DEBUG   ] This salt-master instance has accepted 1 minion keys.":
00:41 Joseph it sure looks like its getting the files okay
00:42 timoguin you can check the hashed directory under /var/cache/salt/master/gitfs/ to make sure
00:42 timoguin git log --all
00:42 ldlework joined #salt
00:43 Joseph hmmm
00:43 Joseph that's odd
00:43 Joseph fatal: Not a git repository (or any of the parent directories): .gi
00:43 Joseph blow away the cache again
00:43 Joseph restart the master?
00:44 timoguin you ran that in the hashed dir?
00:44 timoguin mine is like this: /var/cache/salt/master/gitfs/a8131365db33bc8ee83c1b6784c3aef1
00:44 Joseph ohhh
00:44 Joseph no
00:44 Joseph i fail
00:44 Joseph just a sec
00:44 ajolo_ joined #salt
00:44 Joseph and yes git log shows my top file in it
00:45 Theo-SLC joined #salt
00:46 timoguin /var/cache/salt/minion/files/base should be where the files get put on the minions
00:46 jnials joined #salt
00:46 Joseph there is a base directory
00:46 Joseph but there are no files in it
00:47 hachaboob joined #salt
00:47 timoguin maybe try a saltutil.sync_all?
00:47 timoguin although that should be happening on minion restart as well
00:48 hachaboob I was wondering how people using centos/rhel deal with authconfig updates stopping services like sssd. If I have more than one state do an authconfig --update how do I make sure services are still running?
00:50 Joseph you can set up a SLS with watch
00:50 Joseph timoguin: did sync all still no luck
00:50 Joseph for some reason the files are just not getting pushed to the minion
00:51 hachaboob Joseph: I am just wondering what I should watch. In the case of sssd I I guess I could watch all the files authconfig modifies...
00:53 krow joined #salt
00:53 timoguin Joseph: hmm... do you happen to have file_roots defined in your master config?
00:54 ZombieFeynman joined #salt
00:54 Joseph not explicilty
00:54 Joseph i just set the gitfs properties that the tutorial told me about
00:55 Joseph do i need to explicitly set the file_roots then?
00:55 timoguin no
00:55 timoguin i saw some stackoverflow posts suggesting that could be causing a conflict
00:56 diegows joined #salt
00:56 timoguin i'm not sure what's going on, but it sounds like you've set it up properly
00:56 Joseph <hachaboob>: if authconfig --update is the trigger even why don't just check services when that command is executed?
00:56 Joseph timoguin....hmmm well that's a start right ?
00:57 timoguin at least everything is on the master now....
00:59 Joseph hrrrm
01:00 cruatta joined #salt
01:01 oz_akan_ joined #salt
01:06 bhosmer joined #salt
01:09 felskrone joined #salt
01:14 kickerdog joined #salt
01:17 cruatta joined #salt
01:20 otter768 joined #salt
01:22 otter768_ joined #salt
01:25 otter768_ joined #salt
01:26 xzarth_ joined #salt
01:26 Joseph timoguin is there anyone i can talk that could help point me in a constructive direction
01:28 cruatta joined #salt
01:33 hachaboob Hmmm authconfig command is in multiple state files so its difficult to watch without coupling states....
01:39 lilmatt joined #salt
01:48 mgw1 joined #salt
01:49 otter768 joined #salt
01:50 Ryan_Lane joined #salt
01:51 JesseC-Work joined #salt
01:52 opapo_ joined #salt
01:53 ZombieFeynman joined #salt
01:53 n8n joined #salt
01:56 cro_ joined #salt
01:56 otter768 joined #salt
01:57 shalicke_ joined #salt
01:57 ckao joined #salt
01:59 dangra joined #salt
01:59 tinuva joined #salt
01:59 alunduil joined #salt
02:01 zekoZeko joined #salt
02:02 oz_akan_ joined #salt
02:03 kermit joined #salt
02:04 stanchan joined #salt
02:04 xmj joined #salt
02:04 kedo39 joined #salt
02:05 xmj joined #salt
02:08 ZombieFeynman joined #salt
02:11 pdayton joined #salt
02:12 andrein joined #salt
02:12 kickerdog joined #salt
02:14 ZombieFeynman joined #salt
02:14 kickerdog1 joined #salt
02:14 manfred woohoo net split
02:15 ipmb joined #salt
02:17 brucelee_ joined #salt
02:18 Luke_ joined #salt
02:23 oz_akan_ joined #salt
02:24 otter768 joined #salt
02:25 Joseph <hachaboob> well you can identify the directories files would change? You could watch the specific directories
02:28 kickerdog joined #salt
02:29 kickerdog joined #salt
02:31 Joseph hmm i guess i'll email the googlegroup about gitfs problem
02:31 Joseph its so perplexing
02:32 ihello joined #salt
02:33 Joseph oh bloody hell
02:33 Joseph i figured it out
02:34 Joseph chalk this one up to user error and lack of sleep
02:34 Joseph i am so dumb
02:34 stanchan joined #salt
02:35 ZombieFeynman joined #salt
02:35 Outlander joined #salt
02:36 stevednd manfred: I posted this earlier today, and got no suggestions on a workaround. Any thoughts
02:36 stevednd I need to clone a git repo, and then take a value from one of the files that it pulls, and pass that value to one of my states. I was thinking I would set a jinja var calling salt['cmd.run']('cat /file/path'), but the jinja vars will evaluate before the states, won't they?
02:36 Joseph yes
02:36 stevednd so then how on earth would I get a value to my statefile? It would have to be something built into salt
02:37 Joseph custom module
02:37 Joseph probably a pillar
02:37 Joseph jinja is really only good for iterating through pillar, grain, and statically defined lists
02:37 Joseph any time of programming logic beyond that is usually nightmarish and not recommended
02:37 Joseph any type
02:38 stevednd yes, I could solve it with a pillar, but ideally I pull the proper value straight from this file so that the statefile or pillar don't have to be changed when the value changes
02:38 stevednd I considered using pydsl
02:38 Joseph yikes
02:38 Joseph brave person you
02:39 stevednd but I believe that requires you to return a hash of the commands to execute, and doesn't allow actual execution of the various states one at a time
02:39 Joseph you create a custom pillar that dynamically updates its value
02:39 Joseph why would you need to change the state file?
02:40 Furao joined #salt
02:40 ZombieFe_ joined #salt
02:41 stevednd not so much change the state file, as a value. Whether it's directly in the state file, or in a pillar
02:41 stevednd but I don't know if there's any way to automatically make the pillar update in response to a state changing
02:42 stevednd at least not within the same run, is there?
02:42 Joseph ohh
02:42 stevednd I thought about using the salt mine
02:42 Joseph yea good point
02:42 Joseph making pillar values update based on state change
02:42 Joseph that would be a nifty feature
02:42 stevednd maybe I could create the custom module to pull the data I need, and force a mine update after the git pull
02:43 stevednd dammit
02:43 Joseph yea it sounds like you don't have a choice but to get and use the value outside of pillars and state files
02:43 Joseph but i could be wrong i am still pretty new to salt
02:43 stevednd no, that still won't work, because that's again needing to be templated in with jinja
02:44 stevednd I think that's enough pounding my head for the night
02:44 Joseph hmmm
02:44 Joseph shell script "update pillar > highstate"
02:44 Joseph yes i am evil
02:44 Joseph sorry
02:44 XenophonF left #salt
02:45 Joseph i wonder if you could use the overstate to get away with it
02:45 Joseph hmmmmm
02:45 Joseph i hadn't thought of that
02:49 cpowell joined #salt
02:54 bhosmer joined #salt
02:55 aw110f joined #salt
02:59 travisfischer joined #salt
03:00 stanchan joined #salt
03:06 dude051 joined #salt
03:06 krow joined #salt
03:15 cedwards 2
03:16 ZombieFeynman joined #salt
03:19 ml_1 joined #salt
03:24 oz_akan_ joined #salt
03:25 Theo-SLC joined #salt
03:27 Gareth 3
03:28 Networkn3rd joined #salt
03:28 brucelee_ joined #salt
03:29 cruatta joined #salt
03:35 travisfischer joined #salt
03:40 kermit joined #salt
03:41 jesusaurus 4
03:42 krow joined #salt
03:45 Networkn3rd joined #salt
03:50 catpiggest joined #salt
03:53 dude051 joined #salt
03:55 MTecknology I don't see 0 or 1.
03:55 MTecknology cedwards: come on man!
03:58 tinuva joined #salt
04:05 jnials joined #salt
04:07 jalbretsen joined #salt
04:10 ramteid joined #salt
04:13 jalaziz joined #salt
04:21 frasergraham joined #salt
04:21 MTecknology github is down, but I want to push a commit!!!
04:23 dude051 joined #salt
04:24 krow joined #salt
04:25 oz_akan_ joined #salt
04:32 bhosmer joined #salt
04:38 ZombieFeynman joined #salt
04:39 anuvrat joined #salt
04:40 aw110f joined #salt
04:54 cpowell joined #salt
04:55 aw110f joined #salt
05:05 ZombieFeynman joined #salt
05:12 mgw joined #salt
05:17 combusean joined #salt
05:25 oz_akan_ joined #salt
05:29 brucelee_ joined #salt
05:30 cruatta joined #salt
05:45 pdayton joined #salt
05:48 zain__ joined #salt
05:51 ipalreadytaken joined #salt
05:58 rdorgueil joined #salt
06:11 kickerdog joined #salt
06:14 anuvrat joined #salt
06:20 bhosmer joined #salt
06:21 n8n joined #salt
06:26 happytux_ joined #salt
06:26 oz_akan_ joined #salt
06:26 chikiititaa joined #salt
06:27 chikiititaa Hello I'm new
06:27 it_dude joined #salt
06:30 n8n joined #salt
06:30 chikiititaa helloooooooo
06:35 hartym joined #salt
06:37 stanchan joined #salt
06:37 jnials joined #salt
06:44 Zuru joined #salt
06:45 Fredoo joined #salt
06:45 paul__ joined #salt
06:45 Fredoo hi, is it possible to list systems with specific grains ?
06:45 Fredoo i want list of systems using grain project:myproject for exemple
06:47 hogehoge joined #salt
06:49 saravanans joined #salt
06:51 felskrone joined #salt
06:58 krow joined #salt
06:58 it_dude joined #salt
06:59 ramteid joined #salt
07:02 ml_1 joined #salt
07:03 slav0nic joined #salt
07:07 pdayton joined #salt
07:14 it_dude joined #salt
07:17 marnom Fredoo: yes it is, salt -G 'project:myproject' test.ping for example
07:18 Kenzor joined #salt
07:24 krow joined #salt
07:27 oz_akan_ joined #salt
07:28 brucelee_ joined #salt
07:31 cruatta joined #salt
07:34 tinuva joined #salt
07:42 Andrew__ joined #salt
07:46 Andrew__ hi~ I'm writing a salt state about user and group. A user called 'hdfs' requires group 'hdfs' and 'hadoop', but how to define it? I have tried "require:  - group: hdfs, hadoop" or "require: - group: hdfs   - group: hadoop". All failed. Help!
07:51 CeBe joined #salt
07:55 davidone joined #salt
08:01 joehh any debian wheezy armel users?
08:02 joehh packages uploaded now for armel - a test would be great
08:02 joehh thanks
08:03 darkelda joined #salt
08:08 bhosmer joined #salt
08:17 babilen joehh: Any news on backports? Haven't seen them in NEW so it looks as if you just ran into ENOTIME/ESOMETHINGELSE :)
08:24 superted joined #salt
08:28 oz_akan_ joined #salt
08:32 debaser joined #salt
08:32 debaser hi
08:33 debaser how can I install an APT package via pkg module using --no-install-recommends option?
08:35 ndrei joined #salt
08:36 stubee joined #salt
08:36 babilen debaser: You cannot easily configure that, but http://paste.debian.net/101348/ is what I am successfully using for the nrpe plugin (which always pulls in icinga/nagios)
08:38 jnials joined #salt
08:39 ipalreadytaken joined #salt
08:39 debaser thanks babilen
08:39 gildegoma joined #salt
08:42 babilen debaser: Should't be too hard to make that general and then just "require: - file: disable-apt-recommends" and "require_in: - file: disable-apt-recommends" in all packages that you want to install without recommends
08:42 babilen I actually like that more than my current approach :)
08:45 debaser heh yeah
08:49 pwistrand joined #salt
08:55 giantlock joined #salt
09:00 malinoff joined #salt
09:08 babilen debaser: Err, "require_in: - file: enable-apt-recommends" naturally :)
09:08 babilen Not "disable it some more"
09:12 __number5__ will I get a 'no matching sls' error if I have a sls file not included in any top.sls hierachy?
09:13 Fredoo joined #salt
09:14 Fredoo hi, is possible to get from salt-api the full list of minion with some grains ? i want to use this for rundeck as resource file for a project
09:15 scalability-junk joined #salt
09:16 __number5__ yep, you can use grains as matcher for minions
09:18 Fredoo __number5__:  can you explain how please ? i'm new to saltstack
09:21 babilen __number5__: No, you get that if you include a SLS that is not available.
09:21 babilen Fredoo: http://docs.saltstack.com/en/latest/topics/targeting/
09:22 __number5__ babilen: yep, I just found there are "Data failed to compile" error, now need to pinpoint which one...
09:24 babilen __number5__: Run the master with "salt-master -ldebug" - that should/might give additional information. You could also paste the output in question if you want us to take a look
09:24 babilen brb
09:28 oz_akan_ joined #salt
09:30 __number5__ babilen: thanks. I found it, I'm trying to include a non-exist sls,  there is no error message about that missing file, even with debug flag turned on
09:31 babilen Typically you get something along the lines of "SLS foo is not available in environment "base" ..."
09:31 babilen (or so)
09:32 cruatta joined #salt
09:34 orbit_darren joined #salt
09:35 __number5__ babilen: yes, I get the error with the state file I try to run, but not the missing one
09:35 babilen Oh, I would have expected it to complain about the missing one :-/
09:39 bhosmer joined #salt
09:49 slav0nic joined #salt
09:56 bhosmer_ joined #salt
09:58 krow joined #salt
10:01 Hipikat joined #salt
10:06 bhosmer_ joined #salt
10:09 malinoff joined #salt
10:17 shwaiil Q: I'm creating a phpmyadmin state. It's installing and running, but there's some error msgs. I need to create a table, a username / password, grant permissions and change a config file. But I should only do this, if the given table doesn't exist & db username. How can I test that from Salt ? Thanks!
10:18 Corey - unless: and your test condition, generally.
10:19 shwaiil Corey: Thanks for looking! But, If I run a mysql client command, will that work ?!
10:20 shwaiil oh, I think I need to wrap it inside $(mysql ...)
10:21 shwaiil How do you  guys test salt without having to call state.highstate ?
10:22 viq shwaiil: there are mysql states that create users, databases and grants, you don't have to do that from script
10:22 viq shwaiil: how about state.highstate test=True ? Also, I often test the states I'm working on in vagrant
10:23 shwaiil viq: for masterless: salt-call state.highstate test=True ?
10:23 viq I never played with masterless, but I guess it should work
10:25 aarontc joined #salt
10:28 shwaiil viq:  thank you!
10:29 oz_akan_ joined #salt
10:30 CeBe joined #salt
10:32 shwaiil Q: For MySql built in states, do I need to set "require", if I need to grant a user permissions in a db, for example. Will salt check for the user first or I need to tell grant, it requires the user state ?!
10:34 babilen shwaiil: States that depend on the user being present will have to require the state that creates it, yes.
10:34 dsolsona joined #salt
10:34 shwaiil babilen: Thank you :)
10:34 ssam2 joined #salt
10:44 madduck joined #salt
10:44 madduck joined #salt
11:02 thayne joined #salt
11:02 shwaiil I'm using the mysql built in states, but getting an error: State mysql_database.present found in sls X is unavailable, my state ( http://pastie.org/private/1l5usww323vwe3lsxfrwta )
11:03 bhosmer joined #salt
11:03 elfixit joined #salt
11:04 viq shwaiil: have you installed the "MySQLdb Python module" >
11:04 viq ?
11:04 shwaiil I think I didn't, I'll check that! Thanks
11:05 viq shwaiil: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_database.html - most modules at the top list their dependencies, if any
11:06 shwaiil viq: yeah, sorry :Z
11:07 jrdx joined #salt
11:11 Outlander joined #salt
11:12 ekristen joined #salt
11:14 kiorky hi, i m wondering if there something to do a  saltutil.sync_all alike but on the master side
11:14 kiorky we are using modules inside the pillar, and so when the modules are editer, the only way to make the master take the mods in account is to restart it
11:14 kiorky which is quite disruptive
11:22 wm-bot4 joined #salt
11:29 shwaiil Wondering if salt.states.mysql_query can be set to run only if test fails ? ( http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html#module-salt.states.mysql_query ). Can I use the = unless here ?
11:30 shwaiil * I mean, I can change the query to create if not exists, but just wondering.
11:33 cruatta joined #salt
11:36 anuvrat joined #salt
11:39 shwaiil http://docs.saltstack.com/en/latest/topics/releases/2014.1.1.html is this version helium ?
11:40 viq shwaiil: no
11:40 viq 2014.1.* is hydrogen
11:41 viq Say helium comes out in july, it will be 2014.7.0
11:41 ggoZ joined #salt
11:41 shwaiil oh :Z
11:41 shwaiil so, http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html#module-salt.states.mysql_query
11:41 shwaiil New in version Helium.
11:41 shwaiil This is not available in my current 2014.1.*
11:41 shwaiil oh gosh
11:41 viq Probably not, not.
11:41 nkuttler shwaiil: helium isn't released yet
11:42 shwaiil In this case, I should use cmd.run then, right ? to run a query
11:42 nkuttler and yeah, the new docs layout sucks. for one it's hard to switch to the current, relevant docs
11:43 * nkuttler should probably just clone the repo and make his own rtd build..
11:50 ndrei joined #salt
11:53 dsolsona joined #salt
11:54 antonw joined #salt
11:59 dsolsona joined #salt
12:03 oz_akan_ joined #salt
12:05 jchen joined #salt
12:06 toastedpenguin joined #salt
12:19 happytux joined #salt
12:21 brandon__ joined #salt
12:23 cpowell joined #salt
12:23 TyrfingMjolnir joined #salt
12:24 OwenW joined #salt
12:24 OwenW left #salt
12:31 shwaiil I want to run a Mysql command, using cmd.run could I use salt://foo.sql on the statement ?
12:32 shwaiil mysql -uUSER -pPASSWORD -t database < salt://foo.sql
12:32 shwaiil Probably not?
12:32 superted Is there a rough date for Helium's release?
12:32 shwaiil superted: I heard is july, but I'm a noob, someone typed that here some time ago
12:33 superted Thanks :)
12:35 viq shwaiil: no, I was just giving an example
12:35 viq superted: no, I don't believe there is
12:35 shwaiil viq: oh sorry superted
12:35 ipmb joined #salt
12:36 shwaiil viq: btw, do you know if it's possible to add salt://foo into my cmd.run statement ?
12:36 viq shwaiil: it isn't the way you typed it above, but maybe cmd.script ?
12:37 shwaiil cmd.script oh ok, thanks :)
12:37 viq At least I don't believe it is
12:40 jnials joined #salt
12:40 taion809 joined #salt
12:41 brandon__ hello, I am new to salt and have nginx / php-fpm config and service management working pretty well from master to minions.  My next goal is to get our website code to push to minions.  Currently we use a git post commit hook on our bare repository (on master) that pushes to the live website.  Now that we have multiple servers, I need that hook to push to all the minions and unsure what the best approach would be.
12:46 bmcorser joined #salt
12:49 DammitJim joined #salt
12:51 bhosmer joined #salt
12:52 bhosmer_ joined #salt
12:52 davidone joined #salt
12:54 miqui joined #salt
12:54 ar joined #salt
12:56 Furao joined #salt
12:56 it_dude joined #salt
12:56 viq brandon__: look up reactor system
12:56 viq brandon__: still commit hook, but it creates a salt event that tells master that there's new code, which in turn tells minions to update their git checkouts (for example)
12:58 viq Or next step is how I heard wikipedia does that: jenkins checks stuff out from git, runs tests, packages, when done sends signal to master which sends signal to minions to update packages/checkouts
12:59 john3213 joined #salt
13:01 babilen There is a nice talk about that on Youtube. It was given during Saltconf 2014 -- https://www.youtube.com/watch?v=RhQsHEB4Fuc
13:02 babilen Audio is horrible though. No idea why they decided to use a microphone in the room rather than simply taking it from the source. I almost gave up on watching it because of that.
13:04 nkuttler ew. i hate bad audio
13:04 john3213 left #salt
13:04 nkuttler but if you endorse it i guess i'll have to watch it
13:05 babilen There are a bunch of other interesting saltconf 2014 videos online that are worth it
13:05 nkuttler yeah, i've seen a few
13:05 babilen I was just curious about trebuchet and watched that one
13:05 babilen https://wikitech.wikimedia.org/wiki/Trebuchet/Design
13:06 saravana_ joined #salt
13:06 nkuttler intersting, wasn't aware of that yet
13:08 cpowell joined #salt
13:09 Lomithrani joined #salt
13:11 Lomithrani Bonjour, désolé pour la  question probablement stupide mais ou il est le file_roots sur debian ?
13:11 ndrei joined #salt
13:11 nkuttler Lomithrani: dpkg -S file_roots
13:11 nkuttler Lomithrani: si possible parle en anglais stp, que tout le monde comprenne
13:11 rojem joined #salt
13:11 Lomithrani Oh sorry didn't realize it was an english tchat :)
13:12 Lomithrani Thank you very much!
13:12 nkuttler you're welcome :)
13:15 nkuttler Lomithrani: can you pastebin the output of the dpkg command? the one you're looking for should be in the salt-common package
13:15 dude051 joined #salt
13:15 nkuttler Lomithrani: oh, wait, the file_roots is actually something you create, to store your config
13:15 nkuttler Lomithrani: it's defined in /etc/salt/master, not sure what the default would be
13:16 Lomithrani Ok I'll check into that (I can't really copy paste it's in  vmware)
13:16 viq nkuttler: /srv/salt
13:17 Lomithrani So I should just create it and define the path in /etc/salt/master is that correct ?
13:17 viq Lomithrani: it should already be defined
13:17 viq Though I don't know what your original question was
13:17 nkuttler he was searching the file_roots directory
13:18 viq Ah. Then yeah, default is /srv/salt
13:18 Lomithrani well I was following the tutorial and just couldnt find the file_roots to modify
13:18 Lomithrani Talking about debian right?
13:18 jcsp1 left #salt
13:18 viq Lomithrani: most everywhere
13:19 Lomithrani (because the directory /srv/salt doesnt even exist atm on my debian)
13:19 viq Though FreeBSD has it different, and OpenBSD soonish will too
13:19 viq Lomithrani: yeah, create it
13:19 nkuttler Lomithrani: that's not really surprising, as you're supposed to create state files etc in there yourself
13:20 Lomithrani yeah ok :)  I just thought there would be a sample one or something kinda like that and I didn't want to do anything wrong !
13:20 mpanetta joined #salt
13:20 Lomithrani Great to know that there is an responsive forum  ! :)
13:21 viq This isn't a forum :P
13:21 bacontonio joined #salt
13:21 bacontonio Howdy
13:23 bacontonio what would my syntax look like, for creating physical volumes (pvcreate...) on a sls file
13:23 faeroe joined #salt
13:23 bacontonio ?
13:23 faeroe joined #salt
13:24 viq bacontonio: have you seen http://salt.readthedocs.org/en/latest/ref/states/all/salt.states.lvm.html#module-salt.states.lvm ?
13:25 bacontonio no Thanks this is perfect. I had only found the doc using the CLI
13:25 bacontonio awesome
13:25 viq also http://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.linux_lvm.html#module-salt.modules.linux_lvm
13:25 resmike joined #salt
13:26 dsolsona joined #salt
13:27 sgviking joined #salt
13:27 racooper joined #salt
13:30 faeroe can anyone comment on using salt-ssh vs. standard agents? simple pro's/cons would be helpful.. I have a bunch of super old linux boxes I need to get into my "fleet"
13:33 vejdmn joined #salt
13:33 viq faeroe: 1) direction of communication. 2) I prefer to have the machines connected to master. I guess mostly for the idea of reactor, though I don't use it (yet)
13:34 cruatta joined #salt
13:34 viq faeroe: also I believe agent is more tested than salt-ssh
13:35 jaimed joined #salt
13:35 ZombieFeynman joined #salt
13:35 faeroe @viq: indeed, I am aware it's pretty new
13:35 viq On the other hand in theory there's probably less dependencies to install with salt-ssh... But you still need new enough python that would make installation possible
13:35 faeroe @viq: new enough python on the minion side of things?
13:35 viq yeah
13:36 faeroe @viq: crap.. I'm trying to get this working with rhel/centos/oel 5.x machines
13:36 faeroe @viq: newer python + old linux servers = pain lol
13:37 viq faeroe: ah. I'm not sure even ansible would work against those then, though maybe...
13:37 viq faeroe: ah, http://dl.fedoraproject.org/pub/epel/5/x86_64/ has salt packages for those
13:38 viq Which imples it works there
13:38 micah_chatt joined #salt
13:38 marnom faeroe: I haven't used salt-ssh but I can comment that I really like the minion structure and also the remote command execution features which is really fast over 0mq
13:38 faeroe @viq: indeed, I should have explained; I have the minion on these older machines, but the 0mq package included with epel intros major comm issues
13:38 cpowell Hello #salt
13:39 cpowell I am trying to use salt-cloud to provision a salt syndic and I am having quite a bit of trouble
13:39 viq Ah. Can't really comment on that
13:40 ZombieFeynman joined #salt
13:40 rgbkrk joined #salt
13:40 faeroe hmm seems like i may have to custom roll my own salt-minion for 5.x after all
13:41 cpowell Has anyone here used SaltCloud to provion new masters?
13:42 micah_chatt_ joined #salt
13:42 saravanans joined #salt
13:42 rojem joined #salt
13:44 kaptk2 joined #salt
13:54 ZombieFeynman joined #salt
14:04 GradysGhost joined #salt
14:05 lomithrani joined #salt
14:05 lomithrani (i get that on my 2 minions)   Any idea where it can come from ? I supposed it was an issue with the way I do my sls , I have tried a bunch of things with spaces without spaces etc...
14:05 lomithrani nooo I lost everything I typed let me try that again ...
14:06 lomithrani I called my  LB.sls     like this :   $ sudo salt '*' state.sls LB          and my LB.sls is just this way
14:06 lomithrani haproxy:
14:06 lomithrani pkg:
14:06 lomithrani - installed
14:07 nkuttler lomithrani: and.. what's the problem?
14:07 lomithrani I get as a response data faile dto compile name ha proxy in sls LB is not a dictionary
14:07 lomithrani name pkg in sls LB is not a dictionary
14:07 lomithrani on both my minions
14:07 gq45uaethdj26jw6 joined #salt
14:07 nkuttler lomithrani: missing whitespace
14:07 nkuttler haproxy:
14:08 nkuttler pkg:
14:08 nkuttler - installed
14:08 nkuttler lomithrani: read about yaml format
14:08 lomithrani ok :)
14:08 lomithrani thankyou :( sorry for those question s
14:09 nkuttler no problem. though next time, use a pastebin like dpaste please :)
14:10 quickdry21 joined #salt
14:11 lomithrani I'll try to find a way I can't copy paste through my vmware workstation ...
14:11 MTecknology you pasted it here, which means you can paste it in a website
14:11 bhosmer joined #salt
14:12 lomithrani I typed all by myself :(
14:12 MTecknology ouch
14:12 bhosmer_ joined #salt
14:12 lomithrani but I can type it in pastebin :) I'll do that next time
14:15 shwaiil Q: Anyone know how to use salt://foo as a parameter with cmd.run ? For example: mysql -uUSER -pPASSWORD -t databaseName < salt://foo.sql ?  Thank you
14:16 ajprog_laptop joined #salt
14:17 gq45uaethdj26jw6 anyone else experience this issue? n ot totally sure what the workaround is
14:17 gq45uaethdj26jw6 https://github.com/saltstack/salt/issues/10404
14:18 cpowell @shwaiil: the command is run on the minion, the file would have to exist there before the command runs
14:18 cpowell You would have to have the managed file copied to the minion before the cmd.run
14:19 shwaiil cpowell: Ok, I'll require that. So, I can actually use that param in my sql statement ?
14:20 cpowell no, it would have to be the path. Unless you put the path in a pillar than then reference that in your state files
14:20 timoguin gq45uaethdj26jw6: https://github.com/saltstack/salt/pull/12831
14:20 timoguin that commit on the 2014.1 branch adds better error logging to try and help track down the issue
14:22 shwaiil cpowell: I can use a pillar like this then ? mysql -uUSER -pPASSWORD -t database < salt['pillar.get']('foo.bar') ?
14:23 timoguin wrap the pillar part in {{}} and it should work
14:24 anuvrat joined #salt
14:24 shwaiil timoguin: Thanks :)
14:25 cpowell right, put it in brackets so that the jinja engine parses it
14:25 ph8 joined #salt
14:27 shwaiil On my pillar should I put the full path, or I can rely on salt:// to get the right path for me ? like  foo: salt://foo/bar.sql
14:28 cpowell i would use the full path, local to the minion.
14:28 gq45uaethdj26jw6 timoguin: added the logging
14:28 gq45uaethdj26jw6 will give it another go
14:29 shwaiil cpowell: ok :) in that case I might just hard-type it then, otherwise salt:// would be useful
14:29 dangra joined #salt
14:29 cpowell true, but if later down the line you decide you want to change the path of the file, you only have to change it in one spot
14:30 shwaiil cpowell: hummm...yeah you're right
14:30 ashw7n joined #salt
14:35 alunduil joined #salt
14:40 shwaiil getting an error from mysql -uroot -pPASSWORD -t phpmyadmin < {{ salt['pillar.get']('phpmyadmin.create_tables_sql') }}: cmd.run
14:40 shwaiil Command "mysql -uroot -pPASSWORD -t phpmyadmin <" run
14:40 shwaiil guess it's not reading the pillar
14:41 jnials joined #salt
14:41 shwaiil Do I need to mention to use the jinja engine parser or something under the cmd.run ?!
14:42 it_dude joined #salt
14:42 krow joined #salt
14:46 mgw joined #salt
14:46 thedodd joined #salt
14:47 timoguin shwaiil: 1) make sure you properly assigned that pillar to your minion, 2) if you did, you may need to refresh the minions pillars
14:47 timoguin oh wait
14:47 Furao left #salt
14:47 shwaiil timoguin: I'll check that :) I'm running Masterless btw. Also, I did used - template: jinja, atm
14:48 timoguin you need to use a column to delimit key-value rather than a period: salt['pillar.get']('phpmyadmin:create_tables_sql')
14:48 timoguin *a colon
14:48 shwaiil oh, cool : D I'll try it =D
14:48 timoguin you should be able to run salt-call pillar.get phpmyadmin:create_tables_sql to verify the minion sees it
14:49 timoguin well... salt-call pillar.get 'phpmyadmin:create_tables_sql'
14:49 ml_1 joined #salt
14:49 shwaiil Got it!! :D
14:50 timoguin party. :)
14:50 agronholm if I have a single .sls for my app, including deployment and package/service dependencies, how should I go about just updating the configuration?
14:51 agronholm should I separate the config part to its own .sls or should I use state.sls_id?
14:51 timoguin either should work, really
14:52 agronholm ok
14:52 timoguin assuming state.sls_id works properly
14:52 timoguin it's pretty new
14:52 shwaiil timoguin: Thank you :)
14:53 agronholm if my sls file is in a subdirectory, what is the proper syntax to refer to it? subdir/file or subdir.file?
14:54 ze- path/to/file.sls => path.to.file  yes.
14:54 agronholm thx
14:54 it_dude joined #salt
14:55 ze- in a context where you want to specify a state :)
14:55 agronholm sure
14:58 agronholm how should I go about restarting my service if the deployment state returns changes?
14:58 timoguin have your service state watch the deployment state maybe
14:58 agronholm ok, I didn't know if watch worked for that
14:59 ze- I guess watch works *mainly* for that.
14:59 agronholm I was told by someone else that watch only works for cmd.wait/cmd.run and similar
14:59 JasonSwindle joined #salt
15:00 timoguin definitely not true
15:00 agronholm so I've gathered
15:00 timoguin i have service states that watch configuration files/dirs for changes too
15:01 agronholm it doesn't seem to be documented which states support watching operations
15:02 timoguin "The behavior of watch depends on the presence of a function called mod_watch in the watching state module. Note: Not all state modules contain mod_watch."
15:02 timoguin yea, should definitely be more documented
15:02 ze- you'd have to read the state page in details.
15:02 ze- http://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html <-- documented, but yes, need to read the small lines.
15:03 ze- I think those who don't implement specific watch behaviours uses watch like a require.
15:03 timoguin "If the watching state does not contain mod_watch, then watch behaves the same way as the require requisite: the watching state will only execute if the watched state executes successfully."
15:03 timoguin ze-: yep
15:04 agronholm "The service watcher, called to invoke the watch command."
15:04 agronholm how the heck am I supposed to figure out how this works from that?
15:05 jeremyBass joined #salt
15:05 agronholm oh okay, the top of the page has better instructions
15:07 n8n joined #salt
15:09 whiteinge if a state module contains a mod_watch function you can use a watch requisite with it
15:09 whiteinge cmd.wait and module.wait are invoked specifically via a watch requisite
15:09 agronholm got it
15:12 JasonSwindle MTecknology: You online?
15:13 lionel joined #salt
15:14 Joseph joined #salt
15:18 t0rrant joined #salt
15:18 pdayton joined #salt
15:19 ajolo joined #salt
15:19 krow joined #salt
15:22 agronholm is there a state that I can use for consolidating a number of requirements in, which I could then require in other states with just one line?
15:23 wendall911 joined #salt
15:25 shwaiil For file.sed how do you guys escape - before: '^\$cfg['Servers'][\$i]['controluser'] = \$dbuser$' ?
15:25 shwaiil oh wait I didn't escaped " ' "
15:26 timoguin fyi, pretty sure file.sed is being deprecated in favor of file.replace
15:26 timoguin so it might be better to use that
15:27 will joined #salt
15:29 shwaiil file.replace oh :X ok
15:29 MTecknology JasonSwindle: yup
15:29 MTecknology pong*
15:29 agronholm I tried state.sls mynode triancore.deploy but salt told me there is no such thing in the top file
15:30 MTecknology agronholm: salt mynode state.sls triancore.deploy
15:30 agronholm MTecknology: that's what I did
15:30 agronholm sorry
15:30 ilako joined #salt
15:30 agronholm I have deploy.sls under triancore/
15:30 agronholm what am I doing wrong?
15:31 JasonSwindle MTecknology: I have something for Master of Masters that may help
15:31 rgbkrk joined #salt
15:31 tyler-baker joined #salt
15:32 ze- agronholm: salt mynode cp.list_master | grep deploy
15:32 ze- and salt mynode state.show_sls
15:32 XenophonF joined #salt
15:32 ze- both should help get some information about what the node sees.
15:32 frasergraham joined #salt
15:32 MTecknology JasonSwindle: ya?
15:33 JasonSwindle I call it Mom, https://github.com/JasonSwindle/mom
15:33 agronholm ze-: TypeError encountered executing state.show_sls: show_sls() takes at least 1 argument (0 given)
15:33 JasonSwindle Docker Master of Masters
15:33 MTecknology hahah, nice
15:33 agronholm ze-: triancore/deploy.sls is visible from the first command
15:34 ze- sorry. salt mynode cp.list_states
15:34 JasonSwindle MTecknology: This is the public version...... but the same code base and being tested right now
15:34 salt_newb joined #salt
15:34 tligda joined #salt
15:34 ze- was trying to find it by flying over the doc, instead of checking my code :P
15:34 agronholm ze-: triancore.deploy is visible
15:34 timoguin agronholm: it sounds like you're doing it right
15:34 agronholm No matching sls found for 'triancore.deploy' in env 'base'
15:34 agronholm this is what I get when I try to run it
15:34 ze- then, the salt state.show_sls triancore.deploy should work.
15:35 MTecknology JasonSwindle: I don't have any use for that, but I'm sure someone will
15:35 agronholm and I get that error twice
15:35 cruatta joined #salt
15:35 ze- mmm... environment issues ?
15:35 meteorfox joined #salt
15:35 agronholm I have other sls files there which I am including
15:35 agronholm that could be the problem
15:35 JasonSwindle MTecknology: ok, cool.
15:35 salt_newb I'm having trouble running a state I just added, on a minion.  Do I need to refresh anything / bounce anything before states become available to minions?
15:36 ipalreadytaken joined #salt
15:36 patarr is salt-ssh capable of everything normal salt is? What is the benefit of installing the agent?
15:37 agronholm now I get this: Cannot extend ID triancore_service in "base:triancore.deploy". It is not part of the high state.
15:37 agronholm why am I getting this error when I'm not extending anything?
15:37 timoguin erm... and when you're not running highstate...
15:38 pwistran_ joined #salt
15:38 agronholm timoguin: got it, I had just forgotten to include the .sls
15:39 agronholm and I had to do relative includes (.config, .service etc.)
15:40 shwaiil Q: need to test my regex to use with file.replace, would this be useful ? http://www.pythonregex.com/
15:40 shwaiil It's python right ? hum found this one https://pythex.org/
15:40 agronholm I had a watch_in for triancore_service
15:40 diegows joined #salt
15:40 agronholm the error was really confusing though
15:40 agronholm but thanks for help
15:41 lionel_ joined #salt
15:43 jalbretsen joined #salt
15:44 salt_newb if I add a new state to /srv/salt, do I need to sync it to all the minions?
15:44 agronholm in order to what
15:45 salt_newb In order to run the state
15:45 agronholm no
15:45 salt_newb how do I run the state from the minion then?
15:45 Ryan_Lane joined #salt
15:45 ZombieFeynman joined #salt
15:45 agronholm from a shell on the minion?
15:45 salt_newb yes
15:45 salt_newb Well, via API call, executing on the minion
15:46 agronholm I haven't done things from the minion end but I assume something like salt_call <state> or similar
15:46 ajolo joined #salt
15:46 agronholm the minion will fetch it from the master, assuming your minion is configured to use the master's fileserver
15:47 salt_newb it should be; the minion can access other states on the master
15:48 salt_newb does the minion poll the master to find out what states are available?  Do I need to refresh anything on the master before the minion can see the new state?
15:48 XenophonF when building salt on windows, does anyone know if it is possible to have the "bdist_esky" target create a folder instead of a ZIP file?
15:48 wendall911 joined #salt
15:48 XenophonF i'm not really familiar with bbfreeze or esky
15:48 XenophonF guess it's time to rtfm/rtfs :)
15:49 jnials joined #salt
15:49 Furao joined #salt
15:51 mateoconfeugo joined #salt
15:51 jaycedars joined #salt
15:52 agronholm I'm trying to give a local user access to certain salt functions but I tried test.ping and it just hangs there
15:52 mateocon_ joined #salt
15:52 agronholm hm looks like it has nothing to do with the ACLs
15:52 agronholm it's hanging for root too
15:53 t0rrant joined #salt
15:53 combusean joined #salt
15:54 Joseph salt_newb: salttack uses a mesage bus called zero mq...its a publish-subscribe modle
15:54 Joseph model
15:54 vejdmn joined #salt
15:54 Joseph minions and master are always connected to the bus
15:55 Joseph the master publishes messages to the bus which are then consumed by the minions
15:55 salt_newb That seems to make sense when pushing states from the master to the minion
15:56 Joseph right
15:56 malinoff joined #salt
15:56 Joseph because the salt master has a built-in file server wherein the state files are stored
15:56 viq salt_newb: similiar thing happens when you run salt-call locally - the connection to the master is made, and a state requested
15:56 Joseph part of the internal communication involves copying the state files rom the master to the targeted minions
15:56 Joseph in some cases people do run into file cachign problems
15:57 Joseph but in general states will automatically refresh on their own
15:57 Joseph there are also functions to clean out caches
15:57 salt_newb so I shouldn't have to do anything? I can jus drop in a new .sls, and it "should" be available to minions?
15:57 Joseph salt_newb...assuming you set up top.sls correctly yes
15:58 timoguin even without the top.sls, anything in your state tree should be available
15:58 Joseph timoguin: right, i just assumed he was running a highstate
15:59 UtahDave joined #salt
15:59 Joseph you can always run a particular state using "salt <minionid> state.sls <sls file>"
16:00 gfa joined #salt
16:00 salt_newb what does salt '*' state.highstate do?
16:00 conan_the_destro joined #salt
16:00 Joseph salt_newb: have you taken a look at the state tutorials, they are a decent startig point
16:01 salt_newb I did
16:01 Joseph highstate is a bad name for what's happening though
16:01 Joseph it reall is meaningless IMHO
16:01 JasonSwi_ joined #salt
16:01 salt_newb they seem simple enough, when running from the salt master
16:01 Joseph that said what it does is execute what i'd call a "state run"
16:01 Joseph my term ....just so you know
16:01 Joseph :
16:01 Joseph )
16:01 salt_newb jus runs all the states?
16:01 Joseph not exactly
16:01 timoguin state.highstate runs all the states defined for the minion in your top.sls
16:01 salt_newb hmm
16:01 Joseph yes what timoguin said
16:02 timoguin based on the matching rules you define
16:02 salt_newb I think my configuration may not be 'best practices' then
16:02 Joseph your top.sls?
16:02 salt_newb my top.sls ha one state
16:02 salt_newb but my /srv/salt dir has maybe 20 states in it
16:02 Joseph well for testing that's okay
16:02 salt_newb that get used
16:02 Joseph oh lol
16:03 Joseph how are you enforcing those 20 states?
16:03 salt_newb I'm assuming they get run from the minions, rather than pushed from the master
16:04 salt_newb I am running openstack with 30 vm's
16:04 Joseph oh with a salt-call?
16:04 salt_newb probably?
16:04 salt_newb it's executed via a rest call
16:04 Joseph salt api?
16:04 salt_newb yes
16:04 timoguin yea you don't have to use highstate
16:05 Joseph well i am not sure what you are doing is bad or not....it depends on your use case
16:05 Joseph highstate works for a lot of people
16:05 Joseph but others like masterless set ups too
16:05 timoguin i view it as a "do everything necessary in order to put my machine in the proper state"
16:05 JasonSwindle joined #salt
16:05 timoguin but it also tends to take a while to run
16:05 timoguin so i can be a lot faster to run single states
16:05 viq "if it's stupid and it works it ain't stupid" ;)
16:05 Joseph especially if pkg.install decides to install 300 packages :)
16:06 salt_newb I'm guessing that 30 vm's in varying configurations probably lends itself to not using a highstate that executes states across the board
16:06 Joseph not necessarily
16:06 salt_newb seems like the master doesn't do much other than set up the minion and provide the fileserver
16:06 viq Well, depends, "make sure that all the minions are in the desired state" is a use for highstate accross the infrastructure
16:06 timoguin well highstate can mean soemthing different for every server
16:07 Joseph salt_newb....not entirely true. salt master is the only one by default who can execute remote commands on the minions.
16:08 timoguin the salt-master also has an event/reactor system and controls access to the salt mine and the peering system
16:08 Joseph its also useful as a single policy enforcement point if you have thousands of servers where groups of servers have specific config requirements
16:09 taterbase joined #salt
16:09 salt_newb I'm able to execute commands from the minion, though, right?
16:09 salt_newb looking at the json payload, I'm running the state.sls function
16:09 salt_newb with my new sls file as the arg
16:09 salt_newb which, if I understand correctly, just runs that sls on the minion
16:10 viq salt_newb: yes, but only on that minion. master can run commands on multiple minions at once
16:10 timoguin and it can match on a lot of conditions, even compound matches
16:10 londo_ joined #salt
16:11 timoguin as well as orchestrate runs that require specific order across multiple servers
16:11 viq "run this command on all debian 7 boxes in this subnet" is what I had it done recently ;)
16:11 schimmy joined #salt
16:11 timoguin e.g., update load balancer, web server, db server in a specific order
16:12 salt_newb I think it makes more sense to run it from the minion in this particular case - I'm launching seven VM's asynchronously, it doesn't make much sense to wait for them all to respond to the salt master before pushing the "run this next set of commands" sls
16:12 Joseph salt_newb: you start appreciating the salt master a lot more when you scale out horizontally. For example, there was critical openssl security bug called heartbleed that needed to be patched with a new version of openssl. A dev ops person could update that package on a thousand nodes with a single command in a matter of minutes. And in fact they did use saltstack to do that
16:12 schimmy1 joined #salt
16:13 forrest joined #salt
16:13 Joseph salt_newb: all jobs are async ....so you don't have to serialize if you dont want to
16:13 ashw7n joined #salt
16:13 viq salt_newb: also you can have a config that tells any machine to run highstate upon connecting to master
16:13 timoguin salt_newb: i've used salt-cloud with the --parallel option to spin up new machines and run highstate
16:13 timoguin it can be crazy fast
16:13 salt_newb huh
16:13 salt_newb I'll have to look into that
16:13 Joseph ohhh timoguin....that's neat i'll need to try that out
16:13 pdayton joined #salt
16:14 Joseph did you do that with openstack?
16:14 salt_newb Thanks for your help guys... hate to run, but I got a meeting to get to. I'm sure I'll be back soon.
16:14 timoguin i've not tried it on openstack
16:14 timoguin but support is there
16:14 deares joined #salt
16:14 timoguin i've done digital ocean and aws, specifically
16:14 Joseph ahh
16:15 Joseph timoguin: stevednd was discussin an interesting use case last night that i'd interested to hear your thoughts on
16:15 rgbkrk joined #salt
16:16 gq45uaethdj26jw6 i use the parallel mode a lot. it only doesnt work with a couple providers
16:16 rossmay1 joined #salt
16:16 viq gq45uaethdj26jw6: your name just rolls off the tongue ;)
16:16 gq45uaethdj26jw6 arguably due to some non-thread safe coding practices...
16:16 Joseph he has a set of files with some data on it in a remote location. He wants to retrieve that data from the remote location, set the data in pillar, and then use that data in a state file
16:16 gq45uaethdj26jw6 i literally just smashed the keyboard
16:17 rgbkrk_ joined #salt
16:17 timoguin Joseph: sounds like something an external pillar would be great for
16:17 Joseph hmmm but what happens if the data needs to be updated
16:17 gq45uaethdj26jw6 i'm spinning up a 200 node cluster as we speak, but since all providers are not thread safe, i'm having to do it in serial rather than parallel. and it's taking like 48 hours
16:17 Joseph in other wors the content of the file changes
16:17 viq Joseph: oooh, I'd be intersted in something like that. I'm trying to figure out how to generate and distribute client certs for machines so they could authenticate to syslog server
16:17 timoguin assuming the data can be fetched from the location via python, it'd be writing a function to do so
16:18 timoguin i'm not sure how often salt would run the external pillar...
16:18 gq45uaethdj26jw6 aws, digital ocean, rackspace, all work fine in parallel mode
16:18 Joseph timoguin....right but if you are doing a highstate run the sls has arleady been compiled
16:18 Joseph that means whatever data you got from pillar is already set
16:18 Joseph there's no way to "update the pillar" from sls and then use that information
16:18 Joseph at least i don't see how it could be
16:19 Joseph unless there's some way to say "update pillar information BEFORE compiling sls"
16:19 timoguin yea i'm not sure. i know you _could_ call the refresh_pillar module from the SLS
16:19 viq Even from orchestrate stuff?
16:19 stanchan joined #salt
16:19 Joseph viq: i was wondering about orchestrate
16:19 timoguin but that wouldn't necessarily trigger a recompile
16:19 viq hmm
16:19 timoguin wonder if it could be done manually...
16:20 timoguin i've not tried to write an external pillar yet
16:20 Joseph well you could have a shell script "refresh pillar data => exec highstate"
16:20 Joseph but that sounds a little hackish to me
16:20 timoguin a runner would be a lot less hackish
16:20 timoguin where the run fetches the external pillar, syncs everything down to the minions, and then runs highstate
16:21 Joseph ohhh
16:21 Joseph hmmmmmmm
16:21 Joseph yes that's definitely a reasonable way to do it
16:22 Joseph i'll be curious to see what stevednd thinks of that idea
16:23 Joseph something that trips me up a lot is how to handle retrieving dynamic data and feeding that into the SLS before compiliation
16:24 cruatta joined #salt
16:25 mgw1 joined #salt
16:27 Joseph if i want to collect information about the current user accounts and groups on a system, would that belong in a grain?
16:28 timoguin Joseph: depends on how fresh you need it to be
16:28 timoguin since grain only runs on minion restart or explicit refresh, it might get stale
16:28 bhosmer_ joined #salt
16:28 Joseph exactly
16:28 Joseph not only might but will
16:28 Joseph so grain seems wrong...but then what?
16:28 Joseph pillar doesn't seem right either because that info is specific to the system
16:28 timoguin you could use the mine and call the appropriate module(s) maybe
16:29 viq I'm not even sure there's a module that would do "hi, show me all the users on the system"
16:29 bhosmer joined #salt
16:29 timoguin pretty sure the user module has a list users function
16:30 viq ah, indeed http://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.useradd.html#salt.modules.useradd.list_users
16:30 Joseph but salt mine does this "This data is then made available to all minions "
16:31 Joseph i don't want it made available to other minions
16:31 Joseph i want pillar privacy basically
16:31 timoguin how do you want to use the data?
16:31 viq Joseph: well, you have that module, which returns the info for that particular node
16:32 Joseph right....but any other minion is allowed access to that data once its returned to the master
16:32 Joseph or am i missing soemthign?
16:32 rgbkrk joined #salt
16:32 viq Joseph: no, it isn't, it's transient data
16:32 timoguin Joseph: he's talking about just calling the module, not using the mine
16:32 Joseph okay i am missing omething
16:32 Joseph ohhh
16:32 viq And minions can't call modules on other minions unless specifically configured to
16:33 Joseph if minion is comporomised it can be configured to do whatever the attacker wants
16:33 viq Yes, but it's configured on master ;)
16:33 Joseph oh
16:33 viq So, as timoguin asked - what do you want to do with this?
16:33 Joseph distributed sync of user data
16:34 viq explain
16:34 timoguin same users across your servers?
16:34 Joseph 1. all users NOT in list shall be removed 2. all users in the list must be ensured to exist
16:34 Joseph depends on what i am targetting
16:34 Joseph this will be role based driven
16:34 viq Joseph: are you going to define all your system users as well?
16:34 Joseph it also needs to distinguished between faced and non-faced accounts
16:34 Joseph i am only focused on users with a shell
16:35 viq As in root, uucp, nobody, and so on
16:35 Joseph so it will ignore /sbin/nologin
16:35 Joseph faceless acounts will be trickier to get right
16:35 Joseph so i was first starting with faced accounts
16:35 timoguin you could probably do this with pillar + jinja with module calls
16:36 viq aye, that's somewhat what I do
16:36 timoguin define the list in pillar, do a jinja loop that cycles through user.list_users
16:36 viq Though it's tricky to say "have only the users I told you about and remove all others"
16:36 timoguin add them if they're not there, call user.absent on any you need to remove
16:36 Joseph if the user is not in the list but is in the system you delete and if the user is in the list but not on th system you create?
16:36 Joseph yes timoguin i see where you are going
16:36 timoguin yea
16:37 Joseph viq: really tricky with the faceless accounts because you can't really predict what user is going to be created until it is and then its non obvious what service created the user lol
16:37 viq precisely
16:38 Joseph i think one nginx rpm installed under a user named "daemon" which i thought was so helpful
16:38 Joseph i am like why not "nginx"?
16:38 viq Though I'm not quite sure what you mean by "facesless" accounts
16:38 timoguin you could also setup centralized auth
16:38 Joseph lol i could....but i was hoping to sidestep that
16:38 Joseph that leads /etc/nsswitch.conf and madness generally
16:39 viq Well, trying to manage users on more than a couple machines like that leads to madness too ;P
16:39 Gareth morning morning
16:39 Joseph faceless accounts refer to accounts that cann't be logged into directly because they do not shell allocated to them
16:40 Joseph viq: yes htis is a true thing but i was wondering if i could leverage saltstack to get the best of both worlds
16:40 Joseph a distributed user account access that is periodically synced in a centralized source
16:40 Joseph i mean there's always kerberos ...<prepares to jump off clifff>
16:40 Joseph but i'd rather not if i can
16:40 Joseph ha
16:42 viq Joseph: well, LDAP. You can actually use LDAP as external pillar. But yeah, it's easy to create users, it's easy to remove specific users, it's much harder to figure out a "only those users should be present"
16:42 Joseph this was all part of my grand plan for setting a key management infrastructure for SSH key based access across a couple hundred machines, wherein a specific set of people only have SSH access to a specifc set of machines all based on roles and users defined in a single sls file
16:42 Joseph viq: ldap as an external pillar is not a bad idea actually
16:42 Joseph but how well will that scale with thousands of machines
16:42 Joseph sounds like it could get hammered
16:43 viq Joseph: a pillar is a pillar, doesn't make much difference whether it's in git or LDAP, it's still only master talking to it
16:43 Joseph doht!!
16:43 Joseph you are right!!
16:43 dsolsona joined #salt
16:43 Joseph got any doc pointers about the ldap ext pillar?
16:44 viq not really, sorry
16:44 bhosmer joined #salt
16:44 bhosmer_ joined #salt
16:44 smcquay joined #salt
16:44 ashw7n joined #salt
16:45 Joseph :(
16:46 Joseph well for example how did you even know such a thing existed
16:46 Joseph google fails to reveal such a treasure
16:46 Joseph http://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.pillar_ldap.html#module-salt.pillar.pillar_ldap
16:46 Joseph lol really this all i get?
16:46 Joseph oh joy
16:46 viq https://github.com/KrisSaxton/salt-ldap
16:46 viq http://www.automationlogic.com/archives/345
16:47 joehillen joined #salt
16:48 Joseph that last link is fantastic!
16:48 viq First hits from 'external pillar ldap' search
16:49 Joseph ah i did "saltstack ldap pillar"
16:51 timoguin copy-paste blog into salt docs, heh
16:51 travisfischer joined #salt
16:52 dangra joined #salt
16:53 Joseph yea seriously
16:53 timoguin i had no idea it would require a .yml config file
16:54 Joseph that waas my first question when i read the one paragraph blurb
16:54 timoguin or really any idea how to configure it
16:54 Joseph what type of config file!!
16:54 Joseph also git issue for saltstack ldap scheme :)
16:54 Rog joined #salt
16:55 Joseph this leads me to a related thought, which it seems like saltstack would fantastic as a general purpose solution for handling security for distributed applications through the use pillar data
16:56 jhulten joined #salt
16:56 Joseph for example one of the huge pain points with hadoop is that you have to use kerberos to get any type of security but that's a problem for the poor kerberos server which can get DOSed by the demands put on it by all the  hadoop daemons
16:57 Joseph i wonder if there'd be a way to interface the salt master with kerberos and use it to distribute kerberos data to the salt minions and then have the minions in turn hand off the data to appropriate service
16:57 timoguin or have the salt master just manage an HA kerberos setup
16:57 Joseph then from kerberos point of view its really only deal with one server instead of thousands e
16:57 possibilities joined #salt
16:57 timoguin probably a lot less hacking
16:58 Joseph timoguin fair enoguh
16:58 Joseph i still vote for shooting kerberos and dumping into an unmarked grave
16:58 Joseph but i think i am outvoted
16:58 timoguin these are major pain points when it comes to scaling though.
16:58 Joseph hooboy
16:58 timoguin that transition from small infra to large infra can be rough
16:59 UtahDave joined #salt
16:59 Joseph and its so much worse with hadoop
16:59 Joseph though i could totally write saltstack formula to automate kerberos set for hadoop now
16:59 Joseph knowning what i know now
16:59 Joseph never did get the blasted thing to work with AD though
17:00 timoguin hadoop with ad, you mean?
17:00 Joseph correct
17:00 Joseph hadoop is primarily tried out with MIT kerberos
17:01 Joseph and microsoft's keytabs don't play nicely with linux daemons
17:01 Joseph there's some type of compatibility issue
17:01 * timoguin nods
17:01 Joseph i got it working with MIT Kerb and openldap
17:01 pentabular joined #salt
17:01 Joseph and i counted that a victory
17:02 Joseph especially because of the pure black magic i had to do to track down what specific cipher suites i had to provide from the KDC that would be handled with the unlimited jce
17:02 Joseph and oh yes it was on java 1.6.31
17:02 viq Joseph: have you looked at FreeIPA and 389 project?
17:02 Joseph i have not
17:02 Joseph what are those
17:02 cpowell +1 FreeIPA
17:02 viq FreeIPA is basically an AD replacement
17:03 viq Kerberos+LDAP+lots of other stuff for user management
17:03 viq 389 is a more generic LDAP server
17:03 viq Both done by redhat/fedora, both with frontends and supposedly making management easier
17:04 Joseph just read the wiki on FreeIPA
17:04 timoguin i used what was bundled with Zimbra when i tried out setting up kerb/ldap
17:04 Joseph it certainly sounds nifty
17:05 Joseph man i didn't realize how much redhat loves python
17:06 Rog Are there sizing guidelines for a salt master?   Things like if you have 4000 minion, you need this number of processors, open files, worker_threads, etc
17:06 ekristen can I do salt[‘grains.get’] in a state?
17:06 timoguin Joseph: oh yea. are you following the DevOps blog?
17:06 mpanetta Joseph: Um, they only wrote the installer and package management tools in it :P
17:07 mpanetta So yeah, they love the crap out of it
17:07 timoguin http://developerblog.redhat.com/2014/05/21/building-a-continuous-deployment-engine/
17:07 timoguin they're building CI/CD solution in it too
17:09 jhulten joined #salt
17:11 XenophonF left #salt
17:13 Joseph okay so when is someone going to sit them down and explain to them that they might want to consider going to python 3? :0
17:13 rossmay1 Boo python 3
17:13 Joseph cause i love red hat...but the global python being stuck at 2.6 is maddening
17:13 ml_1 joined #salt
17:14 cpowell at least its not 2.4 anymore...
17:14 rossmay1 Yay 2.7
17:14 Joseph lol rossmay1 there are so many nice things in python 3 that i want to use
17:14 forrest Joseph, it's going to 2.7 for rhel 7
17:14 miles32 you could bootstrap to python 3
17:14 Joseph i could
17:14 Joseph but its more so writing scripts that need to work on systems that i have no control over
17:14 Joseph and will not have salstack on them
17:14 ndrei joined #salt
17:15 Joseph you can usually only rely on whatever global interpreter is set up by default
17:15 miles32 well that's troublesome from a salt perspective
17:15 Joseph hmm i thought saltstack had its own built in python version so it was unaffected?
17:15 viq nope, it depends on system
17:15 Joseph ohhh
17:16 Joseph so when saltstack goes to python 3.0, centos peeps are going to have an interesting life?
17:16 Joseph sounds like saltstack might need to do virtualenv or some such
17:16 Luke__ joined #salt
17:16 timoguin older centos users already have it pretty interesting
17:16 Joseph hahaha
17:16 Joseph well i am on 6.5
17:17 viq Joseph: installing virtualenv on a 3-4 digit number of servers is going to be "fun"
17:17 Joseph viq: why must you be so depressing
17:17 timoguin this is a happy channel
17:17 Joseph exactly
17:17 viq Joseph: don't have me recount my recent attempts to get centralized TLS syslog
17:17 miles32 I'm just having fun with salt-cloud and windows
17:17 Joseph TLS?
17:18 viq Yeah, encrypted syslog
17:18 cpowell rsyslog with REPL+TLS
17:18 viq As transport to logstash
17:18 viq cpowell: except when you're not on CentOS
17:18 mgw joined #salt
17:18 Joseph ohhhh
17:19 viq cpowell: because rsyslog on debian doesn't do FQDNs and rsyslog on FreeBSD is by default compiled without TLS support
17:19 cpowell ouch
17:19 schmutz joined #salt
17:19 Joseph i didn't even know syslog did tls
17:19 cpowell just do TCP+TLS
17:19 cpowell not as 100% as REPL
17:19 Joseph lol let me guess...it had to be mutual auth? Death chain of trust.
17:20 viq cpowell: on the other hand, syslog-ng, which works for this fine on OpenBSD, FreeBSD and Debian, on CentOS as it's compiled on EPEL does not have support for TLS
17:20 cpowell viq: Really? I actually like syslog-ng alot, except the really good parts are commercial
17:21 cpowell guess you are stuck building from source somewhere
17:21 viq cpowell: yeah, syslog-ng on epel is compiled without TLS "because SSL libs are in /usr/lib and would not be available during boot" or something
17:21 cpowell blah
17:21 viq cpowell: nah, rsyslog on RHEL derivatives and syslog-ng everywhere else
17:22 viq And of course preparing a different version of config for each different version of each different platform
17:22 cpowell hahah
17:23 viq And I guess I will need to stuff the loghost IP into /etc/hosts because I already had machine that didn't start syslog on boot because in config there was a hostname, and creating certificates for IPs is ghetto
17:24 AdamSewell joined #salt
17:24 viq And as I mentioned some time ago, I am trying to figure out how to in an easy enough and secure enough way generate and distribute client certs for machines to have them authenticate to loghost
17:24 AdamSewell joined #salt
17:24 jcsp1 joined #salt
17:24 viq See? You made me recount my recent experiences with syslog :P
17:25 krow joined #salt
17:25 viq Also syslog-ng needs that whole openssl magic thing where you have CA cert in a dir and then you have a symlink of the hash pointing to the cert file.... And the hash is different depending whether openssl on box is 0.9.x or 1.x
17:27 stubee joined #salt
17:27 Joseph viq: are you building your own chain of trust from scratch?
17:28 viq Pretty much, our own CA for internal use on the team
17:29 shwaiil Q: For salt.states.file, if I do file.managed for foo.php, if I have some jinja vars, they're parsed right ? independently of the file format ? Thank you
17:29 viq shwaiil: yes, though in file.managed you have to specify it's a template
17:30 Theo-SLC joined #salt
17:30 dezertol joined #salt
17:30 Joseph viq: i'd be interested to heard why saltstack can't do that easily enough...i would assume its just a matter of execing some openssl commands and moving certs/keys around
17:30 Theo-SLC I'm setting up a schedule in a pillar for the first time.  My pillar is now setup with the schedule.  How can I tell if it's working/failing?
17:31 Ryan_Lane1 joined #salt
17:31 viq Joseph: yeah, "but" : either the keys and certs are as plain files, and then _every_ node has access to _all_ of them (potentially), or you do them in pillars somehow (how?), or you do it in some other way which I haven't really figured out yet
17:31 dezertol is there a repo of sorts for commonly used sls files for example if someone is installing drupal?
17:31 shwaiil viq: thanks :D
17:32 Joseph can a salt minion copy any file that is in the salt file server automatically?
17:32 viq dezertol: http://saltstarters.org/ https://github.com/saltstack-formulas
17:32 Joseph or is the master the only one who can do the copy?
17:32 Joseph i thoguht it was the later by default
17:32 dezertol thx viq
17:32 viq Joseph: all minions can potentially access anything the master serves if it's not a pillar
17:33 Theo-SLC joseph: I'm trying to solve that problem now  using the schedule
17:33 viq Joseph: only pillars get compiled on master and served on the "here's what you should have" basis
17:33 Joseph right that makes esne2
17:33 Joseph sense
17:34 Joseph put certs/key in ldap and use the ldap external pillar?
17:34 Joseph or is that too painful/
17:34 Joseph ?
17:34 viq Joseph: again, how?
17:34 Joseph well which part how?
17:34 viq How do you (semi-?)automatically generate certs and put them in ldap?
17:35 Joseph clarify whtat you mean by automatically
17:35 Joseph are you describing a program that will automatically provision key and cert for the node when added in or something
17:35 viq I would like to have a client cert generated for each minion salt knows about
17:35 Joseph hmm
17:35 viq yeah, pretty much
17:35 Joseph that's interesting
17:35 Joseph can that be done after the minion has been joined in via the salt key exchange/
17:36 viq Yeah, probably via reactor
17:36 viq But here again is an issue of how to know that the node is connecting to master for the first time (as opposed to, say, after minion restart)
17:37 Joseph why not just loop through the files in /etc/salt/pki/master/minions
17:37 Joseph the filename is the minion id
17:37 Joseph and you know the minion has joined in
17:37 Joseph and that list should be relatively static
17:38 viq And how do you know that you should or should not generate a new key/cert ?
17:38 Joseph you could keep track of the list and do a diff
17:38 viq Also I wonder how that would work with a multi-master setup
17:38 Joseph oh well now go throw fly in my ointment :)
17:39 manfred woohoo pizza party
17:39 Joseph this is actuall yrelated
17:39 Joseph what are you doing for system inventory
17:39 Joseph are you using cobbler?
17:39 viq nothing / wiki ^^'
17:39 Joseph hahaha
17:39 Joseph hey its better than nothing
17:40 Joseph one big gap in saltstack is the lack of a coherent system inventory IMHO
17:40 Joseph but setting that to the side
17:40 Joseph one clean option is to inventory all your machiens in cobbler and then use the pillar interface to cobbler to keep track of machines
17:40 Joseph and via cobbler its very easy to associate user data with machine via command line
17:41 viq Problem is they are in different networks. Actually for that reason I have a couple salt masters
17:41 Joseph and there are no machines that span the networks/
17:41 Joseph ?
17:41 viq I don't know enough about cobbler, I thought it was mostly a provisioning tool?
17:41 Joseph a core part
17:41 gfa left #salt
17:42 Joseph but its also a very clean system inventory tool that's easy to update via command line
17:42 Joseph all of tis data is stored in json files
17:42 Joseph and its python
17:42 viq Well, kinda maybe not really. Most likely internal machines could connect to the external salt master, but other admins in my team don't like the idea
17:42 Joseph because of network segmentation isolation concerns etc?
17:42 viq yeah
17:42 Joseph sys admins...they ruin everyones party including their own :)
17:42 viq :P
17:43 Joseph why not do a chain-of-trust for each network
17:43 miles32 quitcher bitchin
17:43 Joseph so each salt master is responsible for one chain of trust
17:43 viq Interesting as the conversation is, it's time to start heading home ;)
17:43 Joseph woot good luck
17:43 viq Joseph: how do you mean?
17:43 Joseph so create on base self-signed cert...make that the root CA
17:43 Joseph and then make each salt master an intermediate CA
17:44 Joseph and then the salt masters generate chain of trust for the servers they manage
17:44 Joseph but you could distribute the chain toe veryone so mutual auth would work across networks if needed
17:44 viq Yeah, but that still leaves the whole issue of protection and distribution of keys and certs
17:45 Joseph which is where cobbler+pillar could come in
17:45 Joseph but i thought you had to leave? :)
17:45 conan_the_destro joined #salt
17:45 viq Good ideas and suggestions can keep me a while longer ;)
17:46 viq But yeah, talk to y'all later ;)
17:46 Joseph i actually use cobble because its so easy to get working for provisioning
17:46 xmj we all do
17:46 opapo_ left #salt
17:47 Joseph_ joined #salt
17:48 Joseph_ IRC went wacky on me
17:48 Joseph_ whats the last thing you go?
17:48 Joseph_ got
17:48 pdayton joined #salt
17:52 ipmb joined #salt
17:55 Theo-SLC I specified a schedule in a minion pillar to execute an sls every 10 minutes.  How can I tell if it's wokring?  logs, commands, etc..?
17:55 cpowell has anyone used file.replace/sed to delete a matching line?
17:57 druonysus joined #salt
17:58 toastedpenguin joined #salt
17:58 Gareth Theo-SLC: There are some commands to see jobs in the queue, you can also set the log level to debug mode and you'll see a message every time a job runs.
18:04 ghartz_ joined #salt
18:05 chrisjones joined #salt
18:06 felskrone joined #salt
18:06 smcquay joined #salt
18:08 Thiggy joined #salt
18:08 Thiggy How do I make an empty list in pillar?
18:09 rjc joined #salt
18:10 ajprog_laptop joined #salt
18:10 kickerdog joined #salt
18:10 cpowell you can template one, is that ok? {{ set l = [] }}
18:10 cpowell sorry {% %}
18:11 Thiggy hrmm that should work
18:11 Thiggy thanks
18:13 perfectsine joined #salt
18:19 JPaul joined #salt
18:20 jnials joined #salt
18:22 cpowell is there a way within salt to list out the pillar_roots
18:24 Joseph_ http://docs.saltstack.com/en/latest/ref/wheel/all/salt.wheel.pillar_roots.html
18:24 Joseph_ that may have the function you are looking for
18:25 seanz joined #salt
18:25 cpowell hmmm, how would I reference that in a state.sls
18:25 seanz Greetings. What is the easiest way to target two different hosts on the command line?
18:25 cpowell salt host1 host2 test.ping
18:25 timoguin seanz: salt -L 'minion1,minion2' foo
18:26 zain_ joined #salt
18:26 seanz timoguin: Thanks!
18:28 dimeshake so, i just had salt-minion eat all memory on a centos5 server and take it down. that was fun
18:28 n8n joined #salt
18:28 Joseph_ cpowel: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module
18:29 cpowell hmmm, thanks Joseph_
18:29 Joseph_ dimeshake: wow...what in the world was it doing?
18:30 barbacoa joined #salt
18:30 barbacoa need help on sls file
18:30 dimeshake i have no idea. it took the box down so i had to hard reboot. then i logged back in, it was deep into swap alrady so kill -9'd salt-minion
18:30 barbacoa I want to run a cmd.run only if a package is not install
18:31 barbacoa can someone help with the syntax
18:31 Joseph_ i thought there was a requisite for cmd called unless
18:31 Joseph_ where it would only execute a command if a test returned false
18:31 cpowell there is
18:31 dimeshake i think there is. unless: test -f /some/path
18:31 dimeshake could just as easily do rpm query etc
18:31 cpowell /var/log/messages:
18:31 cpowell cmd.run:
18:31 cpowell - unless: echo 'foo' > /tmp/.test
18:32 dimeshake there it goes again
18:32 dimeshake up to 30% memory
18:32 dimeshake 40%
18:33 Joseph_ holy smokes
18:33 Joseph_ what version of python are you on?
18:33 dimeshake well, there's python 2.4 with centos5, and then python2.6 that salt is using I believe
18:34 dimeshake whatever it uses from the EPEL package by default
18:34 Joseph_ 5.8 ?
18:34 dimeshake centos 5.10
18:34 dimeshake i was running salt-minion -l debug in foreground and there was nothing amiss that i could see
18:34 Joseph_ so is this happening during a state run ?
18:35 dimeshake yes, a relatively simple highstate that creates some users, sudoers file, and makes sure some packages are present
18:35 Joseph_ is the server only doing local auth...no nsswitch.conf or anything liek that etc
18:35 dimeshake right, just local auth with keys
18:35 Joseph_ very peculiar
18:36 Joseph_ what version of salt?
18:36 dimeshake i was hoping i'd see some more info in the console, but nothing useful there
18:36 dimeshake 2014.1.4
18:36 Joseph_ can you put in your sls in gist
18:36 schmutz joined #salt
18:36 dimeshake can do
18:37 Joseph_ also does this happen when you do a salt-call on the minion and when the highstate is run from the master?
18:37 dimeshake i haven't tried a salt-call, these were master-initiated
18:38 Joseph_ are you donig multiple sls
18:38 Joseph_ or just a single state fle?
18:38 dimeshake i have a core/init.sls and a users/init.sls that are called on this minion
18:38 dimeshake i'm posting them up
18:39 Joseph_ okay
18:39 Joseph_ so 1. salt-call 2. state.sls <sls>
18:39 Joseph_ i'd be interested to see if memory starts getting eaten if even a single sls is happening or if its specific to a state run
18:39 ZombieFe_ joined #salt
18:40 dimeshake https://gist.github.com/mshade/84394edc064bc74162ea
18:40 dimeshake there's the core sls
18:41 Joseph_ are these vms in aws/
18:41 Joseph_ ?
18:41 dimeshake this one is rackspace cloud
18:42 dimeshake we have some in ec2 too, but no problems with any of those :)
18:42 resmike joined #salt
18:42 swissknife joined #salt
18:42 dimeshake https://gist.github.com/mshade/ce0bf6c934a31f6d9a38
18:42 dimeshake and the users/init.sls
18:42 Joseph_ can you create a "new" sls and watch everything after line 63
18:43 Joseph_ and then just run that in the highstate run
18:43 Joseph_ whack not watch lol
18:43 dimeshake i can try that
18:44 dimeshake firing up salt-minion -l debug in foreground again...
18:45 dimeshake firing the highstate on the truncated version of my core sls
18:46 ashw7n joined #salt
18:47 dimeshake 4809 root      18   0 5142m 797m 2892 R  4.0 38.9   0:21.05 salt-minion
18:47 dimeshake up to 50%!
18:47 Joseph_ ineresting
18:47 Joseph_ but not in a good way
18:47 __hudson__ joined #salt
18:47 Joseph_ okay can you move your sls files completely to the side
18:48 Joseph_ do a highstate run where no sls fils get applied
18:48 dimeshake will try that
18:48 dimeshake that one nearly got away from me, she was swapping pretty hard by the time i got it killed heh
18:49 dimeshake calling an empty highstate
18:49 Joseph_ yeesh
18:49 dimeshake doesn't like that
18:49 dimeshake Comment: No Top file or external nodes data matches found
18:49 Joseph_ yea but that's expected
18:49 dimeshake you want an empty init.sls?
18:50 Joseph_ try it
18:50 Joseph_ then try adding a very simple state change like startging up ntpd etc
18:52 ZombieFeynman joined #salt
18:52 dimeshake Joseph_: simple highstate appears to have run ok
18:52 Joseph_ hmmm
18:52 dimeshake i stopped ntp manually, and had the state just start it again basically - and make sure it was installed
18:53 Joseph_ so this points back to a particular state being a bad citizen
18:53 Joseph_ i would start enabling one block at a time
18:53 Joseph_ until you see the memory growth again
18:53 dimeshake yeah
18:53 dimeshake gotcha
18:53 XenophonF joined #salt
18:53 dimeshake I can just comment them out in blocks, yeah?
18:53 Joseph_ right
18:53 Joseph_ #
18:53 Joseph_ if you use emacs you can just comment out regions which is nifty
18:53 Joseph_ - junglediskserver: https://downloads.jungledisk.com/jungledisk/junglediskserver-3160-0.x86_64.rpm
18:53 dwiden joined #salt
18:53 Joseph_ if i am betting man i would say this is the bad guy
18:54 Joseph_ but no way to knwo for sure
18:54 dimeshake or vim ;)
18:54 dimeshake interesting. that one is actually not even called for this minion
18:54 dimeshake because jdlicense is not defined in pillar
18:55 dwiden I've just updated to salt minion 2014.1.4 (windows x64 minion).  I am running a highstate and it fails on file.managed/recurse, with the error: "Parent Directory Not Present"; however, I have the makedirs: True set in the state.  Is there anything else that I need to do?
18:55 elfixit joined #salt
18:55 thayne joined #salt
18:56 possibilities joined #salt
18:57 dimeshake dwiden: that should work..
18:57 timoguin dimeshake: hmm, try pillar.get('jdlicense') in that block instead of referencing pillar directory. just a hunch
18:57 Joseph_ yes...i don't beleive there's a windows restriction on that argument
18:58 KennethWilke joined #salt
18:58 dwiden I'll attach the state in a pastebin, give me a second
18:58 timoguin i think referencing pillar directly can cause failure if the key/value isn't there
18:58 timoguin whereas pillar.get won't
18:58 Joseph_ timoguin but i thought that was the whole point of "is defined"
18:58 Joseph_ test if its null or not
18:59 Joseph_ why should that cause a failure?
18:59 kermit joined #salt
18:59 timoguin i'm not sure if it still does... or ever did really.
19:00 dimeshake trying that
19:00 dwiden http://pastebin.com/khKEQwfD
19:00 jalaziz joined #salt
19:01 Joseph_ dwiden: line 5...put in quotes
19:01 Joseph_ not sure that's the problem but spaces are generally evil
19:01 timoguin pillar.get is safer, and will return an empty string if the value isn't there, unless you set a default via the second arg
19:01 dwiden line 5 as in "C:\Program Files (x86)..." ?
19:01 Joseph_ yes
19:02 dimeshake well it ran without ballooning memory
19:02 Joseph_ so if pillar.get returns an empty string then does that means "is defined" returns true?
19:02 dimeshake but it triggered the jdlicense block, when it shouldn't have
19:02 dimeshake Joseph_: yes, it does, apparently :)
19:02 Joseph_ which is exactly why you don't want to do that
19:02 seanz left #salt
19:02 timoguin i'm sure there's another syntax that can be used instead of is defined
19:03 dwiden Joseph: that line had been previously working before I upgraded to 2014.1.4, is it a change in how states are interpreted?
19:03 Joseph_ is there a jinja test for an empty string?
19:03 dimeshake any suggestions? could use something like != ''
19:03 Joseph_ dwiden: i don't know
19:03 Joseph_ dimeshake that might work
19:03 dwiden Joseph: Okay, I'll make the modifications and try it out, thank you for the help
19:03 timoguin maybe just if pillar.get('foo')
19:05 dimeshake timoguin: that works
19:05 dimeshake excellent
19:05 dimeshake and no balloonisalt
19:05 timoguin yea we should probably file and issue on that.
19:05 timoguin that's silly
19:05 pony_like joined #salt
19:05 Joseph_ yea crashes the machine
19:05 Joseph_ nuts
19:06 timoguin pillar.get is recommended, but pillar['foo'] is all throughout the docs
19:06 Joseph_ it is...i used it frequently cause that was in the examples
19:06 Joseph_ lol
19:06 dimeshake yep
19:06 Joseph_ its also slightly cleaner syntax IMHO
19:06 CeBe1 joined #salt
19:06 Joseph_ and with jinja i look for clean syntax whenever i can get it
19:07 timoguin same situation with grains.get
19:08 vbabiy joined #salt
19:08 dwiden Joseph: adding quotes around the command in line 5 cause the state to not compile
19:08 dwiden sorry, around the full path of the file
19:09 Joseph_ try single quotes
19:10 dimeshake ok, that's not the core of the issue.
19:10 dimeshake just did it again
19:11 dimeshake and i can't kill it
19:11 dimeshake whew. finally died
19:11 dwiden Joseph: it compiled this time, now waiting for it to run
19:11 ZombieFeynman joined #salt
19:13 Joseph_ dimeshake: not that this is a solution...but i wonder if this would happen centos 6
19:13 dimeshake well, i am using pillar['foo'] is defined in my user state
19:13 dimeshake no, this is the only minion it happens on. there are other centos5, centos6, and amazon linux minions running a-ok
19:14 manfred dimeshake: hi
19:14 dimeshake howdy
19:14 Joseph_ oh bizaree
19:14 dimeshake debugging salt eating my memory and taking down a centos 5 box :)
19:15 alunduil joined #salt
19:16 dimeshake did it again. dammit - even after changing the if pillar['foo'] is defined to pillar.gets
19:17 Joseph_ does it happen if you remove pillar completely from the sls/
19:17 dimeshake will try. i have some work to get done besides this though :\
19:18 pentabular joined #salt
19:18 thehaven joined #salt
19:20 stevednd if you call cmd.wait -names, the various commands appear to be run at the same time. Is that correct? I was trying to do - names: - ./configure - make - make install, but because the configure takes so long it seems like the make statements attempt to run before the makefile is created
19:21 stevednd assuming it's correct, is there any way to indicate they should be run sequentially?
19:21 saravanans joined #salt
19:21 AdamSewell joined #salt
19:23 mateoconfeugo joined #salt
19:25 XenophonF any windows users out there?
19:26 cpowell joined #salt
19:28 Joseph_ i am trying to build the sphinx documentation on windows and i see this " File "C:\cygwin64\home\jlorenz1\gitrepos\salt\salt\utils\verify.py", line 18, in <module>     import win32file"
19:28 Joseph_ i have searched pip and i don't see this module anywhere
19:28 XenophonF that might be part of pywin32
19:28 XenophonF just a sec - let me check
19:29 Joseph_ which when i do a pip install for and i get his No distributions at all found for pywin32
19:29 Joseph_ python package management....the gift that keeps on giving
19:30 XenophonF heh
19:30 XenophonF well, pywin32 is a sourceforge project
19:30 XenophonF http://sourceforge.net/projects/pywin32/files/pywin32
19:30 XenophonF brb
19:30 Outlander joined #salt
19:33 cruatta joined #salt
19:35 XenophonF back
19:35 XenophonF Joseph_: I couldn't find win32file on my system.  Dunno what that is.
19:35 n8n joined #salt
19:35 Joseph_ me neither but apparently verify.py needs it
19:36 XenophonF I'm pretty sure that's part of pywin32.
19:36 XenophonF see http://starship.python.net/~skippy/win32/Downloads.html
19:36 XenophonF make sure you have the latest build installed for your python
19:37 XenophonF are you using the Python MSI installer from python.org, or are you using the version of Python bundled with Cygwin?
19:37 Joseph_ cygwin
19:37 XenophonF ah
19:37 XenophonF hm
19:37 Joseph_ isn't it weird that it tried to do that incygwin?
19:37 XenophonF very
19:37 Joseph_ i am guessing python in cygwin thinks its windows ?
19:37 XenophonF it shouldn't
19:37 XenophonF it should think it's unix
19:37 Joseph_ exactly!! that's why i am using cywing
19:37 Joseph_ :)
19:38 Joseph_ it makes windows bearable
19:39 Joseph_ hahahah
19:39 Joseph_ i know what it is
19:39 Joseph_ its a bug
19:41 Joseph_ though its an odd bug
19:41 toastedpenguin joined #salt
19:42 Joseph_ in verify.py, "if sys.platform.startswith('win'):"
19:42 Joseph_ but sys.platform returns "cygwin"
19:42 Joseph_ so that should return false and import "resource" instead of win32
19:43 MBroadhead joined #salt
19:43 peters-tx Using cygwin64 here
19:43 * Heartsbane blames whiteinge.
19:45 Joseph_ i think my python path is screwed
19:45 Joseph_ up
19:45 Joseph_ its hitting windhows python instead of cygwins
19:46 Joseph_ very good
19:46 Joseph_ very odd
19:46 Joseph_ well i am going to with user error screwed up environment
19:46 XenophonF ah hah
19:46 Joseph_ and try to fix it
19:46 XenophonF that makes sense
19:48 XenophonF does anyone know if i need to clone the saltstack/salt repo in order to issue pull requests?
19:48 Joseph_ yes
19:48 JasonSwindle joined #salt
19:48 Joseph_ fork from github
19:48 XenophonF OK
19:48 XenophonF thanks
19:49 Joseph_ git clone from your fork....create branch push branch up to your fork
19:49 Joseph_ and then submit pull request
19:49 Joseph_ don't forget to set up tracking upstream and merge your changes....the develop branch changes daily
19:49 XenophonF i need to do my development against a working branch/tag, like 2014.1.4
19:49 XenophonF because tracking the develop branch causes things to break that i need not to break
19:50 XenophonF because i can only deal with my own breakage :)
19:50 Joseph_ hmm i dno't know how things work if you submit against a non-develop branch
19:50 XenophonF i kinda know how to do merges from other branches in mercurial
19:50 XenophonF there's probably a way to do it with git
19:50 Joseph_ oh i see
19:50 Joseph_ yes of course
19:51 XenophonF hm, well, let me try this
19:51 AdamSewell joined #salt
19:51 XenophonF i'm not really familiar with git
19:51 XenophonF thanks Joseph_
19:51 Joseph_ you'll need to check out: 1. develop 2. the branch you want to work off from and 2. the branch you are doing work on
19:52 Joseph_ then you'd merge your changes from your work branch into develop
19:52 Joseph_ and push that up to the forked repo
19:52 Joseph_ that way its current wit hdevelop
19:52 Joseph_ sorry if that's confusing
19:52 XenophonF no that makes sense
19:52 Joseph_ its a very git way to do things though
19:52 XenophonF like i said, there's similar workflows in cvs, svn, andhg
19:52 XenophonF perforce, too
19:53 Joseph_ as long as you are comfortable with what a branch means in git then you are good
19:53 Joseph_ its very different from sVN/cvs
19:53 Outlander left #salt
19:53 XenophonF it doesn't seem that different
19:53 Joseph_ its verrrry different
19:54 cruatta joined #salt
19:54 Joseph_ http://git-scm.com/book/en/Git-Branching-What-a-Branch-Is
19:56 Joseph_ oh bloody hell...i am a moron....cygwin was using the windows PYTHON 2.6 version of pip and install 2.6 packages in my python 2.7 cygwin
19:56 Joseph_ <==so annoyed
19:56 AdamSewell joined #salt
19:56 Joseph_ with myself
19:56 Joseph_ i need to go sit in a corner with a dunce cap on i think
19:56 XenophonF ouch
19:57 KennethWilke Joseph_, happens to the best of us
19:58 Joseph_ i should probably remove python completely from cygwin and reinstall it
19:58 Joseph_ who knows what package mismatches i put on the thing
19:58 Joseph_ yeesh
19:58 thayne joined #salt
19:59 XenophonF so if i install a python package (e.g., salt) using "python setup.py install", how do I _deinstall_ it?
19:59 XenophonF just delete site-lib/salt*?
19:59 XenophonF or is there more to it?
20:01 Joseph_ there's usually an uninstall option
20:02 thedodd joined #salt
20:03 dsolsona joined #salt
20:04 vexati0n left #salt
20:04 vexati0n joined #salt
20:05 combusean joined #salt
20:06 smcquay_ joined #salt
20:06 vexati0n so - in the docs, there is a reference to to the "grains.setvals" module which allows to set multiple grains at once - but when you try to use it, it says there is no such function
20:07 kickerdog left #salt
20:07 XenophonF vexati0n: maybe that isn't featured in the version of salt you're using?
20:07 ashw7n joined #salt
20:08 vexati0n there are notes for other modules, like 'new in helium' etc, but there's no such note for this module
20:08 vexati0n the machines are on 2014.1.3
20:08 XenophonF take a look at salt/modules/grains.py, make sure the method is there
20:09 XenophonF alternatively check the change history on github
20:09 kmshultz can any salt cloud devs help me get password auth working?
20:10 AdamSewell joined #salt
20:10 kmshultz i'm a bit confused about the state of support of password auth, i.e. root password as returned from the initial libcloud node object
20:11 timoguin I use SSH keys so I don't have to mess with that.
20:11 kmshultz yeah, I figured many people do, heh. normally I am all about keys, but I hate having to use a key just to bootstrap salt
20:11 schmutz joined #salt
20:12 XenophonF Joseph_: how do I check out a particular tag?
20:12 kmshultz why not use password auth when the initial server creation returns the initial root password?
20:12 n8n joined #salt
20:12 XenophonF Joseph_: is it just git checkout v2014.1.4 (for example)?
20:12 Joseph_ yea but you actually have to pull the tags down
20:12 Joseph_ i don't think that happens by default
20:12 Joseph_ there's option in git that does
20:13 kmshultz anyhow I think I've run into a bug, or perhaps password auth used to be more well supported but now it's being taken out or specifically not favored by the devs -- judging by looking at the salt cloud code for a few older versions versus now
20:13 timoguin kmshultz: well i have passwords disabled on mine, and my images launch with a default key that my salt-master user has
20:13 timoguin then i can have salt change/remove that key on highstate
20:13 Joseph_ xenophon: run git tags
20:13 Joseph_ what do you get back/
20:15 kmshultz timoguin: gotcha. I realize how it's possible with keys, of course, but I resent having to use that when the server creation call gives you the root password. I shouldn't have to add a "bootstrap" key to each cloud deployment only to later remove it. shrug.
20:16 timoguin yea i've never used password auth, so i'm not even sure how it'd be done
20:16 rgbkrk joined #salt
20:16 kmshultz I traced the problem to where salt cloud sends the password to the ssh proc's stdin, but then it just hangs
20:17 timoguin i'm sure devs will want to have that working.
20:17 timoguin might wanna file an issue
20:17 kmshultz yeah, think I may
20:18 kmshultz just figured if any were listening in here now they could say 'yeah we are aware of this' or 'we dont care about password auth' or 'huh??'
20:18 MBroadhead joined #salt
20:19 alekibango joined #salt
20:21 variia joined #salt
20:22 Joseph_ okay i have the cywgin issue resolved
20:22 Joseph_ make html works in cygwin
20:22 Joseph_ but no html files get generated
20:22 Joseph_ this seems to be not correct lol
20:25 forrest Joseph_, ?
20:25 forrest did the _ directories get created?
20:25 Joseph_ _build/html/ is empty
20:25 Joseph_ note this is on cygwin
20:25 Joseph_ works fine on my linux box
20:25 forrest ahh
20:25 forrest no errors when you do the make?
20:26 Joseph_ nothing that says errors
20:26 Joseph_ but this seems wrong "loading pickled environment... not yet created"
20:26 forrest fun
20:26 Joseph_ what does "loading pickle environment" mean?
20:26 Joseph_ lol
20:26 ipmb joined #salt
20:26 forrest it's loading something in that uses the pickle module I'd imagine
20:27 vexati0n oh great, now i'm in trouble because Salt's external_ip function contacts ipecho.net which is at least partly located in Romania
20:27 Joseph_ vexation....i deleted that abomtination from my grains
20:27 vexati0n "why are your things talking to Romania? virus!" they say.
20:27 Joseph_ then everythign was fine
20:27 ajprog_laptop joined #salt
20:27 Joseph_ that was a very evil grain that hsould never have gotten in
20:27 vexati0n yeah, the problem is i need external ip resolution
20:27 Joseph_ i hear they took it out in the latest release
20:27 Joseph_ oh vexation.....lol that's an awful problem to have
20:28 jchen vexati0n: heh, ipecho.net seems to be a residential connection in romania
20:28 XenophonF Joseph_: I see all the right tags when I run "git tag"
20:28 Joseph_ forrest: i can load the pickle module fine
20:28 forrest make a PR to strip it out then.
20:28 forrest Joseph_, *shrug* yea I don't know, cygwin
20:28 XenophonF also glad to hear you have your python/cygwin issue sorted
20:28 XenophonF or kind of sorted
20:28 Joseph_ Xenophon: yea ha....just uninstalled python and completely reinstinall it in cygwin
20:29 Joseph_ i also completely removed all python 2.6 off my system
20:30 XenophonF oh git checkout tags/tagname
20:30 timoguin vexati0n: it should be pretty easy to have that grain call a different service
20:30 XenophonF i get it
20:30 timoguin it has a list of 3 it'll try right now
20:32 vexati0n timoguin: yeah, we run an in-house server now, so they just call us
20:32 sroegner_ joined #salt
20:32 vexati0n we have 1000 minions all over the country and none of them are on networks we control
20:32 Joseph_ wow
20:32 Joseph_ that's really neat
20:32 vexati0n so we get lots of sysadmins asking us why our machines are talking to Romania...
20:33 doddstack joined #salt
20:34 saravana_ joined #salt
20:34 smcquay joined #salt
20:34 Joseph_ hahaha
20:36 saravanans joined #salt
20:38 variia hi, i have quick question about pillar. i wish to avoid bloating top.sls so trying to match pillar sls file by grain id
20:38 variia {% set id = salt['grains.get']('id') %}
20:38 variia 'id:{{ id }}':
20:38 variia - match: grain
20:38 variia - logwatch.{{ id }}
20:38 variia but it fails on hightstate because i dont have sls for all my minions and unsure how to make conditional based on sls existance
20:38 variia is it possible?
20:39 saravana_ joined #salt
20:41 timoguin variia: you really don't want to make a specific SLS for each minion. it's better to create states based on roles, and assign roles to minions via grain, pillar, or the minion id
20:42 timoguin and keep logic out of the top.sls as much as possible
20:45 Joseph_ good rule of thumb: if top.sls is more than 20 lines you are probably doing something wrong
20:45 Joseph_ i have mine down to 5
20:45 Joseph_ :)
20:45 Joseph_ but i only have one environment so it might grow a litle bit
20:47 forrest why is that a good rule of thumb?
20:47 forrest you could have multiple environments, and dozens of different system profiles
20:47 timoguin yea line length doesn't matter much. keeping it simple does.
20:47 timoguin mine is 29 lines with a single environment
20:48 zwevans joined #salt
20:49 Joseph_ forrest/timoguin: i don't know your usage but i can't imagine my design ever needing to expand beyond 10 or 20 lines even if i had thousands of machines
20:49 Joseph_ if for some reason i needed like 500 environments then i'll revise my opinion
20:49 Joseph_ but i dont see that happening
20:49 Joseph_ and i am only going to 20 because of environments
20:49 forrest Joseph_, yea I guess it depends if you only have one type of system/application *shrug*
20:50 Joseph_ i don't base it on system/application but on role assignment
20:50 Joseph_ the role assignment design i have accounts for multi application deployment
20:50 timoguin i have role-based minion IDs, and application/service states
20:51 XenophonF hey Joseph_, you want some more crazy-making-which-version-of-python-am-i-acutally-using?
20:51 Joseph_ of course xenophonF
20:51 variia ok, thanks and point taken. i have 3 datacenters and an amazon VPC in multiple regions so i am trying to write as common/generic
20:51 variia states as possible and map the changes based on env via pillar. so keeping the op file 20 line seems a challenege to me and i am
20:51 variia at the beginning of the managed infrastructure
20:51 XenophonF I'm building Salt on Windows, with the 32-bit Python installed under %ProgramFiles(x86)% and with the 64-bit Python installed under %ProgramFiles%, as God intended
20:52 timoguin God hates ProgramFiles
20:52 Joseph_ actually
20:52 XenophonF s/God/BillG/
20:52 XenophonF anyway
20:52 Joseph_ i think God looked at programfiles and turned to the devil and said i want you to insert a space in there
20:52 forrest I don't like that XenophonF, it goes against the convention of 'put everything in the wrong dir' methodology that many Windows devs believe in
20:52 Joseph_ of all the things windows has done that god damn space....sheesh
20:53 timoguin lol
20:53 Joseph_ oh and the effing parenthesis
20:53 Joseph_ !!!
20:53 timoguin (x86)
20:53 Joseph_ YES!!
20:53 XenophonF yeah well it's no worse than solaris' lib64 or linux lib32 or freebsd blah blah blah
20:53 timoguin screeww ewwwww!
20:53 XenophonF plus i'm a former lisper so I love parens!
20:53 XenophonF anyway
20:53 Joseph_ away from me!!
20:53 XenophonF so I clone my salt git repo, open cmd.exe from the GitHub app, and go to build the 32- and 64-bit versions of Salt
20:53 Joseph_ i think lisp syntax is one of the single ugliest programming syntax i have ever seen
20:53 forrest https://www.youtube.com/watch?v=SI5J43UkarM salt air on RAET
20:53 Joseph_ perl might be worse
20:53 Joseph_ i haven't decided
20:53 XenophonF %ProgramFiles(x86)%\Python27\python setup.py install, etc.
20:54 XenophonF %ProgramFiles%\Python27\python setup.py install
20:54 XenophonF only that second command installs into %ProgramFiles(x86)%?
20:54 XenophonF wtf?
20:54 Joseph_ RAET might replace zeromq?
20:54 XenophonF turns out that the GitHub app is 32-bit
20:54 timoguin Joseph_: yea that's the goal
20:54 XenophonF runs the command interpreter in the 32-bit environment
20:54 Joseph_ i love tom's professorial's air
20:55 Joseph_ he's so intense
20:55 timoguin he cracks me up
20:55 XenophonF I would have been better off using the hard coded path instead of the environment variable.  :(
20:56 Joseph_ fantastic!!!
20:56 Joseph_ shorter Tom: tcp makes our face cry/
20:56 Joseph_ ?
20:58 Joseph_ hmmm runs on pypy eh?
20:58 Joseph_ does anyone run saltstack on pypy?
20:58 travisfischer joined #salt
21:00 schimmy joined #salt
21:00 timoguin I had a crazy-weird spanish teacher in highschool who called himself Dr. Smith
21:00 timoguin except he did not have a PhD of any sort
21:01 Joseph_ lol
21:01 jeffrubic joined #salt
21:01 Joseph_ so they want a connectionless paradigm?
21:03 schimmy1 joined #salt
21:04 gq45uaethdj26jw6 left #salt
21:05 druonysuse joined #salt
21:05 druonysuse joined #salt
21:07 lahwran joined #salt
21:11 zain_ joined #salt
21:14 schmutz joined #salt
21:14 ajolo_ joined #salt
21:17 slawek- joined #salt
21:17 bhosmer joined #salt
21:18 slawek- left #salt
21:19 ashw7n joined #salt
21:19 bhosmer joined #salt
21:20 bhosmer_ joined #salt
21:22 ajolo__ joined #salt
21:23 kermit joined #salt
21:26 devx joined #salt
21:28 devx joined #salt
21:30 devx joined #salt
21:33 devx joined #salt
21:38 variia joined #salt
21:39 miles32 did I ever mention how it's frustrating that salt-cloud times out on my windows AMI's because of how long they take to spool up?
21:40 TyrfingMjolnir joined #salt
21:41 miles32 I'm probably just gonna have them bootstrap themselves
21:42 XenophonF left #salt
21:42 MBroadhead joined #salt
21:46 bhosmer joined #salt
21:47 bhosmer joined #salt
21:47 ZombieFeynman joined #salt
21:50 kermit joined #salt
21:52 jslatts joined #salt
21:55 alunduil joined #salt
21:59 peters-tx timoguin: Perhaps a hit-tip to Lost In Space ?
22:01 MTecknology basepi: thanks for taking a look at that :)
22:01 basepi MTecknology: which?
22:02 MTecknology https://github.com/saltstack/salt/issues/12915 <-- looks like something was horribly broken on my box and I still don't know whta that was.
22:04 MTecknology rebuilt from scratch and it's working perfect and I'm certain every config file is exactly the same
22:04 combusean joined #salt
22:07 MTecknology oh, crap...
22:10 MTecknology I have minions connecting to syndics and a reactor that runs on the master of masters. The syndics can't tell something to run on the MoM, so what MoM did, the syndics will need to do.
22:10 MTecknology syndics are fun, neat, and interesting
22:11 chrisjon_ joined #salt
22:16 rgbkrk joined #salt
22:20 ZombieFe_ joined #salt
22:22 Nazca__ joined #salt
22:23 basepi MTecknology: well, i'm glad it started working!  i was definitely mystified.
22:23 combusean joined #salt
22:24 MTecknology basepi: I still am. Also, the issue with minions responding more than once went away now that I blew away those boxes
22:24 n8n joined #salt
22:24 MTecknology something screwy was happening and I'm perfectly happy never encountering the issue or thingking about it ever again.
22:24 patrek joined #salt
22:24 basepi hahahaha
22:24 basepi you and me both
22:24 MTecknology :)
22:24 MTecknology sounds like weekend talk to me!
22:25 MTecknology ttyl! :D
22:28 ZombieFeynman joined #salt
22:30 Outlander joined #salt
22:32 Theo-SLC joined #salt
22:35 Nazca joined #salt
22:37 variia joined #salt
22:38 variia left #salt
22:38 CheKoLyN joined #salt
22:39 brucelee_ joined #salt
22:40 bhosmer_ joined #salt
22:41 stevednd if you call cmd.wait -names, the various commands appear to be run at the same time. I was trying to do - names: - ./configure - make - make install, but because the configure takes so long it seems like the make statements attempt to run before the makefile is created. Can I make them run sequentially?
22:46 whiteinge stevednd: make a single state that has multiple commands in a multi-line string instead
22:47 stevednd whiteinge: by just using &&, right?
22:47 whiteinge when you use - names: they're not run at the same time but they're also not (necessarily) run in the order they appear in the names list
22:48 whiteinge stevednd: yeah, && will work but so will multiple commands across multiple lines
22:48 whiteinge sec. will pastebin
22:49 whiteinge http://paste.fedoraproject.org/104559/14008853
22:49 whiteinge stevednd: ^^
22:50 rgbkrk joined #salt
22:51 ZombieFeynman joined #salt
22:52 saravanans joined #salt
22:54 JasonSwindle joined #salt
22:55 bhosmer joined #salt
22:57 stevednd whiteinge: it doesn't like that. I think because my ./configure has tons of flags, each on a new line already
22:58 saguilar joined #salt
23:01 tyler-baker joined #salt
23:04 pdayton1 joined #salt
23:04 Nazca joined #salt
23:06 schimmy joined #salt
23:08 rojem joined #salt
23:09 schimmy1 joined #salt
23:09 pdayton joined #salt
23:11 thayne joined #salt
23:12 wt joined #salt
23:14 wt hey, why do "salt mach pillar.get pillar_name" and "salt mach cmd.run 'salt-call pillar.get pillar_name'" return different values for the same pillar?
23:15 wt The version without the cmd.run returns an old value for the pillar.
23:15 manfred wt: because salt-call is going to check if it has it cached already, while salt is run from the master and it sends new ones
23:15 bmcorser anyone have any thoughts on ways to target minions other than globbing their names?
23:16 manfred bmcorser: grains
23:16 manfred pillars
23:16 wt manfred, salt from the master is getting the old values
23:16 manfred http://docs.saltstack.com/en/latest/topics/targeting/
23:16 bmcorser i see my minions ending up being called "webserver-database-pip-numpy-pandas-users"
23:16 manfred wt: then saltutil.refresh_pillars
23:16 manfred or refresh_pillar, i forget
23:16 wt but salt-call already returns the new values
23:17 wt Is the saltutil.refresh_pillars a master thing?
23:17 manfred the refresh_pillar sends an even to the salt master to refresh them iirc
23:17 manfred https://github.com/saltstack/salt/blob/develop/salt/modules/saltutil.py#L373
23:17 bmcorser manfred: if i define something like "roles" in pillars i will still end up getting pillar data to minions using stuff like "*webserver*"
23:17 manfred hrm, nope fires it on the minion
23:17 * manfred shrugs
23:17 wt it's weird. I just ran state.highstate and it used the new value.
23:18 wt even though the old value shows with pillar.get...is that expected?
23:20 wt do the pillars not get refreshed during a highstate run?
23:21 manfred i don't know enough about the state system
23:25 JasonSwindle joined #salt
23:28 wt manfred, even after refresh_pillar, the master still returns the old value
23:30 joehh joined #salt
23:30 wt salt-call on one of the machines that hasn't run the highstate doesn't seem to have the updated pillar value
23:32 wt restarting the minions seems to get the salt master putting out the correct data
23:33 ZombieFeynman joined #salt
23:36 ZombieFe_ joined #salt
23:37 frasergr_ joined #salt
23:41 ZombieFeynman joined #salt
23:47 ZombieFeynman joined #salt
23:51 otter768 joined #salt
23:53 agronholm is there any way I can use salt from jenkins? Salt wants to create ~/.salt but that maps to a root-owned directory in case of the tomcat7 user (using tomcat to host jenkins)
23:56 forrest agronholm, well, you can run jenkins as root, or look into http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
23:56 mgw joined #salt
23:58 agronholm I would rather not run public facing services as root if I can avoid it
23:58 miles32 oh hey documentation updated
23:58 agronholm are you suggesting that I run salt-master as tomcat7?
23:58 forrest agronholm, I'm just saying that's the options for nonroot
23:58 forrest you can make your own user if you want
23:59 agronholm it won't be tomcat7 then
23:59 forrest right
23:59 miles32 or I learned to read, at least I learned how to get reactors to do things to ec2
23:59 agronholm I have enabled access for tomcat7, that's not the problem
23:59 agronholm but salt's insistence of creating .salt in an inconvenient place is

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary