Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-06-02

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 davet joined #salt
00:14 danielbachhuber joined #salt
00:34 mpanetta joined #salt
00:35 mgw joined #salt
00:38 bhosmer joined #salt
00:39 smcquay joined #salt
00:43 ajw0100 joined #salt
00:45 mosen joined #salt
00:50 surge joined #salt
00:50 surge whatsupp
00:55 ashw7n joined #salt
01:21 smcquay joined #salt
01:23 mgw joined #salt
01:26 xzarth joined #salt
01:35 mpanetta joined #salt
01:35 oz_akan_ joined #salt
01:35 mafrosis joined #salt
01:36 mafrosis lo salters
01:36 mafrosis anyone got a bright idea on how to debug the omnious “No matching sls found for ‘blah’ in env 'base’”
01:36 mafrosis I swear my config is good.. there’s got to be some little mistake in there that I just can’t find
01:37 mafrosis I’m running masterless with salt-call
01:37 oz_akan_ joined #salt
01:55 ashw7n joined #salt
02:02 krow joined #salt
02:03 mateoconfeugo joined #salt
02:06 otter768 joined #salt
02:11 krow joined #salt
02:16 mafrosis salt-call -l debug is rather useful  9.9
02:16 agronholm joined #salt
02:17 mosen sorry maf just started so couldnt answer that :)
02:27 jalbretsen joined #salt
02:29 __number5__ mafrosis: sounds like syntax errors to me, yes, it's hard to track down. have you try to `salt-call -l debug state.show_sls blah` or `state.sls blah`, sometime it might give you a different error
02:29 mafrosis thanks mosen, __number5__
02:30 mafrosis turned out to be a missing non-init SLS file
02:30 mafrosis so I have a state user/init.sls, and user/mafro.sls
02:30 mafrosis I was also including user/brian.sls - which didn’t exist
02:31 mafrosis the error message was “No matching sls found for ‘user’ in env 'base’”
02:36 mpanetta joined #salt
02:46 Luke joined #salt
02:47 mafrosis BTW: that poor error message is fixed in develop
02:47 mafrosis https://github.com/saltstack/salt/blob/develop/salt/state.py#L2564
02:48 Luke joined #salt
02:49 Luke joined #salt
02:56 ashw7n joined #salt
03:05 malinoff joined #salt
03:06 Luke joined #salt
03:11 catpiggest joined #salt
03:20 smkelly joined #salt
03:27 bhosmer joined #salt
03:32 oz_akan_ joined #salt
03:36 mpanetta joined #salt
03:37 jalaziz joined #salt
03:39 oz_akan__ joined #salt
03:45 krow joined #salt
03:49 krow joined #salt
03:51 thayne joined #salt
03:55 ckao joined #salt
03:56 joehh joined #salt
03:56 krow1 joined #salt
03:57 ashw7n joined #salt
04:04 krow joined #salt
04:09 Ryan_Lane joined #salt
04:12 Furao joined #salt
04:19 mosen joined #salt
04:23 antonw joined #salt
04:37 mpanetta joined #salt
04:41 schimmy joined #salt
04:55 schimmy joined #salt
04:58 ashw7n joined #salt
05:00 krow joined #salt
05:05 ramteid joined #salt
05:07 kumarat9pm joined #salt
05:08 ajw0100 joined #salt
05:15 n8n joined #salt
05:19 kermit joined #salt
05:28 ajw0100 joined #salt
05:38 mpanetta joined #salt
05:43 pdayton joined #salt
05:59 ashw7n joined #salt
06:01 ashw7n_ joined #salt
06:14 jcsp1 joined #salt
06:19 pdayton joined #salt
06:30 felskrone joined #salt
06:30 greyhatpython joined #salt
06:30 greyhatpython joined #salt
06:39 mpanetta joined #salt
06:42 MrTango joined #salt
07:01 CeBe joined #salt
07:08 ndrei joined #salt
07:11 segen joined #salt
07:12 segen left #salt
07:17 chiui joined #salt
07:18 martoss joined #salt
07:20 slav0nic joined #salt
07:20 slav0nic joined #salt
07:26 anuvrat joined #salt
07:37 Flusher joined #salt
07:38 linjan joined #salt
07:38 krow joined #salt
07:39 mpanetta joined #salt
07:46 toddnni joined #salt
07:57 anuvrat joined #salt
08:09 darkelda joined #salt
08:12 ajw0100 joined #salt
08:12 cb joined #salt
08:25 ml_1 joined #salt
08:26 TyrfingMjolnir joined #salt
08:35 giantlock joined #salt
08:38 millz0r joined #salt
08:39 mortis whats this thing? "RuntimeError: The warning triggered on filename '/usr/lib/pymodules/python2.7/salt/loader.py', line number 853, is supposed to be shown until version 2014.1.4 is released. Current version is now 2014.1.4. Please remove the warning."
08:48 mortis i get that when trying to add a new module
08:54 darkelda joined #salt
09:08 alanpearce joined #salt
09:22 TyrfingMjolnir joined #salt
09:35 greyhatpython joined #salt
09:36 jnijhof joined #salt
09:37 masterkorp Hello fellow salt users
09:37 jnijhof Hi!
09:37 masterkorp how is the best way to set some custom grains on a formula ?
09:38 masterkorp i am writting a server client formula, so i would like to set a grain with the IP of the server on the minions
09:38 masterkorp did anyone tried that before ?
09:38 jnijhof I used the grains module
09:38 masterkorp do you have an example ?
09:39 jnijhof You mean in a formula?
09:39 masterkorp yeah
09:40 jnijhof Nope because I just added grains with the module for later use..
09:40 jnijhof But have a look at: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html
09:41 masterkorp thanks
09:42 jnijhof I'm looking for a way to cleanup master cache, because it's not done automaticly right?
09:43 workingcats joined #salt
09:43 CeBe joined #salt
09:44 TyrfingMjolnir joined #salt
09:50 darkelda joined #salt
09:53 alanpearce joined #salt
09:55 CeBe joined #salt
10:01 zain_ joined #salt
10:12 mpanetta joined #salt
10:20 orbit_darren joined #salt
10:21 oz_akan_ joined #salt
10:26 TyrfingMjolnir joined #salt
10:27 darkelda joined #salt
10:34 whyzgeek joined #salt
10:40 bhosmer joined #salt
10:52 Teknix joined #salt
10:53 xmj Hi
10:53 darkelda joined #salt
10:53 oz_akan_ joined #salt
10:53 xmj Is there a saltstack formula for running a salt-master?
11:03 alanpearce joined #salt
11:05 alanpearce joined #salt
11:08 happytux joined #salt
11:10 bhosmer joined #salt
11:12 mpanetta joined #salt
11:13 Nazca__ joined #salt
11:20 pdayton joined #salt
11:27 diegows joined #salt
11:32 dheise joined #salt
11:34 AirOnSkin joined #salt
11:37 dccc joined #salt
11:38 Ztyx joined #salt
11:39 Ztyx left #salt
11:39 AirOnSkin Let's assume I have a host configured with Salt (packages installed, config files changed, services started, ect). Is there a way to ensure, that if I manually install something on the host or change a config file by hand, that these changes get reverted back to the desired state defined in the salt states? So only changes configured in the Salt states will be persistent...
11:43 __number5__ AirOnSkin: yes, that's what salt states for
11:49 feythin joined #salt
11:53 jslatts joined #salt
11:53 jrdx joined #salt
12:01 orendb joined #salt
12:02 orendb Hi guys, is there a way to push ssh keys to github from salt?
12:16 Nazzy joined #salt
12:18 darkelda joined #salt
12:23 brandon_ joined #salt
12:30 JordanTesting Morning
12:31 Outlander joined #salt
12:38 alanpearce joined #salt
12:45 ipmb joined #salt
12:51 TyrfingMjolnir joined #salt
12:53 sgviking joined #salt
12:53 oz_akan_ joined #salt
12:55 bhosmer joined #salt
12:56 bhosmer_ joined #salt
13:03 miqui joined #salt
13:09 racooper joined #salt
13:13 jaimed joined #salt
13:15 resmike joined #salt
13:15 elfixit joined #salt
13:17 dude051 joined #salt
13:21 wendall911 joined #salt
13:22 viq xmj: have you looked at the salt-formula?
13:22 xmj by now I did
13:22 xmj damn powerful.
13:23 viq AirOnSkin: config files managed by salt will be put in the state that you have configured. I don't think anything enforces "only those packages can be installed and no others"
13:23 elfixit joined #salt
13:24 viq AirOnSkin: you could possibly achieve something like that with non-persistent virtual machines
13:24 viq xmj: I need to finally have a closer look at it and deploy it
13:26 xmj viq: about the only thing I need it for is, er, for, er,
13:26 xmj adding two pillar locations
13:27 viq Well, I could use it to unify the master and minion configs, seeing as I have 3 separate masters (internal, external, lab)
13:29 ajprog_laptop joined #salt
13:32 mpanetta joined #salt
13:32 xmj production, staging, internal
13:32 xmj close :-)
13:34 manlin joined #salt
13:34 AdamSewell joined #salt
13:34 AdamSewell joined #salt
13:36 GradysGhost joined #salt
13:36 cuba1862 joined #salt
13:36 toastedpenguin joined #salt
13:36 manlin hi all. I use pillars for ssh service where I got PermitRootLogin: no. When I apply the salt state it applies PermitRootLogin False. Any thoughts?
13:36 mpanetta_ joined #salt
13:37 manlin in my jinja sls i have PermitRootLogin {{ salt['pillar.get']('ssh:PermitRootLogin', 'no') }}
13:38 mpanett__ joined #salt
13:38 viq manlin: and what do you have in your pillar?
13:39 xmj "False" ?
13:39 manlin ssh: PermitRootLogin: no
13:39 viq manlin: try PermitRootLogin: 'no'
13:39 manlin will try..
13:39 viq This will make it a string, instead of an interpreted value
13:40 mgw joined #salt
13:40 manlin viq: Brilliant!! Thanks that worked.
13:41 ggoZ joined #salt
13:41 ggoZ left #salt
13:45 spiette joined #salt
13:47 manlin left #salt
13:48 stritz joined #salt
13:50 TyrfingMjolnir joined #salt
13:55 TyrfingMjolnir joined #salt
13:57 vejdmn joined #salt
14:07 bamboo_ joined #salt
14:10 manlin joined #salt
14:11 manlin hi, i basically want to install all php packages similar to yum install php-*. In my php.sls file i have pkg: - installed -names: - php-* but getting errors. Any better way of doing this?
14:12 manlin i know viq might be able to answer this :)
14:13 bamboo_ cmd.run is an option
14:14 manlin bamboo_: yeah I could try that. thanks
14:14 viq manlin: or specify them explicitly, always a better idea :P
14:15 agh joined #salt
14:15 agh Hello
14:15 manlin viq: i have too many of them...
14:15 agh Need help with Tomcat module/state
14:15 agh can't manage to make it work !
14:15 quickdry21 joined #salt
14:15 agh I've always this error : "Failed to create HTTP request"
14:15 agh Any idea ?
14:16 viq manlin: and what's the expected behaviour when a new php package appears in the repositories?
14:16 oz_akan_ joined #salt
14:16 manlin viq: i don't care about the updates. just want all of 'em installed once
14:17 manlin this is no serious business just for learning purpose
14:20 jeremyBass joined #salt
14:20 catpigger joined #salt
14:21 alanpearce joined #salt
14:23 pdayton joined #salt
14:23 jalbretsen joined #salt
14:23 AirOnSkin viq: i know about the non-persistent virtual machines. that's exactly the kind of concept i'd like to have with salt an it's sates... the biggest change in introducing a configuration management is changing how you work. and i believe that me and my co-workers will be able to change ;) ... but i'd still like some kind of insurance that only changes done by salt are persistent on the host
14:24 abe_music joined #salt
14:24 ekristen joined #salt
14:26 mateoconfeugo joined #salt
14:27 agh Hello, I've an issue with tomcat module : I always have "Failed to create HTTP request" when I try to deploy a WAR. Any idea ?
14:29 viq AirOnSkin: I'm not sure you can do this withough defining _EVERYTHING_ about the machine in salt... On the other hand, you could use something like tripwire or ossec to monitor for unauthorized changes
14:30 jhulten joined #salt
14:32 funzo joined #salt
14:35 kaptk2 joined #salt
14:39 davidb joined #salt
14:41 bamboo_ quick question
14:41 bamboo_ am running   salt '*' cassandra.info
14:41 bamboo_ on all my cass minions
14:41 bamboo_ but it tells me that this function is not available
14:41 bamboo_ any ideas?
14:42 viq bamboo_: depends:
14:42 viq pycassa Cassandra Python adapter
14:42 viq Do you have that installed on them?
14:43 bamboo_ ah
14:43 ajolo_ joined #salt
14:43 bamboo_ lemme check
14:44 [diecast] joined #salt
14:44 conan_the_destro joined #salt
14:45 bamboo_ I have it installed
14:45 bamboo_ but same
14:45 bamboo_ 'cassandra.info' is not available.
14:45 bamboo_ thanks for the help by the way viq
14:46 viq have you restarted minion since that package was isntalled?
14:46 bamboo_ awesome that did it
14:46 bamboo_ thanks alot
14:46 bamboo_ restarting the minion
14:46 bamboo_ ..
14:47 viq Yeah, you often need to do this after you install new modules it should be aware of
14:58 annie joined #salt
14:59 alunduil joined #salt
15:00 Guest6609 hi, I am getting started with saltstack and was just curious if there is an SLS manager app similar to that of Berkshelf for Chef recipes?
15:00 Guest6609 *SLS formula manager
15:00 viq Not yet, AFAIK
15:01 Guest6609 ok - i thought so as well, but wanted to confirm with someone :)
15:02 simonmcc Guest6609: viq no, not that I know of, we’re working on Berkshelf-ish tool called gitshelf, which is yet another “collection of git repo” manager
15:02 Guest6609 cool, do you guys have a target date set for that?
15:03 teskew joined #salt
15:03 simonmcc depends how raw you like your projects :) https://github.com/moniker-dns/gitshelf
15:04 Guest6609 I like my projects like I like my burgers, medium well  lol...
15:04 simonmcc it’s a work in progress, focussing on our use cases. There are a few other similar projects (google’s repo, git’s own sub-modules & sub-tree solutions, and another in house tool, salt-mc)
15:04 viq ground and not resembling the original in any way? ;)
15:05 simonmcc viq :) all flattery. It was a nice workflow in chef land, what else would I model it on!
15:05 simonmcc if saltstack ever get as far as metadata about dependencies, we’d be golden :)
15:06 viq :)
15:06 viq Roughly based on "I like my women like I like my coffee: ground and distributed in small bags over a large area" ;)
15:07 simonmcc don’t be a jerk viq
15:07 viq Yeah, from what I heard chef, due to being closest to programming land, has the best meta-management and testing, would be nice to get a bite of that pie
15:07 viq like you're already doing with kitchen-salt ;)
15:08 Guest6609 lol viq,   thanks for the suggestions guys, i am still working my way around saltstack coming from chef background
15:08 schristensen joined #salt
15:08 krow joined #salt
15:08 bernieke2 joined #salt
15:08 simonmcc viq: lots of nice tools & concepts in chef-land to lean on
15:09 * viq nods
15:09 schristensen joined #salt
15:09 viq Though I only know it from what I hear from people (mostly in podcasts)
15:09 masterkorp guys how can I access grain data inside a
15:09 masterkorp state
15:09 bernieke2 small question: is there anyway to access the salt-id as specified in /etc/salt/roster, and used by salt-ssh, in a template?
15:09 masterkorp Guest6609: i too came from chef
15:10 viq masterkorp: how do you want to use it?
15:10 masterkorp viq: just it a paremeter to a value
15:10 Guest6609 yeah, i miss all the metadata and management you get with chef    like simonmcc and viq are discussing above
15:10 patarr how do you guys like salt compared to chef?
15:10 viq masterkorp: either eg {% if grains['os_family'] == 'RedHat' %} or {{ grains['osrelease'] }}
15:11 masterkorp eg pkg: -installed -name: grainwithpackagenames
15:11 viq masterkorp: you want to read http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
15:12 JordanTesting masterkorp: sounds like you are going to want a jinja for loop there
15:12 masterkorp JordanTesting: elaborate please :)
15:12 viq patarr: I have no experience with chef, as I found salt _much_ more easier to start with
15:12 JordanTesting masterkorp: and maybe a pillar instead of a grain
15:12 masterkorp no, i want it generated by salt
15:12 JordanTesting elaborate a bit?
15:12 viq JordanTesting: or have a look how formulas do that
15:13 viq Well, how formulas documentation recommends to do things
15:13 simonmcc patarr: salt’s advantage IMHO is the remote-exec is builtin, and the fact that SLS is pure state driven, less opportunity to go off piste with crazy logic in your cookbooks
15:13 masterkorp JordanTesting: basically the server state of my aplication sets a custom grain with its ip and the client state gets it and slaps the ip on the config file
15:14 viq patarr: I also find the idea of reactors and orchestration very interesting, even though I haven't done anything with it yet
15:15 ronc left #salt
15:15 masterkorp yeah, i like that too
15:15 JordanTesting oh interesting, in that case you might actually want to be looking at salt mine instead of pushing around custom grains
15:15 masterkorp i had to do some hard shit to do orchestation with chef and zookepeer
15:15 masterkorp JordanTesting: links please ?
15:15 viq Yeah, either mine or the publish interface
15:16 masterkorp JordanTesting: salt mine isn't a very google friendly term :)
15:16 viq masterkorp: http://docs.saltstack.com/en/latest/topics/mine/index.html#salt-mine
15:16 masterkorp thank you sit
15:16 JordanTesting or this link, it isnt about the salt mine specifically bbuutt
15:16 JordanTesting http://docs.saltstack.com/en/latest/topics/reactor/
15:16 JordanTesting it has a good example around the ractor system
15:16 * masterkorp slides a beer across the table to viq and JordanTesting
15:16 JordanTesting for the haproxy node
15:16 JordanTesting which sounds a bit more like what you are wanting to do
15:17 thayne joined #salt
15:17 masterkorp i will digest all the information i can get know
15:17 masterkorp my infrastruture will be complex
15:18 viq also http://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.publish.html
15:18 stevednd anyone know how to get the current job id in a statefile?
15:19 kermit joined #salt
15:19 JordanTesting viq: from that little page, I actually don't get what publish does at all, as in what use it has
15:20 viq JordanTesting: kinda like mine, but live
15:20 TheRealBill joined #salt
15:20 JordanTesting wish that had a more extended example, it makes no sense to me in that context
15:20 viq "oi, you frontends there, gimme yer IPs now!"
15:21 viq Or apparently call any arbitrary module
15:22 viq So with that you could... Hm, for example have your monitoring node tell a misbehaving frontend to reboot
15:23 viq Or have a frontend get a list of backends that are up _now_
15:24 oz_akan_ joined #salt
15:24 oz_akan__ joined #salt
15:25 viq While with mine it gets you list of backends as stored, which isn't necessarily up to date
15:25 schristensen joined #salt
15:26 oz_akan_ joined #salt
15:26 masterkorp viq: I have a question: On that documentation the mine_function is set on the pillar, can i set it on a state ?
15:27 viq hm?
15:27 masterkorp like on the server.sls do something like
15:27 masterkorp mine_functions:
15:28 masterkorp serverip: network.ip_addrs: [eth0]
15:28 tyler-baker joined #salt
15:28 masterkorp and then get the value on the client.sls template ?
15:28 viq Oh. It says those options need to be set via pillar, or minion config. So sounds like no, but you could eg manage minion config via salt-formula
15:29 masterkorp so, grains can't be populated accross minions ?
15:29 viq You don't really "set" the mine stuff... You allow the mine subsystem to fetch the values. And then you can query it for values from your states
15:30 viq Again, hm?
15:30 manlin left #salt
15:30 masterkorp ok, sounds complicated, now i see why the zabbix formula and nagios use a pillar data where you set the server IP and it works like that
15:31 Voziv When using pillar how would I include a file that is located within a folder. For example my in my top.sls I want to specify "ssl/my-site-com.sls" to be included in a servers pillar data
15:32 viq Voziv: '- ssl.my-site-com.sls'
15:32 manlin joined #salt
15:32 Voziv ah that'd do it
15:32 Voziv viq: thanks
15:32 viq masterkorp: yeah, mine has a few moving parts and needs to be set in a couple places, so yeah, pillar is simpler
15:33 masterkorp that kinda sucks, it seems like such a needed thing to give flexibilty
15:33 viq masterkorp: on the other hand, if you go through the effort of setting up mine or publish, then those values instead of being hardcoded can just be queried from your systems
15:33 viq masterkorp: and with salt-formula you can centrally manage config of your minions through the use of states and pillars
15:34 masterkorp a cool thing i liked about chef was that you could just push node data from the recipes and override that data with node values if I wanted to
15:34 masterkorp viq: yeah i use salt formula
15:34 mateoconfeugo joined #salt
15:34 viq masterkorp: sorry, not familiar with those terms
15:35 masterkorp node data = pillar recipe = state, sort of it
15:35 masterkorp so its like i could set pillar data from the states
15:36 viq masterkorp: again, look at formulas documentation, they do something like that
15:36 masterkorp where ?
15:37 viq masterkorp: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
15:38 Theo-SLC joined #salt
15:38 masterkorp yeah i read that
15:38 viq masterkorp: the map.jinja part
15:38 masterkorp i only saw reading pillar data in formulas, not setting it
15:39 Theo-SLC Hal, ye olde salts.
15:40 viq masterkorp: not quite setting pillar data, but setting values which can be then overridden by pillars
15:40 Theo-SLC I need to start monitoring salt activity for reports and alerts.  I see a number of "returners" for Salt.  Is there a preferred monitoring application?
15:46 MrTango joined #salt
15:47 viq masterkorp: a somewhat different idea at setting pillar data http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
15:47 resmike joined #salt
15:47 ipalreadytaken joined #salt
15:48 viq Theo-SLC: I don't think there is. Personally I would probably go with syslog, and then either something like ossec or logstash to watch said logs
15:51 tligda joined #salt
15:52 resmike joined #salt
15:52 kyr0 joined #salt
15:53 Theo-SLC viq: to use syslog I would have to parse the code 1 returns myself.  I do see that there is a returner for Sentry, never used it myself before. https://www.getsentry.com/welcome/
15:54 masterkorp viq: thank you
15:54 viq Theo-SLC: or that, yeah
15:54 Theo-SLC viq: don't like that it costs $$
15:54 viq Theo-SLC: sentry? Doesn't.
15:55 viq Or, well, doesn't have to.
15:56 viq Theo-SLC: https://github.com/getsentry/sentry
15:59 ZombieFeynman joined #salt
15:59 Theo-SLC viq: Nice.  I'll evaluate with the free trial of the paid service.
16:03 Joseph joined #salt
16:04 resmike joined #salt
16:04 Gareth morning
16:04 viq Gareth: far from it ;)
16:05 Gareth viq: morning is a relative term :)
16:05 Joseph I have a question about performing operations as a non-root user. This is NOT about running salt daemons as non-root -- its about performing specific tasks as non-root and then becoming root again.The salt-master and/or minion are running as root. they need to copy a file from NFS and then transfer it to the minion. Because of root squash, the salt daemon can't do this as root.
16:05 Joseph What's the best way of doing this?
16:05 viq Gareth: true that ;)
16:06 krow joined #salt
16:06 millz0r Joseph: user:
16:06 millz0r simple as that
16:06 Joseph i thought that was only setting what the user is once the file is copied over
16:06 Joseph it also deals with gettting the source file as that user?
16:06 viq No, I don't believe it does
16:07 Joseph miller: i don't think user works like that b ut i could be wrong
16:07 Voziv My nginx doesn't seem to ever reload or restart when a configuration changes. Is my watch declaration wrong? https://gist.github.com/lrobert/8fe743f7125c77b3c66a
16:08 Joseph Here's the doc reference for file.managed
16:08 Joseph "user The user to own the file, this defaults to the user salt is running as on the minion"
16:08 Joseph I would expect that the salt minion gets the source file as whatever user its running under..i.e root by default
16:08 viq Joseph: yeah, I would expect that as well
16:08 Joseph My understanding was that user sets owernship of the file after its copied over
16:09 Joseph viq: and that's my problem. The minion can't get the source file as root because of root squash on nfs.
16:09 viq Joseph: first thing that comes to mind is a separate process, say in cron (or cmd.run) on master that copies the file somewhere where master can read it
16:09 alanpearce joined #salt
16:09 Joseph viq: so go out of saltstack ?
16:09 viq not sure what you mean
16:09 millz0r Joseph: it runs the command as that user
16:10 Joseph oh us cmd.run to copy the file as a non-root user
16:10 Joseph i see
16:10 millz0r thats for file.managed
16:10 millz0r but for cmd.run it runs as a user
16:10 Joseph millzor: right understood
16:11 Joseph so set up a requisite where the cmd.run copies the file locally as a non root user from nfs and then and only then use the file the managed where the source is local copy of that file?
16:11 Joseph file.managed not "file the managed"
16:11 Joseph lol
16:11 millz0r not exactly
16:11 viq Joseph: that's one idea
16:11 millz0r thats not how file.managed works
16:11 millz0r file.managed means copying a file from your salt-master to your minion
16:11 millz0r if you want to do a local copy on minion, just use cmd.run and cp
16:11 Joseph millzor: right i understand that.
16:12 Joseph millzor: sorry i may not be explaining myself very well
16:12 viq Joseph: well, first question: are minoins to get the file directly from NFS, or via master?
16:12 millz0r or file.copy
16:12 Joseph viq: via master is fine
16:12 viq Joseph: then either copy the file locally so master can access it from there, or modify NFS config so master can get to it directly there
16:12 Joseph viq: in fact that's preferable, i want the salt master to essentially grabbing all remote files and then have the salt minions simply get them from the salt master's file server
16:13 Joseph viq: i definitely will not be allowed to do the later but the former will work fine
16:13 giantlock joined #salt
16:13 Joseph viq: seems like file operations could use a feature enhancement to allow the user to specify what user actually gets the source
16:14 Joseph as a general rule, remote retrieval of data is never going to be permissible as a root user. especially over NFS>
16:14 viq Joseph: possibly, though that's a rather unusual use-case I think
16:14 Joseph nfs+root squash is unusual?
16:14 Joseph really?
16:14 viq Well, not quite, 'nobody' can still have access to files
16:14 viq And I believe that's what root squash defaults to
16:15 viq Couldn't you get NFS to not apply root squash to the IP of salt master
16:15 viq ?
16:15 Joseph no cause i am not the administrator and getting changes to the NFS requires sacrificing your first born etc
16:15 Joseph and more likely than not they'll just tell me to go jump in a lake...politely
16:16 viq ah
16:16 MTecknology Is it possible to create pillar data on the minion itself?
16:16 MTecknology I feel like I should know this and I suspect no, but I don't know.
16:16 Joseph MTecknology: i believe that would defeat the purpose of a pillar
16:16 xmj Does anyone here have some experience with regards to salt, the bind formula, and... how to package timelib for servers that run without GCC ?
16:16 Joseph The whole point is that the data is created on the master and then can only be seen by the targeted minions
16:17 viq MTecknology: you can set variables on the minion. They wouldn't necessarily be pillars, but you could use them just the same, I guess ;)
16:17 KyleG joined #salt
16:17 KyleG joined #salt
16:17 MTecknology aight; thanks!
16:17 Joseph MTecknology: generally if you want to set data on a minion, you are talking about a grain
16:18 viq Yeah, pretty much
16:18 MTecknology I'm trying to figure out how I can give a developer access to edit pillar data for his machines only
16:18 viq xmj: package it somehow?
16:19 Joseph MTecknology: does the developer own the machine and is root on it?
16:19 xmj no kidding.
16:19 viq xmj: what os/distro?
16:19 MTecknology Joseph: ya
16:19 xmj viq: I put it into an RPM package with the right paths (c6.5-derivate)
16:19 viq MTecknology: give them access only to a specific branch of git, put his machines in that environment?
16:19 MTecknology does gitlab let you do that?
16:20 xmj I can import timelib from python. but when I run salt state.highstate on the bind stuff, it ... derps out.
16:20 viq MTecknology: let me try look it up
16:20 UtahDave joined #salt
16:20 kermit joined #salt
16:20 Joseph MTecknology: and what data do you want them to be able to edit?
16:20 forrest joined #salt
16:22 mikemar10 joined #salt
16:22 MTecknology Joseph: right now they have their own git repo that's being used to manage their formulas which has been working excellent; now they want to use pillars (and I'm not questioning why)
16:23 viq MTecknology: though I wonder what would happen if in their top.sls they would add more machines there...
16:23 Joseph MTecknology: you probably should. Allowing a minion to monkeying around with pillar data violates the whole idea of pillar, data integrity, and confidentiality
16:23 jimklo joined #salt
16:23 forrest viq, WHY YOU NO FIX GITLAB FORMULA ISSUES? :P
16:23 Joseph However, if you really want to make it so
16:23 Joseph you could do peering with a custom runner cruise_setup.sh.old
16:23 Joseph sorry ignore that last poart lol
16:23 Joseph i meant to send this http://docs.saltstack.com/en/latest/ref/peer.html
16:24 Joseph basically what you coudl do is allow them to publish commands via their minion to call a runner which would in turn update pillar data
16:24 Joseph but...that sounds like a bad idea to me
16:24 wt joined #salt
16:24 viq forrest: I'll have more time this week as I have a sick leave :P
16:24 forrest lol
16:25 MTecknology Joseph: I was considering creating a git repo that they can view but not push to and then let them do pull requests
16:25 thayne joined #salt
16:25 Joseph MTecknology: to what end?
16:25 MTecknology they can push pillar data after I review that they're not targeting other minions with it
16:26 MTecknology I need to re-read pillar documentation...
16:26 dangra joined #salt
16:27 Joseph MTecknology: can you find out why setting grains wouldn't work for them?
16:27 viq MTecknology: look up "protected branches"
16:27 benturner joined #salt
16:27 Joseph MTecknology: is it because they need global state shared across multiple minions?
16:27 viq Joseph: not sure if eg mysql password belongs in a grain
16:27 Joseph viq: absolutely not!!
16:28 Joseph viq: but it wasn't clear to me that the devs needed access to pillar data to start with .
16:28 Joseph however if its something like setting mysql password then yea grains is a bad idea
16:28 MTecknology Joseph: they're already using client side grains for stuff and looking to be able to do pillar stuff now; maybe I should take a look into what they need in there...
16:28 MTecknology I'm assuming passwords in some form or another
16:29 Joseph MTecknology: yes it would be interesting to hear the use case. There might be a gap in the pillar functionality for this.
16:29 viq Yeah, figuring out the why may be a good idea
16:30 viq MTecknology: seems gitlab can limit what branches you can write to, 'protected branches' is what you're looking for apparently
16:30 Joseph MTecknology: how many minions does each developoer "own"?
16:30 davet joined #salt
16:32 MTecknology Joseph: ~20ish
16:33 MTecknology I get why they want it now. This data needs to be available to all these boxes and dictates what the states will do
16:33 Joseph MTecknology: yes global state. that's the thought that occurred to me. It is a valid use case. Grains would be horrible for that.
16:34 Joseph MTecknology: why can't the devs run their own saltstack clusters where they own the master?
16:34 MTecknology It'd be neat if I could just create a repo for them and include it as a subdir in the same way that you can do with states
16:35 Joseph MTecknology: basically i was wondering if master syndicate would do the trick.
16:35 ramteid joined #salt
16:35 Networkn3rd joined #salt
16:36 viq Yeah, you could set up a syndic that would have additional repos defined
16:36 MTecknology Joseph: I'm the server admin and am the actual owner of the boxes. They're the app admins and should only be working on apps. We're experimenting with having them do 100% of app dev through salt
16:36 Joseph ohhh
16:36 Joseph did they explain how they want to use global state?
16:37 viq MTecknology: though it somewhat looks like you're looking for a technological solution to a political/social problem/issue/question
16:37 MTecknology nope; and I'm doing my bestest to not ask them to explain anything to me
16:37 Joseph MTecknology: ha!!
16:37 Networkn_ joined #salt
16:38 viq MTecknology: how about "here, have access, but if you touch stuff outside your area - I know where your kids live" ? ;)
16:38 mgw joined #salt
16:38 Joseph MTecknology: if its all through controlled git access, then you have an audit trail and you'll know if someone did a bad thing.
16:38 Joseph they we are all adults and we should trust one another to be adults isn't the worse set up in the world.
16:39 Joseph bit different is sensitive security data like credit card numbers of course :)
16:39 MTecknology viq: nah, it's not a trust thing, but all about letting them do what they want to the boxes but doing it only through git
16:39 Joseph Mtecklnology: that should work. What's your road block on that?
16:39 viq MTecknology: precisely. Have pillars in git. Give them access to git.
16:39 Joseph Right that seems reasonable
16:39 forrest MTecknology, what keeps you from just using gitfs, with two repos, one they push to, and then you confirm it looks good, and push to the master repo?
16:39 viq MTecknology:  I set up salt at $work so that both states and pillars live exclusively in git
16:40 Joseph plus one for forrest's comment
16:40 MTecknology forrest: that was something I mentioned as an option a bit ago
16:40 Joseph viq: if anyone is inp roduction not using git, then i feel sorry for them.
16:40 MTecknology it's probably what I'll end up doing
16:40 MTecknology aight
16:40 forrest MTecknology, yea it should make it easier
16:40 MTecknology lunch time
16:40 forrest you could even get super fancy, and set up 'master' instances which they can blow away, and test their salt
16:40 chrisjones joined #salt
16:40 Joseph viq: i think its crazy that anyone would keep their pillar and state data outside of gitfs
16:41 dangra joined #salt
16:41 viq MTecknology: forrest: it all depends how much time and people you have for reviewing the changes devs do
16:41 bhosmer_ joined #salt
16:41 MTecknology In an ideal world; a sys admin's work is 80-90% review (logs, changes, etc.)
16:41 seblu joined #salt
16:41 viq Joseph: on another hand, some stuff is hard to get in an automated way into gitfs/pillars
16:41 viq Joseph: like http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
16:41 MTecknology heading to lunch .. !HUNGRY!  back in 40
16:42 viq MTecknology: enjoy :)
16:42 jhulten joined #salt
16:42 redondos joined #salt
16:42 redondos joined #salt
16:44 stritz joined #salt
16:44 Joseph Viq: i skimmed the article. May have missed something but what was the problem with using gitfs in that scenario?
16:45 viq Joseph: you can much more easily have a script that (semi)automatically generates client certs on filesystem and serves them out, than adding them in proper format to git and pushing out
16:46 Joseph Due to the dynamic nature of the data?
16:46 viq Joseph: scenario: how can I easily (preferably automatically) generate and distribute client certs to all machines?
16:46 bhosmer_ joined #salt
16:47 Joseph viq: depends on how the certs are to be used and what if any interfaces the application gives you to handle SSL certs. Or so i would assume
16:47 Joseph viq: generic solution is openssl commands i would guess
16:47 schimmy joined #salt
16:48 viq Joseph: first scenario I had was to authorize machines to central syslog server
16:48 Joseph mutual auth + chain of trust ?
16:48 viq yeah, for that
16:49 Joseph and you wanted to use saltstack to provision certs on client nodes ?
16:49 viq Or somehow get them, preferably without having to manually generate all the certs and adding them by hand in proper format to pillar files
16:50 Joseph oh i see...in the state file you'd do a pillar look up to get the cert
16:50 Joseph or at least that's what you were looking to achieve as an end state
16:50 viq Probably
16:51 Joseph yea manual by hand would suck horribly
16:51 viq Unless I could figure out a workflow where a minion would generate a key and csr locally, then transfer csr somewhere else to be signed, and then somehow get the cert back
16:52 Joseph viq: trying to make that within saltstack sounds nighmarish to me
16:52 Joseph for the minion workflow
16:52 schimmy joined #salt
16:52 shaggy_surfer joined #salt
16:52 viq Either way sounds headachy
16:52 Joseph viq: absolutely
16:52 rlarkin (for devleopment/testing) I want to easily change masters (including keys) , and a few other locally defined grains.  I'm thinking of an abstraction I'm calling 'togle' for now to manage this. eg. 'togle master localhost'.  Am I reinventing anything?
16:52 happytux joined #salt
16:53 Joseph viq: are there any formulas for chain of trust? I am curious ot see how people handle this general use c ase.
16:53 viq So that blog post is the closest I found so far to being able to do that relatively easily
16:53 Joseph viq: gotcha i see
16:53 Bandikoto joined #salt
16:53 Joseph rlarkin: you want to switch what master a minion is communicating with regularly? Why?
16:53 viq Joseph: I don't really know
16:54 Joseph viq: its a very interesting question. I might throw that question to the saltstack google group. I would think that automating chain of trust in a secure manner would be a really useful functionality. But as you pointed out it sorta needs to be bootstrapped on top right now.
16:54 rlarkin For dev to alternately use their own 'salt' or use the official one
16:54 Joseph will dev be managing more than one minion?
16:55 rlarkin yes, up to 5
16:55 viq Also how about syndics ?
16:55 rlarkin no, we haven't gotten into syndics yet.
16:55 Joseph https://github.com/saltstack/salt-bootstrap
16:55 Joseph well you can always look at bootstrap
16:55 rlarkin there's a firewall in between us and production so we've put off syndic
16:55 Joseph rlarkin: gotcha
16:56 viq rlarkin: it could be a solution. Connect to a syndic that they control, yet there is a central master that can rule them all
16:56 rlarkin hmm
16:56 Joseph or you can script generating a simple conf file and dropping that into /etc/salt/minion.d directory
16:57 Joseph that overrides default values
16:57 Joseph so you could just set the master in there and then update it on demand
16:57 brandon_ joined #salt
16:57 Joseph key management will get nasty though
16:57 Joseph syndic is cleaner
16:57 rlarkin well, I was thinking of a python script that edits /etc/salt/minion and/or moves pki folder
16:57 rlarkin togle
16:58 Joseph rlarkin: that would work but hacking at config files directly i would not recommend
16:58 rlarkin but I didn't want to burn a bunch of time on it , I figured someone else must have the same desire
16:58 Joseph rlarkin: i had actually asked the IRC a while ago about providing an opnenstack-config type functionality
16:58 rlarkin I will look at bootstrap ( I saw it as a run once only thing) and syndic
16:58 Joseph that allows use to set config propertiies programmatically
16:58 Joseph but no one seemed enthusiastica botu that
16:59 Joseph about
16:59 rlarkin ! In my last job me and another guy built a pretty awesome state machine front by a rails database and back by scripts.
16:59 forrest because openstack is lame
16:59 masterkorp it is ?
16:59 masterkorp i like it, its cool
16:59 forrest no one works on openstack but the people paid to work on openstack :P
16:59 forrest everyone just uses it
16:59 Joseph forrest: all technology is lame. its just that some sucks less than others
17:00 rlarkin When I'm up to speed on salt I want to add that concept to salt, the result will make openstack redundant/irrelevant
17:00 masterkorp gives cloud flexibility without cloud pricing
17:00 forrest *shrug*
17:00 Joseph rlarkin: yuou could also configure things  via salt api https://github.com/saltstack/salt-api
17:00 forrest I think openstack is a poorly managed project
17:00 viq forrest: what instead?
17:00 Joseph forrest: absolutley!! the amount of project growth is nuts when they core is so hard to use. neutron is a disaster
17:00 forrest viq, nothing, as a product it's great
17:00 forrest as a project, it's awful
17:01 Joseph forrest: agreed.
17:01 Joseph forrest: they should have done nothing but work on getting initial set up and networking working in an easy to use manner and stopped everything else.
17:01 rlarkin we basically had a database driving statemachine that used ipxe and a ramdisk to do everything from 'firstboot' to production.  if saltstack had a db and ipxe awareness openstack would be vestigial
17:01 Joseph there's a reason sys admins love saltstack and its set up is number one
17:01 ml_1 joined #salt
17:02 forrest I wouldn't go that far, but they should really focus on making it easier to work with and contribute to
17:02 rlarkin *ugh, driven
17:02 Joseph rlarkin: yes saltstack actually has most of what is needed to do what openstack is doing and do it better and a more easy to use manner
17:02 aw110f joined #salt
17:02 forrest rlarkin, I'm imagining a database server in a getaway van
17:02 forrest steering wheel is turning but it has no arms
17:02 rlarkin lol
17:03 Joseph forrest: try setting up neutron. You'll need several stiff drinks after.
17:03 forrest no thanks
17:03 rlarkin the db served up boot labels to an ipxe rom, and had a 'default' inventory ramdisk for new systems.
17:03 viq Or before? ;)
17:05 rlarkin we spent an hour scripting a fat kernel that had all modules.  when I saw that openstack solved that problem by defining a supported config I stopped paying attention to them.
17:07 ajolo__ joined #salt
17:08 rlarkin it just seems so huge to get into compared to what it actually gives you back
17:09 rlarkin <3 salt though, the view matches my own intuition
17:11 rushmore joined #salt
17:12 Joseph rlarkin: yea, when you read that people START encountering scale problems around 4,500 nodes you know you are in a good place
17:13 stanchan joined #salt
17:17 shaggy_surfer joined #salt
17:22 ashw7n joined #salt
17:24 rushmore any idea on how to debug a returner ? i don't seem to be getting any info from -l https://gist.github.com/colinreidbrown/00575795dd21c96359c1
17:31 n8n joined #salt
17:31 Theo-SLC I can't see to get the sentry returner to work.  I'm using raven 5.0.
17:31 UtahDave rushmore: you should get more info if you run the salt-minion in debug mode
17:33 ghartz_ joined #salt
17:35 ashw7n_ joined #salt
17:36 ashw7n__ joined #salt
17:36 ashw7n_ joined #salt
17:37 rushmore thx dave, testing that now
17:38 brucelee joined #salt
17:40 schmutz joined #salt
17:41 njc joined #salt
17:42 abe_music joined #salt
17:43 njc is there a way to only run provisions that failed on the previous call to `provision` or `salt-call state.highstate`?
17:45 rushmore UtahDave... only debug info on the minion was: return failed for job XXXXXXX 'mysql.returner'
17:45 UtahDave rushmore: hm. no stacktrace, huh?
17:45 ashw7n joined #salt
17:46 patarr does salt have something like file.managed but for a directory? So i can grab a directory from my /srv directory?
17:46 rushmore no. just a command details hash with nothing of note
17:46 UtahDave rushmore: have you verified that mysqldb is installed?
17:46 UtahDave on the minion
17:46 rushmore yeah
17:46 UtahDave patarr: file.recurse
17:46 timoguin patarr: file.directory i think
17:46 timoguin or that
17:46 timoguin just the directory vs. directory and contents
17:47 faust joined #salt
17:47 UtahDave file.directory will create the directory structure.  file.recurse will recursively copy down all the files and create the directory structure
17:47 UtahDave yep!
17:48 patarr awesome!
17:48 patarr thanks guys
17:48 UtahDave rushmore: can you verify that the minion can access your mysql port and that it's username/password combo works?
17:52 rushmore i tested with a mysql client connection. recommendations on another way from within salt
17:52 rushmore ?
17:53 MTecknology viq: is it going to be easier to give them read access to the repo and let them request PR between two master branches or to give them access to one branch and let them request cherry picking (which will always be nearly-blindly everything)
17:55 MTecknology PR from a forked repo seems easiest
17:56 schimmy joined #salt
17:58 mgw joined #salt
17:59 schimmy1 joined #salt
17:59 ipmb is it possible to use the client_acl to give permission to run a single sls?
18:00 MTecknology except that I can't give access to a group
18:00 Ryan_Lane joined #salt
18:00 ipmb eg, "state.sls mysls"
18:00 jY has anyone used a salt proxy in here?
18:02 UtahDave cro has, jY!
18:03 MTecknology I will whenever I get caught up. I have 180ish ESXi hosts that I want to manage.
18:04 patarr does a \" properly escape a quotation in a yaml config?
18:04 allanparsons joined #salt
18:06 forrest UtahDave, I don't know if you can trust that cro guy, he likes despicable me a little TOO much...
18:06 druonysuse joined #salt
18:06 druonysuse joined #salt
18:07 manlin joined #salt
18:08 gnord joined #salt
18:09 absolute_ joined #salt
18:09 happytux_ joined #salt
18:10 absolute_ joined #salt
18:10 UtahDave forrest: :)
18:10 ashw7n joined #salt
18:14 felskrone joined #salt
18:24 masterkorp Guys can i have custom states inside formulas ?
18:25 tristianc joined #salt
18:26 jab416171 joined #salt
18:27 jnials joined #salt
18:27 timoguin masterkorp: yea that shouldn't be a problem.
18:27 jab416171 what's the output of pkg.version?
18:27 jab416171 is it current,latest?
18:29 masterkorp sweet
18:30 cliffstah joined #salt
18:31 Joseph general question for the group: is there any plans to have SSL state module that would responsible for generating keys/certs for a minion?
18:31 masterkorp timoguin: now, how do i deal with states that use python libraries to get shit done ?
18:31 Joseph I am speaking in terms of applications running on the minion...not for salstack itself
18:31 jcockhren Joseph: sure. make one
18:31 bVector is it bad practice to make your /srv/salt directory a git repo?
18:32 masterkorp bVector: not at all
18:32 Joseph jcockhren: of course i can make a custom module but the question is whether it should be standard module.
18:32 darkelda joined #salt
18:32 darkelda joined #salt
18:32 jcockhren Joseph: yah. as in make a PR
18:33 jcockhren I'd like to see it
18:33 jcockhren I think someone else asked for something like that a couple weeks ago
18:33 Joseph Jcockhren: ahh i see. I didn't realize PR for modules was something that anyone could do. assumed there was some sort of official process similar to what you'd need to do for python standard lib
18:34 Joseph jcockren: its an interesting problem so i think i will take it on.
18:34 Joseph jcockren: any suggestions on a good crypto library for this? I thinking of just using OpenSSL in the python std lib...though i fear its going to be painful to use cause well its openssl ha
18:35 jcockhren the Crypto python module makes generating keys
18:35 jcockhren makes a tad bit easier
18:35 Joseph does it do CSR and chain of trust coding ?
18:36 jcockhren dunno. I've only used it for auto creating ssh pub/priv key pairs
18:36 Joseph gotcha
18:36 Joseph i'll start googling around...python and crypto to me is veyr much like "that's where dragons be"
18:36 Joseph time to start demystifying it
18:37 jcockhren https://www.dlitz.net/software/pycrypto/api/current/
18:38 Joseph thanks
18:38 UtahDave Joseph: have you looked at this?  http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.tls.html#module-salt.modules.tls
18:38 Joseph UtahDave: i have not...looking now
18:39 timoguin masterkorp: you do you mean deal with them? while development your custom module?
18:39 krow joined #salt
18:40 ggoZ joined #salt
18:40 Joseph UtahDave: that's actually close to what i was thinking of. But i want the ability to  set these properties in a SLS only not have to edit /etc/salt/minion and be able to set the cert in a grain for the minion
18:41 Joseph Is there a state module for this?
18:42 Chocobo joined #salt
18:42 Chocobo left #salt
18:45 Joseph In addition, a pillar implementation would be cool
18:48 jrdx joined #salt
18:49 resmike joined #salt
18:49 jalaziz joined #salt
18:50 alainv hey neat, we're talking about the TLS Module
18:50 alainv i am just trying to use that now
18:51 alainv TypeError encountered executing tls.create_csr: create_csr() got an unexpected keyword argument 'subjectAltName'.
18:53 patarr - content: "    elasticsearch: \"{% grains['fqdn'] %}\","
18:53 patarr Jinja syntax error: unknown tag 'grains'
18:53 patarr Why would I get that error? I see many {% if %} in examples that specify it in that exact way.
18:55 Joseph patarr: that does look odd. Can you create a gisthub of the full file and link it here?
18:56 patarr Joseph: http://pastebin.com/mZz9m8f5
18:56 thayne joined #salt
18:57 Joseph patarr: i think the doublequotes might be causing a problem
18:57 Joseph and that space in there looks suspicious
18:58 patarr Joseph: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
18:58 timoguin patarr: i also think you need {{}} around the grains instead of {%%}
18:58 patarr on the bottom in blockreplace theres an example im trying to replicate. It is a bit different, it first uses set then {{ }}
18:58 patarr yeah thats prob it
19:02 chrisjones joined #salt
19:02 stevednd UtahDave:  how do you get the current job id in a statefile?
19:03 aw110f joined #salt
19:06 kermit joined #salt
19:10 fllr joined #salt
19:11 jnials_laptop joined #salt
19:11 fllr Hey guys. I've got a master and 3 minions connected to my master. I've accepted the minion keys on the master. But when I run test.ping, I don't get anything back. What could be wrong?
19:12 racooper firewall on minions?
19:12 pjs joined #salt
19:12 alainv ah, the sAN is new in Helium. cool.
19:15 travisfischer joined #salt
19:16 fllr racooper: I'm pretty sure the necessary ports are open, though...
19:17 racooper that's why I asked, just to eliminate first obvious issues :)
19:19 njc is there a way to only run provisions that failed on the previous call to `provision` or `salt-call state.highstate`?
19:20 fllr racooper: Lol. Yeah, that was my first thought also. Lol. I disconnected one of the minions from the master by setting file_client to local, and salt-call started to work again...
19:20 fllr I'm thinking it's some sort of network issue...
19:22 kermit joined #salt
19:22 alainv question: why is the default version of the docs the current development branch rather than the latest stable?
19:24 smcquay joined #salt
19:25 mapu joined #salt
19:26 UtahDave stevednd: it doesn't look like it.  you can use the  test.arg   execution module to get it.
19:27 fllr alainv: That always gets me too... it's really annoying.
19:27 GradysGhost joined #salt
19:27 alainv yeah.. it's mostly consistent, and some/most of the new things are marked "new in version Helium", so you think it's fine (and it's what turns up first in Google)
19:28 alainv except then you come across a new argument to an existing module, like subjectAltName, which isn't marked new at all, and it's just frustrating...
19:28 chrisjones joined #salt
19:29 orange__ joined #salt
19:29 orange__ left #salt
19:29 wendall911 joined #salt
19:29 n8n joined #salt
19:30 abe_music joined #salt
19:31 xzarth joined #salt
19:31 whiteinge stevednd: adding that to the jinja context would be a good feature request. in the meantime you could whip up a custom execution module, e.g.: {% set jid = salt['mymodule.get_jid']() %}
19:31 patarr Joseph: that did solve the problem! :) Only another arose though.. hah. http://pastebin.com/WfhdDZj9
19:32 gnord left #salt
19:33 patarr any ideas?
19:35 patarr ah, doing package: -installed does it. This syntax always gets me :(
19:36 Joseph patarr: so i think i know what your problem is but this requires a little context related to how saltstack is using yaml so bare with me
19:36 Joseph a colon means dictionary, a dash means list, and indentation indicates hierachy
19:37 Joseph actually just a sec
19:37 Joseph i need to look at this more closely
19:37 spiette joined #salt
19:37 stevednd UtahDave, whiteinge: not familiar with test.arg. What would I be passing in? test.arg jid?
19:37 Joseph patarr:  - pkg: nginx
19:38 Joseph i don't think you can require something within the same block
19:38 Joseph though i could be wrong
19:39 Joseph patarr: quick test is to separate the service and pkg pieces into two separate dictionaries and then set up the requisites between the blocks using different IDs for each one
19:39 patarr now im getting some sort of error about multiple dictionaries being defined in require.
19:39 bitsandbooks joined #salt
19:39 patarr Probably relates to what you're saying.
19:39 patarr I'm trying to require two files, so I'm doing something like - file: id1 \n - file: id2
19:39 patarr looks like salt doesn't like that
19:40 whiteinge stevednd: it's already available in execution modules, just not in jinja. the module would look like this: http://paste.fedoraproject.org/106605/73800414
19:40 whiteinge put that in /srv/salt/_modules/mymodule.py
19:41 Joseph something like this patarr: https://gist.github.com/jaloren/3838e5b704a0bbb935b4
19:42 patarr Joseph I just reran the same state file and the error didn't pop. haha
19:42 Joseph could have been a caching problem
19:42 notbmatt is there a clean/elegant way to use salt to manage low-level disk operations like partitioning and filesystems?
19:43 patarr notbmatt: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.lvm.html
19:43 jhulten_ joined #salt
19:43 stevednd whiteinge: https://github.com/saltstack/salt/issues/13174 I have no idea where the context is build for templates, or else I might have a go at adding it
19:43 notbmatt patarr: hey whaddyaknow. thanks
19:43 fllr How can i clear the cache of public keys on the master/minion?
19:43 whiteinge stevednd: looks good. thanks
19:44 whiteinge stevednd: ah, dang. just tried that module in a state and it doesn't work
19:44 jalaziz joined #salt
19:44 whiteinge kwargs aren't getting passed through
19:45 whiteinge might not be possible after all. thinking...
19:45 stevednd test.arg works at least from the command line like utahdave suggested.
19:45 stevednd it returns the hash containing the jid
19:45 stevednd going to try that
19:50 stevednd UtahDave, whiteinge: Tried the custom module with test.arg('jid'), and it gave me nothing in return. Did I call it wrong?
19:51 whiteinge stevednd: no, that's what i meant when i said it's not working from a state file. the kwargs aren't getting passed through so it doesn't have the jid in that context
19:55 whiteinge stevednd: it's looking to me like there's no temporary workaround and it will require a core salt addition
19:55 UtahDave stevednd: you'll probably have to use module.run with the test.arg for now
19:55 KyleG1 joined #salt
19:56 KyleG joined #salt
19:56 KyleG joined #salt
19:56 Rossmay joined #salt
19:57 whiteinge just tried the above. it has the same problem as calling the module via jinja. no kwargs
19:57 stevednd ugh, I need it to set a variable in my template. wanted to synchronize deployment directory naming for my apps across multiple machines without having to continually update a pillar value.
19:58 manlin left #salt
19:59 stevednd I updated the issue to reflect that it's not currently possible
19:59 smcquay_ joined #salt
20:00 sverrest joined #salt
20:00 bitsandbooks joined #salt
20:01 bitsandbooks joined #salt
20:01 stevednd is it likely to be a quick and easy addition? I tried looking through the code before to find out exactly where the context is built for templates and had no luck. It looked like it was all over the place
20:02 bitsandbooks joined #salt
20:04 whiteinge stevednd: i think the place to add it is to put a reference to ``self.jid`` here: https://github.com/saltstack/salt/blob/develop/salt/state.py#L1445
20:05 whiteinge then add a quick thing somewhere that pulls that value and puts it in the jinja context
20:06 whiteinge not sure where that last one should go. maybe salt/utils/template.py
20:11 djaime joined #salt
20:13 absolute_ joined #salt
20:14 mortis many times, lately, we have been talking about salt at work, and someone always ask "why not ansible?" ...and while we really think salt is the coolest thing, is there something wrong with promoting it, or is this just coincidence :x
20:15 Joseph mortis: you may want to look at this https://devopsu.com/books/taste-test-puppet-chef-salt-stack-ansible.html
20:15 Joseph mortis: the other thing you might want to say in response is "does remote administration scale with SSH?" The answer b eing emphatically no.
20:15 mortis hey Joseph :) tnx for the link
20:16 mortis Joseph: yeah i know, its what im saying
20:16 Joseph mortis: people have use saltstack to manage 4,500 servers. I dare you to try that with ansible using SSH.
20:16 mortis but then theres this fireball thing that uses zmq
20:16 whiteinge we need to update the docs to provde tutorials for the ansible-style walk-through of salt. see https://github.com/saltstack/salt/issues/12459
20:16 Joseph mortis: i am not fmailiar with fireball in ansible. Could be they are switching out SSH to zmq
20:16 mortis dunno really
20:17 whiteinge fireball mode has been deprecated in favor of ssh-pipelining
20:17 mortis aha
20:17 JasonSwindle joined #salt
20:17 Joseph whiteinig: i am actually in the process of doing a complete rewrite of salt states
20:17 mortis i dont know anything about ansible, really
20:17 mortis Joseph: complete rewrite?
20:17 whiteinge salt can be just as easy to get up and running with as ansible. salt can be used agentless or via ssh. we just need to get better tutorials in place for that kind of audience.
20:17 Joseph mortis: for the tutorial section...its in my own private branch..not ready to do a PR
20:18 mortis sweet :)
20:18 Joseph sorry that was for whiteinage. oops
20:18 whiteinge Joseph: nice! i'm looking forward to seeing that
20:18 Joseph whiteinge: yea i
20:18 whiteinge we'll do another docs-focused sprint sometime this month
20:18 Joseph will definitel ywant feedback
20:19 Joseph i am basically throwing out of a lot of stuff -- its a bit drastic but the current flow is so choppy switching from advanced to basic and back again. it was driving me crazy. Until i just said hey let me take it one step at a time and write this way i wished it would have been written when i started learning salt
20:19 mortis we totally love salt at our place, and we are switching from cfengine
20:20 Joseph and its just a PR anyway so everyone can just hate on me and reject it soo i figured why not live a little
20:20 Joseph mortis: omg cfgeine!!
20:20 jcockhren 'hate on me'
20:20 Joseph hahaha
20:20 mortis :D
20:20 jcockhren haha
20:20 UtahDave Joseph: can't wait to see your work!
20:20 mortis Joseph: to be fair, it has done its job well enough, its just that ......its 10 years old :P (our version that is)
20:20 mortis so anything is gold compared to it
20:21 Joseph mortis: yea....states are really really easy to use in saltstack. Thats one of the reasons i love it but that's not at all how i felt when i first started trying to learn them through the existing documentation.
20:21 Joseph so i complain and then i fix!
20:21 mortis so last year we went to oscon and we attended talks from chef, puppet and salt.... chef was like "MEEEEEH!!!" to all 3 of us, puppet was like "..hmm .....*fiddle* .....meeeh!" to all 3 of us, and then came salt :)
20:22 mortis and all were like "oh this makes sense!"
20:22 viq MTecknology: ooh, please do keep me in mind when talking about your experiences with proxy
20:22 viq MTecknology: also, you can't give access to a repo to a group? Or was it specifically to a forked repo?
20:22 ashw7n joined #salt
20:23 Ymage joined #salt
20:23 Joseph mortis: i feel you on that one. no ssh and remote command execution is fast and easy. I have entered heaven.
20:23 chrisjones joined #salt
20:24 MTecknology I can't get groups working with external authentication against ldap. :(   when using just a user, it works perfect. I have "auth.ldap.basedn: OU=GSS,DC=ad,DC=domain,DC=tld" and "auth.ldap.groupou: Groups". The DN of the group is something like uid=0010,ou=centers,ou=groups,ou=gss,dc=domain,dc=tld
20:24 mortis Joseph: not only that, its just really fun to work with
20:24 mortis Joseph: and you suddenly see a million opertunities to script your way out of actually having to work
20:24 Joseph mortis: agreed....plus i am a hopeless python romantic.
20:24 Joseph mortis: yea i am all about laziness as a sys admin.
20:24 mortis Joseph: me too, newborn, so i still suck at it :)
20:24 UtahDave MTecknology: what version of Salt are you on?
20:24 Joseph mortis: don't worry picking up useful python programming knowledge is not hard at all.
20:25 zsoftich2 joined #salt
20:25 mortis Joseph: nah its all good :)
20:25 Joseph mortis: i was writing simple custom execution modules for saltstack within the first two weeks of learning salt.
20:25 giantlock joined #salt
20:25 Joseph mortis: andi  am no expert python programmer by any means
20:25 mortis Joseph: awesome :)
20:26 viq MTecknology: oh... I haven't touched gitlab with ldap
20:27 notbmatt lvm is orthogonal to filesystem, right?
20:28 notbmatt it's a way of exposing disk, with which thou dost what thou wilt, yes?
20:28 notbmatt hm. what's a good way to do filesystems with salt?
20:29 notbmatt I see there's the extfs module
20:30 JasonSwindle joined #salt
20:30 mortis someone should really go write an awesome nagios-plugin using the status-state in salt
20:30 CeBe joined #salt
20:30 notbmatt mortis: the usual response around here would be "thanks for volunteering!" :-D
20:30 mortis hehe
20:30 MTecknology UtahDave: uhm... I grabbed it from develop last week
20:31 rushmore UtahDave, manged to finally get the minion talking to the db returner, but seeing this error in the log: │[ERROR   ] The return failed for job 20140602162709045851 too many values to unpack.
20:31 rushmore ideas ?
20:31 mortis notbmatt: actually, i did play around with it a little, so we can now do !saltload myservers* ...and it returns load from those hosts :) just for fun
20:31 mortis on irc that is
20:31 mortis our own internal thingie
20:32 travisfischer joined #salt
20:32 m87carlson joined #salt
20:33 Theo-SLC Returners/Logging to Sentry and Raven 5.0 (the sentry python client) seems to be broken.  I've created an issue https://github.com/saltstack/salt/issues/13172
20:33 UtahDave Theo-SLC: thanks!
20:34 MTecknology UtahDave: The last commit in what I built: 46e526cf664131c1c376f05b86b8bb5bcbbb4516
20:34 mortis another thing, whos started on the foreman-integration yet? :D
20:34 UtahDave MTecknology: could you open an issue?  cachedout added groups to the ldap fairly recently.  It would be great to get that sorted out before the RC
20:35 mgw joined #salt
20:35 MTecknology I'm not sure if I'm using it right or not.
20:35 MTecknology will do
20:35 UtahDave mortis: someone just posted a foreman external pillar
20:35 UtahDave thanks, MTecknology!
20:36 mortis UtahDave: wait what?!
20:36 UtahDave mortis: https://github.com/saltstack/salt/pull/13157
20:37 kedo39 joined #salt
20:37 mortis UtahDave: awesome, thanks!
20:40 jbub joined #salt
20:42 rannick joined #salt
20:42 ashw7n joined #salt
20:43 mateocon_ joined #salt
20:43 patarr could someone let me know why this config isn't working? The error is pasted at the bottom. http://pastebin.com/TwtZkcbC
20:44 rannick hello, i am working on a service that i think salt would make sense as the RPC mechanism form. Is anyone aware of any serious issues with running thousands of commands to individual minions in parallel from the same master? (as in there are only a few active commands going to each minion, but the master is dealing with thousands of heterogenious commands total?)
20:44 patarr Oh no, nevermind that. -file != - file. haha this stuff always gets me :(
20:44 rannick my limited testing seems to suggest that this should be totally doable
20:45 mateoconfeugo joined #salt
20:46 MTecknology UtahDave: all done - https://github.com/saltstack/salt/issues/13177
20:46 rannick hmmm.... i just shot in 113 commands and it seems to be crying a little
20:46 UtahDave thanks, MTecknology!
20:47 UtahDave rannick: yeah, that shouldn't be a problem
20:47 rannick i did 113 cmd.run "echo hi
20:47 rannick 'and i only have 8 back
20:48 Theo-SLC Sentry is currently not an option.  I'm going to move on an evaluate the next option for monitoring Salt.  UtahDave- What do you use for monitoring?
20:48 rannick and yeah
20:48 rannick the other ones crapped out
20:48 rannick timeout is set to 5
20:48 rannick is it some queued query to find the node?
20:49 rannick It seems this may be an excellent admin tool, but not a great "rpc mechanism" for lots of little requests
20:49 grep_awesome joined #salt
20:50 djaime joined #salt
20:50 stevednd anyone know when helium is due to be released, and when/if there's a feature freeze?
20:50 rowleyaj joined #salt
20:51 rannick if so, that's cool, still love it. it jsut doesn't quite cure cancer like i thought :)
20:52 rannick @UtahDave: any thoughts on that? why would 113 echo hi's all sent do individual nodes in parallel from a 'salt 'host-name' cmd.run 'echo hi'" have a 90% failure rate
20:53 timoguin rannick: it shouldn't.
20:53 MTecknology stevednd: likely soon; I think it's basically frozen, but bugs still being hammered on before RC
20:54 rannick try this:  for x in `salt-run manage.up`; do salt "$x" cmd.run "echo hi" & done
20:54 rannick let me know how it goes
20:55 rannick note: globbing makes this thing run great, but it's a test for like N "unique commands"
20:55 FL1SK joined #salt
20:55 timoguin rannick: i don't have that many minions to test with.
20:55 timoguin try salt-run jobs.list_jobs
20:55 timoguin and then salt-run jobs.lookup_jid JID
20:55 timoguin to see if there were more returns after the timeout
20:56 rannick yeah, there are a lot of jobs
20:56 rannick but why is it backing up so much
20:56 UtahDave stevednd: We're hoping to get the first RC out in a couple of weeks
20:56 rannick each of those jobs should get straight through
20:56 ipmb joined #salt
20:57 stevednd UtahDave: So getting the jid into templates is likely not going to happen for helium?
20:58 UtahDave It might.  I don't think it would be hard to get that in there.  Have you opened an issue on that?
20:59 timoguin rannick: yea every command is going to get its own JID. not sure what's going on with yours. 113 is not a lot
20:59 stevednd Yeah, issue is https://github.com/saltstack/salt/issues/13174
21:00 rannick have you tried running tha for loop in your world? do you see this as well?
21:01 rannick globbing that command makes it run in less than two seconds timoguin
21:01 rannick if this is verified, i can open an issue and see how that goes
21:02 timoguin i just ran it fine with a couple minions, but, no i never run bash loops like that
21:02 timoguin gotta run
21:04 mrpull1 joined #salt
21:06 shaggy_surfer joined #salt
21:13 * Gareth dives into minion.py
21:15 JasonSwindle Anyone here using Salt-Syndic + file_recv ?
21:15 JasonSwindle I think I have an edge case issue
21:15 aw110f rannick: i have 131 minions and I was able to get all 131 nodes to reply.  for i in `salt-run manage.up`; do salt $i cmd.run "echo blah" >> test_count ; done .
21:15 rannick aw110f: you ran that serially. try it in parallel
21:16 rannick for i in `salt-run manage.up`; do salt $i cmd.run "echo blah" >> test_count & done
21:18 aw110f it ran as well from the master, outputting something like this:
21:18 aw110f [125] 19186
21:18 aw110f [126] 19187
21:18 aw110f [127] 19188
21:18 aw110f [128] 19189
21:18 aw110f [129] 19190
21:18 aw110f [130] 19191
21:18 aw110f [131] 19192
21:18 forrest dear sir
21:18 forrest please use pastebin
21:18 forrest :P
21:18 aw110f oops sorry
21:18 forrest it isn't a big deal
21:18 forrest but the channel will kick you for spamming
21:19 forrest so you have to be careful
21:19 forrest even when it isn't spam
21:19 ashw7n left #salt
21:19 aw110f rannick: https://gist.github.com/wongster80/ea26a54ab2612c6057ae
21:21 aw110f I'm on 2014.1.3
21:23 toastedpenguin joined #salt
21:25 rannick ah, i'm on 2014.1.4. Did you open that file afterwards and wc -l it and whatnot?
21:26 rannick aw110f: your output is just the operating system processes saying it's done
21:26 rannick aw110f: you should get back 131 "hi"''s somewhere
21:26 aw110f yea it echo'd
21:26 rannick aw110f: you get 131 of them?
21:26 rannick and how long?
21:27 aw110f yes
21:27 aw110f not sure but definitely less than a minute
21:27 rannick wc -l test_count2
21:27 aw110f # cat test_count2 | grep blah | wc -l
21:27 aw110f 131
21:28 rannick alright
21:29 TaiSHi joined #salt
21:29 TaiSHi Hi everyone
21:29 TaiSHi Anyone using locale-gen with salt ?
21:30 aw110f rannick: why would you run parallel command in a loop as opposed to doing salt '*' cmd.run "echo blah"
21:30 TaiSHi I'm digging salt.states.locale but I don't want to set the default locale for the entire system, just generate it
21:30 rannick aw110f: how much memory is on your master?  i wonder if i'm running out of juice
21:30 gothix joined #salt
21:30 gothix joined #salt
21:30 aw110f 4gb and it's a vm
21:31 rannick aw110f: damn, that's literally exactly what i'm running
21:31 viq TaiSHi: have you looked at the locale.present?
21:32 TaiSHi viq: I have, and just ran it, this is my output: http://dpaste.com/37Z42V8/
21:32 viq TaiSHi: can you paste your sls ?
21:33 TaiSHi Of course, one moment
21:33 TaiSHi http://dpaste.com/2B6RZZB/ that's the relevant part
21:34 rannick aw110f: i wouldn't if it was literalyl the same command. This is a test for what would happen if i was to use salt as a self-service thing where hundreds of commands may go through in parallel
21:34 viq TaiSHi: anything in logs?
21:34 viq TaiSHi: also you could try playing with http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.localemod.html and see what it gives you
21:35 ashw7n_ joined #salt
21:37 fllr joined #salt
21:37 krow joined #salt
21:40 JasonSwindle @UtahDave Do you use file_recv ?
21:41 UtahDave I have a couple of times.
21:41 JasonSwindle I have an odd usage, I think
21:41 mpoole joined #salt
21:42 JasonSwindle Salt Minion -> Salt Syndic Master + Salt Minion on the same machine -> Salt Master of Masters
21:42 UtahDave Hm. I haven't done any testing on that with file_recv
21:42 JasonSwindle I want the salt PKIs from the Salt Syndic Master's Minion to flow up to the Master of Masters
21:42 JasonSwindle The issue is, local minion just talks to local master
21:43 JasonSwindle and never flows to Salt Master of Masters
21:43 JasonSwindle and syndic is running / working
21:43 JasonSwindle and masterofmaster IP is set
21:44 JasonSwindle My end goal is, backup 600+ PKIs on 6+ syndic masters
21:44 JasonSwindle lol
21:44 UtahDave :)
21:44 UtahDave well, a minion can only file_recv to its master
21:45 JasonSwindle Yep, I agree
21:45 JasonSwindle but the local master is in syndic mode
21:45 jcsp joined #salt
21:45 JasonSwindle so it should be passive and forward that up
21:45 JasonSwindle IMHO
21:45 viq And there at least used to be some issues if the minion on syndic talked to the master level up instead of itself
21:46 UtahDave so far we've kept the syndic really dumb.   no syncing of anything.
21:46 Rossmay Trying to figure out how the best way to accept the ttf-mscorefonts-installer eula is. My old script was calling "echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections" before installing which worked nicely.
21:46 Guest70585 joined #salt
21:47 JasonSwindle @UtahDave I am pushing the limits on Syndic
21:47 miqui joined #salt
21:48 Rossmay Nevermind, states.debconfmod
21:48 JasonSwindle UtahDave: unless you know of a better way of doing what I am trying to do
21:48 viq JasonSwindle: out of curiousity, what are you doing with syndic?
21:48 mrpull1 left #salt
21:49 JasonSwindle The Syndic Master is being controlled by the Master of Masters
21:49 JasonSwindle I call it MOM
21:49 JasonSwindle The 6+ Syndic Master get controlled from one place
21:49 mortis JasonSwindle: the microsoft-monitoringsystem? :)
21:50 oeuftete joined #salt
21:50 JasonSwindle https://github.com/JasonSwindle/mom
21:50 mortis just pulling your leg JasonSwindle
21:50 JasonSwindle No problem
21:50 mortis it was a flashback from ....uhm .... 8 years ago or so
21:51 notbmatt hm. what would be the result of watch:'ing a module.run?
21:51 JasonSwindle The issue also is, cannot use NFS because they are not in the same network.
21:51 JasonSwindle So, trying to use salt's modules to solve my problems
21:51 viq JasonSwindle: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rsync.html ?
21:52 JasonSwindle Let me look viq
21:52 JasonSwindle As long as I can get it back to MOM. :)
21:52 viq JasonSwindle: also maybe not quite what you're looking for, but I've read this recently http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
21:53 JasonSwindle Let me look. :)
21:54 AnswerGuy joined #salt
21:54 ipalreadytaken joined #salt
21:55 viq ok, my brain is running out though my nose, time to call it quits for tonight
21:55 gumby5 joined #salt
21:57 djanos joined #salt
21:57 mortis hmm actually, would it be an idea to make a hierarchy of keys? like, now its a long growing list, but it it was recursive, you could use folders inside pki
21:57 mortis just an idea
21:58 gumby5 trying to configure a win repo, keep seeing 'Unable to cache file 'salt://win/repo/winrepo.p' from saltenv 'base'. Any pointers?
21:59 jperras joined #salt
22:01 JasonSwindle viq: https://github.com/saltstack/salt/issues/13047 <- Running into this issue. :|
22:01 TaiSHi viq: sorry for the delay, my CTO called
22:01 forrest JasonSwindle, why not just use cmd.run until that gets cherry picked?
22:02 manfred JasonSwindle: are you running into that issue with develop... or with an actual tagged version of salt
22:02 manfred cause that fix is only in develop
22:02 TaiSHi viq: seems exactly what I need, going to dig it, hope you feel better!
22:02 kermit joined #salt
22:02 stevednd is there a way to make/ensure a state only runs on one minion? When deploying my application, one of the servers needs to update the its database with new changes, but only one, because otherwise errors will be thrown as changes attempt to be duplicated. I thought about identifying one minion as the database interactor through grains or some such, but then if that server is down come deploy time no server will run the db changes
22:02 stevednd without manual intervention
22:02 JasonSwindle Not using dev, sadly.  In heaving testing so I can only using what is in the repos
22:02 djanos joined #salt
22:02 jhulten joined #salt
22:02 TaiSHi stevednd: limit the execution to that minion I guess?
22:02 JasonSwindle forrest: May use cmd.run
22:07 krow joined #salt
22:07 schimmy1 joined #salt
22:07 TyrfingMjolnir joined #salt
22:08 scalability-junk joined #salt
22:09 manfred JasonSwindle: https://github.com/saltstack/salt/pull/13181
22:10 andredieb joined #salt
22:11 JasonSwindle manfred: You can do that now?
22:11 manfred i can submit them
22:12 manfred i can't merge them
22:12 JasonSwindle oh, ok
22:15 alunduil joined #salt
22:17 stanchan joined #salt
22:19 TaiSHi How do I push a module to minions? I see it came builtin with salt
22:19 TaiSHi (talking about localemod)
22:20 TaiSHi Ah, it seems my version doesn't have gen
22:29 dccc joined #salt
22:31 dccc joined #salt
22:35 bhosmer joined #salt
22:36 kvbik joined #salt
22:40 rglen joined #salt
22:40 ajolo_ joined #salt
22:47 TaiSHi Anyone using pkgrepo that care to show me an example on how to organize it ?
22:48 manfred TaiSHi: yes! one second
22:48 manfred TaiSHi: https://github.com/saltstack-formulas/newrelic-formula/blob/master/newrelic/repo.sls
22:48 manfred that is how i did a debian one
22:49 forrest TaiSHi, what do you feel wasn't comprehensive enough on the docs? http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html Then we can improve them
22:49 TaiSHi forrest: Oh, the docs are great, it's just I'm a bit of a maniac
22:50 TaiSHi I want to organize things to the max, as in, fewer redundant lines on top.sls is a must to me
22:50 forrest ahh
22:50 TaiSHi btw, my current goal is to push salt ppa to minions
22:50 rglen joined #salt
22:51 manfred TaiSHi: http://paste.gtmanfred.com/Ds9/
22:51 manfred TaiSHi: oh, that is even easier
22:51 manfred TaiSHi: https://github.com/gtmanfred/salt-states/blob/master/gluster/init.sls#L57
22:51 manfred just that two lines
22:52 manfred and you can include the key information if you need to
22:52 TaiSHi manfred: much appreciate
22:52 TaiSHi appreciated *
22:52 manfred yw!
22:52 TaiSHi Haven't used grains yet, I started using salt for a non-urgent project migration
22:52 TaiSHi And... I'm loving it
22:52 TaiSHi Got to play with pillars now
22:53 manfred nice
22:53 TaiSHi And ultimately I want to use salt-cloud to insta-provision new vms with needed users
22:53 TaiSHi Do I have to enable something extra for grains ?
22:54 jhulten joined #salt
22:54 manfred they are on by deafult
22:54 TaiSHi Great, thanks
22:56 TaiSHi Ah, I feel better now
22:56 TaiSHi My '*' is one line long
22:56 TaiSHi - base
23:01 happytux joined #salt
23:02 TyrfingMjolnir joined #salt
23:05 ipalreadytaken joined #salt
23:09 ajolo_ joined #salt
23:10 dude051 joined #salt
23:11 oz_akan_ joined #salt
23:13 mosen joined #salt
23:13 conan_the_destro joined #salt
23:16 TaiSHi manfred: the example is great
23:16 TaiSHi Already configured for it to push latest version to minions
23:17 ashw7n joined #salt
23:18 molaAMINE_ joined #salt
23:18 manfred yeah
23:19 DaveQB joined #salt
23:21 TaiSHi Hmm, how do I enable localemod?
23:24 TaiSHi Or any other builtin mod for that matter
23:25 forrest did you already try to pass kwargs?
23:25 TaiSHi Well I did try to use the module itself
23:25 TaiSHi But the options (listed on the doc) aren't the same
23:26 TaiSHi http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.localemod.html <- this, I mean
23:26 forrest yea there isn't a state for every module
23:27 forrest however, you can use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
23:27 Outlander joined #salt
23:27 TaiSHi Hmm, I'm trying to use it as the documentation says, not inside a state
23:27 forrest on the command line?
23:28 forrest I guess I'm confused
23:28 forrest you're trying to set it and it isn't working?
23:28 manfred if it is failing, you will probably want to jump on the minion and check if salt-call works, cause it might be throwing an error.
23:29 forrest agreed
23:29 TaiSHi I'm trying to use, i.e. salt '*' locale.avail
23:29 bhosmer joined #salt
23:29 TaiSHi And getting this in return: 'locale.avail' is not available.
23:29 forrest are you passing that a variable?
23:29 manfred is it a windows server?
23:29 forrest and also what version of salt?
23:29 TaiSHi which leads me to think that module needs to be installed/enabled
23:29 TaiSHi salt-master 2014.1.4
23:29 TaiSHi Same on minion, ubuntu 14.04 all
23:29 manfred TaiSHi: nope, it is just failing and returning that it isn't available
23:30 manfred TaiSHi: run salt-call locale.avail -l debug
23:30 manfred on the minion
23:30 manfred and check if it is erroring
23:32 TaiSHi Ultimately: Function locale.avail is not available
23:32 forrest localemod.py is there in 2014.1
23:32 TaiSHi Reading this file: /usr/lib/python2.7/dist-packages/salt/modules/localemod.py (which has -SOME- of the functions listed on the doc), well, that, doesn't have all the functions
23:32 manfred yes, but why is it not available
23:32 forrest and 2014.1.4
23:33 manfred it is in 2014.1.4
23:33 manfred TaiSHi: indeed
23:33 manfred it did not have .avail
23:33 forrest https://github.com/saltstack/salt/blob/v2014.1.4/salt/modules/localemod.py#L70
23:33 manfred https://github.com/saltstack/salt/blob/2014.1/salt/modules/localemod.py
23:33 forrest I'm looking at it right now
23:33 forrest list_avail is available
23:33 manfred it ahs that, but he was running .avail
23:33 forrest right
23:33 forrest that is not there
23:33 stanchan joined #salt
23:33 TaiSHi There is no avail() function
23:34 manfred not in 2014.1.4
23:34 TaiSHi And the docs at http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.localemod.html mention it
23:34 manfred that is only in develop
23:34 TaiSHi I guess it's dev then?
23:34 manfred TaiSHi: that is the latest, yessir
23:34 TaiSHi No way to introduce it?
23:34 manfred from devlop
23:34 forrest yea just dev
23:34 manfred pull it from git
23:34 forrest whiteinge, how is the process going for getting the docs pulling from the latest stable build? :P
23:34 stanchan_ joined #salt
23:35 MatthewsFace joined #salt
23:35 TaiSHi Crap, why is it always me who comes looking for dev features ? :P
23:35 forrest it would be easy to put in
23:35 forrest just drop in the dev file
23:36 TaiSHi Thing is I would like to push it to minions as well
23:36 TaiSHi Or that's no need?
23:36 manfred probably could just drop the localemod.py file in /srv/salt/_modules/ and it should work fine
23:36 forrest exactly
23:36 forrest sync over the modules
23:36 forrest and you'll be set
23:36 manfred /srv/salt/_modules should be pushed to the minions when you run stuff
23:36 forrest http://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
23:37 manfred that ^^
23:37 ashw7n left #salt
23:37 manfred be aware that doing that with some modules may break other modules
23:37 TaiSHi Oh, I did read that earlier on, didn't know you could sort-of override builtin modules
23:37 TaiSHi I know, I'm a module-breaker (?)
23:38 manfred heh
23:38 TaiSHi Where can I see next release date ?
23:38 ml_1 joined #salt
23:38 TaiSHi (my head is sleepy, I can't rephrase that last one correctly)
23:38 manfred TaiSHi: there should be a 2014.1.5 hopefully soonish
23:38 TaiSHi Great
23:38 manfred but rc1 for 2014.2 is supposed to be about June 18th
23:39 TaiSHi btw, when I pushed my salt update sls
23:39 TaiSHi I got no return, no output, guessing that's because minion daemon was restarted
23:39 TaiSHi Worked like a charm right after
23:40 agliodbs joined #salt
23:40 tyler-baker joined #salt
23:40 agliodbs what are the standard values available via mine.get?  That is, I've seen exampled for "roles" and "os", but somewhere there should be a list of the standard information available ... where is it?
23:40 smcquay joined #salt
23:41 taion809 joined #salt
23:41 forrest pretty sure it's all the grains
23:43 manfred agliodbs: nothing is available by default, but you can tell it what functions it should send back to the mine
23:44 Chrisje joined #salt
23:45 wt joined #salt
23:45 agliodbs manfred: I'm pretty sure that some stuff is built in.  Like ip_interfaces.  no?
23:46 manfred i do not believe it is, but i could be wrong
23:46 wt_ joined #salt
23:46 manfred i always setup network.ip_addrs in my salt minions mine_functions
23:46 manfred (using the minion: definition in /etc/salt/cloud)
23:46 wt_ joined #salt
23:49 forrest http://docs.saltstack.com/en/latest/topics/mine/#mine-functions
23:49 forrest I think manfred is right, it doesn't have anything by default, but you can put whatever you want in there.
23:49 mgw joined #salt
23:49 manfred http://ix.io/cLl
23:49 krow joined #salt
23:49 manfred that is my /etc/salt/cloud
23:53 TaiSHi manfred / forrest heh... I pushed the locale state from dev :$
23:53 manfred nice
23:53 TaiSHi If I delete it from _states and do a sync_all, does it delete it from minions as well?
23:53 forrest It should
23:53 manfred that i have no idea
23:53 manfred but i would believe so
23:53 forrest worst case scenario, cmd.run to delete the cached file
23:54 TaiSHi Testing right now
23:54 TaiSHi Yep, it worked
23:54 mgw joined #salt
23:54 manfred nice
23:54 TaiSHi Altho no output on the deleted module/state
23:55 forrest right it's not going to provide output that the state was removed
23:55 TaiSHi It should
23:55 TaiSHi (I think it should :P )
23:55 forrest You could file an issue asking for it
23:56 TaiSHi Will do

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary