Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-06-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 jhulten joined #salt
00:05 sunkist manfred, how would the primary file.replace not collide with the second/
00:05 sunkist ?
00:06 manfred set the repl: function based on pillars or grains
00:06 deddu joined #salt
00:10 elfixit1 joined #salt
00:13 Luke joined #salt
00:15 sunkist manfred, lets say that I had 100 more services that needed a 1 line change to sshd_config; using this method, each one would overwrite the other.
00:15 sunkist In that case, would you just template the whole thing out of pillar?
00:23 manfred what exactly are you trying to do
00:35 tristianc joined #salt
00:40 mgw joined #salt
00:40 kedo39 joined #salt
00:47 acabrera_ joined #salt
00:51 schimmy joined #salt
00:57 diegows joined #salt
01:01 mgw joined #salt
01:03 UtahDave joined #salt
01:05 malinoff joined #salt
01:16 jalaziz joined #salt
01:25 mgw joined #salt
01:35 zain joined #salt
01:48 bhosmer joined #salt
01:48 bhosmer_ joined #salt
02:02 jcsp1 joined #salt
02:17 fragamus joined #salt
02:35 schimmy joined #salt
02:59 codemech joined #salt
03:04 sunkist manfred, sorry, family stuff again.
03:05 sunkist manfred, the easiest thing for me to do is just edit my file.replace in my ssh state to accomodate a service that requires the ssh be run a certain way.
03:05 sunkist One example is x2go; it requires that sshd_config exclude ecdsa keys--because x2go can't use them.
03:06 sunkist But another server, Nomachine's NX, might require that the user 'nx' is whitelisted on a line in sshd_config.
03:06 sunkist On top of that, I already have a sane baseline for sshd_config described in /srv/salt/ssh/init.sls.
03:07 sunkist On a system with only ssh installed, I want my base sshd_config file.
03:07 manfred sounds like you need a mixture of file.replace and file.append
03:07 manfred all wrapped in jinja templating
03:08 manfred sunkist: https://github.com/saltstack-formulas/newrelic-formula/blob/master/newrelic/init.sls#L3
03:08 manfred sunkist: that only includes the .php state if php is installed
03:08 manfred adapt it for your eneds
03:08 manfred needs*
03:09 zz_cro joined #salt
03:15 sunkist thanks manfred!
03:15 sunkist My main goal is to make sure I'm extending config files, not replacing them.
03:15 sunkist Just like a real sysadmin!
03:16 sunkist This looks like it'll do the trick.
03:22 manfred good luck, I am gonig to bed
03:22 manfred night
03:25 UtahDave ekristen: you around?
03:29 fragamus joined #salt
03:37 bhosmer joined #salt
03:52 fragamus joined #salt
03:55 schimmy joined #salt
04:00 schimmy1 joined #salt
04:03 ckao joined #salt
04:07 ipalreadytaken joined #salt
04:21 mgw joined #salt
04:28 Shenril joined #salt
04:34 ajw0100 joined #salt
04:43 n8n joined #salt
05:10 jalbretsen joined #salt
05:14 jhulten joined #salt
05:25 xmj UtahDave: is 2014.1.4 the current release of salt?
05:25 UtahDave yep
05:25 bhosmer joined #salt
05:26 bhosmer_ joined #salt
05:26 xmj cool, thanks
05:27 UtahDave you're welcome!
05:36 che-arne joined #salt
05:38 ipalreadytaken joined #salt
05:49 ml_1 joined #salt
06:06 zain_ joined #salt
06:08 ndrei joined #salt
06:28 schimmy joined #salt
06:32 schimmy1 joined #salt
06:33 picker joined #salt
06:34 dsolsona joined #salt
06:41 ipalreadytaken joined #salt
06:59 che-arne_afk joined #salt
07:03 jeddi joined #salt
07:09 mgarfias joined #salt
07:15 bhosmer joined #salt
07:18 alanpearce joined #salt
07:18 linjan joined #salt
07:30 che-arne joined #salt
07:39 slav0nic joined #salt
07:39 slav0nic joined #salt
07:47 micko joined #salt
07:52 che-arne_afk joined #salt
07:56 che-arne_afk_ joined #salt
08:01 xinkeT joined #salt
08:07 n8n joined #salt
08:07 smferris joined #salt
08:13 ckao joined #salt
08:14 pjs joined #salt
08:16 smferris joined #salt
08:18 TyrfingMjolnir joined #salt
08:19 darkelda joined #salt
08:21 smferris joined #salt
08:25 ange joined #salt
08:29 fatbox joined #salt
08:31 smferris joined #salt
08:32 esogas joined #salt
08:32 gmoro joined #salt
08:34 Voziv joined #salt
08:34 smferris joined #salt
08:38 seventy3_away joined #salt
08:41 giantlock joined #salt
08:42 tinuva joined #salt
08:42 JeroenH_ joined #salt
08:44 smferris joined #salt
08:49 alanpearce joined #salt
08:50 ramteid joined #salt
08:50 MK_FG joined #salt
08:52 smferris joined #salt
08:59 smferris joined #salt
09:03 jhulten joined #salt
09:04 bhosmer joined #salt
09:04 Voziv_ joined #salt
09:08 CeBe joined #salt
09:09 sdebot joined #salt
09:11 jcsp joined #salt
09:12 che-arne joined #salt
09:14 seventy3_away joined #salt
09:14 davet1 joined #salt
09:18 harkx joined #salt
09:23 zooz joined #salt
09:25 smferris joined #salt
09:25 TyrfingMjolnir joined #salt
09:25 seventy3_away joined #salt
09:29 user127 joined #salt
09:40 crop joined #salt
09:49 zain_ joined #salt
09:49 zooz joined #salt
09:51 eliasp joined #salt
09:56 bhosmer joined #salt
09:58 TyrfingMjolnir joined #salt
09:59 zain_ joined #salt
10:01 seventy3_away joined #salt
10:03 che-arne joined #salt
10:03 ndrei joined #salt
10:05 smferris joined #salt
10:06 che-arne_afk joined #salt
10:10 anteaya joined #salt
10:20 timc3 joined #salt
10:21 davidone joined #salt
10:23 pjs joined #salt
10:29 zain_ joined #salt
10:33 davidone I have a really simple module:
10:33 davidone http://pastebin.com/8TsNDHh3
10:34 davidone Issuing from the master, everything is fine:
10:34 davidone http://pastebin.com/h4GY8TuH
10:35 jtang1 joined #salt
10:36 davidone issuing a sync_all all modules (I have only this custom module) aren't synced: http://pastebin.com/1LASuHRk
10:36 davidone any ideas?
10:36 jtang1 joined #salt
10:38 orbit_darren joined #salt
10:39 Chrisje joined #salt
10:40 che-arne joined #salt
10:53 bhosmer_ joined #salt
10:55 che-arne_afk joined #salt
11:00 n8n_ joined #salt
11:03 jhulten joined #salt
11:20 diegows joined #salt
11:22 logix812 joined #salt
11:23 che-arne joined #salt
11:23 vbabiy joined #salt
11:34 davidone the strange thing is that it happens in sid: in freebsd it doesn't happen. Now trying in wheezy.
11:35 che-arne_afk joined #salt
11:36 * viq waits for forrest to reappear
11:37 bhosmer joined #salt
11:40 agend joined #salt
11:44 geekmush joined #salt
11:45 masterkorp Hello salters
11:45 masterkorp do you know any formulas for dns setting ?
11:46 agend hi - I've got question about deployment executable to production machine. Lets say I'll have a module called vc and I want to run it on port 1000, other things will know it will work on that machine:1000. Now I'd like to deploy a new version vc1.0 - but make it running on the same port 1000 - so everything else will know where to look. And I'm thinking about using iptables. Run process on some other port then redirect it to 1000. After upgrade edit i
11:46 agend ptables to redirect another port to 1000. Is it the best/simplest way to make an upgrade? And another question is do I have to make an iptables.append and then delete? Is there any other way?
11:46 __number5__ masterkorp: https://github.com/saltstack-formulas/bind-formula
11:48 viq agend: haproxy?
11:50 masterkorp __number5__: thanks
11:50 agend viq: i'll read about it - but I want it to be as fast as possible - wouldn't another component slow things down? It's just for rpc communication between components
11:51 viq Sorry, I never had to worry about miliseconds, so I can't really tell you
11:52 agend viq: ok
11:58 bmcorser joined #salt
12:03 ramteid joined #salt
12:03 eliasp joined #salt
12:04 bhosmer joined #salt
12:04 ndrei joined #salt
12:05 bhosmer_ joined #salt
12:07 picker joined #salt
12:07 jrdx joined #salt
12:10 brandon__ joined #salt
12:11 babilen joined #salt
12:12 davidone well... it seems a problem with python2.7.7rc1 in jessie!
12:12 agend how could I get a random port which is already not taken on machine and use it in sls files?
12:14 kiorky joined #salt
12:19 che-arne joined #salt
12:20 tmwsiy__ joined #salt
12:23 alanpearce joined #salt
12:26 happytux joined #salt
12:29 TyrfingMjolnir joined #salt
12:29 madduck joined #salt
12:30 ninkotech joined #salt
12:30 jtang1 joined #salt
12:31 joehh davidone: so it works in sid and wheezy?
12:31 joehh but not in jessie?
12:31 joehh are you using packages from debian.saltstack.com?
12:31 davidone I tried in freebsd 10: ok
12:31 davidone I tried in wheezy: ok
12:31 davidone I tried in jessie: ko
12:31 davidone ports from freebsd, official 2014.1.4 packages in debian-*
12:32 davidone the only differences I found is in python version
12:32 joehh assuming ko = not ok
12:32 davidone ko = knock out, so yes, it's a not ok :)
12:32 joehh yeah, the jessie packages are built in sid and copied across
12:32 joehh so should be identical
12:33 joehh if you have a jessie machine handy and feel like it, it may be worth building the package directly in jessie and see if there is any difference
12:33 davidone in fbsd I'm using a python 2.7.6
12:33 davidone in wheezy 2.7.3
12:33 joehh I think it is unlikely, but it is what I would try next
12:33 davidone well, It's not a big deal for me using a wheey vm
12:34 davidone because it's for my vms
12:34 davidone you know, tests and whatever
12:34 che-arne_afk joined #salt
12:34 davidone after 8h of debug I said: let's try in freebsd and it worked like a charm :*
12:34 joehh painful :(
12:36 davidone a POC is really simple: install sid/jessie; install salt-master/salt-minion; configure the local salt-minion to point to the local salt-master; create a file_roots/_modules with a test module inside; issue a salt '*' saltutil.sync_modules
12:36 davidone I was looking if there are issue on github
12:36 davidone didn't find any
12:37 joehh not surprised, my feeling is jessie is not tested as much as the others
12:37 davidone it makes sense, anyway
12:38 joehh I'll build one up and test it - i'll need it anyway shortly
12:38 davidone cool
12:38 davidone please let me know
12:39 joehh will do
12:39 djinni` joined #salt
12:40 che-arne joined #salt
12:40 davidone I'll try to make another test later in the afternoon
12:44 linjan joined #salt
12:44 trisell joined #salt
12:49 TyrfingMjolnir joined #salt
12:50 che-arne_afk joined #salt
12:55 jslatts joined #salt
12:58 babilen joehh: Might there be a chance for 2014 in backports soon? Did not see it in NEW nor in the archive.
13:00 miqui joined #salt
13:00 pdayton joined #salt
13:01 mgw joined #salt
13:03 jhulten joined #salt
13:03 resmike joined #salt
13:05 joehh babilen: I'll do it tonight (as in now...) sorry for the delay
13:06 toastedpenguin joined #salt
13:06 babilen joehh: oh .. wonderful! thanks
13:07 racooper joined #salt
13:08 ggoZ joined #salt
13:12 ipmb joined #salt
13:13 che-arne joined #salt
13:16 sulky joined #salt
13:19 joehh babilen: slight correction, I'll do 0.17.5 in backports tonight (and hassle a few people to get a dependency issue resolved to get 2014.1 into testing so it can go into backports)
13:20 che-arne_afk joined #salt
13:22 babilen joehh: #741522 is presume?
13:22 babilen s/is/I/
13:23 joehh yes
13:23 tristianc joined #salt
13:24 babilen 0.14.1 is in both sid and testing which is the latest stable release
13:24 danielbachhuber joined #salt
13:25 joehh that is really great
13:25 fusionx86 joined #salt
13:26 joehh ok - since you are someone who cares more strongly than I, should I do 0.17.5 so it has atleast been in backports and can be got at via archive.debian...
13:26 joehh or just jump straight to 2014.1?
13:27 perfectsine left #salt
13:29 jaycedars joined #salt
13:29 babilen joehh:  Hmm, skipping versions would make sense if the upgrade from 0.16.4-2~bpo70+1 is made easier by an upgrade to 2014.1 first. Not sure if that is the case. Might make sense to simply skip that version because of that.
13:30 perfectsine joined #salt
13:30 joehh I'll test and see
13:31 rome joined #salt
13:32 DammitJim joined #salt
13:32 DammitJim what is the proper way of managing different servers in an environment with respect to configuration management
13:33 DammitJim so, server A, B, C has software X and servers D,E,F have software Y
13:33 DammitJim but then Servers A,C,E,F have software Z and servers B,C,D have software W
13:33 DammitJim is there a special way of grouping states?
13:34 babilen DammitJim: You can target individual servers with the states in question. You can naturally create groups of states simply by creating a new state and importating members of that group and then target servers with that...
13:35 DammitJim babilen, I kinda think I know what you mean, but I don't know how to implement it
13:35 DammitJim do you have pointers to this?
13:35 om3ga joined #salt
13:36 babilen DammitJim: http://docs.saltstack.com/en/latest/topics/targeting/ is the targeting bit.
13:37 zooz joined #salt
13:37 fneves joined #salt
13:38 babilen DammitJim: Is there anything specific about these servers that you could use as an invariant in targeting? (e.g. mailservers (software W) all have a minion id such as mail-*)
13:38 fneves Hi. Is there any way I can use achive.extracted and that action will only happen if md5 changed?
13:38 zooz joined #salt
13:38 DammitJim babilen, unfortunately no... these people decided to just call the servers NSApps1P, NSApps2P, NSApps3P
13:38 DammitJim *sigh*
13:38 babilen DammitJim: Or you could set a grain to "W" and then target all minions with that grain with the W state.
13:39 DammitJim babilen, that is kind of how I was thinking it could be done
13:40 DammitJim is there documentation on this?
13:40 babilen DammitJim: I mean you can either enumerate every single one or use *some* invariant to target more than one. Grains allow you to set certain "flags" if there is no other way to target those boxes.
13:40 babilen Yeah, I'm sure there is documentation on this :)
13:41 manfred DammitJim: yes there is
13:41 manfred DammitJim: http://docs.saltstack.com/en/latest/topics/targeting/
13:41 babilen DammitJim: http://www.saltstat.es/posts/role-infrastructure.html is something that came up, but the basic idea is that you set the grains in the minion config and then target by grain: http://docs.saltstack.com/en/latest/topics/targeting/grains.html
13:42 babilen DammitJim: Just read that - I am sure it makes things a bit clearer.
13:42 Networkn3rd joined #salt
13:42 DammitJim great!
13:42 manfred salt -G 'os:Ubuntu' state.sls something.ubuntuy
13:42 DammitJim gosh, I'm nervous... I need to propose the use of Salt for our environments and I don't know what these people are going to say
13:42 manfred DammitJim: https://www.youtube.com/watch?v=VZ2HcRl4wSk
13:43 DammitJim manfred, what's that?
13:44 manfred a rob schneider 'you can do it' montage
13:44 che-arne joined #salt
13:45 DammitJim lol
13:47 mgw joined #salt
13:49 GradysGhost joined #salt
13:49 ajolo joined #salt
13:49 resmike joined #salt
13:50 _ale_ quick question from a rookie in salt - what are pillars to be used for?
13:51 manfred _ale_: i use them to set environment passwords
13:52 manfred or to share ssl certs/keys
13:52 manfred because they are controlled by the master and you just control which minion can see them
13:53 manfred _ale_: https://github.com/gtmanfred/salt-states/blob/master/website/mysql.sls#L6
13:53 _ale_ ah so can be used to supply environment specific config for states ?
13:53 manfred yes
13:53 babilen _ale_: sensitive data and essentially everything you want to custiomise in a state. See https://github.com/saltstack-formulas/ for example on how pillars are used for the latter.
13:53 dude051 joined #salt
14:00 jaimed joined #salt
14:02 acabrera joined #salt
14:02 vejdmn joined #salt
14:03 kaptk2 joined #salt
14:04 babecafe joined #salt
14:08 ajw0100 joined #salt
14:08 kermit joined #salt
14:08 rojem joined #salt
14:09 ekristen joined #salt
14:09 _ale_ manfred: babilen: thanks guys! :)
14:09 ekristen good morning
14:09 ekristen basepi: morning
14:09 ajprog_laptop joined #salt
14:10 will joined #salt
14:11 _ale_ manfred: babilen: so formulas are like "puppet modules" ?
14:11 manfred no idea
14:11 _ale_ sorry if i ask stupid questions :)
14:11 manfred i would say they are more like the puppet manifests? i forget waht puppet uses
14:11 _ale_ manfred: :)
14:11 manfred but it is just configuration stuff
14:12 _ale_ ah manifest / module - almost the same
14:12 manfred they don't extend salt, they just are prebuilt salt states
14:12 _ale_ yeah
14:12 manfred kind of like the chef community cookbooks
14:12 _ale_ with templates and files
14:12 _ale_ right?
14:12 manfred yeah
14:12 manfred we also have /srv/salt/_modules
14:12 zooz joined #salt
14:12 _ale_ yeah so like a puppet module :)
14:12 _ale_ oh?
14:12 manfred which allow you to send custom modules to all minions
14:12 manfred and /srv/salt/_states/
14:12 babilen _ale_: I would recommend to read a few formulas and http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html to get a feeling on how to use and write them.
14:13 manfred _ale_: http://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
14:13 babilen _ale_: But pillars are essentially simply used for targetting specific data to minions - it is up to a state to do something with that data and you can write as complex logic around it as you want.
14:14 _ale_ cool thanks :) ! i shall have a read :)
14:15 _ale_ too many :)
14:15 _ale_ :D
14:15 babilen hehe
14:16 will Does anybody have some good examples of how to use salt to setup ssl certificates?
14:16 will I need new minions to have certificates signed by my master, but I'd rather not have private key leave the host it's on
14:17 manfred will: pillar data
14:17 manfred will: yaml multiline strings
14:18 will so, have the signed certificates generated on my host, and have them then added to the pillar
14:18 will and I guess reference them as the contents of the file
14:18 manfred you can do that
14:18 manfred or you can use file.managed and use the content: directive and include it in there with the same thing
14:19 will okay
14:20 will thanks
14:20 manfred will: https://github.com/gtmanfred/salt-states/blob/master/website/wordpress.sls#L25
14:20 manfred basically like that
14:20 manfred the same way I was populting the wp-salt directive
14:20 manfred https://github.com/gtmanfred/salt-states/blob/master/website/wordpress.sls#L52
14:21 will okay
14:23 babilen will: I'd use file.managed with contents_pillar (cf. http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed ) and the key as a yaml multline string as suggested by manfred
14:24 manfred babilen: i haven't seen that... nice
14:24 manfred that is better
14:24 will That is interesting
14:25 will Is there any way to have commands run on the master to generate the signed certs and add them to the pillar
14:25 will ?
14:25 manfred if you have the master also a minion, sure
14:25 viq http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html is somewhat on this subject
14:26 babilen will: You can generate certificates, but properly signed ones might be a bit trickier. Look into http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.tls.html (haven't played with this much as we get properly trusted certs from an external source)
14:26 manfred babilen: need to ave a conents_grains
14:26 will I
14:26 _ale_ oooohhh salt + hiera = <3 :) .. can it do eyaml too ?
14:26 manfred contents_grains*
14:26 will I've been using the tls module to generate certificates on the client side
14:26 will but I had to transfer my master key over to the new minion first
14:27 babilen manfred: I find pillars to be totally sufficient for that - what would a contents_grains get you?
14:27 manfred babilen: i generate the wp-salt, and save it in a grain on the minion https://github.com/gtmanfred/salt-states/blob/master/website/wordpress.sls#L25
14:27 viq will: you can generate key and csr on minion, then there is a cp module (would have to look it up) that would allow you to copy csr to master to be signed
14:27 manfred babilen: https://github.com/gtmanfred/salt-states/blob/master/website/wordpress.sls#L16
14:28 will hmmm
14:28 pdayton joined #salt
14:29 viq will: once you figure out the whole procedure, please do some writeup and poke me (and/or send to salt-users mailing list) as I am very interested in doing the same thing
14:30 will I'll probably write something up if I'm satisfied with my solution
14:30 harkx joined #salt
14:31 will what I'd really like is if the tls modules could use a CA that was on the master, or just stored remotely
14:31 viq _ale_: https://github.com/gtmtechltd/salthiera
14:31 viq will: yeah, that's what I'm thinking, if you manage to copy CSRs over to master that should be possible
14:32 viq I guess if the keys don't leave the minion and the only thing transmitted are CSRs then you wouldn't even need to put them into pillars
14:32 will Well, I'd have to generate the CSR, then copy it over, then run the command locally to sign it, then copy it back to the minion
14:33 viq Yeah
14:33 viq But call can do all of this stuff
14:33 will O
14:34 will viq: I'm not sure I follow how call helps
14:34 viq call?
14:34 quickdry21 joined #salt
14:35 InAnimaTe joined #salt
14:35 will You said call can do all of this stuff
14:35 viq erm
14:36 viq sorry
14:36 viq s/call/salt/
14:36 viq ^^'
14:36 will gotcha
14:36 _ale_ viq: nice! :)
14:37 viq So I believe http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.tls.html should let you generate keys and CSRs on minions. Then you have http://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push that should let you get the CSRs to master, and then again the TLS module to sign them
14:37 will That sounds pretty good.
14:38 will I'm kinda new to salt, so how would I write a state that executes partially on the minion and partially on the master
14:38 viq I guess that would be the orchestrate/overstate stuff...
14:38 viq See, I see what blocks are there, I just don't know yet how to put them together
14:39 viq Also then on the master you'd have to copy the files over to a proper spot, and only then sign them... And probably copy them again to be able to push them out to minions
14:40 will Same here.  I can see the pieces, but I was hoping to do everything in one salt state
14:40 will I guess I'll have to learn more about overstate
14:41 viq Or maybe even reactor - but how would you make sure that the keys are generated only once and not every time minion connects?
14:42 conan_the_destro joined #salt
14:43 will I think overstate might work for me
14:47 jmccree joined #salt
14:50 thedodd joined #salt
14:50 schristensen left #salt
14:51 AdamSewell joined #salt
14:51 ajolo_ joined #salt
14:52 jmccree joined #salt
14:52 rgbkrk joined #salt
14:55 rgbkrk joined #salt
14:56 masterkorp Guys how do i check if a pillar attribute exists ?
14:56 viq 'defined' ?
14:57 masterkorp pillar["myapp"]["myattribute"].defined?
14:57 masterkorp how is the syntax
14:58 viq https://stackoverflow.com/questions/3842690/in-jinja2-how-do-you-test-if-a-variable-is-undefined
14:59 masterkorp ok thanks
14:59 stoffell joined #salt
15:03 jhulten joined #salt
15:04 tyler-baker joined #salt
15:05 dude051 joined #salt
15:09 ekristen basepi: you around?
15:09 lionel joined #salt
15:10 cliffstah joined #salt
15:10 che-arne_afk joined #salt
15:11 InAnimaTe joined #salt
15:12 mgw1 joined #salt
15:14 erjohnso joined #salt
15:15 AdamSewell joined #salt
15:15 rgarcia_ joined #salt
15:17 Heartsbane joined #salt
15:18 kballou joined #salt
15:19 che-arne joined #salt
15:19 jalbretsen joined #salt
15:21 mateoconfeugo joined #salt
15:25 UtahDave joined #salt
15:25 kaplan_ joined #salt
15:26 resmike joined #salt
15:30 Voziv joined #salt
15:30 BrendanGilmore joined #salt
15:31 pdayton joined #salt
15:31 tligda joined #salt
15:34 quickdry21_ joined #salt
15:34 peters-tx joined #salt
15:39 PuppyTronics joined #salt
15:40 rgbkrk_ joined #salt
15:41 PuppyTronics left #salt
15:43 DammitJim how do I ensure I am running the same version of salt on Red Hat 5, Red Hat 6, Debian Jessie, Debian Wheezy, and WIndows 2012?
15:46 mgw joined #salt
15:46 rgbkrk joined #salt
15:48 ipalreadytaken joined #salt
15:49 kmshultz joined #salt
15:50 Gareth morning
15:50 ekristen UtahDave: morning
15:51 UtahDave morning, Gareth and ekristen!
15:51 ekristen UtahDave: I responded to https://github.com/saltstack/salt/issues/13305
15:52 ekristen UtahDave: basically I’ve found that 2014.1.4 installed via git on 14.04 works just fine, however 2014.1.4 installed via apt-get is broken for docker registry authentication
15:52 UtahDave ekristen: So, i'm not sure if this is directly related to what you're seeing, but the latest docker versions changed some dictionary keys in their returns.
15:52 UtahDave what version of docker are you using, ekristen?
15:53 troyready joined #salt
15:53 Gareth o/
15:53 ajolo__ joined #salt
15:53 ekristen I’ve tried with 0.11.0, 0.12.0 and 1.0.0
15:54 ekristen all seem to work with 2014.1.4 (git) without issue at least basic functions like docker.pulled, docker.installed, etc
15:55 UtahDave I have push a branch named   fix_docker  that is working for me.   I tested on 0.12.0 last night, and 1.0.0 just now
15:56 ekristen UtahDave: installing from git has never been a problem, its a problem specific to the ubuntu deb packages for 2014.1.4
15:57 UtahDave ekristen: develop has been broken for me for several days.  docker.pulled was completely broken
15:57 ekristen I didn’t try develop specifically, I’ve stuck to releases
15:58 UtahDave ekristen: let me ask you this. Do you think people are going to stay on older versions for docker? Or do you think everyone will jump to 1.0.0 quickly?
15:58 ekristen they’ll upgrade
15:58 UtahDave That's what I was hoping.
15:59 UtahDave The   "id" key in some of the returns has been changed at various times from "ID" to "id" and now to "Id"    I'm hoping the docker devs will leave that alone now that they've hit 1.0.0
15:59 ekristen fair enough
16:01 ekristen my problem though is with docker states/modules, not being able to authenticate to a registry properly — the odd thing is that when you install from GIT 2014.1.4, all works fine, but when you install using the default behavior of the bootstrap script on ubuntu 14.04 which ends up being the ubuntu packages, authentication always fails
16:01 basepi ekristen: sorry, was in traffic and then forgot to ping you back.  looks like UtahDave has been helping you?
16:01 ekristen basepi: hi, we’ve been chatting but sorta about separate issues it seems
16:01 basepi ekristen: reading a little bit of scrollback, that's really weird that a git install works but the packages don't.
16:02 UtahDave yeah, it does sound like a separate issue
16:02 basepi ekristen: the other issue is that i think the `develop` version (which will be in the next feature release) has had quite a bit of churn, so any work that we do now will probably be wasted once that feature release comes out.  =P
16:03 basepi have you by any chance tried testing the `develop` version?
16:03 ekristen basepi: agreed that it is weird, but I’ve replicated it at least a dozen times and it took me 8 hours to figure that out
16:03 ekristen basepi: I have not
16:03 basepi craziness.
16:03 basepi Are you using the provided initscripts for both git installed and apt-get installed?  Trying to figure out what would change for the packages
16:04 andredieb_ joined #salt
16:04 basepi I wonder if there's a bad pyc file in there or something
16:04 irctc996 joined #salt
16:04 basepi actually, i wouldn't be surprised at all if that were the case.  a bad .pyc file could definitely cause weird behavior that wouldn't be present on a git install
16:07 irctc996 Does anyone know if there is a way to limit the commands that can be executed for a specific minion or set of minions (regardless of user)?  A link to the associated documentation would be hugely helpful, I haven't had much luck searching on my own.
16:08 keekz joined #salt
16:08 bmatt irctc996: not as such, no, though I suppose you could write your own cmd module to use sudo and run the minion as a nonpriv user
16:09 irctc996 bmatt: ok, thank you
16:12 ekristen basepi: I’m betting you are right with the .pyc file
16:12 ekristen installing git over apt-get doesn’t fix it
16:13 ekristen I have to apt-get remove and then dpkg -P the packages and then install git to get it to work
16:14 KyleG joined #salt
16:14 KyleG joined #salt
16:14 schimmy joined #salt
16:15 fllr joined #salt
16:17 che-arne joined #salt
16:17 smcquay joined #salt
16:17 schimmy1 joined #salt
16:17 UtahDave irctc996: There's a command black list.
16:18 UtahDave irctc996: look in the master config for an example
16:19 Debolaz joined #salt
16:21 alanpearce joined #salt
16:21 DammitJim how can I get the same version of salt on Red Hat 6 and Debian Jessie?
16:22 jhulten joined #salt
16:22 bmatt DammitJim: is https://github.com/saltstack/salt/issues/9018 resolved, then?
16:23 bmatt or are you referring to http://salt.readthedocs.org/en/latest/ref/configuration/master.html#client-acl-blacklist ?
16:23 DammitJim bmatt, are you really talking to me?
16:23 bmatt whoops
16:24 bmatt sorry, misfire. that was at UtahDave obv :)
16:24 DammitJim I had issues yesterday just running salt with Debian JEssie and Debian Wheezy for the minions
16:24 DammitJim that's why I'm asking
16:24 bmatt the best way I can think of is to gather the particular version strings that your package manager requires and filter on the os_type grain
16:25 fllr Hey guys. I'm trying to get salt setup in one of my machines (this is a master/minion setup). Everything used to work all right on rackspace, but now that I moved to softayer, the script gets stuck at this point: https://gist.github.com/felipellrocha/6d2a448e95878cf9b922
16:25 fllr What could be the issue?
16:25 bmatt DammitJim: and then pass that string to the version argument of pkg.installed
16:25 DammitJim are you talking to me again, bmatt ?
16:26 bmatt DammitJim: this time I am :)
16:26 DammitJim bmatt, I don't even have salt installed on the systems
16:26 UtahDave bmatt: yeah, I was referring the the client_acl_blacklist
16:27 bmatt DammitJim: how are you doing system provisioning?
16:27 bmatt DammitJim: because that's how you'll need to do it, then - kickstart or anaconda or whatever
16:27 DammitJim bmatt, I am just getting started with my environment
16:27 DammitJim ok, this is way beyond me
16:28 DammitJim I just installed salt on my debian JEssie machine (who will be the master)
16:28 DammitJim now I want to install salt on the minions
16:28 DammitJim am I in the wrong channel?
16:28 bmatt DammitJim: not really, but the answer to bootstrapping your minion install is environment and OS dependent
16:29 bmatt we have our own repos, so we manage versions there
16:29 bmatt ymmv
16:29 redondos joined #salt
16:29 redondos joined #salt
16:32 dotplus joined #salt
16:32 basepi ekristen: if you wanted to verify that theory, you could do a `find` for any .pyc files in the apt-get installed version and delete them.  if our theory is correct it will probably just start working after a minion restart.
16:32 wendall911 joined #salt
16:35 ekristen hrm k
16:37 timc3 joined #salt
16:43 dccc joined #salt
16:44 shaggy_surfer joined #salt
16:48 Joseph__ joined #salt
16:53 AdamSewell joined #salt
16:53 ajolo joined #salt
16:54 Joseph__ for the documentation sprint, does anyone know if the structure and linking of content is going to be looked at?
16:54 n8n joined #salt
16:55 bhosmer joined #salt
16:59 dfinn joined #salt
16:59 forrest joined #salt
16:59 dfinn looks like I've run out of inodes on my salt master and it's because of files under /var/cache/salt/master/jobs.  can these be deleted?
17:01 chrisjones joined #salt
17:01 Joseph__ dfinn: yes
17:01 Joseph__ dfinn: how many nodes do you have?
17:01 Joseph__ salt minions i mean
17:01 dfinn around 400
17:01 bhosmer joined #salt
17:02 Joseph__ dfinn: hmm interesting....how many concurrent jobs are you running?
17:02 dfinn not sure, how would I find that out?
17:02 dfinn we use the scheduler on the minions to run a highstate every 30 mins
17:02 forrest you ran out of inodes??
17:02 dfinn yes
17:02 Joseph__ yes i fidn that suprrising
17:03 forrest how were you even able to stat the /var/cache/salt/master/jobs dir if that's the case?
17:03 Joseph__ teh deployment doesn't sound that large
17:03 dfinn not sure
17:03 Eugene `ls` doesn't need to allocate any inodes....
17:03 Joseph__ dfinn: running highstate every 30 minutes on 400 nodes shouldn't cause inode exhaustion
17:03 forrest it's not the inode allocation, it's the listing of the directory
17:03 bhosmer_ joined #salt
17:03 Joseph__ forrest: and that could happen in this scenario?
17:03 forrest how many jobs exist in the jobs dir?
17:04 Eugene Oh, you mean displaying. Right, brain not clutchd in.
17:04 forrest yea
17:04 forrest if you've run the system out of inodes and they're all in one dir, you're basically screwed for stating that dir
17:04 Eugene Yeah, I'd question that too. Somehow I doubt "400" is enough to run anything out of inodes
17:04 Joseph__ Eugene: agreed.
17:04 dfinn 479535
17:04 Eugene That's more like it.
17:04 forrest lol
17:04 dfinn that's how many files are in the jobs directory
17:05 schimmy joined #salt
17:05 dfinn found using this : find . -xdev -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n
17:05 Joseph__ wouldn't that need to bein the milions to exhaust inodes?
17:05 forrest what about df -i dfinn?
17:05 forrest is that seriously showing you out?
17:05 forrest I'm confused how so few files = out of inodes
17:05 dfinn /dev/mapper/os-var    960992  960992       0  100% /var
17:05 forrest oh you've specifically allocated var
17:05 Eugene In any case..... I don't see any problem with nuking something called cache.
17:05 forrest ok
17:05 forrest no trash the cache
17:05 forrest we do it all the time in troubleshooting
17:05 dfinn ok
17:06 dfinn just the jobs dir?
17:06 dfinn or everything under /var/cache/salt?
17:06 forrest yea, as long as you don't need anything out of there
17:06 forrest you can do either
17:06 forrest I'd say just trash the jobs dir though
17:06 dfinn I'm not sure what it's used for so I can't say if I need it or not
17:06 dfinn should I expect this to keep happening?
17:07 Joseph__ dfinn: its job history so you can what jobs were run and what the results were
17:08 masterkorp https://github.com/ypocat/gfms
17:08 Joseph__ its useful when you want to exec job mgmt commands http://docs.saltstack.com/en/latest/topics/jobs/index.html
17:08 masterkorp cool tool to visualize markdown
17:08 taterbase joined #salt
17:09 Joseph__ dfinn: no you should not expect this to keep happening. What your describing is quite unusual.
17:10 dfinn ok, i'll keep an eye on it
17:10 Joseph__ dfinn: do you have a big highstate?
17:10 dfinn no, not that I know of
17:10 dfinn they are all pretty small
17:10 Joseph__ dfinn: how man SLS do you have in top.sls?
17:12 thedodd joined #salt
17:14 schimmy1 joined #salt
17:15 kermit joined #salt
17:16 druonysus joined #salt
17:16 dfinn looks like 140
17:19 Joseph__ but each SLS is small?
17:20 conan_the_destro joined #salt
17:21 bhosmer_ joined #salt
17:22 dfinn i guess I'm not sure what you mean by "small"
17:22 dfinn but none of our state files do anything crazy or complicated
17:22 alanpearce joined #salt
17:23 Joseph__ dfinn: the number of state blocks (i.e each YAML dictionary that starts with an ID)
17:23 dfinn oh yeah, very small then
17:23 dfinn usually just a couple
17:23 Joseph__ dfinn: then the job cache really doesn't make sense
17:24 Joseph__ dfinn: each state block could theoretically generate some amount of output that's put in the jobs directory
17:24 Joseph__ dfinn: but based on what you've described, i don't see how you could get to inode exhaustion from it
17:24 UtahDave dfinn: you can lower the length of time the job cache is kept around as well.
17:24 Joseph__ UtahDave: yea but that just mitigates a problem that shouldn't be happening in the first place, no?
17:25 Joseph__ I mean dfinn could just turn the job cache off as well :)_
17:25 UtahDave dfinn: also, how big is the file system your job cache is on?  A very small file system will have very few inodes
17:25 dfinn 15 gig
17:26 UtahDave dfinn: that should be enough.
17:26 shaggy_surfer joined #salt
17:26 UtahDave dfinn: I'd recommend either shortening the life of your job cache, or set up an external job cache.
17:26 dfinn how do I shorten the life?
17:28 dccc joined #salt
17:29 bhosmer_ joined #salt
17:31 LBJ_6 joined #salt
17:32 davet joined #salt
17:32 UtahDave dfinn: in your master config you can modify the keep_jobs  option.   It's set to 24  by default .  That's 24 hours.
17:33 dfinn seems even more odd that a days worth of jobs would cause this
17:33 UtahDave dfinn: So depending on whether or not you want to be able to go back and look at that cache you could drop that to 6, for example
17:33 dfinn ok
17:33 Joseph__ dfinn: agreed...this doesn't address the root problem.
17:33 Joseph__ dfinn: are you the only person who has access to thsi saltstack deployment?
17:33 Joseph__ dfinn: are you using gitfs or local file system?
17:33 dfinn no, there are 2 other guys on my team
17:34 dfinn local FS
17:34 Joseph__ dfinn: is it possible that another cook in the kitchen set something on fire and did not realize it?
17:34 Joseph__ e.g someone ran a shell script in an infinite loop that kept calling highstate
17:34 dfinn unlikely, all our changes are tracked through git and I haven't seen anything strange lately
17:35 Joseph__ you said you weren't using gitfs?
17:35 dfinn well, that could be but that would be a bit out of my hands
17:35 dfinn unlikely, but lots of people have access to the minions
17:35 dfinn it's a git backend but we aren't using gitfs
17:35 Joseph__ dfinn: job cache is a salt master only issue
17:35 dfinn so highstate running from a minion wouldn't effect this?
17:35 dfinn only highstate running from the master?
17:35 Joseph__ dfinn: no
17:36 Joseph__ dfinn: well to be clear its not a highstate issue. its job management issue
17:36 Joseph__ dfinn: highstate just happens to be part of that
17:36 dfinn i got that but your example used highstate running in a loop
17:36 Joseph__ dfinn: right but that's just an example
17:36 dfinn so what if a highstate on a minion is in a loop
17:36 dfinn ?
17:36 Joseph__ dfinn: no that wouldn't cause this problem
17:36 dfinn huh
17:36 pdayton left #salt
17:36 ndrei joined #salt
17:36 Joseph__ dfinn: inode exhaustion is on the salt master...how would a minion get something onto the master's local file system?
17:37 dfinn we are not on the same page
17:37 Joseph__ okay
17:37 UtahDave Joseph__: every time a minion executes a job a new job entry is added to the cache.
17:37 Joseph__ UtahDave: even if the person is doing a salt-call on the minion?
17:38 Joseph__ UtahDave: i thought that only happend if the salt master issued the command
17:38 UtahDave I believe so.  Unless the person uses  --local
17:38 felskrone joined #salt
17:38 dccc joined #salt
17:38 Ryan_Lane joined #salt
17:38 Joseph__ UtahDave: because its hitting the salt master's fileserver?
17:40 jimklo joined #salt
17:44 schmutz joined #salt
17:45 druonysus joined #salt
17:49 jimklo joined #salt
17:53 ajolo_ joined #salt
17:53 dstokes hey guys, is there a standardized way to add custom jinja filters for use in pillar / sls files?
17:53 LBJ_6 joined #salt
17:54 LBJ_6 using ‘salt-call’ to call master, right?
17:55 timoguin dstokes: the only way that works is distributing the filter as a custom salt module and invoking it via jinja
17:56 timoguin i'm not sure about all the details, but it was being discussed in here a few days ago
17:56 dstokes timoguin: think i know what you're referring to (_modules/some_module.py)
17:57 dstokes and `salt[some_module.method](args)`
17:57 timoguin yep
17:58 dstokes cool, i'll give it a shot, thx
17:58 nicksloan left #salt
18:01 timoguin dstokes: https://github.com/saltstack/salt/issues/12761
18:01 dstokes nice!
18:03 babilen dstokes: You might want to consider just writing plain Python if you need more complicated logic/functions in your pillars or states
18:03 dstokes babilen: need a simple transform function. writing a py module to be called from state / pillars
18:05 vejdmn joined #salt
18:05 babilen dstokes: Sounds as if a custom filter is what you want, but then it might also be a one-liner in python to generate a suitable dictionary (for the pillar)
18:06 davet joined #salt
18:06 dstokes babilen: logic is a few lines and is used all-over. trying to stay DRY ;)
18:07 Nazzy joined #salt
18:07 babilen Sure, custom filter it is. (I understand the need as I wouldn't have filed the issue otherwise)
18:09 dfinn left #salt
18:09 aw110f joined #salt
18:13 jaycedars joined #salt
18:14 n8n joined #salt
18:15 travisfischer joined #salt
18:18 kermit joined #salt
18:18 quickdry21 joined #salt
18:20 jalaziz joined #salt
18:26 dstokes eghh.. looks like i can't use that module from within a pillar tho..
18:29 v0rtex joined #salt
18:31 v0rtex left #salt
18:32 v0rtex joined #salt
18:34 jaimed joined #salt
18:36 jaimed joined #salt
18:37 thedodd joined #salt
18:39 bhosmer_ joined #salt
18:39 bhosmer__ joined #salt
18:43 smcquay joined #salt
18:44 ipalreadytaken joined #salt
18:46 troyready joined #salt
18:46 fllr Hey guys. I'm trying to get salt setup in one of my machines (this is a master/minion setup). Everything used to work all right on rackspace, but now that I moved to softayer, the script gets stuck at this point: https://gist.github.com/felipellrocha/6d2a448e95878cf9b922
18:47 fllr What could be the issue?
18:47 blurg joined #salt
18:47 blurg Hello there
18:47 blurg any help available today? :)
18:48 Joseph__ fllr: looks like key exchange is hung. have you tried revoking the key and adding the minion back in?
18:48 Joseph__ blurg: depends on what kind of help you need :)
18:48 UtahDave blurg: there's usually people around to help.
18:48 blurg true, true
18:48 blurg okay, I'm new to salt and got two questions
18:48 UtahDave fllr: also, have you verified that both ports 3505 and 3506 are open in your salt mater's firewall?
18:49 blurg I was wondering, what pillars are for, considering there there are states
18:49 blurg what's the use
18:49 Joseph__ UtahDave: if the firewall is shut off they woudln't have gotten to the decrypting part would it?
18:49 Joseph__ i mean on!!
18:49 fllr Joseph__: How do I do that?
18:49 Joseph__ fllr: salt-key -d <minion id>
18:49 fllr UtahDave: Yeah. I'm running a test where my minion is pointing to my master on localhost
18:50 Joseph__ fllr: probably a good idea to turn off iptables just in case though
18:50 fllr Kk.
18:50 Joseph__ fllr: also if you are in a laas like rackspace, they usually have firewall enforced outside the VM so you might need to disable the firewall from some external mechanism
18:51 Joseph__ blurg: what's the use of what?
18:51 blurg I mean, what are pillars exactly
18:51 blurg What is the difference with states
18:52 Joseph__ blurg: have you read this http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
18:52 fllr Oh, but, ok... to give you guys more details. I booted the machine, installed the master, then the minion. Connected them. Then I realized I had forgotten to create an ssh key, so I did that. *Then* it stopped working...
18:52 LBJ_6 joined #salt
18:52 Joseph__ ssh key for what?
18:52 Joseph__ are yo utalking about the key exchange between minion and master?
18:53 blurg @Joseph: yes, well, another one, but more or less the same. It states that it for host specific things. But one can target host specificin things with states too, right?
18:53 ajolo__ joined #salt
18:53 fllr Joseph__: Just a regular ssh key created with ssh-keygen
18:53 Joseph__ fllr: which is being used for what?
18:54 Joseph__ blurg: sure
18:54 fllr Joseph__: I needed it to clone my salt states
18:54 Joseph__ fllr: you mean for gitfs?
18:54 fllr Joseph__: Nah. I'm not using gitfs. Just git manually
18:55 blurg I don't get it then. What do pillars do what states can't do?
18:55 Joseph__ fllr: okay so presumably this key has nothing to do with saltstack then?
18:55 fllr Joseph__: That I know of...
18:55 Joseph__ blurg: a salt state file determines whether a system is in a predetermined state. If its not, it transitions that system into that state.
18:56 blurg @Joseph: yes, got that.
18:56 Joseph__ blurg: by contrast, a pillar is just a way of defining arbitrary data that can be used to enforce a state.
18:56 fllr Joseph__: But, I mean... I'm not an expert at Salt, so I don't know...
18:56 HighlyUnavailabl joined #salt
18:56 Joseph__ blurg: for example, a state might be to say "create a user". The pillar would contain the username to be created.
18:57 bob131313 joined #salt
18:57 HighlyUnavailabl joined #salt
18:58 Joseph__ blurg: state files enforce state based on information in a YAML file. Pillar is defined arbitrary data in variables, dictionaries, and lists which are then used by saltstack to enforce the state defined in the state file.
18:58 dlam joined #salt
18:59 Joseph__ fllr: did you try deleting the key and then using salt-key to accept the key again?
18:59 fllr Joseph__: Oh, right.. I forgot. Lol. hold on...
19:00 blurg @Joseph; ah yes, so states are the logic and pillars are the actual (variable) data
19:00 blurg I get it
19:01 fllr Joseph__: Same thing...
19:01 Joseph__ blurg: sorta....but pillar is a particular kind of data. There are also grains. :)
19:01 HighlyUnavailabl Is there any way to install extra packages (such as pip and boto) into the Salt Minion on windows? pip.installed doesn't seem to work on Windows due to how the salt minion is packaged and I could only find a cryptic comment on github about possibly packaging pip as an egg to make it work. My end goal is to get the ec2tags grains script in salt-contrib to work on Windows.
19:01 Joseph__ HighlyUnavailabl: you are a brave soul.
19:02 Joseph__ HighlyUnavailabl: however i sadly can't help you with that one
19:02 blurg @Joseph: It might getting more clear when I'm working with ti a bit more then, I guess. I hope.
19:02 blurg :)
19:03 Joseph__ blurg: grains is static pieces of information about the salt-minion that are loaded when the saltminion is started, such as number of CPUs or operating system.
19:03 Joseph__ grains and pillars are used to do similar things
19:03 HighlyUnavailabl Joseph__: I'd just install Salt directly into C:\python27 but I'm having problems getting the M2Crypto package - it tries to build it, fails to "swig" the files, and the site with the pre-built installers for M2Crypto is down.
19:03 blurg Next thing. I got a bunch of packages that I want to install, and there are no configuration things I need to to. Just some language things, libraries and so on. I want to put that list somewhere and have salt tell that these packages should be installed. What is the best way to do that?
19:03 MatthewsFace joined #salt
19:03 Joseph__ HighlyUnavailabl: i have heard that m2crypto has a lot of packaging problems
19:04 Joseph__ blurg: check out the pgk state module http://salt.readthedocs.org/en/v2014.1.1/ref/states/all/salt.states.pkg.html?highlight=pkg#module-salt.states.pkg
19:04 vejdmn joined #salt
19:04 Eugene Well, the good news is that I didn't get a job at a Chef shop I was applying for.
19:05 blurg @Joseph: Okay, thanks for your help! answering both quetions!
19:06 Joseph__ Eugene: could be worse. you could have been applyign to a puppet shop.
19:06 Joseph__ :)
19:06 blurg That Chef was throwing Salt on the puppets.
19:07 Joseph__ fllr: shut down salt-master and salt-minion, clean out the cache for both, start them back up, redo key exchange
19:07 fllr Joseph__: How do I clean the cache?
19:07 colinbits joined #salt
19:08 bastion1704 joined #salt
19:09 Joseph__ rm -rf /var/cache/salt/*
19:12 fllr joined #salt
19:15 fllr Joseph__: Sorry, internet went down. Should I also delete the stuff inside the pki/ folder?
19:15 Joseph__ shouldn't be necessary
19:16 Joseph__ you should use salt-key for pki related stuff for the most part
19:16 Joseph__ i would start up the salt master first
19:16 Joseph__ make sure all keys are deleted
19:16 Joseph__ and then start up salt minion
19:21 lz-dylan joined #salt
19:22 fxdgear joined #salt
19:22 resmike joined #salt
19:22 blurg @Joseph: I understand it's done with my pkg s:
19:22 Joseph__ is there anyone here who could answer a question about the upcoming documentation sprint?
19:22 blurg This is an identifier then?
19:23 Joseph__ blurg: pardon?
19:23 blurg I mean, that's what it's called right, a state identifier
19:23 UtahDave Joseph__: whiteinge would probably be the one to ask. I'm not sure if he's around right now, though
19:24 blurg ID declaration, it's called
19:25 LBJ_6 joined #salt
19:25 Joseph__ UtahDave: okay....cause i think i've isolated a key problem with the documentation and i think i know how to fix it. But it would be a very significant change so i don't want to start doing it if there is no buy in
19:26 UtahDave cool
19:27 UtahDave if whiteinge isn't around soon, you could try emailing salt-users to start a discussion, or whiteinge directly if you'd like to get his feedback.
19:27 Joseph__ blurg: so what is "it" you are referring to. an ID declaration is a key in a dictionary. The value of that dictionary is one or more function declarations. Each function declaration executes a function on a python module on the minio. These are known as state modules.
19:28 Joseph__ UtahDave: salt-users is probably fine.
19:28 UtahDave Joseph__: Thanks for your help with the docs. Much appreciated!
19:28 Joseph__ UtahDave: your welcome. Just wait till you see what i've done to the state tutorials. :)
19:28 Joseph__ It was kinda of a massacre
19:31 blurg @Joseph: I was referring to the documentation, where a section begins
19:31 blurg like :
19:31 blurg http://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html#require-other-states
19:32 Joseph__ blurg: do you have a basic understanding of YAML?
19:32 rossmay joined #salt
19:32 blurg I just began, so, not really, no
19:33 Joseph__ blurg: okay do you have any programming experience?
19:33 blurg yes
19:33 Joseph__ blurg: what language?
19:33 blurg bit of python, and some perl/ruby
19:33 Joseph__ blurg: perfect
19:34 Joseph__ blurg: from a high level, YAML three key data structures: list, dictionary, and string
19:34 Theo-SLC joined #salt
19:34 LBJ_6 joined #salt
19:34 Joseph__ list is indicated by a dash and a dictionary by a colon
19:34 Joseph__ there are others
19:34 Joseph__ but that's most important
19:35 blurg dictionary equals to a perl hash, right?
19:35 Joseph__ the other thing to understand about YAML is that indentation indicates a hierarchical relationship between elements
19:35 Joseph__ blurg: correct
19:35 Theo-SLC Hi salty people
19:35 mgw joined #salt
19:35 blurg ah, ok
19:35 Joseph__ blurg: implementation details...what's happening is that saltstack loads that file into memory and converts the YAML data into a python dictioanry
19:35 Theo-SLC questions- How do I use a external filesystem gitfs as my 'base'?
19:36 Joseph__ Theo-SLC: base is special. git branch master maps to base always.
19:36 blurg Joseph: okay, I understand
19:36 kqrokz joined #salt
19:36 kqrokz howdy,
19:37 Joseph__ blurg: so looking at your example, you have two dictionaries. Each dictionary has one key and one value.
19:37 Joseph__ The key is apache and /var/www/index.html
19:37 Joseph__ now the the value is another dictionary
19:37 Joseph__ and that's how most of the SLS works
19:37 Joseph__ dictionaries withint dictionaries
19:37 Joseph__ and then sometimes value of a dictionary is a list
19:37 Joseph__ blurg: does that make sense?
19:37 kqrokz anyone know of a module to just do internal copies of a file within a minion?
19:38 Theo-SLC joseph__: So I need to map master to the gitfs?
19:38 kqrokz such as cp /tmp/foo /var/log/bar
19:38 Joseph__ Theo-SLC: you shouldn't need to map anything. You just need to make sure the master branch exists.
19:38 Joseph__ kqrokz: cmd.run :)
19:39 Joseph__ kqrokz: actuall the file module should do that...is that not workign for you?
19:39 kqrokz I was aware of running the mere cmd using cmd.run, but just wanted to know if there was one
19:39 yetAnotherZero joined #salt
19:39 kqrokz ah
19:39 kqrokz ok
19:39 kqrokz will look into the file module
19:39 kqrokz thanks
19:40 kqrokz yup, file.copy . Thanks
19:41 Theo-SLC joseph__: I guess I don't understand.  I'm trying to only use remotefs for the salt master.  no local files.
19:41 Joseph__ Theo-SLC: sure....so what's not working?
19:41 Joseph__ Theo-SLC: i assume you've already followed the gitfs instructions and something is not working
19:42 UtahDave Theo-SLC: You just need to set up gitfs.  Let me find the doc
19:42 Theo-SLC correct. I added git to the fielserver_backend and gitfs_remotes.  I then removed the 'base' from 'file_roots'.
19:43 UtahDave http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
19:43 blurg @Joseph: So, in the apache dictionary, there are two dictionaries one level below that (below apache)
19:43 UtahDave Theo-SLC: ok, you're already past that
19:43 Teknix joined #salt
19:43 Theo-SLC When I run a state call I get error "No matching sls found for 'whatever' in env 'base'"
19:43 Joseph__ Theo-SLC: in the git repo that you are pointing to, does a branch name master exist?
19:43 UtahDave Theo-SLC: If you only have '- git' under your fileserver_backend, then you don't have to do anything else.
19:44 Theo-SLC yes
19:44 blurg @Joseph: and for example that service dictionary, contains a list of two items, one is again a dictionary (require)
19:44 Joseph__ blurg: yes
19:44 Theo-SLC currently master is the only branch
19:44 blurg okay
19:44 Joseph__ Theo-SLC: okay and do you have the SLS files set up in the git repo wtih the appropriate tp file etc
19:44 Joseph__ blurg: unfortunately those examples aren't quite as clear as they should be
19:45 Theo-SLC joseph__: yes, I have a top.sls and the needed state file.
19:45 Joseph__ blurg: the thing you are tryign to do is provide YAML data structure that can be converted into a python dict. This python dict is supposed to tell saltstack what state modules yo uwant to execute on the salt minion.
19:45 Joseph__ Theo-SLC: but nothing happens when you highstate?
19:45 Joseph__ blurg: so pkg is a state module
19:46 jnials joined #salt
19:46 Joseph__ blurg: but like any module you need to execute a function in that module
19:46 Joseph__ blurg: in that case you are executing the installed function from the pgk module
19:46 blurg okay, so my pkg s: is just a weird name with spaces, but it's just a dict
19:46 Joseph__ blurg: the reason you see a list at the end is that you are passing the list of arguments to be executed with the function. In other words, you are defining a function call in a declarative manner
19:48 Joseph__ blurg: the example could have been written this way https://gist.github.com/jaloren/527983b7b66845ac8f3b
19:48 Joseph__ blurg:  i don't like that the examples where the function name is in the argument list declaration even though you can do that. I think its more confusing
19:49 Joseph__ blurg: what's pkg s:?
19:50 blurg That was the section I was interested in, so I can mention a lot of packages all at once
19:50 Theo-SLC joseph__: I found errors with git python .  I think I can fix this. thanks.
19:51 Joseph__ Theo-SLC: ah yes i got screwed up by that too. Stupid third party dependencies
19:51 possibilities joined #salt
19:51 blurg pkgs     A list of packages to install from a software repository.  Usage:  mypkgs:   pkg.installed:     - pkgs:       - foo       - bar       - baz
19:51 Joseph__ blurg: ahh i see yes
19:52 Joseph__ mypkgs: is just a key in a dictioanry
19:52 Joseph__ - pkgs is actually a keyword argument passed to the pkg.installed function
19:52 Joseph__ the name of the argument is pkg and the value is a list of packages to be installed
19:52 Joseph__ pkgs
19:52 Joseph__ a hem
19:53 ajolo joined #salt
19:53 blurg Okay, I was a bit confused, because of the spaces
19:53 Theo-SLC joseph__: gitpython doesn't like the formatting of my url to git.  git+ssh://github.com:ORGANIZATION/repo.git
19:53 Joseph__ blurg: yea spaces are evil
19:54 blurg it better be named lilke mypkgs:
19:54 blurg like
19:54 Joseph__ blurg: agreed
19:54 Theo-SLC josheph__ ssh: Could not resolve hostname github.com:Organization: Name or service not known', '', '', 'and the repository exists.'])
19:55 Joseph__ Theo-SLC: i doubt that's a valid git url
19:55 Theo-SLC it's the one that git gave me in the configuration
19:55 Joseph__ everything after the colon should just be the path the directory that contains the .git directory
19:55 bmonty joined #salt
19:55 Joseph__ git+ssh is fine
19:55 Theo-SLC it's the same url I used to push.
19:55 kqrokz I am trying to use the file.copy module in my init.sls file
19:56 kqrokz can someone tell me what is wrong with my syntax
19:56 Theo-SLC I redacted the organization name
19:56 blurg @Joseph: So, you're example looks nice. But, you've got for example pkg.installed, instead of the pkg:    - installed
19:56 kqrokz http://paste.debian.net/104198/
19:56 kqrokz tells me that I am not giving full path..
19:56 Joseph__ blurg: yes did that on purpose.
19:57 blurg @Joseph: Interesting. How does that work then
19:57 blurg @Joseph: installed is a function, right? So it can be called that way
19:57 kqrokz "Specified file copying is not an absolute path"
19:57 Joseph__ kqrokz: that doesn't look valid. Where did you get copy within managed?
19:57 Joseph__ blurg: correct
19:57 kqrokz oh
19:58 Joseph__ blurg: python uses module namespacing
19:58 Joseph__ blurg: so "python module =-> function name => argument list
19:58 Joseph__ blurg: you can have the function name in the argument list or use dot notation
19:58 Joseph__ i think the dot notation is clearer
19:58 Joseph__ because then everything in the list is just a keyword arg passed to the function
19:59 Joseph__ Theo-SLC: okay i see but this is a github url?
20:00 Joseph__ This is a normal SSH url from github git@github.com:jaloren/salt.git
20:00 Joseph__ you don't have something similar?
20:00 rojem joined #salt
20:00 Theo-SLC found the same probleml here https://groups.google.com/forum/#!topic/salt-users/bh83KWlw1nc
20:02 rojem joined #salt
20:03 chiui joined #salt
20:03 Theo-SLC joseph__: the last post in that thread resolved my problem
20:03 Joseph__ oh because there's no port number
20:03 Joseph__ i see
20:03 Joseph__ if you actually specified port 22 i bet it would have worked
20:04 LBJ_6 joined #salt
20:04 Theo-SLC joseph__: no it's not the port.  its the way github gives you the url when you create a repo under an organization.
20:05 LBJ_6 left #salt
20:05 Theo-SLC joseph__ it goes : 'colon' OrganizationName / 'slash' Repo.git
20:05 Ryan_Lane is there a way to make the ssh_auth state only include the keys specified in the file
20:05 Ryan_Lane ?
20:05 Joseph__ Theo-SLC: right and in a SSH url the colon usually indicates a port number. However by convention if yo uare using the default port you omit the colon and just put the path
20:05 Joseph__ Theo-SLC: is that not hte problem?
20:06 Theo-SLC I guess when using git+ssh it's using the usl differently than it does with just git.
20:06 Joseph__ Theo-SLC: certainly possible
20:06 joehh ekristen: if you do a dpkg -P so that git works again, what happens if you install the 2014.1.4 package instead of git?
20:07 joehh ie install 2014.1.4 from deb
20:07 joehh remove it, purge it
20:07 joehh then install from deb
20:07 joehh does that work?
20:07 Ryan_Lane it looks like the ssh-auth state only manages specific keys. I'd like to enforce a complete state for the authorized_keys file for a user
20:08 Joseph__ Ryan_Lane: file.managed and point to the authorized_keys fiel on the salt file server?
20:08 vejdmn joined #salt
20:08 Ryan_Lane yeah, i guess I could
20:09 Joseph__ Ryan_Lane: that's what i do with sudo
20:09 Joseph__ Ryan_Lane: it works reasonably well its just a brute force replace as opposed to a sophisticated file mod/update
20:09 Ryan_Lane the ssh_auth state looks for the user's homedir, though, which is nice
20:10 Joseph__ Ryan_Lane: agreed...you'd need to play games with pillar to make this scale beyond a single user
20:10 Ryan_Lane I'm just going to add a bug for this to be an option
20:10 kqrokz I corrected my syntax...Thanks Joseph. for the record...http://paste.debian.net/104200/
20:10 Joseph__ Ryan_Lane: sure that's reasonable
20:12 viq forrest: ping
20:13 viq forrest: you were looking for !java CI system, and apparently I had a senior blonde moment - there's gitlab CI
20:13 Joseph__ viq: careful viq i think his firewall blocks ICMP
20:13 rgbkrk_ joined #salt
20:13 viq Joseph__: that's OK, this is IP over carrier pidgeons
20:14 Joseph__ viq:  HA!!
20:14 vejdmn joined #salt
20:14 viq Just be careful to check carriers of what they are...
20:14 Ryan_Lane https://github.com/saltstack/salt/issues/13340 \o/
20:16 UtahDave thnx, Ryan_Lane!
20:16 Ryan_Lane yw
20:17 Ryan_Lane the hard part about that is that it's possible for someone to define that twice for the same user
20:17 Ryan_Lane and then one state would overwrite another state.
20:20 blurg @Joseph: So this
20:20 blurg file:                                     # state declaration     - managed                               # function     - source: salt://webserver/index.html   # function arg
20:20 Joseph__ blurg: can you do a gisthub
20:20 blurg could also be abreviated to file.managed
20:20 Joseph__ blurg: and yes that's correct
20:20 Joseph__ ls -ltr
20:20 Joseph__ sorry wrong window lol
20:23 blurg haha
20:24 blurg but that function argument can't be put on the same line?
20:24 blurg somehow
20:24 Joseph__ are you referring to source:?
20:24 blurg yes
20:24 Joseph__ that's correct
20:24 blurg within parentheses
20:25 Joseph__ python module => functio name => list of keyword arguments
20:25 Joseph__ function name and python module can be combined with dot notation
20:25 Joseph__ keyword arguments must be a YAML list indented beneathe where each item in the list is a dictionary with a single key-value pair
20:25 Joseph__ where the key value pair is the keyword argument
20:26 blurg file.managed.source: salt://webserver/index.html
20:26 pdayton joined #salt
20:26 Joseph__ nope
20:26 Joseph__ source is a keyword argument
20:26 blurg oh
20:26 Joseph__ paremeters make no sense within a python namespace
20:26 Joseph__ parameters or keyword argumetns if you want
20:26 Theo-SLC I see a lot of options for remote pillars.  Which one is recommended? hiera, git, etc..
20:27 ggoZ joined #salt
20:28 Ryan_Lane is there anything equivalent to the old salt-daily ppa?
20:28 jrdx joined #salt
20:29 blurg ok, Thanx for all the help, I sum up this conversation and study it again, to get a good understanding
20:29 Ryan_Lane I'd like to install the development version of salt, but not from source if possible.
20:29 Joseph__ blurg: yea, its really important that you "get" it. Then everything else becomes pretty easy with state enforcement. Unfortunately its much harder than it should be. Once it clicks, you'll be like "oh this is so simple"
20:30 Joseph__ i think part of the hump is the documntation is not as helpful as it should be for beginners
20:31 druonysuse joined #salt
20:32 blurg Is there a better source of docu for beginners, a book maybe or just better docu online
20:33 mgarfias i've had the best luck learning by asking questions here
20:33 Joseph__ blurg: yea the community is working on it. We have had a couple documentation sprints and we are going to have another in a few weeks.
20:33 Joseph__ I am actually in the process of completely rewriting the state tutorials
20:33 mgarfias woo!
20:33 Joseph__ mgarfias: oh god its awful.
20:33 Joseph__ lol
20:34 Joseph__ mgarfias: but for a good cause.
20:34 Joseph__ mgarfias: part of my issue is that there's a fundamental organization issue throughout the documentation that needs to be fixed so finding information isn't so blasted difficult.
20:34 Joseph__ mgarfias: i would summarize it thus: TABLE OF CONTENTS ARE EVIL
20:34 Joseph__ :)
20:34 mgarfias oh thank god
20:35 mgarfias i resort to googling
20:35 Joseph__ mgarfias: i know its a terrible crutch
20:35 blurg This book might be good!   http://www.amazon.com/Salt-World-History-Mark-Kurlansky/dp/0142001619/ref=sr_1_2?ie=UTF8&amp;qid=1402346099&amp;sr=8-2&amp;keywords=salt
20:35 mgarfias also, clearer explanations of how to use functions via CLI would be nice
20:35 blurg :-)
20:36 mgarfias http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#debugging
20:36 Joseph__ mgarfias: just imagine if the TOC disappeared and when you went to a topic, it said "here are all the links that you will need to read to understand this topic. In addition, here's a one sentenc about what each link will tell. Once you are done with this, you will probably want to read these other related topics."
20:36 Joseph__ in other words replace toc with a definition list of links
20:36 mgarfias how do i send you beer?
20:36 Joseph__ mgarfias: i am sure there's a salt state for that somewhere
20:37 Joseph__ off to leave for a couple hours
20:37 Joseph__ be back in a few
20:39 blurg Thanks for your help Joseph, really valuable!!
20:39 davet1 joined #salt
20:39 cruatta Package 'python-pip' not found (possible matches: python-pip)
20:40 cruatta what
20:46 rojem joined #salt
20:48 mgw joined #salt
20:49 kaplan joined #salt
20:50 dlam when i do state.highstate, is there a way to test why thing it'll pick?
20:50 dlam e.g. from my top.sls
20:51 gothix joined #salt
20:51 gothix joined #salt
20:51 ajolo_ joined #salt
20:51 timoguin dlam: you can run invidual state files with state.sls statename
20:52 timoguin and throw test=True on it at the CLI
20:53 shaggy_surfer joined #salt
20:59 HighlyUnavailabl is there any way to call an arbitrary python function from salt-call - for example, I'm trying to see if "os.path['pip']" actually returns anything from the context of salt on windows. This is really weird, because salt-call grains.item pythonpath returns C:\Python27\lib\site-packages\pip-1.5.6-py2.7.egg but then when I use pip.installed to try to install boto I'm still getting  " State pip.installed found in sls core is una
21:01 kermit joined #salt
21:01 kermit joined #salt
21:01 Ryan_Lane1 joined #salt
21:01 timoguin HighlyUnavailabl: you could just shell out via cmd.run: salt-call cmd.run "python -c 'import os; print os.path[\'pip\']"
21:01 HighlyUnavailabl timoguin: the problem is that salt on Windows has this weird little "frozen" package structure unlike on linux, so it won't use the system packages.
21:02 HighlyUnavailabl So I've got all these things in C:\python27 but for some reason despite being in the pythonpath, salt can't see them
21:03 matrix3000 joined #salt
21:03 googolhash_j joined #salt
21:03 matrix3000 are there any good deployment tools for saltstack yet
21:04 matrix3000 so that I don't have to use git submodules to manage 3rd party salt states
21:04 jhulten joined #salt
21:04 nahamu can't you use the git backend to point directly at the 3rd party formula?
21:05 jcockhren nahamu: yep!
21:05 manfred matrix3000: gitfs?
21:05 nahamu http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
21:05 timoguin matrix3000: i know of these two: https://github.com/moniker-dns/gitshelf and https://github.com/Psycojoker/cellar
21:05 manfred matrix3000: they should all work by just dropping stuff in the gitfs_remotes http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
21:05 matrix3000 looking at it now
21:05 matrix3000 thanks
21:06 jcockhren timoguin: good find!
21:06 timoguin anything that gives us the flexibility Chef has with librarian-chef/berkshelf is good to me
21:07 matrix3000 im used to librarian-puppet/r10k
21:07 matrix3000 r10k is amazing
21:07 ipmb joined #salt
21:07 matrix3000 but this is salt not puppet haha
21:08 timoguin all these tools are solving the same problem, heh
21:08 timoguin more package managers!
21:09 matrix3000 not really
21:09 matrix3000 salt does some things better
21:09 matrix3000 puppet does reporting better
21:09 timoguin i don't mean salt vs. puppet vs. chef
21:09 matrix3000 oh, what do you mean
21:09 timoguin i mean git repo dependency resolution
21:09 timoguin for "formulas" etc.
21:10 matrix3000 well anything that doesn't need git submodules haha
21:10 matrix3000 so aren't formulas basically salt states
21:10 matrix3000 that use pillars for the most part
21:10 timoguin yes
21:10 timoguin the idea is that they're completely configurable via pillar and work across distros
21:10 timoguin so you can drop it in and do nothing except configure them
21:11 matrix3000 yea, was looking at zabbix-formula and it was terribly inncomplete
21:11 timoguin many of them are
21:11 matrix3000 despite to complete it shouldn't take much time, figured i may fork it
21:11 happytux joined #salt
21:11 matrix3000 and make a pull request
21:11 timoguin please do
21:14 Whissi joined #salt
21:17 gothix hey guys i got tasked with setting up a profile for aws - the  issue is i have different configs as a base i want to use i was wanting to set up a differnet directory and top for that and it seem it wont allow it but still tries to pull from the main base
21:17 schmutz joined #salt
21:17 Ryan_Lane1 forrest, whiteinge: ok, we're confirmed for July 10th
21:18 whiteinge Ryan_Lane1: woot
21:18 gothix is there a clean alternatibe way to do this?
21:18 Ryan_Lane1 I'll need a list of guests some time before the event
21:18 Ryan_Lane1 we'll also need to figure out a time
21:18 whiteinge Ryan_Lane1: roger. Will you send me location details (address, parking, instructions, etc) so we can add that to our eventbrite signup?
21:18 Ryan_Lane1 I have 12:00 - 5:00 pacific time for it currently
21:18 Ryan_Lane1 pm me your email address
21:19 kaplan_ joined #salt
21:19 dccc joined #salt
21:20 forrest Ryan_Lane1, alright I just spoke with my boss with a deadline of the day.
21:22 bhosmer joined #salt
21:22 rgbkrk joined #salt
21:24 whiteinge Ryan_Lane1: that time is fine. we'll do a full day sprint here in SLC
21:25 Ryan_Lane1 cool. we may want to do 1 - 5
21:25 smcquay joined #salt
21:25 Ryan_Lane1 since lunch won't be provided
21:25 whiteinge k
21:25 forrest can you guys CC me on the the thread you have going?
21:25 forrest then I can add the details for what I've got going on here.
21:25 Ryan_Lane1 we do have snacks and drinks
21:25 forrest parking is gonna be a real pain...
21:26 Ryan_Lane1 parking is going to suck, yes. people should likely not drive
21:26 forrest yea
21:27 Ryan_Lane1 forrest: pm me your email address
21:28 forrest I'll have confirmation from my boss this afternoon, we may have to impose a limit on the number of people who can attend due to space concerns
21:28 forrest but I'll know for sure if we can host it by then
21:28 kermit joined #salt
21:28 tedski yay, another sprint?
21:28 forrest yea
21:28 tedski more than a few days notice this time? :)
21:28 forrest July 10th
21:28 forrest so yes
21:29 tedski nice.  theme chosen yet?
21:29 Ryan_Lane1 tedski: with a physical location, too ;)
21:29 Ryan_Lane1 docs again
21:29 forrest tedski, documentation
21:29 tedski nice
21:29 tedski i'm in.
21:29 forrest multiple physical locations!
21:29 tedski Ryan_Lane1: in the bay area?
21:29 forrest tedski, where are you at physically?
21:29 tedski forrest: sf
21:29 forrest ahh nice
21:29 forrest you can hang out with Ryan_Lane1 then
21:29 forrest I'm working on getting a space up in Seattle
21:29 forrest either company office, or I'll find an open space for it.
21:29 Ryan_Lane1 oh. awesome
21:30 Ryan_Lane1 we'll have a hangout going and we have a large projector and a room with a circular table
21:30 tedski Ryan_Lane1: let me know if you need anything locally and i can chip in some help
21:30 forrest cool, I was going to ask about the hangout
21:30 forrest might log into it from my work email Ryan_Lane1, see if we can hook it up on our tv
21:30 Ryan_Lane1 tedski: will do
21:31 tedski my team is working with our bigcorp legal dept to figure out how we can contribute some of our local stuff upstream... if we have it figured out by then, we might do an offsite that day and go invade ryan's space
21:31 forrest tedski, lol
21:31 Ryan_Lane1 sounds good
21:31 forrest 'well, is this proprietary?' "no not at all", 'and you say it would improve our image and help others' "yea exactly" 'Do we have to pay anything' "no" 'hmm, ok we will get back to you in 6 months' :P
21:32 tedski pretty much
21:32 tedski 'what about patents? are these inventions?'
21:32 forrest lol
21:32 forrest 'yes, I invented text!'
21:33 forrest and I ordered it this specific way
21:33 forrest "hmm, that could be 4-5 patents..."
21:33 forrest I'm hoping to get some seattle people interested, but I've asked in the IRC a few times with no responses
21:33 tedski 'fine, then i want my inventor's jacket... stat.'
21:33 forrest lol
21:34 forrest What you do is just say that you'll start working on that stuff outside of work
21:34 forrest so it will progress more slowly, but you can at least contribute back
21:34 tedski well, that's what i do now
21:34 forrest and explain how it will lose money, perhaps even the legal time might have to reduce their headcount
21:34 tedski legal is actually being quite helpful at this moment
21:34 forrest that's nice
21:34 forrest surprising, but nice
21:35 tedski i think they want us to create new github accounts with corp email accounts and want to agree on the license
21:35 tedski fair enough
21:35 forrest :\
21:35 forrest why?
21:35 jcockhren they want to own the things
21:35 forrest the license has to match Salt's license
21:36 tedski i mean they want to agree on the license that salt is using
21:36 forrest ahh I see ok
21:36 forrest jcockhren, yea I must be too much of a hippy, I've never understood that, is it not credit enough that you created it, and others benefit from it?
21:36 Ryan_Lane1 I actually have a question on that. I need to add my copyright to the code I upstreamed. that isn't a problem, since the code is apache2, right?
21:36 tedski we already have internal teams contributing to openstack and hortonworks, so it should be relatively easy
21:37 Ryan_Lane1 what's salt's policy on the copyright lines in the files?
21:37 forrest last time this came up I asked someone to remove then Ryan_Lane1
21:37 tedski didn't whiteinge just remove a ton of them?
21:37 forrest they had it in literally every file
21:37 forrest and it was hundreds of lines
21:37 Ryan_Lane1 that's actually the standard way of handling this
21:37 tedski Ryan_Lane1: does .. codeauthor:: work for you?
21:37 Ryan_Lane1 I'll ask
21:38 jcockhren forrest: it's going to be like this until legal catches up with software development culture
21:38 jcockhren they know nothing
21:38 forrest yea I know, it's painful
21:38 forrest they don't seem to want to learn either
21:39 HighlyUnavailabl timoguin: so it turns out it's just states.pip.installed that fails on windows, if I use cmd.run to shell out and run the "real" pip all the other modules that use boto for ec2 stuff work fine. Welp. Guess it works.
21:39 forrest or move so slowly, they might as well not learn, since by the time they decide it will be something different
21:39 ekristen joehh: not sure I tried git then apt, then purge apt to see if it works
21:39 whiteinge Ryan_Lane1: correct. not a problem with apache2. saltstack does not do copyright reassignment
21:39 jcockhren yeah. the lawyers I know personally said that law school is so tough, that if they had to learn newer sectors they'd just wing it
21:39 tedski we lucked out and one of our execs on the legal team used to work in the open source community
21:40 tedski so, it's a bit easier to get stuff done
21:40 forrest nice
21:40 tedski but i can't put, "just go ask the vp, already" in every email :)
21:40 forrest jcockhren, honestly they signed up for it, I have to learn every day both on the job, and when I go home at night to keep up, my pity for them only extends so far.
21:41 jcockhren law school puts them in an environment of frienemies
21:41 bVector joined #salt
21:41 forrest exactly
21:41 whiteinge Ryan_Lane1: as to having the notice in the file itself: it's fine if you need it there. tedski is right that we pulled out notices that were redundant with the LICENSE file.
21:41 Ryan_Lane1 ok
21:41 bVector anyone have a good way to monitor when a server is finished rebooting with salt?
21:42 whiteinge i'm super fuzzy on how having a copyright notice on a file works in a heavily active project like salt. i mean that copyright is going to start getting dilluted with other authors almost immediately...
21:42 bVector I imagine running something and have it print and return when the host is up
21:42 jcockhren forrest: I agree. software developers have to constantly learn newer things to ensure longevity
21:42 tedski bVector: have an event fired on boot, dependent on the minion running
21:43 TyrfingMjolnir joined #salt
21:43 bVector tedski: can you point me to some info on how to set that up?
21:43 whiteinge bVector: might be helpful: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.event
21:44 bVector ah that looks like exactly what I was looking for
21:44 vejdmn joined #salt
21:44 whiteinge (backport for current salt version here: https://github.com/saltstack/salt-contrib/blob/master/states/event.py)
21:45 ixokai joined #salt
21:45 whiteinge bVector: ^^ if you use the backport note the command is ``salt-run event.event`` instead of ``state.event``
21:45 Ryan_Lane1 whiteinge: copyright notice is basically just there to say all or part of the file was written by x
21:45 cheus Yo whiteinge, nice addition of .join() to file. That was clutch for some of today's meddlings.
21:46 whiteinge teach the lawyers how to use git blame!
21:46 jcockhren whiteinge++
21:46 bVector whiteinge: so to install that backport I just drop it in the states folder?
21:46 Ryan_Lane1 :D
21:46 tedski haha
21:46 whiteinge cheus: nice!
21:46 tedski they'll even love the use of the word 'blame'
21:46 Ryan_Lane1 it's also to make copying files easier between projects
21:46 Ryan_Lane1 which is also why it's normal to include the copyright notice on every file
21:46 whiteinge bVector: define this setting in your master config: http://docs.saltstack.com/en/latest/ref/configuration/master.html#extension-modules
21:47 whiteinge bVector: then make a "runners" directory in that directory
21:47 cheus I really need to just set-up a few containers for proper salt dev'ing. Anyone know if there's a fast step-by-step guide on that?
21:47 whiteinge bVector: (i usually set mine to /srv/modules/runners)
21:47 forrest cheus, just use lxc
21:47 bVector cool I'll give it a shot
21:47 cheus forrest, For the containers, yes. I meant the salt part of it
21:47 forrest cheus, do you mean past modifying the confs?
21:48 cheus forrest, Yeah. venv goodness, deps, daemons, etc
21:48 forrest cheus, http://docs.saltstack.com/en/latest/topics/development/hacking.html there's that
21:48 tedski i did not have much luck with that documentation
21:48 forrest might not be quite as thorough as you're asking for though
21:49 tedski i wound up just using the bootstrap script to set everything up
21:49 cheus forrest, Good enough. I can probably hack around the rest from that.
21:49 tedski that way i could install from a specific commit/branch on my fork
21:49 forrest yea I do the same tedski, just set up a few systems and bootstrap them
21:49 Ryan_Lane1 when the user state says the system defined shell, where does it find that?
21:49 Ryan_Lane1 it looks like it may be setting people to /bin/sh... ?
21:50 cheus Alright. Cashing out on the east coast. Have a good eve.
21:50 forrest Ryan_Lane1, hmm, I thought that was just the $SHELL variable
21:50 forrest later ch
21:50 forrest cheus
21:53 davet joined #salt
21:54 ajolo__ joined #salt
21:54 ipalreadytaken joined #salt
21:57 ipalread_ joined #salt
21:58 matrix3000 are you guys aware that on the saltstack site the latest pdf documentation is a picture of the salt logo and that's it?
21:58 Theo-SLC Has anybody ever used Elastic Beanstalk in AWS to bootstrap a minion for salt?
22:01 jaycedars joined #salt
22:02 mik3 left #salt
22:04 ipalreadytaken joined #salt
22:07 kballou joined #salt
22:10 matrix3000 is it possible to do somethign like this with pillars instead of continuing on with a bunch of if statements
22:11 matrix3000 http://pastebin.com/tQZVW59F
22:13 TyrfingMjolnir joined #salt
22:15 alainv matrix3000: have you looked at the best practices doc? that's fairly close to their exact example
22:15 alainv http://docs.saltstack.com/en/latest/topics/best_practices.html#general-rules
22:15 alainv it gets into the templating you want
22:20 miqui joined #salt
22:28 Chrisje joined #salt
22:28 chamunks joined #salt
22:28 Joseph_ joined #salt
22:28 Joseph_ and i am back
22:28 Joseph_ i am sure i was wildly missed
22:28 matrix3000 basically my goal is to never work with salt states, and let those remain community managed
22:28 matrix3000 and provide all parameters for all servers via top.sls
22:29 Joseph_ matrix3000: talk about coming in at the tail end of an interesting convo
22:29 matrix3000 lol, it was only like 10 minutes ago
22:30 matrix3000 i had to visit the porcelain thrown
22:30 matrix3000 throne*
22:30 alainv matrix3000: I am not terribly deep into salt myself yet, but from my experience I don't think that's very feasible with Salt at this point
22:30 alainv it may never be, due to the sheer open-endedness of it
22:31 matrix3000 really? that seems counter intuitive to the opensource community driven structure
22:31 jcockhren I think alainv has a half point
22:31 matrix3000 outside of direct contributions to salt code itself, you are left to do a lot of work yourself manually
22:31 matrix3000 which isn't very devopsy
22:32 alainv salt is the most dev-y of the CM tools
22:32 Joseph_ matrix3000: mind restating the use case?
22:32 alainv most of the others are more structured with "building blocks" like you want
22:32 jcockhren but I would say that docs would help with the 'million ways to do X' issue
22:32 Joseph_ alainv: agreed
22:33 jcockhren turns out, most people can't get anything done when there's too many options
22:35 Joseph_ jcockhren: right "There should be one-- and preferably only one --obvious way to do it."
22:35 Joseph_ and that's never truer than with dev ops
22:36 matrix3000 http://pastebin.com/pudcjzcQ
22:36 Joseph_ jcockhren: though my issue is that in order to say that the built in libraries really need to be enhanced. once you get outside basic use cases, you inevitably have to resort to formulas or custom modules
22:36 matrix3000 of course all the other stuff
22:37 matrix3000 because it only applies to those servers creating an apache.sls under /srv/pillars/ doesn't seem reasonable if you have another server setup that differs
22:37 Joseph_ matrix3000: what problem does state files + jinja template poise to you?
22:37 matrix3000 https://github.com/saltstack-formulas/apache-formula
22:37 matrix3000 many variations of apache
22:37 matrix3000 over 30 different configurations
22:37 matrix3000 so doing a /srv/pillar/apache.sls would actually be best as /srv/pillar/server1apache.sls
22:38 jcockhren Joseph_: I agree to that as well.
22:38 matrix3000 so like /srv/pillar/server2apache.sls for the other
22:38 Joseph_ matrix3000: so that's why you need to use templating right?
22:39 matrix3000 yes, of course you parameterize the who application
22:39 matrix3000 whole*
22:39 matrix3000 hence using apche-formula
22:39 Joseph_ matrix3000: but you think that's inferior com pared to what?
22:39 matrix3000 apache-formula* damn this keyboard hates it
22:39 matrix3000 im not saying it is inferior
22:39 Joseph_ matrix3000: oh okay
22:40 Joseph_ matrix3000: again i came into this late so i may have missed something
22:40 Joseph_ matrix3000: i thought you were looking to do X and salt wasn't letting you do X
22:41 jcockhren that was the other guy
22:41 jcockhren heh
22:41 matrix3000 well I can't seem to find documentation outside of create a /srv/pillars/apache.sls and that will fit all your apache servers when you do a
22:41 matrix3000 'server1': apache
22:41 Joseph_ jcockhren: ha!
22:42 matrix3000 but if i can do something like this http://pastebin.com/pudcjzcQ then its fine
22:42 matrix3000 but no where do I see examples like that with that much of application tree
22:42 Joseph_ matrix3000: i think you can do that...you'd just need to set the pillar data and then look up the pillar data in your apache.sls
22:42 forrest matrix3000, because you shouldn't put that into the pillar
22:43 forrest bloated pillars = failure
22:43 Joseph_ forrest: well yes
22:43 matrix3000 so how would you have many variations of apache configuration using the formulas when you can't provide those values outside of the pillars
22:43 forrest I did a talk on this during saltconf, if you're going to do something like that, put it into a jinja file which you import.
22:44 matrix3000 well there's already a jinja
22:44 forrest you can use something like the map.jinja file if you want
22:44 matrix3000 this is using https://github.com/saltstack-formulas/apache-formula
22:44 forrest yea
22:44 forrest so add to that
22:44 forrest and you could create another .jinja file, which you import and use for your conf.
22:44 matrix3000 so essentially then i can no longer git pull that formula
22:45 matrix3000 i'd have to fork it and go from there
22:45 forrest you should never be pulling directly from the repo
22:45 forrest you should always fork, we might merge in changes which break your config
22:45 matrix3000 ah, ok, so it's more of a here you go, now go customize it approach
22:46 forrest the formulas are a starting point
22:46 matrix3000 got you
22:46 forrest just like the puppet forge stuff, or the premade chef cookbooks
22:46 forrest it's like 'here is how to install apache, and it works, modify as needed.'
22:46 matrix3000 well puppet forge is different
22:46 forrest uhh how so?
22:47 matrix3000 there are officially support and lots of tests on some of those modules to check compatibility etc
22:47 matrix3000 rspec etc
22:47 jcockhren uh oh
22:47 forrest yea that's true.
22:48 matrix3000 so that's what I am trying to find out here is how to get a similar simplistic style with little work
22:48 matrix3000 salt is ridiculously customizable though
22:48 forrest the premade stuff is already pretty small work wise
22:48 forrest I mean, you could take that, literally change the conf to import x with context, and fill out a set of key/values
22:48 matrix3000 where as puppet requires some more work to do custom install stuff if someone hasn't already done it
22:49 matrix3000 essentially im looking at trying to use salt as a key/value provider for application configuration
22:49 matrix3000 not a use this configuration file im giving u
22:49 jcockhren data driven infrastructure is not so smooth in puppet
22:49 jcockhren ask jfryman
22:49 forrest some people have already been experimenting with that.
22:49 Joseph_ jcockhren: what is smooth puppet? name one thing. <beams of hatred at gems and passenger>
22:49 forrest matrix3000, that's what I was just explaining how to do.
22:50 jcockhren heh.
22:50 matrix3000 forrest: do you have any writups?
22:50 jcockhren matrix3000: pillars can be ORMs
22:50 forrest no, but you can take a look at this: https://github.com/saltstack-formulas/nginx-formula/blob/master/nginx/ng/files/nginx.conf
22:50 forrest jcockhren, that's a bad plan
22:51 forrest jcockhren, slow pillar = sadness
22:51 forrest if you put every value in there
22:51 jcockhren hopefully, no _every value_
22:51 jcockhren not*
22:51 forrest well, he was just talking about doing that
22:51 kiorky joined #salt
22:51 jcockhren was lightly referring to the django ext_pillar
22:52 matrix3000 it seems more to me that salt's strong point is not used for initial provisioning where it does it all once and pretty much doesn't care, it's more of lets do this to all the servers now and fast
22:52 arya joined #salt
22:52 forrest I don't know, I'm pretty biased as to me making that change from formula -> fully customized conf is pretty easy.
22:52 Joseph_ matrix3000: not sure i follow :)
22:52 forrest matrix3000, we use salt exclusively for our provisioning from virtual container -> working server.
22:52 arya what has changes in 2014.1.4? Upgraded server and all minions lost connection.
22:53 Joseph_ arya: you upgraded the OS or the salt minion software?
22:54 bhosmer joined #salt
22:54 matrix3000 forrest: looking at that config and i see what you are doing, just trying to figure out how to distribute the many versions of values pushed to that in best fashion outside of creating many different pillar/nginx.sls files
22:54 ajolo joined #salt
22:54 bhosmer_ joined #salt
22:54 forrest arya, all versions need to run on the same release, if you can downgrade the master, upgrade all the minions and restart them, then upgrade the master last.
22:55 turtle__ joined #salt
22:56 forrest matrix3000, can you try to give me an example? You say that you have all these unique apache configs, in what regards?
22:56 forrest virtual hosts?
22:56 matrix3000 yes
22:56 forrest or you are modifying the apache config for every machine
22:56 matrix3000 but not just that
22:56 arya forrest: that was clearly against the upgrade procedure
22:56 matrix3000 yea have different configs on almost every machine
22:56 matrix3000 meaning app1 is not like app2
22:56 forrest those are different apps though
22:56 forrest and each app should have it's own formula
22:57 forrest arya, where at?
22:57 matrix3000 but the app is still apache
22:57 forrest matrix3000, what do you mean?
22:57 forrest the app is not apache
22:57 arya http://docs.saltstack.com/en/latest/topics/installation/index.html#upgrading-salt
22:57 forrest the app is some site
22:57 matrix3000 apache with one config and apache with another config
22:57 forrest matrix3000, with a different /etc/apache.conf?
22:57 matrix3000 yes
22:57 forrest are you not using vhosts?
22:57 arya forrest: see the link I posted.
22:57 arya I clearly got doomed
22:57 forrest matrix3000, you just throw everything in the conf? If so, then each formula throws it's own apache conf in
22:57 matrix3000 where one apache may run with workers the other with threads
22:58 forrest arya, I could be wrong
22:58 forrest arya, I think we had a big discussion on this before where someone said I was incorrect.
22:58 forrest matrix3000, again, these are different apps
22:58 forrest matrix3000, so you have app1-formula, app2-formula, each one inherits the base apache, and has their own apache.conf
22:59 matrix3000 so essentially i'd have to rewrite the apache-formula for each app
22:59 forrest what??
22:59 forrest no
22:59 forrest https://github.com/saltstack-formulas/apache-formula/blob/master/apache/init.sls
22:59 forrest does that set up a conf?
22:59 forrest no it does not
22:59 matrix3000 https://github.com/saltstack-formulas/apache-formula/blob/master/apache/vhosts/standard.tmpl
22:59 forrest your formula includes apache, then drops in the conf, and says to watch that conf in the apache service
22:59 forrest again, that's not part of the init
23:00 matrix3000 oh i see what you are saying now
23:00 TyrfingMjolnir joined #salt
23:00 forrest it's the same thing with nginx, every app should have it's own sites-enabled
23:01 matrix3000 well of course, but you need to choose apache settings too
23:02 matrix3000 like prefork vs worker mpm
23:02 forrest yea and that's fine, your app can configure that
23:02 forrest that's the whole point of it being super modular in terms of apache
23:02 forrest you want basic apache, nothing special? Just use the init
23:03 matrix3000 ah ok
23:03 forrest then you can extend on top of that easily with your app
23:03 matrix3000 got it
23:03 forrest where it drops in the apache.conf that your unique app needs
23:03 Joseph_ forrest: i hadn't ever looked at the vhost part of the formula. that's actually pretty slick.
23:03 forrest then you avoid all that pillar nonsense
23:03 forrest Joseph_, for apache?
23:03 Joseph_ forrest: yea i've never needed to do anything particular complex with virtual hosts so i hadn't bothered.
23:03 forrest ahh
23:04 Joseph_ but i agree that looks way better than endless pillar key value pairs
23:05 forrest yea I don't like complicated pillars when you can avoid it
23:05 Joseph_ forrest: yes well i don't like complicated jinja when you can avoid it :)
23:05 Joseph_ forrest: i think people are generally crazy for trying to do macros
23:05 Joseph_ forrest: or they hate themselves
23:06 forrest I don't like complicated jinja either
23:06 forrest if you need to get that complex, just write pytho
23:06 forrest n*
23:06 Joseph_ forrest: agreed
23:06 forrest timoguin, are you around?
23:06 Joseph_ forrest: though i don't want to bother the pydsl etc i think you shoudl just write a custom module and call it a day
23:06 forrest heh
23:18 mosen joined #salt
23:25 Theo-SLC Anybody have an easy method to set the salt master in minion configuration by script?
23:27 bVector you could just set a dns entry for 'salt' in the resolv.conf
23:27 forrest salt-ssh Theo-SLC
23:27 miles32 joined #salt
23:27 Theo-SLC I have two masters setup for HA.  So I need to probably do some sed replacement
23:28 smcquay joined #salt
23:29 miles32 hey, I was wondering if anyone had run into a similar problem: Shortly after connecting to a newly provisioned instance via ssh salt-cloud errors out with "AttributeError: 'str' object has no attribute 'copy'"
23:31 miles32 the traceback points at salt/config.py, line 1642, value.update(opts['profiles'][vm_['profile']][name].copy())
23:31 Joseph_ miles32: what's the cloud provider?
23:31 miles32 aws
23:32 miles32 more specifically ec2
23:33 Joseph_ miles32: ah okay. i have onnly done this on openstack and i have not seen that problem.
23:35 __number5__ miles32: what's your OS on that ec2 instance?
23:35 miles32 the default 14.04 ami
23:35 miles32 *ubuntu
23:35 dmick left #salt
23:38 miles32 in the cloud.profiles I had a grains line, where each of the following lines were <Key>:<value> changing that to <key>: <value> seems to have resolved the issue
23:38 miles32 that's a bit of a cryptic error
23:39 miles32 (tracked it down to minion.update() which then called salt.config.get_cloud_config_value() )
23:39 __number5__ yep, yaml syntax errors sometimes really hard to debug
23:40 miles32 reading through the source is not my ideal troubleshooting method
23:43 shaggy_surfer joined #salt
23:46 dude051 joined #salt
23:46 miles32 now for the fun part, grains.items returns a line that says es_version: 1.2; grains.items['es_version
23:46 miles32 '] returns not available
23:47 miles32 ignoring the fact that I'm probably using grains.items wrong...
23:47 joehh ekristen: do you have a copy of the 2014.1.3 deb for salt-common? if so, could you please send it through to joehealy@gmail.com?
23:47 miles32 I can't get a pillar file to render with that es_version
23:47 joehh trusty version that is...
23:53 ajolo_ joined #salt
23:54 ekristen joehh: its up on the ppa
23:55 arya 2014.1.4 master doesn't even startup for me on Ubuntu Precise
23:55 arya nothing in the logs
23:55 arya looks like permission issue but it starts as root
23:55 ekristen joehh: https://launchpad.net/~saltstack/+archive/salt/+files/salt-common_2014.1.4%2Bds-2trusty3_all.deb
23:58 Outlander joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary