Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-06-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 mateoconfeugo joined #salt
00:05 bhosmer joined #salt
00:06 crazysim joined #salt
00:10 tedski joined #salt
00:19 jalaziz joined #salt
00:26 jalaziz joined #salt
00:32 Luke_ joined #salt
00:34 chamunks joined #salt
00:45 mateoconfeugo joined #salt
00:50 Guest84057 joined #salt
00:50 artificialexit joined #salt
00:55 aquinas joined #salt
00:56 aquinas joined #salt
00:59 mosen joined #salt
01:00 yidhra joined #salt
01:02 aquinas joined #salt
01:04 schimmy joined #salt
01:07 malinoff joined #salt
01:07 schimmy joined #salt
01:11 zircote_ joined #salt
01:12 schimmy joined #salt
01:16 schimmy1 joined #salt
01:16 fllr joined #salt
01:24 seventy3_away joined #salt
01:31 mafrosis joined #salt
01:42 bhosmer joined #salt
01:50 Saga I just noticed the PDF file link to documentation is broken http://docs.saltstack.com/en/latest/
01:50 Saga https://media.readthedocs.org/pdf/salt/latest/salt.pdf
01:56 davet joined #salt
01:58 brain5ide_ joined #salt
01:58 DaveQB joined #salt
01:58 77CAAHKC4 joined #salt
02:01 thehaven joined #salt
02:05 DaveQB joined #salt
02:05 renoirb joined #salt
02:08 munhitsu_ joined #salt
02:08 lionel joined #salt
02:18 zircote joined #salt
02:18 chitown__ joined #salt
02:23 ramishra joined #salt
02:24 tonthon joined #salt
02:36 Shenril joined #salt
02:39 mosen joined #salt
02:43 ramishra joined #salt
02:47 Outlander joined #salt
02:48 Luke_ joined #salt
02:49 Guest84057 joined #salt
02:51 Guest84057 joined #salt
02:54 Guest84057 joined #salt
02:57 mateoconfeugo joined #salt
03:04 aberdine joined #salt
03:10 catpigger joined #salt
03:21 obimod joined #salt
03:21 obimod whaatup
03:24 obimod haha!
03:24 obimod wow, that was annoying
03:24 obimod that random haha
03:26 obimod at first i thought the namechange for MTecknology was nipples, so naturally I exclaimed my maturity level with my free-hand tendencies... for better or worse
03:27 nipless obimod: the details are not of which you would like to know
03:28 obimod : )
03:30 bhosmer joined #salt
03:34 \ask joined #salt
03:46 Luke_ joined #salt
03:46 jalbretsen joined #salt
03:49 n8n joined #salt
03:57 ajolo_ joined #salt
03:57 mosen joined #salt
03:58 obimod or : ( -- not sure : ) could be like, you don't eat often or something... not that im prying or anything : )
03:58 obimod and i'm not calling you a cat... although that would be pretty awesome... salty cat.. mm
03:59 obimod i would be calling you a cat if i thought you ate "nip" although i'm guessing it's a generic form of food, unrestricted to the cat
04:02 thayne joined #salt
04:16 zircote joined #salt
04:18 taterbase joined #salt
04:18 zircote joined #salt
04:28 obimod anyone know if i can have a source attribute with file.directory to copy a directory over?
04:29 obimod <3ing the open-sans font in the docs
04:34 obimod got it!   file.recurse:     - source: salt://code/flas
04:34 ramishra joined #salt
04:56 joehh packages with patches for the iptables and openvz grains issues have just gone up to debian.saltstack.com
05:00 ramteid joined #salt
05:02 joehh viq, xmj, babilen: ^^
05:03 xmj huh.
05:03 xmj joehh: any changes to freebsd parts?
05:04 ipalreadytaken joined #salt
05:10 joehh xmj: misread irc logs from the 19th - no, still waiting on a .6 which hopefully will be soon
05:10 xmj joehh: poke me once you have something
05:11 xmj i'll work with cedwards to get the freebsd version within a few minutes of release, heh
05:11 mateoconfeugo joined #salt
05:11 xmj (ok, it won't be _that_ quick.)
05:19 bhosmer joined #salt
05:24 ajolo__ joined #salt
05:25 picker joined #salt
05:25 TheThing joined #salt
05:34 zircote joined #salt
05:36 sunkist terminalmage, thanks, I checked the minion log and saw the error.
05:37 sunkist terminalmage, The error showed me what salt was doing, and I was able to repeat its failure and alter my state for it.
05:37 sunkist terminalmage, thanks!
05:39 jdmf joined #salt
05:56 mateoconfeugo joined #salt
05:59 TheThing joined #salt
05:59 jv115 joined #salt
06:00 jv115 left #salt
06:02 TheThing_ joined #salt
06:07 hopefulstranger joined #salt
06:08 hopefulstranger I'm running salt master in a docker container. I'm trying avoid doing remote execution from the master directly. Is there a çommon pattern for this? Or should I assume that remote execution should always be done from the master?
06:10 Chi_ joined #salt
06:11 Chi_ How can I put variable in salt
06:11 Chi_ For exam in Prod evi IP=10 but Dev IP=1
06:12 Chi_ How can I define and apply in sls file
06:14 joehh Chi_: use pillar data for this
06:26 TheThing joined #salt
06:29 carmony joined #salt
06:30 frozenice left #salt
06:31 johtso joined #salt
06:45 yomilk joined #salt
06:53 ramishra joined #salt
06:59 ndrei joined #salt
07:08 ramishra joined #salt
07:10 ml_1 joined #salt
07:13 jhauser joined #salt
07:19 bhosmer joined #salt
07:19 slav0nic joined #salt
07:24 borgstrom joined #salt
07:26 TheThing joined #salt
07:28 marnom joined #salt
07:29 skul left #salt
07:30 marnom anyone also getting 'Err http://debian.saltstack.com/debian/ wheezy-saltstack/main salt-master all 2014.1.5+ds-3~bpo70+1
07:30 marnom 404  Not Found' when updating a debian 7 server?
07:30 marnom It seems the repository index is referencing a file that doesn't exist on the server...
07:37 borgstrom joined #salt
07:37 babilen joehh: Great! Thank you :)
07:39 chiui joined #salt
07:39 felskrone joined #salt
07:41 joehh marnom: do another apt-get update
07:41 aquinas__ joined #salt
07:41 joehh you may have done the update while I was rsyncing some files in...
07:41 ThomasJ|d joehh: Having the same issue, and apt-get update does not pick up the change from -3 to -4
07:42 ThomasJ|d Been trying for an hour now
07:42 joehh odd
07:42 joehh I'll look at the repo
07:42 ThomasJ|d Thanks
07:43 marnom joehh: thanks for looking into it
07:46 babilen -4 is indeed the newest package in the repository
07:47 Lomithrani joined #salt
07:48 marnom babilen: well I did notice some '5' files but not 'bpo70', whatever that may be :)
07:48 babilen marnom: Those are the backported packages for wheezy (Debian 7.0). bpo == backports, 70 == wheezy
07:48 marnom babilen: ahh thanks for clearing that up :)!
07:51 Shenril joined #salt
07:51 joehh I've just sent the package lists up again - could you please test and see what you get?
07:51 ThomasJ|d Works now. Thanks :)
07:51 babilen works
07:52 babilen Well, I shall test them first. But the Release file is correct now :)
07:52 joehh great - no idea what happened - maybe an issue entering my passphrase on one of the includes...
07:55 babilen Ah, thank you for the pleasure of starting my week with "salt '*' pkg.upgrade". One of my favourite things to do :)
07:56 babilen And I get correct grains again. w00t! :)
08:01 ahale joined #salt
08:01 ahale joined #salt
08:03 jeddi joined #salt
08:04 Chi_ joined #salt
08:04 TheThing joined #salt
08:05 marnom joehh: sorry for the slow response but it's working here as well, thanks for your quick fix!
08:07 Chi_ @joehh Could you please send me some example using variable and pillar for each environment
08:13 borgstrom joined #salt
08:13 CeBe joined #salt
08:14 anuvrat joined #salt
08:15 Kenzor joined #salt
08:19 borgstrom joined #salt
08:21 _ale_ joined #salt
08:21 Chi_ Hi All, How do you define IP, User and password for each system
08:21 Chi_ Pillar, Graint or Mine is better?
08:23 malinoff Chi_, pillars should be used to store sensitive information, like passwords. You don't need to define IP addresses, grains contain such information
08:23 malinoff Chi_, http://docs.saltstack.com/en/latest/topics/targeting/grains.html#listing-grains
08:24 malinoff http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
08:24 babilen Chi_: Take a look at https://github.com/saltstack-formulas/users-formula for one approach to generate users from pillar data
08:25 babilen Chi_: If *you* want to configure interfaces with, say, http://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html I'd save the data in a pillar too.
08:26 Chi_ thank you all, I'm new with Salt. I will read pillar first
08:29 babilen Chi_: I would recommend to read the pillar tutorial and then http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html which details how to write idiomatic formulas that use data in pillars
08:30 simmel now atleast it parses the roster file but test.ping still wont work : /
08:31 malinoff I have no idea why you guys use salt-ssh instead of ansible :)
08:31 Chi_ thank you babilen, malinoff
08:31 malinoff Chi_, you're welcome
08:31 simmel to try different cm:s malinoff : ) im already using ansible elsewhere
08:31 Chi_ in sls file dow you know how to set all folder and file in it present
08:32 Chi_ it document I only see with file
08:32 darkelda joined #salt
08:33 malinoff simmel, so I wonder why do you use a component that is in alpha
08:33 malinoff just to try?
08:35 simmel yes and even if its alpha it should work if its released imo.
08:35 borgstrom joined #salt
08:37 malinoff Some of salt parts do not work even if they're not alpha :)
08:46 _ale_ joined #salt
08:50 aberdine left #salt
08:52 viq joehh: thank you
08:57 bhosmer joined #salt
08:58 borgstrom joined #salt
09:00 Lomithrani joined #salt
09:02 giantlock joined #salt
09:06 TheThing joined #salt
09:08 borgstrom joined #salt
09:10 felskrone1 joined #salt
09:11 TheThing joined #salt
09:16 zooz joined #salt
09:19 aqua^^ joined #salt
09:23 Lomithrani joined #salt
09:34 bmcorser joined #salt
09:35 bmcorser hello
09:35 bmcorser got issues with cmd.run
09:35 bmcorser need to do an SQL insert
09:36 bmcorser it says in the docs that i can set env
09:36 bmcorser as a dict, or yaml
09:36 bmcorser can i do this come the command line
09:36 bmcorser ?
09:36 babilen bmcorser: You are aware of http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html ?
09:37 bmcorser im using postgres
09:37 bmcorser but thanks :)
09:38 yidhra joined #salt
09:38 babilen Ah, sorry. I am not sure if a similar module exists for postgres already.
09:38 babilen (and psql is nicer than mysql anyway)
09:41 babilen But yeah, cmd.run allows you to to define the env. Something like: env="{'foo':'bar', 'quux':'qoor'}" might work.
09:41 babilen (or YAML)
09:42 viq Ha, I've dropped to 5th most active user here now ;P
09:42 borgstrom joined #salt
09:42 viq http://bots.wmflabs.org/~wm-bot/dump/%23salt.htm
09:45 linjan joined #salt
09:49 borgstrom joined #salt
09:56 mateoconfeugo joined #salt
09:57 zooz joined #salt
09:58 bitmand joined #salt
10:01 bmcorser babilen: how do i pass YAML to cmd.run env?
10:01 happytux joined #salt
10:01 bmcorser i tried cmd.run env='foo: bar'
10:06 alanpearce joined #salt
10:06 alanpearce joined #salt
10:09 laubosslink joined #salt
10:12 bmcorser can i use postgres.db_alter to change the name of a table?
10:12 bitmand joined #salt
10:14 babilen bmcorser: That looks about alright, but I've never used that. What happens if you try that? Does it work if you pass it as Python dictionary as exemplified earlier?
10:15 babilen bmcorser: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.postgres.html has information on the postgres module. What are you trying to do exactly and what is the outcome? Feel free to provide applicable output + commands on http://paste.debian.net
10:17 babilen bmcorser: If you want to run "ALTER TABLE RENAME ..." then i don't think that salt.modules.postgres.db_alter(…) supports that, but i would have to look into the source code to verify that.
10:17 viq laubosslink: if you can set those via a file, then easily. If those need to be changed from firefox itself, that's not so easy
10:17 babilen bmcorser: It is just tricky to support you without actual information, errors and commands
10:19 borgstrom joined #salt
10:23 borgstrom joined #salt
10:25 bmcorser babilen: thanks, but i think my issue is actually with bash string quotes
10:26 bmcorser what i am trying to do is send a command to a minion with cmd.run, but the command has both single and double quotes
10:26 Katafalkas joined #salt
10:26 bmcorser i need to do something like this:
10:28 bmcorser cmd.run 'psql -c "insert into \"user\" values 'a', 'b', 'c'"'
10:28 bmcorser so i need to send the escapes to the minion
10:29 babilen I heard you like escapes, so I put escapes in your escapes so you can escape while you escape!
10:30 babilen bmcorser: So you are not actually trying to run "ALTER TABLE RENAME" but alter a user account?
10:30 bmcorser :)
10:30 babilen Ah, well, you obviously don't want to tell me. All the best!
10:30 bmcorser i wanted to rename the user table so i wouldn't have to use double quotes
10:31 joehh marnom: no worries on slow response, good to hear it works for you now
10:32 elfixit joined #salt
10:32 bmcorser babilen: so basically my issue is with bash, not salt :)
10:33 shakey joined #salt
10:33 babilen bmcorser: See you in #bash then? But then there *might* be a better way to do it in salt, but if you don't tell us what you *really* want to do then we cannot check.
10:35 wigit Anyone have an idea for when 2014.1.5 will be available in EPEL?
10:42 bmcorser babilen: i just want to insert a row into a postgres table
10:43 babilen salt '*' postgres.psql_query 'INSERT INTO ....' ?
10:43 babilen Ah, that supports only selects. Sorry.
10:44 Renich joined #salt
10:44 Renich Hello, Saltians
10:44 babilen o/
10:44 Renich \O
10:44 Renich Do we have a repository for common configuration?
10:45 babilen Renich: Things like https://github.com/saltstack-formulas/ ?
10:45 Renich babilen: that is exactly what I was thinking off ;=)
10:45 bhosmer joined #salt
10:46 babilen Renich: Wonderful, enjoy!
10:46 Renich some pretty cool stuff there
10:49 eofs I'm currently deauthorizing minions automatically using a custom script. The script will run 'salt-call saltutil.revoke_auth' and remove /etc/salt/minion_id file when OS is shutting down.
10:49 eofs salt master is using autosign.conf to accept new keys
10:50 eofs This way I can spin up new EC2 instances using AWS Auto Scale and minions will connect to master. It feels a bit hackis, is there a better way?
10:51 viq wigit: it's already in epel-testing
10:51 babilen eofs: You could hook into the reactor system and listen to minion stop events. See http://docs.saltstack.com/en/latest/topics/reactor/index.html for some examples
10:53 ramishra joined #salt
10:56 Renich left #salt
10:58 CeBe1 joined #salt
11:01 babilen eofs: Oh, do you use salt-cloud to manage those EC2 instances?
11:01 reikalusikka- joined #salt
11:01 bhosmer joined #salt
11:03 eofs babilen: nope, not at the moment
11:03 eofs I didn't figure out to to make it support AWS Auto Scale
11:03 babilen eofs: I stumbled over https://github.com/saltstack-formulas/ec2-autoscale-reactor the other day
11:04 borgstrom joined #salt
11:08 viq huh? 2014-06-23 13:08:24,607 [salt.master      ][ERROR   ] Received function _ext_nodes which is unavailable on the master, returning False
11:13 viq hm, looks like I need 2014.1.5 on master _and_ minions, doesn't like 2014.1.4 on minions it looks
11:15 eofs babilen: looks somewhat promising, but exposing yet another interface (web hook) is just a another candidate for sinle-point-of-failure
11:16 wigit viq: https://github.com/saltstack/salt/issues/13535 - workaround there if you need it.
11:19 viq wigit: thanks
11:19 babilen eofs: Just thought I'd mention it .. you can, naturally, go with "normal" events generated when minions go down and react to that.
11:20 babilen It's just something that I knew of and though I point out to you in case it might be useful
11:21 eofs babilen: yeah, currently figuring out how "reactor" works. So far looks very promising and I think I could get rid of that oh-so-horrifying-custom-init-script of mine
11:22 babilen I think so to, let us know if there is something specific you want to know. I found it most enlightening to simply look at the output of that eventlisten script.
11:23 babilen eofs: Also note that you can easily generate your own events as detailed in http://docs.saltstack.com/en/latest/topics/event/index.html
11:24 Hazelesque joined #salt
11:32 eofs babilen: thanks! I'll fiddle around and see reactor fits for our needs
11:37 Lomithrani joined #salt
11:39 diegows joined #salt
11:42 Lomithrani Hi guys ,  quick question   the other way of activating a mine function instead of "salt '*' mine.delete 'network.interfaces'"  is to modify the minion file on the minion right ?
11:46 tkharju1 joined #salt
11:46 babilen Lomithrani: You would enable functions in the minion config, yes.
11:47 babilen Not sure what the exact equivalent of "mine.delete" is though.
11:47 babilen (might be equivalent to simply removing the line in question and restarting the minion)
11:50 babilen Lomithrani: Are you sure that "salt '*' mine.delete 'network.interfaces'" activates a mine function?
11:51 Lomithrani haha wrong copy paste :)
11:51 Lomithrani salt '*' mine.send network.interfaces eth0
11:51 viq xmj / MTecknology - gee, how fun: https://gitlab.com/gitlab-org/gitlab-ce/issues/360
11:51 or1gb1u3 joined #salt
11:54 vbabiy joined #salt
12:00 logix812 joined #salt
12:01 vbabiy joined #salt
12:07 babilen Lomithrani: I have to admit that I was rather surprised
12:07 Lomithrani =)
12:08 vbabiy joined #salt
12:09 brandon joined #salt
12:10 vbabiy_ joined #salt
12:15 vbabiy joined #salt
12:17 jslatts joined #salt
12:17 jeddi joined #salt
12:20 eofs babilen: it seems that reactor will receive minion_start when new minion is available. But no events will be triggered when minion goes offline
12:20 eofs there's a pending isseue on github: https://github.com/saltstack/salt/issues/6794
12:21 ndrei joined #salt
12:24 babilen eofs: You can enable presence events and react to them: http://docs.saltstack.com/en/latest/topics/event/master_events.html#presence-events
12:24 babilen eofs: IIRC there was a typo in the event and I am not sure if that has been fixed by now (presense vs presence)
12:24 jslatts joined #salt
12:25 babilen it has been fixed in develop, but I am not sure if that fix made it into 2014.1.*
12:27 eofs babilen: missed that one! thanks!
12:27 ramishra joined #salt
12:28 tkharju2 joined #salt
12:31 babilen eofs: No problem, this is why we have this channel so that people can share knowledge :D
12:31 eofs sharing is caring ;)
12:32 alanpearce joined #salt
12:32 cekz joined #salt
12:33 the_lalelu joined #salt
12:34 bhosmer joined #salt
12:39 tkharju2 joined #salt
12:40 alanpear_ joined #salt
12:40 jaimed joined #salt
12:50 ramishra_ joined #salt
12:50 miqui joined #salt
12:53 jhauser joined #salt
12:55 bhosmer joined #salt
12:56 bhosmer joined #salt
12:57 totte joined #salt
12:59 bhosmer_ joined #salt
13:01 ramishra joined #salt
13:02 joehh updated ubuntu packages gone to launchpad with fixes for iptables --help, openvz grains and https://github.com/saltstack/salt/issues/13535#issuecomment-46736029
13:03 joehh only for trusty/saucy at this stage
13:03 babilen eofs: just checked my setup and it is still "salt/presense/present" on 2014.1.5 (stupido!)
13:04 blarghmatey joined #salt
13:05 Hell_Fire_ joined #salt
13:05 babilen I hate it when I have to develop against bugs :-/
13:05 babilen "FIXME: This code is intentionally broken and has to be adapted when Issue: #123456 has been fixed"
13:08 racooper joined #salt
13:09 eofs babilen: I'm not using reactor and presence events and everything runs smoothly \o/
13:09 babilen not?
13:09 babilen s/not/now ?
13:10 eofs yeah, s/not/now :P
13:10 babilen eofs: If so: Then \o/ and hooray. Mind showing me what you came up with (might have to do something similar soon)
13:10 babilen ?
13:11 eofs babilen: I mean, it works now. Just typoed my previous message :)
13:11 babilen yeah, sure ... I had hoped for that :)
13:11 babilen Mind share your solution? I am always curious to read different approaches to use the reactor system.
13:11 babilen *to share
13:12 babilen well, *sharing rather :D
13:12 eofs babilen: just a sec
13:13 babilen Sure, no rush
13:17 eofs babilen: https://gist.github.com/eofs/0219728e6f89e6e7b860
13:23 ramishra joined #salt
13:27 pressureman joined #salt
13:28 babilen eofs: That's almost too slick ;D
13:29 kermit joined #salt
13:29 eofs babilen: ;)
13:30 eofs Now I've to figure can I get salt-minion to ignore /etc/minion/minion_id so minion will always use hostname based ID
13:30 _ale_ joined #salt
13:30 eofs +if
13:31 eofs that way I may use autosign.conf accept only matching hosts
13:31 eofs and every minion will have unique ID
13:32 ajolo_ joined #salt
13:32 babilen eofs: Isn't minion_id initialised with the hostname?
13:34 eofs yes, but if I use Amazon EC2 AMI, minion_id will be persistent. A script has to remove it before salt-minion starts, otherwise every minion has same ID
13:35 babilen ack
13:36 rojem joined #salt
13:41 eofs I could use custom init script which removes minion_id and key files at boot, just before salt-minion starts
13:42 eofs so it would go like this: boot EC2 instanse form AMI, remove minion_id/keys, start salt-minion, connect to master, run highstate etc..., disconnect/stop/die/burn in fire, master will detect presence change and remove unused key
13:44 jchen eofs: why not use salt-cloud to bootstrap a new ec2 instance?
13:44 ipmb joined #salt
13:45 eofs jchen: AWS Auto-Scale requires that you use AMIs
13:46 tkharju joined #salt
13:46 thayne joined #salt
13:46 jchen damn :(
13:48 aquinas joined #salt
13:49 ajprog_laptop joined #salt
13:51 babilen eofs: Why would your AMI have /etc/salt/minion_id to begin with?
13:53 babilen eofs: I mean why don't you simply use an image without that? (a minion without personality so to speak)
13:53 eofs babilen: automatically created by salt-minion, so I have to either remove it manually before creating new AMI snapshot, or use script to remove automatically at boot/shutdown
13:54 babilen yeah, I was thinking/proposing to do the former
13:54 brain5ide__ joined #salt
13:54 aquinas joined #salt
13:54 babilen You probably have to do the same for the generated keys
13:54 yano joined #salt
13:55 eofs doing it manually is not big a problem, it just requires documentation for the sysadmins
13:55 babilen IOW: it might be a better idea to come up with an AM image that simply bootstraps a salt-minion when it comes up
13:55 timoguin eofs: check out the aws autoscale reactor on saltstack-formulas. that setup allows you to use the AWS notification system to react to new VM creations on the salt-master and bootstrap them.
13:56 babilen timoguin: I proposed that already, but opening up the master for salt-api wasn't to eofs's liking
13:56 timoguin ah
13:56 babilen Which I can somewhat understand ...
13:56 timoguin you could also have a minion that listens for the AWS notifications and fire the events from there so you don't have to open up salt-api
13:57 babilen "So, you are telling me that you intentionally activated a REST API that people can use to do anything on your servers and made it reachable to everybody on the internet?"
13:57 timoguin bootstrapping new autoscale instances has been a bit troublesome for a while and that seems the best solution
13:57 eofs timoguin: that too, but I think babilen's proposal of AMI that bootstraps salt-minion automatically would be the easiest to setup and maintain
13:58 timoguin yea i'm not sure how that would work though
13:58 timoguin the hard part is getting the new minions key onto the master
13:58 eofs timoguin: autosign.conf is one way, althought not the best for the security
13:59 babilen One could script the master to accept those automagically along the lines of http://docs.saltstack.com/en/latest/topics/reactor/index.html#a-complete-example
13:59 eofs but if you're using VPC you cant pretty much restrict access to your masters using ACL and Security-Groups
13:59 babilen I wouldn't have too much of a problem with that as our salt master is only listening on an internal network, but it might be a bit tricky if you don't have that
14:01 ramishra joined #salt
14:02 dude051 joined #salt
14:03 quickdry21 joined #salt
14:04 Lomithrani http://pastebin.com/1H1YDVWp  my minion minion conf file is such as this
14:04 Lomithrani I have done svcadm refresh and restart on it
14:04 Lomithrani but salt '*' mine.get '*' network.interfaces eth0    gives me no result
14:05 eofs thanks babilen and timoguin. I think I'll opt to manually remove minion_id and keys before creating AMIs
14:05 eofs I don't think we need to update AMI's that often
14:07 Tween joined #salt
14:07 viq laubosslink: again, how do you put that into firefox config?
14:09 GradysGhost joined #salt
14:09 aquinas joined #salt
14:10 Tween hey there, i'm wondering if anyone can take a look at this state file: http://paste.ubuntu.com/7690523/ and tell me why i would be getting the error State event.wait found in sls file1 is unavailable ?
14:11 timoguin Tween: what version are you running?
14:11 Tween 2014.1.5
14:11 timoguin yea that function is only in the develop branch
14:11 jhauser joined #salt
14:12 viq laubosslink: if it's simple text in a file, then yes, you can quite easily put text in a file using salt.
14:12 Tween timoguin: oh, that simple huh? hmmm any work arounds for the current version?
14:13 viq Tween: push the new module to your minions
14:13 timoguin Tween: you *may* be able to copy the event.py module from the dev branch
14:13 dude051 joined #salt
14:13 vbabiy joined #salt
14:14 timoguin the exec module could go in _modules and the state module in _states
14:14 Tween viq: the dev one?
14:14 timoguin but no guarantees it will work without any issues
14:15 conan_the_destro joined #salt
14:16 Tween timoguin: hmmm i see, alright i'll try and architect a different solution, don't want to go down the rabbit hole of tacking things on. I appreciate the help though
14:17 babilen Tween: You could call cmd.run with salt-call or shoehorn something with http://docs.saltstack.com/en/latest/topics/event/index.html and do that from withing a state that you write in Python
14:17 babilen (ugly, but meh)
14:17 vejdmn joined #salt
14:17 agh Hello to all
14:18 agh I want to use Git with SaltStack. But i can't find any doc/tutorial for using it with branches / envs
14:18 agh I read the doc
14:18 agh I read some articles on the web
14:18 viq agh: http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
14:18 agh but, I don't understand how to manage a common "top.sls" shared between sevral branches
14:18 agh viq: already read this one ;)
14:19 viq But you said you can't find tutorial for using it with branches / envs
14:19 agh viq: yes sorry, i can't find a "real life" doc / tutorial
14:20 babilen agh: I strongly dislike salt's way of conflating branches and environments (this should be done *explicitly* and the way it is now breaks standard git branch workflows)
14:20 agh how to, day after day, manage a central git repo with let's say 3 branches (dev, ppd, prd) with a common top.sls for all branches
14:20 msciciel_ joined #salt
14:20 babilen agh: But then the way to do it is to have a separate repository in which you have your top.sls
14:20 aquinas joined #salt
14:21 agh babilen: but how do you manage your envs for example ?
14:21 vejdmn1 joined #salt
14:21 agh In fact, more than doc, I need best practice or white paper on this topic
14:22 btorch is there a way to make the salt minion refresh it's cache ? it seems like this minion is not really up to date with the states on the master
14:22 babilen agh: There is no whitepaper that I am aware of. Is there something specific you are not understanding?
14:23 agh babilen: yes, i'm not a big expert in git. And, I want to have a simple workflow to go from DEV to PPD to PRD. How to do this ?
14:24 agh First method : copy files by hand in sevral directories {dev,ppd,prd}/{states,pillar}
14:24 agh 2nd method : git branch with dev,ppd and prd branches
14:24 viq btorch: minions don't keep cache, AFAIK, it's the master that does
14:24 btorch weird
14:24 viq btorch: and if you want to refresh cache on master, you use 'salt-run fileserver.update'
14:24 agh and use git cherry-pick to go from dev to ppd, then from ppd to prd
14:25 babilen agh: The way it would work with GitFS (which is awesome apart from the crude hack to equate branches and environments) is to have one branch per environment and to manage top.sls in a separate environment.
14:25 babilen *in a separate repository
14:25 btorch viq: thanks
14:25 agh babilen: ok. And do you agree with cherry-pick for managing "merge" between branches ?
14:25 babilen agh: You would then develop on one branch and merge/cherry-pick from your, say, DEV branch into PPD and from there to PRD.
14:25 manfred btorch: or you can put it in /srv/salt/top.sls
14:25 manfred bah
14:25 viq btorch: and if you mean "I modified the state and the minion didn't apply them", you are aware that you need to tell minion to apply them, using highstate or state.sls ?
14:25 manfred babilen: ^^
14:26 manfred babilen: you should have top.sls in /srv/salt/top.sls and just make sure to make servers correctly
14:26 agh ok. So I was right. But wanted to have a confirmation :=) Thanks
14:26 flebel joined #salt
14:26 manfred babilen: like 'dev.*' for your dev environment, and 'prod.*' for your base environment
14:26 babilen agh: I typically use feature branches in git and merge them into develop once I am done. These feature branches will have to be rebased against develop whenever develop changes. I also tend to prefer explicit merges rather than ff ones.
14:26 btorch viq: nah this is nothing new ... nothing has changed .. just this old box is having a funny salt behavior
14:26 manfred babilen: if you do different top files in each environment, you can't do merges the same way in your git environment
14:27 babilen manfred: There is no /srv/salt/top.sls if you use GitFS only repositories (and top.sls is being merged *across* branches)
14:27 babilen manfred: Which is why you need a separate repo for top.sls
14:28 manfred babilen: oh, that would work too, but you still need top.sls seperate from your state git repo
14:28 babilen One of the things that I strongly dislike about the way GitFS equates branches and environments (it is stupid to do that IMHO, it should be configured *explicitly* that branch FOO corresponds to environment BAR)
14:28 babilen manfred: Yes, horrible isn't it?
14:28 viq btorch: look in logs on master and minion, it may be telling you what it doesn't like
14:29 manfred babilen: meh
14:29 manfred babilen: at least you can specify your gitfs_base
14:30 babilen yeah, pillar_base would be needed too though ..
14:30 babilen Which reminds me: I would like to manage formulas as submodule in *one* repository rather than having to create one repository for each formula we use.
14:30 thayne joined #salt
14:30 babilen Unfortunately GitFS does not seem to checkout submodules ...
14:31 babilen How do you deal with that?
14:31 agh babilen: BTW submodules are nightmares IMO
14:32 babilen I know, but then I can't really think of a better way to deal with that.
14:32 aquinas joined #salt
14:33 babilen I want to have a separate repo for each customer whose configuration I manage in salt. If I need one additional repository every time I want to use a formula I have "NUM_FORMULAS * NUM_CUSTOMERS + NUM_CUSTOMERS" repositories if I want to be sure that customer A doesn't scream at me just because I decided to upgrade a formula (for customer b)
14:33 will joined #salt
14:34 babilen So, I would like to have formulas/ in the repo for customer a and populate that with submodules (and upgrade those manually)
14:35 viq babilen: git.latest and proper paths in master config?
14:36 mastrolinux joined #salt
14:37 babilen viq: So essentially "Don't use GitFS" ?
14:37 mastrolinux Hi there, I have: The following untracked working tree files would be overwritten by merge in git.latest even if foce, force_checkout, and always_fetch are true
14:37 mastrolinux any ideas?
14:38 vbabiy_ joined #salt
14:38 viq babilen: eh, yeah, somewhat... Is there a feature request open for supporting submodules?
14:38 babilen viq: I am currently checking (and will write the report if not)
14:39 mastrolinux http://pastebin.com/wkY1H9fW looks like the git pull is without the -f option
14:39 Ahlee pillar targeting problem, I can't seem to target deeply nested: https://gist.github.com/jalons/7e52c4491b14c1862939
14:39 Ahlee where deep is one level
14:39 JesseCW joined #salt
14:40 Tween timoguin: babilen: workaround that i think is the cleanest is just making another state and using module.wait and using event.fire_master as the module. and then waiting on the module cp.push.
14:40 viq Ahlee: try removing the - from before foo
14:40 Ahlee viq: It's an external pillar that's populated as a list
14:41 Ahlee unless you can't target lists
14:41 viq I wonder if something like 'application:[foo]' would be in order
14:42 Ahlee i'll play with it
14:42 Ahlee ah, yeah, it has to be a list since there can be multiple applications installed
14:42 Ahlee now i remember
14:43 mastrolinux Someone else had the same issue: http://irclog.perlgeek.de/salt/2014-02-11#i_8264857 but no solution
14:44 mgw joined #salt
14:45 wendall911 joined #salt
14:46 briner joined #salt
14:47 masterkorp hello
14:47 masterkorp just are there any cloud formulas
14:47 masterkorp ?
14:47 mastrolinux did you saw salt-cloud?
14:48 vbabiy joined #salt
14:48 masterkorp yeah i mean salt-cloud
14:48 masterkorp so i can beautifully set the salt-cloud configuration on pillar data like I do for salt-master and the minions with the salt formula
14:49 briner can someone tell me how to debug a state made with #!py. Is there a way to be in a debugger ?
14:49 mastrolinux did you read http://salt-cloud.readthedocs.org/en/latest/index.html already?
14:50 masterkorp yeah
14:53 rallytime joined #salt
14:56 mastrolinux1 joined #salt
14:56 tkharju1 joined #salt
14:57 jcsp1 joined #salt
14:57 mapu joined #salt
14:58 babilen viq: I can't find anything ...
14:59 babilen The question is how formulas as submodules should be organised
15:00 babilen Even if submodules where supported/checked out it would mean that you have to write something like "- formula.foo.foo.server" (for foo-formula)
15:00 JesseCW joined #salt
15:01 or1gb1u3 left #salt
15:01 nebuchad` joined #salt
15:03 babilen It might be best if one could use _submodules and reference submodules in there directly (without the additional level of indirection)
15:03 babilen err
15:03 tyler-baker joined #salt
15:03 babilen _formulas that is
15:03 Ahlee interesting, salt -I 'application:*foo*' works
15:05 briner How do we do, to debug state written in python (#!py)
15:10 aquinas joined #salt
15:11 Ahlee briner: turn both master and minion up to debug (or trace) and see what the error is
15:11 Ahlee make it work outside of salt and it should work inside of salt, that's my only other suggestion
15:15 eriko joined #salt
15:16 tkharju joined #salt
15:18 gq45uaethdj26jw6 joined #salt
15:21 ramteid joined #salt
15:29 mateoconfeugo joined #salt
15:32 rojem joined #salt
15:35 anotherZero joined #salt
15:44 sunkist joined #salt
15:45 anotherZero ok guys,  I feel like there are several ways to accomplish the same thing with salt so I thought I'd get some input on this.  I'm looking to keep several servers packages/configs/files up-to-date with a master copy.  What structure should I use to accomplish this?  Simple highstate, pillar/formulas ?
15:45 UtahDave joined #salt
15:45 codekobe Anyone have any RAM recommendations for a Salt Master on a VM.  I have about 1400 minions in a master with 2GB of RAM, and when running maintenances I am seeing Salt eat up all the RAM until it becomes unresponsive.
15:46 reikalusikka- Hi! I'm trying to use salt to create a virtualenv and install packages from my requirements.txt.  this is my code: http://pastebin.com/h3k01fBm and it doesn't work.
15:46 reikalusikka- it looks like no virtualenv is created at all. any ideas what is wrong?
15:46 codekobe Also this is running ZeroMQ version 2.1.11
15:48 codekobe not sure if that ZMQ version could be an issue
15:48 Ahlee yuck to zmq2.x, but probably not an issue here
15:48 Ahlee zmq2 has disconnect issues, not usually memory
15:48 Ahlee how many worker threads?
15:49 codekobe 40 threads
15:49 UtahDave codekobe: Yeah, I'd really recommend upgrading your zmq
15:49 tligda joined #salt
15:49 marto joined #salt
15:49 marto simple question on state file,
15:49 codekobe Does that ZMQ have memory issues, or would disconnects maybe contribute to that?
15:50 marto I want my state to require the existence of a directory
15:50 codekobe Also, any recommendations on RAM for that Master?
15:51 ipalreadytaken joined #salt
15:51 UtahDave codekobe: how difficult is it for you to upgrade your master?  Part of your problem is with 40 workers that's going to take more ram
15:51 ndrei joined #salt
15:52 codekobe its a VM, so I should be able to resize it
15:52 codekobe just trying to figure out what size to to make it
15:53 UtahDave I would try dropping your workers down to 20 or 25. Then I'd bump the ram to at least 4GB.  If you can do 6GB or 8GB, that might be helpful.
15:53 HeadAIX joined #salt
15:53 codekobe Thanks UtahDave, what is the preferred version of ZMQ I should upgrade to?
15:54 UtahDave codekobe: at least 3.2.x. I'd upgrade to the newest you can.  What os are you on?
15:54 codekobe On Ubunto 12.04
15:54 codekobe Ubuntu
15:55 Ahlee my master is ~400 minions, 4G ram, 50 worker threads
15:55 UtahDave I think 12.04 provides a much newer zmq.  Or maybe it's our PPA that does.
15:55 Ahlee but i also have 8 vCPUs
15:56 Nils_ joined #salt
15:56 codekobe are the threads green threads or processes?
15:56 UtahDave processes
15:56 codekobe AAhhhh ok
15:58 codekobe Thank you guys, I really appreciate it.  Any particular version of pyZMQ to go with the ZMQ upgrade.  On 2.1.11 the ZMQ and pyzmq versions were still paired together
15:58 jcsp1 joined #salt
16:00 troyready joined #salt
16:00 UtahDave codekobe: the pyzmq version doesn't matter quite so much. The pyzmq version doesn't track the zmq version.
16:01 UtahDave Ahlee: So you found having the 50 worker threads helps on your system?
16:01 ggoZ joined #salt
16:05 erjohnso joined #salt
16:07 Joseph_ joined #salt
16:08 saltnoob joined #salt
16:09 saltnoob hi! quick question for someone that came from a Chef background such as myself:    Is there a way to call a "recipe" within an SLS Formula? Or is it one SLS formula to one "recipe" ?
16:09 thayne joined #salt
16:09 bemehow joined #salt
16:10 dude051 joined #salt
16:11 timoguin saltnoob: SLS are comparable to chef's recipes. the salt formulas are similar to cookbooks
16:11 Joseph_ saltnoob: i am not familiar with chef so i don't know the parallel. But within saltstack, you can import/call one state from another.
16:12 saltnoob Thanks, guys! timoguin: how to call from top.sls ?
16:13 timoguin not sure what your question is. how to assign an SLS to minion(s) in the top.sls?
16:16 saltnoob Sorry, let me give an example:     In top.sls, if I call      'saltminion1.example':    foo           , this will call the entire foo SLS formula on saltminion1, what if there is only a portion of foo SLS formula I want to call?
16:17 timoguin that'll include all of it, so that comes down to how you segment your SLS.
16:17 timoguin for example you could break it up into foo.server, foo.client, etc.
16:17 to_json joined #salt
16:18 KyleG joined #salt
16:18 KyleG joined #salt
16:18 timoguin so you'd create a folder called foo/ and then put server.sls and client.sls in that folder
16:19 ckao joined #salt
16:19 saltnoob exactly - so how would i go about invoking foo.server on one box and foo.client on another?
16:19 Ahlee UtahDave: Yeah, for our workload we've found 50 to be the sweet spot
16:20 jslatts joined #salt
16:21 ipalreadytaken joined #salt
16:21 timoguin saltnoob: you'd simply put foo.client and foo.server in the top.sls rather than using just foo
16:22 timoguin example, all my minions get the salt.minion state
16:22 timoguin but only my masters get salt.master
16:23 HeadAIX joined #salt
16:24 Joseph_ is anyone familiar with bridge networking on CentOS?
16:24 saltnoob ah gotcha - glad I picked a fitting nickname for myself for this IRC lol...
16:24 saltnoob Thanks, timoguin!
16:24 kballou joined #salt
16:24 babilen Joseph_: #centos comes to mind
16:25 Joseph_ babilen: yea but i need to "bridge" the gap between salt and centos no pun intended
16:25 Joseph_ babilen: i want to understand how salt manages bridging on centos to determine whether's a 1. bug in the network module for centos or 2. a documentation gap
16:25 babilen Joseph_: In that case the best suggestion I can give you is: Assume "yes" and simply ask your real question
16:26 bemehow_ joined #salt
16:26 Joseph_ babilen: following these instructions bricked my networking http://salt.readthedocs.org/en/latest/topics/tutorials/cloud_controller.html#hypervisor-network-setup
16:26 Joseph_ as in i had to use out of band facility to fix what salt screwed up
16:27 Joseph_ i want to understand how to successfully create a bridge via salt in order to use a hypervisor for cloud control functionality
16:29 shaggy_surfer joined #salt
16:29 babilen Wonderful, that's a much better question. Alas I have no insight in the content matter and therfore have to regretfully step back and hope that somebody who *does* know the issue can offer much appreciated insights
16:30 Joseph_ babilen: okay thanks.
16:32 babilen Joseph_: What was the error though and did you check the issue tracker if it has been fixed?
16:33 Joseph_ babilen: ...no response cause it lost all network connectivity. I checked on the minion and i didn't see anything obviously wrong on the salt side at least.
16:34 Joseph_ babilen: that's why i am kinda stumped...i know a bad thing happened "networking bricked" but i don't know why. Certainly could be user error though which is why i wanted to get a better handling on how its supposed to work.
16:34 codekobe UtahDave - do Salt master and salt minion ZeroMQ versions have to be upgraded simultaneously?
16:36 chrisjones joined #salt
16:36 srage joined #salt
16:37 joehillen joined #salt
16:38 papul joined #salt
16:38 papul left #salt
16:39 notpeter_ joined #salt
16:42 HeadAIX joined #salt
16:43 redondos joined #salt
16:43 redondos joined #salt
16:43 babilen Joseph_: What was wrong about the network configuration afterwards and how did you configure it?
16:44 Gareth morning
16:44 Joseph_ babilen: ...it might be this section 3.5.1.1.3. Virtual Machine Network Setup
16:44 Joseph_ it says somethign to the effect of "make sure bridging is set up correctly"
16:44 Joseph_ but doesn't specify what that means
16:44 schimmy joined #salt
16:44 Joseph_ one quirk of centos is that it does NOT enslave a NIC to a bridge even though it creates the br0 NIC
16:45 Joseph_ i may need to add another check to validate whether NIC has  been enslaved to the bridge or not
16:45 Joseph_ i am referring to the network scripts btw
16:46 babilen Joseph_: That's ludicrous, why would they do that?
16:46 Joseph_ babilen: not sure i follow. What's ludicrous?
16:46 schimmy1 joined #salt
16:46 jalbretsen joined #salt
16:47 meteorfox joined #salt
16:47 babilen Joseph_: To setup briding in such a way that it wouldn't work
16:47 babilen *bridging
16:48 Joseph_ babilen: well i am guessing that in their environment it did work. :)
16:48 babilen I meant CentOS, but meh ..
16:49 Joseph_ babilen: ha! i have actually been scouring the internet about just that.
16:49 Joseph_ babilen: and every other post says it SHOULD create the bridge assumign i linked the physical nic network script with the bridge network script
16:49 Joseph_ but nada
16:50 Joseph_ babilen: alas strace and "bash -x"
16:50 Joseph_ haven't revealed anything obvious
16:50 miqui_ joined #salt
16:50 timoguin guess that's what happens when you only pay a penny for your linux
16:50 Joseph_ anyway i am going to add a block to my SLS to specifically deall with that
16:51 babilen Joseph_: We are, luckily, not a CentOS shop so I am not familiar with this quirk, but is there a bug report about that?
16:51 Joseph_ timoguin: well true but i would expect that red hat would behave exactly the same way and the last i checked they made more than a penny
16:51 timoguin don't add logic to my joke!
16:51 penguin_dan joined #salt
16:52 diegows joined #salt
16:52 Joseph_ timoguin: apologies sir for killing your joke
16:52 UForgotten timoguin: woosh lol
16:52 Theo-SLC joined #salt
16:53 dude^2 joined #salt
16:53 tyler-baker joined #salt
16:54 Theo-SLC I'm trying to write a custom pillar that will return multiple pillar items.  Any docs for this?
16:55 meteorfox joined #salt
16:55 babilen Theo-SLC: It's easy, just return a suitable dictionary and you are set.
16:55 meteorfox joined #salt
16:56 penguin_dan joined #salt
16:56 UtahDave Ahlee: cool, thanks for the info!
16:56 Theo-SLC I'm new to python.  I guess I need help building that dictionary.  Was hoping to draw from some existing example.
16:56 meteorfox joined #salt
16:57 meteorfox joined #salt
16:57 babilen Theo-SLC: http://paste.debian.net/106391/ is the basic idea .. you can to whatever you want to build that dictionary.
16:58 babilen http://paste.debian.net/106392/ probably, but the rest is just Python. What are you trying to do?
16:59 babilen Which reminds me: Is there some way to utilize Python 3 in salt? What *are* the plans concerning Python 3?
17:00 timoguin m2crypto is the big blocker i believe
17:00 babilen There are so many awesome things in py3 that I would love to use
17:00 timoguin RAET implements curve crypto, which will get rid of that dependency
17:00 fllr joined #salt
17:00 Joseph_ targeting question....say i execute this command salt -G 'nodename:ic-hadoop48.obt.mgmt' test.ping
17:01 Joseph_ I would expect that it would only hit the node with that nodename grain value,....correct?
17:01 fllr Hey guys. I wanna upgrade the version of Jinja salt is using. Is it ok to upgrade it, or does salt depends on a specific version of it? Also, should I update just the master, or the minions too?
17:02 babilen timoguin: btw, what was the reason for developing RAET and not use one of the other message brokers that are already available?
17:02 babilen timoguin: Do you mean that crypto will be in-house in RAET?
17:02 thayne joined #salt
17:02 manfred fllr: should be ok to update it
17:02 UtahDave babilen: no RAET uses nacl
17:03 manfred fllr: Jinja2 (2.7.3)
17:03 jcockhren na.cl? NICE!
17:03 manfred fllr: that is what i am using
17:03 Joseph_ UtahDave: i am on 2014.1.5....when i target a specific minion using grain or pillar i hit all minions instead of what i targeted. Known issue?
17:03 fllr manfred: Right, that's the version I wanted.
17:03 UtahDave babilen: be aware though, Salt is going to have to support python 2.6 and python 2.7 for a LONG time, so we're not going to always be able to use all the coolest new Python 3 features.
17:03 fllr manfred: Did you upgrade the minions also
17:03 manfred fllr: i just have all the dependencies straight from pip
17:04 UtahDave Joseph_: Hm.  That's a new one.
17:04 babilen UtahDave: Right, that goes without question, but I'd like to use it for states and pillars. I can totally understand that a complete transition to py3 is something that has to be meticulously planned.
17:04 UtahDave Joseph_: Could you open an issue on that?  The more info you can give the better.
17:05 chiui joined #salt
17:05 Joseph_ UtahDave: okay....nothing obvious in the logs...though i'll jack it up to debug and see if anythign comes out
17:05 babilen Joseph_: Or provide said info on a pastebin first (contents of the pillars, test.ping runs, ...)
17:05 UtahDave thanks, Joseph_!
17:05 Joseph_ babilen: right now i am just grain targeting on fqdn
17:05 Joseph_ babilen: do you want the whole python dict?
17:06 babilen Joseph_: I simply like to see what you are seeing so that I can make up my own mind. It just happens too often that somebody summarises an issue and overlooks the actual problem.
17:06 Joseph_ babilen: sure but i just wanted ot make sure i was giving you the information that you are asking for
17:07 babilen UtahDave: So in a way I was rather thinking about "#!py3" or so for now.
17:07 UtahDave babilen: Yeah, that shouldn't be a problem, I don't think.
17:07 babilen UtahDave: Should I open an issue for that?
17:08 UtahDave babilen: for python3 support?
17:08 babilen For a py3 renderer for states and pillars
17:08 bhosmer joined #salt
17:09 tristianc|Alt joined #salt
17:10 Joseph_ babilen: https://gist.github.com/jaloren/3a3ce7f0882454df57ac
17:10 UtahDave babilen: Yeah, in fact, I wonder if it would be possible to have a py3 renderer right now if both python2.x and python3.x are installed on the system.
17:10 Joseph_ and this is what is in the salt master logs ......[DEBUG   ] Published command details {'tgt_type': 'grain', 'jid': '20140623120730247692', 'tgt': 'fqdn:ic-hadoop45.obt.mgmt', 'ret': '', 'user': 'sudo_obt-user', 'arg': ['20140623120725214844'], 'fun': 'saltutil.find_job'}
17:11 babilen UtahDave: That's exactly my thought, but I am simply not familiar enough with salt's codebase yet to answer that question. It was more a "If possible, would this be a nice to have feature?" question.
17:11 Ryan_Lane joined #salt
17:11 aw110f joined #salt
17:12 UtahDave I think it might be possible, because a renderer calls out to whatever rendering software you're wanting to use. I'm not 100% sure, but it seems to me that it should be possible to call out to python3.  It's definitely worth investigatin, especially if you'll find it useful
17:12 babilen I know that I like python3 and if I had a wish I'd hope that *everything* transitioned already, but that sentiment might not be shared among salt upstream devs
17:12 UtahDave We do want full python3 support, but again, Salt itself will be both python2.6 compatible for years to come, due to OS support
17:13 * babilen blames RedHat
17:13 Joseph_ UtahDave: i feel so bad for python devs. with the phython3/2 split it seems like its a never ending nightmare
17:13 rlarkin I'm still getting saltenv='' confused.  sometimes it only works if file sourc:// lines have ?saltenv= appened, but other times that never works and I have to append it as a kwarg to salt-call
17:13 xmj blaming redhat is always a valid strategy, for everything.
17:13 babilen xmj: heh
17:13 Joseph_ I hear red hat 7 is finally going to support python 2.7
17:14 Joseph_ They just can't bear to move cause they don't want to rewrite yum
17:14 babilen UtahDave: Let me check how renderers are implemented ...
17:14 Ahlee Long live python2
17:14 ekristen joined #salt
17:15 babilen Ahlee: NOOO!
17:15 rlarkin I used to have to spend a lot of time trying to convince RH to update drivers between major releases.  the response was always analogous to '*&5%@ off, we're RedHat'
17:15 Ahlee python3 did to python what perl6 did to perl
17:15 logix812 joined #salt
17:15 Joseph_ Ahlee: lol thems fighting words...and actually i don't think its THAT bad perl6  was basically a completely different language in a lot of ways but yea i get your point.
17:15 Ahlee i've never looked at python3, so i honestly can't tell you what benefit it gives
17:15 Ahlee :)
17:15 babilen You should
17:15 timoguin print("lots of stuff!")
17:16 Joseph_ Ahlee: py3 has a ton of amazingly cool stuff in it but python 2 "works" so why would i change things when i have something that "works"
17:16 Ahlee indeed
17:16 xmj I hear python 3.5 will come with braces
17:16 * xmj runs
17:16 Joseph_ and that's why IE6 is sitll the only officially supported browser in some enterprises
17:16 babilen Primarily because you can write better, shorter and easier to maintain code that doesn't break whenever a strange unicode character comes along
17:16 timoguin babilen: one difficulty i can think of with a py3 renderer is the need to ensure python3 is installed on all minions before things will render
17:17 repl1cant xmj: noticed your 'runs' .. thought you were serious for a sec!
17:17 babilen timoguin: I'd be fine to say "This formular requires the installation of python3 on minions"
17:17 Joseph_ timoguin: couldn't that be handled with a virtual environment with a local complied python3 stored in the salt directory?
17:17 xmj repl1cant: from future import __braces__ ?
17:17 repl1cant ewwww
17:17 timoguin http://www.pythonb.org/
17:17 timoguin Joseph_: I suppose so
17:19 Joseph_ once m2crypto is taken out is there anything that prevents salt from moving to 3.0?
17:19 n8n joined #salt
17:21 UtahDave That's pretty much it.  I'm guessing that we'll find some other issues that pop up, but we've been working since the beginning to make Salt python 3 compatible
17:21 babilen Joseph_: The need to support master and mininon host systems that haven't been updated in the many years that python3 has been released
17:23 babilen Joseph_: Which is why you probably can't go "full python3" with all bells-and-whistles, but would have to restrict yourself to the subset that is supported by https://wiki.python.org/moin/3to2
17:24 jaimed joined #salt
17:24 Joseph_ babilen: hmmm yes probably if we are forced to stick with the global python interpreter when running salt modules
17:24 shaggy_surfer joined #salt
17:25 mgw joined #salt
17:26 babilen Joseph_: The general approach is detailed in https://docs.python.org/3/howto/pyporting.html and I was hinting at the "Writing Source-Compatible Python 2/3 Code" approach detailed in there
17:26 ramishra joined #salt
17:26 jnials joined #salt
17:27 ramishra_ joined #salt
17:28 tkharju joined #salt
17:31 TheThing joined #salt
17:35 babilen UtahDave: Hmm, it doesn't look *that* easy as you would essentially have to provide a python3 template renderer in salt/utils/templates.py and the renderers have all be using python2 versions of their respective libraries.
17:35 babilen *been
17:36 HeadAIX_ joined #salt
17:36 felskrone joined #salt
17:38 jalaziz joined #salt
17:38 tristianc|Phone joined #salt
17:39 ramishra joined #salt
17:41 bhosmer joined #salt
17:41 bhosmer_ joined #salt
17:42 picker joined #salt
17:44 conan_the_destro joined #salt
17:48 tristianc|Phone joined #salt
17:50 manfred babilen: python 3.3 and then 3.4 made it much easier to write compatible code between the two, the plan would be to use the six shim library a lot
17:50 manfred and a lot of __future__ s
17:50 babilen yeah + modernize and maybe even future
17:50 manfred yes
17:51 obimod joined #salt
17:51 obimod hey guys! has anyone seen this b4? Passed invalid arguments: object of type 'ConstructorError' has no len()
17:52 xcbt joined #salt
17:52 manfred babilen: can't wait for 31 March 2020
17:52 manfred http://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Product_life_cycle
17:53 druonysus joined #salt
17:54 Theo-SLC babilen: thank you for the earlier example, but I need further help.  Can anybody point me to custom pillar code that produces a multi dimensional dictionary?
17:54 HeadAIX joined #salt
17:54 obimod thought you said multi dimensional currency : )
17:57 rglen joined #salt
17:57 babilen heh
17:57 babilen Theo-SLC: You mean dictionaries within dictionaries?
17:59 Theo-SLC babilen: I believe so.  I need my pillar to look like this { 'topkey': { firstkey: value, secondkey: value, thirdkey: value}}
18:01 kivihtin joined #salt
18:02 Theo-SLC babilen: if you could point me to a complete pillar example that would be helpful.  Thanks.
18:04 possibilities joined #salt
18:06 babilen Theo-SLC: http://paste.debian.net/106400/
18:08 Theo-SLC babilen: thanks again, that part I understand now. I just need to figure out how to put that together with loops
18:09 babilen Theo-SLC: Read https://docs.python.org/2/tutorial/datastructures.html#dictionaries and the following "looping" chapter afterwards.
18:09 babilen Theo-SLC: It is, unfortunately, out of the scope of this channel to teach you Python.
18:10 schimmy joined #salt
18:10 Theo-SLC babilen: I understand. I wasn't asking for python lesson. just example code of pillars
18:10 Theo-SLC babilen: thanks
18:11 allanparsons joined #salt
18:12 babilen Theo-SLC: http://paste.debian.net/106402/ is an example that produces {0:1, 1:2, 2:3, ...}
18:15 masterkorp how can i install a specific version of salt with salt bootsrap
18:15 masterkorp i am using -P 2014.1.5 and its complainting
18:16 schimmy joined #salt
18:17 masterkorp ok just the version is needed derp derpedy derp
18:19 schimmy1 joined #salt
18:20 possibilities joined #salt
18:23 forrest joined #salt
18:24 dangra joined #salt
18:25 Theo-SLC babilen: figured it out.  I needed to do this first to start that "top" key/   dictioary = {'topkey': {}}
18:28 mastrolinux joined #salt
18:30 Ryan_Lane is there any way to do a watch without salt reordering my states?
18:30 Ryan_Lane I'd really like to just notify a service restart from places
18:30 Ryan_Lane but when I use watch_in, it reorders things
18:31 Ryan_Lane which forces me to use require all over the place, which defeats the purpose of ordered execution
18:32 UtahDave Hm. a watch is a require, which can reorder things... lemme think
18:32 forrest Ryan_Lane, same states or different states?
18:33 Ryan_Lane I have a set of pecl things which need to occur after php is installed, but since it is set to watch_in apache, which is defined above it, it groups them together right after the apache service
18:33 Ryan_Lane which is just mind boggling
18:33 Ryan_Lane since watch_in just means it needs to occur after, not directly after, right?
18:33 Ryan_Lane or does it mean the service needs to occur after?
18:34 Ryan_Lane this is why reordering things sucks
18:34 Ryan_Lane ansible has a concept of 'handlers', which always execute at the end of a run, after all of the tasks. you can notify them
18:35 Ryan_Lane salt is kind of wishy-washy about its ordered execution
18:35 UtahDave Is that reordering causing you problems? or is it just unexpected?
18:35 Ryan_Lane both
18:36 Ryan_Lane states are failing because I'm expecting one state to occur before another, and it's not
18:36 pclermont joined #salt
18:37 UtahDave Hm. The issue here is that a "watch" is also a "require"  So when Salt is processing everything when it finds a chunk that requires something, Salt goes and executes that "something"
18:38 Ryan_Lane yep. I want it to not do that
18:38 UtahDave I think it would be REALLY easy to implement a handler of some type to indicate a restart when everything is finished.  Err, or at the very end
18:38 VictorLin joined #salt
18:38 Ryan_Lane I'm thinking a cmd.wait, with order: last
18:38 forrest UtahDave, did you see that ticket someone opened about the windows registry key location thing?
18:38 Ryan_Lane I'm not sure how things will get reordered if I do that, though
18:39 UtahDave Ryan_Lane: that should work.
18:40 Ryan_Lane UtahDave: won't it reorder my states around that?
18:40 UtahDave forrest: yeah, I have
18:40 Ryan_Lane since I'm using watch_in/watch?
18:40 forrest cool
18:40 allanpar_ joined #salt
18:40 UtahDave I think you're right, Ryan_Lane. I believe "require" wins over "order"
18:41 Ryan_Lane so, there's basically nothing I can do to make salt not reorder things?
18:41 forrest Ryan_Lane, MORE REQUIRES
18:41 Ryan_Lane that's never the answer
18:41 forrest I can't break the habit of using them from puppet :(
18:41 UtahDave I believe so. By definition watch and require reorder things.
18:41 Ryan_Lane there's no point in saying salt has ordered execution if it actually doesn't
18:41 forrest yea totally
18:42 UtahDave I do think we can add a watch_last  or something like that so that it gets restarted at the end
18:42 quickdry21 joined #salt
18:42 tristianc|Phone joined #salt
18:42 Ryan_Lane well, I want actually ordered execution ;)
18:42 forrest UtahDave, I agree with Ryan_Lane, it might need a rework to actually do that
18:42 forrest if not it isn't truly ordered.
18:42 Ryan_Lane the only thing that's stopping that from happening right now is that I need to have some kind of watch functionality
18:43 forrest which is a selling point, and would be super confusing for users who encounter this problem that aren't experienced.
18:43 mgarfias can someone take a look at this salt-cloud error and tell me whats going on: https://gist.github.com/mgarfias/67c9aa29b5bbe08ce5b2
18:43 mgarfias Rackspace is telling me salt-cloud is the issue
18:44 forrest mgarfias, https://github.com/saltstack/salt/issues/13362
18:45 mgarfias interesting
18:45 mgarfias i'm not using public IPs tho
18:45 mgarfias only private here
18:46 UtahDave mgarfias: No, it's rackspace.
18:46 UtahDave mgarfias: I ran into the same problem with them last week, the instance never came up.  If you rerun salt cloud it will probably work
18:47 mgarfias i've rerun it 3 times today trying to start 2 instances.  I've had exactly one instance turn on
18:47 UtahDave mgarfias: what version of salt are you using?
18:47 ipmb joined #salt
18:47 bhosmer joined #salt
18:47 bhosmer_ joined #salt
18:47 mgarfias 2014.1.4
18:47 Ryan_Lane someone on twitter is complaining that it's difficult to find saltstack community version via a search. says saltstack community version should be listed under products. he's likely right.
18:48 mgarfias weird
18:48 UtahDave Ryan_Lane: True.  I'll pass that on! thanks
18:49 Ryan_Lane I'll open an issue
18:49 Ryan_Lane UtahDave: hm. actually, where does that issue belong?
18:49 Ryan_Lane not saltstack/salt, eh?
18:50 UtahDave Nah, I'll have to pass that on myself. That's not managed in a public repo
18:50 Ryan_Lane ah. ok
18:50 simmel left #salt
18:53 jaimed joined #salt
18:56 fridder joined #salt
18:59 APLU joined #salt
19:00 yano joined #salt
19:06 bemehow joined #salt
19:07 jonbrefe joined #salt
19:14 jhauser joined #salt
19:15 FeatherKing joined #salt
19:15 pclermont Ryan_Lane: when I first heard about saltstack, my first reaction when seeing the site was “Ha, this is only a paid product”.
19:15 FeatherKing does jinja have access to nodegroups?
19:16 jaimed joined #salt
19:19 Guest84057 joined #salt
19:22 racooper does anyone have a state/pillar example of defining users and setting quotas? i'm trying to figure out the syntax to do that....
19:23 dude051 joined #salt
19:24 manfred racooper: it doesn't do anything with quotas yet, https://github.com/saltstack-formulas/users-formula
19:24 manfred but it could
19:25 jalbretsen joined #salt
19:26 allanparsons joined #salt
19:27 Katafalkas joined #salt
19:28 mapu joined #salt
19:28 racooper thanks. looks like I have more reading to do....
19:28 Guest84057 joined #salt
19:30 Katafalk_ joined #salt
19:30 jaimed joined #salt
19:30 babilen Theo-SLC: I could help you better if you would let me know what you are trying to do exactly. :)
19:30 babilen Or paste your current code
19:30 anotherZero ok guys,  I feel like there are several ways to accomplish the same thing with salt so I thought I'd get some input on this.  I'm looking to keep several servers packages/configs/files up-to-date with a master copy.  What structure should I use to accomplish this?  Simple highstate, pillar/formulas ?
19:33 ajw0100 joined #salt
19:33 babilen anotherZero: I typically opt for the pillar/formula approach in which I set "static" data in map.jinja (stuff like package/service names that differ between distributions, ...)
19:34 anotherZero ok thanks :)
19:34 babilen anotherZero: But there simply is no way to answer that question without knowing what this is about. Writing a formula for something trivial might just be overkill
19:34 SoberVader joined #salt
19:34 SoberVader left #salt
19:34 Guest84057 joined #salt
19:35 babilen It's just that I often find that "simple" things tend to become more complex as time passes and the "formula approach" (as detailed in http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html) simply makes for cleaner code in the long run.
19:35 anotherZero There are about 20 packages that I need to have installed (correct version), major configs, mods enabled, etc etc etc
19:36 anotherZero so i think i agree with your thinking here babilen
19:36 Guest84057 joined #salt
19:36 babilen I'd say as soon as you three things come together you *definitely* want a formula: 1. Install packages that differ between distros 2. You have configuration files that should be touched by users 3. You start a service and have to restart it when configuration changes
19:38 Guest84057 joined #salt
19:38 ajw0100 joined #salt
19:38 anotherZero perfect.  thanks for that.
19:38 babilen My approach is typically: 1. Write formulas for the building blocks 2. "simple" states that adapt formulas to my environment (small "extend: .." statements that set, for example, a different repository for the package install, nothing major) 3. Formula configuration in pillars + 4. (most importantly) states that configure specific services I want to offer (e.g. the "- web.example.com" state that pulls in *everything* that is needed to host ...
19:39 anotherZero I was feeling a little behind the curve trying to learn all the formula and pillar stuff
19:39 babilen ... www.example.com)
19:40 babilen I found that I don't really care what the building blocks of a service are and I really don't care that minion foo runs service bar, what I do care about is that a particular service is offered by a specific minion.
19:40 babilen The document that details formula conventions is great
19:40 rogst joined #salt
19:40 Ryan_Lane if I want to run a command when a package is installed, how would I go about that?
19:41 Ryan_Lane I tried using cmd.wait and watch_in, but that didn't seem to trigger it
19:41 babilen Ryan_Lane: You mean after the package installed and only then?
19:41 Ryan_Lane yes
19:41 Ryan_Lane onchange?
19:42 kballou joined #salt
19:42 babilen And cmd.wait doesn't work?
19:42 Ryan_Lane it didn't seem to trigger it, no
19:43 babilen Hmm, I would have expected that to work :-/
19:43 Ryan_Lane yeah, same. I'm probably doing it incorrectly
19:44 anotherZero you're doin it wrong
19:44 mrphilh joined #salt
19:45 babilen Ryan_Lane: Could you paste your states and the output of the highstate run?
19:45 Ryan_Lane https://gist.github.com/ryan-lane/b115aa455d07ad2dd98b
19:45 babilen ta
19:46 gfa joined #salt
19:46 Ryan_Lane there may be better ways for me to accomplish this
19:46 ldlework ta mo
19:46 Ryan_Lane I'm installing a wrapper that causes 'service apache status/reload/restart/start' to no longer see the pid that was created
19:46 jalaziz joined #salt
19:47 babilen Ryan_Lane: I wonder why you have to do that at all. Which distribution does that target?
19:47 bemehow joined #salt
19:47 Ryan_Lane we do some weird stuff with taskset which causes us to wrap apache
19:47 Guest84025 joined #salt
19:48 babilen Ryan_Lane: And the highstate run? That doesn't really show that that state is not executed when the "Ensure apache packages are installed" state has changes.
19:48 Ryan_Lane the 'Ensure apache is stopped on install' id isn't in the output at all
19:49 Ryan_Lane but 'Ensure apache packages are installed' shows as Changed
19:53 babilen Ryan_Lane: That should work. It really should.
19:53 babilen What are the changes in the "Ensure apache packages are installed" state?
19:53 gfa {{ salt['grains.get']('host') }} used to work with 0.17 with 2014.1 does not longer work
19:54 gfa in a state file
19:57 Ryan_Lane babilen: no clue. I had it in mixed output mode
19:57 Ryan_Lane anyway, that's not a great solution anyway
19:58 Ryan_Lane it's prone to failure
19:58 jnials joined #salt
19:58 jnials joined #salt
19:58 rallytime joined #salt
19:59 possibilities joined #salt
20:00 babilen gfa: Can you run "salt 'foo' grains.item host" on the master? What *does* happen in that state?
20:00 Guest84025 joined #salt
20:00 Ryan_Lane oh, my watch/watch_in is backwards, isn't it?
20:01 babilen yeah
20:01 babilen m(
20:01 babilen You want that state to watch another state
20:01 babilen Sorry, selective blindness :)
20:02 UtahDave joined #salt
20:03 gfa babilen: it works, it shows the hostname
20:03 babilen gfa: And what happens in state?
20:04 babilen gfa: If you use "{{ salt['grains.get']('host', 'STUPIDDEFAULT') }} do you get STUPIDDEFAULT there?
20:05 gfa babilen: http://paste.debian.net/106421
20:06 gfa i will try STUPIDDEFAULT
20:06 babilen heh
20:07 gfa babilen: i found the issue, there was an error in other piece of the state but is totally unrelated
20:08 gfa http://paste.debian.net/106422/ nic name was wrong
20:08 babilen What was/is the state you were using? (always hard to debug something without actually seeing it)
20:10 gfa babilen: http://paste.debian.net/106423/ --> state file
20:10 gfa i was running it, salt-call -l debug state.sls monitoreo on a server without eth1, it had eth1 on line #108
20:10 gfa but failure was on line
20:11 gfa but failure was on line 133
20:11 gfa weird
20:11 babilen That's weird
20:11 babilen yeah
20:11 dude051 joined #salt
20:13 babilen But then it was simply the next call to grains, there might be some underlying reason why that behaviour is to be expected :)
20:21 Deevolution joined #salt
20:22 ifmw joined #salt
20:24 ifmw I'm trying to figure out an easy to use tool for configuring my various VPSes. Does saltstack have a real straightforward and already documented (examples!) way of doing something like helping me get the latest nginx source code and compiled with all the required flags?
20:25 Ahlee If you're compiling nginx on all of your servers, you're doing it wrong.
20:25 forrest Ahlee, ++
20:25 jcockhren heh
20:25 Ryan_Lane unless you're running this inside of packer
20:26 Ahlee but, yes, saltstack could perform that task via cmd.run
20:26 timoguin ifmw: but, yes, it does: https://github.com/saltstack-formulas/nginx-formula
20:26 timoguin the nginx-formula has the source option
20:26 timoguin but yea i wouldn't do that
20:26 Ahlee no kidding? nice, I guess
20:26 forrest yea I can't remember who added the source option
20:26 forrest I appreciate it, but I also curse them
20:27 cwright joined #salt
20:27 xinkeT joined #salt
20:27 timoguin my first job out of college was a company that had a bunch of failing EOL'd slackware servers where every.thing was compiled from source
20:27 timoguin it was not a fun time
20:27 ifmw Ahlee: my vpses are not uniform, various versions of ubuntu and debian server, not all running on the same hardware
20:28 rogst joined #salt
20:28 cwright joined #salt
20:28 Ahlee I feel bad for my statement now
20:29 Ahlee not for the justification, just for the nature of hte statement in general
20:29 Ahlee anyway
20:29 timoguin now go do your penance, Ahlee
20:29 forrest lol
20:29 forrest ifmw, as the other guys said, it's totally possible to do so
20:29 forrest salt makes that really easy.
20:29 Ahlee ifmw: Have you gone through the start docs?
20:31 ifmw I'll give salt a go. I burned an entire weekend on chef and realised it was exactly the sumo I didn't want to wrestle
20:31 timoguin lol
20:31 * timoguin add phrase to inventory
20:31 timoguin i will now use that in at least 3 serious conversations a week.
20:32 Ahlee ha, awesome.
20:32 forrest ifmw, there are a lot of good starter tutorials out there.
20:32 forrest ifmw, http://hungryadmin.com/building-a-static-blog-and-deploying-it-with-saltstack.html if you want to just mess with something quick and get your feet wet
20:32 forrest and there are others that go about setting up the master/minion as well
20:32 forrest including the official tutorial
20:32 forrest just depends on what kind of 'style' of learning you prefer I guess.
20:33 druonysuse joined #salt
20:35 ifmw oh
20:35 oz_akan_ joined #salt
20:35 ifmw my
20:35 ifmw goodness
20:35 forrest ifmw, ?
20:35 ifmw that tutorial is INCREDIBLE
20:36 forrest the main saltstack one?
20:36 ifmw hungryadmin
20:36 forrest oh thanks
20:36 forrest I was concerned for a while it was too verbose
20:36 forrest but no one seemed to complain
20:36 ifmw the author explains what and why everywhere
20:36 ifmw ah YOU wrote it? Excellent. Most tutorials say to do things but I never know why I'm doing it
20:37 Ahlee Is that yours forrest?
20:37 forrest Ahlee, yea
20:37 Ahlee nice
20:37 forrest it's the tutorial that sets up the blog that it's on
20:37 Ahlee IMO salt needs more concrete examples
20:37 forrest Ahlee, yea I started that 'example projects' page
20:38 Ahlee forrest: you see my question from earlier with pillar targeting?
20:38 forrest ifmw, let me know if you find something missing or confusing in that tutorial, I should probably link the repo much more directly
20:38 forrest Ahlee, nope, was at lunch
20:38 Ahlee https://groups.google.com/forum/#!topic/salt-users/_YjBAlAtlqo
20:39 ifmw I started off this afternoon installing an ssl cert on a droplet and configuring nginx for it, filesystem permissions. Then on to try to configure fail2ban and create some additional rules to stop the /phpmyadmin /admin bots, then a while reading about regular expressions
20:40 forrest ahh
20:40 ifmw and then collapsed in a pile of sadness realising I do this every few months
20:40 forrest hah
20:40 forrest there's a fail2ban state
20:40 forrest https://github.com/saltstack-formulas
20:41 ifmw and now I just need to put all this stuff into some scripts so I can run them
20:41 babilen the fail2ban formula is nice and easy to use
20:41 forrest ifmw, cool, let us know if you have questions, usually someone is around to answer
20:41 ifmw figured, heck, since this yak is half shaved and I still haven't started putting the *content* on my selfhosted website, I might just finish shaving and use salt, so I have a yakshaving robot in the yard :)
20:41 Ahlee i kind of feel bad now that i don't run salt on my own systems
20:42 babilen Next time I'll install my personal systems I'll use salt :)
20:42 babilen That allows me to procrastinate most productively
20:43 Guest84025 joined #salt
20:43 forrest Ahlee, I don't know what you're missing there, the way you're targeting is the same way I would do it
20:43 forrest the compound matcher should  be grabbing that I'd think.
20:44 forrest unless maybe it's application.foo?
20:44 forrest I don't see why it would be, but maybe...
20:44 Guest84025 joined #salt
20:44 Ahlee checking
20:45 Ahlee nope
20:45 Ahlee suppose i'll set up a develop test environment and see if it's fixed
20:46 Ahlee so then in anohter 6 months when i upgrade i can finish this project
20:46 forrest Ahlee, lol
20:46 forrest did you already ask Dave?
20:46 forrest he's actually here instead of slacking on conference vacation today :P
20:48 Guest84025 joined #salt
20:48 UtahDave :) forrest.
20:48 UtahDave Ahlee: Are you running into an issue with pillar targeting?
20:48 ajolo_ joined #salt
20:49 forrest yea he linked it above UtahDave https://groups.google.com/forum/#!topic/salt-users/_YjBAlAtlqo
20:51 mastrolinux joined #salt
20:51 Ahlee UtahDave: what forrest said
20:52 UtahDave hm. I know that when matching against a list in a grain you can only match on one item. I'm not sure the behavior with sub dictionaries is defined.
20:53 UtahDave Ryan_Lane: I started a discussion on regarding the website. I guess they're actually working on improving the website, so that's a much welcomed bit of info.  Thanks!
20:53 Guest84025 joined #salt
20:54 Ahlee UtahDave: fair enough
20:54 UtahDave I'm checking with a couple people to see what should happen there.
20:55 Hell_Fire_ don't you have to use -G for matching the grain?
20:55 UtahDave Hell_Fire_: yeah
20:55 Guest84025 joined #salt
20:55 UtahDave Ahlee: have you tried just have 'foo'  in the list and not the version number?
20:55 UtahDave a string instead of a dict?
20:55 aw110f Hi any chance there will be a new release on EPEL RPM with this fix https://github.com/saltstack/salt/issues/13410  ?
20:55 shaggy_surfer joined #salt
20:56 UtahDave aw110f: yeah, that fix should be in the next bugfix release.
20:56 Ahlee UtahDave: no, as that's an external pillar we're populating and passing to pkg.installed to ensure specific versions are instaled
20:56 Ahlee so i need to be able to associate key:value for software:version
20:56 aw110f anytime line for 2014.1.6?
20:56 UtahDave aw110f: actually, let me check it that has been cherry picked.
20:56 UtahDave Ahlee: ah, ok.
20:57 miqui joined #salt
20:57 forrest UtahDave, https://github.com/saltstack/salt/pull/13417
20:57 forrest pretty sure it wasn't because of Ryan_Lane's comment
20:57 UtahDave yeah.
20:58 Guest84025 joined #salt
20:59 Guest84025 joined #salt
21:00 Guest84025 joined #salt
21:03 tkharju1 joined #salt
21:04 techdragon joined #salt
21:04 Guest84025 joined #salt
21:07 yomilk joined #salt
21:09 notpeter_ joined #salt
21:09 dlam joined #salt
21:10 dlam hmm i got 4 application servers, and in a shared 'deploy' salt state I want to run this shell command only on the first:  anyone know how to go about doin that?
21:10 dlam maybe that overstate thing?1
21:11 rallytim_ joined #salt
21:11 ldlework dlam: I usually break conditional stuff down to depending on pillar data
21:11 rallytim_ joined #salt
21:11 ldlework Then I simply don't render that part of the state
21:11 ldlework if the condition in the pillar data is not true
21:11 Guest84025 joined #salt
21:11 forrest dlam, either write another state specifically for that machine and target it in your top file, or in the shared deploy state you could do a grain check, or do a check in the pillar data
21:12 dlam ooo pillar data sounds good i think
21:12 rallytime joined #salt
21:14 bhosmer_ joined #salt
21:15 Guest84025 joined #salt
21:16 dude051 joined #salt
21:16 Guest84025 joined #salt
21:18 Guest84025 joined #salt
21:20 Guest84025 joined #salt
21:24 ajw0100 joined #salt
21:28 Guest84025 joined #salt
21:29 gfa how can i set a default value for a grain? one of my custom grains is not defined on all minions, when the grain is not defined state throws and error if i do {% if grains['custom'] == ('foo') %}
21:30 Eugene "is defined" http://jinja.pocoo.org/docs/templates/#builtin-tests
21:30 forrest gfa, http://docs.saltstack.com/en/latest/topics/targeting/grains.html#syncing-grains
21:31 forrest Eugene, did you see the eventbrite page I linked last week?
21:31 Eugene I missed it
21:31 forrest http://www.eventbrite.com/o/saltstack-3821350509
21:31 Guest84025 joined #salt
21:32 Eugene Danke
21:33 mafro joined #salt
21:33 forrest yup
21:34 mafro lo I’m still struggling with an intermittent failure in salt.client.LocalClient
21:34 gfa Eugene: thanks, that is what i was looking for
21:34 mafro CLI queries succeed every time, but runing the same call via code fails *most* of the time
21:34 mafro the /most/ part is most annoying :p
21:36 Guest84025 joined #salt
21:36 Eugene Is there an address on this? Not seeing it in Eventbrite
21:38 Guest84025 joined #salt
21:38 forrest Eugene, click on 'more info' next to Seattle - Flowroute
21:38 Eugene Aha, so it is
21:39 jchen https://www.eventbrite.com/e/saltstack-documentation-sprint-tickets-12010895913?aff=eorg ?
21:39 mafro debugging this, it seem that LocalClient().cmd() return before “Returning information for job” appears on the minion
21:39 jchen san fran, salt lake, seattle and google hangout
21:39 forrest jchen, yep that's the one
21:39 Guest84025 joined #salt
21:41 srage_ joined #salt
21:43 Guest84025 joined #salt
21:43 wendall911 joined #salt
21:45 Guest84025 joined #salt
21:47 mafro a timeout increase in cmd() appears to be the solution
21:47 londo_ joined #salt
21:49 kermit joined #salt
21:52 Hell_Lap joined #salt
21:54 Hell_Lap what's a good way to expose a value on one minion to another? I've looked at trying to do it with a combination of grains and mine, but doesn't seem to quite work how I expect, I'm probably overthinking it :P
21:56 forrest Hell_Lap, custom grain?
21:57 Hell_Lap That's what I was thinking of for my first go at it, seems to act a little odd though, might have to plug at it some more, otherwise I may have to go peer + publish probably
21:59 Guest84025 joined #salt
22:02 srage joined #salt
22:03 Guest84025 joined #salt
22:04 aw110f Hi UtahDave: Any suggestion where I can get salt with this fixed https://github.com/saltstack/salt/issues/13410  ?
22:04 dude051 joined #salt
22:05 forrest aw110f, Did you already try to drop the fix in manually?
22:05 rojem joined #salt
22:05 forrest that's what I would suggest
22:06 jalbretsen joined #salt
22:06 Guest84025 joined #salt
22:12 alekibango joined #salt
22:12 TaiSHi Hi all
22:12 TaiSHi Small question
22:12 TaiSHi When I define a name in salt-cloud providers
22:12 TaiSHi As "do" or "whatever"
22:13 TaiSHi It does have a provider: field
22:13 TaiSHi This means I can have more than one provider inside that group?
22:13 mafro joined #salt
22:13 UtahDave aw110f: that should be in the next release
22:13 UtahDave you could also drop the new file in /srv/salt/_modules/ and sync it out
22:14 UtahDave TaiSHi: no, you can only have one provider in your provider.
22:14 seventy3 joined #salt
22:15 jaiganeshvp_ joined #salt
22:15 jaiganeshvp_ hi all
22:15 jaiganeshvp_ one question..
22:15 Luke_ joined #salt
22:16 jaiganeshvp_ how do i run a service as a root in salt minion? I am trying to run a program that binds to UDP port 514 and listen - but gets booted out with Permission Denied I am on a Ubuntu 12.04
22:17 notpeter_ Is anyone else using out there leveraging git branches to allow for testing of a branch and not just for static qa/test/prod branches?
22:17 aw110f Scheduler is broken in 2014.1.3 and 2014.1.4 but works in 2014.1.5 which is why i want to upgrade, ok thanks UtahDave:
22:17 notpeter_ Like I'd like to be able to be able to easily switch a minion from running one branch to another easily.
22:19 rawtaz left #salt
22:20 TaiSHi UtahDave: then I don't understand why there is a 'provider' field if I'm already providing it a name (do)
22:20 Hell_Fire_ joined #salt
22:21 UtahDave the provider field really should be named something like "driver"
22:21 TaiSHi Ahhh
22:21 forrest notpeter_, sure, set the rev value to a pillar variable, then just update pillar and apply to the associated machines?
22:21 TaiSHi That clarifies things
22:21 TaiSHi A lot
22:21 UtahDave you can define multiple providers that use different AWS accounts.
22:22 babilen notpeter_: That almost works fine if you set gitfs_base to a different branch and treat that branch as master. Unfortunately you cannot do the same for pillars (there is no pillars_base settings) so you'd have to have a local checkout for that.
22:24 jaiganeshvp_ how to set the user to a service defined in salt - particularly setting the service to be executed as root
22:28 ahammond_ joined #salt
22:28 ahammond_ joined #salt
22:29 jonbrefe1 joined #salt
22:29 babilen jaiganeshvp_: Write a proper init script for it (see /etc/init.d/README and /etc/init.d/skeleton)
22:30 notpeter_ babilen: I'd prefer to not have to edit /etc/salt/master everytime I want to test a branch.  Basically I'd like to be able to make changes to a branch, maybe I'd change a single grain or some such to toggle to an arbitrary branch without risk of anything happening existing minions.
22:30 babilen (use start-stop-daemon to start it)
22:31 ksk hey
22:31 babilen notpeter_: I understand, but you have to configure a minion to use your current branch. You can either do that by changing your minion's config or by targetting that particular minion
22:31 TaiSHi Hmm, I'm getting a weird error
22:32 TaiSHi [ERROR   ] Failed to create VM front01-test. Configuration value 'fsn_deploy' needs to be set
22:32 TaiSHi ssh_key_name: fsn_deploy <- relevant line in config file
22:32 srage joined #salt
22:33 notpeter_ babilen: So how can I change the minion's config to use a different branch? (and you're saying that wouldn't apply to pillar data...)
22:34 TaiSHi Ah, I think I know what it is
22:35 babilen notpeter_: err, forget it. (sorry, it's late here) :)
22:38 ahammond what if any thought or work has been done on managing iptables? At the very minimum I need to aggregate the allow rules for a number of services. What is the best practice for this?
22:39 jaiganeshvp_ how to run a service as root? i get permission denied even if i say the user is root in the sls file where i have defined service
22:40 Eugene There's the iptables states system
22:44 ahammond Eugene that looks like it's intended to manipulate iptables state directly. I guess I could do that and then call iptables-save or something like that so that the rules persist between reboots. Kinda fugly though.
22:45 Eugene I haven't used it myself because of its newness, but I believe save:True will do the heavy lifting for ya
22:47 manfred ahammond: the iptables state can be set to save to a file
22:47 manfred ahammond: otherwise, i would use several files, and then include ones based on the states that are being applied
22:47 manfred using jinja*
22:49 ahammond manfred how would I figure out which states are relevant. In other words, how do I say, "for each formula foo that top.sls says applies, if there's a foo/iptables.sls, include it"
22:50 pssblts joined #salt
22:50 manfred ahammond: you wouldn't do that
22:51 kermit joined #salt
22:51 manfred ahammond: i would do it something like this https://github.com/saltstack-formulas/newrelic-formula/blob/master/newrelic/init.sls#L3
22:51 manfred ahammond: only include the php newrelic state if php is installed
22:51 manfred ahammond: similarly... open port 80 if apache is installed
22:53 ahammond manfred that violates the principal of encapsulation. I don't want the iptables formula to have to know details about every possible service. I do want it to be able to ask every formula if it's installed, and if it is, what firewall rules it requires.
22:54 TaiSHi When I fire salt-cloud
22:54 TaiSHi it automatically installs salt on a minion and accepts the key
22:55 TaiSHi But does it highstate it ?
22:55 manfred ahammond: then you will want to use the iptables state, and have each service have it's own iptables
22:55 manfred TaiSHi: no
22:56 TaiSHi manfred: I'd need 'reactor' for that, right ?
22:56 bhosmer joined #salt
22:58 CheKoLyN joined #salt
23:00 bhosmer_ joined #salt
23:00 Outlander joined #salt
23:01 UtahDave TaiSHi: If you want to make it highstate it, then add  startup_state: highstate   to your profile
23:01 mosen joined #salt
23:01 to_json joined #salt
23:01 notpeter_ joined #salt
23:02 manfred TaiSHi: add startup_states: high
23:02 manfred yeah that
23:02 manfred you can add it to the profile
23:02 manfred you need to add it to the minion: dictionary
23:03 manfred you can also just add it to /etc/salt/cloud directly to be globally set instead of just on one profile
23:04 TaiSHi manfred / UtahDave much appreciated
23:09 to_json joined #salt
23:15 bhosmer joined #salt
23:17 schimmy joined #salt
23:18 schimmy2 joined #salt
23:19 mgw joined #salt
23:20 srage joined #salt
23:22 eriko joined #salt
23:23 yomilk joined #salt
23:24 Guest84025 joined #salt
23:25 ajolo_ joined #salt
23:25 possibilities joined #salt
23:26 DaveQB joined #salt
23:27 possibilities joined #salt
23:29 ecdhe joined #salt
23:29 xcbt joined #salt
23:30 agliodbs joined #salt
23:30 agliodbs does overstate.sls support only glob matching?  is there a way I can get it to support pcre matching?
23:32 forrest agliodbs, http://docs.saltstack.com/en/latest/topics/targeting/compound.html
23:32 forrest did you already look at that?
23:32 agliodbs so "match:" in overstate.sls is actually compound matching?
23:32 agliodbs the docs don't say
23:32 forrest there's an example of a top file, but I believe that should work in an overstate file
23:32 forrest ?
23:33 forrest no you have to use match: compound
23:33 forrest for compound matching
23:33 forrest ike in the example on that page I linked
23:33 zirpu joined #salt
23:33 forrest I haven't used it in an overstate, but I would imagine it works the same way
23:34 forrest if not that should probably be added as a feature
23:34 agliodbs forrest: so, in the overstate, the directive is "match: string-to-match"
23:34 agliodbs there's no separate "how to match" directive that I can find
23:34 forrest right, but I'm suggesting that you try to use match: compound
23:34 forrest with the same format that is on that document I linked to see if it works
23:35 agliodbs forrest: lemme show you what I have and you'll understand why I can't figure out how to do this
23:36 agliodbs forrest: http://salt.privatepaste.com/8cfcd195db
23:36 forrest agliodbs, ok, I've gotta leave in about 15 minutes as a heads up
23:37 agliodbs so I don't see where a "match: compound" would go, exactly
23:39 savvy-lizard joined #salt
23:39 Guest84025 joined #salt
23:39 forrest agliodbs, https://gist.github.com/gravyboat/43ccf701a03e9535c624
23:39 forrest I'm thinking something like that maybe
23:40 forrest like I said, I don't know if it operates the same way as the top file does
23:40 forrest but it might be worth trying at least
23:40 manfred match is what you are matching
23:40 forrest if it doesn't support that functionality, a ticket needs to be opened to request it
23:40 manfred 'G@os_family:Debian and web*'
23:40 manfred or w/e
23:40 dude051 joined #salt
23:40 manfred http://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#the-overstate-system
23:40 srage joined #salt
23:40 forrest manfred, you have to tag that as a compound match I believe
23:41 agliodbs manfred: I've looked at that, it doesn't explain the matching at all that I could find.
23:41 forrest or is that incorrect for overstate, and only true for the top
23:41 manfred forrest: but match: wouldn't be compound
23:41 forrest ?
23:41 agliodbs manfred: and 100% of the examples are glob matches
23:41 forrest http://docs.saltstack.com/en/latest/topics/targeting/compound.html
23:41 forrest look at the compound matching docs
23:41 manfred forrest: that is for top files
23:41 forrest manfred, yes I know
23:41 manfred forrest: he is talking about overstates
23:41 forrest thus why I am suggesting to test if it is the same way in the overstate
23:41 manfred it isn't
23:41 forrest good to know
23:41 manfred in overstate, match: is different
23:42 forrest but is it compound by default
23:42 forrest is the question
23:42 agliodbs manfred: aha!  is it automagically compound?
23:42 manfred it should be compound by default
23:42 forrest ok cool
23:42 forrest that should be documented
23:42 agliodbs manfred: ok, we can find out in short order
23:43 forrest agliodbs, manfred https://github.com/saltstack/salt/issues/13659
23:43 forrest if anyone feels like commenting, or tackling that
23:43 manfred +1
23:43 manfred i am still looking for it in the code
23:43 forrest yea, shouldn't need to do that :P
23:44 manfred right
23:44 manfred i am trying to check for what it is doing before i update the documents
23:44 forrest cool
23:44 forrest are you going to attend the doc sprint via the internet next month manfred ?
23:44 manfred forrest: dammit
23:44 manfred yes
23:44 forrest no dice in the code?
23:44 manfred forrest: remind me tomorrow to check if we can host one of them
23:45 forrest manfred, oh that would be awesome
23:45 forrest you should email your boss now so I don't forget :P
23:45 manfred no, i just keep forgetting to check on if we can host one because i keep getting thrown tickets that are blowing up in the morning
23:45 manfred forrest: i put a calendar event in
23:45 forrest understandable, it happens
23:45 forrest manfred, cool
23:45 ipalreadytaken joined #salt
23:46 manfred agliodbs: https://github.com/saltstack/salt/blob/develop/salt/overstate.py#L89
23:46 manfred agliodbs: defaults to compound
23:46 forrest cool
23:46 agliodbs manfred: thank you!
23:46 manfred np
23:46 forrest manfred, I've added my own calendar event to remind you
23:46 manfred nice
23:46 forrest we still have no east coast participation
23:47 forrest so I guess west coast > east coast yet again?
23:47 jcockhren forrest: lol
23:47 forrest or maybe there are just too many bankers and old school companies out there to let people work on open source during work hours :P
23:47 manfred heh, i am from the east coast, currently in tejas
23:47 forrest yea I meant in terms of venues
23:47 manfred heh
23:47 forrest Ahlee,
23:47 agliodbs nah, it's just that y'all only go to West Coast conferences, so nobody back east knows about salt
23:48 forrest when are you going to host a salt sprint?
23:48 forrest agliodbs, it's expensive to get out east :(
23:48 manfred forrest: how can i make a reference to that compounds page inside the overstate document?
23:48 agliodbs FWIW, I'd be 90% more likely to attend a Salt conference in SF or Portland
23:48 forrest montreal broke my budget for the rest of the whole year for conferences
23:49 mosen hi saltines
23:49 forrest manfred, :ref:`Compound matching <compound-matching>` Something along those lines like I did in the best practices doc: https://raw.githubusercontent.com/saltstack/salt/develop/doc/topics/best_practices.rst SHOULD work I believe
23:50 manfred ool, thanks
23:50 agliodbs forrest: yeah, it was pretty expensive
23:50 forrest manfred, you might have to look at another one which links from there, I don't know of any examples directly in the code that do that
23:50 agliodbs forrest: if I'd known you were there, I'd have bought you a beer
23:50 forrest agliodbs, yea very expensive, I don't know where the next saltconf will be held
23:50 forrest agliodbs, hah thanks. A few people offered! So you were covered
23:51 forrest manfred, if you can't figure it out or find an example ask Seth tomorrow
23:51 manfred kk
23:51 forrest I don't want to tag him this late in the day :P
23:53 forrest I've gotta head out guys, manfred let me know if the format for the ref ends up being different so I'm aware in the future
23:54 manfred kk
23:54 arnoldB argh, Salt is driving me crazy. it's having heavy problems processing commands...
23:54 arnoldB seems to be a known bug (#12246)
23:56 arnoldB master isn't responding, minions can't send their reports 'the minion failed to return the job information for job 20140624014655812979. This is often due to the master being shut down or overloaded. If the master is running consider incresing the worker_threads value.'
23:56 manfred what is your worker_threads set to?
23:57 manfred and how many minions do you have?
23:57 arnoldB these are only 8 minions... worker_threads is now set to 10
23:57 arnoldB should be more as needed
23:57 manfred that should be good to go...
23:57 arnoldB I'm running '*' publish.publish '*' cmd.run_stdout 'date'
23:57 arnoldB or grains.get ipv4 instead of cmd.run_stdout
23:58 arnoldB something is really broken here
23:58 arnoldB everything works except peer publishing commands

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary