Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-09-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 tkharju3 joined #salt
00:00 gngsk joined #salt
00:02 forrest bstr, same version of salt across all systems?
00:02 bstr 2014.1.10
00:03 bstr have you guys seen odd behavior if the versions are mismatched?
00:03 bstr looks like my master is actually running on 2014.1.7
00:03 forrest bstr, that could be the problem, you want to keep them on the same release
00:03 bstr syndics are latest however
00:03 bstr hmm, let me try and downrev
00:03 forrest bstr, ok
00:05 eliasp joined #salt
00:07 skyler Has anyone tried managing ldap with salt?
00:08 forrest skyler, https://github.com/saltstack-formulas/pam-ldap-formula
00:08 forrest skyler, or the much older: https://github.com/saltstack-formulas/openldap-formula
00:09 forrest doesn't do much configuration wise
00:09 tkharju3 joined #salt
00:12 tkharju3 joined #salt
00:12 skyler forrest: I meant managing an ldap server. I think those both only cover installing and configuring he lclient
00:12 skyler *the client
00:12 forrest skyler, ahh yeah.
00:13 forrest skyler, there is http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.ldapmod.html which talks about sending commands
00:13 forrest but I've never used it before
00:14 forrest documentation looks kind of sparse as well
00:15 skyler forrest: Yeah, it looks like there isn't a lot out there yet.
00:17 bstr joined #salt
00:18 mrlesmithjr joined #salt
00:20 bstr forrest: do minor versions matteR?
00:21 bstr im still seeing the same issues, with the minion and master on 2014.1.7-1 & a syndic on 2014.1.7-3
00:25 manfred bstr: he just left
00:25 sarlalian joined #salt
00:25 manfred bstr: http://docs.saltstack.com/en/latest/faq.html#can-i-run-different-versions-of-salt-on-my-master-and-minion
00:25 manfred that should answer your question
00:26 manfred actually it doesn't, you should try and make sure the master is newest, even if it is just the minor release, sometimes the minor release contains fixes for backwards compatibility to minions
00:28 murrdoc searching for salt graphite formula is funny
00:29 claytron joined #salt
00:29 snuffeluffegus joined #salt
00:30 gmeno joined #salt
00:34 mrlesmithjr joined #salt
00:34 tkharju3 joined #salt
00:39 tkharju3 joined #salt
00:39 bhosmer joined #salt
00:40 tkharju3 joined #salt
00:41 dccc joined #salt
00:42 CeBe1 joined #salt
00:46 murrdoc do salt mines work with masterless setups ?
00:47 tkharju3 joined #salt
00:50 __number5__ murrdoc: why do you need mine function when you only have one minion (as masterless suggested)
00:51 murrdoc trying to use the graphite formula
00:51 murrdoc it uses mine
00:51 murrdoc so i was asking
00:51 murrdoc i ll just remove the mine part of it
00:53 fllr joined #salt
00:54 rallytime joined #salt
00:55 aurynn left #salt
00:56 iggy skyler: there's a salt-formula for openldap... that may or may not fulfill your definition of managing ldap
00:57 iggy damn... was scrolled up
00:58 TTimo joined #salt
00:59 aquinas_ joined #salt
01:05 Nexpro1 joined #salt
01:05 tkharju3 joined #salt
01:07 tkharju3 joined #salt
01:08 joehoyle joined #salt
01:09 n8n joined #salt
01:23 acabrera joined #salt
01:26 thayne joined #salt
01:41 otter768 joined #salt
01:42 elfixit joined #salt
01:47 jalaziz joined #salt
01:50 bhosmer joined #salt
01:52 schmutz joined #salt
01:53 smcquay joined #salt
01:54 drawsmcgraw joined #salt
01:57 drawsmcgraw So... Digital Ocean (finally?) released v 2.0 of their API
01:57 drawsmcgraw Which... doesn't use the 'client key' and 'api key' anymore
01:58 drawsmcgraw I don't suppose anyone's putting together any updates to the Digital Ocean salt-cloud driver?
01:58 manfred not yet
01:58 manfred still working on it
02:01 manfred drawsmcgraw: we will get it rewritten, but v1, still works
02:01 drawsmcgraw manfred: So someone *is* working on it, though! That's good to hear. I couldn't find any issues mentioning it on Github
02:01 manfred the old api didn't get broken, so
02:01 manfred ¯\(°_o)/¯
02:01 drawsmcgraw manfred: I'm having difficulty finding a way to generate a new client_key and api_key via the dashboard. Is DO still allowing users to create those?
02:01 manfred yes
02:01 manfred https://cloud.digitalocean.com/api_access
02:02 drawsmcgraw Oh! Fancy
02:02 manfred go to https://cloud.digitalocean.com/settings/applications and click on the API v1.0 Page
02:02 manfred link
02:02 manfred and you can generate them
02:02 drawsmcgraw manfred: Solid. I'll stay quiet in that case. Thanks a bunch!
02:02 manfred np
02:08 eunuchsocket joined #salt
02:15 holms joined #salt
02:16 holms does anybody knows any artice for chef or ansible users/
02:16 holms started to use saltstack, and it feels so alien that i just can't understand anything at all in here i need comparisment
02:17 manfred there isn't one for specifically for people coming from one of those, just the generic walk through and tutorials
02:17 manfred http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
02:17 manfred http://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html
02:18 holms manfred: maybe i can ask few question to you?
02:19 manfred i am about to head home
02:19 holms ok..
02:19 manfred and I haven't decided if I am getting on irc then
02:19 manfred but you can ask the room, and if someone is still around they will answer
02:20 holms i never felt so dump in my life, while reading these docs
02:21 holms doing vagrant provision myvm, there's so much output which doesnt give good context at all . in debug mode it showed error
02:21 holms without debug mode there's no error
02:21 holms https://dpaste.de/Vkgr
02:26 holms bootstraping vm for 4min is normal =/?
02:27 anotherZero joined #salt
02:27 eunuchsocket holms: I see an error related to the oracle-java formula
02:27 eunuchsocket holms: did you follow the document on using formulas to set that up?
02:29 holms docs are more difficult then chef+ansible+puppet combined, so apparently not
02:29 holms question was why in debug mode there's an error and in non-debug mode it's gone
02:30 holms currently i can't even bootstrap vagrant vm.. it's already 5min in there
02:30 holms with 2gb and 2cpu vm its abit too much
02:32 bhosmer joined #salt
02:37 holms eunuchsocket: have you used saltstack with vagrant?
02:38 bhosmer joined #salt
02:39 eunuchsocket holms: no. I was curious about the salt error
02:41 holms error is quite understable,
02:41 thayne joined #salt
02:41 holms im more confused that i can see this error while in verbose mode only under vagrant
02:41 holms and boostraping for 10min doesn't give me any joy at all
02:42 holms with cher of ansible its under 30sec
02:42 holms chef*
02:42 holms with this kind of progress i won't finish this automatino in a month
02:42 holms automation*
02:44 vu joined #salt
02:44 eunuchsocket can you share your vagrant file?
02:44 holms that one is huge
02:45 holms http://pastebin.com/auNKXu1L
02:45 holms it's on the end of file
02:46 holms i have vagrant-starter which support other provisioners and multiple vms, with config in a separate file :)
02:46 holms and here's my first minion: https://dpaste.de/JRKi
02:46 holms trying to use formula
02:47 holms formulas/oracle-java is in minion file already
02:47 nitti joined #salt
02:48 holms some update: https://dpaste.de/LhFx
02:48 CeBe joined #salt
02:51 younqcass joined #salt
02:53 tmh1999 joined #salt
02:54 holms any vagrant users in here?
03:03 holms is thre's at least one example in internet with complete repository of using formula/
03:03 holms whatever i look at dock they don't even bother to write of which filename lines are being quoted
03:03 auser joined #salt
03:04 auser left #salt
03:04 holms how to use formula in god damned /srv/salt/routes/top.sls from /srv/salt/formulas/oracle-java/init.sls
03:04 ramishra joined #salt
03:05 manfred you don't use use gitfs, and then it automatically gets included for use in top.sls
03:05 manfred http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
03:06 holms like this? https://dpaste.de/LhFx
03:07 holms formulas/oracle-java  replaced with oracle-java
03:07 manfred no
03:07 manfred you need to setup gitfs
03:07 holms i don't want it
03:07 manfred and using file_client: local is going to probably not work
03:07 holms i don't want to use any repo
03:08 holms it's vagrant masterless salt
03:09 manfred how did you setup the formulas directory? git clone the oracle-java repo, and then move the directory out of that repository into srv/salt?
03:09 holms it's ritten in there that you add folder manualy
03:09 manfred also
03:09 manfred base:
03:09 manfred '*':
03:09 manfred - formulas/oracle-java
03:10 manfred that should just be
03:10 holms vagrant synchronize local dir with dir in vm
03:10 manfred - oracle-java
03:10 manfred not formulas/oracle-java
03:10 holms yeah replaced that still got same error
03:10 holms No matching sls found for 'oracle-java' in env 'base'
03:10 manfred tree /srv/salt | curl -F 'f:1=<-' ix.io
03:11 holms http://ix.io/ehI
03:12 manfred change your fileroots to /srv/salt/formulas
03:12 holms and this one btw http://ix.io/ehJ
03:12 manfred not /srv/salt/formulas/oracle-java
03:13 holms ok
03:13 holms just found in saome repo that you need to add every formula to that minion file..
03:14 holms trying to provision
03:14 manfred you don't add it to the minion file
03:14 manfred well
03:14 manfred you do if you are adding them via gitfs
03:14 manfred but not if you are doing it your way
03:14 holms i'd prefer not to have submodules anywhere ) just everything in one private repo working forever the same
03:15 holms ok seems to be it works
03:16 tmh1999 joined #salt
03:18 holms would be actually nice to have this kind of output in vagrant http://ix.io/ehJ
03:18 englishm joined #salt
03:18 holms salt output is not something usable at all http://i.imgur.com/zG94mqB.png
03:19 holms previous link is wrong: http://i.imgur.com/OWMULXs.png
03:23 holms manfred: any chances to see what tasks acomplished by "names" or smtng?
03:23 holms now it's a total mess with verbose, and completely usuless info without verbose
03:23 manfred you can see all that information if you are running it as just salt-call state.highstate
03:23 manfred i have no idea how vagrant outputs it
03:24 manfred that portion needs to be changed inside of vagrant on how to display salt information
03:25 holms do you have any sample screenshot what's default output of running salt?
03:25 holms it is in highstate now
03:25 manfred http://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html
03:25 manfred it looks like that
03:25 manfred but with one block for each state
03:26 holms i've seen this in debug mode in the end of provisioning.
03:26 manfred then that is how to see it in varnish, apparently only shows the actual state info in debug mode
03:27 holms http://i.imgur.com/7pbwPPN.png
03:27 holms debug mode is all flickering like hell
03:27 manfred i don't use varnish, or work on it, so i have no idea
03:27 holms vagrant you mean
03:28 manfred yeah whatever
03:28 holms how do you provision local vm's/
03:28 manfred i don't?
03:28 holms so you always need hosting for this?
03:28 manfred i have 5 employee accounts for my job, that are all free
03:28 manfred so i just use that
03:29 manfred sometimes I use libvirt
03:29 manfred http://docs.saltstack.com/en/latest/topics/virt/
03:29 holms hmz
03:30 holms what about provisioning and completely controll ec2 or digital ocean for example?
03:30 manfred you can do that with salt-cloud
03:30 manfred i use rackspace, cause free employee accounts
03:30 holms okay
03:31 manfred http://docs.saltstack.com/en/latest/topics/cloud/digitalocean.html
03:31 manfred digital ocean uses the old api still
03:31 manfred ec2 has like 3 different drivers
03:31 manfred http://docs.saltstack.com/en/latest/topics/cloud/aws.html
03:31 manfred libcloud_aws, ec2, and boto
03:31 holms nice :)
03:35 nitti joined #salt
03:35 snuffeluffegus joined #salt
03:37 XenophonF how does the salt-cloud stuff work?
03:38 XenophonF does it use salt-ssh to bootstrap the minion install or something?
03:38 manfred very well
03:38 manfred it does not
03:38 manfred it uses salt.utils.cloud.bootstrap() to bootstrap the minions
03:38 manfred for some of them at least, the ones that we have changed it in
03:38 manfred the rest of them, have the stuff that is in salt.utils.cloud.bootstrap() still in their salt/cloud/clouds/*.py driver
03:38 manfred eventually to be removed and just use the bootstrap functino
03:38 jalaziz joined #salt
03:39 manfred XenophonF: we are looking to possibly move to salt-ssh, but jsut ahven't yet
03:39 manfred right now, it sftp's over the minion keys, and then sshs and moves them from the /tmp/.salt-cloud-<hash> directory, to their place on the system
03:40 manfred dumps the json dictionary for /etc/salt/minion, to /etc/salt/minion
03:40 manfred and then runs the salt-bootstrap.sh from the master, found in /etc/salt/cloud.deploy.d/
03:40 manfred it is just the bootstrap.saltstack.com script, but you have to update it on the master periodically with salt-cloud -u
03:40 yomilk joined #salt
03:40 XenophonF it's interacting with the hypervisor's guest integration components to run that?
03:40 manfred to run what?
03:41 XenophonF the minion bootstrap script
03:41 manfred no
03:41 manfred it is sshing to the box
03:41 XenophonF oh ok
03:41 XenophonF got it
03:41 manfred XenophonF: using this function https://github.com/saltstack/salt/blob/develop/salt/utils/cloud.py#L1613
03:42 XenophonF :)
03:42 manfred salt.utils.cloud.bootstrap() just generates the dictionary we pass to deploy_script or deploy_windows
03:42 manfred https://github.com/saltstack/salt/blob/develop/salt/utils/cloud.py#L908
03:42 manfred which runs root_cmd a bunch of times
03:43 bstr joined #salt
03:43 Ryan_Lane joined #salt
03:44 XenophonF OK got it
03:44 manfred eventually it will be salt-ssh, and techhat was working on a bootstrap script for salt-ssh, so we could bootstrap minions with it
03:44 manfred once that is done, it should be pretty simple to setup the rest of it
03:44 SheetiS joined #salt
03:45 XenophonF so if I were using EC2 and the default AMIs for Windows or Linux, would salt.utils.cloud get the passwords from EC2?
03:45 tmh1999 joined #salt
03:46 manfred it should store the password from the first return of the server building iirc
03:46 XenophonF gotcha
03:46 bstr joined #salt
03:46 manfred and then use that password to ssh to the server (assuming you can do that on ec2, and don't require an ssh key like digital ocean)
03:47 XenophonF oh, right EC2 uses RSA auth for SSH by default, too
03:47 KevinMGranger joined #salt
03:47 beardo joined #salt
03:47 manfred i know on rackspace and openstack, it returns the password only on the first api call to create the server, so by default we just use that password
03:47 XenophonF man
03:47 XenophonF that's pretty cool
03:47 manfred but ssh_key_file works, and so does a setting called change_password, which will change the password using the api, to something random, and then use that
03:51 mosen joined #salt
03:52 XenophonF thanks for the clue, manfred
03:52 Ancient left #salt
03:53 tmh1999 joined #salt
03:57 ramishra joined #salt
03:57 davet joined #salt
03:58 schimmy joined #salt
03:58 ramishra joined #salt
04:02 holms http://stackoverflow.com/questions/25778820/vagrant-with-salt-provisioner-doesnt-show-any-output
04:02 holms maybe anyone will know
04:04 ajolo joined #salt
04:07 tomtomtomtom joined #salt
04:09 XenophonF jinja's whitespace trimming drives me up the freaking wall - does anyone have a good explanation of how {%- and -%} work?
04:09 XenophonF i've rtfmed and it still takes me multiple tries before i get something that looks right
04:09 manfred XenophonF: use {%-
04:10 manfred it deletes back a line, where if you use -%}, it deletes forward throught the newline, and deletes all the whitespace infront of the jinja, and the line you are moving towards
04:10 manfred including space/tabs
04:13 XenophonF so here's the template
04:13 XenophonF http://paste.debian.net/120339/
04:13 XenophonF and after about 15 minutes of fiddling, here's what it outputs
04:13 XenophonF http://paste.debian.net/120340/
04:13 XenophonF and here's what it's supposed to look like
04:13 XenophonF http://paste.debian.net/120341/
04:14 manfred {% for directive in sections -%}
04:14 manfred {%-
04:14 XenophonF i realize it doesn't actually matter
04:14 manfred or get rid of the space here
04:14 manfred {%- for operand in sections[directive] %}
04:15 XenophonF but i want templated files to be just as readable as if i wrote them myself
04:15 manfred after that line
04:15 XenophonF OK
04:15 manfred yeah, your -%} isn't deleteting the new line in the way you want
04:15 manfred cause you have a {%- and -%} backed up against each other i think
04:15 manfred not 100% but pretty sure
04:16 XenophonF thanks let me give those a shot
04:16 holms any can explain in humanable sentence what is pillar
04:17 manfred holms: remote stored variables, that are only available on the minions you specify them to be available on
04:17 holms why all formulas has pillar.example, instead of using /srv/salt/whateverdir/top.slt
04:17 holms hmz
04:17 manfred it has a pillar.example to see what you should include in /srv/pillar/ so that the formula can be used
04:17 XenophonF pillar stores data that can be used in states, but the pillar SLS files aren't cached on the client like the state SLS files are
04:17 manfred http://docs.saltstack.com/en/latest/topics/pillar/
04:17 holms understood
04:18 XenophonF so for example, that jinja template i just posted is the source of a file.managed state
04:19 XenophonF so if you look at the jinja code, it grabs a bunch of configuration info from pillar
04:19 XenophonF specifically from a pillar that looks like
04:19 XenophonF apache:
04:19 XenophonF vhosts:
04:19 XenophonF www.example.com:
04:20 XenophonF hm, let me pastebin my pillar with the secrets removed
04:20 holms :) would be nice
04:21 yomilk joined #salt
04:22 XenophonF ok, here's my pillar for my salt server :)
04:22 XenophonF http://paste.debian.net/120342/
04:22 XenophonF sans secret keys :)
04:22 XenophonF so it builds a python dict out of that just like it does with the salt states you're writing
04:23 holms m
04:23 holms so any sensitive stuff goes there
04:23 XenophonF basically, yeah
04:23 drawsmcgraw left #salt
04:23 holms one more newbie question
04:24 XenophonF and then you can access the info using salt['pillar.get']('apache:vhosts:www.example.com')
04:24 ramishra joined #salt
04:24 holms is there's a way to call specific scenario
04:24 holms for example let's say there's whole scenario for provisioning
04:24 holms and i want only to "deploy"
04:25 XenophonF and then to assign the pillar, you put that into an sls file under .../salt/pillars/
04:25 XenophonF just like you have a .../salt/states/ with all your state sls files
04:25 XenophonF and you make a file called .../salt/pillars/top.sls and assign the pillar sls file to minions exactly the same way you would assign state sls files to minions
04:26 holms undertood :)
04:26 XenophonF so this is what my pillar directory tree looks like
04:26 holms XenophonF: how can I call specific state
04:26 XenophonF http://paste.debian.net/120343/
04:27 bhosmer joined #salt
04:27 XenophonF this is what my pillar top.sls file looks like
04:27 XenophonF http://paste.debian.net/120344/
04:28 XenophonF i'm especially proud of how clever the URL-like pillars look ;)
04:28 XenophonF holms, what do you mean about calling a specific state?
04:28 XenophonF like, testing one state?
04:28 holms like having a deploy actions
04:28 holms instead of provisioning whole vm
04:28 holms deploy actions: git sync, restart nginx/gunicorn and that's it
04:29 holms instead of setuping whole env which takes lots of time
04:29 XenophonF well, you don't have to set up a completely salted config if you don't want to
04:29 XenophonF for example, let's say you have a git repo that contains a static web site
04:30 XenophonF and the web server is already configured so you don't want to bother figuring out a fully-salted nginx config
04:30 XenophonF you can create a single SLS file with a git.latest state in it
04:30 holms in ansible or chef you have roles, which you can call one or more withing one "state", and when you provision you need to specify a path of that state (playbook in ansible, role in chef)
04:31 holms so let's say ansible -i hosts playbook/deploy.yml
04:31 holms how can this be done in salt?
04:31 XenophonF and after the git.latest state, you can add a service.running state that will restart nginx if the git checkout changes
04:31 XenophonF oh
04:31 XenophonF OK
04:31 holms it's not so compllicated ))
04:32 XenophonF I struggled with this too.
04:32 XenophonF so all of the targetting is controlled in top.sls, not on the command line
04:32 XenophonF effectively
04:32 holms what about having whatever.sls
04:32 XenophonF it's possible to run a single sls or whatever on a minion
04:32 holms where you have specific states speficied?
04:32 holms specified*
04:33 XenophonF hold on let me dig the URL out of my history
04:33 XenophonF you can run a single sls on a minion using salt.modules.state.sls
04:33 XenophonF http://paste.debian.net/120344/
04:33 XenophonF whoops i mean http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls
04:34 holms in chef you have role (state), which has a role of recipes (formulas in here), and you basically want to have one or more roles per vm
04:34 holms thanks reading
04:34 XenophonF now
04:35 XenophonF i think i understand what your saying, but salt encourages you to assign those roles/recipies/formulas in top.sls
04:35 XenophonF so you could call state.sls from the command line and have it work just fine
04:35 XenophonF assuming that the sls in question isn't dependent on other sls files that it doesn't include
04:35 XenophonF but it's encouraged to put it all in top.sls
04:35 holms so let's say there's role web which calls all recipes for proviosning whole vm. and you can have role web-deploy which only calls deploy recipes specifically for deploying.
04:36 XenophonF yeah, i see where you're going
04:36 XenophonF let me show you my top.sls
04:36 holms seems to be logic is splited by hosts in here more then I've expected
04:36 XenophonF http://paste.debian.net/120345/
04:37 XenophonF i'm just splitting it by hosts in my top.sls file because my current salt deployment is small, ok?
04:37 holms ok )
04:37 XenophonF so i have a common group of states that apply my common configuration
04:37 XenophonF login banners, automounter, NIS/Kerberos, etc.
04:38 XenophonF i rip that sendmail shit out of freebsd and replace it with postfix
04:38 XenophonF and so on
04:38 XenophonF some states, I apply on a general basis, like anything running a RedHat family O/S gets EPEL installed
04:38 holms so basically to have something like
04:38 holms backups perfomed at once or deployment
04:38 holms you need to create separate minion?
04:39 holms in ansible for example you have vars which you can import in every playbook, as long as roles.. so you re-use everything
04:39 holms in this case i want to reuse formulas together with pillar
04:40 XenophonF well, you can reuse formulas
04:40 holms in some new state file
04:40 XenophonF like, my "apache" SLS is pretty generic
04:40 XenophonF it does some things that are common to all of my web servers, like setup ModSecurity and configure mod_ssl so that I get an A+ on the SSL Labs test ;-D
04:40 holms so having all db passwords and everything, in a new state which does only specific formulas
04:41 holms lol
04:41 XenophonF but since vhosts are different among web servers, that comes from pillar (hence the templates i posted for you)
04:41 XenophonF and you can assign one pillar to multiple hosts
04:41 XenophonF just like you can assign one state to multiple hosts
04:42 XenophonF probably a better example of role-based configs is my mail relay
04:42 XenophonF so my mail relays all have amavisd-new, clamav, opendkim, and postfix installed
04:43 XenophonF but postfix.relay (states/postfix/relay.sls on the filesystem) modifies or overrides postfix.client (states/postfix/client.sls) to do its job
04:43 XenophonF so there's reuse going on
04:43 XenophonF sometimes i'm reusing existing states
04:43 holms reusage per host
04:43 XenophonF yeah
04:44 holms would be nice not to depend on host
04:44 XenophonF so right now i only have one mail relay with a fully salted config
04:44 XenophonF uxeprdbsdmx01.irtnog.net
04:44 TTimo joined #salt
04:44 XenophonF let's say i clone a new freebsd virtual machine named uxeprdbsdmx02.irtnog.net
04:44 XenophonF i could add it to top.sls, which would look like this:
04:45 XenophonF http://paste.debian.net/120346/
04:45 XenophonF or I could put in a wildcard, which would look like this:
04:45 XenophonF http://paste.debian.net/120347/
04:46 grove_ joined #salt
04:46 holms still per host
04:46 holms my case is various scenarious per host
04:47 XenophonF and now since my naming conventions do a pretty good job of describing where servers are, which O/S they're running, whether they're in production or not, and what resources they provide, i can target based on hostname and they get configured accordingly
04:47 holms so what if you'd have
04:47 holms many many hosts
04:47 holms still everything would stay in one file?
04:48 holms or you can include other states?
04:48 XenophonF i have multiple files
04:48 XenophonF and i just have a handful of computers running salt
04:48 schimmy joined #salt
04:48 holms what about passing variables to states, so when you run salt, one packages of states applies to this hosts, changing some variable - other
04:49 manfred that is where you use pillars or grains and template your states
04:50 XenophonF here's what my state env looks like
04:50 XenophonF http://paste.debian.net/120348/
04:50 holms manfred: still nore sure if you understand me
04:50 holms manfred: i want 3 different scenarios on same host applied by personal choice
04:50 manfred right, template your states based on the pillars you apply to them
04:50 XenophonF holms, you can do that
04:50 holms one is full provision, another is only deploy, 3rd only backups performed, 4th- whatever, spefic webservice operations
04:51 manfred sure
04:51 holms so this choise is done when you launch salt
04:51 manfred you can do that in about 100 different ways
04:51 holms you need to specify something
04:51 holms this can't be hardcoded i mean)
04:51 XenophonF holms, look back at my top.sls
04:51 XenophonF uxeprdbsdsalt01.irtnog.net runs all of the full-deploy stuff
04:52 anotherZero joined #salt
04:52 XenophonF basically all of the states under the '*'
04:52 XenophonF then it runs all of the 'os_family:FreeBSD' states
04:52 holms you rely on machine states
04:52 XenophonF if I uncomment it, it would run the hyperv state because virtual==VirtualPC on it
04:52 holms and i need my mood state
04:53 holms machine will be always identicall
04:53 XenophonF and finally it runs the apache, poudriere, and salt.master states assigned directly to it
04:53 holms nothing totally will change in there
04:53 holms not host or os, or whatever
04:53 XenophonF that's OK too
04:53 holms okay )
04:53 holms how )
04:53 XenophonF hah
04:53 XenophonF state.sls as mentioned
04:54 XenophonF if you get a wild hair and say, i just want to push apache out to my computer, but i don't want it to be a regular thing
04:54 yomilk joined #salt
04:54 XenophonF you define your apache.sls or apache/init.sls or your apache/init.sls plus a bunch of included state.sls files
04:54 kermit joined #salt
04:54 holms so you call speficic sls with salt param or smtng?
04:54 XenophonF and then run "salt-call state.sls apache"
04:54 holms now that what i mean
04:55 holms case-closed :D
04:55 XenophonF and your computer will run the states defined by apache.sls or apache/init.sls or apache/init.sls+whatever it includes
04:55 XenophonF LOL
04:55 XenophonF man sorry it took so long to answer you!
04:55 holms sorry for bothering you )
04:55 XenophonF oh no!
04:55 XenophonF no bother
04:55 holms but i had to get this
04:56 holms cause this week will be challengable
04:57 manfred yall got it all figured out?
04:57 manfred cool
04:57 holms yes thank you guys
04:57 manfred i have only been half paying attention, i am working on a monitoring plugin, to make it so that rackspace autoscale will create servers when the salt master says the load average of teh environment is above a certain number
04:57 XenophonF cool!
04:58 holms how can you be satisfied with rackspace prices especially load balancer.. ( i mean ELB is a beast and free in comparisment)
04:58 holms 10x higher prices  :D
04:59 manfred i get them for free... employee accounts
04:59 holms m
04:59 manfred also, i work on the dedicated side of the house
04:59 manfred (but do a lot of the hybrid work)
04:59 holms The function "state.highstate" is running as PID 3542 and was started at 2014, Sep 11 04:50:00.180565 with jid 20140911045000180565
04:59 manfred their isn't really a price disparity when you go like to like
05:01 XenophonF i wish rackspace had a free usage tier
05:02 XenophonF the only reason i'm using aws at work is because i was able to familiarize myself with it extremely cheaply
05:02 XenophonF even though the low end doesn't cost that much per month, it was still an easier sell
05:03 XenophonF anyway
05:03 XenophonF off topic sorry
05:03 manfred XenophonF: developer access
05:03 XenophonF ah
05:03 XenophonF i'll check that out
05:03 XenophonF thanks!
05:03 manfred one second
05:04 holms i need only vms usually
05:04 holms so DO for me is the best
05:04 manfred XenophonF: https://developer.rackspace.com/signup/
05:04 manfred holms: they over allocate too much for me
05:05 XenophonF wow really nice
05:05 holms over allocate of what?
05:05 holms they never steal cpu
05:05 manfred resources
05:05 manfred the put more servers on a hype than it can handle
05:05 holms (been monitoring this for months)
05:05 manfred they aren't stealing it, but they are allocating more than is actually available
05:06 holms that's called cpu time stealing :)
05:06 holms cpu is always available as stated in there
05:06 manfred not cpu, but memory
05:06 holms well
05:06 manfred and they can overallocate on io, because of the ssds
05:06 manfred deduplicating memory etc
05:06 holms haven't notice this
05:06 XenophonF IMO that's why one pays extra for single tennancy
05:07 holms but i've noticed benchamraks between aws for example
05:07 holms 2x almost
05:07 holms 5$ 20gb, 10tb of traffic
05:07 holms sorry nothing will beat that )
05:07 holms last time i've tried to calculate usage of 1000 users for aws, i've ended up with 400$/month
05:07 holms and 40$ on DO
05:07 XenophonF manfred: finally perfected my jinja template for apache
05:07 XenophonF thanks for the help
05:07 manfred nice
05:07 manfred np
05:08 manfred if you just need vms, DO is fine
05:08 manfred but i use much more than that :P
05:08 holms that's what i mean :)
05:08 XenophonF i basically ended up with {% endfor %}\n{%- endfor -%}
05:08 holms we used S3 and cdn from amazon
05:08 XenophonF which looks weird but renders properly between iterations and at the final iteration
05:09 manfred good
05:09 XenophonF actually this template ended up generic enough that i might not have to create ones for wsgi or mono
05:09 XenophonF we'll see
05:10 XenophonF an owncloud SLS is next on my list :)
05:10 XenophonF i need to see if there's anything else the official apache-formula does that mine doesn't
05:13 XenophonF hm, separate log files and such, for one
05:14 XenophonF that'd be a nice-to-have
05:14 huleboer joined #salt
05:22 yomilk joined #salt
05:27 huleboer joined #salt
05:33 armonge joined #salt
05:34 felskrone joined #salt
05:34 spookah joined #salt
05:35 viq joined #salt
05:36 grove_ joined #salt
05:46 catpiggest joined #salt
05:50 oyvjel joined #salt
05:54 bb-bot joined #salt
05:54 N-Mi joined #salt
05:54 N-Mi joined #salt
05:56 favadi joined #salt
05:58 Ryan_Lane joined #salt
06:00 bb-bot joined #salt
06:00 bb-bot left #salt
06:04 loz-- joined #salt
06:06 jhauser joined #salt
06:16 bhosmer joined #salt
06:19 bb-bot joined #salt
06:23 ramishra joined #salt
06:23 n8n_ joined #salt
06:24 englishm joined #salt
06:27 ramishra joined #salt
06:36 lcavassa joined #salt
06:38 jdmf joined #salt
06:39 picker joined #salt
06:47 TTimo joined #salt
06:48 Sweetsha1k joined #salt
06:57 slav0nic joined #salt
06:59 kingel joined #salt
07:00 tomspur joined #salt
07:00 Munkeh joined #salt
07:02 alanpear_ joined #salt
07:08 ramteid joined #salt
07:13 n8n joined #salt
07:15 schimmy joined #salt
07:17 schimmy1 joined #salt
07:19 chiui joined #salt
07:31 ramishra joined #salt
07:33 jhauser joined #salt
07:33 ramishra joined #salt
07:45 martoss joined #salt
07:52 skarn joined #salt
07:58 felskrone joined #salt
08:02 Sweetshark joined #salt
08:04 oyvjel1 joined #salt
08:04 bhosmer joined #salt
08:06 PI-Lloyd joined #salt
08:12 tmh1999 joined #salt
08:22 gmoro joined #salt
08:29 darkelda joined #salt
08:29 darkelda joined #salt
08:47 auser joined #salt
08:49 TTimo joined #salt
08:51 davidone hi
08:51 davidone is there anything to run a command for a specified amount of time?
08:53 dalexander joined #salt
08:55 tmh1999 joined #salt
08:56 ghartz joined #salt
08:58 dbanck joined #salt
09:08 thayne joined #salt
09:10 oyvjel joined #salt
09:17 oyvjel joined #salt
09:23 che-arne joined #salt
09:24 n8n joined #salt
09:25 ramishra joined #salt
09:30 ramishra joined #salt
09:36 kruppm joined #salt
09:37 Kelsar Hi, I just starting with salt. I try to copy a file onetime. salt-cp '*' /root/jre-7u67-linux-x64.tar.gz /usr/portage/distfiles semms not to work, with debug infos "...did not return in time". Am I doing it wrong?
09:40 kingel_ joined #salt
09:45 giantlock joined #salt
09:50 dalexander joined #salt
09:50 yomilk joined #salt
09:51 VSpike For setting up vim by hand, I'd normally follow the installation instructions for pathogen at https://github.com/tpope/vim-pathogen#installation , then install my plugins by git clonign them into ~/.vim/bundle ... with Salt, would it be better to try to replicate this process, or just grab a current .zip of the git repos in question and unzip them into my salt tree?
09:51 TheThing joined #salt
09:52 VSpike In other words, is it better to keep the link with the source, or take a one-time snapshot into salt's tree?
09:52 VSpike I know I might be better using Vundle, but the same question applies
09:53 bhosmer joined #salt
09:59 xsteadfastx joined #salt
10:01 picker joined #salt
10:03 Hell_Fire joined #salt
10:03 snuffeluffegus joined #salt
10:08 mikber joined #salt
10:12 babilen VSpike: pathogen + mr (http://myrepos.branchable.com/) is lightweight and quite usable
10:12 mikber Hi! Using python api for custom runner - When for example executing localclient cmd and state.sls - how do I get the saltenv as setup in top.sls file?
10:12 mikber For the minion.
10:12 mikber targeted minion.
10:12 babilen VSpike: But I am not exactly sure what you mean by "replicate" this process. You wouldn't use pathogen for anything salt related (not that I think that you actually meant that)
10:13 babilen And salt install instructions can be found on http://docs.saltstack.com/en/latest/topics/installation/
10:26 VSpike babilen: What I mean is, would I write a salt state to actually do a git clone on the target machine to install plugins that come from git repos, or would i just grab a copy of the files from the repo and put them in the salt tree?
10:28 VSpike I suppose it might depend on whether I want machines always to get the latest verison or a frozen version. For consistency the latter would be better, but when I build machines by hand, i always just clone the repo at the time of build. And then probably never ever update it ever :)
10:28 VSpike Just wondering... does gitfs allow you to include a git repo like a vim plugin into your salt tree directly?
10:29 dalexand_ joined #salt
10:29 babilen VSpike: Ah! You want to setup vim plugins with salt! http://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html is probably what you are looking for
10:30 babilen (you can pass a SHA or tag)
10:30 VSpike Aha .. that is very useful
10:31 gmeno joined #salt
10:31 VSpike I was wondering if you could use this technique for vim plugins too http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#adding-a-formula-as-a-gitfs-remote
10:32 VSpike Fork it and add it via gitfs
10:34 Ironhand joined #salt
10:36 Ironhand hello, I just installed salt-minion on a Debian Wheezy armel system and accepted the key for it on my salt-master, but I get this python exception in the minion logfile: http://pastebin.com/jLLgzr0G
10:36 Ironhand I'm just getting started with salt so I may have missed something obvious, but the exception text isn't exactly useful to me at this point
10:40 ramishra joined #salt
10:46 masterkorp http://lwn.net/SubscriberLink/611243/750b37f50cc1c51b/
10:46 Outlander joined #salt
10:47 mattmb joined #salt
10:50 TTimo joined #salt
10:59 VSpike I may be thinking about this the wrong way, but is there a way to create a state file that just defines a list of other state files to include? Other than the base top.sls I mean
11:01 CatPlusPlus joined #salt
11:04 babilen VSpike: You cannot
11:04 babilen VSpike: I mean you cannot use GitFS for this purpose.
11:05 babilen VSpike: http://docs.saltstack.com/en/latest/ref/states/include.html
11:05 VSpike Ah .. OK. Why not? Bearing in mind I haven't really looked at gitfs at all yet, other than seeing it discussed in that formulas link
11:05 Setsuna666__ joined #salt
11:06 xsteadfastx joined #salt
11:08 n8n joined #salt
11:09 thayne joined #salt
11:18 giantlock joined #salt
11:19 babilen VSpike: GitFS is used in lieu of locally saved file_roots, it is *not* a general mechanism to make git repositories available to salt. (you'd be explicit about that and would use git.latest et al.)
11:20 VSpike OK, thanks!
11:22 mattmb joined #salt
11:23 dccc joined #salt
11:25 koma joined #salt
11:25 koma Hi all!
11:26 baoboa joined #salt
11:32 kbyrne joined #salt
11:34 diegows joined #salt
11:41 koma bella gent
11:41 koma hello, I'm having some trouble triyng to understand grains.
11:42 jgelens I'm getting: "State schedule.present found in sls ... is unavailable", but no reason why. Any idea's
11:42 jgelens ?
11:42 bhosmer joined #salt
11:42 ndrei joined #salt
11:43 koma if I run the command like : salt -G 'kernel:Linux' test.ping the right machines are responding but if i make a /srv/salt/top.sls like this: http://pastebin.com/u4CrN3SA <- it matches only the common
11:44 jgelens koma: you need: - match: grain
11:44 jgelens uhm
11:44 jgelens - match: compound
11:44 koma let's try
11:44 jgelens if you use match: grain you'll have to leave out the G@
11:45 koma Yay!
11:45 jgelens http://docs.saltstack.com/en/latest/topics/targeting/compound.html#targeting-compound vs http://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
11:46 koma jgelens: and where I define the node type?
11:47 bhosmer joined #salt
11:47 longdays joined #salt
11:47 jgelens that's a custom grain I think
11:47 koma !google custom grain
11:47 TTimo joined #salt
11:47 koma s/!/\//g
11:48 jgelens http://docs.saltstack.com/en/latest/topics/targeting/grains.html
11:48 jgelens 4.2.3
11:48 jgelens or use grains.setitem key val
11:48 koma salt is so powerfull that i think that puppet is near to be a scam :P
11:49 jgelens not setitem, it's setval
11:50 koma jgelens: what is the best way to create users? pillar or salt way?
11:50 nitti joined #salt
11:50 koma http://serverfault.com/questions/538218/deploy-ssh-key-from-master-to-minion-via-salt-pillars <- nevermind
11:52 CoRLiS joined #salt
11:53 CoRLiS Heya. Trying to configure some dependant services on some salt-managed machines
11:53 CoRLiS Problem is, demons running isn't enough
11:54 CoRLiS I need it to wait to check if that thing is either listening to a certain port, or it writes a certain line in a logfile.
11:59 viq CoRLiS: write a script that checks for that, and returns only when that is true?
12:03 intellix joined #salt
12:14 bhosmer joined #salt
12:20 ndrei joined #salt
12:20 nitti joined #salt
12:21 longdays joined #salt
12:22 babilen koma: We happily use https://github.com/saltstack-formulas/users-formula and you might also find https://github.com/saltstack-formulas/reverse-users-formula useful
12:22 koma babilen thx
12:22 xmj left #salt
12:24 babilen koma: See http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html for further information on formulas. I would recommend against including the GH repositories directly with, say, GitFS and recommend to either clone them locally into file_roots or to mirror them to a git repo server under your control.
12:26 Setsuna666___ joined #salt
12:29 oz_akan joined #salt
12:36 koma gitfs requires pygit2 that is not working on ubuntu 14.04
12:39 vejdmn joined #salt
12:39 babilen koma: It should require python-git -- And how is it "not working" ? Does it hang out on the couch drinking G&Ts again?
12:39 Nazzy joined #salt
12:39 Nazzy joined #salt
12:39 koma does not compile
12:40 babilen koma: You shouldn't have to compile anything for GitFS. It should work out-of-the-box with salt 2014.1.10.
12:40 koma uhm
12:40 koma are you sure?
12:41 koma http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#tutorial-gitfs
12:41 younqcass joined #salt
12:41 babilen "Beginning with version 2014.7.0, both pygit2 and Dulwich are supported as alternatives to GitPython. "
12:41 oz_akan_ joined #salt
12:42 babilen That does not mean that GitPython support has been removed.
12:42 Setsuna666___ joined #salt
12:42 babilen (and does not apply to 2014.1.10 anyway)
12:43 Setsuna666____ joined #salt
12:43 Setsuna666____ joined #salt
12:45 Setsuna666_____ joined #salt
12:45 Setsuna666_____ joined #salt
12:46 Setsuna666_____ joined #salt
12:47 koma looks like the /srv/formulas directory still empty tought
12:50 wangofett Anyone have issues with reloading nginx with a - watch: ?
12:51 snuffeluffegus joined #salt
12:52 babilen wangofett: Do you?
12:52 babilen koma: It will remain empty unless you explicitly put files there. GitFS is not cloned there.
12:52 Setsuna666_____ joined #salt
12:52 koma uh how can I understand id the git is working?
12:53 dccc joined #salt
12:53 babilen koma: Start your master with "-l debug", check /var/cache/salt/master/gitfs/ or just try to use states in there.
12:54 babilen koma: You could paste your master config to http://refheap.com if you want me to look it over
12:54 wangofett babilen: yeah - getting a bit more info...
12:55 koma https://www.refheap.com/90092 <- looks ok to me babilen
12:55 miqui joined #salt
12:55 acabrera_ joined #salt
12:57 hietler joined #salt
12:57 koma \ /var/cache/salt/master/gitfs/ is empty and I've already rebooted the entire machine (with kexec-tools is nearly faster than restart the service itself)
12:58 babilen koma: Make that https://www.refheap.com/90093 (and I really wouldn't recommend to reference the repos on GH directly (you are granting root to everyone who can push there))
12:59 koma I'm in testing
12:59 koma I will staticize everything
12:59 koma :P
13:01 wangofett is there a command I can run on the minion to test the connection to the master? `salt '*' test.ping` doesn't return anything for this minion, but on the minion I can `telnet master 4505` and 4506 with no problem
13:01 XenophonF try salt-call test.ping on the minion itself
13:01 XenophonF or salt-call -l debug test.ping
13:01 cpowell joined #salt
13:02 XenophonF any errors in the minion log file?
13:02 hobakill joined #salt
13:02 wangofett just returns local: True
13:02 gngsk joined #salt
13:03 wangofett not for this problem, but babilen it does say service nginx isn't running... but it is o.O
13:03 bhosmer joined #salt
13:04 bhosmer joined #salt
13:04 wangofett Hm... seems to be a problem with the service script
13:05 XenophonF wangofett: which O/S?
13:06 wangofett Ubuntu 14.04 XenophonF (on the minion, 12.04 on the master)
13:08 babilen wangofett: Did you accept the minion's key and is it listed in "salt-key -L" ?
13:09 wangofett Line in /etc/init.d/nginx:               status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
13:09 wangofett babilen: yeah it's been working for a while and suddenly stopped
13:09 babilen wangofett: Are you *sure* that it doesn't react to test.ping ? How often did you try?
13:10 wangofett I've been having some issues with this particular minion this morning. I've tried about 10-20 times, I've been sending commands... and nada
13:10 babilen koma: Does that work for you now?
13:10 babilen wangofett: Hmm, could you log into the minion and check /var/log/salt/minion ?
13:11 wangofett yeah, last thing I've got is [salt.loaded.int.module.cmdmod][ERROR   ] output:  * nginx is not running
13:11 koma babilen: the repos has been downloaded but i think that i need to include the sls in some way
13:11 XenophonF wangofett: same version of salt on both the master and the minion?
13:12 VSpike babilen: When you say on formulas you recommend "to mirror them to a git repo server under your control" ... does that include forking them on github? When you say don't use GH directly, I wasn't sure whether you mean don't use the original repos directly or don't use github directly at all
13:12 mapu joined #salt
13:12 babilen koma: Sure, you would have to include a suitable state in your top.sls (+ data in pillars)
13:12 wangofett babilen: test.ping -l debug --timeout=30 still gives up with -  did not return in time
13:13 wangofett Salt: 2014.1.10
13:13 wangofett on minion - same thing on master
13:14 wangofett given the timestamps of /var/log/salt/minion it looks like I've been successfully connected for ~an hour
13:14 wangofett about 20 minutes ago it stopped responding
13:15 dude051 joined #salt
13:15 koma i don't understand i need to use pillar or salt? https://www.refheap.com/90095
13:16 wangofett koma: pretty sure you need that in /srv/salt
13:17 wangofett koma: as I understand it, pillar/grains == data, states == behavior/settings
13:17 babilen wangofett: Does restarting the minion solve this issue?
13:17 babilen koma: Sorry, this is probably all a bit much at once.
13:17 wangofett babilen: looks like it
13:18 wangofett babilen: restarted salt-minion service and I'm connected again
13:19 babilen The basic ideas of formulas or, rather, of pillar-driven configuration is that you define generic states that work on a plethora of supported platforms (e.g. different Linux distributions) and whose specific behaviour can be influenced by providing configuration in pillars. Pillar are data that can be targeted to specific minions much like states are targeted.
13:19 babilen wangofett: That shouldn't happen :-/
13:19 wangofett babilen: does the minion usually log when it fails to connect to master? I tried using multi-master and it was spitting failure messages to me then
13:19 wangofett babilen: I figured ;)
13:19 noeol joined #salt
13:19 babilen wangofett: Take a look at /var/log/salt/minion
13:19 babilen wangofett: heh
13:19 racooper joined #salt
13:19 racooper joined #salt
13:21 babilen koma: Formulas are documented in great detail on http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html, but you are probably better off reading through http://docs.saltstack.com/en/latest/topics/tutorials/index.html → 3.3 States and 3.2.7. Pillar Walkthrough
13:21 koma babilen: will wait till you are free :P
13:22 wangofett babilen: I see some stuff in there from original startup, but nothing after
13:22 babilen koma: The data you can define for specific formulas is typically exemplified in pillar.example in the repo of the respective formula (e.g. https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example )
13:22 babilen koma: You have a typo in your top.sls -- s/userz/users
13:23 TTimo joined #salt
13:23 wangofett babilen: to be fair, koma also has the file named that. He's just got them in /srv/pillar
13:23 koma this is only the name of the file
13:23 babilen Yeah, I just realised that :)
13:23 englishm joined #salt
13:23 koma :D
13:23 wangofett took me a minute, too ;)
13:23 babilen Sorry, but you also need to have "- users" targeted to your minion in your state top.sls
13:24 koma '*' isn't every minion?
13:25 babilen koma: What you pasted is just the pillar. You can see the effect of that by running "salt '*' pillar.items" -- You *also* have to target the state (that will use that data) to the minion in question which you would do in the top.sls in /srv/salt
13:25 babilen https://github.com/saltstack-formulas/users-formula/blob/master/users/init.sls is the state you will be targeting/using
13:26 wangofett XenophonF: okay, now that my minion is back up and running... still getting the nginx problem
13:27 wangofett Interesting point of fact - running `salt 'minion' nginx.signal reload` will, in fact, reload nginx
13:27 higgs001 joined #salt
13:28 nitti joined #salt
13:29 babilen wangofett: What was "the nginx problem" again? (can't recall having seen actual output)
13:29 wangofett http://stackoverflow.com/a/24804336/344286 <-- looks promising
13:29 wangofett nginx isn't respecting the watch directive
13:29 wangofett I can change watched files
13:30 wangofett (stuck a comment in one) but it won't reload
13:30 XenophonF wangofett: how did you fix your minion?
13:30 wangofett XenophonF: service salt-minion restart
13:30 babilen Restarted it
13:30 zooz joined #salt
13:30 wangofett :-\
13:31 zooz left #salt
13:31 wangofett no other information that I could find
13:31 tmh1999 joined #salt
13:31 mpanetta joined #salt
13:32 babilen wangofett: So it is not attempting to restart the service at all? (or is that simply not working as you expect it to?)
13:32 lexelby left #salt
13:32 koma I feel like an idiot... and I'm mantaining like 4 serverfarms....
13:32 wangofett http://pastebin.com/mPksgjY1
13:32 picker joined #salt
13:33 wangofett relevant(?) portion of my sls file
13:33 babilen koma: Please don't. Salt is massive and formulas are, in some ways, quite complicated as they have to designed in such a way that they are applicable to various environments and use cases.
13:34 koma I'm ok with that But I cannot understand the basilar differences between /salt and /pillar
13:35 wangofett koma: I'll second that - I've been using salt for like... a week? two? I pride myself on having a pretty big breadth of knowledge, but there's a lot of stuff about salt (documentation, really) that makes me go, 'huh?'
13:35 XenophonF hah
13:35 koma what is really missing are example configuration
13:35 wangofett koma: from what I grok - pillar is just data (think environment variables)
13:35 XenophonF koma, pillar contains configuration data you use in salt states
13:35 koma I mean  the wiki is pleanty but notthing is really working and needs tweak to work
13:35 XenophonF minions cache the state SLS files
13:36 XenophonF but they don't keep copies of the pillar SLS files
13:36 XenophonF so if you have sensitive info like passwords or keying material or whatevs, put that into pillar
13:36 XenophonF then in the states, reference the data in pillar
13:36 ghartz joined #salt
13:36 wangofett I did not know that about pillars (not caching). Neat.
13:36 XenophonF yeah
13:37 wangofett I knew they were good for sensitive data - but that's good to know that the info isn't cached
13:37 peloponnesian joined #salt
13:37 XenophonF yeah run "salt-call -l debug state.highstate 2>&1 | tee highstate.out" on a minion, then look through the highstate.out file
13:38 XenophonF you'll see where it's syncing its local copy of the state SLS files
13:38 wangofett XenophonF: just changed my site conf file, and I get Command 'service nginx status' failed with return code: 3
13:38 babilen koma: The pillar.example should just work.
13:38 manfred XenophonF: |& == 2>&1 |, on bash 4 and later
13:38 XenophonF koma, i can email my state tree to you, if you want to see a bunch of examples
13:38 koma XenophonF: I'd love to
13:38 XenophonF manfred: LOL I normally use tcsh so I typed |& first
13:39 XenophonF koma: PM your email address to me
13:39 wangofett which, when I run the `service nginx status` I get  * nginx is not running
13:39 wangofett which is hilarious because ps aux | grep nginx shows several nginx processes
13:39 babilen koma: Pillar is just a way to get pillar to minions (specific minion to be exact) and the things in /srv/salt are states that might make use of the data in pillars.
13:39 peloponnesian hi, i'm writing custom execution modules and trying to figure out how to run unit tests for them
13:39 babilen koma: "a way to get data to minions" *sigh*
13:39 peloponnesian how do people typically go about this?
13:40 koma babilen: ok that's fine.
13:41 koma I still don't understand how to recall the right data in the right state with the right formula on the right minion
13:41 babilen koma: To give an example: You want to create a user, but you don't necessarily want to hardcode all the groups that user belongs to in your state. So you refer to data in pillar and loop over the groups defined in there (if any) which allows you to dynamically extend/create states.
13:42 babilen koma: Lets not try to solve everything at once. Is there a specific thing you would like to do?
13:43 to_json joined #salt
13:44 koma babilen distribuito 10 users with their ssh keys on all the machine in my farm ;(
13:44 babilen koma: Can't we start with a single user?
13:45 toastedpenguin joined #salt
13:45 koma yes sure
13:45 younqcass_ joined #salt
13:46 babilen koma: Okay, could you create /srv/salt/top.sls in which you target "- user" to the minions in question. (Feel free to paste that file).
13:46 koma ok
13:48 babilen koma: You should still have /srv/pillar/{top,userz}.sls with the content as exemplified in https://www.refheap.com/90097 in place. Could you now run "salt-run fileserver.update" and then "salt 'someminion' pillar.items" ?
13:48 babilen That should list all data in the pillar for that specific minion and should, in particular, contain the data about your "koma" user as defined in userz.sls. Is that correct so far?
13:50 koma yes
13:51 sysadmin75 joined #salt
13:51 koma babilen: pillar.items correctly lists the settings written in pillar
13:51 XenophonF anyone else want a copy of my salt config?
13:52 babilen koma: Okay. Great. The users-formula defines a "user" state that you already targeted to your minion. This state will read the data on the pillar and will use that data to generate states that will, if executed, create and configure your user in the way you defined it in the pillar. To do so run "salt 'someminino' state.highstate" or test it first with "salt 'someminino' state.highstate test=True"
13:52 babilen *someminion
13:55 koma nope
13:55 koma something is wrong
13:55 armonge joined #salt
13:56 koma [15:46:20] <babilen> koma: Okay, could you create /srv/salt/top.sls in which you target "- user" to the minions in question. (Feel free to paste that file). <- probably isomething in this part
13:56 koma No matching sls found for 'user' in env 'base'
13:57 hobakilllll joined #salt
13:57 babilen koma: If it does not pose too much of an inconvenience it would be great if you could paste your top.sls to http://refheap.com (along with your master's config)
13:57 koma sure!
13:57 babilen (might also want to include your command and their output)
13:57 jaimed joined #salt
13:57 metaphore joined #salt
13:58 koma I'll paste all the files just a sec
13:58 johngrasty joined #salt
13:59 babilen brb
14:00 koma https://www.refheap.com/90098
14:00 koma basepi: https://www.refheap.com/90098
14:01 hobakill joined #salt
14:01 babilen koma: s/user/users -- sorry, my bad
14:01 koma babilen: this is the log https://www.refheap.com/90099
14:02 quickdry21 joined #salt
14:02 babilen koma: And I'd just match by grain and not use a compound (unless you actually match more than one thing)
14:03 koma thjis is only a test I've set up 3 minions and I wanted to try grains
14:03 babilen koma: freebsd.sls should not contain "users: - korma" -- Rest looks fine.
14:03 koma removed and in fact now works
14:03 babilen \o/
14:03 koma babilen: ****
14:03 mapu joined #salt
14:04 babilen Are things a bit clearer now? fwiw, I wouldn't necessarily recommend to use the apache formula (I find it to be slightly clunky and it is full of legacy idioms).
14:05 Outlander joined #salt
14:05 koma We haveww centralized the creation of the vhosts in a nfs partition
14:05 obimod joined #salt
14:06 koma We use some particular configuration (mod_perl/GeoIP/cgi_bin) that are not covered by default
14:06 rodo http://jenkins.saltstack.com/ => 502 bad gateway, but may be you already know
14:07 koma babilen: thank you very much I think that now i could understand the including of the forumals happens in the top.sls not in any of the states.
14:07 koma in that way the information are preserved on the salt master
14:10 peloponnesian for people who have written their own execution modules -> where do you put your unit tests in your source code directory structure?
14:11 XenophonF koma, when you look at my configs, note my apache formulas
14:11 XenophonF i wrote them to be pretty generic
14:12 kaptk2 joined #salt
14:12 XenophonF because i too wasn't satisfied with the one posted to GitHub
14:12 englishm joined #salt
14:13 bytemask joined #salt
14:14 babilen koma: You *can* include states in other states (and it often make sense to do so), but the state you want to use must be in the transitive closure of states defined in top.sls
14:14 englishm joined #salt
14:15 babilen XenophonF: Would you be interested in getting some of those changes into saltstack-formulas/apache-formula ? I consider the formula there to be in need of love and would happily discuss/merge PRs for it.
14:15 XenophonF yes absolutely
14:16 babilen peloponnesian: How do you unit test your custom execution modules? (sorry, not an answer, just curious)
14:16 XenophonF my versions make some... odd ...decisions compared to what's there, though
14:16 XenophonF for example, I don't do unencrypted web sites
14:16 XenophonF so my formula sets severything up for HTTPS/HSTS/strong ciphers/etc.
14:16 babilen Well, that is naturally a bit too opinionated. Could there be a healthy middle ground?
14:17 XenophonF I'm sure there could be without too much trouble
14:17 babilen Great
14:17 XenophonF my formula also uses ModSecurity
14:17 koma Thank you all so much
14:17 peloponnesian babilen: it's my first try at an execution module. i have a repo with my actual execution module in _modules/my_module.py and a test(s) in test/unit/modules/my_module_test.py
14:18 babilen koma: Have fun and just ask away if something is unclear. :)
14:18 jergerber joined #salt
14:18 babilen peloponnesian: That's a sensible structure IMHO. How do you test functionality that requires a running master and minion?
14:19 koma I think that saltstack needs a wiki like the gentoo one. It was the clearest shit I've ever seen. Reading their wiki is like reading the first harry potter.
14:19 wangofett XenophonF: wanna hear something insane? I made some debugging modifications to /etc/init.d/nginx to figure out why the pid didn't work right... and when I took them out it work right o.O
14:19 babilen heh
14:19 XenophonF wangofett: :-D
14:19 babilen heisenbug
14:19 peloponnesian babilen: i haven't gotten there yet, would love to, but starting just with unit tests
14:19 wangofett I was seriously posting a serverfault question about it (and then answer)
14:20 wangofett and it just disappeared
14:20 babilen peloponnesian: Okay, I'm really not sure at all how to do the latter (hance my question)
14:20 ajprog_laptop joined #salt
14:20 wangofett Heisenbug: I am the one that knocks.
14:21 peloponnesian i have been using some of the built-in salt execution module code as an example to go off of, and following the salt documentation, i'm having trouble figuring out how i should run a test i've written myself, i guess i can make a bootstrapper type of thing where i just place some 'runmytests.py' somewhere and then use sys and os to import the module from the directory it's in
14:23 peloponnesian which is fine by me. just curious if anyone had any examples or suggestions for a pattern for running one's own unit tests that belong in a user's source code repo
14:24 Ozack1 joined #salt
14:24 wangofett peloponnesian: run it as a user account instead of root, for one ;)
14:25 rallytime joined #salt
14:25 koma babilen: I've got a question. In the case of the user creation the path of the shell differs from freebsd to Linux sistems. Is it possilbe to manage this kind of situation?
14:26 peters-tx joined #salt
14:26 wangofett babilen: hey cool, it looks like the minion broke again.
14:27 englishm_ joined #salt
14:27 babilen koma: Is that not handled correctly by the formula?
14:27 wangofett and restarting the minion fixed it... I think it might be closely related to this nginx failure
14:27 babilen koma: https://github.com/saltstack-formulas/users-formula/blob/master/users/map.jinja seems to define correct paths
14:27 koma it asks for the shell path
14:27 grove_ joined #salt
14:28 koma but it changes in base of the OS
14:28 koma (freebsd is /usr/local/bin/bash and linux /bin/bash)
14:29 ndrei joined #salt
14:29 wangofett babilen: looks like fixing my nginx script fixed it
14:30 wangofett the nginx watch issue
14:30 babilen koma: You can use logic in your pillar -- {% if grains['os_family'] == 'Debian' %} shell: /bin/bash {% elif grains['os_family'] == "FreeBSD" %} - /path/to/shell {% endif %}
14:30 koma https://www.refheap.com/90100
14:30 koma done :D
14:30 koma I'm starting to understand
14:30 eunuchsocket joined #salt
14:30 babilen koma: Not sure about the os_family of FreeBSD, compare to "salt 'freebsdminionid' grains.items"
14:30 babilen koma: Yeah, just like that!
14:31 koma UWhooowooo
14:31 masm joined #salt
14:32 babilen koma: I'd like to point out that that setting is useless as you do not have to define "shell: /path/to/something" and that the correct path would be used by default *unless* you specify something else.
14:32 babilen So you should be able to simply remove line 11-15 and the formula should "just do the right thing"™
14:33 Gareth morning morning
14:34 koma I dont' want sh as default shell in freebsd :P
14:34 babilen koma: https://github.com/saltstack-formulas/users-formula/blob/master/users/init.sls#L43 either gets your value in the pillar and, if that is not defined, the "visudo_shell" value from map.jinja which is defined correctly in https://github.com/saltstack-formulas/users-formula/blob/master/users/map.jinja#L23
14:34 XenophonF os_family on FreeBSD is FreeBSD
14:34 XenophonF I don't know if Salt handles other FreeBSD distros differently, like PC-BSD.
14:34 VSpike on https://github.com/saltstack-formulas/reverse-users-formula/blob/master/pillar.example what does the "G@id:" syntax mean? Is it specific to this formula or something more general?
14:35 babilen VSpike: http://docs.saltstack.com/en/latest/topics/targeting/compound.html ( grains id)
14:36 babilen koma: Does it use sh and not /usr/local/bin/bash ?
14:36 englishm joined #salt
14:37 koma babilen it uses the system default wich is sh
14:37 koma and is ok for services (you won't change this i assure you).
14:40 VSpike babilen: ah thanks. so why is that syntax used there, when in a top file the match is (a) between quotes and (b) only using the compound matching if you are matching more than one thing? e.g http://docs.saltstack.com/en/latest/ref/states/top.html#other-ways-of-targeting-minions
14:41 jslatts joined #salt
14:41 VSpike iow why G@id:example3.com: instead of 'G@id:example3.com': or just 'id:example3.com':
14:41 zartoosh joined #salt
14:41 babilen koma: Really? Could you show me? The code "- shell: {{ user.get('shell', users.get('visudo_shell', '/bin/bash')) }}" means "get the value of 'shell' from the 'user' pillar and if that doesn't exist use the one defined in map.jinja for the 'visudo_shell' entry. Fall back to "/bin/bash" if that also isn't defined"
14:42 koma is it possible to specify a file with variables? to be included? For example it would be cool if all the ssh keys are listed like keys: /n - userA: key1 /n - userB: key2 etc and in the user creation file ill recall the key just by {keys(userA)
14:42 babilen koma: The value for 'shell' should therefore be /usr/local/bin/bash on FreeBSD.
14:43 koma I'0m not talking of visudo buit for the user shell
14:43 englishm_ joined #salt
14:43 koma \\\\\\\sorry new keyboard: I'm not talking of the visudo but the shell. If you create a n user and you did not specify wich to use it will use the default.
14:44 babilen koma: The value of the "shell" entry of the "user.present" state would be set correctly. This sets that user's shell. You are claiming that *not* defining "shell" in your pillar leads to the user using "sh" as shell, which shouldn't be the case (according to my understanding of the formula). Could you show me that behaviour on a pastebin?
14:44 koma ah
14:44 babilen koma: Did you actually try that?
14:45 koma didn't try it really I'm just expecting the formula to use the default shell instead of chooins bash as default because bash is not the default for freebsd
14:45 babilen Well, that assumption is wrong.
14:45 koma Ah let me try
14:45 XenophonF koma, are you using a formula?
14:46 XenophonF if so which one?
14:46 koma formula-users
14:46 babilen users-formula
14:47 CeBe hi, I am trying to apply a state to a server bug it fails with this error:  Data failed to compile: No matching sls found for 'monitoring.graph' in env 'base'
14:47 CeBe it is working fine for other states but this one is failing, any Idea how to get more information about the error or how to debug this?
14:47 CeBe s/bug/but
14:47 babilen VSpike: The reverse users formula is a formula that targets users to specific hosts. The G@id:example1.com: is just a way to target specific hosts.
14:47 UtahDave joined #salt
14:48 jaimed joined #salt
14:48 koma $ echo $SHELL /usr/local/bin/bash
14:48 koma you are right babilien
14:49 koma but this is not a right thing in the "FreeBSD World" no one uses Bash as default shelkl
14:49 babilen VSpike: You could probably put that into quotes there as well (YAML is converting things to strings) and defaulting to compound matching there is most powerful
14:49 babilen koma: So you would consider that a bug in the formula?
14:49 koma everyone in FreeBSD uses ksh/sh
14:49 XenophonF koma i work around this by installing tcsh and using that everywhere! ;:
14:49 XenophonF ;)
14:49 mage_ koma: I use zsh
14:49 VSpike OK. I guess. The looseness of YAML confuses me because I never know if the differences I see are significant :) I'm so trained for doing bash and the like that ever space and quote is incredibly meaningful ;)
14:50 mage_ sh is only used for scripts
14:50 babilen koma: Should that be changed to ksh or sh as that is what most users of the formula would want?
14:50 koma babilen yes because bash is installed via ports and ksh is not (it is from the base) so if the /usr did not mount properly you are unable to log in the machine
14:50 babilen koma: Mind filing an issue against the formula, I'll fix that later.
14:50 koma and if you can only suid as root you are cutted out of your system
14:50 mage_ ksh is not in BASE
14:51 koma mage_ base installation i mean
14:51 babilen sh would be in base though, wouldn't it?
14:51 koma and is in /bin
14:51 koma yes
14:51 XenophonF koma it looks like the users-formula needs another key added to the users lookup table
14:51 geekmush joined #salt
14:51 XenophonF default_shell or something
14:51 mage_ koma: it's only sh and tcsh
14:51 koma mage_ right my bad
14:51 koma tcsh
14:51 XenophonF plus a pillar to override per-user if there isn't one already
14:52 babilen XenophonF: The pillar already exists, the formula is just conflating visudo_shell and default_shell (not a good choice)
14:52 XenophonF oh is that the case?
14:52 XenophonF it fooled me
14:52 elfixit joined #salt
14:52 babilen XenophonF: You can already set "shell" for your users
14:52 XenophonF i see that
14:52 koma /bin/csh is the default shell
14:52 koma just checked
14:53 XenophonF visudo_shell under FreeBSD in map.jinja just need to be changed to /bin/csh to match the FreeBSD defaults
14:54 VSpike babilen: with formulas, do you recommend against forking them on github and then using your fork for gitfs?
14:54 babilen XenophonF: yeah, but it still doesn't really make sense to conflate visudo_shell and default_shell. In fact s/visudo_shell/default_shell + s:/usr/local/bin/bash:/bin/csh: looks like the sensible thing to do here.
14:55 XenophonF i completely agree
14:55 koma https://github.com/saltstack-formulas/users-formula/issues/48
14:56 babilen VSpike: You can do that. I just wouldn't reference them directly as that would, essentially, give root on your infrastructure to everyone who can push there. You really should review changes to formulas before you *explicitly* push them into your setup. It doesn't matter where you host your forks and GH is perfectly fine.
14:56 babilen koma: Thanks!
14:56 koma no babilen thank YOU.
14:58 thayne joined #salt
14:59 babilen koma: Okay, the visudo command is BASH though. I guess the sensible thing to do is to introduce an additional default_shell entry.
14:59 econnell joined #salt
14:59 eriko joined #salt
14:59 VSpike babilen: awesome, thanks. That was my understanding too.
15:00 jalbretsen joined #salt
15:03 koma brb
15:04 babilen koma: Could you test https://github.com/babilen/users-formula/tree/issues/%2348 ?
15:04 hobakilllll joined #salt
15:05 dude051 joined #salt
15:06 dude051 joined #salt
15:07 eunuchsocket joined #salt
15:07 BrendanGilmore joined #salt
15:09 ajolo joined #salt
15:10 pdayton joined #salt
15:10 koma babilen
15:11 koma to do so i need to create a new git?
15:11 koma ori need to townload the zip to a new folder and import the name of the new folder instead of the - users ?
15:12 babilen You should be able to just "- #48 https://github.com/babilen/users-formula" -- but that might be problematic due to the # in the branch name :-/
15:13 babilen Ah, forget that. This is wrong.
15:13 koma mh?
15:13 babilen Just clone it and copy "users" from there to /srv/salt
15:14 koma yep
15:14 koma updated to /bin/csh
15:15 babilen koma: And the sudo rules still work? Could you add a new one and test that?
15:15 CeBe how can I verified which states are available on the minion?
15:17 babilen CeBe: salt.modules.cp.list_states -- http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html
15:17 oz_akan joined #salt
15:19 CeBe babilen: thanks! My state is in the list but I still get "No matching sls found for 'monitoring.graph' in env 'base'" when I run state.sls :-/
15:20 babilen CeBe: "salt 'minion' state.show_highstate" ?
15:21 CeBe empty output
15:21 babilen CeBe: Do you have includes in that file? It might very well be that one of them contains a (syntax) error and that rendering of the state therefore fails.
15:21 CeBe yeah, it is only includes :)
15:21 CeBe how do I find the error?
15:22 babilen heh
15:22 CeBe is there a validation command for state files?
15:22 koma the password needs to be encripted in some way?
15:22 koma because i cannot logon with the password that I've choosed
15:22 CeBe I mean there must be some log or command that will output parsing errors, right? :)
15:23 dude051 joined #salt
15:23 babilen koma: Yes, it is a hash. You can use mkpasswd for that
15:24 koma wich i find in wich package?
15:24 babilen koma: Yes, it is a hash. You can use mkpasswd for that (e.g. "mkpasswd -m sha-512")
15:24 CeBe babilen: looks like there is no such thing yet... https://github.com/saltstack/salt/issues/802
15:24 babilen oops
15:24 koma # mkpasswd -bash: mkpasswd: command not found
15:25 koma what package provide mkpasswd?
15:25 babilen koma: It is in the "whois" package on Debian
15:26 babilen CeBe: Well, paste them all and use babilen-syntastic or comment them all and re-add them one-by-one.
15:27 koma i would suggest an option to create users without password to enable only ssh login
15:27 CeBe babilen: I am sure there are errors because I just created that file. but it is very complex so typos may be hard to find.
15:27 babilen koma: You don't have to define a password if you don't want to.
15:28 babilen (just remove the password: line from your pillar)
15:28 tkharju3 joined #salt
15:29 babilen koma: The pillar.example shows every setting the formula supports. Most of these have sensible defaults and you would rarely use all of them.
15:29 CeBe babilen: yeah I was including a non existing state. thanks for the help!
15:31 mechanicalduck joined #salt
15:31 alanpea__ joined #salt
15:34 tligda joined #salt
15:37 eunuchsocket Hi all, can anyone point me in the right direction to find the 'file.managed' code in salt?  I'm trying to determine the level of effort to write in a 'header:' option.
15:38 SheetiS https://github.com/saltstack/salt/blob/develop/salt/states/file.py is the state stuff for file.anything
15:38 eunuchsocket SheetiS: thanks!
15:39 SheetiS You may want to check out the file module stuff as well depending on the specifics of what you want to do.  https://github.com/saltstack/salt/blob/develop/salt/modules/file.py
15:41 eunuchsocket I haven't seen any mechanism to include a header in managed files so I've taken to putting "{{pillar['configheader']}}" at the top of all my managed file templates
15:42 eunuchsocket however, that means I have to fork and edit every formula I want to use
15:43 jdmf joined #salt
15:44 eunuchsocket I see an "append' function but no "prepend" function
15:46 SheetiS what about file.replace
15:46 SheetiS it has a "prepend if not found" option
15:47 davet joined #salt
15:47 QiQe joined #salt
15:48 VSpike When I run this top.sls against an ubuntu machine by name ( salt -l debug haproxy.fmlocal state.highstate ) it fails saying "Comment: No Top file or external nodes data matches found". If I replace the 'os:Ubuntu' with '*' it works. What am I doing wrong there?
15:48 babilen CeBe: Better error messages in this case would arguably help here. Sorry for that.
15:48 VSpike url would help http://pastebin.com/4WBSWkuA
15:48 babilen ugh, pastebin.com
15:49 SheetiS VSpike: - match: Grain
15:49 SheetiS s/Grain/grain
15:50 SheetiS http://docs.saltstack.com/en/latest/ref/states/top.html#other-ways-of-targeting-minions
15:50 XenophonF babilen has successfully convinced me not to use pastebin
15:50 babilen VSpike: http://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
15:50 VSpike babilen: I know! Haven't used it for years. But what other pastebin supports yaml?
15:51 SheetiS https://bpaste.net/ supports yaml
15:51 VSpike Ah, thanks. Will remember that.
15:51 metaphore joined #salt
15:51 babilen XenophonF: There are simply so many pastebins that are so much better (e.g. http://refheap.com, http://gist.github.com, http://paste.debian.net, http://paste.ubuntu.com, http://codepad.org/, http://sprunge.us, ...)
15:51 babilen refheap does too
15:52 QiQe Hi guys, Im trying to use nginx-formula from saltstack nginx.ng state is failing -> http://pastebin.com/KjrStcyj
15:52 QiQe any idea?
15:53 aw110f joined #salt
15:54 viq QiQe: yes, https://github.com/saltstack-formulas/nginx-formula says "Note: nginx.ng requires the merge parameter of salt.modules.pillar.get(), first available in the Helium release."
15:54 * babilen begrudgingly clicks another pastebin.com link ... stupid money-mongering trolls
15:54 eunuchsocket SheetiS: thanks for the file.replace suggestion.
15:54 QiQe oops, thanks viq
15:55 SheetiS eunuchsocket: I'd not used the prepend_if_not_found part of that before, but I saw it in the code and thought it might be useful :D
15:55 Sp00n money mongering trolls?
15:56 dude051 joined #salt
15:56 SheetiS eunuchsocket: One thing to note though, that code doesn't exist in 2014.1.  Looks to be new in 2014.7
15:56 SheetiS I just checked that
15:56 viq Sp00n: he means pastebin.com
15:57 smcquay joined #salt
15:57 sysadmin75 Does a jinja template have access to a grain variable?
15:57 Sp00n because adverts?
15:57 viq sysadmin75: yes
15:57 SheetiS sysadmin75: yes definitely
15:58 SheetiS You can do {{ salt['grains.get']('variable', 'default_if_not_found) }} or {{ grains.get('variable', 'default_if_not_found') }}
15:59 sysadmin75 ahh I was trying to access them wrong.
15:59 sysadmin75 thanks
16:00 SheetiS I missed a ' in one of those examples.  Just noticed.
16:00 SheetiS I do that all the time in my actual formulas.   That's what the test environment is for ;-)
16:01 bhosmer joined #salt
16:02 eriko joined #salt
16:03 grove_ joined #salt
16:04 babilen Sp00n: Yes, they capitalize on the fact that the great unwashed are googling "pastebin" and end up at their ugly website full of ads, captchas and "social service integration".
16:05 sysadmin75 SheetiS: thanks that worked.
16:06 sysadmin75 You know, sometimes I don't get any output for a high.state run. The first time I ran your example, nothing was printed to screen, but the second time it did.
16:07 viq sysadmin75: run with -v, you'll get a job ID you can look up later if that's the case
16:08 sysadmin75 viq: ok but why does it print to screen sometimes and other times it doesn't.
16:09 viq I guess minion didn't return in time. you could also increase the timeout, either in master config or using -t flag
16:09 ericof joined #salt
16:09 alanpear_ joined #salt
16:09 sysadmin75 ok I'll try that
16:10 tmh1999 joined #salt
16:10 ajolo joined #salt
16:10 spookah joined #salt
16:11 metaphore joined #salt
16:12 ndrei joined #salt
16:13 t0rrant joined #salt
16:14 aparsons joined #salt
16:15 VSpike does salt depend at all on the fqdn of the minion being resolvable?
16:16 aparsons joined #salt
16:16 schimmy joined #salt
16:16 VSpike I imagine not ... but just wondering why every now and then it fails to contact a minion on the same subnet, but will succeed if immediately repeated.
16:16 thayne joined #salt
16:16 Kelsar VSpike: +1
16:17 XenophonF VSpike: it's the other way around
16:17 XenophonF minions connect to the master
16:17 XenophonF it doesn't matter what the minion's named or whether the master can connect to them
16:18 iggy fwiw, I've seen the same thing before
16:18 iggy both with minions on the local network segment and remote
16:18 XenophonF i suspect that those connection issues have to do with ZMQ
16:18 iggy ^
16:18 XenophonF but i'm not 100% certain
16:18 schimmy1 joined #salt
16:18 VSpike XenophonF: Hm, that's what I thought. It's usually if I've done nothing for a while. I wonder if it goes idle somehow?
16:19 XenophonF maybe
16:20 dfinn joined #salt
16:21 dfinn is it possible to override the os grain?  i tried putting it in /etc/salt/grains but that isn't working.  salt isn't detecting oracle linux servers correctly, it thinks they are RHEL
16:22 murrdoc joined #salt
16:23 murrdoc salt webinar is fun
16:24 KyleG joined #salt
16:24 KyleG joined #salt
16:24 iggy dfinn: are you sure you aren't just looking at the wrong grain?
16:25 dfinn pretty positive
16:25 dfinn both os and os_family are being set to RedHat
16:25 iggy dfinn: the oel boxes I looked at had some (os_family or something) grains that looked RHELish and some others that were definitely oel
16:25 dfinn i need to dig a little deeper but I think this may just be on our OL5 servers, I think OL6 reports correctly
16:26 dfinn nothing else says anything oracle'ish
16:26 iggy maybe look in salt-call -g to see if there's something else you should be looking at
16:26 dfinn this is breaking one of our SLS files that uses the os grain
16:26 iggy I don't have any oel handy, but I do remember there were some rhel grains and some oel
16:26 dfinn i'll paste for ya
16:26 dfinn i'm not seeing anything
16:27 dfinn http://pastebin.com/sPyL4iKD
16:27 hobakill joined #salt
16:27 iggy are you sure it's oel?
16:27 dfinn 100% sure
16:27 iggy it even has the oscodename from rhel in there
16:28 iggy what does "lsb_release -a" show?
16:28 dfinn one sec, let me show you why i'm sure
16:28 dfinn http://pastebin.com/RWcZWhfd
16:28 dfinn unless my method of checking is wrong but see "Vendor: Oracle USA"
16:29 iggy lsb_release -a?
16:29 dfinn http://pastebin.com/iYRC5Whw
16:30 TheThing joined #salt
16:31 dfinn just checked a OL 6 server and grains.item reports this: os: OEL
16:31 longdays joined #salt
16:31 dfinn is this worth reporting a bug?
16:31 che-arne|2 joined #salt
16:32 housl joined #salt
16:32 iggy the codenames don't even match
16:32 iggy oddd
16:32 kingel joined #salt
16:33 eunuchsocket dfinn: what does 'osfinger' report?
16:33 dfinn how do I run that?
16:33 iggy it's in the first pastebin
16:33 iggy osfinger: Red Hat Enterprise Linux Server-5
16:33 forrest joined #salt
16:33 dfinn oh, it's a grain, sorry
16:34 iggy maybe someone installed something from rhel that they shouldn't have?
16:34 iggy that should definitely be oel
16:34 dfinn possible, but unsure what that would be.
16:35 wendall911 joined #salt
16:35 dfinn since it seems to be happening on all of our ol 5 servers, I'd say unlikely
16:35 iggy but I've seen people install random rpm's from rhel to fix "compatibility" issues with certain pieces of software
16:35 dfinn can we narrow it down, how does salt determine that grain?
16:35 wendall911 joined #salt
16:36 troyready joined #salt
16:36 kaptk2 joined #salt
16:38 carmony Okay, I think I have some environment variables issues. When I do a cmd.run from the master, it fails, but when I use salt-call locally logged in it works, and when I run the command myself it works
16:39 carmony any suggestions on how to fix that? (pst UtahDave)
16:39 rostam joined #salt
16:39 forrest carmony, I don't know if you've put in enough help investment credits to be able to make a withdrawl today... :P
16:39 UtahDave carmony: do you know which environment variables you need?
16:39 carmony forrest: uh oh....
16:39 carmony *twiddles his thumbs*
16:40 carmony UtahDave: Hrm, I could run a printenv from the master
16:40 carmony and see the diff
16:40 forrest carmony, I'm just joking with you
16:40 dfinn back to my original question, is it possible to override the os grain?  that would be the easiest fix to my issue.
16:40 iggy dfinn: if I'm reading correctly, it's derived from lsb data
16:40 dfinn hmm...
16:40 dfinn let me compare how that looks on a 6 server
16:41 dfinn certainly looks different on 6, it clearly states it's OL
16:41 ndrei joined #salt
16:42 schimmy joined #salt
16:42 dfinn the RPM that provided lsb_release is definitely an Oracle RPM
16:43 iggy on both
16:43 iggy ?
16:43 iggy and what version of salt?
16:43 dfinn yes
16:43 dfinn salt-2014.1.3-1.el5
16:44 dfinn trying to update but running into some problems, which is how I first discovered this issue
16:44 eunuchsocket forrest: if you get a chance today have a look at https://github.com/emuehlstein/snmp-formula and let me know if I'm on the right track.  I still have 0work to do to move the config options into pillars and add some other OSes to the map but it is working for now.
16:45 carmony this is weird...
16:45 iggy dfinn: I'd say if you can reproduce with the latest salt, file it as a bug... that may or may not be possible if the bug is blocking you upgrading though
16:45 carmony so my $PATH is the same running from master and locally on the minion
16:45 schimmy1 joined #salt
16:46 carmony but it can't find the npm or gulp command?
16:46 dfinn ok, i'll try that, i'm working on a workaround
16:46 rap424 joined #salt
16:46 forrest eunuchsocket, yeah sure
16:46 murrdoc carmony:  are u using using the npm state ? or cmd.run
16:46 carmony cmd.run right now
16:47 carmony now the way npm is insalled is via a symlink
16:47 carmony this is the ls- l of it: /usr/local/bin/npm -> ../lib/node_modules/npm/bin/npm-cli.js
16:47 murrdoc salt-ssh or regular salt
16:47 carmony regular
16:48 forrest eunuchsocket, this looks a LOT better, you might want to add things like ownership/perms on some of the managed files, but other than that it looks good, once you have the files templatized and your pillar changes done let me know and I'll create an official repo you can fork then push against so we can get this into the saltstack-formulas!
16:48 eunuchsocket forrest: will do thanks
16:49 murrdoc if u are using cmd.run then /usr/local/bin/npm is recommended over npm
16:49 forrest eunuchsocket, yeah np, thanks for taking the time to make it awesome, it's WAY more clear now!
16:51 carmony wait.... the path IS different?
16:51 babilen Would it be nice if I were to subsequently check formulas for hard-coded template files "source: ..." and move that to map.jinja ? I've just stumbled over a s/files/templates directory commit. Is this preferred?
16:51 carmony this is weird
16:51 murrdoc its possible, i dont know, but maybe its not loaded in the profile
16:51 murrdoc for the salt minion
16:52 forrest babilen, I don't think that's required. We don't want to move everything to the map, only values that differ based on OS.
16:53 carmony murrdoc: why do you think this happens?
16:53 carmony https://gist.github.com/JustinCarmony/85c4fabea090ab00afe1
16:53 carmony that is weird to me
16:54 carmony printenv and echo $PATH give different responses?
16:54 babilen forrest: I started working on http://docs.saltstack.com/en/latest/topics/best_practices.html (I don't like the direct references to "{{ salt['pillar.get']('apache:lookup:config:tmpl') }}" in there) -- and actually like to give users the ability to override configuration file templates easily (and without extend)
16:55 babilen forrest: IMHO that should either be a direct reference to the pillar (i.e. no lookup) or a reference to the map, but that style just conflates it. As I am checking some of the formulas anyway I thought that this might be a low-hanging fruit and an instant improvement for users.
16:56 forrest babilen, Hmm, we can definitely change that, I wrote that page back in February so it might not be quite as relevant. What do you not like about referencing it like that? The lookup is just how the pillar itself is structured.
16:57 higgs001 joined #salt
16:57 sxar joined #salt
16:59 murrdoc carmony:  that is weird
16:59 carmony thats what I thought! :D
17:00 murrdoc true
17:02 rjc joined #salt
17:03 babilen forrest: Well, my understanding is that values in the lookup tables defined in map.jinja are meant for relatively static entries (e.g. package or service names). They can be overridden by users by defining a suitable foo: lookup: something entry in their pillar, but that states should reference the entry in the map/lookup table rather than the lookup pillar.
17:04 murrdoc carmony:  http://docs.saltstack.com/en/latest/ref/states/all/salt.states.npm.html
17:04 murrdoc dew it
17:05 scoates joined #salt
17:05 forrest babilen, so you're saying you want to remove that and make it a static value?
17:05 babilen forrest: I mean if a user defined the lookup value in their pillar it will be merged anyway (by "merge=salt['pillar.get']('apache:lookup'))"). I would personally consider references to something:lookup:value in my states to be rather suboptimal.
17:05 to_json joined #salt
17:06 babilen forrest: No, not at all. I would simply reference the map in that state rather than the pillar.
17:07 forrest babilen, hmm, I don't know if I can agree, why would the source live in the map.jinja? It's not a value based on the OS.
17:07 koma babilen:  https://github.com/saltstack-formulas/users-formula/issues/50
17:08 koma in this way you can remove the bash from the requirement for users-formula
17:09 babilen forrest: Okay, I see that we have a slightly different understanding of what belongs in map.jinja. My take on it is the "rather static data that *might* differ between os_families and that users are unlikely to override". My point is that :lookup: is IMHO ill conceived in a pillar if it is *not* used to override a value in the map.
17:10 kermit joined #salt
17:10 kruppm joined #salt
17:11 murrdoc so the map.jinja is a 'translation' lookup
17:11 murrdoc less an override lookup
17:11 babilen forrest: That document asks you to define https://www.refheap.com/90112 -- What would the resulting apache map be after the merge? Why use :lookup: in the pillar at all?
17:12 babilen I *only* use :lookup: for things that I want to override in a map in map.jinja
17:12 babilen koma: ta!
17:12 forrest babilen, Ahh I see where we are having the disconnect. So the reason I have it inside of lookup, is so you don't have to do something like this: https://gist.github.com/gravyboat/bacbc6e7f9ab0cd5c8e4
17:13 forrest babilen, to me it was just cleaner to put things under lookup, but I can see where you are coming from with this for sure, and I think that's very fair reasoning
17:13 koma tattaratattata?
17:13 koma what is ta?
17:14 babilen koma: Her Majesty's finest English for "Thank you"
17:14 koma Uh....
17:14 * koma scratches his ass and looks babilen
17:15 koma You are welcome bro
17:15 babilen forrest: I started rewriting that bit so that it is more in line with my understanding, but the nested dictionaries complicated the issue a little (wasn't 100% sure how they'll be merged). Just thought that it is better to discuss it in a PR with a reasonable alternative would make sense.
17:16 murrdoc so much good stuff is 'New in version 2014.7.0.
17:16 murrdoc '
17:16 babilen heh
17:16 ndrei joined #salt
17:16 babilen murrdoc: My TODO list that will define 4-5 weeks after the release is growing. It is hard to keep track of all the things that I plan to change/adopt.
17:16 forrest babilen, yeah I think that's totally fair. we should probably ping whiteinge when he isn't at training to see what his opinion on it is. I know for sure that the map should stick with OS related items only, but I'm more than happy to discuss moving that other stuff out of the lookup section if it doesn't make sense, and I can see why it wouldn't
17:17 TheThing joined #salt
17:18 babilen forrest: Hmm, interesting. My take really was "almost static data" → map.jinja, "user defined data" → pillar. (to summarise it)
17:18 forrest babilen, my concern with the map is overloading it, have you seen some of the stuff sroegner has done? He actually uses a SECOND map style file for all of his standard settings.
17:18 forrest babilen, ahh yeah, unless the original idea of the map file has changed, it should only be OS related content.
17:19 babilen forrest: So you don't like https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/map.jinja ?
17:19 babilen (which is mostly OS specific)
17:19 Ryan_Lane joined #salt
17:20 babilen And no, I am not sure which example of sroegner's work you refer to.
17:20 forrest babilen, no I like (at least what I am seeing right now) the stuff in here, because the guys who handle nagios are morons who move things depending on OS
17:20 Ahlee can you require: something from an include: ?
17:20 babilen forrest: yes, it is ludicrous
17:20 Ahlee or does include effectively prepend
17:21 forrest babilen, but if all the confs were /etc/nagios/nagios.conf, we could just put that in the state file itself, no reason to slow things down if we can possibly avoid it, since doing the merge does make it take longer
17:21 forrest Ahlee, while include does prepend, you can just do either require: \ - sls: included_sls, or you can require something from within the include.
17:22 Ahlee forrest: awesome, thanks
17:22 forrest Ahlee, yup
17:23 babilen forrest: Yeah, totally agree. I still think that a slightly better solution for "- source: template_file" in the best practices doc would be nice. In the end we just have to come up with *one* generic way to implement something like the get_config macro that you see sometimes (which is also problematic in some cases). I guess I will use direct references to the pillar for now with a sensible default value.
17:24 forrest babilen, that works for me, if you want to change it up feel free to make a PR and then just mention whiteinge and myself and we can discuss if there are any concerns
17:24 forrest babilen, I don't have any specific attachment to keeping things a specific way, just ensuring it's clear for users.
17:24 forrest and obviously keeping things as fast as possible.
17:25 murrdoc is there a 'salt best practices' area on github/saltstack org
17:25 babilen forrest: Sounds like a good idea. This whole thing actually stems from a discussion with a user who did not understand the meaning of "lookup" in there.
17:25 forrest murrdoc, what do you mean?
17:25 murrdoc for eg
17:25 P0bailey joined #salt
17:25 P0bailey joined #salt
17:25 murrdoc a how to area, where all the regular things we try to do with salt are documented
17:26 babilen murrdoc: http://docs.saltstack.com/en/latest/topics/best_practices.html + http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
17:26 forrest babilen, ahh I see, yeah if it isn't clear, that's fine. I might have made too many assumptions when I originally wrote that where I linked to the formula docs
17:26 murrdoc like a package sls with an associated template to manage installed/purged packages so on
17:26 forrest murrdoc, no we don't have anything QUITE that in-depth yet
17:26 murrdoc yeah
17:26 forrest murrdoc, you can look at examples from the saltstack-formulas repo
17:26 murrdoc its what i am doing
17:27 murrdoc altho the graphite one needs to work with collectd also, that one is setup only for diamon
17:27 murrdoc diamond*
17:27 murrdoc babilen:  this is good, http://docs.saltstack.com/en/latest/topics/best_practices.html
17:28 murrdoc maybe just a wiki then
17:28 murrdoc a 'formulas' wiki
17:28 forrest babilen, You won't find me too attached to any of the docs I wrote as long as the changes we make are improving the user experience or making it more clear.
17:29 Ryan_Lane howdy. is there any news on providing PPAs for RCs?
17:30 murrdoc +1 on request
17:30 Ryan_Lane it's pretty difficult to actually test the RC without a sane way to install it
17:30 dfinn left #salt
17:30 murrdoc salt-daily is way to behind
17:31 Ryan_Lane also, where are the debian directories kept for the projects and why aren't they in the repos?
17:31 Ryan_Lane it would be a bit less problematic if it was possible to build the debs
17:31 murrdoc https://github.com/saltstack/salt/tree/develop/debian ?
17:32 Ryan_Lane sweet
17:32 Ryan_Lane heh. now the question is... have these been updated at all for 2014.7?
17:32 Ryan_Lane seems that's a no
17:32 Ryan_Lane https://github.com/saltstack/salt/tree/2014.7/debian
17:33 Ryan_Lane hell, it hasn't been updated for the current releases.
17:33 babilen Ryan_Lane: git://anonscm.debian.org/pkg-salt/salt.git
17:33 * babilen says goodbye for now. Have a good evening/day :)
17:34 XenophonF good night babilen
17:34 sysadmin75 How do I save output from a salt grain into a variable?
17:34 smcquay joined #salt
17:34 SheetiS {% set variable = grains.get('variable', 'default') %}
17:34 forrest babilen, later
17:34 _viq joined #salt
17:35 forrest Ryan_Lane, you could ask Joehh if he was around..
17:35 forrest Ryan_Lane, he does the debian packaging
17:35 Ryan_Lane release management needs some love ;)
17:35 Ryan_Lane this release is nearly 3 months late (it almost certainly will be, when it's released)
17:35 SheetiS sysadmin75: That's assuming you want to use it in jinja
17:36 sysadmin75 SheetiS: specifially I want hwaddr_interfaces.eth0 which is a dict. Would I use a dot or []?
17:36 Ryan_Lane and there's no way to test the RCs thoroughly
17:36 SheetiS actually a colon would be the best way
17:36 Ryan_Lane UtahDave: ^^
17:36 Ryan_Lane basepi: ^^
17:36 * UtahDave looks up
17:37 * hobakill looks at UtahDave
17:37 sysadmin75 SheetiS: So something like this: {% set uniquestr = {{ salt['grains.get']('hwaddr_interfaces:eth0', '000000') }} %}
17:37 Ryan_Lane I was working on trebuchet last night to make a demo people could launch in AWS and realized that I'd need to install the minion, the master, the api and a bunch of other things from pip/supervisor
17:37 SheetiS you don't need the {{ }} since you are already inside jinja there
17:37 SheetiS but other than that, correct.
17:38 forrest Ryan_Lane, did you give trebuchet a better logo yet?
17:38 UtahDave ah, yeah. definitely, Ryan_Lane.  We're going to have a full set of official saltstack repos, including for RCs and nightlies
17:38 Ryan_Lane forrest: I didn't :)
17:38 sysadmin75 SheetiS: I want this inside an sls file
17:38 murrdoc what is trebuchet
17:38 SheetiS {% set uniquestr = salt['grains.get']('hwaddr_interfaces:eth0', '000000')  %} assuming you want the default to be '000000'
17:38 Ryan_Lane UtahDave: it's pretty important for releases to be timely. is there going to be any work on cutting releases on time, even if features that are wanted don't land?
17:39 Ryan_Lane I'd rather have a release with a few less features and wait 6 months, than wait 9 months for a very feature rich release
17:39 Ryan_Lane murrdoc: a deployment system that wikimedia is using
17:39 sysadmin75 SheetiS: ok, that seems to work thanks. Now I want to output that var and I'm trying to use show_full_context() but I'm getting an error.
17:40 Ryan_Lane I'd imagine it's Raet that pushed this release back
17:40 SheetiS sysadmin75: got a paste of what you are trying to do?
17:40 Ryan_Lane it could have landed in 2015.1 and only been pushed by 3 months ;)
17:40 CeBe babilen: well, it could complain about the missing one to be missing and not the one that is there ;)
17:40 kruppm UtahDave: so we're also going to get a debian repo cointaining packaged nightly/dev builds? that would be awsome!
17:41 UtahDave kruppm: That's the plan.
17:41 kruppm :)
17:41 Ryan_Lane I'm not trying to complain too much, btw. I'm just trying to give some feedback about the pain of this release cycle
17:42 UtahDave Ryan_Lane: :)  No, don't worry. We really appreciate the feedback.
17:42 kruppm UtahDave: yay, no more "patching salt via salt" :)
17:42 sysadmin75 SheetiS: http://pastebin.com/NsKqLrSD
17:43 bhosmer_ joined #salt
17:43 sysadmin75 I bet show_full_context needs to be inside {% ... %}
17:44 SheetiS sysadmin75:  It's not that, it's that salt doesn't know what you want to do with the full context.
17:44 SheetiS It's trying to use that as configuration yaml and barfing.
17:44 metaphore joined #salt
17:45 SheetiS Sometimes when I want to debug stuff, I output it to a file in /tmp with a file.managed of the contents of the variable I want to see.  Example coming momentarily.
17:46 hobakill Ryan_Lane: just found your blog. lots of great information in there. thanks for posting all of it.
17:46 shaggy_surfer joined #salt
17:47 UtahDave Ryan_Lane: We're filling out a QA team as well, and they're helping with all that.
17:47 egalano joined #salt
17:47 Ryan_Lane hobakill: you're welcome. I'm glad you're finding it helpful :)
17:47 Ryan_Lane UtahDave: cool
17:49 SheetiS sysadmin75: https://bpaste.net/show/d68889c4061a <-- something like that
17:49 Setsuna666 joined #salt
17:50 sysadmin75 SheetiS: Thanks I'll give it a try
17:52 SheetiS There might be a better way to track the contents of a variable through a state file for debugging, but sometimes I want to see it at 3-4 different places through, and this is how I currently look at it.
17:54 egalano_ joined #salt
17:55 egalano_ joined #salt
18:00 oz_akan_ joined #salt
18:00 englishm joined #salt
18:02 delinquentme joined #salt
18:02 pdayton1 joined #salt
18:02 delinquentme is there a way to check out logs for zeroMQ ?
18:05 aboe joined #salt
18:05 oz_akan joined #salt
18:07 aboe can somebody help me debug the starting of the salt-master with notify and systemd 216, I get the a strange message about not sending the mainpid to systemd
18:09 schimmy joined #salt
18:10 kballou joined #salt
18:10 schimmy1 joined #salt
18:11 hoohaha joined #salt
18:11 hoohaha I'm relatively new to salt.
18:11 hoohaha should I expect that my minions will keep in contact with my master?
18:12 hoohaha because mine aren't, they'll be connected for a time (I haven't determined yet how much time), and then they disconnect and don't seem to check in with the master at all.
18:12 hoohaha running test.ping doesn't provide a result
18:12 hoohaha running manage.status shows the minions are down
18:12 hoohaha but, the machines are up and running, and the minion daemons are active.
18:13 murrdoc and you have verified / accepeted the keys
18:13 hoohaha yup, everything works great, I can salt-call from the minion, everything's good.
18:13 hoohaha I can restart the minion daemon, and it will be in contact with the master for a while, but then it just drops off.
18:13 murrdoc salt-key -A has all minions ?
18:14 sastorsl hi
18:14 hoohaha murrdoc: yes.
18:14 murrdoc sweet
18:14 murrdoc but test.ping has no output
18:14 sastorsl What would I type to get the pillar_root and file_root with "pillar.item" ?
18:14 hoohaha correct.
18:15 ipmb joined #salt
18:15 hoohaha well, it has output for a time, but then nothing.
18:15 murrdoc can u try running
18:15 murrdoc salt '*' state.clear_cache
18:15 murrdoc then try the test.ping
18:15 hoohaha I've looked around, and found some reports of minions disconnecting with 0mq2, but both the master and the minions are running 0mq3
18:15 hoohaha sure, hold on.
18:16 forrest hoohaha, https://github.com/saltstack/salt/issues/15415 perhaps?
18:17 hoohaha ok, running state.clear_cache doesn't seem to have an effect.
18:17 hoohaha forrest, let me take a look
18:17 auser joined #salt
18:18 jalaziz joined #salt
18:19 hoohaha forrest: I don't think what I'm seeing is related to a daily AES rotation, as I'm seeing the minions stop responding within a few hours (again, I haven't nailed down how long they stay attached).
18:20 sastorsl got it myself: salt-call pillar.get master:file_roots:base
18:20 hoohaha the machine I'm on right now, I restarted the minion daemon this morning.  It showed as connected on the master.  I let it sit for a few hours, and clearly the machine is online but the master says it's down.
18:21 murrdoc what does sls stand for
18:22 forrest hoohaha, ok cool, just wanted to make sure
18:22 kermit joined #salt
18:22 forrest hoohaha, also you're running the same version of master and minion right?
18:22 hoohaha hmm, I actually just checked that
18:23 hoohaha it looks like the master and minion are not both the same version.  The master is running 2014.1.7, the minion is running 0.17.5.
18:23 hoohaha The master is supposed to be backwards-compatible with older minions, but still, the minion's 6 months out of date.
18:23 forrest hoohaha, ok that could be a problem
18:23 hoohaha let me update my minion and see what happens.
18:23 forrest hoohaha, yeah I don't run different version
18:24 murrdoc stop minion, stop master, nuke cache dirs, start master, start minion
18:24 druonysus joined #salt
18:24 druonysus joined #salt
18:24 ajolo joined #salt
18:24 KaaK i'm also experiencing this same issue. ubuntu 14.04, and salt 2014.1.7+ds-1trusty1 for all masters and minions
18:24 picker joined #salt
18:25 KaaK if i don't run jobs from the master for an extended period of time (say between after leaving work, and returning the next morning) I will get that exact same issue
18:26 KaaK I usually have to send out several pings to get all the minions back up (or what ever it is that gets them reporting back into the master)
18:27 jalaziz joined #salt
18:28 murrdoc i am running it on a 12.04 ubuntu master with 2014.1.10 and 14.04 ubunutu minions with 2014.1.10 minions
18:28 murrdoc i ran into this issue once when i setup salt everywhere
18:28 murrdoc did the 'nuke cache dir' fix
18:28 hobakill KaaK: it's a familiar issue. i had it until i upgraded to 2014.1.10 --it doesn't happen as often now.
18:28 murrdoc now its not been a problem
18:29 KaaK i get it every day in the morning when i come in and first start sending out jobs
18:29 murrdoc sucks
18:30 murrdoc can u apply highstate to all minions all the time ?
18:30 murrdoc if so i d configure a salt highstate or any other state run
18:30 murrdoc via cron
18:31 murrdoc i have an 'enforcement' state that i run against all minions once a week
18:31 KaaK seems so hackish... additionally, some of my minions have bandwidth concerns (connected via cell)
18:31 auser left #salt
18:31 mpanetta Wow, minions via cell
18:33 KaaK however, this issue affects ALL of my salt network, masters and minions via AWS and over less reliable connections
18:33 ndrei joined #salt
18:35 Outlander joined #salt
18:36 oz_akan joined #salt
18:40 aparsons joined #salt
18:40 jalaziz joined #salt
18:41 pdayton joined #salt
18:42 pdayton joined #salt
18:44 wt joined #salt
18:45 basepi Ryan_Lane: depends on your definition of "late".  The .7 part only tells when the feature freeze took place.  Who cares if it matches the final release date?  But yes, as UtahDave mentioned, we have big plans for release/package management, just have to hire a bunch of people.
18:45 basepi I do definitely want RCs to be much easier to test.
18:45 pdayton joined #salt
18:50 snuffeluffegus joined #salt
18:51 shaggy_surfer joined #salt
18:51 tristanmatthews joined #salt
18:51 Gareth RCs for some!  Tiny American flags for others!
18:51 mpanetta joined #salt
18:51 snuffeluffegus joined #salt
18:52 pdayton joined #salt
18:53 auser joined #salt
18:54 spookah joined #salt
18:54 tristanmatthews Hi all, I'm playing with different ways to control install of the numpy / scipy / matplotlib / scikit-learn stack. Does anyone know if there is a nice clean way of calling something like: apt-get build-dep python-matplotlib
18:55 iggy I haven't seen anything, but might make a nice feature request in the tracker
18:55 KaaK tristanmatthews, define clean
18:55 tristanmatthews KaaK, I guess I was trying to avoid doing it as a cmd.
18:57 tristanmatthews Kaak, maybe my question should be. How do you recommend doing it?
18:58 KevinMGranger joined #salt
18:58 KaaK tristanmatthews, probably my biggest issue with cmd is making it stateful --however, i've often found i can make it stateful using the `unless` and `onlyif` keywords
18:59 KaaK build-deb is going to be rather an adventure though
19:00 tristanmatthews KaaK, thanks I'll play with it and see what I can make work well :)
19:00 KaaK your other option is triggering the build-deb cmd state when something else (ideally stateful) is runs
19:01 KaaK tristanmatthews, are you apt-get source'ing something as well?
19:02 lkannan joined #salt
19:03 englishm_ joined #salt
19:03 tristanmatthews Kaak, I was just doing an apt-get build-deb python-matplotlib; pip install matplotlib    which nicely gets me the latest version. Next I'm going to play with putting the pip install in my virtualenv
19:05 KaaK tristanmatthews, I think you're probably best just explicitly listing out the build-deps in their own state, and declaring a required for the pip install matplotlib
19:05 tristanmatthews Kaak, yeah sounds like it. Ok thanks.
19:06 KaaK biggest reason to call build-dep is if you were building a binary deb file from a debian source package
19:09 rostam joined #salt
19:10 tristanmatthews I was using it because the matplotlib debs don't seem to be the stabalist things in the world, like across different versions / systems.
19:12 intr1nsic joined #salt
19:13 spookah joined #salt
19:14 jalaziz joined #salt
19:14 iggy you wouldn't just want to build your own packages once and deploy those instead of building X number of times?
19:15 murrdoc left #salt
19:17 gmeno erjohnso: I don't see the fix in https://github.com/saltstack/salt/issues/14768 any branch or tag but develop. Reading the comments leads me to believe that you've not heard back from the peel-testing folks. Is that the case?
19:17 chutzpah joined #salt
19:17 gmeno s/peel/EPEL/
19:17 tristanmatthews iggy, This is part of my salt state that builds aims so is called fairly rarely, but I might as well put it in salt. I'm moving stuff from ubuntu 12 to 14 so clearly matplotlib broke.
19:19 auser left #salt
19:21 delinquentme joined #salt
19:24 oz_akan joined #salt
19:26 invsblduck joined #salt
19:34 rypeck joined #salt
19:35 jdmf_ joined #salt
19:36 juice_ joined #salt
19:37 imil_ joined #salt
19:39 bytemask_ joined #salt
19:39 roo9 joined #salt
19:39 rjc_ joined #salt
19:40 bezeee joined #salt
19:40 active8 joined #salt
19:40 dfinn joined #salt
19:40 geekmush left #salt
19:40 ndrei joined #salt
19:40 ajolo joined #salt
19:41 dfinn iggy, even on the latest version of salt-minion it doesn't set the grain correctly for os on OL systems.  I filed a bug.  https://github.com/saltstack/salt/issues/15716
19:41 dfinn thanks for helping look into it earlier
19:41 dstokes joined #salt
19:41 ecdhe_ joined #salt
19:41 iggy np, wish it had been an easy fix :/
19:44 bezeee is there a way to get the minion_id as a grain?
19:45 Eugene IIRC it's named "id"
19:45 bezeee ah....duh
19:45 bezeee thanks :)
19:46 maboum joined #salt
19:48 johngrasty joined #salt
19:49 englishm joined #salt
19:56 irctc769 joined #salt
19:57 djradon joined #salt
19:58 talwai how do you hot-load minion.conf changes into a minion from the master. is there an execution modules from this?
20:00 djradon I've done lots of looking, but can't figure out how to change the interval for test.ping
20:00 ajolo joined #salt
20:01 bnikolau1 joined #salt
20:03 diegows joined #salt
20:03 ckao joined #salt
20:04 n8n joined #salt
20:06 che-arne joined #salt
20:07 winmutt joined #salt
20:07 winmutt i want to change one line in sshd_config, the port setting
20:08 winmutt template seems overkill, particularly since packagemanagement might add new features etc
20:08 winmutt but very unlikely port var name will be changed
20:08 winmutt doesnt really seem like the file module can help with this
20:09 winmutt blockreplace seems to be the only thing that does this and that is problematic in assuming comments
20:10 winmutt ah replace
20:10 winmutt much better
20:11 jslatts joined #salt
20:13 CatPlusPlus_ joined #salt
20:14 delinquentme "instance" / "instancing" would be the general vocab you'd use to describe spinning up a cloud server right?
20:16 ekristen to get salt-master to see new reactor.conf or updated one, do you have to restart salt-master? or is there another trick to reloading it?
20:16 shaggy_surfer joined #salt
20:17 ekristen UtahDave: ^^ ?
20:19 winmutt did running salt-call again not see the new file?
20:20 Eugene delinquentme - yup
20:23 jalaziz joined #salt
20:25 sctsang joined #salt
20:25 oz_akan joined #salt
20:30 aboe joined #salt
20:32 UtahDave ekristen: yeah, you have to restart the salt-master any time you modify it's config file
20:32 ekristen thought so
20:33 ekristen thanks
20:34 n8n joined #salt
20:37 Hell_Fire_ joined #salt
20:42 bezeee joined #salt
20:43 n8n_ joined #salt
20:48 fragamus joined #salt
20:49 winmutt i get a KeyError 'pub' and last error line in stack is    statefiles = fnmatch.filter(self.avail[env], sls_match)
20:49 winmutt which i think indicates my file_roots are misconfigured
20:49 winmutt however i've double checked and everything looks ok
20:50 winmutt >.< after restarting salt-master its ok
20:50 winmutt doesnt inspire confidence in a noob
20:50 winmutt what might cause this
20:53 holms how can I add user to sudoers?
20:55 aurynn joined #salt
20:56 iggy holms: isn't there a sudoers-formula?
20:56 holms usually automation system has ready soluton for this
20:56 holms withing one line or smtng
20:56 iggy https://github.com/saltstack-formulas/sudoers-formula
20:56 holms thanks
20:57 iggy I always look in https://github.com/saltstack-formulas/ first
20:57 iggy chances are most of the low hanging fruit is in there
20:57 holms will do next time :)
20:57 iggy the only custom states we have are for some odd graphics and java packages that we have
20:58 iggy of course our pillars are starting to get a bit long in the tooth
20:58 perfectsine joined #salt
20:58 XenophonF remember to clone a saltstack-formulas repo if you decide to use it
20:59 XenophonF you don't want people with commit access to saltstack-formuals gaining access to your systems
20:59 iggy ^
20:59 holms always do )
20:59 XenophonF :)
21:00 holms already had a conflict in here that i should use gitfs :D
21:00 iggy I think that's mentioned in the "best practices" section
21:00 holms i said no thanks
21:00 iggy at least I've seen it somewhere
21:01 chrisjones joined #salt
21:01 iggy we use gitfs for formulas, we just fork the formulas from saltstack-formulas into our company organization and pull from there
21:02 holms now there's a simple but a bit long question
21:02 aparsons joined #salt
21:02 Ozack2 joined #salt
21:03 holms i have /srv/salt/states/top.sls and /srv/salt/states/users.sls. I include users.sls to top.sls
21:03 holms and would be nice in users.sls to set a sudoer, but how to call formula to do this?
21:03 holms i first of all this https://raw.githubusercontent.com/saltstack-formulas/sudoers-formula/master/pillar.example, and before i should include formula?
21:04 metaphore left #salt
21:06 XenophonF holms, the users-formula has an example of that
21:06 XenophonF i don't think it uses the sudoers-formula tho
21:06 murrdoc joined #salt
21:08 holms there's sudo.sls in users-formula
21:08 holms hmz
21:09 murrdoc yeah its better than the sudo-formula
21:09 holms XenophonF: so when you include users-formula to base for example in top.sls
21:09 holms and then include users.sls in top.sls
21:09 XenophonF no
21:10 holms i want separate state file to maintain users
21:10 holms and including users-formula in there would be nice.
21:10 XenophonF you'd install the formula by copying "users" and everything under it to your state directory
21:10 XenophonF which for me is /usr/local/etc/salt/states/
21:10 holms what about special dir for formula
21:11 XenophonF then in the states/top.sls file, you'd do something like:
21:11 XenophonF base:
21:11 murrdoc thats the recommended way
21:11 XenophonF '*':
21:11 murrdoc and in the users.sls
21:11 XenophonF - users
21:11 XenophonF the user definitions themselves you'd put into pillar
21:11 holms XenophonF: okay and what's next
21:11 holms then i'd like to include users.sls (which is state i want to separate from top.sls)
21:12 holms and would be nice to call stuff from users-formula
21:12 holms using all this in users.sls https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example
21:12 XenophonF see that link I pm-ed you
21:12 XenophonF the states and pillar directory trees are set up the same way
21:12 XenophonF but they do different things
21:13 XenophonF if you want to use the users-formula, just copy https://github.com/saltstack-formulas/users-formula/tree/master/users to your states directory
21:14 XenophonF so you'd end up with a users directory that contains init.sls, map.jinja, and sudo.sls
21:14 holms one small question , why you don't use /srv/salt/formulas dir
21:15 XenophonF I dunno
21:15 XenophonF i guess you could
21:15 holms i put formulas in there and states in /srv/salt/states <-- which is written by me
21:15 holms including formulas in states/top.sls works well
21:15 holms all most same as you telling me )
21:15 XenophonF hah
21:15 holms now after i've included formula
21:15 XenophonF sorry i'm unfamiliar with how salt lays things out on linux
21:15 holms i'd like to include users.sls (my custom state) with include:
21:16 holms http://docs.saltstack.com/en/latest/ref/states/include.html
21:16 holms and in users.sls using stuff from that pillar.example of that formula would work or not?
21:16 holms that's only question i have :)
21:17 XenophonF the pillar stuff goes into a completely different directory
21:17 XenophonF although it's layed out the same as the state directory
21:18 druonysuse joined #salt
21:18 druonysuse joined #salt
21:18 XenophonF http://paste.debian.net/120461/
21:18 XenophonF that's what my pillar directory looks like
21:19 XenophonF i guess that's /srv/salt/pillar on linux?
21:19 holms yes )
21:19 holms same path
21:19 XenophonF so there's top.sls
21:19 holms i'm just still not comfortable using pillar
21:19 XenophonF just like in your /srv/salt/states
21:19 holms okay
21:19 XenophonF and /srv/salt/pillar/top.sls controls which pillar SLS files get applied to your minions
21:20 XenophonF just like how /srv/salt/states/top.sls controls which state SLS files get applied to your minions
21:20 holms aha
21:20 XenophonF files under pillar _do not_ have to match files under states
21:20 holms in ansible i had vars file where i stored sensetive stuff, and used those vars in tasks(states)
21:20 XenophonF right
21:20 holms so i expect something simillar in here
21:20 XenophonF pillar is the same idea
21:20 holms oh great
21:20 XenophonF so everything under /srv/salt/states gets cached on the minion's file system
21:21 XenophonF nothing under /srv/salt/pillar gets cached
21:21 holms understood
21:21 XenophonF that's why everything says to put sensitive data in pillar
21:21 XenophonF OK so, lets say you have /srv/salt/pillar/users.sls
21:21 XenophonF and that has all the stuff in saltstack-formulas/users-formula/pillar.example in it
21:22 XenophonF defines all of your users or whatever
21:22 sysadmin75 left #salt
21:22 XenophonF so in /srv/salt/pillar/top.sls, you need to make it look like this:
21:22 sysadmin75 joined #salt
21:22 XenophonF http://paste.debian.net/120462/
21:23 aurynn left #salt
21:23 holms okay
21:23 XenophonF which means, for all minions that match '*' (everybody), use the data from /srv/salt/pillar/users.sls on the master
21:23 XenophonF let's say you have a computer that needs a few additional user accounts created
21:24 XenophonF you could list those accounts and their settings in /srv/salt/pillar/moar-users.sls
21:24 XenophonF then to apply the config, you'd make /srv/salt/pillar/top.sls look like this:
21:25 XenophonF http://paste.debian.net/120464/
21:25 holms ok this is understood
21:25 XenophonF (not sure if "-" is allowed in sls file names but let's just go with it)
21:25 holms only question what's you gonna write in /srv/salt/pillar/users.sls
21:25 kermit joined #salt
21:25 XenophonF so some-other-minion-id will merge the contents of /srv/salt/pillar/users.sls and /srv/salt/pillar/moar-users.sls
21:26 jhauser joined #salt
21:26 oz_akan joined #salt
21:26 holms because user creation (even some names and group) for me would be comfortable to store in states, as some of those are required to be and not sensetive at all
21:26 XenophonF fair enough
21:26 XenophonF there's more than one way to do it
21:26 holms so one way let pillar create senstive stuff
21:26 holms (as i undesrstand)
21:26 XenophonF but if you want to use the users-formula, you have to specify everything in pillar
21:27 holms another way is to have pillar variables, which you can use in states?
21:27 XenophonF pillar doesn't create anything - it is just a data store
21:27 XenophonF all states are under, well, states :)
21:28 XenophonF if you take a look at my config
21:28 XenophonF look at states/users/init.sls
21:29 XenophonF then look at pillar/users/critical.sls
21:29 XenophonF that's a very simple state defining one user, but getting the password from pillar
21:30 bhosmer joined #salt
21:30 XenophonF or you could go whole hog, copy users-formula to your states tree, and put your entire user database into pillar
21:30 holms interesting
21:30 XenophonF in which case users-formula will iterate through the contents of the 'users' key in pillar.items
21:30 holms so basically same as attributes or vars.. but just called "pillar" :D
21:31 XenophonF I guess so?
21:31 XenophonF I never got around to using Ansible or Puppet.
21:31 XenophonF :-D
21:31 holms well in chef you have attributes dir, where you have attributes file, which can be dictionary, list or variable, whatever, which you use in your recipes
21:31 XenophonF that sounds a lot like pillar
21:31 holms same in ansible, you have vars dir, which you include into your playbook (state), which can be read by roles (formulas)
21:32 holms great, and thanks for your zip files
21:32 holms this will help a lot
21:32 XenophonF no problem
21:32 XenophonF i'm probably proudest of the apache states
21:32 holms :D
21:32 XenophonF just got those working last night thanks to manfred IIRC
21:32 XenophonF my apache states are a formula too
21:33 XenophonF they lay down a standard config - mod_security and mod_ssl
21:33 XenophonF but to configure vhosts, they loop through the contents of the apache:vhost key in pillar
21:34 XenophonF same concept as users-formula only websites
21:34 FL1SK joined #salt
21:34 XenophonF and if i want to configure the same web site on more than one server, in pillar i just have to assign the SLS containing that web site's definition to each of those servers
21:34 XenophonF ok holms i gtg
21:34 XenophonF bye
21:35 FL1SK joined #salt
21:38 sysadmin75 left #salt
21:38 manfred left #salt
21:39 holms anybody knows is there's something like "name" for state operations? so i'd see in salt-call info something more understandable than actually command it self
21:41 iMil joined #salt
21:42 perfectsine joined #salt
21:42 elfixit joined #salt
21:46 holms is there's something similar in salt? https://dpaste.de/a3em =/
21:46 holms naming i mean
21:46 mhubbard joined #salt
21:47 dfinn joined #salt
21:48 Ryan_Lane holms: you mean the | ?
21:48 Ryan_Lane I'm not sure I understand what that paste is doing
21:51 Ryan_Lane holms: I'm not sure if this helps, but I use the ID field like documentation: https://gist.github.com/ryan-lane/085ec4fd14f337a6b09f
21:51 Outlander joined #salt
21:51 murrdoc quick question
21:51 ajprog_laptop joined #salt
21:51 ajprog_laptop2 joined #salt
21:51 murrdoc u know u can specify multiple names under pkg.installed: - name: - package 1 -package 2
21:51 holms Ryan_Lane: i mean just a name, to say in human language
21:51 murrdoc does that work with file.removed ?
21:51 Ryan_Lane holms: yeah, take a look at that gist I linked
21:51 holms what's actually happening in this "State" or handler it's called in chef/ansible
21:52 murrdoc i ll test it
21:52 holms oh
21:52 holms intesting
21:52 delinquentme during these events [DEBUG   ] update_callback has returned False which is considered a failure. Remaining Failures: 4
21:52 delinquentme what is actually happening ... what / who is it attempting to authenticate with?
21:52 holms i wonder how this looks in [INFO]
21:53 holms Ryan_Lane: i think that's exactly what i've been looking for
21:54 Ryan_Lane holms: info shows the name, not the ID
21:54 n8n joined #salt
21:54 Ryan_Lane holms: however, the state run output will show the ID, if you aren't using mixed mode
21:55 Ryan_Lane (or terse mode)
21:55 holms highstate mode
21:55 Ryan_Lane right
21:55 holms so this is called "id" in here, great
21:55 Ryan_Lane http://ryandlane.com/blog/2014/09/08/saltstack-development-behavior-of-exceptions-in-modules/ <--
21:55 Ryan_Lane there's an example when not using terse mode
21:56 holms Ryan_Lane: can you explain me a bit about this modes on fingers. im not sure why they exist at all in here
21:56 Ryan_Lane modes on fingers?
21:56 holms vagrant says only highstate mode is accepted
21:56 holms what's the difference between these modes )
21:57 Ryan_Lane I don't know what fingers is
21:57 Ryan_Lane can you link me to the doc you're reading?
21:57 holms it's metaphoric thing :D
21:57 holms can you explain on simple english what's the diffence between modes in saltstack
21:57 holms and why do they exist
21:57 holms for me this is alien when coming from chef/puppet/ansible
21:58 Ryan_Lane highstate is a poorly named function that says "load all the pillars, all the grains, then compile the states, then run the states in order"
21:58 Ryan_Lane I really wish it would just be renamed to run
21:58 holms okay
21:58 Ryan_Lane holms: you'll likely never use anything other than highstate, sls, or template functions
21:58 Ryan_Lane and 99.99% of the time you'll use highstate
21:59 holms what's terse mode then
21:59 Ryan_Lane oh, sorry. I was talking about the output mode
21:59 holms how can you set that please :D?
21:59 holms because all i've found is setting log level
21:59 Ryan_Lane holms: http://docs.saltstack.com/en/latest/ref/configuration/master.html#state-output
22:00 Ryan_Lane some settings from the master config work in the minion config, if you're using masterless
22:00 holms oh
22:00 Ryan_Lane (this should be documented, but alas, isn't)
22:00 holms im using masterless for now
22:00 Ryan_Lane me too
22:01 holms stupid vagrant https://docs.vagrantup.com/v2/provisioning/salt.html
22:01 holms all they have is log_level
22:01 n8n joined #salt
22:01 holms currently getting [INFO] so this is probably something identical to terse
22:01 to_json joined #salt
22:02 holms Ryan_Lane: you're using salt-virt?
22:02 Ryan_Lane nope
22:02 holms vagrant?
22:02 Ryan_Lane what's salt-virt?
22:02 holms something similar to vagrant :D
22:03 Ryan_Lane I do use vagrant, but we have a very complex setup
22:03 holms i also have complex setup
22:03 Ryan_Lane we use vagrant + coreos + docker + salt
22:03 holms https://github.com/holms/vagrant-starter
22:03 holms that's what i'm using
22:03 holms Ryan_Lane: so how do you set output level in vagrant? only thing that's available is log_level
22:04 Ryan_Lane well, we're using the phusion docker image
22:04 Ryan_Lane and we run highstate as the last runit service
22:04 holms Ryan_Lane: maybe you'll be intersted https://github.com/holms/vagrant-starter/blob/master/.repo-chef/boxes.rb
22:04 Ryan_Lane it outputs to stdout
22:04 holms you run it with salt-call? or with vagrant plugin?
22:04 Ryan_Lane so our container logs show our state run
22:04 Ryan_Lane we have scripts that tail the container logs
22:05 holms hmz
22:05 Ryan_Lane all vagrant does for us is launch coreos
22:05 holms im just simply using vagrant salt provisioner
22:05 holms vagrant provision myvm
22:05 holms quite handly
22:05 Ryan_Lane coreos launches docker containers, which run salt-call state.highstate
22:05 holms vagrant provision myvm --provider=digital_ocean
22:05 Ryan_Lane oh, we don't provision to the cloud using vagrant
22:06 Ryan_Lane we use aws and the boto_* state modules that we wrote
22:06 holms comfortable with ansible but not sure about this with chef/salt
22:06 Ryan_Lane http://ryandlane.com/blog/2014/08/26/saltstack-masterless-bootstrapping/
22:06 holms hmz
22:07 holms ok thanks for info )
22:07 englishm joined #salt
22:10 n8n_ joined #salt
22:13 Ryan_Lane yw
22:13 bezeee joined #salt
22:14 DaveQB joined #salt
22:16 aparsons_ joined #salt
22:19 Ozack1 joined #salt
22:19 Ryan_Lane please o salt devs, heed my github issue: https://github.com/saltstack/salt/issues/15724
22:21 forrest Ryan_Lane, cachedout already responded :P
22:22 Ryan_Lane yep :)
22:22 murrdoc joined #salt
22:23 Ryan_Lane I gave an internal talk a couple weeks ago, and what question do you think I got?
22:23 dfinn joined #salt
22:23 Ryan_Lane Them: "What does highstate mean?" Me: "I have no clue"
22:23 forrest lol
22:23 forrest weird question, who cares what it means?
22:23 forrest you know what it does :\
22:23 forrest but I can understand
22:23 Ryan_Lane they don't easily associate the two
22:24 forrest is salt that hard to use?
22:24 Ryan_Lane they can't look at the docs and see "oh, this is what I should be calling"
22:24 Ryan_Lane for new users? it's not incredibly simple
22:24 iggy it's not difficult, it's just not intuitive
22:25 Ryan_Lane mostly because of little things, like "highstate" and "lowstate"
22:25 aparsons joined #salt
22:25 iggy I've been using salt for a while and have no idea what lowstate does or how it differs from highstate
22:26 murrdoc i assume lowstate is what ships with salt ? but isnt in the yamls
22:26 KyleG I used to use highstate..
22:26 KyleG Now it's a forbidden thing in our company
22:26 KyleG state.sls all day erryday
22:26 murrdoc heh
22:26 oz_akan joined #salt
22:27 KyleG There was a bug introduced around 17.4 I think it was or something
22:27 murrdoc what happened
22:27 KyleG where someone messed up the CHMOD math
22:27 KyleG and all my files were set to permissions 420
22:27 iggy we use highstate in a few cases, but generally, it's more targeted
22:27 KyleG ALL salt controlled files
22:27 KyleG -_-
22:27 KyleG That was a shitty day
22:27 forrest KyleG, 420??
22:27 KyleG yes.
22:27 Ryan_Lane wow. I only ever use highstate
22:27 KyleG I'm not making this up
22:27 melinath joined #salt
22:27 forrest why didn't you just update it and rerun salt?
22:27 KyleG it was the latest version
22:27 KyleG I had to revert
22:27 murrdoc highstate set it to 420
22:27 KyleG yes
22:27 forrest ahh
22:27 murrdoc u jest
22:27 aparsons joined #salt
22:27 KyleG i swear
22:28 KyleG im gonna see if I can find the bug
22:28 forrest I'm surprised I never heard anyone in IRC complain about that
22:28 murrdoc heh
22:28 KyleG https://github.com/saltstack/salt/pull/9131 i think it was this
22:28 KyleG I was here complaining.
22:29 hobakill joined #salt
22:29 aparsons joined #salt
22:29 murrdoc man
22:29 KyleG that was no fun
22:29 KyleG so yeah, no more high states for  us.
22:29 KyleG We trust salt, but not that much. Not anymore.
22:30 KyleG and it was around christmas/vacation time as you can see
22:30 KyleG -_-
22:31 murrdoc damn
22:31 murrdoc just damn
22:31 KyleG hah
22:31 KyleG told you i wasn't bullshittin you! haha
22:31 KyleG So moral of the story, be careful with your highstates.
22:32 hobakilllll joined #salt
22:32 forrest KyleG, oh only in instances where you aren't setting the perms
22:32 KyleG forrest: For me, it was a tftp boot dir.
22:32 KyleG :
22:32 KyleG :|
22:32 KyleG I had just file.recurse
22:32 forrest ahh
22:32 KyleG and it went ahead and broke all my PXE booted servers.
22:33 KyleG which are my app servers. fortunately no one was rebooting them so I could fix it
22:33 KyleG but if I were a larger environment with much more employees, it could've been BAD
22:34 jrb28 joined #salt
22:34 murrdoc sounds bad enough already
22:35 KyleG Don't get me wrong, it's a free open source project, and shit happens, but man did that jarr me into being much more careful with salt than I ever was before. Maybe in a way it was good for my career, learning more careful habits.
22:36 nitti joined #salt
22:36 KyleG I just taught one of my developers about JINJA templating today, I think I just rocked his world
22:36 murrdoc :)
22:39 huleboer joined #salt
22:40 diegows joined #salt
22:41 gmeno joined #salt
22:42 yomilk joined #salt
22:42 Ryan_Lane oh wow. that would have been terrible. I don't set mode unless I have a reason to
22:43 robawt KyleG: interesting story.  i may steal it from you
22:43 robawt i've always asked folks to list the user/group/mode of ANY file they bring into salt
22:44 robawt now i have a solid reasoning, not just witchcraft
22:44 murrdoc joined #salt
22:45 Ozack1 joined #salt
22:47 KyleG ^_^ robawt glad I could be helpful
22:48 n8n joined #salt
22:50 ericof joined #salt
22:51 Outlander joined #salt
22:55 shaggy_surfer joined #salt
23:01 aparsons joined #salt
23:05 seanz joined #salt
23:05 seanz Quick question: what is the easiest way to have a new minion re-broadcast its key?
23:06 seanz robawt: Greetings!
23:06 seanz whiteinge: Greetings also to you!
23:07 yomilk joined #salt
23:07 bhosmer_ joined #salt
23:08 lahwran joined #salt
23:08 robawt seanz: greetings to you Sir
23:08 darless_ joined #salt
23:09 gzcwnk :)
23:11 Goss joined #salt
23:13 Ryan_Lane seanz: I'd think restarting the minion would do it
23:14 seanz Ryan_Lane: I ended up restarting the VM that the minion was installed on because that was the easiest way at the time. Thanks though, you are right.
23:14 Ryan_Lane yw
23:23 seanz left #salt
23:27 oz_akan joined #salt
23:27 wendall911 joined #salt
23:29 oz_akan_ joined #salt
23:30 jslatts joined #salt
23:34 murrdoc joined #salt
23:43 diegows joined #salt
23:43 mechanicalduck joined #salt
23:45 acabrera joined #salt
23:57 vu_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary