Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-10-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 jalbretsen joined #salt
00:13 kermit joined #salt
00:16 ramishra joined #salt
00:18 tafa2 joined #salt
00:28 aquinas joined #salt
00:34 kivihtin joined #salt
00:51 lpmulligan joined #salt
00:53 TyrfingMjolnir joined #salt
00:58 yomilk joined #salt
01:10 diegows joined #salt
01:12 aqua^mac joined #salt
01:14 crocket joined #salt
01:14 crocket Yow
01:17 ramishra joined #salt
01:22 belak So, unless I'm reading this wrong, the iptables states/module doesn't save between reboots?
01:26 nkuttler belak: i would think so. iptables itself isn't persistent
01:26 nkuttler personally, i just create whatever file is necessary to have persistent rules
01:26 belak Hm... it doesn't seem all that useful then... >_<
01:27 nkuttler you can use it with iptables-save i guess
01:27 nkuttler but, yeah, i kinda agree :)
01:28 belak I mean, I suppose you could use iptables-save to dump it after making all that
01:28 belak Hrm
01:29 mosen belak: the iptables state is a bit confusing
01:29 mosen there's a save: True parameter
01:29 mosen but I always end up with /etc/sysconfig/iptables having rules appended on every run
01:31 belak mosen: is /etc/sysconfig a redhat thing?
01:35 jonbrefe joined #salt
01:38 war2 joined #salt
01:39 thayne joined #salt
01:42 mosen belak: ahh yeah
01:42 mosen belak: but save: True should save the rules on other platforms presumably
01:42 belak Looks like debian has iptables-persistent
01:42 belak Hm
01:47 bhosmer joined #salt
01:47 belak Hm, is there a way to make sure that iptables-save is always run last? I can't think of a good way to do dependencies since some states might want to change iptables rules.
01:52 mosen I'm not really sure what the best way to use the iptables state is. Because i get rule duplicates like i said
01:59 mgw joined #salt
02:00 crocket Duh....
02:00 crocket I need to bootstrap my master.
02:01 nkuttler mosen: yeah, i haven't found a good way either. i just have one big template for persistent rules, that checks for grains etc
02:02 crocket My master needs bootstrapping. serve him right.
02:02 Nexpro1 joined #salt
02:02 nkuttler mosen: otherwise you end up with logic in many different places, that all want to modify the same file
02:02 mosen nkuttler: yeah unfortunately :)
02:03 nkuttler with the one template approach you get one file that cotains config that should really be somewhere else though..
02:03 nkuttler but a distro package can modify rules, then some specific role, or some installed webapp, etc..
02:04 mosen nkuttler: if a service declaration included a port or something, maybe you could collect all of that into one thing.. but that doesnt cover rules that are arbitrary
02:04 nkuttler right
02:04 mgw joined #salt
02:07 malinoff joined #salt
02:08 crocket Can a minion hide behind NAT?
02:10 nkuttler crocket: the minions connect to the server, so sure, why not?
02:10 nkuttler er, master
02:11 crocket Ok, the master.
02:17 ramishra joined #salt
02:21 crocket Can the master config be written in jinja template?
02:21 crocket Can the master config be written as jinja template?
02:21 nkuttler crocket: sure
02:22 crocket nkuttler, how?
02:22 crocket The salt documentations don't tell me how.
02:22 nkuttler crocket: um, by doing it? like every other template
02:22 crocket nkuttler, There is no mention of the possibility of doing it.
02:22 crocket nkuttler, How do you know it works?
02:22 nkuttler crocket: do you know how to write *any* file from a jinja template?
02:23 crocket nkuttler, I know how to write a jinja template in sls files.
02:23 crocket I haven't done it in /etc
02:23 crocket I'm scared.
02:23 nkuttler crocket: ok, so you probably want to look at the file.managed module
02:23 crocket nkuttler, Do you mean I should bootstrap /etc with salt-run?
02:23 crocket salt-run runs states on the master.
02:24 nkuttler crocket: wait, what are you trying to do? create new masters?
02:24 crocket no
02:24 crocket I'm trying to create new VMs with "salt-run virt.init"
02:24 crocket New VMs can go to any of the master's minions.
02:25 crocket I need to make sure the new VMs are seeded with the right minion config.
02:25 war2 joined #salt
02:25 crocket Especially, the master key in the minion config.
02:25 crocket nkuttler, Now, tell me.
02:26 nkuttler file.managed
02:31 ramishra joined #salt
02:39 crocket nkuttler, Do you suggest that I run salt-run to put compiled jinja templates into /etc?
02:39 crocket nkuttler, Or?
02:42 mgw joined #salt
02:47 baconbeckons joined #salt
02:51 crocket nkuttler, nothing?
02:52 jonbrefe joined #salt
02:59 mosen salt-formula is pretty good if you want to drive the master config from pillar
02:59 mosen not sure about salt-virt
03:05 crocket mosen, Is salt-formula a recipe?
03:05 crocket A set of recipes.
03:09 mosen crocket: its a recipe
03:09 mosen crock https://github.com/saltstack-formulas/salt-formula
03:10 crocket mosen, Thanks for the tip.
03:11 crocket Can I import python modules and invoke them?
03:12 crocket Can I import python modules and invoke them in jinja templates?
03:12 mosen hmm
03:13 crocket I need to set "master" to the IP address of the default gateway in the minion config of the master.
03:13 crocket For that, I need to use netifaces python module in a jinja template
03:14 crocket or a python module?
03:16 Mso150 joined #salt
03:17 iggy your default gateway is your master?
03:17 iggy DNS!
03:18 crocket iggy, i don't have a DNS set up.
03:18 crocket iggy, The default gateway is the same machine as the master.
03:19 crocket I mean the default route in "ip route"
03:19 iggy probably better off just cmd.run'ing it
03:19 crocket iggy, The IP address of the default route as in http://pastebin.com/Eii8WE3X
03:20 crocket In http://pastebin.com/Eii8WE3X, it's 192.168.0.1
03:20 crocket iggy, Do you get what I mean?
03:20 crocket Or
03:20 kloplop321 joined #salt
03:21 crocket The IP address via which the default route passes.
03:21 kloplop321 left #salt
03:22 iggy yeah, I'd just use cmd.run instead of trying to import modules and stuff
03:22 crocket iggy, I don't understand how cmd.run would achieve my goal.
03:24 iggy {% set masterip = cmd.run "ip route | grep default | awk '{print $4}'" %}
03:24 iggy or something similar
03:24 crocket iggy, Meh
03:24 crocket I don't like it
03:24 crocket That'll break.
03:24 iggy so do python modules
03:24 crocket netifaces.gateways() is more reliable.
03:25 crocket I don't like interfacing with cmd.run
03:25 crocket "ip route" may not exist.
03:25 crocket iggy, I'd argue that it's a bad style to write it.
03:25 ajolo joined #salt
03:27 crocket "salt-run virt.init" merely copies the value of "master" in the hypervisor's minion config to that of the VM's minion config.
03:27 crocket Thus, I need to set the value of "master" in the hypervisor's minion config to the right vaule.
03:28 crocket It'll be done by setting it to the IP address of the default route.
03:28 crocket If it's the IP address of the default route, hypervisors can reach the master without a problem.
03:28 crocket For now
03:28 iggy to answer your question, I'm 99% sure you can't import python modules in jinja
03:28 crocket iggy, Then, I need to use pydsl or py.
03:29 iggy or extend jinja (but I'm not entirely sure how to do that in the context of salt)
03:29 crocket iggy, Extending jinja would be a lousy solution.
03:29 crocket How would I better configure /etc/salt/master and /etc/salt/minion via salt?
03:30 iggy cool, I'll stfu now then
03:30 crocket Can I configure the master and minion configs using salt '*'?
03:30 crocket Or should I bootstrap the configs via salt-run?
03:30 glyf joined #salt
03:36 bhosmer joined #salt
03:48 bhosmer joined #salt
03:49 ndrei joined #salt
03:49 ndrei_ joined #salt
03:51 crocket I want to bootstrap salt configs on the master via salt.
03:52 crocket Is it better to use salt-run or just 'salt'?
03:52 jonbrefe joined #salt
03:52 crocket I was thinking of "salt-run salt.orchestrate orchestrate.bootstrap-master"
03:52 crocket However, it's not a good style.
03:53 jonbrefe joined #salt
03:54 absolute joined #salt
03:56 TyrfingMjolnir joined #salt
04:07 mgw joined #salt
04:22 ramishra_ joined #salt
04:23 baconbeckons joined #salt
04:24 jonbrefe joined #salt
04:55 jblack joined #salt
04:57 jblack Hi. I'm having a little bit of trouble configuring rabbitmq with saltstack.  I suspect that part of the problem is  rabbitmq hasn't finished starting up post installation before the next salt state runs, which finds a not yet up rabbitmq server.
04:57 jblack What is the appropriate way to introduce a short wait?
04:58 ajolo joined #salt
05:04 schimmy joined #salt
05:09 yes456 joined #salt
05:25 bhosmer joined #salt
05:28 twiedenbein /buffer 10
05:30 crocket Help!!!?
05:31 crocket How can I salt on salt itself?
05:53 ramteid joined #salt
06:07 TheThing joined #salt
06:09 ITChap joined #salt
06:13 joehh jblack: how are you installing rabbitmq?
06:14 arif-ali joined #salt
06:16 ioga__ joined #salt
06:20 ioga__ Hello guys. I've found that file.recurse doesn't preserve permissions, and I need to copy local directory to the minions preserving permissions and symlinks. What do you guys would be the decent way to achieve that?
06:21 shookees joined #salt
06:21 crocket How do I salt salt?
06:21 malinoff crocket, take salt shaker and shake it twice
06:23 crocket malinoff, That anlogy doesn't work.
06:23 crocket analogy'
06:23 malinoff crocket, your question is not specific
06:24 crocket malinoff, How do I set the value of "master" in the minion config on the master host to the IP address of the default route using a command?
06:24 crocket Should I write some orchestration states and run it with salt-run?
06:24 crocket Or should I write a shell script?
06:25 malinoff crocket, i guess bootstrapping script is the easiest option
06:25 crocket malinoff, A shell script?
06:25 malinoff crocket, https://github.com/saltstack/salt-bootstrap
06:25 crocket malinoff, no
06:25 crocket malinoff, salt-bootstrap doesn't deal with configurations.
06:26 linjan joined #salt
06:27 malinoff crocket, https://github.com/saltstack/salt-bootstrap/blob/develop/bootstrap-salt.sh#L23-L36
06:28 malinoff crocket, especially, https://github.com/saltstack/salt-bootstrap/blob/develop/bootstrap-salt.sh#L34
06:30 fragamus_ joined #salt
06:30 crocket To hell with salt
06:30 n8n joined #salt
06:31 jhauser joined #salt
06:36 arif-ali joined #salt
06:49 oyvjel joined #salt
06:49 crocket malinoff, I want to continually update the values.
06:50 crocket salt-bootstrap is a one-time thing.
06:51 ramishra joined #salt
06:52 crocket Salt so slow
06:55 shiva_blre joined #salt
06:57 crocket How do I have a salt formula set up automatically on a newly installed system?
06:57 crocket salt-run?
06:58 colttt joined #salt
06:58 malinoff crocket, i think you can manage /etc/salt/minion.conf from salt-master. You should try
06:58 crocket malinoff, I'm thinking of a good way to do so.
06:58 crocket malinoff, salt-run? or salt?
06:59 malinoff crocket, just salt
06:59 crocket malinoff, If I need to manage /etc/salt/minion.conf with salt, salt-minion should be running on the master host.
06:59 crocket salt-minion is not bootstrapped yet.
06:59 malinoff crocket, so you should install it at first :)
06:59 crocket Should I use an induction technique?
07:00 crocket malinoff, I mean salt-minion is installed, but "master" key is not set to the correct value in /etc/salt/minion.conf yet.
07:00 crocket I don't want to set it myself.
07:00 malinoff crocket, i think you should follow the tutorial, you're asking questions covered there
07:01 crocket I want to configure it by "salt-run state.orchestrate orchestrate.bootstrap-minion"
07:01 crocket malinoff, I read tutorials.
07:01 felskrone joined #salt
07:01 duncanmv joined #salt
07:03 shiva_blre Hi, am trying to install a package "glusterfs" through salt on minions but not able to. Its says "no package with name glusterfs was found", when salt 'hostname' state.highstate -l debug was issued.
07:03 shiva_blre but its working for another package called "smartmontools"
07:03 crocket malinoff, Can you refer me to the relevant segments?
07:04 shiva_blre here are my  fr.sls : http://pastebin.com/L8KZ3quh and repo contents : http://pastebin.com/sU9299sb
07:07 crocket malinoff, I was thinking of orchestration.
07:07 crocket It's difficult for me to find a good way to do it.
07:08 shiva_blre In the commnet section it is saying : Comment: The following package(s) were not found, and no possible matches were found in the package db: glusterfs
07:11 crocket God....
07:11 crocket I need to rinse
07:13 bhosmer joined #salt
07:15 shiva_blre someone's there
07:15 shiva_blre Am trying to install a package "glusterfs" through salt on minions but not able to. Its says "no package with name glusterfs was found", when salt 'hostname' state.highstate -l debug was issued
07:15 shiva_blre but its working for another package called "smartmontools"
07:16 shiva_blre here are my  fr.sls : http://pastebin.com/L8KZ3quh and repo contents : http://pastebin.com/sU9299sb
07:18 shiva_blre In the comment section it is saying : Comment: The following package(s) were not found, and no possible matches were found in the package db: glusterfs
07:20 ramishra joined #salt
07:22 shiva_blre anybody's there ?
07:24 crocket shiva_blre, hey
07:24 crocket shiva_blre, I think I can help you
07:25 crocket Execute 'salt-call state.highstate' on a minion.
07:25 crocket You'll see verbose outputs that help debug the issue.
07:25 shiva_blre what is that >
07:25 evidence hmm.. it appears the master option in the minion conf is always loaded as a string, never as a list.. when failover is used at least
07:25 evidence master_type set to 'failover' but 'master' is not of type list but of type <type 'str'>
07:25 shiva_blre ok
07:25 crocket shiva_blre, salt-call urges a minion to send a execution module command to its master.
07:26 shiva_blre ok
07:26 crocket The master in turn controls the minion.
07:26 evidence seems like a bug in the newer RCs
07:26 crocket The difference is that you can see command outputs with salt-call
07:26 crocket With 'salt', you can't.
07:26 crocket shiva_blre, Trust in me, and execute salt-call
07:26 crocket on the minion
07:27 shiva_blre doing it
07:29 shiva_blre @crocket : on the minion it says : http://pastebin.com/rs5wWmF8
07:30 crocket shiva_blre, It means one of your state files is malformed.
07:30 shiva_blre the disk_list grain is the previously set grain nothing to do with that..
07:30 shiva_blre hmm one of my state file >
07:30 shiva_blre ?
07:30 crocket shiva_blre, One of your state files couldn't be compiled.
07:30 crocket sls files
07:31 shiva_blre state files means .sls files ?
07:31 crocket yes
07:31 crocket sls = SaLt State
07:31 crocket sls
07:32 shiva_blre I have only two sls files..
07:32 crocket So, how do we validate sls files?
07:32 shiva_blre I will give pastebin links, wait
07:32 shiva_blre fr.sls : http://pastebin.com/L8KZ3quh
07:33 shiva_blre top.sls : http://pastebin.com/aCSLHzHV
07:34 crocket shiva_blre, Your top file refers to fractalpkgs.sls
07:34 shiva_blre yes
07:34 crocket shiva_blre, To make the top file refer to fr.sls, change "fractalpkgs" to "fr"
07:34 babilen shiva_blre: Just as a tip for the future: pastebin.com is probably the worst pastebin site you can choose as it not only is full of ads and "social media integration", but it also often requires people to enter captchas and it is hard to focus on what matters. Additional functionality is also scarce. I'd recommend, say, http://refheap.com, http://paste.debian.net, https://bpaste.net/ or http://sprunge.us/
07:35 shiva_blre no no its fractalpkgs.sls itself
07:35 crocket shiva_blre, You pasted it as fr.sls
07:35 babilen (and it makes sense to paste all files/information in a single pastebin and add to that so that helpers don't have to keep 10+ tabs open)
07:35 n8n joined #salt
07:35 shiva_blre fractalpkgs.sls: http://pastebin.com/L8KZ3quh
07:35 dalibro joined #salt
07:35 shiva_blre @babilen : ok
07:36 crocket shiva_blre, How about you execute "salt-call state.show_sls fractalpkgs"?
07:37 crocket shiva_blre, Execute "salt-call state.show_top" as well.
07:37 shiva_blre I will check
07:40 crocket What does 'salt' refer to in https://github.com/saltstack-formulas/salt-formula/blob/master/dev/state_top.sls ?
07:40 crocket It's confusing.
07:42 babilen crocket: minions with "salt" as id.
07:42 crocket babilen, It is the master.
07:42 babilen crocket: http://docs.saltstack.com/en/latest/ref/states/top.html
07:43 shiva_blre @crocket: Its says, on the minion: local:     - The function "state.highstate" is running as PID 2810 and was started at 2014, Oct 27 13:11:17.046308 with jid 20141027131117046308
07:43 babilen crocket: yes, master's are conventionally referred to as "salt" (and people opt to configure their local DNS servers to point to their salt master when people ask it for salt)
07:43 crocket shiva_blre, That's ugly
07:43 babilen *masters
07:44 crocket babilen, Can I target a minion with a DNS name?
07:45 crocket I don't think so.!!!
07:45 babilen crocket: What does that mean?
07:45 crocket I can't match a minion whose domain name is 'salt' in a top file.
07:46 crocket It's not minion id.
07:47 babilen crocket: There is no problem in having a minion with an id of "salt" -- It's just that minion IDs are assigned to be the fqdn by default.
07:47 crocket babilen, How do you salt the master?
07:47 crocket For now, I don't see an alternative to salt-run.
07:47 crocket salt-run runs on the master unambiguously.
07:48 crocket salt may not run on the master.
07:48 babilen crocket: I install a minion on the master and, well, use it just like I use every other minion.
07:49 crocket babilen, I'm trying to salt the master with least manual configurations.
07:50 babilen and?
07:50 bhosmer joined #salt
07:50 crocket I think an orchestration formula would be helpful.
07:50 flyboy joined #salt
07:50 crocket babilen, "salt-run state.orchestrate salt.master" could salt the master initially.
07:50 babilen Feel free to write it
07:51 babilen But then: What is the actual problem you are trying to solve now?
07:51 shiva_blre @crocket: Is there any problem with the name am giving bcoz it works fine for the "smartmontools" package. It installs the its dependency, "mailx".
07:51 shiva_blre ?
07:51 crocket I want salt to set the value of "master" in /etc/salt/minion on the master machine to a programmatically determined value.
07:51 shiva_blre in the fractalpkgs.sls file ?
07:52 chiui joined #salt
07:52 crocket shiva_blre, I guess glusterfs-3.x is not a correct package name.
07:52 crocket drop the version.
07:52 shiva_blre Am not getting ?
07:52 babilen shiva_blre: You seem to be missing the "name" of the pkgrepo state.
07:52 shiva_blre ok
07:52 babilen crocket: Why don't you just set it to "salt" (as per default, so nothing to do) and configure your DNS server to resolve that to the actual master?
07:53 babilen crocket: And which distribution is that?
07:53 babilen err
07:53 shiva_blre I tried : "glusterfs" too
07:53 babilen shiva_blre: Which distribution is that?
07:54 crocket babilen, ubuntu server 14.04.1 LTS
07:54 crocket babilen, I don't have a DNS server.
07:54 crocket I can't control it.
07:54 felskrone joined #salt
07:55 babilen crocket: "apt-get install nsd"
07:56 crocket babilen, "salt-run virt.init" copies the value of "master" from __opts__ of a targeted hypervisor to the value of "master" in /etc/salt/minion on a newly created VM.
07:56 tomspur joined #salt
07:56 agend_ joined #salt
07:56 crocket babilen, Do you really want me to manage DNS server just for salt virt?
07:58 shiva_blre @babilen : Centos 6.5 on minion
07:58 shiva_blre centos 6.4 on master
07:58 babilen I really don't care how you do it but you have one option: "Choose something invariant as (name|ip address|fqdn) of the master" -- From then on you refer to that and simply make sure that (name|ip address|fqdn) refers to your master"
08:00 babilen shiva_blre: Okay, can't really help you there with details, but you are trying to follow: http://www.gluster.org/community/documentation/index.php/Getting_started_install ?
08:00 trikke joined #salt
08:00 shiva_blre babilen, exactly
08:01 shiva_blre am trying to do the same using salt
08:01 babilen shiva_blre: That doesn't look as if they actually offer repositories for those packages. Could you elaborate on that?
08:02 crocket GGGaaaarrgggghh!!
08:04 babilen shiva_blre: http://download.gluster.org/pub/gluster/glusterfs/3.4/3.4.0/EPEL.repo/glusterfs-epel.repo might come in handy. You'd just have to configure that with pkgrepo. The "name" would, in that case, be something like "http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-$rele..." I gess (replace $somevar as applicable)
08:04 babilen crocket: Please relax. "GGGaaaarrgggghh" has absolutely no meaning and does not add anything to the discussion.
08:04 shiva_blre babilen, see I have already downloaded the required packages in a private repo and am pointing salt - fractalpkgs.sls to that repo. Repo contents : http://pastebin.com/25EERS4U
08:05 * babilen begrudgingly clicks on a pastebin.com link
08:05 shiva_blre am sorry
08:05 babilen okay, so configure *that* repo
08:05 shiva_blre Already configured.
08:06 shiva_blre fractalpkgs.sls : http://pastebin.com/L8KZ3quh
08:08 babilen shiva_blre: Please, do me a favour and copy *all* applicable in a single pastebin. Also run the minion with "salt-minion -ldebug" and then the state and paste the applicable part of that too.
08:08 cDR joined #salt
08:08 evidence https://github.com/saltstack/salt/issues/16923
08:09 shiva_blre babilen, ok, i will do that and paste it. doing it.
08:13 lcavassa joined #salt
08:18 CycloHex joined #salt
08:20 alex-mesos joined #salt
08:20 shiva_blre babilen:
08:20 shiva_blre https://www.refheap.com/92355
08:22 Gnouc joined #salt
08:24 shiva_blre @bailen: anything else need to be pasted..
08:26 slav0nic_ joined #salt
08:28 babilen shiva_blre: Looks as if either your repository is not setup correctly or if you have to choose a different name for that package. I can't really help with either as I'm not much of a RPM person, so #centos might be a better place to ask about that. Try to figure out how to install it manually from the command line and we can take it from there. I'm sure that yum lets you search for packages and so on. Try investigating along those lines.
08:29 crocket salt fails to compile a regexp in a state file. https://bpaste.net/show/f2013eb627c2
08:29 babilen shiva_blre: Also, most IRC clients support tab-completion for nicknames. Try "bab<TAB>"
08:30 shiva_blre ok
08:30 crocket How do I write regex in YAML?
08:30 shiva_blre Thanks
08:31 babilen crocket: That isn't valid YAML. Using ' might be an option
08:31 crocket OOO
08:31 babilen crocket: http://yaml-online-parser.appspot.com/
08:33 crocket babilen, ok
08:33 crocket babilen, file.uncomment reports a failure if it can't find regex pattern.
08:33 crocket Is it ok to see a failure?
08:35 crocket It's weird.
08:36 crocket Why does "\s" not match a whitespace character in file.uncomment.regex?
08:36 crocket Do I need to escape \?
08:36 crocket babilen, Have any clue?
08:37 bhi joined #salt
08:37 babilen crocket: Provide whatever output/clues you deem appropriate and people in this channel will take a look.
08:38 crocket babilen, I want to uncomment "#master : salt" in /etc/salt/minion using file.uncomment.regex
08:38 crocket The regex pattern is 'master\s*:\s*.*'
08:39 crocket 'master[ ]*:[ ]*.*' matches the line, but 'master\s*:\s*.*' doesn't.
08:41 crocket It is mysterious.
08:41 crocket '#\s*master\s*:\s*.*'
08:41 crocket matches it
08:43 aparsons joined #salt
08:44 crocket huh
08:44 crocket Now, it does that?
08:44 crocket wow
08:44 crocket 'master\s*:\s*.*' matches it now.
08:44 crocket It's inconsistent.
08:45 flyboy82 left #salt
08:46 crocket All right then.
08:56 intellix joined #salt
08:56 cliff-hm joined #salt
08:58 superted666 joined #salt
08:59 crocket It's confusing
08:59 oyvjel joined #salt
08:59 crocket I don't know which one between __salt__ and salt I should use in state files.
09:02 lothiraldan joined #salt
09:02 bhosmer joined #salt
09:03 crocket Why can't I execute an execution module in a state?
09:03 cofeineSunshine because states are being sent to queue
09:04 cofeineSunshine queue tasks cant wait for each other
09:04 crocket cofeineSunshine, probably, I should store execution module results in pillar.
09:05 cofeineSunshine consider runner for complex logic
09:06 cofeineSunshine runner can call states, and you can implement bloking until finish of state execution
09:07 crocket cofeineSunshine, I just need to replace something with the IP address of a default route which I can get from a custom module.
09:08 crocket I can store the IP address in pillar to use it in states.
09:08 baconbeckons joined #salt
09:08 crocket cofeineSunshine, Is it a good idea to invoke states on the master to modify /etc/salt/minion?
09:08 crocket Or, should I just let a master's associated minion modify /etc/salt/minion?
09:10 cofeineSunshine yup
09:10 cofeineSunshine 2nd
09:10 cofeineSunshine and yes, variables should be placed into pillars
09:10 crocket cofeineSunshine, That means I can't use salt-run to bootstrap the master's minion.
09:11 cofeineSunshine ghm
09:11 TyrfingMjolnir joined #salt
09:11 cofeineSunshine dont know/understand fully your problem.
09:11 crocket cofeineSunshine, The "master" key in the master's minion config should be set to the IP address of a default route of the master.
09:12 alex-mesos joined #salt
09:12 crocket "salt-run virt.init" uses the "master" key of the master's minion config to seed new VMs.
09:12 crocket cofeineSunshine, If it's set to salt, VMs fail to connect to the master.
09:13 malinoff crocket, actually you can execute an execution module in your states: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
09:13 malinoff but it is definitely not good
09:14 crocket malinoff, So do I store execution module results in pillar?
09:14 malinoff crocket, you can
09:14 crocket malinoff, Is it a good idea?
09:14 crocket Is there a better alternative?
09:14 malinoff crocket, i can't say because i don't know your problem
09:15 malinoff i think you should try different approaches and choose the one which fits
09:15 crocket malinoff, The "master" key in the master's minion config should be set to the IP address of a default route of the master. "salt-run virt.init" uses the "master" key of the master's minion config to seed new VMs.
09:16 malinoff crocket, so...?
09:16 crocket If the "master" key in minion config doesn't have a correct value, virt.init fails to seed VMs with the right connection information.
09:16 crocket Or,
09:16 crocket I could set up a infrastructure-wide DNS server that resolves "salt" to the only one master.
09:16 crocket a -> an
09:17 malinoff crocket, can't you specify a correct value for virt.init ?
09:17 crocket malinoff, no
09:17 malinoff crocket, and yes, consistent DNS is a good idea
09:17 crocket malinoff, I read the code.
09:17 malinoff crocket, if you have 2 hosts with the same name, well, you should not have 2 hosts with the same name
09:18 cofeineSunshine salt-cloud provisioning maybe could help?
09:18 crocket cofeineSunshine, salt-cloud doesn't deal with libvirt yet.
09:18 crocket salt-virt deals with libvirt.
09:19 crocket malinoff, cofeineSunshine : The issue is https://github.com/saltstack/salt/issues/16917
09:19 crocket I need to work around the issue.
09:24 Mso150 joined #salt
09:30 viq joined #salt
09:32 jdmf joined #salt
09:37 laubosslink joined #salt
09:43 N-Mi joined #salt
09:43 N-Mi joined #salt
09:56 notpeter_ joined #salt
10:03 iwishiwerearobot joined #salt
10:09 giantlock joined #salt
10:16 crocket Can anyone tell me how to work around https://github.com/saltstack/salt/issues/16917 ?
10:20 peters-tx joined #salt
10:51 bhosmer joined #salt
10:53 nbari joined #salt
10:53 nbari hi all, what is the best way to wakeup idle minions ?
10:53 nbari I am thinking on a cron that basically will do a service salt_minion restart every 24 hours
10:54 nbari any better idea ?
10:55 babilen nbari: Just implement a cron that test.ping's your minions -- https://github.com/saltstack/salt/issues/15415
10:56 nbari ok let me see
11:01 babilen nbari: But read that bug report as it discusses various approaches
11:02 babilen nbari: "0 * * * * salt '*' test.ping >/dev/null 2>&1" (boltronic's comment) is what I was thinking of.
11:05 nbari yes, thanks I am thinking on using salt --async '*' test.ping
11:05 nbari just trying to figure out now how to implement the state on the master
11:06 babilen A state that does that?
11:06 babilen http://docs.saltstack.com/en/latest/topics/jobs/schedule.html might come in handy
11:07 nbari i created a /cron/salt-master.sls but want to use it only on the master so I think maybe using salt-call could help
11:08 nbari the scheduler looks a good option I will check it
11:11 ggoZ joined #salt
11:16 bahadir joined #salt
11:16 nitti joined #salt
11:17 colttt are here some german speaking peaople?
11:20 bhosmer joined #salt
11:27 notpeter_ joined #salt
11:27 imanc is there an alias for the current users home directory in file.managed?  e.g. can I do   ~/myfile?
11:31 XenophonF does anyone have a salt formula for shibboleth?
11:32 XenophonF colttt: Ich spreche ein bisschen Deutsch.
11:32 goki_____ joined #salt
11:36 diegows joined #salt
11:54 nitti joined #salt
11:54 fredvd joined #salt
12:00 Jellyfrog XenophonF: google knows; https://github.com/jcu-eresearch/shared-salt-states/tree/master/shibboleth
12:01 CeBe joined #salt
12:04 VSpike I see quite a few things written about masterless setups. I skipped over it up till now, because I imagined it as an edge case thing for very small setups but I'm starting think I'm wrong. So ... why would someone want to use a masterless setup?
12:06 crocket babilen, Can you think of any workaround over https://github.com/saltstack/salt/issues/16917 ?
12:08 lothiraldan joined #salt
12:16 bhosmer joined #salt
12:20 crocket Hooah
12:21 linjan joined #salt
12:22 crocket Can anyone suggest a workaround on https://github.com/saltstack/salt/issues/16917 ?
12:22 workingcats asking every few minutes and randomly highlighting people is rude and is only gonna make people not want to help you
12:25 viq VSpike: beats me ;) I guess some people don't want to run the agent, or "can't", for example because of network limitations
12:25 hasues joined #salt
12:26 viq Or can't be bothered to set up master, eg for small testing environment. Or for building VM images to be re-used later.
12:26 hasues left #salt
12:28 crocket viq, For that, materless salt minion is good enough.
12:28 erjohnso joined #salt
12:32 VSpike I suppose that must be it
12:34 miqui joined #salt
12:36 cDR I'm wondering... Why does the saltbootstrap not use salt to deploy a salt minion?
12:36 ramishra joined #salt
12:40 bhosmer joined #salt
12:41 lpmulligan joined #salt
12:41 vejdmn joined #salt
12:45 jonbrefe joined #salt
12:47 colttt XenophonF: hallo, das freut mich, gibt es eine empfohlene Ordner struktur die man sich anlegen soll?
12:50 pdayton joined #salt
12:51 thayne joined #salt
12:51 bhosmer joined #salt
12:53 gngsk joined #salt
12:54 cDR For example, when installing Gitlab, it's done using a Chef cookbook. IMO it would be nice if this was the preferred way of installing salt-minion?
12:56 the_angry_angel you want to install a CM agent with another CM system?
12:57 nbari how could I create a job on the master that ping all the minions every hour ?
12:57 viq nbari: sounds like cron to me
12:58 scoates joined #salt
12:58 nbari well currently I have a cron on the master :)
12:58 cpowell joined #salt
12:58 the_angry_angel http://docs.saltstack.com/en/latest/topics/jobs/schedule.html
12:59 nbari I was reading about the schedule and was thinkgin what could be better/easy to maintain a schedule highstate evdery 60 minutes or a cron
13:00 viq the_angry_angel: I guess, in combination with http://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html and http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.test.html#salt.modules.test.ping
13:01 bluenemo joined #salt
13:01 bluenemo when using file.managed, why can I somehow only give the path to put the file in? as in   source: salt://foo/bar/foobar.txt  name:/root/    <= and then have /root/foobar.txt? salt gives me 'specified target <path> is a directory' :(
13:02 crocket The mistake of saltstack is that it didn't allow salt-minion to discover salt-master automatically on the local network.
13:03 workingcats thats not really salt's task
13:03 workingcats that's DNS' job
13:03 crocket workingcats, That's a lousy option
13:04 workingcats no... lousy would be to have every programm broadcasting all over the place
13:04 workingcats in serious environments proper DNS can be expected
13:04 crocket ZeroMQ founder made zyre for that.
13:05 workingcats i dont understand what does that have to do with salt
13:05 crocket workingcats, because manually configuring master's address in minion config is a pain
13:05 crocket It kills automation.
13:05 workingcats so dont
13:05 workingcats so dont
13:05 workingcats fix your DNS
13:05 crocket workingcats, I can't run DNS.
13:05 workingcats lol
13:05 crocket I'm not allowed to
13:06 crocket workingcats, The issue is https://github.com/saltstack/salt/issues/16917
13:06 workingcats so youre not allowed DNS and instead you want random apps broadcasting all over the place?
13:06 workingcats yes i know, you pasted the link 20 times by now
13:06 crocket workingcats, It's not bad.
13:06 XenophonF colttt: hm, gute Frage
13:07 colttt XenophonF: ich weiss ;)
13:07 crocket workingcats, In a centralized setup where a master has to control 10,000 nodes, it is a bad setup.
13:07 workingcats if your netadmins think random apps broadcasting is preferable to running DNS then you need new netadmins..
13:07 crocket workingcats, In a decentralized environment, it's a better setup.
13:07 workingcats how so?
13:07 crocket "it" refers to UDP broadcasting
13:08 workingcats in a setup with 10000 hosts broadcasting wouldnt work anyways, unless you're crazy and run 10000 hosts in one broadcast domain ;)
13:08 crocket If you just want to create and destroy VMs in small scales, it's not bad.
13:08 XenophonF colttt: hang on spending quality time with my german-english dictionary ;)
13:08 workingcats again, fix your network. if neteng wont let you, fix that
13:08 superted666 joined #salt
13:09 crocket workingcats, Plus, I think DNS is not a good solution here.
13:09 workingcats not allowed DNS but allowed random broadcasting... unfuckingbelievable
13:09 racooper joined #salt
13:09 crocket workingcats, random broadcasting would be undetected.
13:09 colttt XenophonF: you can also write in english, mostly i understand it
13:09 workingcats so you want to violate your network security policies? probably not the wisest idea
13:09 crocket workingcats, I"m working against some people in may company.
13:09 crocket may -> my
13:10 workingcats your company being broken is not a salt bug ;)
13:10 crocket workingcats, However, I think setting up a DNS just for salt is a bad idea.
13:10 workingcats youre supposed to be working together within one company, and against the competition
13:10 crocket A DNS is another point of failure.
13:10 intellix joined #salt
13:10 crocket It's an admin nightmare.
13:10 crocket I maintain DNS at home, so I know the pain.
13:11 workingcats i maintain it at work, cant say there's any pain
13:11 crocket workingcats, Then, you have not experienced the pain yet.
13:11 imanc left #salt
13:11 workingcats except for the horrid php webinterface on the old dns server. but i'll migrate that to normal zonefiles soon then it wont be a pain
13:11 XenophonF colttt: ich strukturierte von Awendungen
13:11 workingcats why would it be harder at home than at work...
13:11 XenophonF colttt: so /srv/salt/states/postfix/init.sls
13:11 XenophonF and /srv/salt/states/postfix/files/main.cf
13:11 colttt XenophonF: that mean? and why not by server?
13:11 crocket workingcats, I think salt shouldn't have to rely on DNS to orchestrate VMs.
13:12 workingcats at home i have 2 nets with 7 machines, here i have 8 nets and 100 machines
13:12 ajolo joined #salt
13:12 workingcats it doesnt
13:12 crocket workingcats, It runs on python.
13:12 crocket Python scripts can calculate the right IP address.
13:12 workingcats youre just refusing to configure it correctly
13:12 workingcats IPs aren't calculated.. what do you even mean?
13:12 crocket workingcats, I don't think DNS should be required.
13:13 beardo joined #salt
13:13 crocket workingcats, If the hypervisor minion configuration option "master" is 127.0.0.1, then it will be copied to the VM.
13:13 crocket workingcats, DNS doesn't work.
13:13 crocket workingcats, admins will have to bang their heads on the wall for hours.
13:13 workingcats DNS has been working just fine for 40 years
13:13 workingcats ish
13:13 crocket workingcats, 127.0.0.1 can't be resolved by DNS.
13:14 perfectsine joined #salt
13:14 workingcats uh 127.0.0.1 is not a hostname, ofc it cant be resolved by DNS
13:14 crocket I think salt should be able to convert 127.0.0.1 relative to the VM.
13:14 workingcats thats like saying "my car can't fly". it's not a plane, it's not supposed to fly.
13:14 workingcats convert? to what?
13:14 workingcats it's a bloody IP
13:15 crocket 127.0.0.1 on the hypervisor minion could be the IP address of br0 on the VM.
13:15 crocket There should be easy algorithms for that.
13:15 workingcats im sorry but that has to be the single worst "idea" i have heard this month
13:16 XenophonF colttt: Viele Computer hosten die gleischen(?) Awendungen.
13:16 crocket workingcats, As I mentioned in the issue, "If the master and the hypervisor minion are the same machine, and the minion configuration option "master" of a newly created virtual machine is set to that of the hypervisor minion, and if the copied option is "127.0.0.1" or "salt" which is not likely to be the master on the virtual machine,
13:16 crocket then the new virtual machine can't connect to the master automatically."
13:16 workingcats seriously. your problem is a) that your company is broken and b) that youre looking for salt to provide crazy magic for a crazy approach to fixing your individual problem. not a good idea
13:16 crocket workingcats, Even if I set it up at home, I wouldn't add "salt" to my DNS zone.
13:16 workingcats why
13:16 crocket It's a spaghetti config.
13:16 workingcats takes, hm, 5 seconds?
13:17 crocket Configurations split between multiple programs.
13:17 workingcats then fix your DNS config
13:17 crocket It's a nightmare.
13:17 XenophonF colttt: Ich zuweisen(?) Anwendungen auf Computern in top.sls
13:17 crocket workingcats, It's the modern GOTO.
13:17 workingcats it's DNS
13:17 colttt ok, i see
13:17 workingcats you understand what DNS does, yes?
13:17 crocket Why do I need to split configurations among multiple systems?
13:17 crocket salt and DNS
13:17 crocket and etc.
13:17 workingcats sorry but i'm out on this one
13:17 workingcats one last time: your approach is broken
13:18 crocket DNS approach is hardly better.
13:18 workingcats thats why inspite of asking 20 times nobody answered
13:18 crocket DNS approach doesn't sound like a good solution, either.
13:18 XenophonF colttt: https://github.com/ibrsp/salt-states/blob/production/top.sls
13:18 crocket There should be something better.
13:18 workingcats set up DNS or use hosts file. trivial.
13:18 crocket workingcats, salt virt runner doesn't transfer hosts file to the VM.
13:18 workingcats if you're looking for magic you'll have to speak to a local priest
13:19 XenophonF colttt: to give you a _very_ simple example
13:19 crocket workingcats, I was doing this to avoid DNS.
13:19 iwishiwerearobot joined #salt
13:19 workingcats yes. that's your error.
13:19 crocket workingcats, I want people to set up salt quickly without bothering with DNS.
13:19 crocket If I keep everything in salt, I can make it happen.
13:19 workingcats and with that i'm really out, better things to do than to argue about whether a protocol with a record of decades of reliable service is sane or not lol
13:20 crocket If I split configurations among multiple systems beyond salt's reach, infrastructure automation is gone.
13:20 workingcats so put your dns config in salt lol
13:20 workingcats auto-generate the zone files from salt. it's easy.
13:20 crocket workingcats, Except, the dns server is beyond salt.
13:20 XenophonF colttt: so in English, I organize my Salt states by application or service
13:20 DolourousEdd is this guy still going on about blah blah dns
13:20 DolourousEdd jesus christ
13:20 crocket workingcats, Stop preaching DNS approach to me.
13:20 workingcats he seems to be wanting some magic pixie dust to fix the retardation of his company
13:21 DolourousEdd seems so
13:21 crocket workingcats, I don't like my company, but I don't like DNS approach, either.
13:21 workingcats i'm currently and 3 counts of idiocy for that company
13:21 workingcats *at
13:21 XenophonF colttt: because more than one computer may host the same or substantially similar services
13:21 DolourousEdd you realise DNS is pretty fundamental to lots and lots of things no?
13:21 crocket DolourousEdd, I want to avoid it if possible.
13:21 workingcats i dont think he knows what DNS is, he keeps talking about calculating IPs
13:22 crocket workingcats, I know what DNS is.
13:22 crocket Domain Name system.
13:22 DolourousEdd you can't fucking avoid dns you idiot
13:22 crocket It translates domain names to IP addresses.
13:22 nitti joined #salt
13:22 workingcats well done
13:22 colttt XenophonF: ok, and how dou you say that only postfix-servers get this sls?
13:22 DolourousEdd unless you want to use host files
13:22 crocket DolourousEdd, In many cases, DNS is the right solution.
13:22 DolourousEdd in which case, welcome to 1978
13:22 crocket workingcats, But, please don't preach DNS to me.
13:23 crocket It is not a panacea.
13:23 DolourousEdd use a DNS server you moron. One that you can configure via an API through salt
13:23 XenophonF colttt: in top.sls, von Salt minion ID
13:23 DolourousEdd jesus christ
13:23 crocket DolourousEdd, Do you want me to use DNs by calling me moron?
13:23 workingcats dont worry wasted enough time on your stubbornness and lack of knowledge lol
13:23 ajolo joined #salt
13:23 crocket DolourousEdd, That's a good way to encourage people.
13:23 DolourousEdd No i don't care what you use I just need to make sure you know you're an idiot
13:24 crocket DolourousEdd, You're relying on name calling, which suggests that you don't have logical superiority over me.
13:24 superted666 crocket: I don't think you help yourself in the way you approach things. I've seen you winding people up on here loads over the last few weeks.
13:24 colttt XenophonF: which steps are 'best practice' from test-enviroment to production use? well which steps i need?
13:24 crocket DolourousEdd, Therefore, I'm not an idiot.
13:25 DolourousEdd I'm relying on namecalling because I don't care what morons think of me
13:25 DolourousEdd moron
13:25 workingcats DolourousEdd++
13:25 crocket DolourousEdd, You present no logic but name calling.
13:25 XenophonF colttt: Kennen Sie Git?
13:25 workingcats crocket, you have been given several solutions
13:25 crocket workingcats, which I have been trying to avoid.
13:25 workingcats pick one or complain to your boss about your brain-amputated neteng team
13:26 workingcats assuming your claims about their policies are correct, which i very much doubt
13:26 k3ys3r joined #salt
13:26 crocket workingcats, I already said I wouldn't take DNS approach myself, either.
13:26 DolourousEdd I don't even understand why this is an issue
13:26 colttt XenophonF: yes, i know hat git is, but nothing more
13:26 DolourousEdd It's like a fundamental failure to grasp how the basics of IT infrastructure actually works under the hood
13:26 workingcats but im gonna have to put you on ignore im afraid this is neither interesting nor amusing and you're obviously not interested in receiving assistance
13:26 DolourousEdd you're in the wrong job dude
13:26 crocket DolourousEdd, That I can't deny.
13:27 XenophonF colttt: you can use Salt and Git together
13:27 nbari joined #salt
13:27 nbari joined #salt
13:27 XenophonF colttt: moment mal, bitte, am looking for documentation
13:28 colttt XenophonF: ok, at first, i will create an VM and install Salt-master
13:28 XenophonF colttt: http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
13:28 XenophonF colttt: put your Salt states into a Git repository
13:29 XenophonF colttt: Salt understand Git branches
13:29 XenophonF colttt: the default Git "master" branch == the Salt base environment
13:30 crocket I rememberd the exact reason that I wanted to avoid DNS.
13:30 XenophonF colttt: if you create more branches in the Git repository, Salt will see them as environments automatically
13:30 crocket I wanted to avoid naming indiscriminate machines.
13:31 DolourousEdd you don't already have a dns server anywhere?
13:31 crocket DolourousEdd, not yet.
13:31 DolourousEdd bullshit
13:31 Deevolution joined #salt
13:31 crocket DolourousEdd, The router presents an ISP's DNS to DHCP clients.
13:32 crocket It's a small server room with less than 20 machines.
13:32 colttt XenophonF: should i create an extra VM for git?
13:32 XenophonF colttt: so in top.sls, you would have the following in top.sls - https://bpaste.net/show/06d8ad571f3e
13:32 crocket A DNS server is barely worth setting up.
13:32 DolourousEdd um
13:32 DolourousEdd seriously, you don't know what you're doing.
13:32 XenophonF colttt: you should start with something simple
13:32 nitti joined #salt
13:33 superted666 Either use DNS or use static IP's that don't change with a hosts file. DNS should be used, no reason not to, pick one othe the other.
13:33 XenophonF colttt: by default Salt puts the base environment into /srv/salt/states
13:33 XenophonF colttt: start there, create some simple states
13:33 DolourousEdd http://serverfault.com/questions/409190/how-to-properly-configure-bind-forward-zone-for-an-internal-dns-server go set up one of these
13:33 iwishiwerearobot crocket: maybe you should run around the server room manually typing the commands that you would issue with salt if there is only 20 machines.
13:33 crocket superted666, hosts file is not transferred by salt virt runner to VMs.
13:34 XenophonF colttt: then you can add another environment to the Salt master
13:34 XenophonF e.g., /srv/salt/dev-states
13:34 workingcats iwishiwerearobot++ ^^
13:34 crocket If I wanted to avoid all of them, I could document the issue in README
13:34 XenophonF colttt: see http://docs.saltstack.com/en/latest/ref/states/top.html
13:35 XenophonF colttt: I must go but I will be back later
13:35 crocket iwishiwerearobot, It's more about putting server configs in version control.
13:35 crocket than about automation.
13:35 colttt XenophonF: laote i have non-working time.. in German Feierabend ;)
13:35 colttt but, thanks for you help!
13:35 mpanetta joined #salt
13:36 ckao joined #salt
13:37 crocket I just want to make it easy for other employees to set up servers in case shit happens.
13:37 crocket If I add BIND to the mix, they'll have to learn it ,too.
13:37 crocket Well... complexity
13:37 superted666 Can't you just manage the host file in salt as a normal file
13:38 imanc joined #salt
13:38 crocket superted666, "salt-run virt.init" doesn't transfer host file to a newly created VM.
13:39 crocket As a person who learned BIND from scratch, if I adopt BIND in a small server room, they'll have to hire a full time admin for that or just ditch the DNS server after I"m gone.
13:39 workingcats crocket, you claimed you already run DNS at home
13:39 crocket workingcats, I know the complexity of learning BIND and maintaining it.
13:40 workingcats clearly you don't
13:40 teebes joined #salt
13:40 workingcats a full time admin for an internal DNS for 20 machiens.. that's a good one
13:40 crocket workingcats, I said I learned how to manage it from scratch.
13:40 crocket Since a company won't hire a full time admin for that, unless they have a competent devops, they'll ditch my DNS server after I'm gone.
13:40 workingcats rofl
13:41 workingcats you're funny
13:41 crocket workingcats, It's a very probable scenario.
13:41 crocket It's also realistic expectation.
13:41 workingcats i wonder if he's trolling or if his employer really is that amazingly incompetent
13:41 DolourousEdd he must be trolling
13:41 workingcats i mean those people sound worse than my worst past employer and i worked for international conglomerates with 200k staff
13:41 crocket The company is not ready to hire competen people.
13:42 DolourousEdd nobody that can work out how to use IRC is this bad surely
13:42 workingcats yeah we can tell lol
13:42 workingcats anyway time to commit some arson and poison myself
13:42 workingcats ie smoke
13:43 crocket The company could accidentaly hire competent people from time to time, but a company can't rely on luck.
13:43 DolourousEdd just use a microsoft dns server then
13:44 crocket Lately, it has been hiring people who just learned java in colleges.
13:44 DolourousEdd any idiot can manage one of those
13:45 crocket By the way, I think it makes sense to make salt just work without spending years on infrastructures.
13:45 crocket Things should become easier as time goes ideally.
13:45 DolourousEdd it takes 10 minutes to make a dns server
13:46 crocket DolourousEdd, In reality, it's hours for people who haven't used a microsoft dns server.
13:46 jeddi joined #salt
13:46 ramishra joined #salt
13:46 cmthornton ehh, maybe an hour
13:47 crocket I know it sounds crazy, but only people with doctoral degrees used to program in 1950-1970.
13:47 crocket Nowadays, even monkeys program.
13:47 DolourousEdd badly
13:47 BrendanGilmore joined #salt
13:47 crocket It's how fast things are becoming easier.
13:47 toastedpenguin joined #salt
13:48 superted666 I think it's reasonable for salt to rely on some of the core technologies that have underpinned the internet for the last 40 years.
13:48 fragamus_ joined #salt
13:48 crocket I guess DNS is not bad for now.
13:48 crocket I wish there would be better alternatives in the future.
13:49 crocket superted666, DNS is a bitch, though.
13:49 superted666 Never had an issue with bind or MS DNS to be honest. We interact with both through config management tools
13:49 DolourousEdd i'm sorry i'm getting stupider by the minute just reading this. Time to mute you.
13:50 wr3nch joined #salt
13:52 crocket If "salt" is define in /etc/hosts, "master" is "salt" in /etc/salt/minion on the master machine, and the DNS name of the master is "salt1", then only a competent admin would be able to diagnose it.
13:53 crocket I'm all about automation.
13:53 crocket Salt is very good at assisting competent admins and boosting their salaries.
13:53 crocket I guess what I actually wanted was a general AI that does everything for people.
13:55 superted666 There is no such system i'm afraid.
13:55 nahamu superted666: yet... crocket should write it for us. ;)
13:55 crocket superted666, I guess the best compromise is just to document a warning for future employees.
13:56 crocket I can imagine various bad scenarios when DNS halts.
13:56 crocket I've seen my home server deny DNS requests due to various reasons so far.
13:56 crocket /var full, e......
13:56 superted666 I can imagine various sceneraios where TCP/IP has issues, your air con fails or disks catch fire.
13:57 superted666 you can't idiot proof it. Putting in DNS doesn't require a 'warning' if the people they employ don;t know DNS then it's their problem
13:57 crocket superted666, In most cases, a DNS server managed by part-time not-competent admins is not guaranteed to run for years.
13:57 superted666 Neither is redhat/salt/physical kit
13:58 crocket superted666, That's why I was trying to reduce moving pieces.
13:58 aqua^mac joined #salt
13:58 dude051 joined #salt
13:58 superted666 But you will always have those risks, no matter how it's designed, that's how it works.
14:00 ericof joined #salt
14:00 kaptk2 joined #salt
14:00 cmthornton I'd say DNS is probably one of the least likely "moving" piece to cause problems, DNS is pretty much set and forget
14:00 crocket cmthornton, In my experiences, DNS was the weakest link in my home network.
14:02 gmcwhistler joined #salt
14:04 housl joined #salt
14:05 crocket Documenting README in the git repository for the system's salt config would be the least risky for now.
14:05 crocket DNS server doesn't run on the same machine as the DHCP server which is a dumb router.
14:07 crocket I prefer modularity
14:08 workingcats "crocket> I know it sounds crazy, but only people with doctoral degree" -> thats because that claim is complete bullshit
14:08 jblack I'm trying to use  rabbitmq.stop_app,  but I'm not sure what to use for the first part of the state, which seems to normally function as an argument
14:08 crocket workingcats, Until 1970s, programming was an R&D job.
14:08 jblack as rabbitmq.stop_app doesn't take any arguments (http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rabbitmq.html)
14:08 workingcats programming is by definition always an R&D job
14:08 workingcats do you know what the D stands for?
14:08 crocket There weren't a lot of commercial jobs out there until 1970s.
14:08 workingcats and if you cant handle DNS you're one of those incompetent idiots you complain about
14:09 crocket workingcats, I can handle DNS.
14:09 crocket workingcats, But, I'd blame anyone who'd put DNS in one server, DHCP in a dumb router, and salt in another machine without proper meta documentations.
14:09 workingcats in fact incompetent idiots manage DNS just fine all over the world. its pretty much the only thing that even the most incompetent biggest idiot usually gets right or almost right
14:10 workingcats because it is so nice and easy
14:10 workingcats at least for small to tiny setup like yours (and mine for that matter)
14:10 crocket workingcats, If I knew where it's easy for people to find meta documentations, I could do it, too.
14:10 jblack how do I run a formula that has no arguments?
14:10 workingcats but yeah, mute for amazing idiocy or terrible trolling
14:11 crocket workingcats, You make DNS sound too easy.
14:11 crocket It's not very difficult, but it's not easy as you claim it to be.
14:12 crocket People like you could make manager believe DNS configuration shouldn't take more than 30 minutes for anyone.
14:12 ntropy jblack: what do you mean?  a formula is just a state file, run it like any other
14:13 felskrone how do you keep the modules in sync with multiple masters and thousands of minions? its rather tedious to sync and sync sync all the time :-)
14:13 jblack I'll pastebin what I'm trying to do. Maybe that will help
14:13 superted666 If it took an hour, that would be less time than this discussion.
14:14 jblack ntropy: http://pastebin.com/aJtW4xwV
14:14 crocket Oh... I can come up with a better answer.
14:14 crocket A local DNS server that serves only the master that needs to serve VMs running on the same machine.
14:15 iggy felskrone: reactors to sync every time you commit to git
14:15 jblack Lines 17 and 28,  those two particlar fucntions don't take any arguments, so I'm not sure what to put o lines 17 and 27.  (the docs for the rmq state is at: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rabbitmq.html) and specifies   salt.modules.rabbitmq.stop_app(runas=None)
14:15 crocket I can avoid spaghetti configuration with a local DNS server.
14:15 crocket I'm a genius.
14:16 superted666 English isn't your first language is it? I don't think you understand that word...
14:16 crocket superted666, It's a word I use to feel good about myself.
14:17 crocket superted666, I know everyone except me doesn't think so.
14:17 crocket superted666, ANd, english isn't my first language.
14:18 span joined #salt
14:18 fragamus_ joined #salt
14:18 felskrone iggy: i dont really mean how to trigger it but how to keep the minions from hogging the salt-master. for example one approach could be:  package modules in installation-packages and run package-updates on minions via salt. that would not bother the master very much
14:18 rattmuff Is it possible to use file.directory and have jinja do pillar replacements in all files in that directory?
14:19 DolourousEdd crocket: you're bad at computers and you should go do something else
14:19 superted666 haha
14:19 felskrone iggy: syncing on every commit would also not scale very well
14:19 crocket DolourousEdd, I'm not bad at computers.
14:19 DolourousEdd yes you are
14:19 crocket DolourousEdd, I'm just lousy at speech.
14:19 DolourousEdd if you worked for me i'd fire you
14:20 crocket DolourousEdd, You're a natural-born sadist.
14:20 iggy felskrone: batches?
14:20 workingcats DolourousEdd, if you worked for me and had hired him i'd fire you :P
14:20 DolourousEdd That i don't deny
14:20 crocket DolourousEdd, You spit out words without proper reasoning.
14:20 crocket DolourousEdd, You're just saying you don't like me.
14:20 iggy felskrone: don't know exactly what you're doing, but some salt tools support a batch size option
14:20 crocket DolourousEdd, You don't know how intelligent I am.
14:20 DolourousEdd workingcats: well yes, in this circumstance i'm assuming that someone else hired him and left a giant turd sandwich on my desk
14:21 workingcats ^^
14:21 jblack anyone mind helping? I'm really eager to get this working
14:21 ajolo joined #salt
14:21 crocket DolourousEdd, You just need to accept the fact that you don't like how I speak.
14:22 babilen jblack: Add a : at the end
14:22 jaimed joined #salt
14:22 felskrone iggy: thats just another trigger, i mean a more general approach which scales better with larger installations, does not require user-interaction and still works well enough that all minions are always up to date with modules etc. :-)
14:22 viq jblack: first thing, those should be  rabbitmq.erlang_cookie, not rabbitmq/erlang_cookie when you're refering to other states
14:22 X86BSD_ joined #salt
14:22 lothiraldan joined #salt
14:23 DolourousEdd I don't care how you speak, but what you say proves you don't know what the hell you're doing. For the love of all that is holy go and read some books
14:23 viq jblack: also http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rabbitmq.html refers to remote execution modules, for states you should be looking at http://docs.saltstack.com/en/latest/ref/states/all/index.html
14:23 crocket DolourousEdd, We all start as mediocre programmers.
14:23 iggy felskrone: open an issue about it *shrug*
14:23 crocket DolourousEdd, It doesn't mean I am inherently an idiot.
14:24 felskrone iggy: ill think about it, thanks for your comments :-)
14:24 iggy I doubt there are too many people using multiple masters with thousands of minions at this point
14:24 crocket I've seen myself surpass others in many areas, so I know I'm not an idiot.
14:24 DolourousEdd Dude it's nothing about programming, you don't understand basic fundamentals. You need to make an effort to learn how and why things work if you don't want to be bad forever
14:24 DolourousEdd go read some RFCs
14:24 jblack Ok.  Hmmm,   rabbitmq/erlang_cooking, etc. al in hainit.sls,  that all seems to work (those are states I wrote myself)
14:25 crocket DolourousEdd, Can you stop saying bad things to me? Plus, we've been off-topic for too long.
14:25 crocket DolourousEdd, If you are not interested, get out of each other's way.
14:25 ajolo_ joined #salt
14:25 jblack ohh, I see. Ok.
14:26 felskrone hm, quite noisy in here today… :-)
14:26 ajolo__ joined #salt
14:27 jblack http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rabbitmq.html   isn't a list of states. It's a module
14:27 viq jblack: exactly. modules are for telling machines to do something now. States are for describing what, well, state they should be in
14:28 crocket left #salt
14:29 DolourousEdd crocket left the room ("Leaving"). <— Party time
14:30 sweepchild joined #salt
14:30 dean|away joined #salt
14:30 workingcats you know reading the replies to his trolling actually was amusing
14:31 workingcats and without reading the actual trolling it was no longer infuriating ;)
14:31 iggy yeah, I /ignore'd him last night
14:31 babilen Can we please agree to just ask crocket to read more documentation and actually try things before asking random questions?
14:31 vejdmn joined #salt
14:32 iggy he was combative and arguemntative when I was trying to help him
14:32 workingcats i'm in, lets make a pact, ignore or tell him to read ;)
14:32 babilen +1
14:33 linjan joined #salt
14:33 Ahlee woah.  I just learned about --state-output=mixed
14:34 viq What does that do?
14:34 cads joined #salt
14:35 babilen Ahlee: I set that by default on every master. I have no idea why it isn't the default behaviour.
14:35 mgw joined #salt
14:36 cmthornton same here
14:36 Ahlee viq: it basically one lines success returns, prints out failures
14:36 cmthornton and I use `failhard: true` when testing states
14:36 viq Ah. I usually use changes, to see what gets changed
14:38 fragamus_ joined #salt
14:40 jblack I imagine sls files are the chef equivliant of runlists.  What is the salt equivilant of a recipe, in which I can actually use a salt module?
14:42 AirOnSkin Can you only manage files that are managed by salt?
14:42 viq AirOnSkin: what do you mean?
14:42 AirOnSkin Sorry: Can you only watch files that are managed by salt
14:42 AirOnSkin I'm talking about salt.states.file.watch
14:43 iggy jblack: don't know as much about chef as I should, but states can call modules directly (there are also "formulas" which are pre-built states that you can use)
14:43 viq jblack: describe runlists and recipes for me, as I'm not that familiar with chef
14:43 tafa2 joined #salt
14:43 viq AirOnSkin: yes, you're not really watching "files", you're watching a state that uses a "file" module
14:43 AirOnSkin I've configured /etc/sysconfig/iptables to be watched, but Salt complains (The following requisites were not found: file: /etc/sysconfig/iptables). But the file is there..
14:43 jblack A recipe is a set of instructions that combine a description of wanted state a set of tasks that will accomplish it.
14:44 AirOnSkin Ok, then that makes sense
14:44 jblack A runlist is a list of recipes that are run in the prescribed order
14:44 cmthornton sounds like a top.sls file
14:44 abele joined #salt
14:45 viq jblack: then a state is a recipe, and there's not a clear equivalent of runlist, as salt has auto-ordering with dependency declarations. So I guess the closest thing to runlist for me would be the top file
14:45 tafa2 so I know there is never a "correct" way but there is usually a better way of doing things. I have this looong bash script that I use to prep and get new servers up and running, is it better to convert it to salt or is runcmd just as good?
14:45 glyf joined #salt
14:45 iggy tafa2: if it ain't broke, don't fix it
14:46 tafa2 amen iggy
14:46 lcavassa joined #salt
14:46 jblack You guys saved me!!
14:46 jblack I now have master/slave rmq clustering
14:46 iggy that said, we just have a minimal "install salt, set master, let salt do the rest" on start script for our instances
14:48 colttt is it ok when i use git on the same host where salt is running?
14:48 faliarin joined #salt
14:48 viq colttt: yes, it doesn't really matter
14:48 colttt or is it not recommended?
14:49 viq colttt: well, of course it's recommended to have it backed up/duplicated somewhere else, but that's about it I would say, unless you're starting to get into larger scale and start seeing I/O issues
14:49 colttt viq: ok thanks, but what of advantages i have if i use git instead of local filesystem? (i also never used git or somthing like that)
14:49 djstorm joined #salt
14:49 viq colttt: history of changes, including being easily able to revert them
14:50 iggy you can use the standard file backend with a git tree to get the best of both worlds
14:50 viq And if your commit messages are sane then also reason for those changes
14:50 iggy (that's what we do in development so we don't have a million little commits of "testing something" "testing something else")
14:50 viq aye
14:51 bcode joined #salt
14:51 StDiluted joined #salt
14:52 vbabiy joined #salt
14:53 srage joined #salt
14:59 glyf joined #salt
15:01 nbari how to create a simple salt state for appending date to a file
15:02 nbari /tmp/test.txt and want to just append date every time I highstate
15:02 viq nbari: cmd.run is first thing that comes to mind. Possibly also file.append
15:03 Ahlee I have a state that is calling a custom state, so I have it calling module.run saltutil.sync_states.  However, it looks like the run finishes with the same version of the _state that existed on disk when the state first executed
15:03 Ahlee is there a way to force a reload of that module?  I tried module.run test.sleep with a -length of 5, but that didn't seem to work, and rather than walk that up until I find a magic number that allows the reload to finish (if it even will)
15:03 nbari i am trying to doit with file.append but how with a require to first do a file.touch if not exists
15:03 Ahlee i figured i'd ask
15:04 Twiglet_ That entire DNS argument reminded me of this: https://www.youtube.com/watch?v=MxrWuE5qC5c
15:04 Ahlee nbari: well, you could just file.managed: on the /tmp/test.text. That will make sure the file exists.
15:05 viq Ahlee: but that will manage constant contents, not append date
15:06 nbari right
15:06 Ahlee viq: file.managed without arguments will just ensure the file exists
15:07 viq huh, indeed
15:07 nbari I have this but not working: http://pastebin.com/x64e2y6m
15:08 Ahlee and what's the error, nbari?
15:09 Ahlee that looks valid, albeit strange
15:09 Ahlee oh, you have two of hte same name
15:09 Ahlee nevemrind
15:09 Ahlee no you don't
15:09 Ahlee i give up
15:10 nbari it is working, problem was that when using test=True
15:11 nbari removing the test=True and doing it directly on minion worked
15:11 Ahlee ok, if you specify test=True it's not going to execute that
15:12 nbari right
15:13 conan_the_destro joined #salt
15:13 thayne joined #salt
15:13 ramishra joined #salt
15:15 jblack Thank you so much for the help earlier guys. I really appreciate it.
15:20 thedodd joined #salt
15:21 srage_ joined #salt
15:21 elfixit joined #salt
15:22 fragamus_ joined #salt
15:26 tligda joined #salt
15:29 wendall911 joined #salt
15:29 jalbretsen joined #salt
15:29 hasues joined #salt
15:30 mgw joined #salt
15:30 CycloHex Anyone here got experience with writing your own states?
15:30 CycloHex well, state modules, that is
15:32 slav0nic joined #salt
15:32 babilen CycloHex: sure, lots of people
15:34 CycloHex Well, I'm thinking about writing my own module to configure some things on my server, although my knowledge of python is basic. And will I be able to use that module in states? Because I just read in the docs that there are execution modules and state modules.. but state modules should only perform checks
15:35 CycloHex so my question is: Where to start when writing your custom module? Start with execution module and write a state module afterwards?
15:38 diegows joined #salt
15:39 iggy I didn't really know there was a difference
15:39 karimb joined #salt
15:39 iggy I've seen modules that do both, so I wouldn't really read too much into that (unless someone else speaks up and says they are important)
15:40 druonysus joined #salt
15:40 jalbretsen joined #salt
15:40 laubosslink joined #salt
15:41 SheetiS joined #salt
15:43 nbari how to know / test if the minion has some schedule tasks ?
15:44 jonbrefe joined #salt
15:44 schimmy joined #salt
15:45 Ahlee CycloHex: I started by def foo(): return "bar" and dropping it into _modules/foo.py, saltutil.sync_modules
15:45 iggy laubosslink: that bug has a possible fix in it, did you try it?
15:45 intellix joined #salt
15:45 Ahlee CycloHex: that's interesting they saying modules should only perform checks, my assumption around that is _state/ are basically the same, they just populate hte ret dictionary for changes, success/fail
15:45 smcquay joined #salt
15:47 CycloHex So best to start with _modules, and afterwards go for _state?
15:47 TheThing joined #salt
15:47 CycloHex Ahlee - just tagging*
15:48 iggy laubosslink: it says to install IPy and requests
15:48 Ahlee CycloHex: I'd skip _modules. Take a look at https://github.com/saltstack/salt/blob/develop/salt/states/test.py - that's a state that implements the different areas of the ret so you can see how they get manipulated
15:48 Ahlee but, i'd skip _modules becuase i've played with them enough to understand.  I guess if you want "simple python to fire and just want a return code back" go _modules for starters
15:49 Ahlee i then copied what was in my _module/ into a _state, changing the return values to manipulate the "ret" return
15:49 fragamus joined #salt
15:49 CycloHex Ok, thanks Ahlee! appreciate it
15:49 Ahlee the confusing thing (to me) is then writing the state file to call your _state
15:49 CycloHex I'm already confused, so let's start off with the basics ^^
15:50 Ahlee CycloHex: I'll see about writing up some basics on _modules vs _states tonight
15:51 Ahlee need to earn my paycheck for the day before i play
15:51 CycloHex Haha! alright, man!
15:56 eriko joined #salt
15:57 skyler joined #salt
15:57 ShibMcNe Hi, is storing TLS certificates and private keys in pillar a common practice ?
15:58 schimmy1 joined #salt
15:58 jcockhren ShibMcNe: not unencrypted
16:00 bezeee joined #salt
16:00 evidence so https://github.com/saltstack/salt/issues/16923 is likely a quick fix, wondering if it should make it in before rc7
16:01 skyler evidence: Is there going to be an rc7?
16:01 evidence basically you cant run a syndic on the same system as a minion configured with master failover
16:01 evidence skyler: yes
16:01 evidence there were 2 (at least) high sev bugs fixed in rc6
16:02 iggy maybe we'll get 2014.7 in 2014 sometime ;)
16:02 ShibMcNe jcockhren: I haven't been able to identify any best practice regarding the encryption of data in pillar (I am currently using vanilla git_pillar).
16:03 evidence it seems real close, worth the wait with how much has been fixed/added over 2014.1
16:03 evidence not sure how long they let an rc go before it's gold.. maybe a week?
16:03 rattmuff joined #salt
16:04 rattmuff Is it possible to use "if ... in ..." through list of minion id's in a pillar?
16:04 rattmuff like: ids = ['id1', 'id2, 'idn']
16:04 rattmuff {% if grains['id'] in pre_salt_installs %}
16:05 rattmuff erm, ids = ['id1', 'id2, 'idn']
16:05 rattmuff {% if grains['id'] in ids %}
16:05 skyler evidence, iggy: Looks like we *should* see 2014.7 this week: https://groups.google.com/forum/#!topic/salt-users/stwgSKIzTvI
16:06 iggy if there were 2 high sev bugs in rc6, I would kind of expect to see an rc7
16:08 aparsons joined #salt
16:08 nbari I am trying to update resolv.conf but I get this:  The state "/etc/resolv.conf" in sls dns is not formed as a list
16:08 nbari any ideas _
16:08 nbari ?
16:09 iggy nbari: try pastebin'ing your state file
16:09 iggy preferrably somewhere that uses a monospace font for their pastes
16:09 nbari http://pastebin.com/UZW3CsZ5
16:10 iggy that's because it's not a list
16:10 TheRealBill joined #salt
16:10 iggy - source, - user, etc
16:12 nbari got it many thanks
16:14 jcockhren ShibMcNe: for now people are probably just avoiding it. though the next release has methods for storing encrypted data in pillar
16:14 ShibMcNe jcockhren: thanks for the info, I willmanage those manually for now =]
16:15 diegows joined #salt
16:18 troyready joined #salt
16:18 jngd joined #salt
16:18 N-Mi Hi, can anybody explain me why I get this error when creating a user on a postgres server ? http://dpaste.com/0TD20M2
16:19 N-Mi I run postgres 9.3 on wheezy, and use postgres formula from here : https://github.com/saltstack-formulas/postgres-formula
16:19 aparsons joined #salt
16:20 Nazca joined #salt
16:20 invsblduck joined #salt
16:21 N-Mi Here is relevant part of formula : http://dpaste.com/2MSS1N3
16:22 ioio joined #salt
16:24 TheThing joined #salt
16:24 KyleG joined #salt
16:24 KyleG joined #salt
16:27 perfectsine joined #salt
16:28 shookees joined #salt
16:28 shookees joined #salt
16:28 skyler My salt is fubar. I get error about half the time when I run a command: Failed to authenticate!  This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error ocurred (check disk/inode usage).
16:29 iggy N-Mi: do you have the pre-reqs installed?
16:29 thayne joined #salt
16:29 N-Mi iggy: what pre-reqs ?
16:29 skyler I have tried so much stuff to fix it. I have upgraded to a newer rc. I have killed caches. I am now replacing the entire pki directory.
16:30 aparsons joined #salt
16:30 perfectsine joined #salt
16:31 nbari how to debug a state containing jinja ?
16:31 nbari basically I would like to know echo the vars
16:31 ioio joined #salt
16:31 iggy N-Mi: I don't know, I'm sure I read somewhere that the postgres module needs something, but can't find it
16:32 iggy according to the actual module, it just needs the psql utility
16:32 N-Mi iggy: OK, I'll look for this. In the mean time, I found this quite similar issue : https://github.com/saltstack/salt/issues/7695
16:34 nbari this is the problem I have: http://pastebin.com/UJivz2xg
16:34 N-Mi mmm.... found this page : http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.postgres.html
16:34 nbari based on the os I am trying to use a pkg name but I am getting a Rendering SLS "base:vim" failed: Jinja variable 'str object' has no attribute 'pkg'; line 9
16:34 nbari any ideas ?
16:34 KyleG left #salt
16:35 iggy nbari: 'default': 'FreeBSD' <-- that line assigns the value of vim to the string 'FreeBSD' (not the previous entry in the table)
16:37 msciciel_ any idea why after restart salt-master cannot recover to work correctly ? i have 1000 minion, worker_threads is 32, 16 x cpu core, 8gb of ram
16:38 nbari iggy: any idea of how to based on the OS chosse the proper pkg ?
16:38 iggy nbari: most of that is correct, just not that specific line I pointed out
16:39 viq nbari: look at how formulas use jinja maps
16:39 nbari removing last line i got  Rendering SLS "base:vim" failed: Jinja variable 'None' has no attribute 'pkg'; line 8
16:39 nbari ok
16:39 viq msciciel_: what do you mean by "can't recover" ?
16:39 baconbeckons joined #salt
16:39 N-Mi iggy: found it : some incorrect values I provided in my pillar file lead to a syntax error in postgresql.conf for "linsten_addresses". That's why salt was unable to connect to postgreSQL  server to get running version
16:40 UtahDave joined #salt
16:40 N-Mi this error message was quite misleading
16:40 msciciel_ viq: everything is timeout'ing, cannot execute everything, log is full of : [salt.master                                 ][INFO    ] Authentication request from
16:40 UtahDave morning!
16:41 iggy nbari: you need a default line, but you can't assign like you are trying to do... just repeat the settings you ahve for FreeBSD instead of the 'FreeBSD' string
16:41 viq msciciel_: which salt version(s)?
16:41 msciciel_ viq: salt-master-2014.1.10-4.el6.noarch
16:42 msciciel_ viq:  i was trying to increase/decrease number of threads but this didn't help
16:42 nacl_ joined #salt
16:42 nacl_ list
16:42 nbari got it thanks
16:42 viq iggy: I have seen the 'default': 'SomeDistro' use
16:42 msciciel_ viq: ram size is enoung, no swap used
16:43 viq msciciel_: what load average are you getting when this is happening?
16:43 viq msciciel_: there are some settings telling minions to spread the reconnection attempts somewhat, I thin they were made default a couple minor releases ago
16:43 viq msciciel_: minions are 2014.1.10 as well ?
16:44 msciciel_ viq: 2014.1.X, not all are latest
16:44 msciciel_ viq: load average: 42.14, 36.62, 31.33 , it's correlated with number of worker_threads
16:44 iggy viq: unless it's something specific to the filter_by code, it's definitely not standard python
16:45 viq iggy: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html
16:45 msciciel_ viq: before restart everything was working
16:45 viq http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.filter_by
16:46 iggy viq: that's not what he had
16:46 iggy he had the default in the dict
16:46 viq ah
16:46 viq In didn't look what he had :P
16:46 iggy nbari: see that link above... you did the default entry slightly wrong
16:46 StDiluted joined #salt
16:47 viq msciciel_: http://docs.saltstack.com/en/latest/ref/configuration/minion.html#acceptance-wait-time  and a few below that may be of use
16:47 rap424 joined #salt
16:48 iggy and this goes to show how different a python developer sees salt than someone just trying to use salt... it would have never occured to me to put the default in the dict because it's not python
16:48 viq msciciel_: I'd say you need to try and make the minions spread out the reconnects some more, to not hammer as hard on the master
16:49 nbari thanks
16:49 ramishra joined #salt
16:50 msciciel_ viq: this what i'm trying to do, but without salt it's not so easy and fast to do this :(
16:51 viq msciciel_: indeed. But once it settles, https://github.com/saltstack-formulas/salt-formula to the rescue ;)
16:51 aparsons joined #salt
16:53 Deevolution When targeting nodes via Pillar data is there any way to glob on partial key name?  (i.e. -I 'key*:)
16:54 rypeck joined #salt
16:56 toddnni joined #salt
16:58 pmcg joined #salt
16:58 UtahDave Deevolution: yeah, that should work just like you have it.
17:00 aparsons_ joined #salt
17:00 Deevolution UtahDave:  In testing it, it doesn't appear to work.  When I put in something like -I 'key1:key2*:' I get no responses, even though pillar.items shows the key structure on various nodes.
17:00 Deevolution How can I troubleshoot.
17:01 viq Deevolution: try -I 'key1:key2*'
17:01 viq without the : at the end
17:02 TheRealBill joined #salt
17:02 Deevolution I'll give it a shot.
17:03 imanc I have a really long cron entry ...  I'm setting it as name: really-long-cron-entry for a cron.present state, but I'm getting a yaml render error.  1) is what I'm doing correct, e..g setting an ID for my_cron_script then putting the actual cron line in a name: field under cron.present.  And if so, then 2) can I split the cron stateemnt over multiple lines,
17:03 imanc or something?
17:03 iggy imanc: gist it
17:04 imanc iggy: 'k
17:04 Deevolution Trying -I 'key1:key2*' does not return any results.
17:06 imanc @iggy http://pastie.org/9679073
17:07 SheetiS imanc: when you use a | in yaml, you need to indent the text below
17:07 SheetiS it gets another indent level
17:08 pmcg joined #salt
17:08 SheetiS so your line "source ...." should be indented 2 further than "- name:"
17:08 viq imanc: you could try the traditional way - backslash space at the end of each split line
17:08 iggy imanc: the line starting with "source" should be indented
17:11 Nexpro1 joined #salt
17:12 imanc beautiful - thanks folks
17:12 murrdoc joined #salt
17:14 fragamus joined #salt
17:15 Mso150 joined #salt
17:16 wt joined #salt
17:17 zlhgo_ joined #salt
17:18 iggy imanc: just out of curiosity, did you see that form somewhere or did you come up with that on your own"?
17:21 bmatt I'm chasing down a weird issue with minions authenticating ("Authentication accepted from...") but then losing their connection ("Handling event '__master_disconnected...") after running the __master_alive job
17:21 bmatt I'm set up to use PKI and master failover according to the tutorial and would love some help diagnosing
17:22 bmatt unfortunately, there's nothing in the master debug log between "Authentication request" and "Authentication accepted" so I just have to trust it :)
17:22 bmatt (I'm running 2014.7.0rc6)
17:22 kickerdog joined #salt
17:23 Ryan_Lane joined #salt
17:26 imanc iggy: that example?
17:26 bmatt if I turn off the master_alive_interval, everything works as expected
17:26 kickerdog Is anyone using salt-cloud with RdHat RDO/OpenStack? Any gotchas?
17:26 imanc iggy: i just hacked it together, because i didn't want to paste an example from my own app :)
17:27 bmatt (except for failover)
17:27 iggy imanc: but your actual state had the same problem (default in the wrong place)?
17:28 imanc iggy: how do you mean (default in the wrong place) ?  I haven't yet tested the indented line - hope it's still not borked
17:29 iggy imanc: sorry, crossed wires
17:29 iggy carry on
17:29 imanc iggy: ah Ok , np
17:31 mdasilva joined #salt
17:31 mdasilva whats up ppl
17:32 conan_the_destro joined #salt
17:33 Mso150 joined #salt
17:33 jhulten joined #salt
17:41 crane i'm confused... https://www.refheap.com/ca3d62e3a970a409cd767e542 if i run local on the server an apt-get update everything is fine
17:43 iggy crane: is the minion running as root?
17:44 crane iggy: yes
17:44 iggy that's the only thing I could think it would be
17:48 kickerdog joined #salt
17:48 P0bailey joined #salt
17:49 P0bailey joined #salt
17:49 XenophonF do all salt states accept a plural "names" argument?
17:50 murrdoc lotsa them
17:50 murrdoc pip, pkgs, file.managed
17:50 murrdoc i forget what else i have used it on
17:50 XenophonF is it generic, or does the state or underlying module have to support that?
17:50 murrdoc the latter
17:50 XenophonF i've seen it for cmd.script too
17:51 XenophonF i naively assumed that win_servermanager.installed would support a "names" parameter too
17:52 XenophonF but if i set names to a list, i get "IndexError: list index out of range" errors for however many items are in the names list
17:52 murrdoc :)
17:52 mdasilva when using salt-cloud to provision new minions, what version of saltstack will get deployed?
17:52 mdasilva I want to upgrade to 2014.7 for gitfs support, but im not sure what happens with salt-cloud created minions
17:54 UtahDave XenophonF:    "names" is generic
17:55 UtahDave mdasilva: if you want 2014.7 branch add this to your profile:     - script_args: '-- git 2014.7'
17:55 mdasilva awesome
17:55 mdasilva thanks utah
17:55 UtahDave you're welcome!
17:55 mdasilva is there a recommended approach to upgrading existing minions/masters to 20147?
17:56 mdasilva should i upgrade the master first?
17:56 iggy yes
17:56 UtahDave mdasilva: always upgrade your master first
17:56 mdasilva k
17:56 mdasilva gj with the project btw
17:57 mdasilva good stuff really
17:59 ninkotech joined #salt
18:00 hosom joined #salt
18:00 crane iggy: this looks like a strange bug in salt. i think i will open a bug request
18:04 iggy that's probably your best bet
18:04 aparsons joined #salt
18:04 Pixionusfad joined #salt
18:05 aparsons_ joined #salt
18:06 Pixionus joined #salt
18:07 Pixionus joined #salt
18:08 Guest9210 joined #salt
18:08 Mso150 joined #salt
18:09 lothiraldan joined #salt
18:09 Pixionus joined #salt
18:09 jalaziz joined #salt
18:12 Ozack1 joined #salt
18:13 Pixionus left #salt
18:13 Pixionus joined #salt
18:15 toddnni joined #salt
18:15 cberndt joined #salt
18:15 n8n joined #salt
18:17 Pixionus can we have a minion do a few things on it's own on first boot that maybe don't have to be commanded by the master?
18:18 kickerdog You could have the minion call a custom script on start-up
18:18 Pixionus Specifically I need it to install a driver and reconfigure its ssh and salt keys for each server on its first boot
18:18 mdasilva isnt that part of the salt reactor system?
18:19 mdasilva http://docs.saltstack.com/en/latest/topics/reactor/
18:20 diegows joined #salt
18:20 iggy anybody know of any good examples of a reactor calling a module?
18:21 iggy Pixionus: you're better off doing that outside of salt
18:21 Pixionus I thought the reactor depended on states from the master or something
18:21 Pixionus ok.  that's what I was afraid of.  Thanks iggy
18:22 Pixionus would having salt call the script on first boot be the best way to do this or go completely out of salt?
18:22 iggy you can't have salt manage a minion if it doesn't have proper salt keys
18:22 iggy or ssh keys if using salt-ssh
18:23 pdayton joined #salt
18:24 Pixionus not using salt-ssh because most of what we need we can get by with through salts remote system or pulling up a reverse tunnel.  I thought salt-ssh was still experimental
18:24 TheThing joined #salt
18:25 Pixionus Is my assumption correct that if I just don't have salt keys on the image at boot, it will generate them fresh when it starts up?
18:25 iggy yes, but you'd have to accept them on the master before they can be used
18:26 Pixionus That's fine.  It's part of our process anyway to have a hand in the acceptance.
18:27 Pixionus easier to issue each image the same and let them individualize on first boot than have to flash something different each time.
18:27 iggy we don't even have salt installed in our base image... it gets pulled in at first boot
18:28 Pixionus automagically?  We are running on ARM and have a few modules that are a few versions behind just because we hadn't seen new ones that worked with our boards yet
18:29 Pixionus so the installation is a little bit more complicated than normal
18:29 alex-mesos joined #salt
18:29 hosom anyone use Salt to install stuff from source code?
18:29 iggy oh, it's part of a "startup script" blurb that GCE let's you run on instances
18:29 mdasilva hosom; i have
18:29 hosom mdasilva: good, bad, ugly?
18:30 mdasilva hosom: it would be better to spend the time to create a proper package
18:30 mdasilva hosom: but its not like you cant create a state to handle building the tarball
18:31 hosom mdasilva: I run a Bro IDS cluster... building a debian package of Bro is actually a non-trivial task
18:31 mdasilva id recommend creating a package tho, its not too difficult once you get a little familiar with it
18:31 mdasilva hosom: i see
18:31 jalaziz joined #salt
18:34 cberndt joined #salt
18:34 mdasilva hosom: from my experience it wasnt terrible deploy the source code, just not as tidy as it could be
18:35 Setsuna666 joined #salt
18:35 hosom I mean, technically building a deb for Bro gets a lot easier if you don't do things right... but realistically if I'm going through the effort to build the package, I should do dependency checking and split Bro into its 5 sub components
18:36 tmh1999 joined #salt
18:37 mdasilva i felt the same way
18:38 steve1 joined #salt
18:38 mdasilva i left the fringe infrequently used package as a deploy from tar
18:39 mdasilva and spent time to build packages the more commonly deployed pieces
18:39 jngd joined #salt
18:41 mdasilva hosom: bro has a prebuilt deb package
18:41 mdasilva https://www.bro.org/download/index.html
18:42 hosom mdasilva: we modify it slightly :)
18:42 hosom when they implement plugins in the next version, that's actually an option
18:50 cpowell joined #salt
18:53 toddnni joined #salt
18:53 pdayton joined #salt
18:53 pdayton joined #salt
18:56 pdayton joined #salt
18:59 fragamus joined #salt
18:59 racooper joined #salt
19:01 racooper joined #salt
19:03 jalaziz joined #salt
19:03 vejdmn joined #salt
19:06 thedodd joined #salt
19:12 moos3 does anyone know how saltstack events per second a master node can do
19:17 Ryan_Lane moos3: probably depends on the number of worker threads you are running
19:17 elzilrac joined #salt
19:18 Ryan_Lane and the size of the system running it
19:18 moos3 say something like 100 minions
19:18 Ryan_Lane it mostly depends on the server and its configuration
19:18 Ryan_Lane if you have a server with a lot of CPUs and have worker_threads set to fully utilize your CPU, probably a lot
19:19 MrThrax moos3: that's a bad question that can't be answered simply
19:19 MrThrax there's so many variables related to capacity
19:20 kickerdog joined #salt
19:21 scristian joined #salt
19:22 aparsons joined #salt
19:22 felskrone moos3: theoretically the limit is what zeromq can do on your master, because internally its all zeromq-sockets
19:23 murrdoc is this limit related to file descriptors
19:23 Ryan_Lane well, only partly. there's a single process that's handling all the connections
19:24 Ryan_Lane and farming it off to the worker threads
19:24 shookees joined #salt
19:24 Ryan_Lane that could also be a bottleneck
19:26 mgw on typical modern hardware, would we be talking about dozens minion->master events/s, hundreds, or thousands?
19:26 mgw The events in question would be routed from reactor->runner
19:27 elzilrac Greetings! I have a question on salt-cloud aws VPC deployment. I have a salt master and two minions. The master is in one security group, and the minions in another. All 3 machines have elastic IP's. This configuration seems to be working OK.
19:27 elzilrac I want to add 2 additional nodes that are inside the same VPC, but do not have elasitc IPs, and are in the security group that does not include the master node. I can spin them up with salt, and ssh to them using the key, salt installs, but master can't reach them (and they cannot reach the master).
19:27 elzilrac I think I punched all the correct holes in the security groups (both ssh and TCP 4505-4506). The spun up minions can also reach the outside world OK through a NAT. I'm not sure where to go next with solving this problem, any suggestions much appreciated.
19:27 baconbeckons joined #salt
19:29 jrluis joined #salt
19:30 nitti_ joined #salt
19:31 nitti_ joined #salt
19:31 aparsons joined #salt
19:38 aparsons joined #salt
19:40 baconbeckons_ joined #salt
19:41 patrek joined #salt
19:43 kickerdog joined #salt
19:45 m0nky joined #salt
19:45 antonw joined #salt
19:45 munhitsu__ joined #salt
19:47 pduersteler joined #salt
19:49 Eugene It's minion-->master
19:50 crane how do i call functions from cli? like network.system.hostname?
19:50 Eugene So you'd need to poke the holes in the master's security groups
19:50 Eugene Arbitrary python functions, or a salt func?
19:50 crane salt funct
19:50 Eugene `salt <host> <somecall>`
19:50 Eugene http://docs.saltstack.com/en/latest/topics/tutorials/modules.html
19:51 crane salt '10.0.0.1' network.system.hostname=www.example.org
19:51 thedodd joined #salt
19:52 crane that should be my goal but the syntax is wrong
19:52 pduersteler quick question: How do I properly pin packages to a version? I'm currently struggling with php5-fpm pinning to 5.4.x, but e.g. saying php5-fpm: '<= 5.4.99'  yields an error that the package can't be installed. Even when telling it the exact version that apt-get -s install php5-fpm would set up, it's failing (e.g. '5.4.34-1~dotdeb.1'). What am I doing wrong?
19:52 Eugene The default targeting is based on minion ID, not IP address
19:52 crane Eugene: it's the minion id
19:52 Eugene OK
19:52 crane 'network.system.hostname=' is not available.
19:52 crane thats my respond
19:53 jalaziz joined #salt
19:54 crane pduersteler: http://jaqque.sbih.org/kplug/apt-pinning.html
19:54 pduersteler crane: thanks, will read that
19:54 Eugene network.system is a state, and you're setting the hostname property. I don't actually think you can call a state outside of a sls file
19:55 Eugene http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls
19:55 ndrei joined #salt
19:55 ndrei_ joined #salt
19:55 Eugene Aha, right above it: state.low
19:56 crane Eugene: aah. thx :)
19:56 mdasilva pduersteler: pinning doesn't apply down to its dependancies
19:56 mdasilva you'll need to pin its dependancies
19:56 smcquaid joined #salt
19:57 pduersteler mdasilva: thanks for the hint
19:58 mdasilva pduersteler: alternatively if you specify a repo with apt-get that will pull in the correct dependancies
19:59 perfectsine joined #salt
20:00 wt joined #salt
20:01 intellix joined #salt
20:05 pdayton joined #salt
20:13 micah_chatt joined #salt
20:13 jalaziz joined #salt
20:14 thayne joined #salt
20:17 pduersteler logical question: I want to be able to set up e.g. a webserver with postfix on it and the according config (relayhost etc), and also have an SLS for the main MTA with its config, and also configs for a backup mx – so basically 3 hosts. Any hint what I have to read to understand how to do this properly?
20:18 bhosmer joined #salt
20:18 baconbeckons joined #salt
20:18 iggy well, there are nginx/apache/etc formulas, and postfix formulas (although I don't know how featureful they are)
20:18 iggy beyond that... "docs"
20:19 jalaziz_ joined #salt
20:19 bhosmer_ joined #salt
20:19 iggy I had about 6 hours of doc reading under my belt when I rolled out my first salt deployment
20:19 iggy I should probably go back and clean that up at some point
20:19 mdasilva pduersteler: start with the walkthrough and tutorials
20:20 mdasilva once you get your head around the main components and their roles they serve it will be much easier writing states
20:20 mdasilva and better written states imo
20:21 mdasilva best thing to do is read the docs and create a little lab for yourself to get familiar
20:21 n8n joined #salt
20:21 pduersteler mdasilva: thanks. I already hangled myself through a variety of pages and applying it on my current vm lab, but as I try to get more and more to a "real life target", it becomes harder, from a logical point of view.
20:21 mdasilva i've rewritten states a few times after figuring out better ways to do it
20:22 iggy one of the things that frustrated me the most when I was getting started...
20:22 pduersteler mdasilva: thanks. hmm, looks like I have to read the walkthrough about pillars, that seems like the bit I'm missing currently
20:22 pduersteler iggy: yep. so many options, so not sure how to put the things into a nice order..
20:22 iggy There is not a "correct/accepted/etc" way to do most everything
20:23 iggy there are multiple ways to solve problems, use the one that makes the most sense to you and your situation
20:23 mdasilva pduersteler: start simple, try to mimic what you would do manually but with the available states modules.  then come back and spice it up with templates and dynamic data
20:23 babilen Yes, read pillars and then http://docs.saltstack.com/en/latest/topics/best_practices.html and http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
20:23 iggy and use formulas if you can
20:23 mdasilva +1
20:23 mdasilva there are a lot of good formulas
20:23 iggy most of them actually represent "best practices"
20:23 babilen You can also pick our brains if you'd like, but that often simply turns into RTFM if you aren't familiar with at least pillars and idiomatic formulas
20:24 iggy (but beware: not all of them)
20:24 babilen Yes, there are some formulas that definitely need some love
20:24 babilen But you can ask about the ones you are considering and we can take a look
20:24 pduersteler okay
20:24 crane babilen: true words :D
20:24 crane they need love ^^
20:24 pduersteler thanks guys ;)
20:25 piquadrat joined #salt
20:25 mdasilva pduersteler: stick with it, your efforts will be rewarded
20:25 pravka joined #salt
20:25 crane babilen: network.system hostname should be used to change the fqdn right? i dont see any change of my hostnames... :/
20:26 crane babilen: https://www.refheap.com/92394
20:26 babilen A wild crane appears
20:26 crane babilen: sometimes ;)
20:27 JonGretar_ joined #salt
20:28 babilen crane: You might need apply_hostname: True, but I haven't used that before. What happens if you run that?
20:29 crane let me check
20:29 babilen I should probably read the code to figure out what it does, but maybe you can take a look yourself
20:30 crane babilen: fqdn is still the same
20:32 babilen I haven't used that before and have to take a look at how it should be used. What does salt return if you add apply_hostname and if you run it?
20:32 dstufft I'm super confused what I did to create an error that looks like https://bpaste.net/show/8179ddc196f5
20:33 iggy dstufft: you set something up to be a bool that it wasn't expecting to be
20:34 iggy try pasting your iptables-persistent state somewhere
20:34 ndrei joined #salt
20:35 ndrei_ joined #salt
20:35 druonysuse joined #salt
20:35 druonysuse joined #salt
20:35 kivihtin joined #salt
20:36 dstufft iggy: oh it's all OSS, sec
20:37 dstufft https://github.com/python/psf-salt/blob/master/salt/firewall/init.sls#L23-L36 but I didn't change anything in that between when it was working and when it doens't, (https://github.com/python/psf-salt/pull/16)
20:37 babilen crane: I'd also be interested to see the debug output from the salt minion if you run it with "salt-minion -ldebug" AFAICT it should set the hostname, but please verify it.
20:38 scoates joined #salt
20:38 dskyberg joined #salt
20:38 vejdmn joined #salt
20:39 iggy dstufft: why do you have the ": []" after pkg.installed? I don't know that it's wrong, I've just never seen it
20:39 druonysus joined #salt
20:39 dooshtuRabbit joined #salt
20:40 dstufft iggy: pkg.installed isn't valid without the full dict syntax when there are other items in the dict
20:41 dstufft hm
20:41 dstufft maybe that branch didin't break it o.O
20:41 dstufft wtf
20:41 dskyberg Noobie question.  Running masterless.  I added ruby-formula to /srv/formulas, but I'm getting 'Name ruby in sls mysls is not in a dictionary.  Can someone point me?
20:42 babilen dskyberg: Make it "pkg.installed" rather than "pkg.installed: []"
20:43 babilen (or "pkg.installed:" if you want additional things in there (which aren't there))
20:43 kickerdog joined #salt
20:43 crane babilen: i'm to lazy atm to remove all my hostnames... i send you a pn ;)
20:44 crane network is quit funny cause even if i change the hostname to another one salt says it is in the desired state
20:44 kickerdog joined #salt
20:45 srage joined #salt
20:48 dskyberg babilen: here’s my .sts.
20:48 dskyberg #
20:48 dskyberg # Set up my stuff
20:48 dskyberg #
20:48 dskyberg include:
20:48 dskyberg - ruby
20:48 dskyberg # Make sure Ruby is installed with correct version
20:48 dskyberg ruby:
20:48 arnoldB dskyberg: nopaste it
20:48 dskyberg - install_from_source: False
20:48 dskyberg - pkg.installed
20:48 jrluis1 joined #salt
20:48 arnoldB dskyberg: use https://np.adm.sx/ or friends
20:49 aparsons joined #salt
20:49 arnoldB http://pastie.org/
20:49 pdayton joined #salt
20:50 dooshtuRabbit joined #salt
20:50 arnoldB dskyberg: ruby is a list instead of a dict
20:50 babilen http://refheap.com, http://sprunge.us, http://paste.debian.net, http://gist.github.com, http://bpaste.net, ... are all good too
20:50 arnoldB dskyberg: https://np.adm.sx/view/7c357126
20:50 dskyberg https://sh.adm.sx/rRdN
20:51 babilen dskyberg: You want that to be "ruby: pkg.installed: - install_from_source: False"
20:51 elzilrac Is there a way to see where my minion is failing to connect to the master? I'm using salt-cloud to spin up an instance, and that seems to go OK, but then neither master nor minion can talk to each other. (but I can manually ssh between them).
20:51 dooshtuRabbit joined #salt
20:51 aparsons joined #salt
20:52 arnoldB dskyberg: https://github.com/search?q=user%3Abechtoldt+saltstack- could be a collection of not-so-bad working salt formulas
20:52 tafa2 joined #salt
20:52 babilen dskyberg: https://github.com/saltstack-formulas too (for the official ones)
20:53 dskyberg babilen: Thanks - that fixed that problem!
20:53 nitti joined #salt
20:54 cliff-hm joined #salt
20:54 cliff-hm joined #salt
20:54 elzilrac Something like a "minion dial home" would be nice :)
20:55 arnoldB elzilrac: have you tried tcpdump? :)
20:55 mdasilva elzilrac: im having the same issue after forcing 2014.7
20:55 babilen elzilrac: I am not aware of such a tool. You can, naturally, use telnet, ping, mtr, ...
20:57 perfectsine joined #salt
20:59 elzilrac <mdasilva>: I also forced 2014.7.0rc1 (Helium), though the reason escapes me ATM.
21:00 invsblduck joined #salt
21:02 mdasilva elzilrac: i was having trouble with implementing gitfs
21:02 mdasilva a post mentioned things are resolved in 2014.7... so there i went
21:02 elzilrac heh, that was not me. It was something to do with cloud deployment, that's all I can remember.
21:03 aparsons joined #salt
21:03 thayne joined #salt
21:03 mdasilva same, existing minions i converted to 2014.7rc4 is fine.. i adjusted my cloud profile to have 2014.7rc4 deployed as well
21:03 elzilrac (that was a bad joke)
21:03 mdasilva still... the master has issues with communication after the system is provisioned
21:04 mdasilva ah.. humor, ive heard of it
21:04 dude051 joined #salt
21:05 Mso150_f joined #salt
21:07 smcquaid joined #salt
21:09 teebes joined #salt
21:10 elzilrac hmm they're up to 2014.7rc6 already. I wonder how stable it it
21:10 elzilrac *it is
21:11 aurynn It's 6 stables.
21:11 kballou joined #salt
21:11 bezeee joined #salt
21:13 elzilrac That's good to hear!
21:17 viq elzilrac: https://groups.google.com/forum/#!topic/salt-users/stwgSKIzTvI
21:18 vejdmn joined #salt
21:20 * dskyberg still can't find forumula.  Here's all my salt files: https://np.adm.sx/view/a0daaff2
21:21 invsblduck joined #salt
21:23 elzilrac Very cool, thanks viq!
21:24 racooper joined #salt
21:25 iggy dstufft: call the state something other than ruby (in mysls.sls)
21:25 iggy err dskyberg
21:26 kermit joined #salt
21:27 iggy ahhh... masterless
21:27 * iggy runs away
21:28 dskyberg iggy: trying ruby-2.1.3.  1 sec...
21:28 faliarin left #salt
21:29 bezeee joined #salt
21:31 dskyberg iggy:  grrr.  It was the include, not the state name.  Removed the include, set state name back to ruby.  Runs now.
21:32 bhosmer joined #salt
21:39 scarcry joined #salt
21:41 elzilrac so, using netcat, I can see some random characters on port 4506 from the master (so there is a route to it). What's a good next step as to why it can't control the minion?
21:41 hasues elzilrac: Did you add its key?
21:41 ajolo__ joined #salt
21:42 elzilrac I've never had to manually add minion keys before (so no, I had not)
21:42 hasues elzilrac: salt-key -L shows it is added?
21:43 hasues or "accepted" rather?
21:45 elzilrac yes
21:45 elzilrac it's there
21:45 hasues elzilrac: Have you tested adding a pillar with an info tag and distributing it to the minion?
21:46 hasues elzilrac: or did it fail with the test ping?
21:48 elzilrac huh, it's actually returning OK
21:49 hasues elzilrac: Okay, have you constructed an info tag in a pillar and pushed that to the minion to see if it receives it?
21:49 hasues If it does that, then I would think it is being controlled.
21:49 hasues Also, beyond that, that's about all I've ever been able to accomplish :D
21:49 hasues Just because I'm still learning this as I go.
21:50 toddnni joined #salt
21:50 elzilrac it's actually responding to high state now. I uh... I think it's because I just poked a hole in the NAT
21:51 hasues elzilrac: Oh, so it is behind NAT?
21:51 sschwartz_ee joined #salt
21:51 iggy I could swear somewhere along the way, 2014.1.x changed pillar inheritance behavior
21:51 elzilrac yeah. using AWS's VPCs 'n stuff
21:51 sschwartz_ee Probably a stupid question: I have a job that the master is trying to run on the minion, that will never finish; how can I kill it on the master without restarting the master?
21:51 iggy sschwartz_ee: probably something in the job runner
21:52 iggy or not
21:52 sschwartz_ee D'oh. saltutil.
21:53 iggy at least someone found it ...
21:54 sschwartz_ee salt '*' saltutil.kill_job <job id>
21:54 sschwartz_ee (According to the docs, at least.)
21:55 dstufft heh
21:55 dstufft salt was updated 10 hours ago in the ppa
21:55 dstufft I wonder if that's what caused this mysterious error of mine
21:58 ggoZ joined #salt
21:59 kermit joined #salt
21:59 dstufft heh
21:59 dstufft yrs
21:59 dstufft that's what caused it
21:59 elzilrac thank you hauses, talking though the basics showed me where the problem was.
21:59 hasues elzilrac: no problem.  Glad it helped.
21:59 srage_ joined #salt
22:00 jhulten joined #salt
22:00 hasues elzilrac: now you can show me how it works :D
22:00 hasues :P
22:01 debian112 joined #salt
22:02 smcquay joined #salt
22:02 fragamus joined #salt
22:02 invsblduck joined #salt
22:03 karimb joined #salt
22:09 wt joined #salt
22:11 TheThing joined #salt
22:14 Ryan_Lane when using cmd.run with env, is there any way to set the PATH variable to $PATH:/blah ?
22:15 iggy the normal way (which yes, can get messy quick)
22:15 iggy oh, and you have to tell it to use a shell or something
22:16 Ryan_Lane - PATH: $PATH:/blah
22:16 Ryan_Lane ^^ ?
22:16 Ryan_Lane that works?
22:18 iggy it might, but I meant to put in the "name" option
22:18 iggy and then set shell to bash -i
22:19 iggy or something similar
22:19 Ryan_Lane ah. I don't need this afterall :)
22:19 iggy somebody else was talking about it the other day
22:19 iggy I guess I wasn't paying as close attention as I thought
22:19 Ryan_Lane heh
22:19 Ryan_Lane thanks for the info though, I'm sure I may eventually need to do this one day
22:21 perfectsine joined #salt
22:22 __number5__ easier to wrap everything in shell script (or python script) then run the script
22:24 philipsd6 Is there any way to create a custom module that requires authentication (for an external database) but where the authentication stays on the master, and is not available on the minion?
22:26 iggy philipsd6: quite a few of them do (at the very least the postgres module does)
22:26 iggy philipsd6: you can put the config for that module in a pillar and target it only at the master
22:27 philipsd6 yes, but then how can the minion call the module to get data?
22:27 iggy but you can't then run that module on anything other than what the pillar is targeted at
22:27 philipsd6 yes, that's my point.
22:27 philipsd6 I want to expose a interface for minions to request an ID, but they won't have the API's auth data.
22:27 iggy yeah, rethink how you're doing what you're doing
22:28 * philipsd6 sighs, as I suspected I would have to do.
22:28 aurynn I'd use reactors and pillars for that
22:28 philipsd6 well, I originally did it with a ext_pillar, but then I have to determine up front which minions get which data, and that doesn't make sense in this particular case.
22:29 whatapain can anyone help confirm if the state.user expire function is working?  i have set expire: 1 to lock an account but it doesn't seem to be making the change.  i expect chage -l <user> to show an expiration of Jan 02, 1970 but it's currently showing never.
22:29 aurynn philipsd6, hence the reactor and regenerating pillar data in response to the reactor event
22:30 zemm joined #salt
22:30 iggy pillars are only visible to root users of targeted machines (by default)... if you don't trust people that have root on your machines, you have bigger issues
22:31 philipsd6 well, as I said, pillar isn't the most logical place for this data.
22:33 philipsd6 but if I could lazily fill in a pillar in reaction to a request for that data, that might be useful. I'll see if I can make that work aurynn
22:33 philipsd6 Otherwise, I'll have to distribute a _module that has authentication data embedded.
22:35 philipsd6 or... stick it in the minion config.
22:38 kloplop321 joined #salt
22:38 dskyberg left #salt
22:39 alex-mesos joined #salt
22:40 iggy can anyone verify that pillars work top-down in 2014.1.13 ?
22:42 iggy i.e. base:  '*':  - foo.sls ... 'host1':  - foo.sls -> host1's foo.sls overwrites what's in the * foo.sls
22:47 iggy https://gist.github.com/iggy/fbf8e292bfa14a404f32
22:49 iggy nvm, the docs clearly say "https://gist.github.com/iggy/fbf8e292bfa14a404f32"
22:49 iggy err "conflicting keys will be overwritten in a non-deterministic manner!"
22:49 iggy so I guess I've just been getting lucky for a few months
22:50 agend joined #salt
22:54 Leonw joined #salt
22:54 debian112 I have a question about using includes:
22:54 debian112 http://paste.debian.net/128979/
22:54 debian112 Can I use a regex here?
22:55 Leonw hi... small question. How bad it would me to have several minions sharing the same minion_id keeping in mind that all this machines should have exactly the same packages installed?
22:55 Leonw would be*
22:55 kossy joined #salt
22:57 Leonw any one?
22:58 iggy Leonw: I'm pretty sure you can't do that
22:58 iggy but you might want to wait for one of the devs to reply
22:59 Leonw iggy... the use case is to have aws autoscaled instances registering  with the tag Name instead the hostname so I can do regex matching on remote code execution
22:59 iggy debian112: regex, probably not... possibly a: {% if 'server1' in grains['id'] %}
22:59 Leonw iggy, but thanks anyway! :)
23:00 iggy Leonw: let them come up with whatever name aws gives them and target based on metadata
23:00 jhulten joined #salt
23:00 kloplop321 left #salt
23:01 iggy Leonw: something like https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_tag_roles.py
23:01 iggy then you can do normal grain targeting
23:01 ggoZ joined #salt
23:01 debian112 iggy: ok thanks, that would be nice, so I don't have to add and elif line for every new server
23:02 Leonw iggy: Ha!
23:02 Leonw iggy: mate... thanks a lot
23:02 iggy yeah, that's what we do (only on gce)
23:02 Leonw iggy: I'm still testing the setup... but this was a show stopper for the real deployment and you just removed it! :P
23:02 Leonw iggy: thanks! :)))
23:03 superseb joined #salt
23:04 jdmf joined #salt
23:05 iggy np
23:06 debian112 so iggy and everyone is that's the normal way of handling many servers in a state? To create a elif state for every new server?
23:06 iggy Leonw: actually now that I look at that... it looks pretty messy
23:06 Buoy172 joined #salt
23:06 iggy I think you can get the info easier from the metadata interface
23:06 DanGarthwaite joined #salt
23:07 iggy look at the gce one I did: https://github.com/saltstack/salt-contrib/blob/master/grains/gce.py
23:07 Buoy172 and that minor issue perhaps being rooted in a management one
23:08 Leonw iggy: Much cleaner
23:08 DanGarthwaite Congrats on the helium release.
23:08 Leonw iggy: the bit of intel that was missing for my was the grain usage
23:08 Buoy172 use windows server for your performance critical web development needs
23:08 Buoy172 let's prepare a fancy introduction that raises the autismal instincts in our target audience and do a kickstarter
23:08 iggy debian112: if it's going to be more than a couple of entries, that's probably not your best route
23:09 Buoy172 so i offset collision checking by 1
23:09 Buoy172 now it lets you place it 2 tiles inward
23:09 iggy whiteinge: UtahDave: basepi: can somebody take care of that?
23:09 Buoy172 I'm still going to use the header for all the work I did to get it. And benifits from using it / not using it?
23:12 Buoy172 more memory for those useless has_* fields than for my data o_O
23:14 cberndt joined #salt
23:20 teepark I'm getting started using salt formulas, and finding that they often use the same top-level names for states leading to conflicts. is there a convention for hadnling this? I'm making changes like this; https://github.com/scout/graphite-formula/commit/89f9a6abf08fee6f8b63baf8e9a1eac6a45ebc24
23:20 iggy I wouldn't say they often do it
23:21 iggy but you shouldn't be trying to use nginx-formula and graphite formula on the same host
23:21 teepark host doesn't matter -- hosts connected to the same master is enough to cause the conflict
23:22 MTecknology How do I make salt take care of all of my bills and paperwork and housework?...
23:22 Buoy172 left #salt
23:22 iggy realistically, the nginx stuff should be gutted from the graphite formula
23:23 teepark iggy: yeah. I have a bunch of changes to the graphite formula piling up. that one in particular is a mess
23:23 iggy teepark: also, the formulas are starting points... not always the best thing for everyone
23:23 iggy lol
23:24 iggy uhh... so, yeah, it kind of looks like we did a lot of the same stuff
23:24 iggy https://github.com/iggy/graphite-formula
23:25 teepark yeah debian was totally borked hah
23:26 teepark that's turning in to a pet peeve -- putting {% if debian %} in sls when it's clear the formula writer never tested it
23:26 iggy ditto
23:26 iggy I'd rather someone just left it out completely
23:27 teepark exactly. it's stupid easy though to just change vagrant base boxes, or whatever
23:27 iggy I suspect that was copied from another formula and someone just figured that was a good starting point for debian support (without actually saying that it was POC debian support)
23:29 iggy I guess I should have flattened all those commits and done a PR a while ago...
23:29 iggy would have saved someone some time
23:29 teepark iggy: but seeing that example with "nginx" as a top-level name, and lots of very common libraries in salt-formula/salt/cloud.sls, I'm thinking generally using a formula-specific prefix for your top level names might be a good idea
23:30 teepark that's the idea I wanted to float and guage opinions on
23:30 iggy but that kills the DRY of being able to use the parent name instead of specifying name: for every state
23:31 dstufft blech, so yea 2014.1.13 is just broken :( there's a few issues open on the bug tracker already, guess I'll just pin to 2014.1.11
23:32 teepark yeah but short of having a python-pip formula and everything in the world that ever uses any pip package depending on that it's going to be non-dry anyway
23:32 teepark (as an example)
23:32 iggy plus, you can have multiple states with the same id, they just can't be targeted at the same host
23:33 iggy i.e. I have the nginx ID in the graphite formula and in our nginx formula and they don't clash because they aren't targeted at the same host
23:33 teepark ah that I didn't realize
23:34 iggy that's what I was trying to say earlier
23:34 teepark not everyone is going to have machines dedicated to a single purpose though
23:34 teepark I'm bootstrapping a startup and have few machines playing a bunch of roles each
23:34 iggy but noone is going to have nginx installed twice
23:34 teepark I do, sort of
23:35 * iggy beats teepark with some sort of lumber
23:35 iggy if you're doing that, use docker
23:35 iggy or like I said... rip nginx out of the graphite formula completely
23:35 teepark the same box runs nginx under a particular config for public-facing prod, and also the graphite web interface
23:35 teepark yeah docker
23:35 iggy it really doesn't belong there and isn't required at all
23:35 MrThrax left #salt
23:36 bhosmer_ joined #salt
23:36 teepark I have to take another look at that
23:36 Emantor joined #salt
23:36 teepark a crappy formula ends up being more work than writing your own states...
23:36 iggy yeah
23:36 iggy that's why we don't use the nginx formula
23:37 iggy it's more trouble than it's worth
23:37 iggy we rolled our own
23:37 teepark yeah that one's not a difficult thing anyway
23:37 teepark graphite is such a PITA generally
23:37 teepark I was looking forward to having it "done for me"
23:37 teepark sigh
23:37 iggy it's really not
23:37 iggy even after all that, I had to go in and manually set passwords and stuff
23:39 MTecknology I almost always take a formula and grab bits and pieces to form it into what I actually need. The gitlab formula viq made is the only formula I make use of
23:40 MTecknology deploying anything ruby sucks :(
23:41 teepark MTecknology, iggy: I'm not ready to give up on my pipe dream: running an inf primarily by pointing gitfs at my forks of formulas, and submitting my fixes back upstream
23:46 mschiff joined #salt
23:48 Ryan_Lane1 joined #salt
23:49 Ryan_Lane joined #salt
23:51 DaveQB joined #salt
23:55 hasues joined #salt
23:56 hasues left #salt
23:59 ajolo__ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary