Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:06 kormoc joined #salt
00:10 aquinas joined #salt
00:14 desposo joined #salt
00:18 CeBe joined #salt
00:24 theo joined #salt
00:34 druonysuse joined #salt
00:34 druonysuse joined #salt
00:35 desposo joined #salt
00:37 jalaziz_ joined #salt
00:38 dnai23 joined #salt
00:41 theo__ joined #salt
00:44 jnials joined #salt
00:45 shaggy_surfer joined #salt
00:56 glyf joined #salt
01:02 tristianc joined #salt
01:09 flebel joined #salt
01:14 Ryan_Lane joined #salt
01:15 conan_the_destro joined #salt
01:26 dnai23 joined #salt
01:27 yomilk joined #salt
01:31 mr_chris joined #salt
01:33 pdayton joined #salt
01:35 yidhra_ joined #salt
01:40 Zachary_DuBois joined #salt
01:50 yomilk joined #salt
02:02 dnai23 joined #salt
02:06 forrest joined #salt
02:07 Guest55003 joined #salt
02:10 Guest55003 I am using salt-cloud to provision an instance in EC2 (from salt master also in EC2). I can highstate from the minion to the master, but from master salt calls return: Minion did not return. [No response]. Does anyone know what to do about that?
02:10 eXistenZNL joined #salt
02:13 yomilk joined #salt
02:27 WillPlatnick Guest55003: Try setting ssh_interface to private_ips (http://salt-cloud.readthedocs.org/en/latest/topics/aws.html#optional-settings)
02:27 greg____ joined #salt
02:28 greg____ Anyone know how to set env vars like PATH and PYTHONPATH remotely with salt.client.LocalClient() ??
02:28 Guest55003 WillPlatnick: I’m already using private_ips
02:29 WillPlatnick Guest55003: Ahh, ok then. Do you have ports 4505 and 4506 open?
02:29 Guest55003 Yes, on the saltmaster I do
02:29 greg____ I
02:29 Guest55003 For now on the minion I have actually opened up all ports
02:29 greg____ I'm trying to do it with cmd.run but to no avail
02:30 Guest55003 greg, what command are you inputting to cmd.run?
02:31 greg____ client.cmd(server, 'cmd.run', ['export SAVE=$PYTHONPATH']) something like this
02:31 Guest55003 export only sets a variable for the current shell. By the time you run some other program it will be gone
02:32 yomilk joined #salt
02:32 greg____ I only need it to live for a while but it seems like it's erased the next time I call cmd.run
02:32 greg____ should I write it to bashrc or bash_profile?
02:32 Guest55003 I suggest you use file.manage to add a file to your server that has PYTHONPATH=/foo/bar and then run your program with env myfile.conf my_command
02:33 WillPlatnick Guest55003: no idea then, really sounds like a firewall to me
02:33 Guest55003 the env command will read key/values from a file and add them to the environment, just for the command you’re running
02:33 greg____ okay I'll give that a shot
02:33 greg____ Thanks guys
02:34 Guest55003 Ok thanks Will. That was my first guess so I just opened up every port. Still no beans
02:35 Guest55003 Will do you know how the salt master knows the IP address of its minions?
02:36 Guest55003 On the minion I specified the master’s domain name, so that’s how it can find the master
02:36 Guest55003 But on the master I don’t see where the IP of the minion is kept.
02:41 dimeshake Guest55003: test.ping runs ok from master?
02:42 Guest55003 No
02:45 Guest55003 Same response
02:45 Guest55003 ubuntu@ip-172-31-29-200:~/faroe$ sudo salt minion-4 test.ping -v
02:45 Guest55003 Executing job with jid 20141213020908012507
02:45 Guest55003 -------------------------------------------
02:45 Guest55003 minion-4:
02:45 Guest55003 Minion did not return. [No response]
02:45 dimeshake try adding -t60
02:45 Guest55003 did that
02:45 dimeshake try salt-run manage.up
02:45 dimeshake see if master sees it at all
02:45 Guest55003 ok
02:45 Guest55003 do I run that on master or minion?
02:45 dimeshake master
02:45 Guest55003 ok, no it doesn’t return my minion-4
02:45 dimeshake can you telnet to the master's ports from the minion?
02:45 Guest55003 one sec
02:46 yomilk joined #salt
02:47 Guest55003 ok, yes from the minion I ran telnet 12.34.45.67 4505 and it connected (same with 4506)
02:48 genediazjr joined #salt
02:48 WillPlatnick Guest55003: run salt-minion -l debug and then try to run a test.ping against it from the master
02:49 Guest55003 ok, good idea
02:49 WillPlatnick stop your other running salt first
02:51 Guest55003 Ok, this is really silly. I went to stop salt-minion and it wasn’t running. Once I started it I can ping it from the master no problem. I thought it was running because I could do a salt-call from the minion...
02:51 dimeshake hahah that was my next question.. you're sure it's running :D
02:52 Guest55003 :)
02:52 dimeshake salt-call will run without the minion daemon
02:52 Guest55003 Yeah that makes sense
02:52 Guest55003 Now only question is: why didn’t salt-minion get started by salt-cloud
02:53 dimeshake do you have a state that makes sure the minion is running?
02:54 Guest55003 um, no
02:54 bhosmer joined #salt
02:54 Guest55003 is that something I can config in could.profiles or cloud.providers?
02:55 Leonw joined #salt
02:55 bill joined #salt
02:55 Leonw Hi all
02:55 Guest55003 Hi Leonw
02:55 Leonw :P
02:56 Leonw does any one knows how I define on a syndic master server the port where it should listen?
02:56 yomilk joined #salt
02:57 Leonw actually... I'm having issues with test.ping
02:57 Leonw I have a node behind a salt-syndic
02:58 Leonw that, when I do a test.ping on the master of masters... it doesn't return for this node
02:58 Leonw FYI the master of masters and the syndic are running inside docker
02:58 Leonw with port mappings
02:58 Leonw :P
02:58 Leonw on the master of masters:  0.0.0.0:10021->4505/tcp, 0.0.0.0:10022->4506/tcp
02:59 Leonw on the syndic: 0.0.0.0:10021->4505/tcp, 0.0.0.0:10022->4506/tcp,
02:59 Leonw the ports are all accessible
03:00 Leonw and a salt-call state.highstate is working
03:00 Leonw (on the minion)
03:01 Leonw so... I believe that, in some place salt is defining that the returning port for the comunication is the one set on publish_port or on ret_port or on syndic_master_port
03:01 Leonw but... If I set this to 100** I will not be able to create a portable docker container
03:01 Leonw because the port will be hardcoded
03:02 Leonw do I'm making sense?
03:02 Leonw :P
03:05 Guest55003 left #salt
03:06 druonysus joined #salt
03:06 druonysus joined #salt
03:13 nitti joined #salt
03:18 Ryan_Lane joined #salt
03:21 Gareth joined #salt
03:26 Ryan_Lane joined #salt
03:27 Samos123 when using salt why do i so often have to run rm -rf /var/salt/master to make things work such as dead minions still being in mine and all other kinds of caches
03:28 Samos123 is it only me using salt incorrectly or do most people here do this?
03:36 Ryan_Lane joined #salt
03:43 Ryan_Lane joined #salt
03:48 dimeshake Samos123: sounds weird to me. never had to do that - i don't use mine though, yet
03:51 TheThing joined #salt
03:55 jnials joined #salt
04:00 thedodd joined #salt
04:32 mrforbes joined #salt
04:40 Samos123 definetly recommend publish.publish with peer communication over mine for some use cases that i've seen mine used
04:42 tristianc joined #salt
04:45 tkharju joined #salt
04:48 TheThing_ joined #salt
05:08 marv__ joined #salt
05:31 monkey661 left #salt
05:35 monkey66 joined #salt
05:37 monkey66 left #salt
05:44 jnials joined #salt
06:14 superted666____ joined #salt
06:14 genediazjr joined #salt
06:24 smcquay joined #salt
06:51 catpiggest joined #salt
07:01 genediazjr joined #salt
07:03 jnials joined #salt
07:11 Gareth 7
07:15 monkey661 joined #salt
07:20 nitti joined #salt
07:22 dynamicudpate joined #salt
07:39 rocket joined #salt
07:40 Giveisland joined #salt
07:41 Giveisland left #salt
07:52 TheThing joined #salt
07:54 ndrei joined #salt
08:13 jalaziz joined #salt
08:23 jalaziz_ joined #salt
08:29 YuviPanda joined #salt
08:30 YuviPanda hello
08:30 YuviPanda so, we’re changing the minion ids for all hosts in our cluster
08:30 YuviPanda I’m wondering how to best do this.
08:39 whiteinge YuviPanda: if you haven't specified the minion id in the minion config then it gets cached in /etc/salt/minion_id. change that file, copy the key on the master in /etc/salt/pki/master/minions for the new ID, restart the minion daemon, then delete the old key on the master.
08:39 whiteinge that workflow should maintain communication with the minion the whole time.
08:39 YuviPanda whiteinge: right, so we have the id managed via puppet, so I’m guessing everything except the last part would be handled by our puppet code
08:40 whiteinge ah, nice.
08:40 YuviPanda I’ll just have to remove and re-add all the new keys
08:40 YuviPanda (This is on Wikimedia Labs)
08:41 whiteinge since you have puppet going, if you don't care if the minion gets temporarily disconnected then you can just rename the keys on the master whenever you want. have puppet change the ID and restart the minion daemon whenever it does its thing.
08:42 whiteinge when puppet is done, salt will be back communicating and you won't have to re-accept all those keys. (not that that is a big deal if you'd rather just do that, of course.)
08:42 otter768 joined #salt
08:43 YuviPanda whiteinge: ah, hmm.
08:43 YuviPanda whiteinge: only problem is that puppet is disabled on some hosts
08:43 YuviPanda because this is our labs environment
08:43 YuviPanda so on those, I’d want to prevent this from making us lose the ability to use salt on those machines
08:44 YuviPanda so that’s going to be somewhat complicated.
08:44 whiteinge in that case, i'd stick with using salt to do the whole thing. if you copy the keys on the master then you won't get disconnected.
08:44 YuviPanda but if I just add the new keys and don’t remove the old ones...
08:45 YuviPanda oh?
08:45 YuviPanda wait, I’m confused.
08:45 whiteinge you don't even need to add new keys, just make a copy of the existing one but with the new minion ID
08:45 YuviPanda oh, so I’d use salt to actually change the id, copy the new keys, and rename them as well?
08:45 YuviPanda hmm, that’s actually interesting / nice
08:46 YuviPanda and fix it in puppet as well, for new hosts.
08:48 whiteinge something like this maybe:
08:48 whiteinge cp /etc/salt/pki/master/minions/<old_mid> /etc/salt/pki/master/minions/<new_mid>
08:48 whiteinge salt '<old_mid>' cmd.run 'echo <new_mid> > /etc/salt/minion_id'
08:48 whiteinge salt '<old_mid>' cmd.run '<insert safe salt-minion restart command here (see the salt faq)>'
08:48 whiteinge salt '<new_mid>' test.ping
08:48 whiteinge rm /etc/salt/pki/master/minions/<old_mid>
08:50 whiteinge this request comes up from time to time. it would be nice to make an orchestrate file that performs all those steps...
08:51 jnials joined #salt
08:52 YuviPanda hmm, right
08:52 YuviPanda I’ll have to make a mapping of old id to new id
08:52 YuviPanda that’s going to be fun
08:55 YuviPanda whiteinge: mind if I copy / paste this conversation into our issue tracking system?
08:56 YuviPanda well, at least parts of it
08:56 bhosmer_ joined #salt
08:57 glyf joined #salt
08:59 whiteinge YuviPanda: definitely
09:05 YuviPanda whiteinge: cool, thanks!
09:05 YuviPanda whiteinge: we only use salt for remote execution, with puppet for orchestration
09:08 * whiteinge nods
09:16 JlRd joined #salt
09:31 YuviPanda can I chain salt masters?
09:32 YuviPanda or can one minion have more than one master?
09:46 forcer YuviPanda: I'm new, but master chains - one master supervising a bunch of other masters which each supervise minions - seem to be one of the advertised features of salt, and I have seen a reference to multi-master setups, too.
09:51 mariusv joined #salt
09:51 mariusv joined #salt
09:53 TheThing joined #salt
09:54 mariusv joined #salt
09:54 mariusv joined #salt
10:23 TyrfingMjolnir joined #salt
10:29 jalaziz joined #salt
10:37 YuviPanda forcer: right, can’t use multimaster because of our auth requirements (is a hierarchy), am looking at info on master chains
10:38 YuviPanda but google isn’t giving me anything
10:40 jnials joined #salt
10:40 forcer Apparently, the term you're looking for is "syndic" - http://docs.saltstack.com/en/latest/topics/topology/syndic.html
10:40 YuviPanda aha!
10:41 YuviPanda indeed
10:43 otter768 joined #salt
11:10 Andre-B joined #salt
11:45 linjan joined #salt
12:19 felskrone joined #salt
12:27 bhosmer_ joined #salt
12:29 jnials joined #salt
12:30 Jahkeup joined #salt
12:38 linjan joined #salt
12:44 otter768 joined #salt
12:46 tkharju joined #salt
12:48 karimb joined #salt
12:49 karimb joined #salt
12:49 bhosmer_ joined #salt
12:56 malinoff joined #salt
13:18 jeffrubic joined #salt
13:18 BigBear joined #salt
13:46 Samos123 joined #salt
13:52 Samos123 joined #salt
14:09 linjan joined #salt
14:30 linjan joined #salt
14:35 felskrone joined #salt
14:44 Cidan joined #salt
14:45 otter768 joined #salt
14:46 nitti joined #salt
14:54 Sypher joined #salt
14:54 Sypher joined #salt
14:59 godber2 joined #salt
15:00 glyf joined #salt
15:01 maxd joined #salt
15:03 TheThing joined #salt
15:04 linjan joined #salt
15:04 clone1018_ joined #salt
15:10 jhauser joined #salt
15:17 pppd joined #salt
15:19 catpig joined #salt
15:25 beerandsteak joined #salt
15:26 beerandsteak pdf at http://docs.saltstack.com/en/latest/ has been just an image any time I
15:26 beerandsteak ''ve tried to look
15:26 beerandsteak Am I mising anything?
15:30 intellix joined #salt
15:34 linjan joined #salt
15:40 Gareth joined #salt
15:49 glyf joined #salt
15:55 aquinas joined #salt
15:55 intellix joined #salt
16:01 diegows joined #salt
16:06 ajolo joined #salt
16:06 jnials joined #salt
16:17 seshan_ joined #salt
16:17 fxhp joined #salt
16:17 linjan joined #salt
16:20 atbell joined #salt
16:27 elfixit joined #salt
16:36 nitti joined #salt
16:45 otter768 joined #salt
16:48 P0bailey joined #salt
16:48 P0bailey joined #salt
16:49 pr_wilson joined #salt
17:10 doriftoshoes joined #salt
17:12 desposo joined #salt
17:16 zlhgo joined #salt
17:17 otter768 joined #salt
17:22 ajolo joined #salt
17:26 desposo joined #salt
17:27 Sypher joined #salt
17:29 orion_ joined #salt
17:31 xMopxShell joined #salt
17:31 sifusam joined #salt
17:45 genediazjr joined #salt
17:50 rocket joined #salt
17:51 yetAnotherZero joined #salt
17:51 monkey661 left #salt
17:55 jnials joined #salt
18:00 genediazjr joined #salt
18:12 intellix joined #salt
18:16 TheThing joined #salt
18:17 ph8 joined #salt
18:27 TheThing_ joined #salt
18:30 fxhp joined #salt
18:38 linjan joined #salt
18:40 jonbrefe joined #salt
18:52 elfixit joined #salt
18:52 n8n joined #salt
18:53 atbell joined #salt
18:58 theologian joined #salt
19:00 iamtew good evening people :)
19:00 iamtew curious, how would I take multiple files from my saltstack fileserver and concatenate them in to a single file on a node? it's for combining the ca and certificate chain in my ssl certificates for nginx
19:04 otter768 joined #salt
19:04 iamtew or maybe I could do something with a jinja template or something, but that seems a bit backwards... hm.
19:11 viq joined #salt
19:12 forcer What's the best practice for installing secret data - like a private key - to a minion? I'd rather not include the private key file in the salt directory tree as that's in version control, and I have not found a way to include plain files in pillars accessible from file.managed source: ... what am I missing? :-)
19:12 irctc313 joined #salt
19:14 otter768 joined #salt
19:17 babilen forcer: You put them in your pillar and use file.managed's contents_pillar to reference it. Use "foo: |" in jinja + newline + 2 space indentation
19:18 babilen https://github.com/saltstack/salt/issues/18406 (example + feature request regarding this)
19:18 forcer babilen: Hrm. Ok, that's doable. It feels a bit weird to include files within YAML files like that, though.
19:18 forcer Ah!
19:19 forcer babilen: Thank you!
19:19 babilen And I agree with you (which is why I filed the bug)
19:19 Jahkeup joined #salt
19:21 forcer Github really needs a +1 button for issues :-D
19:22 aparsons joined #salt
19:28 aparsons joined #salt
19:33 ajolo joined #salt
19:57 JlRd joined #salt
20:36 rtuin joined #salt
20:37 nitti joined #salt
20:38 linjan joined #salt
20:42 smcquay joined #salt
20:44 jnials joined #salt
20:49 glyf joined #salt
20:52 bhosmer joined #salt
21:06 viq forcer: also, http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
21:07 forcer viq: Thank you :-)
21:08 bbradley joined #salt
21:10 pf_moore joined #salt
21:18 peters-tx joined #salt
21:39 otter768 joined #salt
21:40 ckao joined #salt
21:40 jerrcs joined #salt
21:41 babilen forcer: There is also https://github.com/saltstack/salt/issues/3790 (and referenced issue) + https://github.com/saltstack/salt/issues/1543 and the file_tree external pillar (which did exactly the wrong thing)
21:42 * forcer nods.
21:42 babilen The file_tree pillar might actually be quite alright, but unfortunaly it conflates directory structure and targeting which is exactly the wrong thing to do as it necessitates n directories for n hosts that should share a file.
21:42 forcer I'm currently thinking of using a new environment which I don't publish for this.
21:42 forcer Haven't used more than the base environment so far :-)
21:43 babilen Definitely something to build on and combine with top.sls, but unfortunately salt isn't there yet. I actually use the python pillar I described in the first issue there, but would like to see something more standardised.
21:47 StDiluted joined #salt
22:03 Thugal joined #salt
22:08 ajolo joined #salt
22:25 pr_wilson joined #salt
22:33 jnials joined #salt
22:59 pppd joined #salt
23:02 istram joined #salt
23:39 Jimlad joined #salt
23:40 otter768 joined #salt
23:44 felskrone joined #salt
23:44 dooshtuRabbit joined #salt
23:48 dooshtuRabbit1 joined #salt
23:48 lukecarrier Is anyone using Git's post-receive hook copy their state directory into /srv on commit? If so, what do your permissions look like?
23:49 lukecarrier I'm debating allowing public key authentication for the salt user and storing the bare checkout under that that user, since my /srv/salt directory is already owned by it
23:54 ajolo joined #salt
23:54 whatevsz joined #salt
23:58 whatevsz joined #salt
23:59 whatevsz joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary