Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-02-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 holms joined #salt
00:03 CeBe joined #salt
00:04 hal58th1 ahhhh, do a grep for "changed" and if found, exit nonzero. Some psuedo code:  sudo salt-call state.highstate -l error | grep "changed" || exit 1
00:06 hal58th1 errr, not sure how to do exit code manipulation on cmd line. im sure you can google that
00:07 waddles joined #salt
00:08 hal58th1 ahh, you put it in a subshell.  sudo salt-call state.highstate -l error | grep "changed" || (exit 1)
00:10 hal58th1 One last twerk Linuturk, this actually works. Just tested it.   sudo salt-call state.highstate -l error | grep changed && (exit 42)
00:10 Linuturk noice
00:10 Linuturk thx hal58th1
00:10 hal58th1 welcome Linuturk
00:14 Cidan joined #salt
00:15 aparsons joined #salt
00:15 waddles joined #salt
00:26 aparsons joined #salt
00:27 paul__ joined #salt
00:33 MugginsM joined #salt
00:44 ramishra_ joined #salt
00:45 iwishiwerearobot joined #salt
00:52 tristianc joined #salt
00:52 I3olle joined #salt
00:57 bfoxwell joined #salt
01:02 mikaelhm joined #salt
01:05 ramishra_ joined #salt
01:06 ramishra_ joined #salt
01:07 ramishra_ joined #salt
01:08 nitti joined #salt
01:12 ramishra_ joined #salt
01:23 murrdoc joined #salt
01:24 nitti joined #salt
01:28 MugginsM joined #salt
01:29 bhosmer joined #salt
01:35 TTimo joined #salt
01:36 MatthewsFace joined #salt
01:49 jdowning joined #salt
01:50 jalaziz joined #salt
01:52 lpmulligan joined #salt
01:54 MTecknology Almost conference time!!!
01:56 murrdoc wait its a few weeks right
01:56 murrdoc ./me checks calendar
01:56 murrdoc iggy:  did u write your conference presentation
02:00 murrdoc1 joined #salt
02:00 murrdoc1 joined #salt
02:03 murrdoc joined #salt
02:23 JDiPierro joined #salt
02:28 Ryan_Lane joined #salt
02:31 ramishra_ joined #salt
02:34 iwishiwerearobot joined #salt
02:39 TTimo joined #salt
02:47 evle joined #salt
02:47 mosen joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.1 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:49 desposo joined #salt
02:50 gladiatr joined #salt
02:50 gladiatr joined #salt
02:53 ramishra_ joined #salt
02:58 lynxman joined #salt
02:58 aqua^mac joined #salt
03:03 mgw joined #salt
03:15 badon joined #salt
03:16 pdayton joined #salt
03:29 murrdoc joined #salt
03:32 canci joined #salt
03:35 murrdoc whats an option to curl in a salt state
03:35 jalaziz joined #salt
03:37 pdayton joined #salt
03:41 subsignal joined #salt
03:42 ajw0100 joined #salt
03:44 subsignal joined #salt
03:45 jY murrdoc: cmd.run
03:46 murrdoc cmd.run is evil
03:48 jY what do you need to do with curl?
03:50 jdowning joined #salt
03:51 murrdoc wget -O url | sudo apt-key add -
03:53 murrdoc thing is i d use pkgrepo.managed, but it doesn't unique so some times i end up with dupes
03:58 pdayton joined #salt
04:00 MTecknology murrdoc: It's the first week next month, that's coming very soon
04:00 murrdoc snap, time to check tickets
04:02 MTecknology http://shop.lenovo.com/us/en/laptops/thinkpad/t-series/t540p/?sb=:000001C9:0000FE9D: <-- Can anyone give me a good reason to not get this?  I need something that's very durable and well built. I also need a decent sized screen. Beyond that, not too many requirements.
04:20 ramishra_ joined #salt
04:23 iwishiwerearobot joined #salt
04:23 mikaelhm joined #salt
04:25 badon joined #salt
04:32 nethershaw joined #salt
04:32 gladiatr what OS do you intend to run?
04:34 nitti joined #salt
04:39 MTecknology gladiatr: debian 8
04:43 gladiatr MTecknology, my only comment is that you should thoroughly investigate what luck others have had with it.  At my last job I had a 440s which was a nice Linux machine (after a lot of adjusting of the touchpad)
04:43 gladiatr It's hard to tell with Lenovo--they've become a lot like any other big laptop builder--ymmv
04:47 MTecknology I've come to expect issues with any laptop I buy, especially if it's newer hardware. I will absolutely never buy anything with nvidia or wacom in it, but that's about it for my blacklist.
04:48 smcquay joined #salt
04:52 gladiatr MTecknology, no kidding.  I wish I had a dump fo the 440s for you--it actually had a mobile nvidia chipset that wasn't ridiculously broken, but that model is getting a bit long in the tooth.
04:53 MTecknology My company just purchased a whole pile of T440's. Nice systems for a work laptop, but I wouldn't want it as my primary system.
04:54 sc` my macbook nas nvidia graphics. I can play games, which is a bonus for me
04:54 gladiatr Indeed.  I actually took one because all of the PMs started demanding Macs--otherwise I tend to stick with non-mobile workstations.
04:56 MTecknology I have a desktop (debian) at work where I do 99.99% of my work. I also have a laptop that I'm technically required to take home with me every day. It's Win7 using their image and their management stuff and I hate using it. It's just enough that I can take care of major issues remotel.
04:56 MTecknology remotely*
04:57 gladiatr MTecknology, Windows makes me want to cut myself.
04:58 MTecknology indeed
04:58 MTecknology It's currently my only way into the company, though, because of special vpn software.
04:59 MTecknology Once I build enough of a reasonable use case for them to let me use ipsec stuff and convince them it's a good idea, then I can have a VM at home in its own VLAN that I can use (connect to home using openvpn) to get into work.
04:59 gladiatr I feel extrordinarily fortunate that I can make that a contingent (against) choosing where to work.
05:00 MTecknology That would be niiiiice
05:00 gladiatr indeed!  I <3 openvpn
05:00 MTecknology I just need to play the politics game well enough (I'm bad at politics)
05:02 fxhp joined #salt
05:03 MTecknology I have my phone set up so I can one-tap connect to home (after accessing the phone). If I had a VM at home that could connect to work, I'd be set
05:03 gladiatr MTecknology, engineers/comp. science/dev(ops) types that do (and are still good at things-not-involving-paper) are a rare treasure.  You are in good company, I think.
05:03 MTecknology it's mostly good, ya
05:30 armguy_ joined #salt
05:41 ramishra_ joined #salt
05:42 Ilja joined #salt
05:50 jdowning joined #salt
05:53 Furao joined #salt
05:55 kermit joined #salt
06:06 ramishra_ joined #salt
06:11 iwishiwerearobot joined #salt
06:14 otter768 joined #salt
06:24 krelo joined #salt
06:25 saffe joined #salt
06:28 calvinh joined #salt
06:36 I3olle joined #salt
06:37 calvinh joined #salt
06:39 pppingme joined #salt
06:42 san4 joined #salt
06:42 san4 joined #salt
06:44 san4 joined #salt
06:44 san4 joined #salt
06:44 lbotti joined #salt
06:44 t0rrant joined #salt
06:45 san4 joined #salt
06:45 san4 joined #salt
06:46 san4 joined #salt
06:46 san4 joined #salt
06:47 calvinh_ joined #salt
06:48 san4 joined #salt
06:48 san4 joined #salt
06:48 san4 joined #salt
06:48 san4 joined #salt
06:49 san4 joined #salt
06:49 san4 joined #salt
06:51 san4 joined #salt
06:51 san4 joined #salt
06:52 san4 joined #salt
06:52 san4 joined #salt
06:52 san4 joined #salt
06:52 san4 joined #salt
06:52 stoogenmeyer_ joined #salt
06:53 san4 joined #salt
06:53 san4 joined #salt
06:55 san4 joined #salt
06:55 san4 joined #salt
06:56 san4 joined #salt
06:56 san4 joined #salt
06:57 san4 joined #salt
06:57 san4 joined #salt
06:58 san4 joined #salt
06:58 san4 joined #salt
06:59 san4 joined #salt
06:59 san4 joined #salt
07:01 san4 joined #salt
07:01 san4 joined #salt
07:05 san4 joined #salt
07:05 san4 joined #salt
07:06 san4 joined #salt
07:06 san4 joined #salt
07:07 san4 joined #salt
07:07 san4 joined #salt
07:07 colttt joined #salt
07:10 san4 joined #salt
07:10 san4 joined #salt
07:11 san4 joined #salt
07:11 san4 joined #salt
07:12 san4 joined #salt
07:12 san4 joined #salt
07:12 san4 joined #salt
07:12 san4 joined #salt
07:14 san4 joined #salt
07:14 san4 joined #salt
07:14 san4 joined #salt
07:14 san4 joined #salt
07:16 san4 joined #salt
07:16 san4 joined #salt
07:16 TTimo joined #salt
07:16 linjan joined #salt
07:17 toanju joined #salt
07:18 san4 joined #salt
07:18 san4 joined #salt
07:20 san4 joined #salt
07:20 san4 joined #salt
07:20 funzo_ joined #salt
07:21 froztbyte joined #salt
07:21 san4 joined #salt
07:21 san4 joined #salt
07:22 san4 joined #salt
07:22 san4 joined #salt
07:23 san4 joined #salt
07:23 san4 joined #salt
07:24 san4 joined #salt
07:24 san4 joined #salt
07:25 san4 joined #salt
07:25 san4 joined #salt
07:25 san4 joined #salt
07:25 san4 joined #salt
07:27 san4 joined #salt
07:27 san4 joined #salt
07:28 san4 joined #salt
07:28 san4 joined #salt
07:29 san4 joined #salt
07:29 san4 joined #salt
07:29 san4 joined #salt
07:29 san4 joined #salt
07:29 JlRd joined #salt
07:30 san4 joined #salt
07:30 san4 joined #salt
07:31 yuhl_work_ joined #salt
07:33 AndreasLutro joined #salt
07:33 san4 joined #salt
07:33 san4 joined #salt
07:34 san4 joined #salt
07:34 san4 joined #salt
07:35 ramishra_ joined #salt
07:35 san4 joined #salt
07:35 san4 joined #salt
07:36 CeBe joined #salt
07:37 san4 joined #salt
07:37 san4 joined #salt
07:38 san4 joined #salt
07:38 san4 joined #salt
07:39 KermitTheFragger joined #salt
07:39 san4 joined #salt
07:39 san4 joined #salt
07:39 TyrfingMjolnir joined #salt
07:41 san4 joined #salt
07:41 san4 joined #salt
07:41 slafs joined #salt
07:41 slafs left #salt
07:42 san4 joined #salt
07:42 san4 joined #salt
07:43 san4 joined #salt
07:43 san4 joined #salt
07:43 san4 joined #salt
07:43 san4 joined #salt
07:44 san4 joined #salt
07:44 san4 joined #salt
07:44 toanju joined #salt
07:45 Auroch joined #salt
07:46 san4 joined #salt
07:46 san4 joined #salt
07:46 san4 joined #salt
07:46 san4 joined #salt
07:47 san4 joined #salt
07:47 san4 joined #salt
07:48 san4 joined #salt
07:48 san4 joined #salt
07:50 san4 joined #salt
07:50 san4 joined #salt
07:51 san4 joined #salt
07:51 san4 joined #salt
07:51 jdowning joined #salt
07:51 vladev joined #salt
07:52 san4 joined #salt
07:52 san4 joined #salt
07:52 teogop joined #salt
07:53 san4 joined #salt
07:53 san4 joined #salt
07:54 san4 joined #salt
07:54 san4 joined #salt
07:54 trikke joined #salt
07:54 san4 joined #salt
07:54 san4 joined #salt
07:55 san4 joined #salt
07:55 san4 joined #salt
07:55 san4 joined #salt
07:55 san4 joined #salt
07:57 san4 joined #salt
07:57 san4 joined #salt
07:58 TinuvaMac joined #salt
08:00 iwishiwerearobot joined #salt
08:03 san4 joined #salt
08:03 eseyman joined #salt
08:04 san4 joined #salt
08:04 san4 joined #salt
08:07 dualicorn joined #salt
08:07 san4 joined #salt
08:07 san4 joined #salt
08:08 kawa2014 joined #salt
08:08 san4 joined #salt
08:08 san4 joined #salt
08:08 yuhl_work_ joined #salt
08:09 san4 joined #salt
08:09 san4 joined #salt
08:09 dualicorn joined #salt
08:09 san4 joined #salt
08:09 san4 joined #salt
08:10 san4 joined #salt
08:10 san4 joined #salt
08:11 san4 joined #salt
08:11 san4 joined #salt
08:12 san4 joined #salt
08:12 san4 joined #salt
08:12 san4 joined #salt
08:12 san4 joined #salt
08:13 intellix joined #salt
08:13 san4 joined #salt
08:13 san4 joined #salt
08:14 hebz0rl joined #salt
08:15 san4 joined #salt
08:15 san4 joined #salt
08:15 otter768 joined #salt
08:16 san4 joined #salt
08:16 san4 joined #salt
08:17 san4 joined #salt
08:17 san4 joined #salt
08:18 san4 joined #salt
08:18 san4 joined #salt
08:25 rattng joined #salt
08:30 felskrone joined #salt
08:31 jtang joined #salt
08:33 MaliutaLap joined #salt
08:35 Ilja joined #salt
08:36 ramishra_ joined #salt
08:36 CeBe1 joined #salt
08:38 CeBe joined #salt
08:40 badon joined #salt
08:52 chiui joined #salt
08:52 ASIF joined #salt
08:53 VSpike joined #salt
08:53 ASIF left #salt
09:00 karimb joined #salt
09:06 I3olle joined #salt
09:07 sieve joined #salt
09:12 rattng Are there any plans on making node groups and pillars reverse match in the top-file?
09:12 rattng For ex: group1: 'L@minionA,minionB' is targeted in top file as 'group1':
09:12 rattng - state1
09:12 rattng - state2
09:12 rattng
09:12 rattng And it will allow me to run "salt 'minionA' state.highstate" to apply state1 and state2?
09:12 Nazca joined #salt
09:12 Grokzen joined #salt
09:12 rattng I would gladly contribute if such a feature is on the roadmap
09:13 calvinh joined #salt
09:15 calvinh_ joined #salt
09:18 TTimo joined #salt
09:18 toanju joined #salt
09:18 jtang rattng, i think there is something similar to what you are asking for as a formula
09:18 jtang there is a reverse grains formula
09:18 rattng oh, interesting
09:21 rattng it seems it generates grains from pillar data, if it is to be applied to node groups I guess parsing the groups to find the correct states to apply to a minion and then executing them would be sufficient
09:22 ninkotech joined #salt
09:23 armguy joined #salt
09:25 Xevian joined #salt
09:26 Furao joined #salt
09:29 jrluis joined #salt
09:30 JlRd joined #salt
09:30 alanpearce joined #salt
09:31 mdupont joined #salt
09:33 paulm- joined #salt
09:35 N-Mi joined #salt
09:36 Hell_Fire joined #salt
09:42 jhauser joined #salt
09:44 jhauser_ joined #salt
09:45 jespada joined #salt
09:49 iwishiwerearobot joined #salt
09:51 VSpike This is probably a stupid question, but how do you generate password hashes for salt user states? http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html just says "A password hash".
09:51 VSpike http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.shadow.html#salt.modules.shadow.gen_password and http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.shadow.html#salt.modules.shadow.set_password give a little more clue (I'm assuming that module is involved)
09:51 phx i prefer to do authentication with kerberos, so locally passwords doesn't need to be stored
09:52 jdowning joined #salt
09:52 VSpike phx: Presumably that relies on a central authentication server?
09:52 phx VSpike, or a bunch of them, right
09:53 cberndt joined #salt
09:54 VSpike Yeah that would be nice but no-one here knows how to set that up so probably have to make do for now. At least individual accounts created by salt will be better than everyone using a single root account.
09:55 phx that's more than true
09:55 phx however it's no biggie. ldap+kerberos is a common setup, and i've recently found out that mit kerberos supports ldap backends, so with ldap's replication you can do a full multimaster suit in a day or so
09:57 phx AndreasLutro, as a side-effect, you will be able to easily and securely authenticate internal service against it as well, in a very nice ticket-based sso fashion :)
10:00 bluenemo joined #salt
10:00 bluenemo joined #salt
10:00 arif-ali joined #salt
10:01 johtso joined #salt
10:02 VSpike phx: installing ldap is on the to-do list along with a few dozen really nice ideas, none of which ever get done unfortunately :/
10:02 VSpike Can you auth Windows boxes against MIT kerberos too, out of interest?
10:03 phx as i've experienced, if you don't take the time to improve your infrastructure to a given level, then the maint costs will raise so badly that you will never have it
10:05 eliasp phx: ACK!
10:06 markm joined #salt
10:06 felskrone joined #salt
10:07 renat joined #salt
10:13 sieve joined #salt
10:16 toanju joined #salt
10:16 otter768 joined #salt
10:25 renat Hello! I'm write module for deleting directory tree except some files. This module work when I'm run it from command line, but not delete anything when called from salt-minion
10:28 renat Or maybe have another way to delete directory tree, with backuping and restore list of files?
10:28 VSpike phx: that's very true. Now can you come and explain that to the C-level execs here please?
10:29 phx VSpike, guess what am i trying to do right here
10:29 VSpike :)
10:30 phx basically i have to present it as showing problems that such a thing is going to solve, problems that they either don't (yet) see, or will surface later, or very much later
10:30 phx and also  proving that financially it's going to be profitable
10:30 hemebond joined #salt
10:31 hemebond Is Salt Mine the only dynamic way to make minion grains available to other minions?
10:31 sieve joined #salt
10:32 nkuttler hemebond: is there anything wrong with it?
10:32 nkuttler (and no, you could use peer communication, but that's a hack)
10:33 hemebond nkuttler: I'm still trying to understand it, mostly want to make sure I'm headed in the right direction. Though does it query the minions rather than use what the master already has?
10:34 hemebond I thought I would be able to just query the grains for a minion but it looks like it requires setting up of specific functions.
10:34 hemebond Have I understood that correctly?
10:35 VSpike phx: I quite liked the article about technical debt being an unhedged call option
10:35 phx VSpike, could you please link that one? i'm afraid i haven't seen that one
10:36 VSpike Since I work in the field of financial market data, that's a concept they can understand a bit better. Still did me no good though as they pay lipservice to doing things right but in every other way do the opposite
10:36 VSpike phx: http://www.higherorderlogic.com/2010/07/bad-code-isnt-technical-debt-its-an-unhedged-call-option/
10:36 VSpike refers to code but applies generally
10:37 donmichelangelo joined #salt
10:38 ramishra_ joined #salt
10:39 paulm- joined #salt
10:40 phx thanks
10:42 calvinh joined #salt
10:43 calvinh_ joined #salt
10:44 hemebond nkuttler: I suppose what I'm wondering is if it's possible to just make the full grains dict available between minions.
10:48 hojgaard joined #salt
10:48 Furao hemebond: add grains.items to the list mine_functions in salt minion config
10:48 Furao mine_functions:
10:48 Furao - grains.items: []
10:49 Furao oh no remove the “- “
10:49 Furao it’s a dict
10:49 hemebond Oh, brilliant!
10:49 giantlock joined #salt
10:50 Furao for that i create a formula.data state that make available to other minion using mine things such as grains, pillars, others. such as the pub key of an ssh server for other to add it to their known hosts. or things that monitoring need to check
10:51 lbotti joined #salt
10:51 babilen ... go on
10:52 hemebond Furao: Monitoring is the reason I'm looking into it too. Configuring checks automatically based on the OS and such.
10:54 Furao hemebond: all our formulas expose their monitoring checks themselves, the monitoring server just need to know the name of the checks and some customization such as is this host need this check to perform more or less frequently, how long until it generate a notification, etc
10:54 Furao https://doc.robotinfra.com/elasticsearch/doc/monitor.html
10:54 Furao exampe of ES monitoring checks
10:55 Furao and monitoring hold the minimum of logic to turn these into real monitoring checks. when I tried to hold as much logic in monitor server it was too complicated
10:59 Furao i simply use a jinja file to build monitoring logic and the yaml is processed by monitor server. the same yaml is also the input of a NSCA/passive check server
10:59 Furao and finally I can perform check straight from salt: https://doc.robotinfra.com/doc/modules/monitoring.html#_modules.monitoring.run_check
11:00 Furao which is a key component to perform testing of formulas
11:02 evle1 joined #salt
11:10 calvinh joined #salt
11:18 jalaziz joined #salt
11:19 TTimo joined #salt
11:21 Ilja joined #salt
11:30 calvinh_ joined #salt
11:33 bhosmer joined #salt
11:37 VSpike With this state https://bpaste.net/show/dbc800142dcc, does the watch imply a requires as well, meaning that the service.running will implicitly depend on the pkg.installed? Or should I add an extra requires in there?
11:38 iwishiwerearobot joined #salt
11:39 ramishra_ joined #salt
11:45 calvinh joined #salt
11:50 elfixit joined #salt
11:51 calvinh_ joined #salt
11:53 jdowning joined #salt
11:56 babilen VSpike: "If the "changes" key contains an empty dictionary, the watch requisite acts exactly like the require requisite (the watching state will execute if "result" is True, and fail if "result" is False in the watched state)."
11:56 babilen (cf. http://docs.saltstack.com/en/latest/ref/states/requisites.html )
11:57 babilen Also "If the "result" of the watched state is False, the watching state will never run, nor will the watching state's mod_watch function execute."
11:57 calvinh joined #salt
12:00 calvinh_ joined #salt
12:03 Nebraskka salt-ssh trying to --key-deploy under root? there is no way to set own username?
12:10 bhosmer joined #salt
12:15 monkey661 left #salt
12:17 otter768 joined #salt
12:17 rubenb Hi. Does someting like a salt-gateway exist yet? (To forward connections for salt-masters that are behind natting)
12:19 rawkode joined #salt
12:24 tomh- joined #salt
12:29 Nazca__ joined #salt
12:30 mikkn joined #salt
12:32 rawzone joined #salt
12:37 eliasp rubenb: this should be doable with a syndic setup: http://docs.saltstack.com/en/latest/topics/topology/syndic.html
12:37 VSpike babilen: thanks. I read that doc but clearly not carefully enough :) just read it again, more slowly and it made sense the second time through.
12:37 VSpike babilen: does anything other than service.running and cmd.wait have a mod_watch?
12:39 intellix joined #salt
12:40 ramishra_ joined #salt
12:40 TomBibb joined #salt
12:41 babilen VSpike: That I do not know :-/
12:41 rubenb eliasp: Can the clients connect to a syndic, and the syndic will forward the commands to the salt-master.
12:41 rubenb ?
12:42 rubenb I thought it worked the other way around. A syndic could control multiple masters
12:43 sieve joined #salt
12:44 VSpike babilen: I was just searching to see and those were the only ones I could fine
12:44 VSpike find
12:46 tombibb_ joined #salt
12:47 rattng How do you print debug messages to the console when writing states in python?
12:48 rattng Using "print x" when executing a state.sls on the file does not print anythin
13:00 jespada joined #salt
13:02 rubenb rattng: Why don't you use the logging module?
13:02 rubenb Not sure where it's documented, but here's an example of it being used: https://github.com/saltstack/salt/blob/develop/salt/states/cmd.py
13:03 rattng nice rubenb, thanks
13:08 tombibb joined #salt
13:09 roolo joined #salt
13:10 linjan joined #salt
13:10 roolo joined #salt
13:10 roolo joined #salt
13:15 bhosmer joined #salt
13:21 TTimo joined #salt
13:23 drawsmcgraw joined #salt
13:24 dooshtuRabbit joined #salt
13:26 iwishiwerearobot joined #salt
13:29 paulm- joined #salt
13:37 JDiPierro joined #salt
13:38 AirOnSkin joined #salt
13:39 AirOnSkin If I want to save a block of data (multiple lines) in one pillar element. What's the correct format for this?
13:40 ramishra_ joined #salt
13:41 agend joined #salt
13:43 flyboy82 joined #salt
13:45 otter768 joined #salt
13:49 TyrfingMjolnir joined #salt
13:50 Furao joined #salt
13:51 jdowning joined #salt
13:52 JDiPierro joined #salt
13:53 dude051 joined #salt
13:53 markm joined #salt
14:00 FRANK_T joined #salt
14:02 subsignal joined #salt
14:04 TTimo joined #salt
14:07 nitti joined #salt
14:08 teogop joined #salt
14:15 numkem joined #salt
14:16 racooper joined #salt
14:17 timoguin joined #salt
14:17 tristianc joined #salt
14:23 breakingmatter joined #salt
14:24 huleboer joined #salt
14:24 A||SySt3msG0 joined #salt
14:25 jdesilet joined #salt
14:26 dunz0r AirOnSkin: You can use a | to say that the entry is multiple lines
14:26 dunz0r like somedata: | wow much data\n very multiline
14:26 dunz0r Where \n is an actual linebreak
14:27 primechuck joined #salt
14:27 eliasp any ideas why 'state.highstate test=True' (Win7 x86_64 2014.7.1) runs into "TypeError: Cannot serialize ConstructorError()"?: https://gist.github.com/eliasp/c28a4d27e3a52d6e44f0
14:27 rojem joined #salt
14:28 eliasp I've already wiped the minion's cache completely…
14:32 giantlock joined #salt
14:36 clintberry joined #salt
14:38 aphorise joined #salt
14:39 ramishra_ joined #salt
14:39 _JZ_ joined #salt
14:41 rattng eliasp: I ran into something similar when I had duplicate states declared on minions in my top file, I removed them, ran the individual states on the minion and then highstate would work again. No idea what actualy solved it :P
14:42 eliasp rattng: yeah… currently also going towards the top.sls as for some reason the 'dev' environment shows up in the error, although I deleted it long ago from my git repo
14:42 AirOnSkin dunz0r: I see. Thanks, will try that...
14:47 kaptk2 joined #salt
14:51 Deevolution joined #salt
14:53 timoguin joined #salt
14:57 andrew_v joined #salt
14:58 brayn joined #salt
14:58 dyasny joined #salt
14:58 btorch is salt able to create a random string ? that one could set on a state ?
14:59 btorch like /tmp/dummyfile.txt: so instead of dummyfile.txt it would be /tmp/{random}.txt
14:59 nkuttler btorch: isn't there a module to create safe tmp files?
15:00 timoguin joined #salt
15:01 btorch let me check but it's not to create anything , it's just a dummy state so that this works http://pastebin.com/184wjbh1
15:02 btorch without at least one state within the init.sls, salt won't include the real .sls files
15:02 btorch that's on 0.17.5 btw (I know gotta upgrade ;)
15:02 smcquay joined #salt
15:03 btorch btw going from 0.17.5 to latest, I saw info on a zeromq 4 thing and having to add it's own repo apperantly
15:04 MTecknology lovely... I had a really awesome set of states for mysql users/databases/grants. I was just granting all to any users able to access the db. However, now I need to modify it so that some users are select only. :(
15:04 btorch I think before we gotta everything from saltstack repo .. the on-zmq, dctrl-tools, msgpack-python
15:04 btorch sorry .. the python-zmq
15:04 MTecknology should be a blast...
15:05 faliarin joined #salt
15:05 MTecknology I could fix this if I decided every user value needs to now be a dictionary, but that makes my pillar less pretty
15:05 claytonk joined #salt
15:07 lbotti joined #salt
15:08 MTecknology I'll probably have to do this: http://dpaste.com/0SJX8QF   but I wanna do this: http://dpaste.com/1RK8Y97
15:10 TyrfingMjolnir joined #salt
15:10 rattng I'm writing a python state that is supposed to include all states defined for the node group that the targeted minion is part of. Parsing the minion id and groups is no problem but I am having issues finding a suitable API to get all states for a nodegroup. Any ideas?
15:11 ze- rattng: care to explain what do you mean by states for the nodegroup ? how is the relation made ?
15:13 MTecknology if there any jinja test for type?  {% if type(foo) == dict %}
15:13 rattng ze-: In my top file I have matched states against node groups, I would like to retrieve the name of these states using python
15:14 MTecknology ah.. {% if {'a': 1, 'b': 2} is mapping %
15:14 ze- {% set states = salt['cp.list_states']() %}
15:14 ze- rattng: something like that ?
15:15 MTecknology *grumble* that means I need to duplicate states
15:15 iwishiwerearobot joined #salt
15:16 rattng ze-: Almost, but I would like to pass in the name of a nodegroup that it would match against rather then giving me all the states.
15:16 rattng ze-: I assume there must be matching code in place so I don't have to parse it myself
15:16 ze- what do you mean by "matching" ?
15:17 ze- on what would you like it to match ?
15:17 rattng ze-: when using cp.list states on command line, it would be something like "salt 'mygroup' cp.list_states". I'm trying to find a python API that allows me to do the same thing in code
15:18 rattng like "my_states = get_states(my_group)" (very simplified)
15:19 ze- oh, so you would like to:
15:19 ze- - have the minion get its highstate list
15:19 ze- - return the list of files that were included in such generation
15:20 rattng yes, but I do not want to match on minion id's in my top file. Only on nodegroups. I do however, want to be able to run a state for my minion that generates a list of states for the groups that the minion is part of.
15:21 rattng and then these states are applied (like a reverse-nodegroup highstate)
15:22 ze- doubt that you can. The top.sls in only parsed by the minion itself. Hard to get it to be parsed by anything but a minion with all its info
15:22 rattng hmm
15:23 ze- it is jinja. Can have parts depending on about anything you could find in grains or pillars
15:24 cpowell joined #salt
15:25 rattng I'm thinking that since salt can take a nodegroup and apply states to each minion in the group it shouldn't be too hard to have a minion that knows which group it is part of and the apply the states in that group
15:25 Ilja joined #salt
15:25 teebes joined #salt
15:25 holms joined #salt
15:27 FRANK_T Do you guys know if i can control group policy with salt
15:27 FRANK_T for my windows clients?
15:27 eliasp FRANK_T: there's no native GPO state… contributions welcome, would love to have one ;)
15:28 FRANK_T ok.
15:29 debian112 joined #salt
15:33 Ilja joined #salt
15:33 iggy MTecknology: mapping is also a fairly new test (in jinja)
15:34 MatthewsFace joined #salt
15:36 fredvd joined #salt
15:37 MTecknology think I got this...
15:37 mikaelhm joined #salt
15:38 rattng ze-: I think a LocalClient with state.show_top and out=json might help me. Thanks for your time
15:38 clintberry joined #salt
15:39 MTecknology http://dpaste.com/1BWW62P && http://dpaste.com/1RK8Y97
15:39 MTecknology ah, that's not right...
15:39 jespada joined #salt
15:39 ALLmightySPIFF joined #salt
15:40 nullptr joined #salt
15:40 jalaziz joined #salt
15:44 murrdoc joined #salt
15:46 martoss joined #salt
15:47 otter768 joined #salt
15:50 jalbretsen joined #salt
15:54 colttt joined #salt
15:54 luke joined #salt
16:00 nicolerenee joined #salt
16:00 XenophonF joined #salt
16:03 toastedpenguin joined #salt
16:04 Brew joined #salt
16:04 seanz joined #salt
16:05 Ozack-work joined #salt
16:06 elfixit joined #salt
16:06 johnwy joined #salt
16:06 pdayton joined #salt
16:06 conan_the_destro joined #salt
16:07 timoguin joined #salt
16:08 johnwy Good morning. I was wondering if someone could help me troubleshoot a problem I'm having with file_roots
16:12 fivmo joined #salt
16:16 redzaku joined #salt
16:18 dualicorn joined #salt
16:19 Grokzen joined #salt
16:22 dualicorn joined #salt
16:26 paulm-- joined #salt
16:29 XenophonF joined #salt
16:29 grosjean joined #salt
16:29 grosjean o/ all
16:30 grosjean anyone got idea why sometimes cmd_iter return me an empty generator ?
16:31 ramishra_ joined #salt
16:36 tombibb_ joined #salt
16:38 gattie joined #salt
16:40 schristensen joined #salt
16:42 eliasp why does 'salt-run fileserver.envs' keep showing me old branches which I deleted long time ago from my GitFS repos?
16:42 dualicorn joined #salt
16:43 jtang1 joined #salt
16:44 tligda joined #salt
16:44 eliasp "salt-run cache.clear_all && salt-run fileserver.update" doesn't help
16:44 fredvd joined #salt
16:44 StDiluted joined #salt
16:45 dualicorn joined #salt
16:46 Innovator joined #salt
16:46 iggy eliasp: did you delete the branches locally and remotely?
16:46 iggy johnwy: just ask...
16:46 eliasp iggy: yes
16:47 eliasp iggy: a fresh clone shows only my master branch on 'git branch -a', so the remote should be in a good state
16:48 eliasp iggy: I feel like remotely deleted branches aren't wiped by salt locally on the master
16:48 iggy tried stopping services and rm -rf'ing /var/cache/salt/master/ ?
16:49 eliasp iggy: will do next, but I'll only mv the cache to be able to reproduce + fix the issue later
16:50 iggy also, what git backend are you using?
16:50 jalaziz joined #salt
16:50 cberndt joined #salt
16:51 eliasp not sure right now, will have to check
16:52 tligda1 joined #salt
16:53 andrew_v joined #salt
16:54 paulm- joined #salt
16:55 Nahual joined #salt
16:56 Nahual I am reading through the docs and running on some test systems right now. I noticed in practice that file.managed cannot handle SELinux contexts? Is there a way to specify those parameters within file.managed or must file.set_selinux_context be run separately?
16:57 collinanderson joined #salt
17:00 tligda joined #salt
17:01 hobakill Nahual, are you talking about setting the status of selinux ?
17:02 Nahual No, the context of a file.
17:03 hobakill Nahual, gotcha. sorry.
17:04 sieve joined #salt
17:04 iwishiwerearobot joined #salt
17:06 eliasp iggy: running gitpython 0.3.2_
17:15 ponpanderer joined #salt
17:17 Innovator left #salt
17:17 KyleG joined #salt
17:17 KyleG joined #salt
17:19 forrest joined #salt
17:19 aparsons joined #salt
17:20 thehaven joined #salt
17:23 CeBe1 joined #salt
17:27 ipmb joined #salt
17:28 JDiPierro joined #salt
17:35 iggy eliasp: you might try pygit or one of the others... I don't know
17:35 iggy fwiw, I'm not surprised you're seeing what you're seeing
17:36 bash124512 joined #salt
17:36 nikogonzo are all the rooms at the grand american taken for saltconf2015
17:36 nikogonzo ?
17:37 nikogonzo i can't find rooms for the salt0215_002 rate
17:38 iggy I'm staying at the Peery. It's like 4 blocks away and was lot's cheaper
17:38 forrest nikogonzo: You could call the hotel, but by this point they're probably out of rooms.
17:39 forrest nikogonzo: I know they sold out pretty early last year.
17:39 forrest iggy: Are you giving a talk?
17:39 iggy si
17:39 forrest Nice
17:39 tristianc joined #salt
17:40 nikogonzo ballllllllls
17:40 nikogonzo i'll try, thanks!
17:40 iggy Hoping to have the slides all done tonight... people at $employer want to double check it to make sure I don't let slip "trade secrets"
17:40 forrest iggy: lol
17:40 iggy like anything I work on is secret
17:40 forrest iggy: Hey man, there's code in there that does things and stuff
17:41 forrest someone might steal it
17:41 forrest I never understood that either.
17:41 forrest regretting not submitting a talk a little bit
17:41 iggy I mean... we do have stuff that I can see them not wanting to get out, but it's not what I work on
17:42 iggy I don't think anybody here really knows what I do tbh
17:42 murrdoc hey iggy
17:42 murrdoc i have this problem
17:42 murrdoc can u solve it
17:42 murrdoc :P
17:43 murrdoc anyhow excited to see what presentations will be up there
17:43 murrdoc is the schedule up
17:44 edrocks joined #salt
17:46 zerthimon joined #salt
17:46 thedodd joined #salt
17:47 otter768 joined #salt
17:49 desposo joined #salt
17:51 iggy the email I got says "soon"
17:51 murrdoc well hopefully by tuesday night
17:52 murrdoc week of conference
17:52 iggy lol
17:52 iggy you mean the night before it starts?
17:52 edrocks do people usually keep their salt configs in git?
17:52 murrdoc yup
17:52 murrdoc its when i land
17:54 hal58th joined #salt
17:54 JDiPierro joined #salt
17:55 rojem joined #salt
17:57 robawt edrocks: yes, you should definitely keep them in an scm, and git is a great choice
17:57 robawt edrocks: beware of storing passwords in a public repository, you should not do that
17:57 murrdoc svn is better
17:57 murrdoc when u commit to stuff
17:57 murrdoc u commit to it
17:57 murrdoc none of this git bs
17:58 robawt O_O
17:58 murrdoc :D
17:58 robawt murrdoc might be drunk
17:58 murrdoc and/or fake grey bearding
17:59 hal58th I'm staying at the doubletree hotel a block away. nikogonzo
17:59 hal58th Half the price of what grand america was and it's walking distance
17:59 phx when i was in pleasanton, the notion "walking distance" didn't exist
17:59 phx you literally had to be born to the other side of the street
18:00 nikogonzo hal58th: i was able to call and reserve the room, but it sounds like there is only two left; so I told my coworker to get on it
18:00 nikogonzo phx: speaks truth, i'm not walking around SLC
18:00 hal58th Lucky that you guys can afford it :) My work is paying for it and I don't think they would like that price
18:01 hal58th Meh, I lived in South Dakota for five years and walked the few blocks to college. Not so bad
18:01 phx that might be
18:01 murrdoc one block in slc
18:01 forrest it's only 39 there right now, not bad at all
18:01 phx but when i was in pleasanton, the nearest pub was like 2 miles away
18:01 murrdoc is hopefully one block
18:02 phx and that sucks big time :)
18:02 * phx as a eurothug bound to pubs
18:02 forrest murrdoc: It's accurate, you'll be fine.
18:02 iggy I originally was going to pay for it all myself. So I got first-class and a room for 3 extra days... Then work was all "we'll pay for it if you put OnCenter on your slides" ... "Sold!"
18:02 hal58th well that would certainly suck. I feel like my town wasn't even 2 miles long
18:02 iggy I'll just get liquored up so I don't feel the cold
18:03 murrdoc 39 isnt cold
18:03 murrdoc boston is cold
18:03 murrdoc chicago is (./me touches glass) around 15 i presume
18:03 hal58th At 8am? Bah, I wish we didnt start that early. I am not a morning person
18:03 hal58th That was directed to Iggy
18:04 hebz0rl_ joined #salt
18:04 nikogonzo i plan on just getting there early and programming a roomba to go to all my talks with a tape recorder so I can sleep in erry day
18:04 phx 39 in celsius is hot
18:04 iggy I have no problem drinking at 8am (in fact it'll probably be a requirement on the day of my actual presentation)
18:04 phx lol
18:05 RedundancyD joined #salt
18:05 chitown iggy: +1
18:05 murrdoc new plan
18:05 chitown "no really, its just OJ"
18:06 murrdoc everyone coming to iggy's conference has to bring him a beer
18:06 murrdoc as a thank u for his presentation
18:06 murrdoc and to ensure hes drunk asap post presentation
18:07 hal58th What is your presentation title iggy?
18:08 N-Mi_ joined #salt
18:08 N-Mi_ joined #salt
18:08 iggy How to not suck
18:08 spookah joined #salt
18:08 murrdoc at ?
18:09 jeremyr joined #salt
18:09 iggy just in general
18:09 murrdoc life lessons with grandad iggy
18:09 murrdoc i like it
18:10 iggy I've got a lot of experience at sucking... so I should be able to give some tips at what not to do
18:12 hal58th I do wish I could rework our salt deployment process with the life lessons I have learned. Just don't have time right now.
18:15 chitown anyone know the status of getting the renderer system into salt-cloud?
18:15 chitown https://github.com/saltstack/salt-cloud/issues/229
18:19 iggy haven't heard anything
18:19 iggy salt-cloud doesn't seem to have gotten much love after getting merged upstream
18:19 I3olle joined #salt
18:19 iggy at the very least, multiple level inheritance would be nice
18:20 chitown trying to get some legacy stuff moved into profiles/providers and it is going to be a LOT of duplication
18:20 forrest iggy, chitown: You should see if the issue exists in the main salt repo.
18:20 chitown even with extends
18:20 edrocks are you supposed to run salt-cloud on your salt master or on your laptop?
18:20 chitown right.... duh... salt cloud folded in...
18:21 chitown erjohnso: master
18:21 forrest edrocks: master
18:21 chitown though, i guess you could run it elsewhere...
18:21 forrest Please don't do that
18:21 iggy chitown: so what I ended up doing was extending the salt-formula to generate the cloud config files for me... so I kind of get all the templating in a round-about sort of way
18:21 forrest it requires your keys for aws
18:21 schlueter joined #salt
18:21 chitown true. but, they are already in those additional files
18:21 druonysuse joined #salt
18:21 iggy what is aws?
18:21 chitown granted, youd be kinda screwed if you lost ur laptop
18:22 forrest yeah chance of losing/stolen laptop is way worse to me
18:22 chitown (yes, that JUST occured to me)
18:22 forrest heh
18:22 pfallenop joined #salt
18:22 edrocks the docs aren't very clear on what a real setup looks like
18:22 chitown was thinking that there isnt a lot of overlap in the configs
18:22 iggy use a key just for that system... you can deactivate later
18:22 Nahual left #salt
18:22 iggy same with git ssh keys, etc.
18:23 chitown but, the ability to use cloud states/runners/... means it is in your best interest to run on the master
18:23 redzaku joined #salt
18:23 ajw0100 joined #salt
18:24 chitown iggy: ya, i was thinking of writing a state with file.managed to generate the profile files
18:24 schlueter1 joined #salt
18:24 chitown i may just use the cloud runners
18:25 jacksontj joined #salt
18:27 chitown re: jinja + salt cloud
18:27 chitown https://github.com/saltstack/salt/issues/16850
18:27 chitown opened by.... me.... :(
18:28 chitown can be such a space cadet some days
18:29 SheetiS I actually have my salt master's minion config manage the stuff in /etc/salt/cloud.  It's kinda terrible, but it works for me.
18:31 murrdoc do u s3 to source them ? or git like thing
18:32 chitown right now, we use states, which is a little clunky
18:32 chitown also, it means any minion could easily spin up VMs... which kinda bothers me
18:34 SheetiS I use a state that is applied only to the master.  of course if you knew the state and hand root on a minion, you could request the state and get parts of what you need.  The api key wouldn't be available because it wouldn't be in the other minions pillars though
18:34 SheetiS so there's that
18:34 SheetiS https://bpaste.net/show/bca871abb788
18:34 SheetiS something like this
18:35 iggy chitown: use pillars for the cloud settings... only target the pillars at the master (or whatever needs to spin stuff up)
18:36 SheetiS iggy++ that's what I do.  The pillar with the api key is only availabe at the master and is gpg encrypted in version control using salt-gpg fun.
18:36 chitown ya, unfortunately, some of the data is already in pillar, but segmented based on env
18:36 chitown so, yes... but, it means unwinding some legacy :(
18:36 iggy baby steps
18:36 chitown ya  :)
18:37 chitown thats why if i could just use jinja in the cloud conf files, then it ouwldbe super simple
18:37 chitown would be
18:37 iggy I could also see the use of other systems being able to spin up new hosts (loadbalancer notices high load, spins up more web servers, etc...)
18:37 iggy of course you could do that with reactor and custom events too
18:37 iggy so we are drawn back to the #1 rule of salt
18:38 chitown ya, there is some desire to use AWS' elastic scaling
18:38 iggy there's no right way to do anything... there are multiple ways, use what works best for you
18:38 chitown just like perl! :)
18:38 chitown showing my age... :/
18:38 ksalman1 ugh perl
18:38 chitown perl was both the best and worst thing i have done :/
18:39 murrdoc says everyone who did perl ever
18:39 chitown at the time, there weren't any other good options
18:39 phx and a lot of stuff is still stuck with perl
18:39 iggy now you're defininitely showing your age
18:39 chitown so, we moved to java... and that was "better"??? :)
18:39 phx like it's hard to find a good module for kadmin things for python, whereas there are a few for perl
18:39 ksalman1 i am glad we moved to python
18:40 phx also, there's no python AFS module, but there's 2 for perl
18:40 iggy AFS?
18:40 phx yup
18:40 chitown lol
18:40 murrdoc would be trivial to write
18:40 chitown its been years since ive seen anyone bring up AFS
18:40 iggy if we're talking about the same AFS, there's a reason no python module exists for it
18:40 iggy STAHP!
18:41 chitown but, i went to grad school a U Mich, which is a huge AFS "shop"
18:41 phx iggy, and what would that be?
18:41 ramishra_ joined #salt
18:41 iggy STAHP! (using it)
18:42 phx you've learned that reasoning from $wife? :)
18:44 iggy the only thing I learned from my wife was... don't get a second one
18:44 phx lol
18:45 ksalman1 definitely not while you have the first
18:47 durana joined #salt
18:48 durana left #salt
18:50 ajw0100 joined #salt
18:51 younqcass joined #salt
18:51 cberndt joined #salt
18:53 Vye ksalman1, +1
18:53 Vye Anyone using multi-master setup?
18:53 iwishiwerearobot joined #salt
18:53 jalaziz joined #salt
18:53 murrdoc good segue
18:53 murrdoc do you hvae more than one wife, yes.. you should be comfortable with multi master setup
18:53 Vye haha
18:53 murrdoc ok thats it, last forced joke of the day, /me shuts up
18:54 aparsons joined #salt
18:55 ksalman1 i will be using multi-master setup but from what i read, all you have to do is add additional 'master: foo' in /etc/salt/minion?
18:55 ksalman1 i'll be using multi-master setup soon*
18:56 Vye Well, there is more to it than that. You need to sync minion keys and a key used to sign master keys.
18:58 Vye I was interested to hear approaches others have taken to syncing their multi-master keys. NFS is one approach, but with NFSv3 an IP based ACL probably isn't what I want protecting my keys.
18:59 murrdoc write a reactor that queries an external data source, and verifies hostname, ip, any other info
18:59 murrdoc auto sign that shizzle
19:00 murrdoc you could have a job that collects auth'ed minons from each master
19:00 murrdoc and maintains them in a datasource somewhere
19:00 scoates joined #salt
19:00 murrdoc u can query that for autosign
19:01 iggy open_mode: True
19:01 aparsons joined #salt
19:03 ksalman1 open_mode works great for us. Folks are always rebuilding test machines
19:03 murrdoc :)
19:06 dualicorn joined #salt
19:08 Vye murrdoc, I'll look into that approach. Pre-seeding with salt-ssh may be sufficient. However, that doesn't cover my Windows hosts.
19:10 pfallenop joined #salt
19:10 edrocks does anyone know why im getting this error? "There was a profile error: 'NoneType' object has no attribute 'name'"
19:10 ckao joined #salt
19:10 edrocks im running salt-cloud -p standard minion{1..3}
19:11 scoates joined #salt
19:14 ajw0100 joined #salt
19:16 murrdoc https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054580.html
19:17 iggy people still use freebsd?
19:18 nikogonzo hells yeah
19:19 nikogonzo but not many people run -current in production
19:19 nikogonzo https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054581.html
19:20 KyleG yeah..
19:20 KyleG I run  10.0-RELEASE-p17 in prod
19:20 KyleG my entire env is FreeBSD, so yes iggy, people still use FreeBSD :)
19:21 nikogonzo KyleG: o/ freebsd bros
19:21 KyleG also, every PS4 runs the FreeBSD kernel and networking drivers.
19:21 KyleG PS3's too I think
19:21 KyleG :P
19:21 KyleG hell yeah
19:21 KyleG FreeBSD4lyfe
19:21 smcquay joined #salt
19:23 nikogonzo we're phasing it out because finding competent freebsd admins is somewhat difficult with a market flooded with mediocre linux dudes
19:24 nikogonzo but it has colo space in my heart
19:24 KyleG :((
19:24 KyleG That makes me so damn sad nikogonzo
19:25 KyleG You let the RHC*'s and their "look at my cert i'm so awesome hire me because I paid a ton for a cert" win
19:25 iggy weird... we can't even find mediocre "linux dudes"
19:25 murrdoc nikogonzo:  not pulling punches
19:25 murrdoc https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1301015
19:26 KyleG I'll admit, it does give me *some* satisfaction knowing that it's rather difficult for my employer to hire competent freebsd admins.
19:26 KyleG dat job security
19:26 iggy service networking restart has bitched about not being the right way to restart networking for ages
19:26 murrdoc ubuntu trusty turned off /etc/init.d/networking restart
19:27 iggy so... ENOTABUG
19:29 chiui joined #salt
19:29 ksalman1 can't say i am a fan of ubuntu
19:30 ksalman1 we have to support ubuntu for qa folks but we use debian internally
19:34 dualicorn joined #salt
19:34 nikogonzo personally, I'm hoping for a revival/mass migration the moment vendors start cramming systemd down their customers throats
19:34 dualicorn joined #salt
19:35 nikogonzo migration to bsd or minimal server-only linuxes
19:37 jdowning joined #salt
19:37 nikogonzo that, or cloning becomes reality and my company can have its very own lennart to support it
19:38 iggy systemd isn't that bad 90% of the time (i.e. when it works)
19:41 nikogonzo it's pretty b\@d for anything other than phones and tablets, but I don't want to get into yet another internet war-of-the-beards over something that's inevitable. like pooping, you know?
19:42 ajw0100 joined #salt
19:42 ramishra_ joined #salt
19:43 chiui joined #salt
19:44 jtang1 journald is a bit broken tbh
19:44 jtang1 why oh why!
19:45 babilen How so? Link to bug report?
19:46 pfallenop joined #salt
19:46 timoguin joined #salt
19:46 jtang1 its more the whole idea of needing to use a tool to read a binary file to read the logs
19:46 beneggett joined #salt
19:48 otter768 joined #salt
19:48 babilen jtang1: Well, that also allows you to take advantage of indexed docs. Are you also opposed to databases? But then .. there really is no point in delving into *that* discussion, so ... don't use it if you don't want to, but "is a bit broken" actually implies that it is, well, broken.
19:49 babilen strawberries aren't broken just because you don't like them
19:49 babilen s/docs/logs naturally :D
19:51 dimeshake joined #salt
19:51 babilen You probably hate ELK too then?
19:51 iggy I'll just be glad when I don't need to remember different commands for RH vs Debian vs CoreOS vs etc, etc.
19:52 murrdoc what happened to 'cat'
19:52 babilen Oh, that too
19:52 murrdoc less
19:52 babilen most
19:52 * nikogonzo gets his beard out
19:52 murrdoc can a brother get some tail
19:53 babilen murrdoc: Nothing stops you from *also* keeping plain text logs and you can easily pipe journald into $PAGER to have your plain text, unfiltered logs.
19:53 murrdoc fair nuff
19:53 murrdoc i dont like logging on to servers anyways to look at logs
19:53 babilen Try "journalctl |less"
19:54 murrdoc so the system indexes all logs ?
19:54 babilen murrdoc: Yes, which is why you aggregate them and index them so that you can search them easily. Nobody *really* wants to deal with plain logs.
19:55 murrdoc so each server does its own indexing/aggregating
19:55 murrdoc seems like not something the OS should be worried about
19:55 babilen murrdoc: You can say things like "journalctl -u httpd --since=00:00 --until=9:30" which gives you all log entries from the "httpd" unit (i.e. service) from 00:00 to 09:30
19:56 murrdoc true, but thats one server
19:56 babilen murrdoc: Not every user want to run ELK on their laptop ;)
19:56 murrdoc slackers
19:56 babilen heh
19:57 jtang1 heh, well, im just a grumpy individual
19:57 linjan joined #salt
19:57 murrdoc not sure how this lines up with unix philosophy
19:57 primechuck joined #salt
19:57 jtang1 there is a lot to be said being able to read plain text of a disk to debug things
19:57 babilen Surely this isn't the right tool to monitor 12000 servers in a massive deployment, but I strongly prefer it over "Oh, here are all my logs, lets write specialised pipelines to get the data out of that mess that I care about right now"
19:58 babilen jtang1: Which is why you would *also* write plain text. Nothing stops you from doing that.
19:58 nikogonzo people who believe in the unix philosophy are never going to agree with systemd; systemd proponents have never seen why unix was successful compared with other operating systems that did exactly this ( made ridiculous init systems, binary logs and opaque databases, etc ).
19:58 babilen Or you just run "journalctl| ...." and have your plain text in a pipe. Or "journalctl > foo.log" or ...
19:58 nikogonzo systemd should be a bolt on, not the core
19:58 murrdoc yeah improve as add on
19:58 neekz0r joined #salt
19:58 murrdoc then make default
19:58 jtang1 to be honest, not that many companies run 12k servers in production
19:59 jtang1 you'd be lucky to see a few hundred in most places
19:59 murrdoc 16k+ this week
19:59 jalaziz joined #salt
19:59 hemebond Is systemd one binary?
19:59 babilen https://lists.debian.org/debian-ctte/2014/02/msg00390.html ← essential reading for everyone who is "interested" in that discussion. But seriously, .. I'm out.
20:00 hemebond lol
20:00 jtang1 babilen:  i guess so, i havent had much exposure to systemd so far in production, but what i have seen so far, im not so sure
20:00 nikogonzo systemd is made for phones and tablets: https://bugs.freedesktop.org/buglist.cgi?bug_status=NEW&amp;order=changeddate%20DESC%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&amp;query_based_on=&amp;query_format=advanced
20:00 babilen If you have actual technical problem then lets talk about that and I'm happy in helping, but I have no interest in things like "journald is broken" -- "why?" -- "because my definition says so"
20:01 ajw0100 joined #salt
20:01 murrdoc how does it work with syslog
20:01 hemebond jtang1: You don't like parallel startups, socket starts, simple configuration files for service descriptions?
20:01 murrdoc does it ship logs ?
20:01 jtang1 babilen: well, the thing is, i'm happy to use it, it doesnt mean i have ot agree with it ;)
20:01 iggy I'll just be glad when I don't need to remember different commands for RH vs Debian vs CoreOS vs etc, etc.
20:01 murrdoc as long as i can ship the logs out from it i am ok with it
20:01 murrdoc if not
20:01 murrdoc its broke
20:01 jtang1 the pragmatist in me is if someone else maintains it and provides the tooling to use it, then thats fine with me
20:01 babilen jtang1: Read the detailed discussion. Russ wrote an amazing analysis and it is definitely one of the best written documents on this matter (and I would hope that more technical decisions would be taken in such a way)
20:02 hemebond murrdoc: You can.
20:02 edrocks is anyone using salt on gce?
20:02 babilen edrocks: Are you?
20:02 cablesnake joined #salt
20:02 iggy edrocks: yo!
20:02 hemebond murrdoc: You can have the logs go to syslog by default.
20:02 jhauser joined #salt
20:02 ajw0100 joined #salt
20:02 murrdoc cool
20:02 jtang1 hemebond: heh, i do like, but it doesnt matter to me in my use cases
20:02 jtang1 i might reboot a machine once a year
20:02 edrocks trying too I keep geting key_filename does not exist when I try to create instances
20:02 edrocks but I set my service account up
20:03 jtang1 i might reboot maybe 10% of my machines once a year, its not that relavent to me in my use cases
20:03 hemebond jtang1: It only matters to me when I have to write an init file to run a daemon.
20:03 iggy edrocks: we use service_account_email_address: and service_account_private_key:
20:03 hemebond jtang1: I look at the systemd daemon config and think "that's lovely".
20:04 jtang1 heh, you are here on a scm channel, surely you can cope with write once and re-deploy everywhere? it cant be that bad ;)
20:04 hemebond It's having to write that mess at all that I dislike.
20:04 edrocks I have that but when I do `salt-cloud -p someProfile mion{1..3}` I get error: "The defined key_filename 'home/myemail/.ssh/google_compute_engine' does not exist"
20:05 jtang1 i guess writing a mess of reading a mess are two sides of the same coin
20:05 hemebond jtang1: You think the daemon config files are a mess?
20:05 hemebond Or do you mean reading the init files?
20:06 iggy ahh
20:06 jtang1 hemebond: i think they are probably the last things i need to worry about compared to other things that matter to me
20:06 iggy edrocks: ssh_username: ssh_keyfile:
20:06 jtang1 hemebond: i mean the reading of binary log files
20:06 hemebond jtang1: Just use syslog.
20:07 edrocks iggy: should I just generate a new keyfile and use a random name?
20:07 jtang1 since its all systemd, i like the unit files and so on, but i dont really like the binary logs
20:07 jtang1 hemebond: i do
20:07 jtang1 use syslog that is
20:07 iggy edrocks: you should use a key that is setup in your project metadata
20:07 hemebond jtang1: Cool.
20:08 iggy edrocks: if you followed the commonly used howto, it'll be gceuser and the key you generated for it
20:08 jtang1 hemebond: i guess my gripe is mainly about having a choice (or the lack of)
20:08 hemebond jtang1: Choice in what?
20:08 jtang1 systemd can be there and do what they want, but having the choice of turning features off or not using it would be nice
20:08 babilen jtang1: Read http://0pointer.de/blog/projects/journalctl.html to learn what it allows you to do. There really is no problem in keeping syslog in the loop so you only get additional functionality.
20:09 babilen jtang1: And you don't have to create /var/log/journal if you don't want logs to persist
20:09 edrocks iggy: thanks I'll try to set that up
20:09 babilen (you might even be able to disable it completely, but I don't know how to do that off the top of my head)
20:09 jtang1 babilen: see my above comments, i don't mind/care as long as I have a choice
20:09 jtang1 and i know i have choice
20:09 hemebond jtang1: You do have a choice.
20:10 renoirb scoates yt?
20:10 * scoates looks around
20:10 renoirb mind If if PM you scoates ?
20:10 Ch3LL_ joined #salt
20:10 scoates just do it (-:
20:10 jtang1 this discussion feels like linux vs. bsd, it feels silly to talk about
20:10 hemebond jtang1: There is a log series you can read to get a good idea about it all: http://0pointer.de/blog/projects/systemd-for-admins-1.html
20:11 babilen (well worth a read)
20:11 iggy the sad thing is some people feel strongly one way or the other... the other 95% don't give a fuck and just want to get our jobs done
20:12 hemebond iggy: Yes. Slashdot is full of vocal anti-systemd people.
20:12 hemebond Who also seem to have a problem with women :-(
20:12 jtang1 hemebond: yea i've read that before
20:12 jtang1 heh, im in the 95% of I dont care much
20:13 jtang1 the 5% pokes every so often for alternatives in a just in case scenario
20:13 hemebond I trust the distro maintainers.
20:13 hemebond How the heck did this start in #salt anyway?
20:13 iggy I'll just be glad when I don't need to remember different commands for RH vs Debian vs CoreOS vs etc, etc.
20:14 jtang1 well someone said 'cat' in the above or 'tail'
20:14 iggy I jokingly said "people still use freebsd" and someone went on a 20 minute rant about everything they believe stongly in and dragged us all along
20:14 murrdoc hahaha
20:14 murrdoc true
20:14 * jtang1 shrugs
20:14 jtang1 linux is fine, since it has hardware support for what i want
20:14 jtang1 otherwise its a free for all in my work place
20:15 murrdoc scientific linux for the win
20:15 jtang1 yea SL is nice
20:15 jtang1 i like their OFED support
20:15 jtang1 they maintain nicer repos than centos does i think
20:16 jtang1 fermilab and cern know what they are doing
20:16 murrdoc cern has an epic puppet setup
20:16 murrdoc or had
20:16 murrdoc like jaw dropping impressive
20:16 jtang1 cern are epic full stop!
20:16 jtang1 i can't wait till the human brain project kicks off, that will be bigger than cern
20:17 GermanJaber joined #salt
20:17 GermanJaber Hi
20:17 GermanJaber anyone here??
20:17 murrdoc cern could have been in texas
20:18 jtang1 or illinois in the US (i think)
20:18 lz-dylan hey folks
20:18 lz-dylan can someone clarify for me how requisite arguments work?
20:19 jtang1 time for me to go and grab dinner
20:19 jtang1 by for now
20:19 lz-dylan ie. if I have a state with id 'jdk_pkg' that's just a pkg.installed for a longer-named package, and then I want something to depend on that state being run first, can I do `requires:\n  - pkg: jdk_pkg`?
20:19 forrest lz-dylan: in regards to what portion? Do you have an example?
20:20 forrest lz-dylan: let me gist something
20:20 lz-dylan or would that just try to install 'jdk_pkg' via my package manager?
20:20 lz-dylan i know you can do a `requires:\n  - sls: filename`
20:20 lz-dylan but I'd like to have the state definition in the same file
20:20 GermanJaber Im having a problem where several minions die whenever I send a global pkg.upgrade command
20:21 GermanJaber minions die with the message [ERROR   ] Attempt to authenticate with the salt master failed
20:21 lz-dylan forrest: thank you :)
20:21 GermanJaber [CRITICAL] An exception occurred while polling the minion
20:21 GermanJaber followed by an stacktrace that ends in     sys.stderr.write('Process %s:\n' % self.name) IOError: [Errno 5] Input/output error
20:22 GermanJaber the salt master log only says
20:22 lz-dylan forrest: I feel like I've done this before, but don't recall how...but now that I'm reviewing someone else's salt code, I don't want to just hack around it
20:22 GermanJaber [ERROR   ] Salt request timed out. If this error persists, worker_threads may need to be increased.
20:22 iggy lz-dylan: your line was correct except it's just require:
20:22 sastorsl left #salt
20:22 lz-dylan GermanJaber: what've you got for available disk space on minions?
20:22 Zachary_DuBois joined #salt
20:22 babilen Are all filesystems mounted rw?
20:22 forrest lz-dylan: like this: https://gist.github.com/anonymous/6303ee399e9edf47afac
20:23 lz-dylan iggy: shoot, that's a typo while I was retyping into IRC; not from my original file
20:23 GermanJaber plenty
20:23 GermanJaber i have around 50 minions and only one master
20:23 GermanJaber could it be that I need to scale??
20:24 iggy that shouldn't be a problem by itself, but if it's like a f1-micro, that's not going to work out so well
20:24 lz-dylan forrest: sweet. if I were to merge those state definitions into a single sls, all I'd have to do is drop the include: stanza, yeah?
20:24 forrest lz-dylan: yep
20:24 GermanJaber i tried increasing the number of threads, but it did not worked
20:24 lz-dylan perfect. thank you!
20:25 iggy lz-dylan: just for future reference, the saltstack-formulas are a good resource for usage examples
20:26 lz-dylan iggy: duly noted
20:27 lz-dylan iggy: which reminds me. is the new best practice to use `name: pkg.installed: []` over `name: pkg.installed`?
20:27 lz-dylan I saw that a few times in the docs and hadn't previously
20:27 mapu joined #salt
20:28 TheoSLC joined #salt
20:28 iggy only if you have other states under the same name
20:28 iggy (in that case it's a requirement)
20:29 lz-dylan gotcha
20:29 lz-dylan so it's a make-the-yaml-parser-happy thing?
20:29 iggy yes
20:29 lz-dylan probably best to just get my fingers used to that in general then :)
20:29 TheoSLC I need some Windows OS eyes on  this issue -> https://github.com/saltstack/salt/issues/17062  I've taken it as far as I can.
20:29 tombibb joined #salt
20:30 TheoSLC perhaps UtahDave?  Dave did you change your handle?
20:30 iggy i.e. nginx:\npkg.installed: []\nservice.running:\n- reload: True
20:30 iggy you need it there
20:31 iggy TheoSLC: he doesn't do irc much when he's doing services stuff/traveling (at least from what I've seen)
20:32 hemebond TheoSLC: What about using a variable for the path you've added?
20:32 TheoSLC iggy: Thanks.  I've haven't seen him on for a while.  Any Windows focused dev's on IRC regularly?
20:33 linjan joined #salt
20:33 TheoSLC hemebond: hi.  Could you give me some context around your statement?
20:34 hemebond TheoSLC: Well I've always assumed the PATH isn't really available so if I add a dir to the PATH and/or want to use that dir I will pop it into a variable and just use that variable throughout.
20:34 GermanJaber lz-dylan: how many minions a master can handle normally??
20:35 MTecknology I'm apparently creating a variable with the value  OrderedDict([('bugzilla_ro', OrderedDict([('grants', 'select')]))])  what I /want/ is   {'grants': 'select'}. My pillar looks like this - http://dpaste.com/0B9RXWV   My sls looks like this - http://dpaste.com/0WGNVR4   I /think/ my issue is lines 4-5 being wrong, but I'm not sure. The dbuser value gets set to that OrderedDict.
20:35 TheoSLC hemebond: I see.  the reason is that I don't control the script/binary using the path.
20:35 clintberry joined #salt
20:35 schlueter joined #salt
20:36 iggy MTecknology: protip: gist... multiple files in a single post
20:36 MTecknology I can use that next time around, sure thing
20:37 TheoSLC At this point I just need somebody with a windows build env to test my changes.
20:37 hemebond TheoSLC: Ah. In my Powershell scripts I have explicit functions for updating and fetching environment variables.
20:37 jeremyr joined #salt
20:37 hemebond TheoSLC: I have Windows servers managed by Salt but I won't be able to help until tonight.
20:37 chiui joined #salt
20:38 TheoSLC hemebond: thanks
20:39 iggy MTecknology: - means list
20:39 JordanTesting joined #salt
20:39 iggy MTecknology: and I don't think there's a test for list
20:39 sijis using the salt-api... somehow it doesn't appear to be sending/getting request from a syndic master. is there something obvious that could be preventing that? (running from MoM, results are OK). using version. 2014.7.0-3.
20:40 MTecknology iggy: I'm iterating through a list of users, I'm testing the user to see if it's a dictionary or not
20:40 iggy MTecknology: got that... bugzilla is not a dict, it's a list
20:40 jgelens In a certain salt state file I'm loading an external variable from the local filesystem, In that state I run multiple  different states with state.sls. But I need that variable to be available in the other states too. I've tried it with a grain, but grains are not updated for the current session. What's the best way to solve this?
20:40 iggy (a list of dicts in this case)
20:41 MTecknology bug pillar['mariadb_grants'][database]['bugzilla_ro'] IS a dict
20:41 iggy jgelens: set a grain and set reload_modules: True ?
20:41 whiteinge sijis: they should work almost identically. if you're running something synchronously it might be helpful to bump the timeout value up a tad
20:42 cablesnake joined #salt
20:42 iwishiwerearobot joined #salt
20:42 iggy MTecknology: ahh, I misread the outer loop
20:42 jgelens iggy: will try
20:43 ramishra_ joined #salt
20:43 jgelens iggy: grains.present: -name: foo  -value: bar  -reload_modules: True
20:43 jgelens like that?
20:44 iggy I think? not really sure, I've never tried that
20:44 iggy I would probably have written a custom grain module in python
20:44 jgelens hmm ok, is there an example for that in the docs?
20:45 iggy there are some pre-written custom grains modules in salt-contrib that might serve as good inspiration
20:46 jgelens thanks
20:46 MTecknology iggy: Using this (http://yaml-online-parser.appspot.com/) I did this (https://gist.github.com/anonymous/7e861fe07f14462b7b41)  Which is exactly what I'd expect.
20:47 smcquaid joined #salt
20:47 jgelens the reload_modules didn't work, I'll try a custom module
20:48 MTecknology iggy: I wonder if "is mapping" isn't available in my version of jinja... you did say it's new. I would expect that to completely error out in that case, though...
20:50 iggy it would
20:51 ajw0100 joined #salt
20:51 iggy I mean you'd get a jinja error saying mapping wasn't defined or available or whatever
20:51 sijis whiteinge: ya. what i figured. oddly enough though, i restarted all and now its not showing up in cli either ;/
20:52 sijis we got some odd stuff going on between master/syndic
20:52 * iggy shocked
20:53 whiteinge sijis: things with syndic move a little slower than usual since there's a middle-man involved. it takes a little longer for minions to reconnect after a restart and a little longer to send a command and get a response.
20:54 whiteinge sijis: make sure you're running ZeroMQ 4.x on the syndic (and everywhere else as well if you can)
20:54 MugginsM joined #salt
20:58 sijis whiteinge: we have this on the syndic and masters: zeromq3-3.2.4-1.el6.x86_64
20:59 Young joined #salt
20:59 Young Hi, is this the room for Saltstack?
21:00 whiteinge Young: this is the room!
21:00 whiteinge welcome :)
21:00 Young Thanks, whiteinge
21:00 whiteinge sijis: https://copr.fedoraproject.org/coprs/saltstack/zeromq4/
21:01 Young I just downloaded the .tar.gz file and looked around inside but don't know how to proceed.
21:01 Young No .rpm nor configure script I could find.
21:01 iggy Young: what distro?
21:01 iggy there are distro specific install instructions for most popular distros
21:02 whiteinge Young: this is a good place to start: http://docs.saltstack.com/en/latest/topics/installation/index.html
21:02 FRANK_T Hi guy i am trying to use salt-ssh and I am getting this error any idea https://www.refheap.com/3fb433639fdc69c6413bb34e0
21:02 tombibb joined #salt
21:02 Young OK, thanks. I'll start with that page.
21:02 FRANK_T I create a roster file with the servername
21:02 sijis whiteinge: so that will help with what i'm experiencing?
21:03 sijis whiteinge: could that also be related to a MoM not returning a prompt to something sent to a syndic
21:04 dusel joined #salt
21:06 whiteinge sijis: that will make communication run a bit more smooth and fix a known zmq bug that crashes the syndic on occasion. but you'll always have a little lag and delay going through a syndic. run jobs asynchronously, or specify a long timeout when you run synchronous jobs.
21:06 baweaver joined #salt
21:07 whiteinge sijis: the delay you're seeing on the MoM is not likely to go away.
21:07 jgelens iggy: thanks for mention these custom grain modules, this will make my life easier
21:07 druonysuse joined #salt
21:07 druonysuse joined #salt
21:07 baweaver Anyone know of any efforts to port salt to a rubygem?
21:08 nahamu huh?
21:08 baweaver from what I can gather you interact with salt via a CLI
21:08 iggy aren't rubygem's usually... ruby?
21:08 nahamu what would it mean to port salt to a rubygem? Salt is in python.
21:08 jalaziz joined #salt
21:08 baweaver I'm aware.
21:08 sijis whiteinge: i'm basically seem to be running into this: https://groups.google.com/forum/#!topic/salt-users/fBHp453Di9k
21:08 sijis much less machines though.. about 1,200 or so
21:09 nahamu baweaver: you mean like write a ruby wrapper around the salt CLI tools?
21:09 baweaver bingo
21:09 baweaver little vague, my bad
21:10 hemebond Touching Salt with Ruby *shudder*
21:10 iggy I imagine most people that want to work in ruby probably stick to chef/puppet
21:10 * hemebond goes back to Puppet manifest :-(
21:10 iggy although that needn't be the case
21:11 baweaver automating things with rails, so having a ruby port helps that one.
21:11 tombibb joined #salt
21:11 whiteinge iggy: hey! Ruby users need access to good config management too!
21:11 hemebond Oh with Rails.
21:11 baweaver not that I'm opposed to the idea of potentially just port it to flask
21:11 whiteinge ^_^
21:11 baweaver and treating it as a service
21:11 baweaver just learned about this one today
21:11 hemebond baweaver: Can't you just use salt-api to interact with it?
21:11 baweaver looking into it
21:12 schlueter joined #salt
21:12 baweaver again, still a newbie in regards to all of this
21:12 beneggett joined #salt
21:12 baweaver we mostly use chef here, though for some reason they're using salt for remote execution.
21:12 baweaver I'm just gluing it all together.
21:13 whiteinge baweaver: salt and chef actually work really well together, so it's not as crazy as it first sounds. :-)
21:13 baweaver it'd make for some bland food without it ;)
21:13 whiteinge :D
21:13 whiteinge sijis: how long of a delay are you seeing?
21:13 schlueter1 joined #salt
21:14 sijis whiteinge: never get a prompt back. even after an hour
21:14 whiteinge oh.
21:14 baweaver It'll take a day or two to have a solid idea of what to do with Salt, so excuse the potential swath of questions oncoming.
21:14 sijis whiteinge: we just ... notice that doing a test.ping.. 1 machine is returning 'another.host.domain is no available'
21:15 whiteinge baweaver: that's why where here
21:15 baweaver I know Python, so that I'm not worried about, only tying it all together with a preexisting rails service.
21:16 TheoSLC joined #salt
21:16 whatevsz joined #salt
21:16 sijis whiteinge: seeing something like this for anything related to that host: http://paste.fedoraproject.org/186742/24207791/
21:18 rlo joined #salt
21:18 whiteinge sijis: interesting. looks like that minion is returning but it's trying to call out to a fake domain
21:19 sijis whiteinge: i sanitized the domain to 'domain.com'
21:19 whiteinge haha, oh
21:19 rlo hi!
21:19 whiteinge so that minion should be able to hit the real domain? can you log in directly to verify?
21:19 rlo is there any dashboard / visualization tool available for salt?
21:20 Young I just installed salt-master on one node and salt-minion on another node. Is there the simplest thing I can try to understand how it works between the master & minion?
21:21 baweaver probably just jack into D3.js or the like for a frontend assuming you're going for web services.
21:21 iggy rlo: saltpad, halite (possibly dead), saltstack enterprise has one in the works
21:22 iggy Young: sudo salt '*' test.ping
21:23 rlo iggy: thanks!
21:23 sijis whiteinge: ya.. its checked into the master, as expcted from the minion log file
21:24 giantlock joined #salt
21:24 Young iggy, I got: No minions matched the target. No command was sent, no jid was assigned.
21:25 roolo joined #salt
21:26 iggy Young: salt-key -L
21:26 sijis whiteinge: we think the output was the result of the next matching host from a test.ping.. oddly it was always the same one. nothing is odd on adf-21 either. we did see something in /var/cache/salt/minion/files/base/_grains/stalekernel.py. someone was testing a new grain (we don't have any, that would be the first one)
21:26 sijis so i removed everything inside minion.. now response looks normal
21:26 iggy Young: also of interest... it's perfectly legitimate (and fairly common amonst the innitiated) to run a minion on the master as well
21:26 sijis now running a test again and see if something else hangs
21:27 Young I ran salt-key -L and I have no values for all 3 keys.
21:27 baweaver Has anyone heard of a rest_tornado variant of the API? Someone mentioned it as potentially better than rest_cherrypy
21:28 whiteinge baweaver: http://docs.saltstack.com/en/latest/salt-modindex.html#cap-n
21:28 sijis whiteinge: this is what stalekernel.py had: http://paste.fedoraproject.org/186746/42420849/
21:28 baweaver thanks
21:29 whiteinge rest_tornado is a fine module developed by members in the community (largely from LinkedIn). the rest_cherrypy module is developed by SaltStack themselves.
21:29 whiteinge both are good choices
21:30 edrocks anyone running their salt master in docker?
21:30 baweaver Heh, I might end up being the one to use it to jack into ruby
21:31 whiteinge sijis: glad you could track it down!
21:31 baweaver I'll get permission to opensource it
21:31 sijis whiteinge: not sure its fixed out problem. but its something to rule out
21:31 whiteinge baweaver: that would be great to have
21:31 baweaver It'll be some of the first open source out of here, but I have license to start pushing things
21:32 iggy baweaver: if so, take a look at pepper (python version of what you're talking about)
21:33 baweaver Will do, I can call it paprika to be cheeky.
21:33 cberndt joined #salt
21:34 edrocks what version of python does salt use?
21:34 murrdoc py27
21:34 igorwidl when I run salt '*' test.ping its hard to figure out which minions "failed" the test.ping
21:35 sijis igorwidl: i typically use with -v .. it tells you at the end
21:35 sijis igorwidl: so something like 'salt * test.ping -v'
21:35 igorwidl sijis: yep, this was what i was looking for. Thanks!
21:38 baweaver joined #salt
21:38 Young How and where can I define minions from the master?
21:38 fxhp joined #salt
21:38 iggy igorwidl: salt-run manage.up/down
21:38 ghanima joined #salt
21:38 iggy Young: you don't... you tell the minions to connect to the master
21:39 whiteinge Young: you need to install salt on each machine that will be a minion, configure it where the master is located and start the minion daemon on each machine.
21:39 Young OK, then where can I define the master on each minion? /var/run/salt/master?
21:39 ghanima hello all question the documentation that describes multi-master-pki with failover: http://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html
21:39 whiteinge Young: if you're interested in a free demo of Salt, we run those periodically. you can sign up and ask questions here:  http://saltstack.com/saltstack-demo-recording-registration/
21:39 iggy Young: /etc/salt/minion master: setting
21:40 ghanima Is accurate to say that the guide allows for multimaster failover but the master only respond to minions associated wiith it correct
21:40 MTecknology iggy: so... ya... checking if it's a mapping /is/ actually working. However, it seems like there's an issue because these seem to be ordereddict instead of dict, but I'm really not sure if that's the cause or not. :S
21:40 iggy Young: I suggest doing that... I did it when I was starting out. Very beneficial
21:41 iggy MTecknology: shouldn't be... they should be mapping's the same as a regular dict
21:41 MTecknology ah
21:41 MTecknology then I'm more confused
21:41 hemebond left #salt
21:43 Young Thanks, just registered for it.
21:44 ghanima I gues I am trying to understand if I have two master and all my minions have there primary set to one can I execute salt commands from the failover master and get a response
21:44 MTecknology I give up for the day...
21:44 ramishra_ joined #salt
21:44 MTecknology I want to get home and hook up my new modem
21:45 iggy ghanima: I don't think so, but I've never done any multi-master stuff, so take that with a grain of... oh nevermind
21:47 ghanima anyone else want to weigh in?
21:49 otter768 joined #salt
21:49 sijis how often are modules reloaded? running master with trace, i see it loading modules every once a while. i suspect that's normal?
21:50 murrdoc yup
21:50 MTecknology ghanima: nope, a command needs to be sent from the master the minion is connected to
21:51 ghanima MTecknology: is there an architecture that allows for commands to be streammed from multiple masters
21:51 MTecknology ghanima: consider using syndic servers; you have a master of masters, then syndic servers which are masters, but syndicate the master of masters
21:51 MTecknology Then you just send the command from your master of masters
21:51 ghanima MTecknology: AWESOME sauce thank you
21:51 iggy sijis: anytime there's an implied/explicit reload_modules: True (package.*, etc.)
21:52 MTecknology ghanima: then you can have one minion connect to multiple syndic servers as well. It gets tricky and there's a damned good reason(s) why I stopped doing that, but it's probably much more developed now
21:52 sijis iggy: a 'stock' setup.. is that like once an hour?
21:56 peters-tx joined #salt
21:56 iggy I'm not sure... I'd think it's just on demand, but a lot of things can demand that
21:57 biggiemac joined #salt
21:57 biggiemac Wondering if there are any salt-cloud pro's round here?
21:58 peters-tx I just used Salt to update Salt from 2014.7.0 to 2014.7.1 ... All systems appear to automatically update the running minion except my two RHEL 7 boxes..  Expected?
22:00 mosen joined #salt
22:02 subsignal joined #salt
22:05 nullptr joined #salt
22:05 beneggett joined #salt
22:06 MTecknology When it comes to jinja, I pretty much have python at my disposal, don't I?  {% set dbuser = user.keys()[0] %}  <-- this should work?
22:06 murrdoc bad karma will befall u
22:07 murrdoc but it should wor
22:07 murrdoc work*
22:07 ajw0100 joined #salt
22:08 MTecknology murrdoc: Why will bad karma befall me?
22:08 MTecknology It doesn't seem to actually work. :(
22:08 hasues joined #salt
22:09 desposo joined #salt
22:10 hasues left #salt
22:10 desposo1 joined #salt
22:10 murrdoc no reason, python in jinja and cmd.run in states are things we (my work team) frown upon
22:10 murrdoc so 'bad karma will befall you' is what i would have put in the code review
22:10 MTecknology ah, nice
22:11 theologian joined #salt
22:11 MTecknology I try to avoid this, but I'm doing some slightly screwy crap for the sake of making my pillars really super pretty
22:12 stylica joined #salt
22:12 lz-dylan GermanJaber: sorry, moved to another window. I don't know if you got an answer but salt-master can usually do *a lot* of minions. I don't know what the number is but my impression is that it's in the five figures (though that may be for the new bus instead of zeromq).
22:13 MTecknology {% set dbuser = user.keys()[0] %}{% set opts = user[dbuser] %}   ...  interesting...  'opts' has the correct value, but 'dbuser' does not, 'dbuser' should just be a string, but it's actually  OrderedDict([('bugzilla_ro', OrderedDict([('grants', 'select')]))])
22:13 stylica joined #salt
22:14 MTecknology ...... DOH!!!
22:14 murrdoc :)
22:14 murrdoc what u find
22:14 MTecknology I had one line that still had 'user' instead of 'dbuser'
22:14 MTecknology betcha this fixes that issue
22:15 MTecknology kablam!! :D
22:16 MTecknology aight, my mind is broken enough for the day. It's go home time!
22:16 loggyer joined #salt
22:16 stylica joined #salt
22:17 murrdoc o/
22:23 aquinas joined #salt
22:23 bash124512 is there anyway I can execute states in parallel ?
22:25 hal58th on the same box? No.  Salt works on a dependency tree type format. Even if the tree is determined by states listed in order
22:25 smcquay joined #salt
22:26 bash124512 yes in the same box. even if I use orchestration ?
22:26 conan_the_destro joined #salt
22:27 bash124512 my problem is that some states take too long and I could decrease the time by executing some in paralell
22:27 bash124512 and when I say too long I mean ~ 30 minutes
22:28 bash124512 in order
22:29 murrdoc what did u do
22:30 iggy I don't think orchestration will do that either. It's going to wait for each step to complete before moving on to the next one
22:30 iwishiwerearobot joined #salt
22:31 murrdoc yeah the queue is a mialbox and the minions can only consume one letter/job at a time
22:31 iggy Depending on what it is, maybe you could put all the long running stuff in reactors/scheduler
22:35 baweaver joined #salt
22:36 cberndt joined #salt
22:40 londo joined #salt
22:45 ramishra_ joined #salt
22:45 teebes joined #salt
22:47 Rojematic joined #salt
22:51 aphorise joined #salt
22:53 drags joined #salt
22:59 aphoriser joined #salt
23:02 beneggett joined #salt
23:03 ajw0100 joined #salt
23:07 thedodd joined #salt
23:08 murrdoc man i wish there was a pkgrepo.manage_key state
23:10 aphorise joined #salt
23:11 murrdoc gonna have to write the state
23:11 aparsons joined #salt
23:14 iggy wouldn't it basically just be shuffling some code around?
23:15 yomilk joined #salt
23:15 iggy I mean the functionality is already there, just buried in the managed() function?
23:15 aurynn explicit is better than implicit?
23:16 iggy yes and no
23:20 jameswarren joined #salt
23:20 kermit joined #salt
23:20 murrdoc iggy:  yeah just wish it came with pkgrepo already
23:33 theologian joined #salt
23:37 mikaelhm joined #salt
23:38 aphoriser joined #salt
23:41 fannet joined #salt
23:44 fannet_ joined #salt
23:44 fannet_ hey guys - i have a cloud question. I'm using salt-cloud to provision nodes but want to change the DNS server config in ubuntu 14.04. Unfortunately /etc/resolv.conf is now managed by some new resolvconf process and the recommendation is to put DNS server config in /etc/network/interfaces. That's all cool but how do I use salt to manipulate an interface that digital ocean has configured with an IP in a way that I don't lose the existi
23:45 ramishra_ joined #salt
23:46 TheoSLC I beg, somebody else take over this issue.  https://github.com/saltstack/salt/issues/17062   I'm still a python newb.  Somebody that knows salt coding standards should do this.
23:49 fannet joined #salt
23:49 iggy fannet_: so you don't want to use DO's resolvers or you want additional ones?
23:49 fannet iggy I want to use my own
23:50 fannet not theirs
23:50 hemphill joined #salt
23:50 otter768 joined #salt
23:51 iggy just throw "nameserver your.ip" in /etc/resolvconf/resolv.conf.d/base
23:53 jalaziz joined #salt
23:53 fannet I tried using the network state module and defining only the name server for eth0 but that wipes out the IP info
23:54 iggy yeah. That's not going to work because the IPs are set by dhcp
23:54 fannet hmm
23:54 fannet wonder if there is an easy way to revert ubuntu to just use resolv.conf
23:54 iggy just throw "nameserver your.ip" in /etc/resolvconf/resolv.conf.d/base
23:56 jmastron joined #salt
23:56 fannet tried that
23:56 fannet totally ignores
23:56 fannet i see the settings in /etc/resolv.conf
23:57 iggy try head?
23:57 fannet when I put them in base
23:57 fannet let me try head
23:58 bhosmer joined #salt
23:58 fannet no love
23:59 fannet maybe a reboot is in order

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary