Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-12-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:06 abednarik joined #salt
00:06 Rumbles joined #salt
00:10 semihairlessbear joined #salt
00:11 scoates joined #salt
00:18 semihairlessbear joined #salt
00:22 edrocks_ joined #salt
00:27 semihairlessbear joined #salt
00:33 scott_w joined #salt
00:41 scott_w joined #salt
00:44 scott_w joined #salt
00:47 crashmag joined #salt
00:54 brianfeister joined #salt
00:58 wt hmmmm....import_yaml seems to work okay for me
00:59 wt Maybe I can make that work for the other renders
01:12 subsignal joined #salt
01:13 colegatron joined #salt
01:24 bbbryson joined #salt
01:24 cberndt joined #salt
01:38 onlyanegg joined #salt
01:43 mapu joined #salt
01:46 tmclaugh[work] joined #salt
01:50 shaggy_surfer how do you get the command line doc for boto related modules?  I ran this:  salt "*" sys.doc boto*
01:50 iggy I don't think the * is necessary
01:50 shaggy_surfer it doesn't return anything.  Online has boto modules listed and /modules directory has them
01:51 shaggy_surfer is the command line sys.doc not up to date?
01:51 whytewolf sys.doc read the headers of modules that can load.
01:51 iggy or you don't have the requisites for the boto module
01:52 iggy i.e. boto doesn't load, it also doesn't have docs
01:53 shaggy_surfer IC, so on the master if the modules aren't loaded the sys.doc doesn't display them
01:53 whytewolf minion
01:53 iggy well, salt '*' asks the minion
01:53 iggy salt-call sys.doc would be a master call
01:53 shaggy_surfer ah
01:53 iggy (well, whatever minion you ran it on technically)
01:54 shaggy_surfer I have minion on master for testing
01:54 shaggy_surfer it's the only one w/ key
01:54 iggy so if you have a minion that does have all the req's, target that minion
01:56 shaggy_surfer I guess what I am asking is, how do I list all the execution modules on the salt-master from the command line?  And how do I look at the relative documentation for all the execution modules from the command line on the master also?
01:56 shaggy_surfer in other words, I don't want to leave the command line and use it w/o using online docs
02:00 whytewolf print out the docs?
02:02 shaggy_surfer on master I run :  salt-call sys.doc | grep boto and it returns nothing
02:02 colegatron joined #salt
02:02 whytewolf shaggy_surfer: "sys.doc will only show modules that can load" if dependencies for a module are not met then a module won't load
02:04 shaggy_surfer ok, so in order to have a list of all module documentation from the command line, that means that all modules have to be loaded?
02:04 whytewolf not possable on a single minion
02:04 shaggy_surfer ok so from the master, is it possilbe?
02:06 akhter joined #salt
02:07 whytewolf the master does bumpkis in this transaction. all salt '*' does is ask a minion. salt-call is still a minion call.sys.doc does not operate on a precimpiled set of documentation. there is no way to load all of the modules onto a single system. so NO. it is not possable in any way possable to use sys.doc to get ALL of the documentation
02:07 whytewolf on just he master
02:08 * whytewolf is starting to feel trolled
02:08 shaggy_surfer ok, so use the online documentation to get documentation for all modules then correct?
02:08 shaggy_surfer sorry
02:08 justanotheruser joined #salt
02:09 shaggy_surfer I am not trying to be annoying or troll, just trying to understand how it works, sorry
02:11 whytewolf but you are asking about the most basic of documentation. which is just the module documentation. and putting a limit on how information can be accessed by you. load up xwindows. have many terminals and a browser or hell load up tmux/screen and have use lynx
02:13 brianfeister joined #salt
02:19 whytewolf I think I need to take a vacation.
02:27 justanot1eruser joined #salt
02:50 catpigger joined #salt
02:59 auzty joined #salt
03:08 evle joined #salt
03:11 linjan joined #salt
03:15 brianfeister joined #salt
03:16 subsignal joined #salt
03:18 shiriru joined #salt
03:26 hasues joined #salt
03:26 hasues left #salt
03:38 anotherZero joined #salt
03:45 mapu joined #salt
03:54 nobrak joined #salt
03:54 nobrak joined #salt
03:56 FreeSpencer joined #salt
03:56 FreeSpencer joined #salt
04:03 malinoff joined #salt
04:43 malinoff joined #salt
04:48 anmol joined #salt
05:05 brianfeister joined #salt
05:27 racooper joined #salt
05:31 Nexus_x1 joined #salt
05:47 mapu joined #salt
05:55 Nexus_x1 joined #salt
06:09 anmolb joined #salt
06:32 rdas joined #salt
06:34 malinoff joined #salt
06:47 felskrone joined #salt
06:54 brianfeister joined #salt
07:01 micko joined #salt
07:04 GrueMaster joined #salt
07:17 brianfeister joined #salt
07:20 saffe joined #salt
07:21 twork joined #salt
07:27 twork i just want to iterate over a list, not a list of key=value pairs, but i can't find a good way to express that in salt. specifically, i have a list of pathnames, i want symlink [path 1]/[membar x] -> [path 2]/[member x] through the list of names.
07:28 twork pillar seemed like the obvious place to store my list, but i only see key-value pairs, no  way to just store a long list of strings.
07:29 twork the linking part is easy.
07:30 av_ joined #salt
07:32 AlberTUX joined #salt
07:35 An_T_oine joined #salt
07:36 rem5 joined #salt
07:39 KermitTheFragger joined #salt
07:39 AndreasLutro twork: the top level data structure of a pillar needs to be key: value pairs, but anything below that can be whatever you want
07:40 twork AndreasLutro: ok, so for instance i could have 'foo:' followed by a long line of just one name per line, no other syntax?
07:41 twork and, iterate through that list?
07:41 pppingme joined #salt
07:41 AndreasLutro doesn't need to be one line
07:42 AndreasLutro foo:\n- bar\n- baz
07:42 twork one column, should have said
07:42 twork list
07:42 twork ok, thanks.
07:51 pcn df -h
07:51 pcn whups
07:51 twork ps auxwwf
07:53 dkrae joined #salt
07:55 cberndt joined #salt
07:56 jbrouwers joined #salt
08:04 twork i'm still missing something basic with my list walking. maybe i need to write to the list, but it sure seems like a basic thing.
08:05 twork https://gist.github.com/mjinks/43a60d36291db8f4243a
08:07 AndreasLutro twork: you don't need the {{ }} inside a {% block %}
08:07 twork ftr, i've tried all kinds of variants on {{ pillar[...] }}, pretty sure that's where my problem is, but the errors i'm getting don't give me much... ah!
08:07 AndreasLutro {{ foo }} is the equivalent of print(foo)
08:07 AndreasLutro you wouldn't do for x in print(my_list)
08:07 twork thank you.
08:08 colegatron joined #salt
08:08 otter768 joined #salt
08:09 twork worky-worky! i get to go to bed now!
08:10 viq joined #salt
08:15 mapu joined #salt
08:16 xmj what's a good strategy to deploy salt_master into a jail on fbsd, on a brand new server
08:16 xmj ?
08:21 kshlm joined #salt
08:25 eseyman joined #salt
08:40 Segfault_ joined #salt
09:04 kshlm joined #salt
09:10 Rumbles joined #salt
09:16 felskrone1 joined #salt
09:21 keimlink joined #salt
09:21 Segfault_ joined #salt
09:32 Segfault_ joined #salt
09:34 quarcu_ how can one view currently valid tokens ?
09:48 rotbeard joined #salt
09:59 AlberTUX joined #salt
09:59 viq xmj: strategy in what sense?
10:01 Fiber^ joined #salt
10:02 xmj i'm considering something like running salt-call --local on the host, then set up a few (iocage) jails, and eventually have them minionize with the master
10:02 ajw0100 joined #salt
10:04 viq sounds like a plan
10:05 slav0nic joined #salt
10:07 malinoff xmj: you can use ansible ;)
10:08 viq Once my ZFS rebuilds I should probably look at iocage instead of ezjail
10:09 otter768 joined #salt
10:15 jfred joined #salt
10:18 mapu joined #salt
10:19 Segfault_ joined #salt
10:29 * xmj kicks malinoff
10:29 malinoff xmj: nice try
10:30 xmj malinoff: yeah the inconvenient thing is that i wrote an ansible module for iocage
10:30 xmj 6 months ago. now it's horribly broken ;)
10:32 giantlock joined #salt
10:33 Segfault_ joined #salt
10:34 amcorreia joined #salt
10:40 Segfault_ joined #salt
10:43 kshlm joined #salt
10:48 XenophonF hm, iocage, never heard of that before - thanks, xmj!
10:48 Segfault_ joined #salt
10:51 lionel joined #salt
10:51 xmj XenophonF: https://github.com/bougie/salt-iocage-formula
10:51 xmj looks promising
10:52 slav0nic http://irclog.perlgeek.de/salt/ 404
11:04 XenophonF that does look interesting, xmj
11:06 XenophonF slav0nic: yesterday jfindlay said something about that being broken for all the channels starting with "s"
11:06 xmj XenophonF: :-)
11:07 shiriru joined #salt
11:07 XenophonF i need to take another look at running my salt master as an unprivileged user in a jail
11:08 xmj hmmm where's the fun in that?
11:08 xmj "just because you can" type of work, or?
11:08 XenophonF attack surface minimization
11:09 XenophonF the master doesn't need to be root in order for it to do its thing, and i like the idea of isolating it in a jail
11:09 XenophonF the belt and suspenders approach, i guess
11:10 XenophonF i need to do the same thing to my pkgrepo, which i have running on the same server
11:10 XenophonF put apache and poudriere into their own jail
11:12 xmj use nginx! ;-)
11:14 viq obhttpd ;)
11:22 anmol joined #salt
11:22 jeddi joined #salt
11:32 Segfault_ joined #salt
11:35 bhosmer joined #salt
11:37 GermanG joined #salt
11:41 Segfault_ joined #salt
11:51 aidin joined #salt
11:52 Crazy67 joined #salt
11:52 Crazy67 hi :)
11:53 Segfault_ joined #salt
11:54 akhter joined #salt
12:02 Segfault_ joined #salt
12:05 tcolvin joined #salt
12:06 mikepea joined #salt
12:06 Ryan_Lane joined #salt
12:07 linjan joined #salt
12:10 otter768 joined #salt
12:14 ranomore1 joined #salt
12:15 XenophonF ugh nginx
12:18 AndreasLutro ugh <insert any piece of software here>
12:19 XenophonF ugh salt
12:20 AndreasLutro anyone use salt-ssh? is --roster-file not working at all or is it just me
12:20 XenophonF oh, speaking of ugh software, salt 2015.8.3 on windows is a little broken due to a bug in python 2.7.10
12:21 XenophonF if you're a windows sysadmin, would you please help me convince saltstack to do a bugfix release with python 2.7.11?
12:21 XenophonF here's the issue - https://github.com/saltstack/salt/issues/30042
12:21 saltstackbot [#30042]title: salt 2015.8.3 returns wrong value for osrelease grain on Windows Server 2012 R2 due to Python bug | Python 2.7.10's `platform.uname()` returns the following:...
12:22 XenophonF otherwise, it sounds like they won't rev the bundled python runtime until the next major release
12:24 Trauma joined #salt
12:24 dijit I have an issue and I can't think of the best solution for it; I have to increment a value on a command line based on how many machines of that type are deployed.
12:25 dijit I can do this in the pillar by having a file which just says 'index: 0' and another that says 'index: 1' incrementing foreve.r
12:25 dijit but that sounds bad.
12:28 babilen dijit: test.ping a suitable target group and count?
12:28 mapu joined #salt
12:28 slav0nic AndreasLutro, i user, and it's work sudo salt-ssh --roster-file roster2 staging1 test.ping
12:28 slav0nic *use
12:29 babilen dijit: But can't you be more specific and keep some information in the salt mine and name them explicitly?
12:29 AndreasLutro slav0nic: cheers - I figured it out, Saltfile roster_file always overwrites the CLI argument
12:29 AndreasLutro which is annoying but whatever
12:29 dijit babilen: sure, but I don't know how to do that. :)
12:29 dijit I'm using basic pillars, some minor jinja2 templating and the yaml states themselves.
12:29 evle1 joined #salt
12:30 dijit is there documentation on saltmine?
12:31 slav0nic AndreasLutro, in my Saltfile i only have salt-ssh:  config_dir: .
12:32 Segfault_ joined #salt
12:32 slav0nic AndreasLutro, generally salt-ssh is buggy and looks like salt-community not very interesting on it=\
12:33 cliffstah joined #salt
12:34 cliffstah hey there, I just have a quick question if I may..  is there a way to see the salt-ssh log as it goes, rather than all at the end?
12:36 AndreasLutro slav0nic: it's worked fine for me
12:36 AndreasLutro cliffstah: no
12:36 cliffstah is there a reason it can't be done?
12:37 AndreasLutro salt's entire architecture
12:37 cliffstah well ok then, heh.
12:37 cliffstah appreciate the answer, however terse ;-)
12:37 cliffstah left #salt
12:38 AndreasLutro I don't like it either but it's the truth :p
12:38 slav0nic AndreasLutro, grains does't work correct for example
12:38 slav0nic custom grains
12:39 AndreasLutro slav0nic: really? they've worked fine for me
12:40 quasiben joined #salt
12:40 slav0nic AndreasLutro, not available in  jinja templates
12:45 dijit ok
12:45 dijit so I can do it statically.
12:45 dijit but that doesn't make it much easier.
12:45 dijit now I need to take the last number in the hostname and decrease it by one.
12:45 dijit to get the index number I'm trying to put in the configuration file I'm working with.
12:45 kshlm joined #salt
12:45 AndreasLutro dijit: did you try using the mine?
12:45 dijit negative, what does the mine do for me?
12:46 dijit my understanding from reading the documentation is that it allows minions to give feedback.
12:46 AndreasLutro you can use the mine to get a dict of data from minions matching a match (like a glob or grains), then find the length of that dict
12:47 AndreasLutro it's for cross-minion sharing of data - the salt mine doc example shows how you can use it to dynamically add IPs to a haproxy conf
12:47 dijit ok, but I don't need to share any data.
12:47 dijit I have all the data I need, it's contained in the hostname.
12:48 dijit terribleserver01 = index: 0
12:48 dijit terribleserver02 = index: 1
12:48 AndreasLutro aha
12:48 AndreasLutro fair enough then
12:48 dijit I just need to figure out the jinja syntax to do this :S
12:48 AndreasLutro use whatever you'd do in python
12:49 AndreasLutro s = 'terribleserver01'
12:49 sanderl joined #salt
12:49 AndreasLutro s[-2:] will get the last 2 characters
12:49 sanderl supersimple question: I installed saltstak and saltpad on my nas... i get a promt asking for username and password
12:49 sanderl what is the default?
12:50 dijit AndreasLutro: you can do python direct in a jinja escape? :O
12:51 dijit I didn't know that~
12:52 AndreasLutro dijit: not always - but a string is an object, and you can call methods on objects in jinja
12:52 AndreasLutro and you can do index operations on arrays/strings
12:52 nomad_fr joined #salt
12:52 nomad_fr hi
12:52 dijit hm
12:52 nomad_fr is there a fr salt channel ?
12:53 dijit http://s.drk.sc/iMIPxu
12:53 dijit so like this?
12:53 catpig joined #salt
12:54 AndreasLutro dijit: except the [:1] bit, yes, open a python shell if you need to make sure that you actually get the correct substring
12:54 AndreasLutro dijit: you may also need to use the | int filter to cast the string to an int before comparing with == 1
12:55 dijit hm.
12:55 AndreasLutro e.g. {% set mynum = grains.fqdb[-2:] | int %}
12:55 AndreasLutro {% if mynum == 1 %}
12:55 sanderl So SaltPad asks me for this username and password. is that a default one, or should I confgi somewhere? I cannot find and have searched for about 2 hours :-(
12:57 dijit ah i c
12:58 Segfault_ joined #salt
12:58 ericof joined #salt
13:02 Azid joined #salt
13:04 sanderl no one?
13:10 slav0nic sanderl, vagrant/vagrant https://github.com/tinyclues/saltpad/blob/07358b7f447a5dac1c607136250b84c9b2b6a768/vagrant/README.rst ?
13:15 sanderl hi slav0nic thank you... that doesnt get accepted
13:31 Segfault_ joined #salt
13:31 sanderl any other option?
13:32 keimlink joined #salt
13:40 Segfault_ joined #salt
13:40 TooLmaN joined #salt
13:44 aidin left #salt
13:48 AlberTUX1 joined #salt
13:49 loocek joined #salt
13:49 loocek Hi to all, one question from new Salt user ;)
13:50 subsignal joined #salt
13:50 loocek I don't know why mine minions introduce to master with revdns names insted of them hostnames...
13:51 loocek is it way to change this behavior ?
13:52 ekristen joined #salt
13:54 loocek but what is interesting not all, one of them is visible as hostname and another as revdns
13:55 loocek (I'm talking about salt-keys in fact)
13:57 qman__ joined #salt
13:57 bryguy joined #salt
13:58 rideh joined #salt
13:58 frew joined #salt
13:58 evilrob joined #salt
13:58 dustywusty joined #salt
13:58 smkelly joined #salt
13:58 okfine joined #salt
13:58 kuromagi joined #salt
13:58 Vye joined #salt
14:00 jcockhren joined #salt
14:01 AndreasLutro loocek: I'd recommend manually writing the hostname to /etc/salt/minion_id when the minion host is created
14:01 pmcnabb joined #salt
14:01 hasues joined #salt
14:02 Segfault_ joined #salt
14:05 edrocks joined #salt
14:07 hasues left #salt
14:08 colegatron joined #salt
14:09 evilrob joined #salt
14:09 loocek AndreasLutro: hmm, I'll check
14:09 smkelly joined #salt
14:09 rideh joined #salt
14:09 Vye joined #salt
14:10 qman__ joined #salt
14:10 dustywusty joined #salt
14:10 bryguy joined #salt
14:10 bhosmer joined #salt
14:11 otter768 joined #salt
14:11 pmcnabb joined #salt
14:16 qman joined #salt
14:16 twork joined #salt
14:16 AlberTUX1 joined #salt
14:17 keimlink joined #salt
14:18 pmcnabb joined #salt
14:18 anotherZero joined #salt
14:18 loocek AndreasLutro: yes it works :), many thanks
14:18 numkem joined #salt
14:19 smkelly joined #salt
14:24 AlberTUX1 joined #salt
14:28 jcockhren joined #salt
14:29 mapu joined #salt
14:30 smkelly joined #salt
14:32 Guest94421 joined #salt
14:35 winsalt joined #salt
14:35 pmcnabb joined #salt
14:37 perfectsine joined #salt
14:39 lompik joined #salt
14:40 Guest94421 joined #salt
14:41 dyasny joined #salt
14:48 om joined #salt
14:51 qman__ joined #salt
14:53 smkelly joined #salt
14:54 anotherZero joined #salt
14:55 tpaul joined #salt
14:55 SteamWells joined #salt
14:56 wych joined #salt
14:56 sroegner joined #salt
14:56 rideh joined #salt
14:57 RandyT good day shakers
14:57 pmcnabb joined #salt
14:57 RandyT I'm trying to generate a configuration file from a template with jinja renderer.
14:58 RandyT The file is getting created with a single space at top of file. What do I need to do to prevent this extra space?
14:58 numkem RandyT: say you are doing {% if %}
14:59 numkem RandyT: try doing {%- if %} instead
14:59 gazarsgo joined #salt
14:59 qman__ joined #salt
14:59 numkem the "-" remove the before or after spaces
14:59 numkem it's documented on jinja's side
14:59 RandyT numkem: let me put a gist together...
15:00 RandyT I am aware of the effect of the '-', but does not seem to be the issue here...
15:00 RandyT unless I need trailing dash on the set commands at beginning of the template...
15:00 charli joined #salt
15:00 Guest94421 joined #salt
15:01 RandyT This is the beginning of the template: https://gist.github.com/rterbush/30c17493638b04669236
15:01 RandyT result is output with extra space above the opening xml tag.
15:02 fredvd joined #salt
15:02 RandyT extra line I should say
15:02 numkem RandyT: yes I've ran with the exact same issue because it's xml
15:02 bstaz joined #salt
15:02 numkem what I ended up doing is to move the variables under the line that starts with <?xml
15:02 frankS2 joined #salt
15:02 RandyT ah... ok
15:03 andrew_v joined #salt
15:03 numkem I haven't tried this but you could try doing -%} when closing tags
15:03 numkem but you would have to remove the opening "-"
15:03 RandyT yeah, that occurred to me on your first comment. Will give that a try as well. Thanks for your help.
15:03 numkem RandyT: n[
15:03 numkem *np
15:04 JonGretar joined #salt
15:05 mpanetta joined #salt
15:07 hacks joined #salt
15:07 Striki joined #salt
15:08 Crazy67 hey, I've an issue  with  apache-formula ( https://github.com/saltstack-formulas/apache-formula.git )   output https://gist.github.com/clementcohen/b3e3d1f28ef4845f2b9f  I don't understand why ...
15:08 Crazy67 on the webserver the apache' log says that the port 80 is already used..
15:08 akhter joined #salt
15:09 bbradley hello! is it possible to put pillar data into a managed file as it is in the pillar file?
15:09 charli joined #salt
15:10 perfectsine joined #salt
15:10 viq bbradley: contents_pillar ?
15:12 bbradley possibly!
15:12 bbradley my content is key/values so maybe.
15:15 viq bbradley: otherwise you'd need to use a jinja template to iterate over the stuff, I think
15:17 bbradley that was my initial reaction.
15:25 om joined #salt
15:28 nyx_ joined #salt
15:42 lompik joined #salt
15:43 teryx510 joined #salt
15:44 bbradley viq: it worked but wrapped the output in { }
15:44 PeterO joined #salt
15:44 bbradley thanks for mentioning it!
15:46 bbradley probably converts a dict to a string
15:49 conan_the_destro joined #salt
15:59 spuder joined #salt
16:00 keimlink joined #salt
16:02 rem5 joined #salt
16:04 qman__ joined #salt
16:05 PsionTheory joined #salt
16:12 otter768 joined #salt
16:13 tmclaugh[work] joined #salt
16:16 XenophonF joined #salt
16:21 lompik joined #salt
16:22 riftman joined #salt
16:23 evilrob joined #salt
16:24 iggy yeah, it should be a single dict key, not nested data
16:25 iggy Crazy67: use netstat to find out what's already listening
16:25 Crazy67 I use it
16:25 Crazy67 no 80 listening
16:25 Crazy67 it's a brand new VM so
16:26 iggy try running the states with the service initially in the stopped state
16:27 Crazy67 you mean install manually apache  then  launching the states ??
16:29 iggy I don't really know, I haven't used apache in years... ignore me
16:30 Crazy67 lol okay :)
16:30 otter768 joined #salt
16:30 whytewolf Crazy67: try using reload: True on the service.running state. sometimes I used to see apache restart to fast and would block it's self from starting up again
16:32 whytewolf apache just doesn't move like it used to for stopping. just got bloated in her old age. eating to many modules
16:35 Crazy67 I don't found service.running  this is a formula catched  from internet ..
16:35 Crazy67 there's some alias in init.sls
16:36 Crazy67 https://gist.github.com/clementcohen/686467c367044e0411bd
16:36 murrdoc joined #salt
16:36 bbradley joined #salt
16:39 whytewolf service.running is the second part of that apache: stanza
16:43 wangofett joined #salt
16:43 Crazy67 it barely use  apache-restart actually
16:43 qman__ joined #salt
16:43 whytewolf Crazy67:  ... I said the apache: stanza
16:43 Crazy67 I don't understand sorry :(
16:44 whytewolf the first set of instructions at the top with the header apache: that has pkg.installed. AND service.running
16:45 Crazy67 Oh I catch  you :)
16:46 Crazy67 so adding  - reload: True  after -enable: True ?
16:46 whytewolf it is worth a shot.
16:47 whytewolf I'm not saying that is the problem. just what i have seen in the past from apache
16:47 lompik joined #salt
16:47 qman__ joined #salt
16:48 Crazy67 I took a look at the apache logs, now it says : Command 'systemctl is-enabled apache2.service' failed with return code: 1   output: Failed to get unit file state for apache2.service: No such file or directory
16:48 whytewolf honestly. one that formula runs on a minion you can log into the minion and try to restart apache for your self and see if it happens
16:48 Crazy67 systemctl  is-enabled doesn't exist on debian8..
16:49 Crazy67 I already  try it  and it doesn't ..
16:49 whytewolf it doesn't restart on the minion when salt isn't used to restart apache
16:50 Crazy67 even though I restart apache manually on the minion  I still unable to access it
16:51 whytewolf .... is it listening [accessing apache could be a plethera of other things wrong. just find out if it is listening on 80]
16:52 spiette joined #salt
16:52 Crazy67 it doesnt .. netstat -natp  doesn't show  port 80
16:52 whytewolf is apache running.
16:52 Crazy67 yes
16:52 NV joined #salt
16:53 whytewolf so it shows as running, just not listening on 80? what port does it show it IS listening on
16:53 Crazy67 hold on , I just  restart everiything from scratch
16:55 whytewolf oh man i just read the document for the apache-formula. I think i threw up a little.
16:56 nicksloan joined #salt
16:56 iggy I've avoided it for that reason
16:56 murrdoc :D
16:56 whytewolf they use order in apache.debian_full
16:56 murrdoc its the only option
16:57 geekatcmu Sadly, that's generally my reaction with, well, every community-supplied chef recipe, puppet manifest, salt formula, etc.
16:58 Crazy67 I don't use that  sls,  I use vhost/standard.sls
16:59 whytewolf geekatcmu: I hear you. had a friend try to install kibana4 using a chef community recipe. it changed the default es index to be the same as the default for kibana3. overrighting his old dashboards. which where in production use by the company.
16:59 geekatcmu oops
17:00 Crazy67 oops... :D
17:00 geekatcmu OTOH, now that he's done that, he may as well upgrade to the latest/greatest ES, since that no longer supports kibana3.
17:01 geekatcmu I have to say, though, it really irritates me that not only is K4 not backwards compatible with K3, but there's NO WAY to convert K3 dashboards to K4.
17:01 geekatcmu Even an 80% solution would be better than nothing
17:02 Crazy67 I takke a look at the minion' salt log   I  still have that error : 2015-12-28 18:31:43,787 [salt.state       ][ERROR   ] User clement is not available Group clement is not available
17:02 Crazy67 2015-12-29 17:57:21,521 [salt.loaded.int.module.cmdmod][ERROR   ] Command 'systemctl is-enabled apache2.service' failed with return code: 1
17:02 Crazy67 but I can't  found this command on the formula  I think  it's  in salt itself :/
17:02 whytewolf Crazy67: take out the reload
17:03 whytewolf and yes. service.running is calling systemctl
17:03 Crazy67 so, maybe that's  why  it doesn't work , since  the apache2 debian package  doesn't implement it ...
17:04 whytewolf Crazy67: honestly. I can't say.
17:05 Crazy67 that's  weird :/
17:05 * whytewolf hasn't really gotten into apache on debian. I was still using centos 6 when i favored apache
17:06 Crazy67 yeah .. but I've no choice..
17:06 whytewolf geekatcmu: and I hear yeah about kibana4. the thing drives me insane with just how much a departure from kibana3 it was. it wasn't a major version point. it is a new product and should have a different name.
17:06 geekatcmu yeah
17:07 whytewolf something with shit in the title
17:07 geekatcmu Nah, I think "maddening" would be better.
17:09 whytewolf maybe
17:10 LotR maddening shit? :)
17:10 Crazy67 mmhh ... ok,  is there a good formula for nginx ?
17:10 whytewolf Crazy67: one you write yourself?
17:11 Crazy67 lol .. true..
17:13 malinoff joined #salt
17:13 whytewolf Crazy67: you could look and see at https://github.com/saltstack-formulas but personally I avoid formulas but thats cause my enviroments are a special snowflake.
17:14 onlyanegg joined #salt
17:14 Crazy67 thanks :)
17:15 Bryson joined #salt
17:17 AndreasLutro <Crazy67> systemctl  is-enabled doesn't exist on debian8..
17:17 AndreasLutro if it doesn't, you didn't dist-upgrade properly
17:18 Crazy67 dist-upgrade ?  I didn't upgrade from debian7, I install debian8 netinstal
17:18 AndreasLutro then you've done something literally impossible!
17:20 Crazy67 I don't say  systemctl is-enabled doesn't exist,  I said  the apache2 debian package doesn't implement it..
17:20 AndreasLutro that's true
17:21 Crazy67 :)
17:21 AndreasLutro why is that a problem?
17:22 bhosmer_ joined #salt
17:23 Crazy67 I have a trouble  with a formula,  and  salt  check  with that command  and fail
17:26 JoeJulian I just came in to this and am being lazy about scrolling back, but if the debian apache2 package doesn't provide a .service file, just create one in /etc/systemd/system for it.
17:26 AndreasLutro that would probably mess up more than it would fix
17:27 AndreasLutro salt has code to work around systemctl is-enabled not working for certain sysvinit services anyway
17:27 JoeJulian Pfft. service files are easy.
17:28 AndreasLutro yes they are, but you'd have to be confident that all the logic from the init.d script was preserved
17:30 RandyT anyone here aware of how to set the tag value for "name" when creating boto_secgroup?
17:30 RandyT list value for - name: sets group name...
17:38 trevorjay joined #salt
17:41 ferbla joined #salt
17:42 Sokel joined #salt
17:43 Sokel I'm getting an unfortunate problem now with salt where it claims that the master is not responding, even though the commands are initiated from the master, stating worker_threads should be increased. It is already at 256 with limits set to 65536. Putting my worker threads at 512 causes the server to fall flat on its face. Any suggestions?
17:44 Sokel This just started happening today with the same configuration since last month.
17:47 shaggy_surfer joined #salt
17:49 daswathn joined #salt
17:50 shaggy_surfer joined #salt
17:50 daswathn Being new to salt and trying to start salt.master on SLES 12, I hit a roadblock any help how I can start the salt.master
17:50 daswathn salt-02:~ # salt-master --log-level=debug4 Traceback (most recent call last):   File "/usr/bin/salt-master", line 22, in <module>     salt_master()   File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 45, in salt_master     import salt.cli.daemons   File "/usr/lib/python2.7/site-packages/salt/cli/daemons.py", line 47, in <module>     from salt.utils import parsers, ip_bracket   File "/usr/lib/python2.7/site-packages/salt/u
17:50 Sokel daswathn: I would post the entire thing in a paste bin (topic)
17:52 daswathn Sokel: sorry, but what is paste bin or how do I paste it.
17:52 Sokel Read the topic of the channel. --> https://gist.github.com/
17:53 trevorj Hi all, is there interest in some work I've done to make Salt more Docker friendly?
17:53 daswathn Ok will do that, thank you.
17:55 trevorj I've come up with a layered salt state approach that greatly simplifies the ordeal, especially when you want to maintain your docker cache for steps
18:03 debian112 joined #salt
18:07 tristianc joined #salt
18:07 brianfeister joined #salt
18:14 shaggy_surfer joined #salt
18:15 wt joined #salt
18:15 wt Is the network state module deprecated?
18:15 wt It's not linked from here: https://docs.saltstack.com/en/develop/ref/states/all/index.html
18:15 wt I see the name, but no link
18:15 wt pkg is in the same state
18:16 wt pkgrepo also
18:16 whytewolf wt. the develop docs got messed up.
18:16 wt ah
18:16 wt okay
18:16 wt just making sure I wasn't overlooking something
18:22 wendall911 joined #salt
18:27 rmnuvg joined #salt
18:29 Ryan_Lane basepi: https://github.com/saltstack/salt/issues/30063 <-- this has been driving me insane every release
18:29 saltstackbot [#30063]title: Add test suite that runs tests against squashed filesystem | Salt continuously has ownership/permissions bugs that keep sneaking back in over and over again. This is because many modules will attempt to change ownership, then check that the ownership is what it expects afterwards. This doesn't work on squashed filesystems, because when you do a chown, the ownership doesn't actually change. It's very common to have squashed files
18:30 shaggy_surfer anyone know why it is called SaltStack?  Is it named after where Thomas Hatch is from Salt lake city, UT?
18:30 tristianc joined #salt
18:30 shaggy_surfer where did the name come from?  I can't find it anywhere on the net
18:31 murrdoc what u know about jesus
18:31 murrdoc and his various stories
18:31 zmalone joined #salt
18:32 * murrdoc kills channel
18:32 geekatcmu not hardly
18:32 geekatcmu Jesus != Hitler
18:33 murrdoc true
18:33 murrdoc but i think the hatch names things with biblical influences
18:33 murrdoc definitely pillars
18:33 murrdoc but then again i have no idea about such things
18:36 wt I'm pretty sure that's a violation of Godwin's Law.
18:36 murrdoc i only know of one law
18:36 shaggy_surfer is makes me laugh sometimes that it's hard to find out what something means or why it was named that…. it's usually one of the first things I look up and want to know
18:36 murrdoc god wins law
18:36 murrdoc in that god wins all arguments
18:36 murrdoc and that is the law
18:37 shaggy_surfer so many peeps keep asking what does it mean?
18:37 geekatcmu not really, no
18:38 okfine joined #salt
18:41 JoeJulian The name developed as Hatch and Salisbury were developing bacon. They found they needed this framework to make bacon work, and salt and bacon sounded like an appropriate combination.
18:42 JoeJulian How bacon got it's name, though, I haven't asked yet.
18:43 zmalone left #salt
18:46 zmalone joined #salt
18:47 murrdoc whats bacon
18:47 murrdoc and i like that story , thanks JoeJulian
18:48 Bryson joined #salt
18:49 JoeJulian https://github.com/lnsybrd/bacon
18:49 geekatcmu bacon is the food of the gods.
18:50 JoeJulian Obviously, Hatch had the better business plan. :D
18:50 qman__ joined #salt
18:51 freelock joined #salt
18:53 brianfeister joined #salt
18:56 evle3 joined #salt
18:56 Rumbles joined #salt
18:56 subsignal joined #salt
18:57 shaggy_surfer interesting
18:57 subsignal joined #salt
18:57 Sokel left #salt
18:58 okfine joined #salt
19:01 evilrob joined #salt
19:02 TyrfingMjolnir joined #salt
19:03 rideh joined #salt
19:10 cberndt joined #salt
19:10 Bryson joined #salt
19:11 felskrone joined #salt
19:13 otter768 joined #salt
19:16 baweaver joined #salt
19:17 slav0nic joined #salt
19:17 debian112 can salt watch a directory of files?
19:18 debian112 something like: watch: - file: /usr/*.cfg?
19:18 moogyver joined #salt
19:19 perfectsine joined #salt
19:19 iggy not really
19:20 iggy it doesn't actually "watch" files in the sense that if they change it does something
19:20 iggy it's more if salt causes a change to a file it causes an event somewhere else that does something (the watch)
19:20 debian112 I am finally adding nagios server to salt, got a directory of hostgroups I need to watch
19:21 moogyver is it possible to use template inheritance in reactor sls files with the jinja renderer?  can't seem to get it to locate the parent template.
19:21 iggy there are however hacks for files that will watch globs
19:21 iggy so if _everything_ you are watching is managed by salt, it will sometimes do what you're expecting
19:23 hacks ME?
19:25 brianfeister joined #salt
19:25 moogyver hrm.
19:26 moogyver appears you can, although you have to keep them in the file serve area.
19:26 debian112 ok, moogyver any pointers...
19:26 moogyver ?
19:27 moogyver debian112 - i was talking about my own issue :)
19:27 debian112 ah ok gotcha
19:27 debian112 thanks iggy, I will try to find a work around
19:28 iggy debian112: inotify beacon
19:30 pmcnabb joined #salt
19:31 qman__ joined #salt
19:32 eriko_ joined #salt
19:39 Ryan_Lane shaggy_surfer: murrdoc: not biblical names, from what I know
19:39 murrdoc JoeJulian:  told us the story already
19:39 Ryan_Lane salt is from LoTR
19:40 murrdoc oh it is ?
19:40 Ryan_Lane thatch told the story at a saltconf
19:40 murrdoc go on
19:40 Ryan_Lane there's a scene in LoTR where someone mentions something about everything being better with a bit of salt
19:41 murrdoc the elfin bread
19:41 Ryan_Lane right
19:41 Ryan_Lane pillars are named pillars because it's made of bits of salt
19:42 jfindlay I think the line is something about salted pork
19:42 Ryan_Lane @jfindlay that sounds more right :D
19:43 Ryan_Lane I'm pretty sure you can find the talk on youtube
19:43 Ryan_Lane it's a keynote from last year, or maybe the year before
19:45 CheKoLyN joined #salt
19:45 tristianc joined #salt
19:48 basepi Ryan_Lane: hmmm, #30063 is incredibly broad. I recommend you split it into individual issues for individual instances where possible. Many people rely on the chowns so I'm not sure what the solution is.
19:49 basepi Maybe we move chowns and chown checks into a salt.util function and have a global "ignore chown problems" config value or something. I'll have to think on it.
19:49 Ryan_Lane @basepi usually the chowns are fine, it's the part where salt chowns, then checks to see if the chown succeeded
19:49 basepi Right, which is a very "stateful" behavior
19:49 moogyver hrm.  does jinja inheritance not work from reactor sls files?  I've got a dead simple parent/child template and it keeps failing to render.
19:49 Ryan_Lane basepi: I'm not sure it makes any sense
19:49 Ryan_Lane the call either succeeds or doesn't, right?
19:50 basepi I guess I'm trying to think if there are other instances where teh chown could fail
19:50 basepi and you'd want to know
19:50 lompik joined #salt
19:50 basepi as opposed to ignoring it
19:51 basepi anyway, I'm actually OOO today, so I have to go AFK, but I'll think on this. You may be onto something.
19:51 Ryan_Lane another option is to check the filesystem to see if it's squashed, but that's likely leading down a route of insanity
19:51 Ryan_Lane basepi: ttyl :)
19:51 basepi :)
19:55 cyborg-one joined #salt
19:56 shaggy_surfer joined #salt
19:56 rem5 joined #salt
19:58 JoeJulian Yeah, Ryan_Lane, for some reason Hatch never mentions Lindsay Salisbury's involvement.
20:00 rem5 joined #salt
20:04 morissette joined #salt
20:06 akhter joined #salt
20:08 colegatron joined #salt
20:10 viq_ joined #salt
20:14 baweaver joined #salt
20:14 mapu joined #salt
20:15 scott_w joined #salt
20:16 stupidnic joined #salt
20:16 mapu joined #salt
20:21 moogyver ok, scratch the templating.  that's not going to work out.  don't like having to separate the files into different dirs either.
20:22 moogyver er, the inheritance, that is
20:25 digitalflaunt joined #salt
20:32 foundatron So, this may seem like a silly question but how to set up salt so that new minions automatically get states applied to them when they join? Do you set a chron job on the master to periodically  run salt '*' state.highstate ?
20:32 rootforce joined #salt
20:33 foundatron I really just want to launch new minions and watch them automagically get configured by the salt master
20:36 whytewolf foundatron: https://docs.saltstack.com/en/latest/topics/reactor/index.html#reactor-system
20:36 rootforce joined #salt
20:37 rootforce Does auth_safemode: False cause the minion process to restart, or True?
20:37 foundatron whytewolf thanks
20:38 foundatron Thats a little bit more low level that was expecting....is this what most people do?
20:39 whytewolf foundatron: it gives more control over what happens when a minion is started.
20:40 foundatron gotcha...
20:47 sbogg joined #salt
20:49 iggy I just read a majority of the bacon code, and still have no earthly idea what it does
20:50 iggy foundatron: if you are using salt-cloud to spin up nodes, it has a config option to run stuff on startup (i.e. a highstate)
20:52 foundatron I'm not using salt-cloud unfortunately
20:53 Edgan foundatron: in house or cloud?
20:54 foundatron we are adding Salt as configuration management only, node launch and orchestration is done by previously established infrastructure
20:54 AndreasLutro reactors are low level?
20:54 foundatron its a mix of inhouse and cloud
20:58 Sokel joined #salt
20:58 Edgan foundatron: what cloud?
20:59 foundatron AWS and inhouse cloud, and regular vanilla inhouse
20:59 foundatron more low level than I was hoping for. I guess I was surprised that logic has to be written to get minions to run highstate when connecting/periodically to make sure they are configured properly. That seems like the core of what all configuration management tools do. I'm fine with the reactor solution.
20:59 foundatron Should take just a couple minutes
21:00 Edgan foundatron: The best way is a cron job on the master that runs them in batch mode, salt -b 8 '*' state.highstate
21:00 teryx510 joined #salt
21:00 Edgan foundatron: You can also use the reactor to make them auto run minion startup, but then it runs every time you restart the minion, not just the first time.
21:00 foundatron Thats what I would have done in puppet land,  or more so something like this https://docs.saltstack.com/en/latest/topics/tutorials/cron.html
21:01 Edgan foundatron: puppet isn't centralized for orchestration like salt without mcollective
21:01 foundatron yep, which is why we chose salt this go around :)
21:02 foundatron or at least the dream.
21:02 Edgan foundatron: Though it sounds like you already have something. I would recommend terraform for AWS provisioning. It sucks in it's own special ways, but it is more powerful than salt-cloud. Hopefully the guy I read who said he was writing something better, will.
21:03 Sokel Worker threads are set to 192, open files are set to 65536, I have about 2600+ minions. My minions are doing this: http://pastebin.centos.org/37496/ - When I check the salt-minion service, it always says 'dead, but pid file exists'. Restarting ends up killing it again later anyway.
21:03 foundatron We have a lot of established infrastructure...so these types of changes have to be done piece by piece
21:03 Sokel How do I debug this?
21:03 foundatron methodically...and incrementally
21:05 foundatron sokel, my comment wasn't meant for you (wasn't trying to be snarky)
21:06 foundatron ...but probably is true :)
21:06 rootforce joined #salt
21:08 Edgan Sokel: What version of salt?
21:10 Edgan foundatron: It is a "fun' time these days. So much legacy stuff, and 1001 new technologies that do many of the same things and do it so much better than we used to.
21:11 perfectsine joined #salt
21:13 Edgan Sokel: My guess is you don't have port 4506 open for your minions. So they connect to port 4505, get fed a request for mine data, they try to feed back the results on 4506, but can't. The exception should be handled, but it isn't.
21:14 Edgan Sokel: and I mean open 4506 on the master. It may be open on the master, but a local or network firewall is blocking it.
21:14 Edgan Sokel: Disabling salt mine may help or shift the problem.
21:15 brianfeister joined #salt
21:18 foundatron Edgan...there is certainly a lot of shiny new things to play with
21:18 * foundatron glances at the ever growing hashicorp product list
21:18 Edgan foundatron: I have a love hate relationship with them.
21:19 foundatron heh, I feel that way with most technologies I work with
21:19 Edgan foundatron: They write a lot of useful software, but it is also so painful in some way
21:19 foundatron like you said, so  may of the tools crossover
21:20 Edgan foundatron: packer, vagrant, and terraform come to mind. Also their idea of omnibus.
21:20 Edgan foundatron: omnibus is one of the big reasons I never dived into Chef
21:20 foundatron I've used chef, and puppet effectively
21:21 foundatron they have their pros and cons
21:21 Edgan foundatron: I have used puppet, salt, chef, and ansible. I have mostly used puppet and now salt.
21:21 foundatron like most tools, you have to use them for strengths, and avoid their weaknesses
21:21 Edgan yeah
21:21 geekatcmu "In other news, fire is hot!  Film at eleven."
21:22 Edgan foundatron: It is just with Hashicorp stuff their weaknesses are so glaring.
21:22 foundatron Salt in many ways has been more frustrating than puppet or chef
21:22 geekatcmu Really?
21:22 rootforce joined #salt
21:22 Edgan foundatron: They need to include some shades.
21:22 foundatron mostly because I feel like the best practices for puppet and chef are bteer established
21:22 geekatcmu OK, that's certainly fair
21:22 mapu joined #salt
21:23 Edgan foundatron: Well I looked it up recently and Puppet started in 2005. Chef in 2008. Salt in 2011, and Ansible in 2012.
21:23 foundatron I feel like most the examples in all of the salt documentation don't reflect the best practices
21:23 aarontc joined #salt
21:23 zmalone The salt issue tracker is a depressing set of second docs for salt.  I don't recall needing to constantly cross reference the bug tracker with either Puppet or Chef.
21:23 geekatcmu I started with Puppet before the big renumbering, so I remember feeling my way towards non-harmful practices.
21:23 foundatron like slecting minions with customs grains
21:24 foundatron all the docs and books tell you to do that, but that seems like a glaring security problem
21:24 geekatcmu And in my current job we're transitioning away from cfengine2 which can't happen fast enough.
21:24 Sokel Edgan: I found the issue. A coworker has a massive pillar and taking the pillar he put in out is making the minions happy.
21:24 Sokel Edgan: But thanks for reaching out :)
21:24 Edgan foundatron: Salt is very buggy. It lacks both a syntax checker, and a lint checker. Yet nothing goes to the same level of integration of the different pieces(configuration management, orchestration, deployment, masterless, etc) without going for the Enterprise version of the others.
21:25 foundatron which is what we're hoping
21:25 foundatron we're only a couple weeks in
21:25 Edgan Sokel: Interesting that a pillar caused a mine error, good to know.
21:26 whytewolf foundatron: selecting based on grains IS a security hole. and is number 5 in the general rules of best practices of things not to do.
21:27 whytewolf foundatron: https://docs.saltstack.com/en/latest/topics/best_practices.html#general-rules
21:27 Edgan foundatron: Part of the problem is that there are four major configuration management tools, and so many shops are standing on the side lines saying "Wow, that is a huge learning curve. How do I decide between the four? It is just easier to write bash scripts." Combined with every time a new devops or group of devops come into a company it tends to cause a switch from puppet to chef to ansible to chef to puppet to salt to chef
21:27 druonysus joined #salt
21:27 druonysus joined #salt
21:28 geekatcmu heh
21:28 Sokel My shop decided they wanted to go from salt to puppet, and my infrastructure teams said "No." because we used puppet before and it was a disaster.
21:29 geekatcmu I used Puppet quite successfully in two different shops, though I'll admit neither one would count as "at scale".
21:29 Sokel I think regardless of what road you take, you need to avoid the weaknesses of the CM you're using.
21:29 geekatcmu The larger of the two was ~1k servers
21:29 foundatron sokel: +1
21:29 Sokel We have a little over 2600 here.
21:29 foundatron totes agree
21:29 foundatron which is why we almost always end up mixing and matching tools
21:30 geekatcmu Sokel: not only that, you almost certainly need to throw out everything about the way you current do CM because the idioms are different for $NEW_TOOL.
21:30 Edgan Salt is very puppet like. It is really a translation of Ruby -> Python, and +Mcollective integration. Combined with additional features seen in Chef and Ansible.
21:30 whytewolf +1 geekatcmu
21:31 foundatron my big goal with all my CM projects has always been to have as much of in version control as securely possible, w/ documentation
21:31 Ryan_Lane Edgan: salt-call state.show_highstate
21:31 foundatron I wuv gitfs. honestly thats why we selected salt
21:31 Edgan foundatron: That is one of the great things about CM(and related things) they become effectively the best current documentation you are going to get out of most ops people consistently.
21:31 Ryan_Lane that will lint/syntax check
21:32 _viq joined #salt
21:32 Ryan_Lane it'll compile the jinja, grains and pillars and generate yaml for states
21:32 conan_the_destro joined #salt
21:32 foundatron well...actually gitfs is what made me think...maybe this isn't terrible...i will keep reading
21:32 Edgan Ryan_Lane: You have a git rule for that? Because that should be sung from the highest mountains if it is that easy. Every discussion I have seen, including on github issues says, yeah we now, we are working on it
21:33 Ryan_Lane git rule?
21:33 Edgan Ryan_Lane: git commit hook
21:33 geekatcmu It certainly removed the need for the "bzr update" that I had scheduled on all my puppet masters.
21:33 Ryan_Lane well, it's just salt-call state.show_highstate
21:33 geekatcmu Edgan: the thing is, you can't do it just once.
21:33 Ryan_Lane it assumes you have a system that's properly setup to run salt, of course
21:33 Ryan_Lane we run this inside of containers for test runs
21:33 Edgan geekatcmu: Do tell
21:34 geekatcmu You really need a VM for every target type you have, and run it across all of them.
21:34 Ryan_Lane works to syntax/lint check both our config management and orchestration code
21:34 Ryan_Lane we do masterless, of course
21:34 geekatcmu Ah, we're not masterless.
21:34 Edgan geekatcmu: I see your point, but even a basic typo/bad formatting detector is win++
21:34 geekatcmu yep
21:34 Ryan_Lane there's so many benefits of masterless :)
21:34 jaybocc2 joined #salt
21:34 nyx_ joined #salt
21:35 Edgan Ryan_Lane: Masterless is only good for setting up things in vagrant in my book
21:35 Ryan_Lane geekatcmu: anyway, ideally you'd make your testing work with salt-call, rather than needing "salt"
21:35 Ryan_Lane Edgan: pfft
21:35 Ryan_Lane masterless is awesome
21:35 Edgan Ryan_Lane: Having to put a copy of the code on any machine is a deal breaker
21:35 Ryan_Lane why?
21:36 geekatcmu heh, our salt-states repo includes a Vagrantfile that will build a master+3 slaves, with some per-user naming so that it easily integrates with the testing version of our asset tool.
21:36 AndreasLutro the best thing about vagrant is spinning up 5 VMs and watching them configure themselves!
21:36 Edgan Ryan_Lane: because that includes pillars
21:36 mpanetta Edgan: You do realize it is there already right?
21:36 Ryan_Lane so? we include all of our pillars, and it's great
21:36 Ryan_Lane you should be using secret management anyway
21:36 mpanetta At least the ones for that particular minion
21:36 Ryan_Lane https://github.com/lyft/confidant <--
21:37 mpanetta Yeah we use pillar for secrets... It sucks.  GPG pillars but still...
21:37 Ryan_Lane (which btw, if you havent seen this... it's a fun example of masterless aws orchestration: https://github.com/lyft/confidant/tree/master/salt)
21:37 Edgan mpanetta: I see your point, but I am pretty sure it doesn't copy the whole git tree to the minion. I was also really only talking about pillars, not so much the actual code/yaml
21:37 geekatcmu We also us GPG pillars for secrets.  We find it generally fine.
21:37 Edgan Ryan_Lane: reactor, mine, orchestration?
21:38 foundatron we are using s3 buckets for secrets/ and IAM roles access controles
21:38 Ryan_Lane no need for mine
21:38 mpanetta Edgan: No not the whole git tree, but whatever SLS executes on that minion and all the associated post-rendered pillar are there.
21:38 foundatron we are using s3 buckets for secrets/ and IAM roles for access controls
21:38 Ryan_Lane no need for orchestration
21:38 Ryan_Lane reactor would be nice, but I can live without it
21:38 Ryan_Lane SQS + workers work ok
21:38 mpanetta Until we go to something like consul we need mine heh
21:38 Edgan Ryan_Lane: haha, you aren't doing configuration management then
21:38 Ryan_Lane Edgan: why do you think I'm not?
21:39 Ryan_Lane I can deploy a service to multiple environments across multiple AWS regions and they'll all look the same
21:39 TTimo kinda - not really related: is it possible to pull from pillars for conf files like /etc/salt/cloud  ?
21:39 aurynn "you must use this many tools to be doing real configuration management" ?
21:39 TTimo or are those parsed too early / outside of that stuff
21:40 Ryan_Lane Edgan: I'm surprised you haven't read any of my blog posts :)
21:40 Edgan Ryan_Lane: orchestration is how you mass run minions. Configuration management only happens when you run your states against the machines repeatedly. Otherwise you are just doing provisioning. If that is all you want to do, you are better off with ansible.
21:40 AndreasLutro TTimo: salt-cloud lives outside of the master/minion setup, so no pillars can be available
21:40 TTimo kk
21:41 TTimo oh well .. there's other ways ..
21:41 Ryan_Lane Edgan: yeah, we deploy to the nodes. it's not just provisioning
21:41 scott_w joined #salt
21:41 Edgan Ryan_Lane: Deploy as in rerun the highstate, or deploy as in application code?
21:41 Ryan_Lane highstate, every deploy
21:42 geekatcmu Funny, I always though orchestration was more "make these nodes exchange the correct information and perform the correct operations in the correct order to make $SERVICE work."
21:42 geekatcmu e.g. deploy a Hadoop cluster.
21:42 Edgan Ryan_Lane: and what executes that highstate? Your jenkins/bamboo/build server?
21:42 Ryan_Lane geekatcmu: yeah. that
21:42 Ryan_Lane Edgan: no. the node itself executes it
21:42 Edgan Ryan_Lane: But something has to trigger the process on the nodes
21:42 Edgan Ryan_Lane: So what are you using for that?
21:43 Ryan_Lane Edgan: we generate artifacts and stick them into S3
21:43 Ryan_Lane our CI system does that
21:43 geekatcmu SOme day I'll work out the various bits to do Kerberos provisioning in an automated fashion.  And before you tell me, I've already looked at and discarded the salt-formula for that.
21:43 Edgan Ryan_Lane: ok, so your CI system is your salt master
21:43 Ryan_Lane no
21:43 Edgan Ryan_Lane: yeah, and a poor mans salt master at that
21:43 Ryan_Lane it's a CI system that builds artifacts
21:44 foundatron deep cuts
21:44 Ryan_Lane the nodes themselves see that there's a new release, download them, then run salt, then restarts the application
21:44 Edgan Ryan_Lane: If it kicks off the highstate on the nodes, it is doing one of the jobs of a salt master
21:44 Ryan_Lane it doesn't kick off the highstate, that's what you're missing :)
21:44 RandyT Hiya, trying to get a boto_elb.present state working.
21:44 Edgan Ryan_Lane: A cron job polling S3?
21:44 Ryan_Lane yep
21:44 RandyT running into some issues.
21:44 RandyT I see Ryan_Lane is around
21:44 Ryan_Lane RandyT: howdy
21:44 RandyT A lot of similarities to the following: https://github.com/saltstack/salt/issues/27183
21:44 saltstackbot [#27183]title: Error creating ELB with boto_elb.present, Security Group Name not transformed to ID | I am getting the following error...
21:45 RandyT Ryan_Lane: Yo
21:45 Ryan_Lane Edgan: our jenkins server can completely go away and we'd still be able to autoscale (or manually scale up/down)
21:46 RandyT seeing the following error: https://gist.github.com/rterbush/410f92b01e030d373580
21:46 Ryan_Lane hm
21:46 Edgan Ryan_Lane: With confidant, do you have history on your secrets? All I see is an external pillar source in the form of a database.
21:46 Ryan_Lane Edgan: yep. confidant is built with history in mind
21:47 Ryan_Lane every single modification or creation is a revision
21:47 Ryan_Lane RandyT: what's your state look like?
21:47 RandyT Ryan_Lane: just updated that gist with the state file
21:47 Edgan Ryan_Lane: The idea seems fairly solid then, but using DynamoDB is a deal breaker. Does it support any other backends?
21:47 Ryan_Lane Edgan: it requires AWS
21:48 Ryan_Lane completely
21:48 Edgan Ryan_Lane: That in itself is a deal breaker
21:48 RandyT Ryan_Lane: some confusion about whether I should be using availability_zones or subnets...
21:48 Ryan_Lane Edgan: use vault then :)
21:48 Edgan Ryan_Lane: We are talking about it, but does vault have history?
21:48 Ryan_Lane RandyT: if you're in VPC you need to use subnets
21:48 RandyT Ryan_Lane: I can verify that the last question asked in that github issue is yes, it works for me.
21:48 Ryan_Lane if you're in classic you need to use AZs
21:49 Edgan RandyT: You build a table that says if AZ a, use subnet foo
21:49 RandyT Ryan_Lane: ok, so in a vpc here
21:49 Ryan_Lane RandyT: which version of salt is this?
21:49 RandyT 2015.8.3
21:50 Ryan_Lane RandyT: it's possible you need to use the subnet ids
21:50 Ryan_Lane let me look at the code to see if it supports subnet names in 2015.8
21:51 RandyT ok, let me give that a try. As mentioned, the mapping to an id as described in that github issue works for me
21:51 Ryan_Lane oh. right. the error message does say it should be looking up the vpc id
21:51 RandyT uh, wait, that was for security group id
21:51 Ryan_Lane right
21:52 Ryan_Lane yeah... I think subnet name may not work yet
21:52 Ryan_Lane looking
21:52 Ryan_Lane Edgan: no idea if vault supports history
21:53 Ryan_Lane I build confidant before vault was released, so I didn't investigate vault a lot
21:53 Ryan_Lane *built
21:53 tristianc joined #salt
21:54 RandyT Ryan_Lane: actually, the name I was passing was for the security group name... which clearly won't work
21:54 Ryan_Lane RandyT: right... so it looks up the vpc id based on the subnet ids
21:54 Ryan_Lane so you need to use subnet ids for now
21:54 Ryan_Lane we've been working out how to use names rather than subnet ids
21:54 Ryan_Lane I think we'll probably end up with something like "vpc_name:subnet_name"
21:55 Ryan_Lane because it needs to know the vpc to lookup the subnet, or it needs to use the subnet to find the vpc
21:55 Ryan_Lane chicken/egg
21:55 RandyT If I give it actual subnet id, I get the error now updated in gist
21:57 Ryan_Lane one sec
21:57 Ryan_Lane I wonder if there's a bug in this version of the module
21:57 RandyT sorry for confusing thread here. been going in circles and am now back to where I was earlier.. the error regarding vpc_name and vpc_id being mutually exclusive
21:57 hoonetorg joined #salt
21:58 Ryan_Lane there's a bug alright.
21:58 * Ryan_Lane grumbles
21:58 Edgan This is sadly the case with salt. :(
21:58 Ryan_Lane well, the boto modules are usually pretty reliable
21:59 Ryan_Lane sometimes people sneak changes into the stable release from develop and they don't backport them correctly, though
21:59 Edgan Ryan_Lane: I would hope the pkg state would be too, but it was broken in a commonly used way in 2015.8.1(I think it was) for CentOS
21:59 * Ryan_Lane grumbles
21:59 RandyT I expect to find bugs and am never disappointed. :-)
22:00 Ryan_Lane RandyT: :)
22:00 Ryan_Lane salt occasionally does feel like death by a thousand cuts
22:00 Ryan_Lane they need to stop adding features in stable point releases
22:00 babilen Absolutely
22:00 Ryan_Lane release the stable release and then just do bugfixes
22:01 Edgan I am currently patching 2015.8.3 for an orchestration bug. Luckily the patch already existed and is merged, but waiting for the next release.
22:01 Ryan_Lane what's the point of having quarterly releases if the stable releases aren't stable?
22:01 Edgan :)
22:01 Ryan_Lane RandyT: do you know how to override the core modules?
22:01 Ryan_Lane if you include the module as a custom module, it'll override the core one
22:02 Edgan Ryan_Lane: The issue count being at 3,245 doesn't help. They should go on a bugfixing death march for a quarter, maybe two.
22:02 RandyT Ryan_Lane: I believe so... depending on where it needs to live.
22:02 Ryan_Lane I'll push up a fix, and you can override the module till the next release
22:02 RandyT Something that would drop into _modules ?
22:02 Ryan_Lane RandyT: if you're using master/minion it goes into _states
22:02 Ryan_Lane for this particular fix
22:02 RandyT Ryan_Lane: ok, can handle that. Thanks for the quick response
22:03 Ryan_Lane we made the boto_* modules state/execution modules specifically so that we can do this :)
22:03 Ryan_Lane we run develop branch modules in 2015.8
22:03 RandyT it is a beautiful thing
22:03 Ryan_Lane (we maintain them, of course :D )
22:06 Ryan_Lane RandyT: https://github.com/saltstack/salt/pull/30067
22:06 saltstackbot [#30067]title: Pass in kwargs to boto_secgroup.convert_to_group_ids explicitly | The execution module changed slightly from an earlier fix and the positional arguments are incorrect. Passing in kwargs explicitly solves this.
22:06 Ryan_Lane :'(
22:06 Ryan_Lane I know which PR did this, of course. I may have even been the one that pushed it in
22:06 RandyT Ryan_Lane: thanks again
22:06 Edgan And life comes around full circle
22:06 Ryan_Lane I really need to add more tests for these modules
22:07 Ryan_Lane RandyT: yw
22:07 Ryan_Lane RandyT: give that change a go and let me know if it helps
22:07 Edgan Ryan_Lane: What percentage of test coverage do you think salt has?
22:07 Ryan_Lane Edgan: low
22:08 Ryan_Lane they just got a QA team like maybe 1 year ago
22:08 Edgan Ryan_Lane: A QA team's job is to right tests?
22:08 Ryan_Lane the really key thing is when you report a bug and it gets fixed to ask for a regression test to be added
22:08 Ryan_Lane Edgan: a lot of salt's code is added by the community and they don't require tests for submissions
22:08 Ryan_Lane so in a lot of cases, yes
22:09 Edgan Ryan_Lane: But I would think the core developers would write tests
22:09 Ryan_Lane I think they do
22:09 Ryan_Lane but core modules are also maintained by the community
22:09 Ryan_Lane the boto_* modules, for instance, are primarily maintained by Lyft
22:10 Ryan_Lane and I'm pretty lazy about writing tests :(
22:10 Rumbles joined #salt
22:11 murrdoc works in pro
22:11 murrdoc prod*
22:11 Ryan_Lane murrdoc: indeed :)
22:11 pcn Ryan_Lane: do you think there'd be any pushback on starting a bunch of parallel boto3 modules?
22:11 Ryan_Lane pcn: nope
22:11 Ryan_Lane pcn: we want that, actually
22:11 * murrdoc pushes pcn forward
22:11 Ryan_Lane we have a module written in boto3
22:11 Ryan_Lane I really need to get that dev to upstream that :D
22:12 Ryan_Lane it's for datapipeline
22:12 iggy murrdoc: how can you be simultaneously typing in 4 different channels?
22:12 Ryan_Lane I really considered writing boto_kms in boto3
22:12 Ryan_Lane pcn: if you'd like to do that, let's sync up
22:12 murrdoc iggy:  ADD
22:12 Ryan_Lane there's a specific style we want the execution modules written now
22:13 murrdoc use ABC
22:13 Ryan_Lane boto_kms is using it
22:13 murrdoc https://docs.python.org/2/library/abc.html not trolling
22:14 Edgan FYI, for anyone thinking of implementing a git commit hook to do syntax/lint checking, you want to add the retcode-passthrough option to make it give you valid return codes on success/failure. salt-call --retcode-passthrough state.show_highstate
22:14 subsignal joined #salt
22:14 Ryan_Lane Edgan: yep
22:14 Edgan Ryan_Lane: Seems like it should be the default
22:14 Ryan_Lane you'd think
22:14 Ryan_Lane breaks backwards compat, though
22:15 pcn Ryan_Lane: I haven't looked at it too closely, but I've done tons in boto, and kind of want all of the boto modules to work in salt.  I could put a few hours a week into creating boto3 equivs. to boto modules.
22:15 pcn (by work in salt, I mean being able to use boto3, where we've decided we're going to put our effort)
22:15 Ryan_Lane pcn: cool. that would be awesome
22:16 Ryan_Lane pcn: I think it's possible to only make boto3 execution modules
22:16 Ryan_Lane the state modules can stay the same
22:16 pcn Are there examples of state modules that DTRT in similar cases?
22:17 Ryan_Lane pcn: pkg
22:17 pcn Yeah, that makes sense
22:18 rem5 joined #salt
22:18 Ryan_Lane the downside here is that this will require refactors of the boto modules
22:18 Ryan_Lane we want every execution module function to return a dict, which has an error key in it if there's an error
22:19 Ryan_Lane so that we don't rely on exceptions and also so that we don't use None as a return value
22:19 Ryan_Lane but the old boto modules don't do that
22:19 pcn So... has anyone done a PEP for an option type for python yet?
22:19 shaggy_surfer joined #salt
22:19 Ryan_Lane rather than making boto3 modules that return bad things, it would be ideal to make the boto modules return the correct thing
22:20 Ryan_Lane pcn: option type?
22:20 pcn I fell in love with this when trying to learn rust: https://doc.rust-lang.org/std/option/
22:21 Ryan_Lane ah
22:21 Ryan_Lane interesting
22:21 narco joined #salt
22:21 Ryan_Lane that would be nice :)
22:21 Ryan_Lane pcn: so, here's an example of what I mean: https://github.com/saltstack/salt/blob/develop/salt/modules/boto_kms.py#L137-L159
22:21 pcn It make things with big question marks like async, sockets, etc. much easier to code
22:22 Ryan_Lane so to make a boto3_kms module, you'd need to make a create_key function that took the same args and returned the same results
22:23 Ryan_Lane I'd always favor boto3 modules over boto modules, so in the virtual function in boto I'd check to see if boto3 is available. if so, I'd disable the boto module. in the boto3 module I'd check to see if boto3 is available and if so, enable it
22:23 Ryan_Lane in the boto3 module I'd make its virtual name boto_kms
22:24 pcn Yeah, that makes sense
22:24 Ryan_Lane so that the calls in boto_kms's state module still work
22:24 Ryan_Lane and work whether you're using boto or boto3
22:24 Ryan_Lane the way salt's modules work is pretty magical and awesome :)
22:25 pcn OK, yeah.  So whoever has the __virtual__ can grab the baton and run with the name
22:25 wangofett hey, has anyone run into trouble with salt.apache_module.enable?
22:25 RandyT Ryan_Lane: that seems to have resolved that issue. moving on to what look like permission issues for the logging bucket. Thanks again
22:26 wangofett Hah. I'm actually getting "Reason: 'apache_module' __virtual__ returned False"
22:26 wangofett :(
22:28 Ryan_Lane pcn: yeah, exactly
22:29 rootforce Can someone explain the auth_safemode toggle? I am unclear on which value causes the minion to restart.
22:32 RandyT Ryan_Lane: any chance that key meta-data is not being passed for access to S3?
22:32 felskrone joined #salt
22:32 Ryan_Lane RandyT: S3? if it's salt's S3 code, then probably
22:33 Ryan_Lane it doesn't use boto and it's buggy
22:33 Ryan_Lane I really don't understand their avoidance of boto
22:33 * RandyT sigh
22:33 Ryan_Lane it _should_ be using the metadata IAM if it's available
22:33 Ryan_Lane I've looked at the code for that. it's there for sure
22:33 RandyT I don't either... I am beating my head on the wall trying to use kms and enabling an S3 pillar... without supplying keys
22:34 RandyT doesn't work with S3 access via ext_pillar, in 2015.8.3
22:34 * Ryan_Lane grumbles
22:34 RandyT The code is in develop branch...
22:34 Ryan_Lane I'm going to have to have a serious talk with the saltstack folks at saltconf about AWS support
22:35 RandyT trying to avoid getting out on the edge if possible but it is getting harder and harder
22:35 RandyT begs the question if there should not be an aws fork...
22:35 Ryan_Lane I haven't tried the S3 pillar. a coworker of mine told me he rewrote it internally for something we wanted to use it
22:36 Ryan_Lane yeah. all the AWS stuff should be turned into execution/state modules and everything that needs to use it should use those
22:36 RandyT S3 ext_pillar works if I provide the keys... just doesn't' make any sense to expose those credentials on aws...
22:36 rem5 joined #salt
22:36 Ryan_Lane part of the problem is that masters don't use state and execution modules
22:37 narco hi everyone, a newbie question, is there anything similar to puppet's Hiera data structures with Salt?
22:37 Ryan_Lane master/minion is a bit poorly architected
22:37 Ryan_Lane narco: pillars
22:37 narco thanks Ryan ill take a look
22:37 Ryan_Lane RandyT: I'd trace the code down and fix it, then send in a PR
22:38 Ryan_Lane don't pass in credentials :)
22:38 Ryan_Lane IAM users are evil
22:38 RandyT have spent the past couple of months getting my head around it all.. may need to join you on the masterless side.... but I share the same knowledge gap of another irc person earlier about how to bootstrap the minions...
22:38 Ryan_Lane did you see my presentation on it?
22:38 Ryan_Lane you _do_ lose a lot of features by using masterless, of course
22:39 RandyT Ryan_Lane: I believe I have seen the presentation, and it may make more sense now that I am a couple of months into this. Will have to revisit it soon.
22:39 * Ryan_Lane nods
22:39 Ryan_Lane we really should add a boto_s3 state/execution module
22:42 Thiggy joined #salt
22:42 wangofett Hm. So... when mod_ssl is installed it creates a file (conf.d/ssl.conf) - I want to remove that file before apache restarts
22:42 wangofett I tried putting file.absent: /etc/httpd/conf.d/ssl.conf in the mod_ssl state
22:42 wangofett but that didn't seem to work
22:44 Rumbles joined #salt
22:44 charo joined #salt
22:45 wangofett also added a -require: - file: Remove ssl conf
22:45 wangofett that didn't work either
22:48 wangofett ahhh... I needed to add a require to my `Remove ssl conf` state - make it depend on the pkg
22:48 wangofett though strangely enough putting both the pkg and file.absent in the same `mod_ssl` state didn't work
22:51 moogyver joined #salt
22:52 rootforce joined #salt
22:53 keimlink joined #salt
22:58 colegatron joined #salt
23:02 nyx_ joined #salt
23:04 brianfeister joined #salt
23:08 elfixit joined #salt
23:15 RandyT Ryan_Lane: fyi, just created the following issue https://github.com/saltstack/salt/issues/30073
23:15 saltstackbot [#30073]title: boto_elb fails in setup of access_log to S3 | Salt version 2015.8.3 (with monkey patch to boto_elb to fix vpc_id/vpc_name issue provided by @ryan-lane )...
23:15 RandyT Does not appear to be an issue of credentials or access to the bucket.
23:15 Ryan_Lane RandyT: ah. it doesn't do that at all right now
23:16 Ryan_Lane it assumes the bucket exists
23:16 RandyT bucket does exist
23:16 Ryan_Lane and that AWS's elb service can write to it
23:16 Ryan_Lane http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html
23:16 Ryan_Lane http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html#attach-bucket-policy
23:17 RandyT ah... it is an issue of allowing access to the bucket for elb service...
23:17 * RandyT smack
23:17 Ryan_Lane yeah. this is one of those reasons I wish we had a boto_s3 state :)
23:17 RandyT me too :-)
23:18 Ryan_Lane annoyingly this is region specific
23:18 Ryan_Lane can't have a us-west-2 ELB write to a us-east-1 buxket
23:18 Ryan_Lane bucket*
23:19 RandyT ok, closing that issue. Thanks for the wakeup
23:19 Ryan_Lane yw
23:20 Ryan_Lane we should probably put that into boto_elb's docs
23:20 Ryan_Lane a link to that AWS doc, anyway
23:20 RandyT yes, that would not hurt.
23:22 drawsmcgraw joined #salt
23:22 RandyT very cool to get over the hurdle of creating an elb in salt...
23:26 Ryan_Lane RandyT: is it working yet?
23:26 Ryan_Lane sorry the intial use is difficult so far.
23:27 Ryan_Lane one day I should really sit down and improve all the docs for the modules
23:27 brianfeister joined #salt
23:28 Ryan_Lane I always think they're super easy to use since all of our devs are using them, but we introduced them slowly over time and had examples and set things up early on :)
23:29 rem5 joined #salt
23:31 baconbelt joined #salt
23:32 abednarik joined #salt
23:35 jamesp9 joined #salt
23:36 RandyT Ryan_Lane: not quite there. I have a cross account route53 issue to resolve next. :-)
23:36 Ryan_Lane :D
23:36 RandyT but generally there. and the boto curve has not been that difficult.. lots of wires to connect here... :-)
23:37 Ryan_Lane ok. that won't be so easy
23:37 Ryan_Lane I haven't tried anything cross account yet
23:37 Ryan_Lane it's on our radar
23:37 RandyT I've done a few cross account things, not so bad actually...
23:37 Ryan_Lane with the boto modules in salt?
23:37 RandyT not with boto, I am making an assumption that it is just a permissions issue in aws.
23:38 RandyT perhaps I am naive... ;-)
23:38 Ryan_Lane boto_elb will manage cnames, but I'm not sure how you'd tell it to use route53 in another account
23:39 RandyT thinking there is a way to give this account access to route53 in the other account managing the zone...
23:40 Ryan_Lane assume role policy
23:40 RandyT there is some other cross account permissions you need to allow as well...
23:41 arapaho joined #salt
23:43 scott_w joined #salt
23:46 morissette joined #salt
23:46 jaybocc2 joined #salt
23:57 wt is there a way to define multiple pillar-roots from the commandline?
23:57 wt like:
23:57 wt salt-call --file-root /tmp/blah/files --pillar-root /tmp/blah/pillar0 --pillar-root /tmp/blah/pillar1 state.highstate
23:58 wt Would something like that work?
23:58 wt err...add --local in there

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary