Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 hemebond foodo: How are you testing your events?
00:01 sp00ky for instance, if I do a pillar.items for a machine from the master to a remote minion, isn't that data encrypted before being sent back to the master?
00:01 hemebond sp00ky: The connection is encrypted, yes.
00:02 hemebond I'm not sure if it's possible to use an insecure connection. I would guess it would be a transport option (transport_opts).
00:03 pipps joined #salt
00:03 sp00ky and in my environment I'm seeing significant cpu overhead when performing similar commands across ~250 minions.  I believe this can be attributed to the encryption/decryption process.
00:03 sp00ky which is why I would like the option to disable it to test my hypothesis
00:03 hemebond Which transport are you using?
00:03 sp00ky zeromq
00:04 hemebond According to the Salt creator "No, we don't allow for the encryption to be turned off"
00:05 sp00ky hmm
00:05 sp00ky that's unfortunate
00:05 hemebond Can you try another transport like TCP?
00:05 sp00ky I came to my conclusion after finding this - https://docs.saltstack.com/en/latest/topics/tutorials/intro_scale.html#the-master-is-cpu-bound
00:06 hemebond And it's when you highstate or something?
00:06 sp00ky we also ran some some tests using pycrypto to attempt to emulate what might be happening and saw similar cpu activity
00:07 foodo here is my beacon config and an example of an event https://gist.github.com/m4rx0/1d201820182063ac26370862f1b654d8
00:07 sp00ky yeah, highstate, pillar_refresh, sync_all
00:07 hemebond foodo: Is that file path in "minion conf" Gist correct?
00:08 hemebond sp00ky: How many minions?
00:08 sp00ky ~250
00:08 hemebond And does the master die?
00:08 foodo hemebond: the path is rigth and i can see the event on the bus
00:09 hemebond I'm surprised it works since it's missing the first / but okay, I see the event.
00:09 sp00ky the cpu becomes completely saturated which leads to things timing out'
00:09 hemebond sp00ky: Try out the TCP transport.
00:09 hemebond If you can.
00:09 hemebond Not really a solution but might be worth a try.
00:09 hemebond *worth testing.
00:10 hemebond Doesn't look like you can do much about the encryption so maybe refactoring your pillars/states will help.
00:10 sp00ky yeah
00:11 sp00ky we're also going down that route
00:11 sp00ky looking at zeromq I highly doubt it's the transport causing the overhead, but it's worth a shot
00:13 hemebond foodo: So in your test the master reacts to the change in file by installing a package? That's your test?
00:16 hemebond foodo: Oh, could it be {{ data['data']['id'] }} ?
00:16 hemebond There seems to be some inconsistency in the documentation.
00:16 nicksloan joined #salt
00:20 foodo hemebond: you're rigth {{ data['data']['id'] }} works. in the documentation it's like {{ data['id'] }} https://docs.saltstack.com/en/latest/topics/reactor/index.html#a-complete-example
00:20 hemebond Yeah. It's correct on the beacon page but not in that example.
00:20 hasues joined #salt
00:20 hasues left #salt
00:21 hemebond You might like to create an issue on Github about it. Should be easy for someone to fix.
00:21 systo joined #salt
00:23 foodo hemebond: thx! i found it on the beacon page too, now :-)
00:35 flowstate joined #salt
00:38 badon joined #salt
00:46 schemanic_ Hey
00:46 schemanic_ I need advice about how to manage a user's home directory, which I want to create, but I want it's parent directories owned by root
00:47 schemanic_ so if I am creating guestuser's home at /sftp/guestuser/incoming I want incoming owned by guestuser and it's group, but I want sftp and guestuser owned by root
00:48 schemanic_ Where should I look for in state modules to help me with this?
00:50 pipps joined #salt
00:52 mavhq joined #salt
00:57 hemebond schemanic_: file.managed or file.directory
00:58 schemanic_ hemebond, thanks. I'm looking there now. The issue of sftp jailing is difficult. There doesn't seem to be a chroot directive for those
01:01 hemebond For what? Those functions?
01:01 hemebond I'm not familiar with chroots.
01:11 m4rx joined #salt
01:31 edrocks joined #salt
01:35 flowstate joined #salt
01:46 catpigger joined #salt
01:50 ninjada joined #salt
01:51 hasues joined #salt
01:53 hasues left #salt
01:59 ninjada joined #salt
01:59 Nahual joined #salt
02:00 perfectsine joined #salt
02:05 bastiandg joined #salt
02:20 iggy coredumb: the version added would be after 2016.3
02:20 iggy I'm not logged into gh, so you'll have to live with PR notes here
02:24 iggy coredumb: I'd make the virtual function check for apk bin rather than checking grain
02:28 flowstate joined #salt
02:30 Disorganized_ joined #salt
02:32 gladiatr joined #salt
02:34 ninjada joined #salt
02:34 stooj joined #salt
02:36 iggy s/IPK/APK/g
02:45 sagerdearia joined #salt
02:48 iggy pkg_to_install = name.split(',') should be sufficient for both cases
03:04 iggy coredumb: on the service __virtual__ do you need to check for systemd.booted there like the lines above?
03:30 krymzon joined #salt
03:32 tuxx joined #salt
03:33 edrocks joined #salt
03:34 flowstate joined #salt
03:45 ablemann left #salt
03:54 cyborg-one joined #salt
03:59 JPT joined #salt
04:21 badon joined #salt
04:29 ninjada joined #salt
04:34 flowstate joined #salt
04:41 armguy joined #salt
04:48 barmaley joined #salt
04:49 dendazen joined #salt
05:10 yomilk joined #salt
05:20 sagerdearia joined #salt
05:31 krymzon joined #salt
05:35 edrocks joined #salt
05:36 flowstate joined #salt
05:47 barmaley joined #salt
05:51 lompik joined #salt
06:21 ageorgop joined #salt
06:34 flowstate joined #salt
06:44 armyriad joined #salt
06:47 jxm_ joined #salt
06:54 nebuchadnezzar joined #salt
06:57 coredumb iggy: well there's no systemd option on Alpine like on Gentoo
06:59 coredumb as for checking for apk, well ... if os is Alpine apk is present, it's part of the base install
07:01 coredumb btw
07:01 coredumb installed 4 minions and one master
07:01 coredumb works OK
07:01 coredumb for what I've tested at least :P
07:13 ninjada joined #salt
07:14 yomilk joined #salt
07:26 ninjada joined #salt
07:35 flowstate joined #salt
07:38 edrocks joined #salt
07:51 ninjada joined #salt
07:52 ninjada joined #salt
07:53 jxm__ joined #salt
08:01 yomilk joined #salt
08:06 bocaneri joined #salt
08:08 bocaneri joined #salt
08:09 name joined #salt
08:09 ivanjaros joined #salt
08:10 yomilk joined #salt
08:34 silver310 joined #salt
08:34 flowstate joined #salt
08:34 silver310 hello, any reason why my salt master keeps rejecting keys over and over
08:34 silver310 i've deleted all old minions keys but it just rejects them
08:35 lwxroot joined #salt
08:38 nkuttler silver310: what do you mean? do you preseed the keys?
08:38 silver310 I do with salt-api, but this time i added them manualy
08:39 nkuttler is an salt-key -a ?
08:39 silver310 I start the salt-minion, accept the key in the master, then the minion exits because his key was rejected, but in the master i can still see the minion in salt-key -L
08:40 silver310 yes with salt-key -a/-A
08:40 babilen Could you show us?
08:40 babilen (logs + command output)
08:40 nkuttler run the minion with -l debug
08:40 silver310 [ERROR   ] Corrupt public key "/etc/salt/pki/master/minions/ubuntu16test": string index out of range
08:41 silver310 i see this in master logs
08:41 silver310 but it was working fine last week
08:42 babilen Which version of salt is that?
08:42 babilen What's the content of that file?
08:42 silver310 2016.3.3
08:42 silver310 both master and minion
08:43 silver310 the file is empty
08:44 babilen Obviously not working then
08:44 babilen Delete it and try again
08:44 babilen How did you remove the minion keys earlier?
08:44 silver310 salt-key -d
08:44 silver310 i've been removing and trying again 15+ times now
08:45 nkuttler if the minion ended abnormally the upload might have failed
08:52 babilen Anything in the minion logs while it uploads the keys? (run it in debug mode as indicated by nkuttler earlier)
08:53 babilen http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
08:58 silver310 ok now it works
08:58 silver310 don't know what i did different
09:08 silver310 is there any way to tell salt to install ubuntu packages with DEBIAN_FRONTEND=noninteractive
09:10 yomilk joined #salt
09:10 keimlink joined #salt
09:19 XenophonF it should do that automatically
09:20 XenophonF although i've hit a few bugs in package setup scripts where they assume things are interactive
09:20 XenophonF pretty rare though, especially with dpkg/apt or rpm/yum
09:31 yomilk joined #salt
09:33 silver310 well i found one that has issues
09:33 silver310 nslcd
09:35 flowstate joined #salt
09:37 yomilk joined #salt
09:40 edrocks joined #salt
09:50 ninjada joined #salt
10:01 jacekplacek joined #salt
10:26 Trauma joined #salt
10:32 ivanjaros joined #salt
10:36 flowstate joined #salt
10:37 ninjada joined #salt
10:37 ivanjaros3916 joined #salt
10:54 m4rx joined #salt
11:03 krymzon joined #salt
11:06 foodoo joined #salt
11:09 silver310 joined #salt
11:09 silver310 hello, is there a way to prompt user for credentials when running a state?
11:12 silver310 I've tried cmd.script to run a bash script, although it runs it does not echo anything no screen
11:35 fredvd joined #salt
11:35 flowstate joined #salt
11:36 ninjada joined #salt
11:38 ninjada joined #salt
11:43 edrocks joined #salt
11:47 dendazen joined #salt
12:01 catpig joined #salt
12:11 cyborg-one joined #salt
12:18 yomilk joined #salt
12:23 yomilk joined #salt
12:33 flowstate joined #salt
12:35 keimlink joined #salt
12:40 teryx510 joined #salt
12:56 writtenoff joined #salt
13:07 keimlink joined #salt
13:08 keimlink joined #salt
13:35 flowstate joined #salt
13:40 akitada joined #salt
13:46 Zaunei joined #salt
13:54 cyborg-one joined #salt
14:01 Zaunei joined #salt
14:15 nicksloan joined #salt
14:23 perfectsine joined #salt
14:27 justanotheruser joined #salt
14:29 gladiatr joined #salt
14:29 besideyou joined #salt
14:30 besideyou_ joined #salt
14:31 besideyou left #salt
14:33 flowstate joined #salt
14:37 besideyou_ left #salt
14:46 edrocks joined #salt
14:53 gladiatr joined #salt
15:01 pppingme joined #salt
15:13 PerilousApricot joined #salt
15:24 PerilousApricot joined #salt
15:32 ageorgop joined #salt
16:09 cyborg-one joined #salt
16:15 JPT joined #salt
16:32 CeBe joined #salt
16:40 hasues joined #salt
16:41 hasues left #salt
16:44 PerilousApricot joined #salt
16:49 edrocks joined #salt
16:58 ssplatt joined #salt
17:08 ivanjaros joined #salt
17:28 krymzon joined #salt
17:29 deus_ex joined #salt
17:46 PerilousApricot joined #salt
18:02 Lionel_Debroux joined #salt
18:05 iggy coredumb: I mostly meant that if some other distro started shipping apk it could be used there too... and also the module could be backported to versions of salt that don't have report Alpine for the os_family grain
18:09 ageorgop joined #salt
18:14 coredumb iggy: oh I see
18:14 coredumb I think it's safe to say that we'll see when it happens :P
18:21 systo joined #salt
18:26 roock joined #salt
18:49 LiamMon_ joined #salt
18:51 edrocks joined #salt
19:09 jenastar joined #salt
19:55 krymzon joined #salt
19:55 ageorgop joined #salt
20:06 ivanjaros joined #salt
20:12 ageorgop joined #salt
20:42 subsignal joined #salt
20:54 edrocks joined #salt
20:58 PerilousApricot joined #salt
21:14 cyborg-one joined #salt
21:20 PerilousApricot joined #salt
21:27 nicksloan joined #salt
21:29 Morrolan_ joined #salt
22:21 yomilk joined #salt
22:33 ageorgop joined #salt
22:36 yomilk joined #salt
22:39 flowstate joined #salt
22:54 LiamMon joined #salt
22:56 edrocks joined #salt
22:57 ageorgop joined #salt
23:03 PerilousApricot joined #salt
23:35 schemanic_ joined #salt
23:42 \ask joined #salt
23:50 perfectsine joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary