Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2012-11-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:29 opapo joined #salt
00:38 szaydel joined #salt
00:52 jcooley joined #salt
01:03 jcooley joined #salt
01:05 jcooley joined #salt
02:02 NoOS joined #salt
02:06 jcooley joined #salt
02:12 redbeard2 joined #salt
02:37 kuffs archtaku: you around man? I've found a bug in yumpkg.py
02:47 szaydel joined #salt
02:55 archtaku I'm here
02:56 archtaku what's up?
03:09 archtaku kuffs: ping
03:10 kuffs yo
03:10 kuffs I think I got it worked out
03:10 kuffs https://github.com/saltstack/salt/blob/develop/salt/modules/yumpkg.py#L399
03:11 kuffs that needs to go about 3 lines down
03:11 kuffs inside the conditional testing for sources
03:12 archtaku why's that?
03:12 kuffs because srcinfo isn't defined
03:13 kuffs in cases when sources is None
03:13 archtaku ahhh
03:13 kuffs srcinfo gets defined here https://github.com/saltstack/salt/blob/develop/salt/modules/yumpkg.py#L350
03:13 archtaku yup
03:14 archtaku ok, I'll make the change. need to tweak "source" back to "sources" anyway
03:14 archtaku since we decided to make all providers accept multiple sources
03:14 kuffs cool, thank you
03:14 archtaku np
03:14 archtaku sorry, I would've caught that had I tested installing a pkg from ther repo
03:15 archtaku but I was just testing RPMs
03:16 kuffs no worries man
03:21 redbeard2 joined #salt
03:29 archtaku kuffs: testing changes now
03:29 archtaku will make sure to test repo source as well :)
03:29 kuffs <3
03:46 archtaku kuffs: tested, pull req submitted
03:48 kuffs woot, looks solid
03:49 kuffs I'm glad we're in agreement about 'sources' too :D
03:49 archtaku yeah... I was thinking backwards on that. the other providers need this feature as well
03:50 archtaku was talking with tom and once this is supported across the board, the pkg state can be modified to make a single call to pkg.install when "names" is passed to the pkg state
03:50 archtaku rather than a separate call for each package
03:50 kuffs that will be nice
03:50 archtaku yeah it will
03:50 kuffs it would actually be realy nice if the highstate graph resolver would consolidate where possible
03:51 archtaku graph resolver?
03:52 kuffs I haven't delved into the code, but something has to resolve requisite chain and turn it into a sequence of events
03:52 kuffs if I remember, the lowstate data structure doesn't have explicit links between nodes in the graph, only named refs
03:53 kuffs anyway, it's only a problem because yum is so noisy when it checks the metadata
03:54 kuffs otherwise I probably wouldn't notice :D
03:54 szaydel joined #salt
03:54 archtaku I'm not familiar with the graph resolver
03:55 szaydel_ joined #salt
04:01 kuffs archtaku: just tested, works like a champ
04:05 archtaku cool
04:26 jcooley joined #salt
04:50 archtaku heading to bed, good night all
05:05 carmony joined #salt
05:12 yumike joined #salt
06:22 carmony joined #salt
07:01 oliv_mc joined #salt
07:02 oliv_mc left #salt
07:06 jugimaster joined #salt
07:14 drdran joined #salt
07:25 Furao joined #salt
07:34 jcooley joined #salt
07:37 sorenso joined #salt
07:39 drdran joined #salt
07:45 vaxholm joined #salt
08:17 scbunn joined #salt
08:17 balboah joined #salt
08:17 mmoya joined #salt
08:26 kadel joined #salt
08:30 scott_w joined #salt
08:34 sorenso joined #salt
08:46 MrTango joined #salt
08:57 rachbelaid joined #salt
08:58 mika joined #salt
08:58 mika joined #salt
08:58 sashka joined #salt
09:02 xerxas joined #salt
09:13 mnemonikk joined #salt
09:16 mrud joined #salt
09:27 balboah joined #salt
09:27 krak3n` joined #salt
09:50 NoOS joined #salt
09:59 oliv_mc joined #salt
09:59 oliv_mc left #salt
10:00 bastichelaar1 joined #salt
10:15 lightyear joined #salt
10:26 sorenso joined #salt
10:33 middleman_ joined #salt
10:34 middleman_ joined #salt
10:46 avidal joined #salt
10:47 NoOS joined #salt
10:48 Furao joined #salt
10:57 masm joined #salt
10:57 jorgeecardona joined #salt
11:20 Furao_ joined #salt
11:25 balboah I get requisites were not found for pkg: python-pil-dependencies in this state list: http://bpaste.net/show/Z5tq9zUrYGgrXz5eTlfL/
11:25 balboah Doesn't it work to have serveral pkg's listed like that?
11:31 Furao balboah: why you don't use salt.states.pip ?
11:35 Furao if you're trying to install PIL or pillow, you need libfreetype6-dev, zlib1g-dev and liblcms1-dev
11:37 Furao maybe it's not there real name, but it's the -dev of those libs
11:37 Furao and you should have python-dev as well
11:37 Furao and why you create symlinks?
11:37 Furao ah I see you have python-dev in python-pip state
11:38 Furao_ joined #salt
11:40 Furao_ balboah: I said that but got disconnected at some point http://bpaste.net/show/GFugEPb3d7yvzeqfaULb/
11:48 Furao joined #salt
11:50 drdran joined #salt
11:53 drdran joined #salt
11:55 drdran joined #salt
12:07 rachbelaid joined #salt
12:20 balboah Furao: thanks. The actual installation works. It's more about that the require statement doesn't seem to work in pip-requirements
12:21 balboah I didn't get the pip state to work with the dependecies files so that's why it's a command instead
12:21 balboah and the links were required so that PIL would detect the decoders
12:22 Furao use pillow instead
12:22 Furao it's PIL with fixes for pip
12:22 Furao and if you run pip install -r $reqfile by hands in the host?
12:22 balboah it doesn't run that, http://bpaste.net/show/HFdUPqPxpp58A8uIfzee/
12:22 balboah but if I do it will work
12:23 balboah so my original question is if it's not possible to require.pkg when you have a names list
12:24 Furao you should run the minion in debug mode
12:24 Furao to catch errors
12:24 Furao and you might want to try pre 0.15
12:26 balboah ok. So a list should be possible to require like that?
12:26 balboah I'm running salt-call in vagrant, so it's not even a real minion
12:27 balboah but I guess the loglevel could be debug instead of INFO
12:27 Furao you state look valid to me
12:29 balboah when I run it a 2nd time it works
12:29 balboah something about the first run situation I guess
12:31 balboah Furao: do you have the syntax in your head on how to do a pip state for a dependency list like that?
12:31 balboah if I should try to replace the cmd as well while I'm looking at this
12:32 balboah and about the pip state, does it always have to require.pkg python-pip or can you make it global somehow for all places that uses pip state
12:33 balboah I mean if pip binary is not installed when the first pip state is hit, it will fail
12:36 Furao you can make it to check if python-pip is installed
12:36 Furao it's better to don't over think about all possibilities
12:37 Furao just define what you expect to have and leave salt deal with it
12:37 Furao I have an example here
12:38 Furao it's a state that install sentry (http://getsentry.com)
12:38 Furao it's a virtualenv, a database, a database user, pip, an upstart config and a running service
12:38 Furao it cover far more what you're looking for
12:40 Furao I think I should just put every files into a tar
12:40 balboah and I will use file.symlink thanks for pointing it out
12:40 Furao there is some undocumented state
12:40 Furao I now use the code most of the time instead of online doc
12:41 balboah aha
12:41 balboah I would appreciate looking at your state files
12:46 Furao I had to move a password to a pillar first :)
12:46 Furao https://www.dropbox.com/s/8u1z8q7o5tpuogx/sentry.tar.gz
12:46 balboah hehe
12:47 Furao I cover most complex aspect of salt into that
12:48 Furao I included postgresql 9.2 installation from PPA, diamond installation, extend of other state
12:48 balboah thanks
12:49 Furao most sample in salt doc and saltstate repo are relatively simple, I wish I had something like this when I started
12:49 Furao diamond is a daemon that grab stats and send it to graphite
12:50 Furao in case you wonder
12:50 Furao I try to plug it everywhere I can
12:50 Furao I use diamond trough pip with a requirements.txt
12:50 Furao not use, but install
12:51 balboah great examples
12:52 Furao I use jinja2 extension for my template, because my IDE treat them as jinja template and it's easier for me to edit them
13:04 balboah I've replaced the cmd.run's now. Let's see how it goes
13:08 balboah Furao: the "postgres_user" feels a bit magical
13:09 Furao why?
13:09 Furao it don't work in 0.14
13:09 Furao I fixed it this weekend
13:09 balboah is it a state called postgres_user? or can you magically create users whose name will be the prefix of _user?
13:10 Furao it's a state
13:10 balboah ok
13:10 lightyear joined #salt
13:11 lightyear left #salt
13:12 lightyear joined #salt
13:15 balboah I tried changing the pip requriements install to this http://bpaste.net/show/D0ctjc6P4y9Tjbzz9Pfg/
13:15 balboah the info that is logged only says the first pip package in the python-dependencies.txt was installed
13:16 szaydel joined #salt
13:17 Furao why an empty name?
13:18 Furao you should try with at least 1 name
13:18 Furao right now pip probably try to do this: pip install ""
13:18 Furao with escaped bracket
13:18 rhyselsmore_ joined #salt
13:21 balboah I don't have a name to use
13:21 balboah it's only the ones in the requirement file that is supposed to be installed
13:22 balboah I guess I could name it the same as the first in the package list
13:26 balboah Furao: I guess it worked even though it only listed the first package that was installed
13:35 balboah Furao: you don't have that problem since you use virtualenv and I don't
13:36 balboah and your name is just the path to the env
13:51 jcooley joined #salt
13:52 errstr joined #salt
13:54 lightyear joined #salt
14:01 lightyear left #salt
14:04 colinbits joined #salt
14:09 carmony joined #salt
14:20 ronc joined #salt
14:28 ska joined #salt
14:33 oliv_mc joined #salt
14:36 ska I've been looking at Saltstack and Provy lately. Has anyone compared them?
14:37 dk01 joined #salt
14:39 scott_w ska: a quick look at provy tells me that salt may be better, particularly if your needs are pretty "standard"
14:40 ska scott_w: Seems like there is a bigger community for Salt here. I don't see any irc for P.
14:40 scott_w i've never heard of provy before
14:41 ska scott_w: sure.. seem like similar projects.. Python based, and light-weight.
14:42 scott_w yeah, i'm just looking at the homepage and it seems like they're happy to let you write more python code up-front
14:42 scott_w where salt encourages state files, which i definitely prefer
14:43 MrTango joined #salt
14:43 ska scott_w: Salt doesn't use mysql or other heavy services?
14:43 scott_w i could be wrong though; i've not read much of provy's doc
14:43 scott_w ska: no
14:43 scott_w just zeromq
14:43 scott_w and authentication libraries
14:44 ska Can those be installed via pip? I have Ubuntu 12 and Debian6 for example.
14:45 scott_w i wouldn't recommend it, pip has a broken version of ssl
14:45 scott_w for ubuntu 12, there's a ppa
14:45 scott_w https://launchpad.net/~saltstack
14:45 ska ok.. I see those..
14:46 ska How are all the conf files stored? Is it best to store configs in some sort of repo?
14:47 scott_w yeah
14:47 scott_w you have a master and minion config file which tell salt how to communicate i.e. to get the state files
14:47 scott_w then you write your own state files, usually in yaml, and just have them in a repo
14:48 scott_w when i provision a server, i just hg clone my salt-cfg repository into /srv/salt
14:48 ska scott_w: Do you use Git to archive those files?
14:49 scott_w i use mercurial, personally, but yeah, git is an option too
14:50 ska scott_w: thanks.. I've been looking at puppet and chef and htey seem so complex and fat, that I am not wanting to even try them.
14:51 scott_w that's how i can across salt too :-)
14:51 ska Also, salt seems to have grown quickly over the last year.. :()
14:52 scott_w yeah, it has
14:52 scott_w heck, just the last 4 months has been pretty impressive
14:52 ska I went to a Devops meeting early this year, and I heard little about salt.
14:52 ska Not sure If they had a talk on it but I didn't hear it..
14:53 scott_w plus, the guys are really good about accepting pull requests, so it's pretty easy to improve it
14:54 ska Is there a history of Salt?
14:54 scott_w history? as in a repo? or just a story behind it?
14:54 scott_w https://github.com/saltstack/salt is the github page
14:55 ska Yea.. I see it has a corprate side too.
14:56 ska Just a historical "about" type page.
14:56 scott_w ah, i don't know
14:58 wunki left #salt
14:59 archtaku kuffs: I've got some more tweaks in mind for yumpkg (which will also be used for the other package providers)
15:00 archtaku rather than calling yum/zypper/etc. once for each source, create a list of sources and join them into one long string
15:00 archtaku make one call to the package manager
15:04 archtaku bbl, driving into work
15:04 UtahDave joined #salt
15:06 sorenso joined #salt
15:07 ska If I want to have a configuration for something like shorewall, would I first start with a template or is there something already available?
15:08 ska First salt mailing list post 4/2/2011..
15:13 UtahDave I haven't seen a shorewall state yet.
15:13 scott_w what is shorewall btw?
15:14 UtahDave That would be a really cool project
15:20 drdran joined #salt
15:21 kaptk2 joined #salt
15:23 middleman_ joined #salt
15:24 balboah Furao: do you mind sharing your top files?
15:26 ska shorewall is a nice firewall system for linux..
15:27 balboah I heard about salt like a year ago or something in a podradio
15:27 ska Its quite easy to configure.
15:27 balboah but it's not until now I use it
15:27 ska And cross-platform to some degree.
15:27 opapo_ joined #salt
15:28 cnelsonsic joined #salt
15:29 balboah does anyone use salt for deployment of new code for their web app?
15:29 balboah or is that not really a good use case
15:30 UtahDave balboah: sure, you can do that.
15:30 balboah I was thinking about creating a salt runner to loop through some minions that should pull a git repository and restart some services
15:31 balboah I couldn't find examples from someone else that had tried to use it for that case
15:32 balboah for adding a little more power than just a statefile. For example rolling back to the previous version if everything didn't complete
15:36 jalbretsen joined #salt
15:37 UtahDave that would be cool.
15:40 redbeard2 joined #salt
15:41 Furao balboah: my top.sls is just '$someid': -list of other states
15:42 Yser joined #salt
15:46 Yser hi, i got an error on executing state.highstate: Error running 'state.highstate': 'NoneType' object is not iterable what does it mean exactly? running on ubuntu 12 on aws ec2 version 0.10.4 of salt
15:46 Yser top.sls: base:   '*':     - core.tools     #- core.users     #- core.hosts .........(more stuff)
15:47 Yser tools.sls: core-tools:   pkg:   - installed     - names:       - git-core       - htop  /home/install:   file:     - directory     #- name: /home/install  /var/deploy:   file:     - directory     - makedirs: true
15:48 Yser tools.sls is in <base>/core
15:48 Yser any suggestions?
15:49 balboah Furao: ok
15:50 Furao Yser: unless you pastebin everything it's probably impossible to help you
15:50 Yser ;) okay gimme some time
15:53 ska UtahDave: have you used shorewall?
15:54 UtahDave I played around with shorewall once, but that was years ago.
15:54 ska UtahDave: I guess I an use static configuration files with Salt too, ie. no templates?
15:55 UtahDave yes, you can do both
15:55 ska UtahDave: are there any examples of setting something like that up?
15:56 UtahDave ska you'll want to use the file.managed state
15:56 Yser Furao: i uploaded it here http://www.textswell.com/read,4230325990374
15:57 NoOS joined #salt
15:59 Sypher|NL joined #salt
15:59 teskew joined #salt
15:59 Furao Yser: it's probably because you have all those target with empty states
15:59 Furao 'somehost':
15:59 Furao # - commentedstate
16:00 ska For the minion, do I only need the salt-minion package?
16:00 Furao ska: yes and it's dependency
16:00 Yser ah...okay ;) thx alot ill try to remove that :)
16:01 ska Furao: so i have salt-master on the master, and salt-minion on the minion.. seems obvious,
16:01 Furao you can also install the minion on the server
16:01 Furao to handle the rest
16:02 ska The rest?
16:03 chrisgh joined #salt
16:03 ska Does the minion need to talk to the master, or can I push all data from master on request?
16:03 ska ie.. Firewall rules?
16:04 balboah do I have to put the symlinks out on their own to get a list of them to work like this? http://bpaste.net/show/r53rt3PvvoocPJyyL9Q5/
16:04 balboah it seemed to only pick one of the specified symlinks
16:05 Furao ska: the rest == everything else on the OS where the salt-server is, such as ssh, firewall, packages upgrade, etc
16:05 Furao balboah: you can't have multiple file in a state
16:06 Furao they need to be separate states
16:06 balboah ok
16:06 Furao it's the same for all state, it's only one
16:06 Furao think like it's a python dictionary
16:06 Furao {'key1': 'value1', 'key1': 'value2'}
16:06 Furao will ends as only {'key1': 'value2'}
16:07 ska Furao: So you in that way, I can manage the master through salt as well?
16:07 Furao ska: the OS of the master, the salt-server daemon itself, I actually prefer not
16:07 Furao unless you manage salt-syndic
16:07 balboah Furao: yeah. But require can have several "pkg" for example?
16:08 Furao state-name:
16:08 Furao pkg:
16:08 Furao - install
16:08 Furao - names:
16:08 Furao - pkg1
16:08 Furao - pkg2
16:08 UtahDave ska: the minions can be completely firewalled. The master needs 2 ports open
16:08 UtahDave and yes, you can run the minion on the master to have it manage itself
16:08 Yser Furao: worked perfectly. thx alot :)
16:09 Furao that is maybe a bug
16:09 Furao state with value None should be ignored
16:09 Furao but that is a badly designed state
16:09 Yser Furao: except... the master not gonna stop working but the slave already got htop and git-core
16:10 Furao slave?
16:10 Yser minion ;)
16:10 Furao the master will stop when you will ask it
16:10 Furao it don't died when a single state is applied :)
16:11 balboah Furao: I  mean is there something wrong with having multiple "pkg" like in this list? http://bpaste.net/show/vf2zDVRm8Qor4fLZGXSt/
16:11 ska UtahDave: ok on managing master, was just unsure if installing salt-minion on master was required.
16:11 Yser i dont mean the process...just the state.highsate function didnt stop :/
16:11 balboah I guess I'm confused in how the yaml translates to the python code
16:11 Furao balboah: it's translated as python dict
16:11 UtahDave ska: no, not required.
16:11 Furao and if there is dash in front of it, it's a list
16:12 Furao and that list is converted into *args passed to the state function
16:12 balboah Furao: ah
16:12 Furao it's easier to understand all this if you used to deal with python
16:12 balboah yes I'm used to python, just not yaml
16:13 ska UtahDave: I can't seem to see the Salt-master ports in netstat -pan
16:13 Furao when doc is incomplete, just look at the source code function and you can figure what going on for this stae
16:13 Furao state
16:13 balboah I guess it's a good practice to keep each state list small anyway
16:13 balboah and have more separate instead of one big
16:13 Furao they need to be modular to be reusable
16:13 ska I'm not sure what ports to open for master..
16:14 Furao ska: netstat -nap | grep LISTEN
16:14 Furao check the port open by the master process id :)
16:14 balboah Furao: thanks for the explanation
16:15 intchanter-work joined #salt
16:17 Yser Furao: i startet state.highstate on the master. The minion installed htop and git-core, so far so good...but the call of the funcion state.highstate on the master just dont stop..theres no output and i cant type in the next order in my console until ctrl+c
16:18 UtahDave ska: ports 4505 and 4506
16:18 UtahDave https://salt.readthedocs.org/en/latest/topics/tutorials/firewall.html?highlight=firewall
16:18 ska UtahDave: TCP I suppose?
16:19 UtahDave yep!
16:19 ska ok, I thouht for a moment that salt used is own protocol.
16:19 kuffs archtaku: that's sort of what I was getting at last night, I didn't realize there was an easier point of optimization
16:19 ska So I'll make a port-forward rule from firewall for tcp 4505,4506 to master
16:19 Furao Yser: because the command i probably timeout after a while, try with "salt -t999999999 '*' state.highstate"
16:22 Yser Furao: ah...alrite. thx for ur help :)
16:29 ska Do I need to generate keys on the minions?
16:29 sharpone joined #salt
16:29 sharpone left #salt
16:31 UtahDave ska: It will auto-create them for you
16:31 UtahDave Although you can create them if you want
16:32 ronc joined #salt
16:35 balboah I wonder if something like this would be nice to use with salt http://jujucharms.com/charms/precise/puppet or if they walk too much on eachothers toes
16:36 balboah e.g. use juju for the bootstrapping and configuring of minions
16:36 balboah so s/puppet/salt in that charm
16:37 Furao balboah: there is salt-cloud
16:38 balboah Furao: didn't read about that. Will google
16:38 ska UtahDave: I can't find the minion key in /etc/salt/ or pki
16:39 UtahDave When you start the minion the first time, it should auto-create the key for you
16:39 balboah Furao: did you try it?
16:40 balboah Furao: this is exactly what I wanted :)
16:40 Furao balboah: yes, all my ec2 servers are now deployed using that
16:40 Furao but I have few thousands on non virtual host I need to bootstrap :(
16:40 balboah ops
16:41 balboah maybe you can use maas
16:41 Furao it's small embedded PC installed in hundred of stores
16:41 Furao already installed in the backstore somewhere
16:41 balboah interesting
16:43 Furao I just need a girlfriend state
16:44 Furao girlfriend.groceries: -beer
16:44 archtaku kuffs: yeah, as long as we're accepting multiple sources, might as well install them together
16:44 archtaku yum and zypper can install rpms in the same command as actual packages
16:45 archtaku pacman and debian-based distros wouldn't be able to though
16:45 kuffs uh, that's actually how it's working with yum right now
16:45 archtaku indeed
16:45 kuffs oh, I thought you meant an aggregator at the state level
16:45 archtaku kuffs: wait, you mean all pkgs are joined?
16:45 archtaku and installed in a single cmd?
16:46 archtaku all sources, I mean
16:46 archtaku or yum is used to install RPM
16:46 kuffs all packages/sources in a single call to yumpkg.install are installed at the same time
16:46 archtaku ahh... cool. don't recall if I did it that way in the beginning or if you or someone else came in after and did it that way
16:46 archtaku I don't remember doing it that way to be honest
16:47 kuffs yeah, the calls to YumBase.install() only add the requested packages to the pending transaction table
16:47 archtaku and I wasn't looking at yumpkg.py at the time I made that comment
16:47 archtaku ahhh cool
16:47 kuffs Yum doesn't actually install them until YumBase.processTransaction()
16:48 archtaku nice
16:48 kuffs that part is nice, the rest is kinda ~hrnnngh~
16:48 archtaku been bouncing around so many different distros, I may have already seen that and understood it, and then forgot it
16:48 archtaku been working on suse, arch, centos5, etc
16:48 kuffs haha, the idiosyncracies of distro package managers is the worst
16:49 archtaku doing different salt enhancements
16:49 archtaku yes.
16:49 archtaku relevant: http://xkcd.com/927/
16:49 kuffs I am just thankful I only have to Q/A three major platforms
16:51 kuffs I have to be the only one who is a serious fanboi for Portage
16:52 issackelly joined #salt
16:52 kuffs it had support for slotting, user-customizable overlays done in a sane and supportable manner
16:53 kuffs the manifest for a proper autotools based package was basically a no-op, all you need is a source package and the implicit handlers will build the rest
16:53 archtaku cool
16:53 archtaku yeah I've heard good things about portage
16:54 archtaku but I've had nothing but problems when I've tried gentoo
16:54 kuffs but I think the distro as a whole got off track about 4 years ago. They insisted on ruling by a governing board rather than just appointing a leader
16:54 archtaku and sabayon refuses to install in virtualbox for me
16:54 kuffs Q/A dropped pretty bad on packages
16:55 archtaku I started with Arch a few years ago and it suits my needs well
16:55 archtaku I don't need a flashy UI, in fact I use a tiling WM
16:55 kuffs when I ran gentoo I tended toward simple desktop managers
16:55 kuffs xfce is a pretty great compromise
16:56 archtaku I've talked to a lot of people that started using a tiling WM with ubuntu or fedora and eventually said "why do I need this" and switched to Arch
16:56 archtaku arch seems to be perfect for tiling WMs
16:56 kuffs now i just run Divvy on my macbook
16:57 kuffs which is a tiling manager triggered by a hotkey
16:57 archtaku nice
16:57 archtaku I run AwesomeWM
16:58 archtaku my workstation in the office has 2 monitors, one is for browser, etc. and the other is a fullscreen urxvt running tmux
16:58 Furao_ joined #salt
16:58 ska I can'tissue a simple command: http://paste.debian.net/209281/
16:58 archtaku ska: please pastebin your /etc/salt/master
16:59 masm joined #salt
16:59 archtaku hard to tell where the problem is if all we have is an error and a line number
16:59 archtaku and nothing to refer back to
17:00 ska http://paste.debian.net/209283/
17:00 ska I removed allcomments
17:01 kuffs that kinda ruins debugging too
17:01 kuffs because the line number was the hint
17:01 ska Sorry.. Ill paste it all.
17:02 Furao_ joined #salt
17:02 ska http://paste.debian.net/209284/
17:03 archtaku ska: try putting a space after the colon on the "user:root" line
17:03 archtaku also, your 3rd level in the client_acl is indented 3 spaces from the 2nd level
17:04 archtaku don't think that's an issue but it's good to stay consistent in indents
17:04 tsclausing joined #salt
17:04 ska how many should it be?
17:05 archtaku doesn't matter, so long as it is consistent
17:05 archtaku the 2nd level is indented 2 from level 1
17:05 archtaku I stick with 2 spaces personally
17:05 archtaku like I said, probably not the cause of your error, just something to consider
17:06 archtaku I'm thinking that the lack of space between "user:" and "root" is the culprit
17:06 ska Ok, the space after : was a problem.. Now it just user authenication error.
17:06 ska ie... Failed to authenticate, is this user permitted to execute commands?
17:06 UtahDave Doesn't yaml require 2 spaces?
17:06 UtahDave for indents?
17:07 herlo generally speaking, yes
17:07 archtaku UtahDave: oh? good to know
17:08 ska Do I need to configure the Joe user on the minion or the master, or both?
17:08 UtahDave pretty sure I got bitten by that one early on.
17:08 UtahDave ska: client_acl is for allowing local users on the master to run certain commands
17:09 archtaku ska: check the docs too, you need to make sure that certain directories are readable by the users that you are setting up in client_acl
17:09 UtahDave so if you are logged into the master server as 'noobuser', then noobuser will have rights to run only certain commands
17:09 archtaku http://docs.saltstack.org/en/latest/ref/clientacl.html
17:09 UtahDave yes.
17:10 archtaku ska: might be cause of the "Failed to auth" error
17:10 ska I thought I set it up do run all commands no?
17:10 oliv_mc joined #salt
17:11 archtaku ska: http://docs.saltstack.org/en/latest/ref/clientacl.html#permission-issues
17:11 UtahDave ska: which version of Salt are you running? I recently fixed some bugs in client_acl that kept it from working
17:11 oliv_mc left #salt
17:11 Furao it's weird, it like if cmd.run: - names: - cmd1 - cmd2 run the list backward
17:11 Furao cmd2 run before cmd1
17:12 ska 0.10.4-1precise1
17:13 UtahDave Hm. I can't remember if those fixes made it into 0.10.4 or not
17:13 UtahDave ska: do you need to allow multiple users to run commands?
17:13 Furao is that just the output is returned backward? or the list of command really don't run in the list order? http://bpaste.net/show/2HSVCkb9aO6xz72SGGYC/
17:14 Furao from the process id, it's really executed in the opposite order
17:14 kuffs I think there are no guarantees of ordering unless made explicit
17:14 kuffs even among 'names'
17:14 UtahDave s0undt3ch: ping
17:15 s0undt3ch UtahDave: pong
17:15 s0undt3ch What's up
17:15 UtahDave s0undt3ch: do you have a minute?
17:15 s0undt3ch UtahDave: yes
17:16 kuffs if you have a sequence you want to execute you should consider cmd.script, explicit ordering, or joining with shell operators
17:16 ska UtahDave: I just want to do it from non-root account.. Just one.
17:16 UtahDave ska: client_acl might be broken in 0.10.4. Have you tried running the latest from git?
17:16 UtahDave s0undt3ch: I'm trying to sort out why the travis-ci builds are failing on python2.6
17:17 ska UtahDave: nope.
17:17 s0undt3ch UtahDave: so am I, for the past 2, 3 4 days?
17:17 s0undt3ch too much time already
17:17 s0undt3ch UtahDave: I'm trying a bunch of stuff
17:17 UtahDave There's some code you added to tests/integration/__init__.py, starting on line 560
17:18 UtahDave on the tests that are failing, the catch_stderr is not being set when calling run_script.  So the code block after line 560 is never being called
17:18 UtahDave Do you think it could be that?
17:19 s0undt3ch UtahDave: there are some tests which make use of catch_stderr, though, lemme re-check
17:20 s0undt3ch UtahDave: ok, the thing on those lines is, we need to test the stderr output for some tests
17:20 s0undt3ch UtahDave: that "if catch_stderr:"
17:20 s0undt3ch is just used to return (out, err)
17:21 s0undt3ch UtahDave: if catch_stderr is False, we just return out
17:21 s0undt3ch UtahDave: also
17:21 UtahDave hmm. OK. I was just wondering if that comment starting on line 565 had something to do with the memoryerror
17:22 s0undt3ch within the catch_stderr block, we need to take care for python 2.6 because on 2.6 subprocess uses select.select which is limited to 1024 fds
17:22 s0undt3ch UtahDave: right now I think that we're leaking fds
17:22 s0undt3ch still havent found out where
17:23 ska Ok, If I run the master as Joe, I can issue commands as Joe for example.
17:23 s0undt3ch UtahDave: running our tests, I don't think that we should ever reach fds>2048, specially since I'm now del()'eting them
17:23 s0undt3ch UtahDave: it could even be lower
17:24 UtahDave it's weird because running the tests on my machine doesn't fail with the memoryerror
17:24 UtahDave it seems to be something about the travis-ci environment
17:24 s0undt3ch UtahDave: https://travis-ci.org/s0undt3ch/salt/builds <- if you take a look at my builds I've created some branches to try to address this
17:24 s0undt3ch UtahDave: I've triggered it on a vagrant machine
17:24 s0undt3ch UtahDave: which is your python version?
17:25 UtahDave oh, duh. I ran it on 2.7.  :) let me try on 2.6
17:25 s0undt3ch UtahDave: yep :)
17:27 masm joined #salt
17:30 wendall911 joined #salt
17:35 carmony joined #salt
17:39 bastichelaar2 joined #salt
17:41 NoOS joined #salt
17:46 Smaragd joined #salt
17:49 bensix2 joined #salt
17:50 seb` joined #salt
17:54 Smaragd Hi. Is is possible to generate an error message in an SLS, similar to Puppet's fail() method? I would like to make sure certain conditions are met (using grains values) before a state is applied. But instead of just skipping the state definition, I would like to return an error message saying someting like "License file not present yet. Installation aborted".
17:57 chutzpah joined #salt
17:58 gordonm Smaragd: there is a 'failhard' option that might help here
18:01 Smaragd gordonm: thanks. isn't that just a global flag, though, that simply aborts the highstate run? not sure how I would pass my error message along.
18:02 gordonm right, failhard is a hammer
18:03 gordonm do you have requisites set up for the state(s) in question?
18:04 gordonm or is the problem that you're checking for grains values that might not exist?
18:05 Furao kuffs: can cmd.script render a template? because if I set the source, it run the jinja template as a bash script. and if I just specify the -template argument it failed as well but because it use the name of the state
18:05 Smaragd No, I was using jinja to include the state dynamically, but would like to have something for the {%else%} block, like fail("License file not present yet. Aborting.") to give a visual feedback when highstate is called.
18:06 Nic joined #salt
18:07 Furao damn
18:07 gordonm Smaragd: ah ok. but do you have another state that puts the license file in place? or is that not managed by salt?
18:07 Furao I'm stupid
18:07 Furao kuffs: nvm
18:08 Smaragd gordonm: that is not managed by salt. someone logs into the server and puts it there. and only then, Salt goes to town.
18:16 kuffs Smaragd: I had a similar feature request that I didn't follow up on https://github.com/saltstack/salt/issues/1904
18:23 Smaragd kuffs: this is _exactly_ what I need, but I also would like to pass along a specific error message like "failhard: True, failmessage: License missing". I can make do without, but it would make the reason for the failure clearer. I might have more tests like this, for example the OS sanity check you mention in the feature request. that log state would be nice, how can I vote for it? ;-)
18:23 kuffs I think you can still comment on closed issues
18:25 gordonm Smaragd: silly workaround that does nothing about logging, but gives you a requisite for a file not managed by salt: http://pastebin.com/Rg0yFpt1
18:25 ska is a line like: source: salt://apache/httpd.conf   mean that the httpd.conf is in my private apache folder?
18:27 kuffs Smaragd: I added a comment
18:28 Smaragd kuffs: thanks :-)
18:29 ska How do I set the document root for salt to access config files?
18:30 Smaragd gordonm: interesting use of cmd.run, heh
18:30 jplewi joined #salt
18:30 ska file_roots ?
18:30 gordonm Smaragd: untested :)
18:31 kuffs uh, actually I think you don't need the 'touch' in there
18:31 kuffs if you make a cmd with a 'test -f' as the command
18:32 gordonm kuffs: we don't want to touch the file if it doesn't exist :)
18:32 gordonm that's somebody else's job in this case I guess
18:32 kuffs pretty sure that a nonzero return code will trigger an error and thus fail the dependent state
18:33 gordonm right, in the example I don't want to start the daemon if it's license file is missing
18:33 kuffs sure, but in Smaragd's case he's not even responsible for the license file. So touching it is not something he wants to do either
18:33 gordonm but the license file isn't managed by salt... so
18:34 gordonm touch is just a noop if the file is in place... like i said it's a silly workaround
18:34 kuffs I'm saying you shouldn't need that workaround
18:34 gordonm kuffs: agreed
18:35 gordonm I'm surprised there's no unless: for file.managed actually
18:35 kuffs http://pastebin.com/z0EHyQFC
18:35 kuffs that is effectively the same thing
18:35 kuffs without the side effect of updating the timestamp on the license file on every pass
18:36 gordonm ah right
18:42 gordonm Is anybody managing minions over relatively high-latency (~150-200ms) links?
18:46 vaxholm joined #salt
18:49 jcooley joined #salt
18:56 MTecknology kuffs: You're the reason I'm doing nginx documentation the way I am... wanted to say thanks. :)
18:57 kuffs np dood :)
19:00 MTecknology docs.ngx.cc  :)
19:01 kuffs while I am proud to see more awesome documentation, I'm not sure what part I had in it?
19:02 MTecknology You walked me through a fix with the salt docs and got me aware of you salt does its documentation and that's about the exact structure I'm using for this.
19:02 xt MTecknology: "Taobao.com breaks record for online sales in a day - $3.1 billion USD", you should probably mention them among greats sites that run nginx :)
19:02 kuffs awesome!
19:03 xt MTecknology: and mention their fork http://tengine.taobao.org/
19:03 kuffs apologies for forgetting :)
19:03 kuffs also nginx owns a bunch
19:03 xt and mention openresty.org, openresty is way awesome
19:03 kuffs it's all we run internally, and it's what I recommend for others
19:04 MTecknology I've been slowly getting rid of apache in our organization
19:05 MTecknology xt: I'll have to do that. I'll probably make a section for forks
19:05 xt sure, although openresty isn't a fork
19:05 xt just a package with 3rdparty modules
19:06 MTecknology I meant in reference to tengine
19:06 kuffs you probably wanna ref http://projects.unbit.it/uwsgi/wiki/RunOnNginx when talking about serving python
19:11 xt I wrote a photo gallery this weekend using lua served directly from nginx, and redis backend. Nice weekend project:)
19:14 ska UtahDave: how do you organize your file_roots and config files?
19:14 MTecknology kuffs: I'll be referencing a lot of resources... I'm aiming for extremely high quality this time around.
19:14 stanchan joined #salt
19:14 MTecknology xt: neat!
19:15 UtahDave ska: Just the standard way
19:16 kuffs UtahDave: are there docs hiding somewhere for state return types and/or state Exceptions
19:18 UtahDave Apparently there isn't
19:18 UtahDave but it's pretty simple.
19:19 kuffs I wanted to revisit #1904 because I saw some chatter about new ways that Exceptions were handled in states
19:19 UtahDave States must return a dict with 4 fields
19:19 kuffs (also because the presented workaround wasn't really what I needed)
19:20 UtahDave hm.
19:20 szaydel joined #salt
19:20 UtahDave for example salt/states/network.py on line 162 lays out a good example
19:20 UtahDave 'name' must be a string
19:20 UtahDave 'changes' must be a dict
19:21 UtahDave 'result' must be True False or None
19:21 UtahDave 'comment' must be a string
19:21 kuffs cool
19:21 UtahDave that's pretty much it.  I should put together a doc.
19:21 kuffs and I can use Exceptions as a vector to generate an immediate halt, right?
19:23 UtahDave kuffs: yes, set Failhard to True in the master config or the sls file
19:23 UtahDave then the exception will be added to the comment field of the return dict with 'result' set to False
19:24 edroid_ joined #salt
19:25 kuffs hrm
19:25 kuffs kinda hoping for a more consistent way to do something like
19:25 kuffs log.warn as a state, with log.failure as an immediate halt
19:27 intchanter-work1 joined #salt
19:27 UtahDave interesting
19:27 kuffs similar to the way that puppet handles things
19:27 kuffs because there are some platforms that my sls files don't support
19:27 ska UtahDave: you store them in a system folder or on user account?
19:27 kuffs I'd like to gate them so that other admins don't mistakenly try to apply them
19:29 UtahDave ska: usually    /srv/salt
19:29 UtahDave kuffs: I see.
19:30 UtahDave well, you could just raise an exception if the wrong os is running or some other condition exists, and then the state will just fail
19:30 UtahDave no harm
19:31 kuffs the state will, but not the entire sls
19:31 ska UtahDave: cool. Can you use a git repo directly instead of flat files?
19:31 ska take that back. git is flat.
19:31 kuffs I'll post up an example with a proof-of-concept later
19:31 UtahDave people often keep all their sls files in git
19:32 UtahDave kuffs: cool. I'd like to see it.
19:32 UtahDave back in a bit.
19:37 johnthedebs joined #salt
19:39 oliv_mc joined #salt
19:42 ska So I can just put my_server under file_roots and call it that way?
19:55 szaydel joined #salt
20:01 NoOS joined #salt
20:01 ska joined #salt
20:01 ska joined #salt
20:03 scott_w joined #salt
20:16 jcooley joined #salt
20:20 maelfius joined #salt
20:26 sharpone joined #salt
20:29 dkehn joined #salt
20:38 yumike joined #salt
20:51 sorenso joined #salt
20:57 NoOS joined #salt
20:59 sharpone joined #salt
21:00 sharpone joined #salt
21:01 bretep joined #salt
21:02 sharpone1 joined #salt
21:05 UtahDave ska: yes, you can do that if you call state.single
21:05 UtahDave or if your top file directs a minion to run that sls
21:11 sharpone joined #salt
21:11 jcooley joined #salt
21:12 jcooley_ joined #salt
21:24 ska UtahDave: I forgot my question.. I had a shutdown
21:25 ska Yea, I'm trying to figure out the top.sls stuff now.
21:26 UtahDave gotcha. let me know if you have any questions, ska
21:26 ska Does top.sls sit next to master, and if so, does it override the file_roots in master?
21:27 UtahDave top.sls sits in the root of your file_roots
21:27 ska ah.
21:27 UtahDave so usually  /srv/salt/top.sls
21:30 ska Its kinda strange, master has a "base" in it, but so do the examples in http://docs.saltstack.org/en/latest/ref/states/top.html
21:30 ska oh.. its different.. top.sls has different format.
21:43 cnelsonsic joined #salt
21:52 colinbits joined #salt
21:53 ska My apache2 setup is way more complex than the examples.. not sure how to handle all the folders.
21:54 ska site-available, sites-enabled etc.
21:55 ska Can I put an etire directory in a state ?
21:58 UtahDave yep
22:04 ronc joined #salt
22:05 __number5__ joined #salt
22:18 ska Will softlinks also be portable?
22:22 ska There's a ton of setup to do.. Like SSL keys, etc.
22:24 stanchan joined #salt
22:25 ska I shouldprobably make my keys on master?
22:31 kuffs UtahDave: let me know if my pull request helps you out. And I'd like to know of any esky problems you run into
22:31 UtahDave OK, I'll do that. I haven't gotten to esky today, but probably tomorrow
22:32 UtahDave just checked your email. cool. Thanks, kuffs!
22:32 kuffs I really spent the better part of the last two days banging my head on the table over that issue
22:32 kuffs I just hadn't submitted a patch cause I didn't think anyone else was using it yet :D
22:33 UtahDave he he.  Once we get 0.10.5 out the door I'm going to be spending a bit more of my time polishing the windows minion
22:36 jfroche joined #salt
22:47 ska Will a recursve file.recurse delete any existing files in the minion?
22:53 UtahDave ska: not by default. There's an option to force that
22:54 pau joined #salt
22:54 ska UtahDave: I see a mixture of files in my /etc/apache2. Some configs, some softlinks,
22:55 ska some set by system and I don't wnat to overide defaults too much.
22:55 ska Its never a simple http.conf file anymore :)
22:56 marcinkuzminski_ joined #salt
22:56 marcinkuzminski_ joined #salt
22:56 UtahDave yep
22:59 Newt[cz] joined #salt
22:59 ska Does anything special go into my "base" folder in file_roots?
22:59 ska Or is it all arbitrary..?
23:00 UtahDave whichever sls files you want to apply to that "base" environment
23:01 kuffs http://salt.readthedocs.org/en/latest/ref/states/top.html#environments
23:02 kaptk2 joined #salt
23:02 jplewi joined #salt
23:05 ska How does Server "A" know if it is part of base or part of dev in that example above?
23:06 kuffs top.sls dictates which node gets which environment
23:06 kuffs which is documented right below that
23:06 SEJeff_work ska, http://docs.saltstack.org/en/latest/ref/configuration/minion.html#environment
23:06 SEJeff_work Actually the minion config does :)
23:07 SEJeff_work Well either or, but both work. Salt is quite flexible
23:07 SEJeff_work I've got to leave now. Convenient
23:08 jeffrubic joined #salt
23:11 ska So On the minion config i use "environment: dev" and i have a /src/salt/dev on the master?
23:14 stanchan joined #salt
23:17 UtahDave yep. So you can have your dev environment use slightly different sls files than your production environment
23:18 Newt[cz] joined #salt
23:29 Newt[cz] joined #salt
23:30 ska Is there a tutorial for a simple system?
23:34 Newt[cz] joined #salt
23:39 oliv_mc joined #salt
23:45 Newt[cz] joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary