Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-05-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 akoumjian joined #salt
00:06 wilywonka joined #salt
00:07 oz_akan joined #salt
00:11 WarheadsSE joined #salt
00:12 __number5__ joined #salt
00:28 lex__ joined #salt
00:42 aat joined #salt
00:43 timl0101 joined #salt
00:48 aat joined #salt
00:55 pcarrier_ joined #salt
00:57 Focus_ joined #salt
00:57 oz_akan joined #salt
01:10 izquierdo joined #salt
01:11 akoumjian joined #salt
01:24 terminalmage Corey: you there?
01:24 Slipo joined #salt
01:24 cxz joined #salt
01:27 akoumjian joined #salt
01:30 clintberry joined #salt
01:50 akoumjian joined #salt
01:55 cxz joined #salt
01:57 dstanek joined #salt
01:59 whit joined #salt
02:00 wilywonka joined #salt
02:14 mgw1 joined #salt
02:18 mgw joined #salt
02:21 mgw1 joined #salt
02:28 goodwill joined #salt
02:29 goodwill morganfainberg: ping
02:35 koolhead17|afk joined #salt
02:39 mgw joined #salt
02:40 mgw1 joined #salt
02:43 spudbook joined #salt
02:50 Ryan_Lane joined #salt
02:55 maspwr joined #salt
03:15 Katafalkas joined #salt
03:18 dlam joined #salt
03:28 pcarrier_ joined #salt
03:32 scooby2 joined #salt
03:33 akoumjian joined #salt
03:34 austin__ joined #salt
03:55 oz_akan joined #salt
04:00 cxz joined #salt
04:05 Katafalkas joined #salt
04:07 maspwr joined #salt
04:23 dthom91 joined #salt
04:27 Katafalkas joined #salt
04:43 dstanek joined #salt
04:43 jalbretsen joined #salt
04:49 cxz joined #salt
04:50 maspwr joined #salt
04:54 FreeSpencer joined #salt
04:55 FreeSpencer joined #salt
04:58 Katafalkas joined #salt
05:03 wilywonka joined #salt
05:03 timl0101 joined #salt
05:03 hotbox joined #salt
05:03 basepi joined #salt
05:03 herlo joined #salt
05:03 codysoyland joined #salt
05:03 multani joined #salt
05:03 erasmas joined #salt
05:03 retr0h joined #salt
05:03 darrend_ joined #salt
05:03 mattikus` joined #salt
05:03 jbub joined #salt
05:03 KFDM joined #salt
05:03 eightyeight joined #salt
05:03 opapo_ joined #salt
05:03 jphall_ joined #salt
05:03 stephen__ joined #salt
05:03 cce joined #salt
05:03 Ahlee_ joined #salt
05:03 fivethreeo joined #salt
05:03 loz_hurst joined #salt
05:08 mgw joined #salt
05:16 oz_akan joined #salt
05:19 mgw1 joined #salt
05:20 UtahDave joined #salt
05:26 clintberry joined #salt
05:46 jeddi joined #salt
05:50 LLckfan joined #salt
05:50 LLckfan Can some1 tell me why in Google Chrome it sometimes will not go to the address I type in but if I click a link somewhere it goes to that address with an issue
06:03 jeddi joined #salt
06:10 akoumjian joined #salt
06:19 terminalmage LLckfan: not sure how this is salt-related
06:19 terminalmage can you clarifyy?
06:19 terminalmage *clarify
06:25 mirko joined #salt
06:31 krissaxton joined #salt
06:37 drdran joined #salt
06:38 auser joined #salt
06:38 auser hey all
06:45 akoumjian joined #salt
06:47 Katafalkas is there a way to add configuration to minion via some state ?
06:48 Katafalkas like I need to add mysql configuration stuff so the mysql module would work. ofc I would like to do remotely via salt
06:54 vaxholm joined #salt
06:56 fredvd joined #salt
07:04 auser do pillars not work for that Katafalkas?
07:04 Katafalkas documentation states that the config options need to be added to /etc/salt/minion
07:07 it_dude joined #salt
07:14 balboah joined #salt
07:15 balboah joined #salt
07:19 p3rror joined #salt
07:26 unicoletti_ joined #salt
07:34 Charatna joined #salt
07:34 Charatna left #salt
07:35 jugimaster joined #salt
07:35 kadel joined #salt
07:42 tharkun joined #salt
07:42 tharkun joined #salt
07:45 akoumjian joined #salt
07:53 Newt[cz] joined #salt
07:57 __gotcha joined #salt
07:57 __gotcha joined #salt
07:58 scott_w joined #salt
08:00 azbarcea joined #salt
08:05 __gotcha joined #salt
08:05 __gotcha joined #salt
08:08 auser has anyone seen an error like this before on Ubuntu: The following package(s) failed to install/update: git-core. Error:  E: Sub-process /usr/bin/dpkg returned an error code (2)
08:09 auser I can absolutely install it with apt-get
08:11 maksim_ joined #salt
08:12 maksim_ Hello, I need to ensure that 25 packages are installed using a salt state file, it feels like salt installs them one by one and I keep getting yum lock messages.. is there a way to install them all at once?
08:13 auser I don't think so maksim_
08:13 auser well
08:13 auser maybe
08:13 auser you could try - names:
08:13 auser - pkg1
08:14 unicoletti maksim_: use pkgs instead of names in pkg.installed
08:14 unicoletti see the usage example here: http://salt.readthedocs.org/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
08:15 maksim_ names seems to do the same as pkg, will try pkgs
08:22 unicoletti names is not defined anywhere, how do you use it?
08:30 p3rror joined #salt
08:33 bhosmer joined #salt
08:33 krissaxton joined #salt
08:36 d10n joined #salt
08:37 unicorn joined #salt
08:39 favadi joined #salt
08:40 ronc joined #salt
08:44 efixit joined #salt
08:45 akoumjian joined #salt
08:57 carlos joined #salt
09:03 auser gr, does unless mean the bash command returns 0, it will run or won't?
09:09 Valda joined #salt
09:14 fredvd joined #salt
09:17 backjlack joined #salt
09:26 Katafalkas joined #salt
09:26 jeddi joined #salt
09:34 auser so anyone up?
09:36 Katafalkas i am
09:37 Katafalkas does anyone have a good example of pkgrepo.managed ? for some reason I cant get the key working
09:39 whiteinge joined #salt
09:39 Katafalkas ! nvm ! for some reason, 5min later it started working :)
09:43 favadi hi, I define a new environment in file_roots:
09:43 favadi dev:
09:43 favadi - /home/favadi/salt
09:44 fredvd joined #salt
09:44 favadi Everything seem to work fine when salt '*' state.sls env=dev
09:44 favadi but when i refer to salt://something.rpm
09:44 favadi salt do not read from /home/favadi/salt
09:45 favadi Is it a bug?
09:46 Sacro favadi: more likely a misconfiguration
09:46 akoumjian joined #salt
09:46 Sacro though it could be, that looks right
09:47 Sacro did you restart the master?
09:47 favadi Sacro: yes, because and I can run new sls file in /home/favadi/salt without problem
09:48 tharkun joined #salt
09:48 tharkun joined #salt
09:48 Katafalkas joined #salt
09:49 Sacro favadi: raise a ticket on github perhaps
09:58 favadi so, no one has this problem?
09:59 Katafalk_ joined #salt
10:10 SpX joined #salt
10:17 Sacro favadi: you do
10:17 Sacro therefore, not noone
10:17 bhosmer_ joined #salt
10:26 tharkun joined #salt
10:26 tharkun joined #salt
10:27 efixit joined #salt
10:28 whiteinge joined #salt
10:30 dcrouch joined #salt
10:34 SpX joined #salt
10:37 backjlack joined #salt
10:47 akoumjian joined #salt
11:02 unicoletti left #salt
11:03 efixit joined #salt
11:12 trbs2 joined #salt
11:16 giantlock joined #salt
11:24 pkimber joined #salt
11:30 __gotcha joined #salt
11:30 __gotcha joined #salt
11:30 dcrouch joined #salt
11:30 bejer Hi, is there an overview of an advanced multi heterogeneous minion setup? I'm interested in the file server layout - especially if I have different hosts/minion with different e.g. mount points, cron jobs, etc. - should I just fill the state files with if's and reuse the state content or create different state files and do the separation in the top file (maybe ending up with something_<host>.sls because the states become very host specific?)) - it wou
11:31 it_dude joined #salt
11:42 dcrouch joined #salt
11:47 akoumjian joined #salt
11:50 Madkinder joined #salt
11:53 oz_akan joined #salt
11:54 napperjabber joined #salt
11:55 krissaxton joined #salt
11:55 Katafalk_ Hey, I am trying to created a VM image that would connect to salt-master on starting a server from that image. For some reason it does not seem to work.
11:56 Katafalk_ I installed salt-minion on the image. And added salt-master IP to /etc/salt/minion config file.
11:57 Katafalk_ when I login to the server, after it started and did not connect to salt-master - it has salt-minion running. and can ping salt-master
11:57 Katafalk_ if I restart salt-minion - it connects to master straight away.
11:58 Katafalk_ I have tried playing with run levels - but that does not help
11:58 Katafalk_ sot sure where the problem lies
11:59 Katafalk_ any ideas ?
12:00 Madkinder Katafalk_: anything interesting in minion's logs?
12:02 Katafalk_ Madkinder: ok. forgot to look at the logs ... yeah. there is [salt.crypt       ][ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
12:03 Madkinder does waiting help?
12:03 Katafalk_ so the key is cahced from the previuose image i created :(
12:03 Katafalk_ nop
12:03 Katafalk_ waiting does not help
12:03 Madkinder hm, so your image has a hard-coded key, right?
12:03 Madkinder thus if you create 10 copies of the image you get, basically, 10 equal minions (well, from the master's point of view), right?
12:04 Katafalk_ well it seems like it. is there some way of telling salt-minion to redo key on startup ?
12:04 Katafalk_ yeah
12:04 Katafalk_ that correct
12:04 Katafalk_ s
12:04 Katafalk_ but if I restart salt-minion - it works like a charm
12:04 Katafalk_ s
12:04 Madkinder have you read http://docs.saltstack.com/topics/tutorials/preseed_key.html ?
12:06 Katafalk_ nope. I ll take a look at it
12:07 Katafalk_ Madkinder: it involves adding those keys to minions, bootstraping them and so on ...
12:08 Katafalk_ that the main reason why I chose to create an image with preinstalled minion in the first place
12:09 Madkinder that's the point: you create an image, preinstall _the minion_ itself, but _without_ the key
12:09 Madkinder and you populate the key just during the 1st start of the minion
12:10 Madkinder using the means of your particular virtualization provider (ec2, kvm, whatsoever)
12:10 Katafalk_ i must have misunderstood the article u posted. it says that i need to pregenerate the keys and then distribute them
12:11 Madkinder exactly
12:12 Katafalk_ but to do that i need to bootstrap some script that does that
12:13 Madkinder well, if you want to automate that, then you are probably right
12:13 unicoletti_ joined #salt
12:13 Katafalk_ well I wanted to avoid that part :)
12:14 trivoallan joined #salt
12:14 Madkinder How can I automate a series of remote executions? I mean is there any "salt way" to create an analogue of a Makefile comprised solely of salt function invocations that I can use with salt targeting to automate my job?
12:21 jslatts joined #salt
12:21 jetole joined #salt
12:21 jetole joined #salt
12:24 bhosmer joined #salt
12:32 trivoallan hello everyone
12:34 oliv_mc joined #salt
12:35 LyndsySimon joined #salt
12:35 LyndsySimon Morning salty friends.
12:37 Newt[cz] joined #salt
12:39 trivoallan_ joined #salt
12:39 trivoallan__ joined #salt
12:40 Madkinder hi
12:43 LyndsySimon joined #salt
12:47 akoumjian joined #salt
12:47 joehh joined #salt
12:48 Madkinder are there any guides on migration from fabric to salt for remote execution?
12:48 Madkinder or from capistrano to salt
12:49 krissaxton joined #salt
12:51 LyndsySimon I'm very new, so I can't point you to one.
12:51 Newt[cz] joined #salt
12:52 LyndsySimon I *can* point you to a fairly simple deploy someone set up as a tutorial, for a simple Django app. Would that help at all?
12:54 Madkinder please do :)
12:55 Madkinder googling doesn't help much, all I get is some real estate related stuff in Salt Lake City :D
12:55 SEJeff_work Search for saltstack, not simply salt
12:55 SEJeff_work that helps a good bit
12:58 Madkinder whatever I try I just can't find anything helpful :( I guess I completely misunderstand salt. Its config management facet is documented like a charm, but maybe it isn't designed to automate remote execution?..
12:58 wilywonka joined #salt
12:58 SEJeff_work Madkinder, salt's remote execution has been around since before it did config managmement
12:59 SEJeff_work Madkinder, So I've got a good deal of fabric exp, and 0 with capistrano
12:59 SEJeff_work Madkinder, Are you somewhat comfortable with state files (for config management) and conceptually with the top.sls and how it all works?
12:59 Madkinder well, the only thing I could find is execution of a single function, that's too simplistic
12:59 SEJeff_work hear me out for a second :)
13:00 Madkinder SEJeff_work: yes, I am. But config management doesn't fit my purpose (or am I mistaken?)
13:00 SEJeff_work You are, sort of :)
13:00 SEJeff_work Madkinder, So...
13:00 Madkinder I just need to run a bunch of commands in order to deploy my app
13:00 SEJeff_work State files can run arbitrary commands, and do anything that any of the many many salt modules can do
13:00 SEJeff_work State files do *not* have to be in the top.sls
13:00 Madkinder can I enforce the order?
13:00 SEJeff_work In fact, for app deploys, it likely makes sense for them to never be in top.sls
13:00 Madkinder I mean kind of run cmd1, then cmd2, then cmd3?
13:00 SEJeff_work Madkinder, yes, via 3 different ways
13:01 Madkinder oh, nice! could you please elaborate?
13:01 SEJeff_work Madkinder, so... you can do salt minionname state.sls http.deploy
13:01 SEJeff_work for instance
13:01 SEJeff_work pretending you use the default file_roots setting of /srv/salt
13:01 SEJeff_work you'd have /srv/salt/http/deploy.sls
13:01 SEJeff_work Madkinder, I've found that googling "salt docs $thing" always brings up docs.saltstack.org
13:02 LyndsySimon Madkinder: The tutorial I'm using as a reference is http://www.barrymorrison.com/2013/Mar/11/deploying-django-with-salt-stack/
13:02 LyndsySimon There is an expanded version linked from the bottom of the page, too.
13:02 SEJeff_work Madkinder, You can explicitly order via; http://docs.saltstack.com/ref/states/ordering.html#the-order-option
13:02 SEJeff_work or using watch / require / require_in
13:03 Madkinder hm... that was all about states, no?
13:03 LyndsySimon SEJeff_work: You may know this, but Google lets you restrict a search to a single domain/subdomain. For your query, "site:docs.saltstack.com $thing" will only return results in the Salt docs :)
13:03 Madkinder I mean the order stuff
13:03 SEJeff_work Madkinder, I think you're missing something. States are just an arbitrary collection of commands or modules, which underneath them run commands
13:04 LyndsySimon SEJeff_work: I've also found it difficult to grok how salt's config works. I've been at it about 12 hours now and am functionally literate, but I couldn't explain it to someone else.
13:05 Madkinder well, I always though those things are orthogonal: commands are instructions about what to do, while states are instructions on what the outcome should look like; kind of declarative management vs imperative one. Was I wrong?
13:05 LyndsySimon This page was most helpful in getting where I am, but I still don't understand how Salt builds the execution order exactly. The concept of <pkg>/init.sls was sheer magic when I saw it. I tried it and it works.
13:05 Madkinder and for states I don't actually care about the order given that I will get the desired state _eventually_
13:06 LyndsySimon Page: http://docs.saltstack.com/ref/states/highstate.html
13:06 SEJeff_work Madkinder, so it doesn't really matter. fabric is a collection of commands to do something
13:06 SEJeff_work Madkinder, you can define order in states or require things to run before other things
13:06 SEJeff_work Madkinder, states can run commands
13:06 LyndsySimon Madkinder: I think of states like "this is what I what my environment to look like"
13:06 LyndsySimon You can have a state that means "nginx is set up and serving on port 80"
13:06 Madkinder LyndsySimon: yeah, that's exactly what I am thinking of them
13:06 SEJeff_work Madkinder, But again, states can be used to do deploys as well or just run arbitrary comamnds
13:07 SEJeff_work Madkinder, For instance you could setup a reactor that runs a state to restart some load balancers when a new node is added to a pool. I wouldn't consider that config management
13:07 LyndsySimon Madkinder: another state might be "nginx is routing requests to the root URI to uwsgi, and everything from /static/ to my static content folder". That state can't be completed unless the "nginx is set up" state is done. Hence, ordering.
13:07 SEJeff_work Madkinder, What you have to remember is that salt isn't just remote exec (like fabric/capistrano) or just config management (like puppet and quasi like chef)
13:07 SEJeff_work it is both to the core
13:08 Madkinder well, I've read that from the docs, but still just can't figure out the fabric part
13:08 LyndsySimon Madkinder: At the same time, the actual commands to set up nginx and set up its routing might be different on Ubuntu and Windows. Salt abstracts a lot of that away.
13:08 SEJeff_work Madkinder, You can literally have a salt state file that uses the peer interface to say: For all of the appservers that are up and available now, give me your primary ip so I can write it out to this loadbalancer config and then gracefully reload in batches of 5
13:09 LyndsySimon Madkinder: More mind-bending perhaps, you can have a salt state that sets up those things in both Linux and Windows. You can have a mixed minion environment with both OSes present, and tell them all to "set up nginx and routing".. and they'll do it.
13:10 SEJeff_work Madkinder, What are you confused about? State file can run commands and configure things. They don't have to configure anything. They can simply run commands. They don't have to run when you call state.highstate, so you can run them whenever you want manually
13:10 LyndsySimon SEJeff_work: Tell me if I'm wrong on something, btw. I'm new at this :)
13:10 Madkinder for example, what am I trying to achieve: 1. shut down nginx, 2. update the sources from git, 3. start up nginx (in that particular order)
13:10 SEJeff_work LyndsySimon, You're doing a great job helping :)
13:10 oz_akan joined #salt
13:10 SEJeff_work Madkinder, That is extremely easy
13:10 ronc joined #salt
13:10 Madkinder I already figured out all the salt functions to do that
13:11 Madkinder but those are execution modules not state modules
13:11 SEJeff_work Madkinder, All state modules run execution modules under the covers
13:11 SEJeff_work every single one
13:11 Madkinder well, I kinda suspected that :D
13:11 SEJeff_work Madkinder, However, if you want to be super clever...
13:12 SEJeff_work inside of a state sls file, you can do: {{ salt['service.stop']('nginx') }}
13:12 Madkinder not that I want to be super clever... I want to embrace "the salt way"
13:12 SEJeff_work and that would be 100% identical to doing (from the minion): salt-call service.stop nginx
13:12 SEJeff_work So you have a ton of flexibility
13:13 ronc_ joined #salt
13:18 multani joined #salt
13:22 ronc joined #salt
13:23 Kholloway joined #salt
13:29 jslatts joined #salt
13:31 jugimaster joined #salt
13:32 ronc joined #salt
13:38 LyndsySimon Is there a way to set up global variables, so I can keep things like repeated paths in one place?
13:39 aat joined #salt
13:40 oz_akan joined #salt
13:41 JasonSwindle joined #salt
13:43 juicer2 joined #salt
13:44 SEJeff_work LyndsySimon, Sort of. I have a vars.sls in my top level and you can put in it: {% set foo = "bar" %}
13:44 SEJeff_work then in any sls, you can do at the top: {% from "vars.sls" import foo %}
13:45 SEJeff_work and then in the scope of that file, you have the foo variable imported. I use that for common paths and whatnot for webapp users
13:45 LyndsySimon OK. Is that The Right Way?
13:45 SEJeff_work LyndsySimon, That is a way :)
13:45 LyndsySimon LOL. Good answer :)
13:46 LyndsySimon At any rate, it's a way that's easily changed if I find a better way I suppose.
13:46 unicoletti SEJeff_work: shouldn't one use pillars for that?
13:46 SEJeff_work LyndsySimon, You can do it that way or via pillar. Both are perfectly acceptable although I think the general push is towards pillar
13:46 LyndsySimon I guess it strikes me as odd using Jinja for buildout stuff.
13:46 SEJeff_work unicoletti, Salt is not about forcing you do do something a certain way. Salt is about choice
13:46 SEJeff_work unicoletti, But in general, the preference from salt upstream is to use pillar
13:46 JasonSwindle LyndsySimon: I may have something that may help your uWSGI..... if you are new into that like I was
13:46 LyndsySimon I've not 100% investigated pillars, I was planning that for when I get to private information I don't want on public source control.
13:47 unicoletti SEJeff_work: I know, I'm just trying not to hang myself by spreading vars all over the place ;-)
13:47 JasonSwindle LyndsySimon: http://dpaste.org/cfVMd/
13:47 LyndsySimon JasonSwindle: I'd love to see it - I've got everything set up on an unmanaged Ubuntu Linode right now.
13:47 JasonSwindle LyndsySimon: it is my uwsgi config file
13:48 LyndsySimon JasonSwindle: Excellent! There are a couple of things in there I see already that I'd overlooked.
13:48 akoumjian joined #salt
13:48 LyndsySimon Many thanks :)
13:48 JasonSwindle No problem
13:48 JasonSwindle I may open source my project once done
13:48 JasonSwindle My project is being using at the base for a project here at RAX.
13:49 LyndsySimon RAX?
13:49 JasonSwindle Rackspace
13:49 LyndsySimon Ahhhh
13:49 JasonSwindle I may make processes = into a jinja
13:49 LyndsySimon I just hired on at the Center for Open Science. A big selling point for me was that everything is F/OSS.
13:49 JasonSwindle and set that to the number of CPUs
13:50 JasonSwindle I just got into pillar last night.......
13:50 JasonSwindle I had to re-org everything of mine to make it work
13:50 LyndsySimon OOoooh. And your vars.sls can execute arbitrary Python, right? So you can introspect your environment and set some things up so that they are suitable for the system you're deploying to :)
13:50 Sacro recursion!
13:50 JasonSwindle Yep
13:50 SEJeff_work INCEPTION!
13:50 SEJeff_work salt within salt within salt
13:51 LyndsySimon I'm excited by this to the point that it's probably inappropriate.
13:51 JasonSwindle Right now I am working on AES-256ing private data
13:51 Sacro salt '*' cmd.run 'salt-call cmd.run \'cmd.run state.highstate\''
13:51 JasonSwindle Working out how the master can grab data, deploy it.... and unlock it
13:51 Sacro er, that second cmd.run should be salt-call
13:51 * Sacro whistles
13:52 JasonSwindle My master will be GITFS, but passworks in github = bad....
13:52 LyndsySimon I'm familiar with AES-256 as a hash algorithm - you're using it to encrypt private data in a retrievable way?
13:52 SEJeff_work JasonSwindle, I think the gitfs fileserver backend has a few issues. I can tell you it will be rewritten from scratch soonish
13:52 JasonSwindle Ah, good to know
13:52 SEJeff_work LyndsySimon, AES is a symetric encryption algo. It is not a hash algo
13:53 * LyndsySimon facepalms
13:53 LyndsySimon I'm thinking of SHA.
13:53 LyndsySimon Too much time in #bitcoin.
13:53 SEJeff_work LyndsySimon, Yes, yes indeed :)
13:53 ronc_ joined #salt
13:53 JasonSwindle Still does not solve for my issue with pillar being clear-text...... so checking in pillar into github = no-go.
13:53 SEJeff_work JasonSwindle, You know how I'd swing it?
13:54 LyndsySimon OK - so JasonSwindle, you're planning on putting private info (like API keys and such) on Github, but using AES-256 to keep the credentials private?
13:54 JasonSwindle SEJeff_work: go on.
13:54 SEJeff_work JasonSwindle, I'd use an external pillar (ext_pillar) and store it in a local database of some sort
13:54 JasonSwindle hmmmm
13:54 JasonSwindle that may work....
13:55 SEJeff_work Salt is flexible and about choice
13:55 Madkinder maybe even too flexible...
13:55 JasonSwindle It would be nice if pillar had a encrypted option...... but I can understand that would add A LOT of overhead and mess.
13:55 bhosmer joined #salt
13:55 LyndsySimon I'm thinking I'll keep my sensitive info in envvars on the master. It'll be a pain if the master goes down for some reason, but seems to be the best compromise in terms of security v automation.
13:56 JasonSwindle My issue is, whatever I build is going to be pounded on HARD.  So I have to think about every way of protecting it.
13:56 LyndsySimon If the master is locked down properly, isn't spooled up unless it's being used to send commands, and is configured to allow logins only via file-based SSH keys… I think I'm OK. Anyone see a hole in this idea?
13:57 JasonSwindle I still don't like the aspect of a single hack point
13:57 LyndsySimon I'm hoping to be running this on AWS, so I can use their tools to keep it away from the outside world too.
13:57 JasonSwindle hack the master and win the Saltstack
13:58 LyndsySimon JasonSwindle: True… but if you're able to spool up my master on AWS at will, you'd have already won, right?
13:58 JasonSwindle Yeah....
13:59 JasonSwindle Just trying to think how to best protect every aspect...
13:59 LyndsySimon And the only port open to the outside world on the master when it *was* up would be SSH. I think that's about as small an attack surface as I can make.
13:59 JasonSwindle SSH and the SALT ports?
13:59 LyndsySimon No, I know ;) I'm not admonishing you in any way at all. Security isn't really my area.
14:00 JasonSwindle Nor I.....
14:00 LyndsySimon Nope, salt ports would be internal to my AWS security group only. No reason to expose those to the greater Internet.
14:00 brianhicks joined #salt
14:00 JasonSwindle True
14:00 LyndsySimon Again, unless I"m missing a reason I'd have to do so, or leave my master online when I'm not actively issuing commands.
14:01 JasonSwindle You could do port knocking, too
14:01 JasonSwindle Never done it myself.....
14:01 dcrouch joined #salt
14:01 LyndsySimon Port knocking strikes me as obscurity, but I've seen people with security expertise whom I respect use it.
14:02 Madkinder I've read the docs on require statements several times and not I feel even more confused then before I came to the channel :(
14:02 Madkinder Given I want to 1) stop the service, 2) update the sources 3) start the service; how can I declare my service to be both running and dead at the same time?
14:03 JasonSwindle schrodinger's cat service?
14:03 LyndsySimon Madkinder: I think - set up a state to stop the service. Set up a state to update the source, which requires the former. Set up a state to start the service, which requires the previous.
14:03 Katafalk_ Hey, soz to interrupt, is there some way to write a salt state so it changes permissions to all files recursively in a directory ? I check state.file , but it does not seem to have such an option
14:03 LyndsySimon Madkinder: Or…. just set up a watch on the source itself, and reload it when the source changes.
14:03 Sacro Madkinder: sounds like you need 'watch'
14:04 Madkinder LyndsySimon: yeah, that's what I wanted to do, but just can't figure out how to do that
14:04 Sacro Katafalk_: file.recurse
14:04 LyndsySimon Madkinder: that way they're no point when the service is down.
14:04 LyndsySimon Katafalk: I have a state doing that now, I just have to push it up. Hold on :)
14:04 krissaxton1 joined #salt
14:04 Katafalk_ Sacro: hmz. i was looking at it.
14:04 Katafalk_ i ll take a look again
14:05 aberant joined #salt
14:06 LyndsySimon Katafalk_: Here you go: https://github.com/CenterForOpenScience/osf-salt-deploy/blob/master/salt/roots/salt/uwsgi/init.sls
14:06 JasonSwindle SEJeff_work: Do you have an example of ext_pillar from a database?
14:07 Katafalk_ LyndsySimon: cheers
14:07 LyndsySimon I'm doing a bit more than that, but you should be able to take it apart
14:07 JasonSwindle LyndsySimon: I think I see a logic error in that SLS
14:08 LyndsySimon Katafalk_: Oh, one note - Salt uses "mode" for both file and dir permissions by default. You can split those out with files_mode and dir_mode (or at least, I think those are the names :) )
14:08 SEJeff_work JasonSwindle, http://docs.saltstack.com/ref/pillar/all/index.html those are the available external pillar modules
14:08 SEJeff_work You can write your own quite easily
14:08 Sacro ooh, - requirements is new to me
14:08 JasonSwindle LyndsySimon: you have "virtualenv.managed" which needs python-virtualenv..... but are you installing it via PIP or apt-get?
14:08 LyndsySimon JasonSwindle: Wouldn't surprise me :) I'm in the middle of working on it, just pushed it up to show the recursive mode change. What is it?
14:08 Madkinder LyndsySimon: is it what were you talking about: http://pastebin.com/9iF5tRc5 ?
14:08 Katafalk_ LyndsySimon: ok. cheers :) that helps alot
14:09 JasonSwindle Your base OS in Vagrantfile looks to be Ubutnu
14:09 JasonSwindle I would not use python-virtualenv from apt-get
14:09 SEJeff_work JasonSwindle, Looks like the mongo external pillar module is the best documented: http://docs.saltstack.com/ref/pillar/all/salt.pillar.mongo.html
14:10 JasonSwindle but from pip install virtualenv....
14:10 LyndsySimon JasonSwindle: Hmm.. Okay. Why's that?
14:11 Madkinder or how can I declare two entries for the same service: one for the down state, another one for the running state, so that I could require them later?
14:11 LyndsySimon JasonSwindle I moved uwsgi from apt to pip, because the apt version was ancient and didn't support the config format I wanted to use. I suppose I could do the same for virtualenv, I'm just curious as to your thought process.
14:11 JasonSwindle Same with virtualenv
14:12 LyndsySimon Madkinder: I'm a little confused, sorry. Are you wanting to reload the service when the git update happens?
14:12 jugimaster joined #salt
14:12 JasonSwindle I ran into a horrible issue with distribute and install my req.txt when using python-virtualenv
14:12 Katafalk_ LyndsySimon: I ll watch ur repo. You seem to be working on what I am working at the moment. awesome
14:13 JasonSwindle because distribute was too old.....
14:13 Sacro Madkinder: you use watch
14:13 Madkinder not really. I want to stop it first, then pull the sources and after the pull start it again
14:13 Sacro or you have a state_down: - name: state
14:13 Sacro and a state_up: - name state
14:13 LyndsySimon Madkinder: Is it necessary to do that, or would "reload once the sources are updated" do the trick? I.E., is there a time when the service *must* be stopped?
14:14 LyndsySimon Katafalk_: Cool - I'm setting up a config that we can use here to build QA-ish environments via Vagrant on our local machines, but that can also be used to deploy user-facing test and prod environments across whatever cloud we happen to be using.
14:15 tomeff_ joined #salt
14:15 JasonSwindle LyndsySimon: The way I do virtualenv
14:15 JasonSwindle http://dpaste.org/SYiUA/
14:15 LyndsySimon JasonSwindle: Thanks :) I might as well use the pip version I suppose. I could always specify a version, too.
14:15 JasonSwindle Yeah.....
14:16 Katafalk_ LyndsySimon: sounds sweet.
14:16 ronc joined #salt
14:16 Madkinder LyndsySimon: yes, I need to stop the service _before_ I start pulling the sources
14:16 Madkinder will this do http://pastebin.com/nbKVpX66 ?
14:16 Katafalk_ I was looking at vagrant few days ago. definitely need to look into it more
14:16 JasonSwindle precise virenv is 1.7.1.2
14:17 JasonSwindle the current version is 1.9.1
14:17 LyndsySimon Madkinder: I know that's what you're thinking, but I'm challenging the assertion that it's necessary. The service should keep plugging along happily even if the source is deleted if I'm not mistaken. At least, until its reloaded.
14:17 Madkinder well, that's the requirement from the devs :/
14:17 kaptk2 joined #salt
14:17 LyndsySimon LOL - I'm using 1.2.1 on my local machine. I'm updating that.
14:18 JasonSwindle LyndsySimon: this is the distribute hell I was running into http://dpaste.org/ZCCZp/
14:18 LyndsySimon Madkinder: Ah.. Well, in that case, you'd have a separate state for "service is down" and "service is back up".
14:18 Madkinder in fact I must put a "website is being updated" stub that is served by nginx first, and remove it after the update procedure
14:18 Madkinder I just simplified the task for the sake of simplicity
14:19 JasonSwindle SEJeff_work: Thanks, I will look into that
14:19 LyndsySimon Madkinder: If I were you, I'd challenge the requirement. I'm assertive like that though. Not everyone's personality is suitable for that approach, and it's not good for every environment. YMMV, IANAL, IANYL, Etc. :)
14:19 LyndsySimon Madkinder: If for no other reason than I'd want to understand why it *is* a requirement. If you can push out the change without downtime, why require downtime?
14:20 LyndsySimon They may just be applying their own understanding of the rollout process to the requirements docs, and assuming it's required.
14:20 Madkinder LyndsySimon: well, let's put it that way: I'm not the devop myself. It took me two months to convince the rest to start using salt. Now the devops faced the problem and asked me to help them
14:21 Madkinder so right now I'm not in a situation when I can challenge their decisions ;)
14:21 * LyndsySimon shrugs
14:21 ronc joined #salt
14:21 LyndsySimon Madkinder: Your call man :) It can be done that way with states.
14:21 Madkinder otherwise we may end up staying in the stone age...
14:21 aberant joined #salt
14:21 LyndsySimon Madkinder: Yep, I understand pushing change like that slowly. I've always been "that guy".
14:22 Madkinder _later_, when salt would become adopted, I might claim that their approach is wrong, but not right now
14:22 LyndsySimon I worked at FedEx Freight for ~7 years. Took them from a PHP 4.0.3 Intranet site to Python + Flask for the application stuff and generated static content for the rest.
14:22 Madkinder So basically _for now_ that question is: is it ok, that the name of the service is the same in this sls and will it work: http://pastebin.com/nbKVpX66 ?
14:24 teebes joined #salt
14:24 LyndsySimon Madkinder: The requisites look right to me, but I'm not qualified to say it will work.
14:24 hhoover joined #salt
14:25 LyndsySimon Madkinder: I'm just too new to give it my stamp of approval yet :\
14:25 Madkinder could anyone else take a glance at that paste, please?
14:25 LyndsySimon paging SEJeff_work ...
14:25 SEJeff_work I'm about to go heads down and write some code
14:25 SEJeff_work whats up?
14:26 LyndsySimon You seem to be the resident expert at the moment - could you take a look at Madkinder's paste?
14:26 dthom91 joined #salt
14:26 Madkinder that would be really nice of you :)
14:27 krissaxton joined #salt
14:33 Sacro what's wrong with watch: - service: php-fpm
14:34 Madkinder Sacro: I want to force the service to stop _before_ starting the pull from the repo
14:35 Madkinder not to restart _after_ the pull finishes
14:43 fredvd joined #salt
14:43 Sacro Madkinder: then that should work :)
14:43 Sacro looks reasonable to me
14:45 kadel joined #salt
14:49 LyndsySimon JasonSwindle: Bleh. Getting virtualenv installed via pip didn't work as easy as I'd like. I'm just adding a TODO and moving on.
14:49 unicoletti Madkinder: I think it will work, but only if git.latest has changed
14:49 JasonSwindle LyndsySimon: what happened?
14:49 unicoletti which means that if there are no changes the service will not be restarted
14:49 JasonSwindle It should be pretty cut and dry....
14:50 LyndsySimon JasonSwindle: I'm fatigued from being on my third day of this and need to get something shipped, mostly.
14:50 JasonSwindle ah, this is like week 2 or 3
14:50 LyndsySimon I'll do it when I get a chance to, which I'm confident I will. Too many things going on.
14:51 JasonSwindle I spent like 3 days just on the distribute issue
14:51 faust joined #salt
14:52 LyndsySimon JasonSwindle: Don't tell me that :)
14:53 JasonSwindle That is why I moved to everything via PIP buy python-lday
14:53 LyndsySimon Is there an indention error on the "recurse" example on this page? http://docs.saltstack.com/ref/states/all/salt.states.file.html?highlight=file.directory#salt.states.file.directory
14:53 JasonSwindle *but
14:53 JasonSwindle It looks it
14:53 JasonSwindle I have an idea on that...
14:54 JasonSwindle Saltstack needs a test mode on SLS files
14:54 JasonSwindle a built in YAML tester
14:54 LyndsySimon +1000
14:54 JasonSwindle like dry-run but for testing your YAML-foo
14:55 LyndsySimon Maybe even output an ASCII node tree that shows the hierarchy.
14:56 JasonSwindle https://github.com/saltstack/salt/issues/5030
14:56 JasonSwindle Opened an issue on it :)
14:57 LyndsySimon Awesome.
14:58 JasonSwindle Add on to it. :)
14:58 JasonSwindle I am pushing for more SaltStack at Rackspace.... it is a hard fight vs Chef
15:00 faust hi
15:01 faust [16:52:58] <faust> i want to write some "state function" to improve gentoo support
15:01 faust [16:53:33] <faust> but I cannot find good documentation on how to do it
15:01 faust [16:53:52] <faust> suggestions?
15:02 faust in particular I cannot find where the "ret dictonary" structure is explained
15:02 SEJeff_work faust, It is explained in the code. Thats about it
15:03 faust Where in the code?
15:03 SEJeff_work the state modules
15:03 LyndsySimon Bah. I have a directory that's failing I didn't notice. Here's the error: http://dpaste.org/n4sj2/
15:03 wendall911 joined #salt
15:03 LyndsySimon Here's the sls that's generating it: https://github.com/CenterForOpenScience/osf-salt-deploy/blob/master/salt/roots/salt/uwsgi/init.sls
15:04 wendall911 left #salt
15:05 LyndsySimon Figured out what was failing. Trying to find where to put the source argument.
15:05 wendall911 joined #salt
15:05 JasonSwindle LyndsySimon: that error, I hate them
15:05 JasonSwindle It is always when I forget an : or -
15:06 LyndsySimon Yeah, Python stack traces back out the the user is unsat.
15:06 JasonSwindle It does help it somewhat tells you what the error is, but it would be nice to "have" it tell you the issue.
15:06 faust SEJeff_work: It is not explained it is just used...do you mean that I should reveng saltstack?
15:06 Sacro LyndsySimon: should just be file.recurse
15:06 cleeming[ joined #salt
15:06 Sacro not file.directory
15:07 LyndsySimon ahhhh
15:07 LyndsySimon I think :)
15:07 unicoletti left #salt
15:07 UtahDave joined #salt
15:07 LyndsySimon Let me see now if I understand the YAML enough to fix it.
15:09 JasonSwindle LyndsySimon: http://yamllint.com/
15:09 JasonSwindle It is how I roll.....but when you add in jinja, it errors out.
15:10 jaddison joined #salt
15:10 Sacro well that fudged my yaml
15:13 spudbook joined #salt
15:13 lvicks I have multiple sls files that require the python package.  If I remember correctly, defining the package python in each file eventually caused me to get duplicate package name errors.  I'm now including a python.sls file in all my other sls files (which makes sense to me), but I'm getting an error that "require: {'pkg': 'python'}" was not found.  Is there a better approach to this?
15:14 emilis_info joined #salt
15:14 jaddison left #salt
15:17 wilywonka joined #salt
15:17 maspwr joined #salt
15:18 UtahDave lvicks: you should be able to include your python.sls and require against it.
15:19 UtahDave can you pastebin your python.sls and another sls that requires it?
15:20 jalbretsen joined #salt
15:20 lvicks UtahDave: http://pastebin.com/uKtw9dvq
15:20 LyndsySimon I'm getting frustrated this morning :( Can someone take a look at my file.recurse and tell me why salt is throwing an error? http://dpaste.org/TQbFx/
15:20 UtahDave lvicks: that looks good to me.  You're getting errors from this?
15:21 LyndsySimon My logic is that Salt *has* to see the file, or it wouldn't know to look for it to copy it over. It infers the structure from the filesystem, how could it not know where the file is?!
15:21 UtahDave sure, LyndsySimon
15:21 LyndsySimon TY UtahDave.
15:22 clintberry joined #salt
15:22 lvicks UtahDave: example error here http://pastebin.com/jrhFq6tw
15:22 Sacro LyndsySimon: permissions?
15:22 Sacro on the master, could be wrong
15:22 UtahDave LyndsySimon: what version of Salt are you using? and which OS?
15:22 LyndsySimon Sacro: I'm running locally via salty-vagrant. i'll verify they're open, but they should be
15:23 Sacro ah UtahDave :)
15:23 Sacro You have me for around 80 minutes if you want to test thiongs
15:23 Sacro *things
15:23 lvicks Does include work in place of a require?  If I have A.sls and I need B.sls, should I be doing just 'include a' or is there a way to explicitly state requirement?
15:23 LyndsySimon UtahDave: salt-call gives me version 0.15.1. The minion is Ubuntu precise, 64-bit
15:23 lvicks UtahDave: my setup is a bit more complex, it's not a straight forward test.  Let me play a little and see if I can get some different errors
15:23 LyndsySimon I'm doing it as a masterless minion for testing config
15:24 UtahDave LyndsySimon: OK, I know what bug you're seeing.
15:24 LyndsySimon "sudo salt-call --local state.highstate" to run it
15:24 UtahDave LyndsySimon: basepi fixed that in develop yesterday
15:24 UtahDave can you update to the latest in the develop branch?
15:24 LyndsySimon Ah! That's good then :0
15:24 basepi It will be in 0.15.2.  =)
15:24 JasonSwindle When does 1.5.2 drop?
15:24 LyndsySimon hmmm....
15:25 JasonSwindle Sorry, 0.15.2
15:25 LyndsySimon I'll have to move upstream to see where salty-vagrant is getting it.
15:25 JasonSwindle LyndsySimon: http://dpaste.org/YgeWt/
15:25 UtahDave JasonSwindle: Not exactly sure yet, but likely soon
15:26 LyndsySimon JasonSwindle: dude. awesome.
15:26 JasonSwindle UtahDave: Awesome, that will help with my vagrant issue... I am hoping.
15:26 JasonSwindle LyndsySimon: NP...... it helps a lot :)
15:27 JasonSwindle LyndsySimon: and when .15.2 drops, edit it
15:27 LyndsySimon I was using 0.15.1, and 0.15.2 isn't out yet… I tried "latest" as an install_arg, and I'll look at docs while that build likely fails
15:27 LyndsySimon "When performing a git install, you can specify a branch, tag, or any treeish."
15:28 JasonSwindle 0.15.1 has been really good to be, other than the bug at the end.
15:28 LyndsySimon Awesome, so "develop" should work.
15:28 JasonSwindle Yep
15:28 JasonSwindle I locked myself to a tag, but develop works great!
15:28 basepi JasonSwindle: I expect it will drop later this week or early next.  we have a fairly big user.present bug that we fixed, so it will be soon.
15:29 JasonSwindle Neat, never ran into that issue.   You guys are making awesome progress!
15:29 UtahDave ok, cool.  thanks, Sacro!
15:30 UtahDave lvicks: is your python.sls in the same directory as your example.sls  ?
15:30 lvicks yes
15:30 LyndsySimon OK, I'm rebuilding my VM now with the develop branch. Should be up shortly.
15:30 lvicks all of those files are in the sls folder
15:31 UtahDave lvicks: I'm kind of at a loss.  Let me test this on my local system.
15:31 kermit joined #salt
15:31 lvicks UtahDave: I'm sure there's something wonky in my setup, don't spend too much time on this
15:34 cbloss joined #salt
15:38 LyndsySimon UtahDave: Problem solved on the develop branch. Thanks :)
15:38 lvicks Is there any way to force the order of folder creation?  http://pastebin.com/j2ufWUjP
15:38 LyndsySimon Is there an Issue ID or a Trac ticket where I can thank basepi publicly for that?
15:39 basepi Heh, this is public enough!  =P
15:39 dthom91 joined #salt
15:39 basepi It was an easy fix, once I figured out what the problem was.  Just was looking in the wrong place
15:39 UtahDave :)  Uh, you can probably find it on the github issue tracker.
15:42 akoumjian joined #salt
15:42 teskew joined #salt
15:43 Katafalkas joined #salt
15:44 lvicks UtahDave: It works.  I must have had a hidden spelling erorr or something somewhere.  I rewrote a few files and it's working now
15:46 LyndsySimon basepi: Well, I wasn't sure if you were still here. Thanks :) You too UtahDave, for being in here and making the connection.
15:46 akoumjian joined #salt
15:46 UtahDave ok, great to hear, lvicks!
15:46 UtahDave no problem, LyndsySimon!
15:47 LyndsySimon I've recently gone from working for a huge company to doing all F/OSS work for a non-profit. That's caused me to re-evaluation what incentivizes me, and therefore put a bigger emphasis on recognizing the work of others the community :)
15:47 lvicks UtahDave: ugh, nevermind.  It's because I left the explicit python definition in one of my sls files.  the includeing of the python.sls is not working
15:47 UtahDave ah
15:56 UtahDave Sacro: are you still around?
15:57 LyndsySimon Hmm. I just found something interesting. Salt treats relative symlinks in a directory as files when they're deployed to the minion.
15:57 basepi LyndsySimon: I'm always here, just sometime take a minute to respond.  =)
15:57 basepi sometimes*
15:58 LyndsySimon basepi: That's cool - IRC is asynchronous, and we're all holding a dozen conversations at once if I had to guess.
15:58 basepi =)
15:58 hhoover joined #salt
16:00 lvicks UtahDave: Broke it down into a simple test case.  http://pastebin.com/gGcbK9ZN  Something is definitely up
16:00 Sacro UtahDave: yeah
16:00 bemehow joined #salt
16:00 UtahDave when you're running network.interfaces   are you using salt-call from the minion?  or are you running the command from the master?
16:01 Sacro UtahDave: both
16:01 UtahDave lvicks: try    include:\n  - sls.python
16:01 Sacro I use salt-call from the minion as it allows me to capture the response
16:01 bemehow_ joined #salt
16:01 UtahDave Sacro: what cloud are you running your vms on?
16:02 Sacro UtahDave: cloud!? I'm running KVM
16:02 lvicks UtahDave: fixed it!
16:02 lvicks I guess includes are not relative?
16:02 Sacro lvicks: no
16:02 Sacro wel
16:02 Sacro yes
16:02 Sacro relative to file_roots
16:03 lvicks but not relative to files
16:03 Sacro no
16:03 lvicks I feel like that's a little odd.  Sub-sls files now need to be aware of the global structure
16:03 lvicks harder to just drop stuff in
16:04 UtahDave lvicks: I kind of thought they were relative.   you should be able to import   python.sls from the same directory.  But maybe there was a change made that I'm not aware of.
16:05 lvicks UtahDave: hmm yeah, I'd make an argument for relative include.  Should I put in a ticket or anything?  back in a few hours
16:05 UtahDave Yeah, open a ticket.  That being said, Tom may have made a change regarding that.  I'm not sure.
16:06 jeddi anyone here in a position to update the docs on readthedocs?   this page https://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html is a touch frustrating - reference to 'new' and 'old' formats, with no clue on how to identify what version you're running.  what happened to using version numbers?
16:06 lvicks UtahDave: k.  Back in a bit
16:06 UtahDave jeddi: you can use either format
16:08 maspwr joined #salt
16:08 akoumjian_test joined #salt
16:08 jeddi UtahDave: i meant .. it's not clear with which version of salt-cloud the cloud.profiles.d and/or the cloud.providers.d directories were supported.
16:08 UtahDave jeddi: also, you can edit the docs yourself in the docs folder and send a pull request with any changes you think would be helpful
16:09 Madkinder there are two package management backends for freebsd, how can I specify which one to use?
16:09 UtahDave jeddi: I see
16:09 Bob123 joined #salt
16:09 jeddi UtahDave: i'm running ubuntu 0.8.6 packaged version, and AFAICT I don't have support for cloud.profiles.d/*.conf files .. but I *think* the cloud.providers.d/* files are supported (though it's not clear .. still struggling thru the docs)
16:10 UtahDave I'm not sure when cloud.profiles.d was initially supported.  Let me grab redbeard2 for you.
16:10 jeddi UtahDave: ahh - so these do come straight from the docs in the repo?  good good .. I'll try to get excited enough to do something sensible with them - once i work out the various key word disparities i'm trying to resolve.
16:10 UtahDave :)   ok.  thanks, jeddi.
16:11 jeddi I think, but can't be sure, thta there's that other problem where certain non-obvious key words are used in one place, and aren't quite matched up int he other example file provided, but that they need to be.   anyway.  onwards and slowly upwards and all that. :)
16:12 UtahDave Yeah, the salt-cloud docs do need some work.  There were some significant feature additions and improvements made and the docs haven't quite kept up.
16:12 it_dude joined #salt
16:12 jeddi UtahDave: sometimes i like being a trailblazer.
16:13 jeddi other times.  not so much.
16:13 UtahDave he he. I know the feeling.
16:15 it_dude joined #salt
16:15 KyleG joined #salt
16:17 unicorn left #salt
16:18 p3rror joined #salt
16:27 Katafalkas joined #salt
16:27 akoumjian joined #salt
16:28 akoumjian joined #salt
16:28 dthom91 joined #salt
16:28 Focus__ joined #salt
16:29 LyndsySimon joined #salt
16:34 UtahDave Someday I'm going to write a terminal for Windows that doesn't suck.  Argh, pain.
16:38 Sacro UtahDave: cygwin
16:39 UtahDave he he
16:39 jacksontj joined #salt
16:40 jacksontj I'm having an odd issue with salt + zmq on my dev box. Every time i try to start up salt on the tower (0.13 or 0.14) i get an error about ZMQError: Socket operation on non-socket. Any ideas?
16:41 UtahDave jacksontj: what version of zmq?
16:42 jacksontj >>> import zmq
16:42 jacksontj >>> zmq.__version__
16:42 jacksontj '2.2.0.1'
16:42 UtahDave what OS?
16:42 jacksontj RHEL 6
16:43 UtahDave Hm. I haven't seen that error before.   Have you done any upgrades to salt recently?
16:44 jacksontj no.. i'm actually running the same package i use in production (which is working fine)
16:44 jacksontj but i get this same error on my prod install and my virtualenv
16:44 jacksontj :/
16:44 jacksontj i do have zeromq and zeromq3 installed, but i have them both installed on my prod hosts too and no problems there
16:45 UtahDave do you get this error when starting up the master or the minion?
16:45 jacksontj master
16:46 jacksontj havne't tried the minion, can't get the master started-- but i'd imagine it'd be the same
16:46 UtahDave can you pastebin the error?
16:46 jacksontj http://pastebin.com/CMmHud8e
16:48 UtahDave does your the user salt-master is running as have rights to that path?
16:48 UtahDave /export/apps/salt/run?
16:48 jacksontj yea
16:48 jacksontj i'm running the master as root ;)
16:48 jacksontj i can delete the files and it re-creates them
16:48 UtahDave try deleting /export/apps/salt/run   and see if it recreates it.
16:49 jacksontj yea, did
16:49 jacksontj same error
16:50 bemehow joined #salt
16:52 jacksontj hmm, looks like it has something to do with my python-zmq package
16:53 UtahDave jacksontj: browsing the code to see what's going on. Not really finding anything
16:53 jacksontj i downgraded to 2.2.0-4 and it works now
16:53 Ryan_Lane joined #salt
16:53 jacksontj but 2.2.0.1 is broken for some reason
16:53 jacksontj :/
16:53 UtahDave python-zmq does have to be compiled for the version of zmq you have installed.
16:54 jacksontj yea.. whats odd is that i have that same setup in production and it was working (and still is)
16:54 james4k joined #salt
16:54 jacksontj just doesn't for me...
16:54 jacksontj odd
16:54 UtahDave There have been a lot of issues solved by upgrading to zmq 3.2+
16:54 UtahDave I'd recommend that, if possible.
16:54 jacksontj thats what python-zmq 2.2.0.1 is ;)
16:54 jacksontj lol
16:55 UtahDave bah!  you're right.  sorry.   :)
16:55 jacksontj no worries, its all confusing really-- they should have bumped the major
16:55 jacksontj whats more confusing to me is that it works sometimes but not others...
16:55 jacksontj which is somewhat concerning
16:55 UtahDave hey, can I pm you a quick question, jacksontj?
16:55 jacksontj sure
17:06 dlam joined #salt
17:08 dcrouch joined #salt
17:09 ronc joined #salt
17:11 jacksontj interestingly both versions of python-zmq require the same libzmq underneath
17:13 jacksontj k, so 2.2.0-4 is also zeromq3
17:13 jacksontj odd
17:18 koolhead17|afk joined #salt
17:18 it_dude joined #salt
17:26 dgarstang joined #salt
17:26 dgarstang Random question.... what cmd options lib are you guys (the salt guys) using on the salt-* commands? Looks much better than the standard one
17:27 aleszoulek joined #salt
17:29 aberant joined #salt
17:31 UtahDave I'm not sure actually.
17:34 Focus__ joined #salt
17:35 aboe joined #salt
17:36 SEJeff_work dgarstang, hand rolled + optparse
17:37 SEJeff_work but you could do it all with argparse
17:39 bhosmer joined #salt
17:42 hhoover joined #salt
17:46 jalbretsen okay UtahDave, dumb question.  Pillar is to store sensitive data so it's only presented to the minion that needs it.  Where on the master do you store the files?  /srv/pillar/files or /srv/pillar/someapp/files or.....?
17:50 oz_akan joined #salt
17:50 UtahDave jalbretsen: whereever your pillar_roots is defined.
17:51 UtahDave by default it's in /srv/pillar/
17:51 jalbretsen okay, good, I did that, how do I reference that location then for the source?
17:51 jalbretsen oh, is it pillar:// instead of salt:// ?
17:52 jalbretsen that just occurred to me...
17:54 jalbretsen right now in my init.sls file, I have salt://path/to/files/afile, but I'm betting that points to /srv/salt/path/to/files, not /srv/pillar/path/to/files
17:55 dthom91 joined #salt
17:56 UtahDave There's a feature request for allowing pillar to serve files, but right now pillar is entirely a key value store
17:58 lvicks joined #salt
17:59 LGSilva joined #salt
17:59 lvicks joined #salt
18:02 LGSilva if you define a pillar in two places with the same name, the latest prevails right?
18:02 goodwill_ joined #salt
18:04 dcrouch joined #salt
18:05 auser joined #salt
18:05 jalbretsen UtahDave, ah I see our definition of a "file" was a bit messed.  so if I have say.... files for private certs for a web site (not sls files), will they be protected from being accessed by random minions if 1 - they are stored in /srv/salt,  2- I use some sort of key value store in a pillar that is limited to specific minions in /srv/pillar to reference those files, and 3 - then reference that pillar data in states in /srv/salt?
18:06 UtahDave ok, so by default your file_roots is in /srv/salt
18:06 UtahDave Any authenticated minion can see ALL files in /srv/salt
18:06 aat_ joined #salt
18:07 spudbook joined #salt
18:07 auser UtahDave: curious… is there a way to "trigger" another minion to run after one minion has completed a highstate?
18:07 jalbretsen okay, so at this point information contained in sls files in /srv/pillar is protected / limited as defined
18:07 oz_akan joined #salt
18:08 ahammond jalbretsen: you might consider storing the interesting parts of the data in a pillar with a template in salt that you populate on demand
18:09 LGSilva talking about pillars, is it possible to overwrite just 1 key-pair in a nested pillar without removing the other pillar data?
18:10 whiteinge LGSilva: not yet. i believe that is coming soon though
18:10 whiteinge that functionality is sorely needed in a couple areas
18:11 whiteinge (like combining Salt Mine configurations)
18:11 LGSilva that will save us a lot of work. We're centralizing default configurations for our servers and we would like to have other sls files with just overwrites
18:11 jalbretsen ahammond:  Ya, now that I've separated sls files from other files in my thinking, that could work
18:12 Focus__ joined #salt
18:13 UtahDave your pillar_roots is in /srv/pillar by default, but it can't actually serve files... yet
18:13 ahammond jalbretsen: you can have sls files that are states and sls files that are templates for files managed by salt. They both live together under /srv/salt.
18:13 drdran joined #salt
18:13 UtahDave So for now what people are doing is putting their key contents in a pillar variable and using that to populate a templated file
18:14 ahammond jalbretsen: however most well written states follow the foo/files convention. If your state implements foo, then foo/files/etc/foo/foo.conf would be the conf file for foo that ends up installed as /etc/foo/foo.conf on the minion to which the state foo has been applied.
18:14 * jalbretsen nods
18:15 ahammond jalbretsen: if you'd like an example of a (in my humble opinion) well written state, check out https://github.com/SmartReceipt/salt_logstash
18:16 jalbretsen thanks UtahDave and ahammond :)
18:16 jkleckner joined #salt
18:19 dthom91 joined #salt
18:41 Focus__ joined #salt
18:46 karlp joined #salt
18:46 kvbik UtahDave: you around? i am on a crappy connection right now. can you give me an email to marc chenn?
18:46 karlp is there an easy way of saying that a packge needs to be installed, but the ppa for that package needs to be installed first?  I can see pkg.repo_mod, but not sure how to use it?
18:47 Bob123 karlp: I have an example
18:47 lvicks joined #salt
18:47 karlp Bob123: lovely :)
18:47 karlp searching for ppa salt tends to just turn up how to install it on ubuntu
18:48 Bob123 karlp: http://dpaste.org/w3B6j/
18:49 karlp so line 1 declares a virtual package then?
18:49 Bob123 The python-software-properties is not 100% needed, but safer than sorry.
18:49 Bob123 1 is the id declaration
18:49 Bob123 The name of what is below, you could say
18:49 morganfainberg goodwill: i'm here now.
18:50 karlp but you can refer to that name in the pkg: ref on line 10,
18:50 morganfainberg goodwill: if you are still looking for me
18:50 Bob123 line 3 is where python-software-proerties get installed
18:50 mirko joined #salt
18:50 karlp I thought those lines could only refer to actual package names known to apt/yum
18:50 Kamal_ joined #salt
18:50 clone1018 joined #salt
18:50 Bob123 yes, because I require that to be installed first
18:50 Bob123 karlp: not always
18:51 Bob123 Let me find the docs on it
18:51 karlp ok, so pkgrepo.managed, where did that come from?
18:51 Bob123 so I use the "correct" word
18:51 Bob123 that is a state
18:51 karlp ah, I was looking in the "modules"
18:52 Bob123 http://docs.saltstack.com/ref/states/all/salt.states.pkgrepo.html
18:53 karlp yep, got it now. Ihadn't seen the states list at all.
18:53 karlp thank you very much, this should be all I need.
18:53 Bob123 awesome
18:53 karlp (for now ;)
18:55 ahammond karlp: if you want working examples of a state that uses PPAs, https://github.com/SmartReceipt/salt_collectd/blob/master/init.sls
18:55 JasonSwindle joined #salt
18:58 m_george left #salt
19:00 opapo joined #salt
19:01 Dekkers joined #salt
19:04 sashka_ua joined #salt
19:05 dthom91 joined #salt
19:06 sashka_ua good evening gents. Im completely in stuck and require help. There are master and two nodes. I try to set specific sls in pillar. Got: Specified SLS localhost.localdomain in environment base is not available on the salt master . Okay, changed back, but still got the same, while when I run "salt-call state.highstate" I got normal response as I should
19:08 sashka_ua and that's not for first time, when I got error message, due to some error in sls yaml, and "salt host state.highstate" still shows constant message, despite of changes I do
19:08 sashka_ua but when I restart minion, it back to normal
19:09 p3rror joined #salt
19:10 kermit joined #salt
19:12 sashka_ua salt '*' pillar.data - shows normal result as well
19:15 opapo_ joined #salt
19:15 KyleG1 joined #salt
19:16 ZenoTasedro joined #salt
19:17 lvicks Are any of you guys experts on the git module?  I'm trying to understand if salt manages a remote git repo on each host, or simply pushes tars of repositories out.  Specifically I'm trying to understand how quickly I can switch between branches (large projects) on minions
19:19 ZenoTasedro I'd love an expert on it too, i'm trying to have it pull from a branch but it's pulling from the master
19:19 Focus__ joined #salt
19:20 opapo joined #salt
19:20 dthom91 joined #salt
19:22 ninkotech joined #salt
19:27 ZenoTasedro nvm, user error of course
19:31 matanya joined #salt
19:31 lvicks UtahDave: fyi I put in a ticket for the local sls include stuff
19:31 ggoZ joined #salt
19:42 waverider joined #salt
19:45 UtahDave lvicks: thanks!
19:45 UtahDave kvbik: hey, just got back.  you still here?
19:46 lvicks hi yep
19:46 lvicks err yeah, np
19:51 jacksontj joined #salt
19:52 akoumjian joined #salt
19:53 akoumjian joined #salt
19:59 lvicks In depth question about how I can have a deploy system that builds out config files, in case anyone is curious
19:59 lvicks http://pastebin.com/9CfFs9pM
19:59 lvicks sending off to mailing list
19:59 waverider left #salt
20:07 jianying joined #salt
20:08 jianying how do you down grade salt-minion
20:08 jianying ?
20:09 jianying I need to match salt-master version
20:09 UtahDave lvicks: have you tried using gitfs?
20:10 UtahDave lvicks: you could also create an ext_pillar (external pillar)  that pulls in the data you want.
20:10 UtahDave jianying: how did you install salt in the first place?
20:11 jianying I used apt-get but this is a new machine, the master is done a while ago
20:12 jianying I want the new machine's minion to match the version on the salt-master
20:15 LyndsySimon joined #salt
20:16 UtahDave jianying: I would   apt-get remove salt-minion
20:16 UtahDave then clone the salt repo
20:16 UtahDave checkout the version you want
20:16 UtahDave then run    sudo python setup.py install --force
20:18 jianying so you mean git checkout 0.13.0 ?
20:19 jianying where do I find the branch name, is it the version number? or is it undescores?
20:20 UtahDave git checkout v0.13.0
20:20 UtahDave git branch -v  should show you all the branches, I think
20:21 lvicks UtahDave: I'll look into those, have not tried either
20:25 giantlock joined #salt
20:26 Kholloway Modules for Minions located in /var/cache/salt/minion/files/base/_modules/ are not being removed when removed from the master but are removed from /var/cache/salt/minion/extmods/modules/
20:26 lvicks UtahDave: sounds like gitfs just turns the git repo into a file server, and then the sls files would need to request specific files from the master.  I like the idea of deploying a complete git repository.  This actually brings me back to my question about HOW git files are deployed, not sure how it ties into my configuration file question
20:26 Kholloway Any idea what the difference between those 2 directories (files|extmods) is and why it's only cleaning from one?
20:26 Kholloway I'm running 0.15.1
20:27 UtahDave lvicks: if you use gitfs, then the salt-master deploys to the minions. the minions don't access the git repo itself
20:27 lvicks otherwise the minions access the git repo itself?
20:28 UtahDave lvicks: if you send a git command to the minion, then they will.
20:29 Kholloway Looks like it's this same issue which was closed on Github:  https://github.com/saltstack/salt/issues/3984
20:29 jianying thanks all...
20:29 jianying bye
20:29 krissaxton joined #salt
20:30 UtahDave Kholloway: can you reopen that issue, then?
20:30 Kholloway I would love to but Github doesn't offer me an option to open or re-open it even though I am logged in
20:30 lvicks UtahDave: what about a git state, such as   git.latest:  ?
20:31 UtahDave Kholloway: ok, I'll reopen it then.  Thanks for making that comment.
20:31 Kholloway No problem, thank you!
20:32 UtahDave lvicks: states are executed by the minions, so git.latest would cause the minions to each clone the repo
20:32 bemehow_ joined #salt
20:32 UtahDave You could run a minion on the master and have a state especially for it to run first that would clone and pull on that repo.
20:32 UtahDave then use the master to push out to the rest of the minions
20:33 bemehow joined #salt
20:34 KyleG joined #salt
20:34 LyndsySimon Does anyone have a tree handy where they installed uwsgi from pip, then set it up as a service?
20:35 lvicks UtahDave: thanks!
20:35 UtahDave you're welcome.
20:35 Ahlee_ UtahDave: can you decipher for me what Thomas meant with "Are your minions matched at all from the target environment in the top file?" inr eplay to my post?
20:35 UtahDave LyndsySimon: I don't.  Hopefully someone will pipe up with one.
20:35 UtahDave Ahlee_: link?
20:36 Ahlee_ https://groups.google.com/forum/#!topic/salt-users/y8FiYahMGBs
20:37 jaddison joined #salt
20:37 aberant joined #salt
20:38 lvicks UtahDave: Any idea if I specify a git repository credential key on the master sls (salt://), does this key get copied to the minion or just temporarily accessed during git updates?
20:40 LGSilva does anyone knows if cedwards created a pacman repository for salt yet?
20:41 UtahDave LGSilva: I believe it's only in the aur
20:41 cedwards LGSilva: I have one but it's outdated.
20:41 LGSilva I would make salt update itself but not yet. hehehe
20:41 LGSilva thanks guys
20:41 UtahDave Ahlee_: I think Tom is trying to determine if your minions are being matched correctly in your top.sls
20:42 sonc joined #salt
20:42 UtahDave lvicks: If you copy a file down to the minion to be used, then it will stay there until you remove it.
20:43 aat joined #salt
20:44 Ahlee_ UtahDave: I'm afraid I don't follow.  I target with salt -G <node group>, they certainly try to update.
20:44 JasonSwindle UtahDave: It would be nice to have a way for a minion to: install, highstate, remove self
20:44 Ahlee_ are you saying there's a missing piece here in top.sls that needs to know to include them for _module/* distribution?
20:44 JasonSwindle and the data it used the highstate
20:45 UtahDave Ahlee_: I think he's just trying to troubleshoot that. Make sure that isn't an underlying issue.
20:45 Ahlee_ gotcha.
20:45 sonc Trying to leverage templating in our nginx config and I am using a grain to set a variable.  ENV:  {{ grains['environment'] }}.  When I take a look at the nginx config I see  "/var/www/['staging']"  instead of "/var/www/staging"
20:45 lvicks UtahDave: consider this, http://pastebin.com/msvDp4Ug
20:46 lvicks Does the key get coppied?
20:46 UtahDave lvicks: Ah, I see. I haven't looked at the code, but my guess is that the key is copied into /var/cache/minion/some/where/along/here
20:46 jeddi sonc - can you pastebin the sls fragment you're using?
20:47 sonc Yes :) jas.
20:48 sonc http://pastebin.com/c7GDuDA9
20:50 jeddi sonc: and the relevant bit of your sites-enabled_app file ?
20:52 aboe joined #salt
20:52 aboe UtahDave, I want to commit some pep8 fixes together in one commit is this the right way for salt?
20:52 jeddi sonc: doesn't that need to be in a context: subpara?
20:53 UtahDave jeddi: actually, no you don't have to put it in context.
20:53 UtahDave any items you put in that list will show up as variables.
20:53 jeddi UtahDave: okay.  just browsing example code ..
20:53 UtahDave jeddi: Yeah, some use the context and others don't.
20:54 UtahDave aboe: how many pep8 fixes?
20:54 jeddi UtahDave: presumably best practice would be a context: para, though .. in case you step on some reserved words that get introduced in the future?
20:54 aboe fixed in salt/runners all but the line to long in winrepo, about 10 fixes in different files
20:56 aboe UtahDave, mostly whitespaces and indentation fixes
20:56 sonc @jedi  http://pastebin.com/ve0i8Ct7
20:56 aat joined #salt
20:56 UtahDave aboe: that's not too bad.  It's annoying to have 50 pep8 fixes in one pull req, but it's also annoying to have 50 pull reqs.  :)
20:56 greyull joined #salt
20:57 aboe that's what I was thinking, and I thought logical just work through one section...like salt runners and fix them together
20:58 UtahDave yes, that's helpful.
20:58 aboe So I will make a PullRequest from all of them together.
20:58 UtahDave we're also hesitant about huge pep8 fixes because they invariably break things
20:59 fredvd joined #salt
20:59 UtahDave personally, I prefer small pep8 fixes that come organically with bug fixes and and feature additions.
20:59 aboe UtahDave, I'm still learning python so no huge pep8 bugs are on my list..
21:00 aboe only small whitespaces, and indentation/brackets
21:00 UtahDave that's cool.
21:00 kermit joined #salt
21:00 aboe I got vim pep8 working u see..hehehe :)
21:03 sonc @jeddi figured it out.  It set as an array variable :-/
21:03 aat joined #salt
21:03 greyull Hey folks, I asked about this last time, but is there a way for me to detect when a service crashes out via salt states?
21:05 austin987 joined #salt
21:05 Ahlee_ I've never posted a reply to google groups.  When I do so, it's tell me that thatch@'s email address will be viewable.  That doesn't sound right
21:06 LGSilva greyull: you can detect if the service is running or not
21:06 UtahDave greyull: you can "watch" it in your states, but it will only be detected when you run a state.highstate.
21:07 greyull UtahDave: Thought so. I guess I could just run a cronjob every 5 minutes or so that watched if the process was alive...
21:07 UtahDave Ahlee_: I'm not sure.  I wouldn't worry about it
21:08 LGSilva greyull: if your system uses systemd you can have it to execute a bash script when the service crashes that would alert you
21:08 UtahDave greyull: yeah, you could do something like LGSilva said, or use something like supervisord or circus
21:08 jacksontj joined #salt
21:09 greyull Ah, alright.
21:09 greyull I'll look into that. Thanks!
21:10 jaddison left #salt
21:16 bemehow_ joined #salt
21:21 bemehow joined #salt
21:23 aat joined #salt
21:25 lvicks Is it possible to have the pillar.sls file update a git repo locally on the salt master?
21:25 lvicks as in having a required git for pillar
21:32 lvicks I can have the git update occur through a cmd_yml pillar extension, but I'm curious if there is any other way.
21:33 aat joined #salt
21:37 UtahDave pillar.sls files can run jinja, so I guess you could call out to git.latest
21:38 jacksontj joined #salt
21:39 lvicks Additionally, is there any way I can set a variable in the top of a pillar file and have that be used later in the pillar file?  such as http://pastebin.com/GQLwEZ8m
21:40 UtahDave lvicks: yes, you can do that, but you have to do it within jinja
21:43 lvicks UtahDave: so something like http://pastebin.com/qVxSjEf2
21:43 UtahDave lvicks: yeah, that looks right
21:44 lvicks UtahDave: thanks.  Ok I think I kinda mocked up a potential solution to all this in my head :)  let me go experiment
21:47 UtahDave cool
22:01 lvicks UtahDave: I put this in a pillar.sls file, and it just took it as a bunch of variables and added to the pillar.data http://pastebin.com/aWnaCG4s
22:01 lvicks so I guess I can't explicitly require a git repo via pillar sls
22:02 aat joined #salt
22:03 bhosmer joined #salt
22:04 krissaxton joined #salt
22:06 jeffrubic joined #salt
22:06 UtahDave lvicks: yes, pillar is just a key value store
22:06 lvicks k so the external yaml_command
22:06 lvicks I can execute git updates
22:06 UtahDave but I think you could run a git.latest from within jinja
22:07 lvicks hmm
22:07 lvicks k let me look
22:07 lvicks would that be a jinja function or some kind of jinja->salt thing
22:08 lvicks I'm kinda lost as to where to start on that
22:13 UtahDave something like  {% salt['state.single']('git.latest', <whatever options you need>) %}
22:13 Ahlee_ how can I return environment from the grain? not seeing it as a grain
22:14 lvicks thx
22:14 UtahDave Ahlee_: is it in salt-call grains.items   ?
22:15 Ahlee_ UtahDave: Doesn't appear to be
22:15 UtahDave is it in pillar.data?
22:16 Ahlee_ yes, thanks
22:17 robinsmidsrod joined #salt
22:18 oz_akan joined #salt
22:20 greyull How would I set up the top file so it matches based on role?
22:21 greyull I thought I had it working with 'roles:webserver': but
22:21 UtahDave greyull: how are you setting "role"
22:22 greyull UtahDave: In the case of webservers, I was setting them manually in /etc/salt/minion
22:23 UtahDave greyull: ok, so that's a grain.  so you're going to want to add  - match: grain
22:23 UtahDave to your top.sls matching stanza
22:23 greyull Ahhh.
22:24 greyull That did it.
22:24 greyull Thanks.
22:25 UtahDave you're welcome!
22:27 Ahlee_ man i'm just not having any luck
22:28 UtahDave what's going on, Ahlee_?
22:29 Ahlee_ Not seeing my reply to the list.
22:29 lvicks UtahDave: sorry to keep hitting you up.  Trying the git thing and this http://pastebin.com/zPk0hRCX is not doing anything or returning errors.  Any suggestions?
22:31 UtahDave Ahlee: are you a member of the group?
22:32 Ahlee yeah, i'm sure it's going to come back with i replied from my google apps domain and not gmail.com thus bounced, which i tried doing since groups was freaking out
22:33 Ahlee just a long list of things taht just ain't going right today.  One of those days.
22:33 * UtahDave passes Ahlee a bag of Peanut M&M's
22:34 UtahDave that always works for me.  :)   (Unless you have a peanut allergy, then nevermind.  )
22:36 dgarstang eeek cholesterol
22:36 lvicks Is there any way to error out of a salt execution from the jinja level?  So say the ext_pillar returned an error (bad command), that way you can kill the salt execution without moving forward on bad pillar data
22:36 UtahDave lvicks: not yet. If pillar fails it just returns an empty dict.
22:37 lvicks UtahDave: Can that be checked in any of the salt.sls files?  If the dict is empty exit
22:38 UtahDave I'm not aware of a way to do that.    That would be a nice feature
22:38 lvicks I'm worried about using a ext_pillar yml to launch a python which updates a git repo for my config settings, and if that git update fails I don't want to move forward
22:38 lvicks I'll ask the mailing list
22:38 UtahDave right now you can provide default values in case the pillar doesn't exist
22:38 UtahDave good idea, lvicks
22:39 Ahlee yay for ingonito mode proving it was just my mail client being helpful and now showing my own post to the list
22:39 UtahDave lvicks: Look at how this works in the iptables example: https://gist.github.com/UtahDave/5217462
22:40 Ahlee I'm going to go drink myself into a stupor and then try to figure out how i SHOULD have rolled out salt
22:40 UtahDave :)
22:42 lvicks UtahDave: That's related to the git.latest in jinja?  I don't get how that could happen the same way in the pillar.  Either way I'm starting to move more towards just executing a ext_pillar python routine that pulls from git and gets the yml.  I'm too worried about what happens if the git update fails
22:42 UtahDave ok, sounds good
22:45 lvicks UtahDave: thanks for all the help today
22:46 UtahDave you're welcome!
22:51 Ryan_Lane joined #salt
22:58 jacksontj joined #salt
23:00 kermit joined #salt
23:02 greyull Is there any sort of strange occurrence that happens when you try to execute a minion on the master itself?
23:02 greyull IE: Right now the minion on the master is failing to copy any files from the file.managed declaration
23:02 SEJeff_work greyull, no
23:02 SEJeff_work in fact thats host most salt masters are deployed
23:02 greyull Although it just occurred to me
23:02 SEJeff_work and managed
23:03 greyull Instead of using the hostname for the master-minion, I should just use 127.0.0.1
23:03 SEJeff_work yes
23:05 greyull Hm... still no luck.
23:05 greyull Strangely enough, it doesn't even state that it's trying to execute the file.managed state
23:06 greyull http://pastebin.com/PviTccHy It's just that (ignore the stuff on the bottom, that's satisfying some attempted tests that my bosses asked me to try)
23:07 greyull Works fine on every node except the master itself (cf-ms)
23:08 morganfainberg left #salt
23:08 morganfainberg joined #salt
23:08 greyull It's executed by the top state right now, whose output is http://pastebin.com/cmEte0jc
23:09 greyull cp.get_file DOES work, though
23:16 greyull A possible source of issue is I get a warning that is [WARNING ] Duplicate Key: '/etc/motd" found in salt://motd environment=base
23:18 UtahDave greyull: what's your top file look like?
23:18 SEJeff_work greyull, in motd.sls, you have 2 occurrences of /etc/motd: ... defined
23:19 SEJeff_work I'm guessing
23:19 SEJeff_work UtahDave, You've got this? Thats awesome. I'm about to head home
23:19 greyull Hold up, UtahDave, let me pastebin it
23:19 UtahDave SEJeff_work: sure!   thanks, SEJeff_work
23:19 UtahDave SEJeff_work: go home and finish that quadcopter!!
23:19 greyull UtahDave: http://pastebin.com/DyZSmhxB
23:19 * SEJeff_work waves
23:19 SEJeff_work :)
23:20 greyull Again, silly bits amongst my states.
23:20 greyull Just basic testing.
23:22 UtahDave greyull: OK, so you need to have the file.sed require the - file: /etc/motd
23:22 greyull Alright. I'll add that.
23:25 greyull Initially: A recursive requisite was found, SLS "motd" ID "/etc/motd" ID "/etc/motd". Working on swapping things around with that...
23:25 greyull UtahDave: Modified to this so far http://pastebin.com/ej1ZUEYJ
23:26 UtahDave ok, that looks good
23:26 greyull Now it gives the error: Name "/etc/motd" in sls "motd" contains multiple state decs of the same type
23:26 UtahDave yeah, check to make sure that /etc/motd is only defined once
23:27 greyull Hmm... I wonder if I accidentally defined it somewhere else...
23:28 Corey terminalmage: I am now.
23:29 auser joined #salt
23:29 auser hey all
23:29 dcrouch joined #salt
23:30 terminalmage Corey: I just wanted to ask you about the PPA
23:30 terminalmage I emailed you instead
23:31 greyull UtahDave: Only defined once. Do the if statements get interpreted by a newline, by any chance?
23:31 greyull as a newline*
23:31 greyull If so, that's probably confusing the YAML renderer
23:32 UtahDave oh, wait.  yes, you are duplicating /etc/motd
23:32 UtahDave when the if statements are true you have   /etc/motd: there again
23:34 greyull Ah!
23:35 greyull UtahDave: So even when it's like http://pastebin.com/ej1ZUEYJ , it still places /etc/motd: there again?
23:36 UtahDave no, but they fall under the top /etc/motd:
23:36 greyull So I should separate them?
23:36 UtahDave does what you just paste work?
23:36 greyull Nope.
23:36 UtahDave what happens?
23:36 greyull That's when I get the "contains multiple state decs of the same type"
23:36 greyull Although I'm starting to wonder if that's because I'm using multiple states from the file state?
23:37 greyull IE, should I try doing file: -managed: -append: -sed: ?
23:37 UtahDave the state decs are the lines like      file.managed and file.sed
23:37 greyull Yeah.
23:37 UtahDave You can use one instance of them per ID Dec
23:37 UtahDave The ID dec in this instance is /etc/motd:
23:37 greyull Mhm.
23:40 greyull UtahDave: So is there a way to do a file.managed and file.sed in the same ID declaration?
23:40 greyull Or would I have to set up a different sls to do the other operations?
23:42 UtahDave Yeah, you can do both under the same ID declaration.  You'll just want to have the file.sed require the file.managed
23:43 efixit joined #salt
23:49 auser UtahDave: is there a way to trigger a highstate from one minion to the next?
23:50 auser as in… when I bring up a new hadoop slave, I want the rest of the hadoop machines to run highstate to catch the new node
23:50 UtahDave auser: yep.  You would enable the peer interface.  You can authorize a minion to be able to execute an arbitrary command on another arbitrary minion or all minions
23:50 auser gotcha… I am aware of that, I suppose the question is can that be enabled from within a state at the end of the highstate run
23:51 UtahDave auser: yep.  Also you could have the new node send a custom message to the master and have the reactor listen for it and do whatever you need when a new node is ready
23:51 auser oh… are there docs on that?
23:52 UtahDave yeah, admittedly they could use some help.  Let me grab the url for you
23:53 UtahDave here's the reactor docs: http://docs.saltstack.com/topics/reactor/index.html?highlight=reactor
23:53 auser sweet
23:53 auser oh yeah, I read this yesterday
23:53 UtahDave Here's the event system to send from the minion: http://docs.saltstack.com/topics/event/index.html?highlight=event%20system
23:53 auser I'll reread it
23:53 auser thanks
23:53 auser oh yes, I know that one
23:54 auser I'm still trying to wrap my head around what Thomas suggested https://github.com/saltstack/salt/issues/4993
23:55 UtahDave Yeah, it sounds like he wants to add a method to the local client to get the data correctly.
23:55 UtahDave He's been at a conference the last couple of days. He'll be in the office tomorrow and can probably throw down some code.
23:56 auser gotcha
23:56 auser rad, that'd be great, demoing for a client tomorrow, so I'll be sure to leave that out
23:56 auser :)
23:57 UtahDave cool
23:57 auser thanks UtahDave; always the best
23:57 auser reactor system is super cool
23:58 UtahDave yeah, you can do some awesome stuff with it.
23:59 auser man, I need to contribute my states back

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary