|
|
qhartman
|
after upgrading a client to 0.10.12 I'm getting the following error using the python 1.0.6 cookbook: http://pastebin.com/3ysMgGUV Any ideas? This one is beyond me.
|
00:03 |
|
manually install virtualenv (pip install virtualenv) seems to get around it
|
00:05 |
|
|
rbarrero
|
Hi there
|
00:11 |
|
question about role attributes
|
00:11 |
|
If I update a role's defaut attributes, do the nodes pick up these attributes immediately?
|
00:12 |
|
or do I have to create a new node from the updated role?
|
00:12 |
|
|
ssd7
|
rbarrero: Any node with that role in it's run list will process the new attributes on the next chef-client run.
|
00:14 |
|
Until chef-client run's on that node again, the node will remain unchanged.
|
00:16 |
|
|
matt__
|
Hello
|
00:24 |
|
I've seen this error many times before
|
00:24 |
|
when running postgreql::client
|
00:24 |
|
it fails when it gets to installing "pg" gem
|
00:24 |
|
i've seen a few fixes for it
|
00:25 |
|
like including the apt recipe right before the postgresql::client
|
00:25 |
|
that worked before, but for some reason, now it isn't
|
00:25 |
|
and now i'm again getting the following error: "FATAL: Gem::Installer::ExtensionBuildError: gem_package[pg] (postgresql::client line 32) had an error: Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension."
|
00:27 |
|
line 32: gem_package "pg"
|
00:27 |
|
any thoughts on how to provide a good fix for this?
|
00:29 |
|
|
qhartman
|
if you try to run that command manually, what does gem output? It sounds like you might be missing build-essential or something similar requirted to build the pg gem.
|
00:29 |
|
|
btm
|
matt__: have you tried running 'sudo gem install pg' manually to see if it gives a clue as to what it is lacking? Usually it is a build environment (like the build-essentials package on ubuntu usually resolves this)
|
00:29 |
|
qhartman: +1
|
00:29 |
|
|
qhartman
|
lol
|
00:29 |
|
heh
|
00:29 |
|
btm: Just upgraded 10.12 today and it looks good so far....
|
00:30 |
|
|
matt__
|
I just installed it manually
|
00:30 |
|
|
qhartman
|
installed the pg gem manually?
|
00:30 |
|
|
matt__
|
and when i do gem search, i see it listed: pg (0.13.2)
|
00:30 |
|
yes
|
00:30 |
|
|
qhartman
|
hm, ok. So it seems like it will start working on this host. Could you paste the stack trace from /var/chef/cache into a pastebin? It would be good to get this actuallyfixed.
|
00:31 |
|
I use the pg recipe a lot too and though I haven't run into this problem myself, it would be nice to help refine it.
|
00:32 |
|
|
matt__
|
one sec
|
00:33 |
|
http://pastebin.com/tk1Eg5ZQ
|
00:33 |
|
|
erikh
|
btm: congrats
|
00:36 |
|
|
qhartman
|
btm: *applause*
|
00:36 |
|
|
btm
|
omg!
|
00:36 |
|
|
Twirrim
|
grats
|
00:36 |
|
|
btm
|
win!
|
00:37 |
|
|
qhartman
|
third try and all that...
|
00:37 |
|
matt__, huh, that's an error that's probably beyond my Ruby-fu. Dig into the mkmf.log file that it refers to and see if that yields any clues
|
00:38 |
|
matt__, since running gem install by hand worked, it seems like chef might be setting some configure parameters that gem isn't liking in this case.
|
00:38 |
|
|
nmistry
|
is there a suggested way to maintain a network interface within chef. I want to add a new dummy br0 interface.
|
01:02 |
|
|
hoover_damm
|
nmistry, template up the file?
|
01:05 |
|
nmistry, there maybe cookbooks on community.opscode.com
|
01:06 |
|
|
nmistry
|
well, inside a recipe.
|
01:09 |
|
i think there is network_interfaces cookbook
|
01:09 |
|
|
nmistry
|
im having trouble w/ new clients authenticating all of a sudden.
|
02:21 |
|
getting a FATAL: Net::HTTPServerException: 401 "Unauthorized"
|
02:21 |
|
i have checked the time (sync'd w/ ntp), timezones, etc.
|
02:21 |
|
valdiation.pem is correct
|
02:22 |
|
|
Randm
|
did you change your dns information?
|
02:22 |
|
hostname, client hostname, search path?
|
02:22 |
|
|
nmistry
|
hostname, dns etc dont get set until its bootstrapped, im using knife-rackspace.. i can send a paste
|
02:22 |
|
|
Randm
|
hmm, dunno then
|
02:22 |
|
|
nmistry
|
http://pastebin.com/pGZzL6Gv
|
02:23 |
|
on server and on client it shows 401's
|
02:23 |
|
is there a way to test the validation.pem from the remote side?
|
02:25 |
|
|
jessicab
|
nmistry - you could test it with knife? is that what you mean? like knife node list -k .chef/validation.pem
|
02:28 |
|
that would just use validation.pem to auth instead of your user key
|
02:28 |
|
|
nmistry
|
k
|
02:28 |
|
should knife node list -k validation.pem work from my client?
|
02:30 |
|
b/c its not working
|
02:30 |
|
and why would it change?
|
02:30 |
|
|
jessicab
|
nmistry - its probably in the .chef folder, .chef/validation.pem
|
02:32 |
|
|
nmistry
|
yea its in ~/.chef
|
02:32 |
|
but it should work right?
|
02:32 |
|
b/c it does not
|
02:32 |
|
|
jessicab
|
yea, but youll want to use -k .chef/validation.pem
|
02:32 |
|
does it just say not found, or does it also 401?
|
02:33 |
|
|
nmistry
|
right -k ~/.chef/validation.pem
|
02:33 |
|
401
|
02:33 |
|
it finds the key
|
02:33 |
|
|
jessicab
|
oh sorry, you need to use -u too.. totally forgot about that
|
02:34 |
|
like knife node list -k .chef/validation.pem -u "chef-validator"
|
02:35 |
|
but yea, that should work to check if the validation.pem is good locally
|
02:35 |
|
|
nmistry
|
ok, so it seems that my validator.pem got redone.
|
02:35 |
|
what would cause that to happen?
|
02:35 |
|
(other than a user re-generating it)
|
02:36 |
|
|
jessicab
|
hm.. i cant really think of anything, but i mostly just use hosted chef
|
02:37 |
|
|
nmistry
|
what if someone deleted the validation.pem file in /etc/chef?
|
02:38 |
|
and then restarted the service?
|
02:38 |
|
|
matt__
|
is it possible to use FileUtils.mv() to copy a file from cookbook
|
02:43 |
|
if so, I'm not sure what the path for the file would be
|
02:43 |
|
|
nmistry
|
thanks for the help jessicab, Randm,
|
02:49 |
|
|
nmistry
|
can someone help me decode what this actually does:
|
05:11 |
|
notifies :run resources(:execute => "ifup")
|
05:11 |
|
this is in the context of a povider defining a template
|
05:11 |
|
does it just do ifup, or ifup resource name
|
05:12 |
|
any help appreciated
|
05:17 |
|
|
danryan
|
hey nmistry, `notifies` will execute the :action (:run in this case) for the resource named "execute[ifup]"
|
05:22 |
|
|
nmistry
|
what arguments get sent to execute[ifup]?
|
05:22 |
|
or parameters
|
05:22 |
|
|
danryan
|
nmistry: only the action specified as the first argument to notifies
|
05:23 |
|
nmistry: no other arguments are passed
|
05:23 |
|
nmistry: http://wiki.opscode.com/display/chef/Resources#Resources-Notifications
|
05:24 |
|
|
nmistry
|
why the resources( ) ?
|
05:25 |
|
danryan^
|
05:25 |
|
is that DSL for a resource object?
|
05:26 |
|
|
williamherry
|
what step should follow if I want change node's name?
|
05:47 |
|
|
BryanWB_
|
ohai chefs!
|
06:37 |
|
|
specialsauce
|
o/
|
06:39 |
|
|
BryanWB_
|
\o
|
06:40 |
|
|
ssd7
|
Heya
|
06:55 |
|
|
jacobat
|
I changed the hostname of my chefserver and now rabbitmq is throwing auth errors: "FATAL: Connection to rabbitmq refused."
|
08:02 |
|
Where should I go read up on that?
|
08:02 |
|
|
Tensibai
|
jacobat: I would say there: http://wiki.opscode.com/display/chef/Chef+Indexer and there: http://wiki.opscode.com/display/chef/Backing+Up+Chef+Server
|
08:15 |
|
|
jacobat
|
Thanks
|
08:16 |
|
|
Tensibai
|
there's an auth mechanism on rabbitMQ allowing connection from hostname, I do not 'master' it but heard about it enough
|
08:16 |
|
You may also do a search on chef-user list, this kind of problem has been discussed and solved on the list too
|
08:17 |
|
Worth a wiki page I think
|
08:17 |
|
|
makuk66
|
jacobat: http://wiki.opscode.com/display/chef/Installing+Chef+Server+Manually, see the "configure rabbitmq" bit.
|
08:44 |
|
|
jacobat
|
makuk66: Excellent thanks
|
08:45 |
|
I think I got it now :)
|
08:45 |
|
|
pehlert
|
How can I access node attributes (from ohai) within my recipes?
|
08:47 |
|
|
Tensibai
|
pehlert: node['attribute']
|
08:54 |
|
|
pehlert
|
Thanks
|
08:55 |
|
|
pehlert
|
When you use a third party cookbook and would like to modify it, what is the best practice to do this? Add it to your repo and modify the code as if it was yours?
|
09:05 |
|
|
BryanWB_
|
pehlert: fork into your github acct, then clone
|
09:15 |
|
then modify as yours
|
09:15 |
|
|
hippiehacker
|
https://gist.github.com/2953401 # should a data_bag id that has a '+' in it generate a FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash! OR FATAL: Chef::Exceptions::InvalidDataBagItemID: Data Bag items must have an id matching /^[\-[:alnum:]_]+$/, you gave: "rails+emacs"
|
10:36 |
|
|
ashb
|
hippiehacker: yes, seems like the error could be better
|
10:38 |
|
|
drrk
|
if you understang regular expressions it's a great error, but I can understand that's not idea in general :)
|
10:44 |
|
|
ashb
|
drrk: the final error is Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!
|
10:45 |
|
|
fish_
|
re
|
10:47 |
|
|
drrk
|
how do I use a LWRP from one cookbook in another?
|
10:53 |
|
|
BryanWB_
|
drrk: include_recipe "foo"
|
10:55 |
|
|
drrk
|
will that run the default cookbook aswell?
|
10:56 |
|
|
BryanWB_
|
drrk: u may have to do some funky stuff iirc
|
10:56 |
|
|
drrk
|
no, that seemed to do it, thanks
|
10:57 |
|
|
BryanWB_
|
drrk: something like Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
|
10:57 |
|
hippiehacker: hey guddy!
|
10:57 |
|
s/guddy/buddy/
|
10:57 |
|
|
drrk
|
the include_recipe seemed to do it
|
10:58 |
|
|
drrk
|
if a template has <%= node[:bind9][:allow_recursion] %> is that looking up from attributes?
|
11:16 |
|
sorry If I am asking lots of nebiwe questions, but i've only been using chef-solo for a while
|
11:17 |
|
|
BryanWB_
|
drrk: y
|
11:23 |
|
|
drrk
|
so I can set them with knife, or in another recipe
|
11:23 |
|
|
williamherry
|
does chef provide run command on client, with out ssh?
|
11:29 |
|
I know knife ssh work fine, but my boss say it is not safe
|
11:30 |
|
|
zts
|
williamherry: Chef doesn't currently have anything built-in. I'm using mcollective to kick off chef runs (or sometimes ssh), but it's easy to integrate if you're already using another tool
|
11:38 |
|
|
jacobat
|
The webui is running very slow for me - like 15+ sec to just get the list of nodes... any way to speed it up?
|
11:41 |
|
|
williamherry
|
zts, if I use ssh, I have to add key to all client, which is a secure issue. I am think if it is possible to execute command use chef's own auth
|
11:41 |
|
|
zts
|
williamherry: we allow sysadmins to ssh to machines, and they can "sudo chef-client" and "sudo pkill -USR1 chef-client" (the second one tells a daemonised chef-client to wake up and run)
|
11:43 |
|
|
BryanWB_
|
williamherry: i do w/ sudo
|
11:43 |
|
|
specialsauce
|
williamhenry: its percectly safe if you secure the private key file. Any authentication is only as safe as the storage of the private element, be it a password or a key or whatever
|
11:43 |
|
|
zts
|
williamherry: so it's not a security issue for us, as it doesn't require any more access than our sysadmins already have
|
11:43 |
|
williamherry: note that chef-client contacts chef-server, not the other way around - there is no way for the server to contact clients to say "run now"
|
11:44 |
|
(though maybe something will be added in the future)
|
11:45 |
|
|
williamherry
|
if chef server be hacked, all client will in danger, is that right?
|
11:45 |
|
|
zts
|
if the chef server is hacked, the hacker could put bad information into it, which the clients would then retrieve
|
11:45 |
|
|
specialsauce
|
(but that could happen with just pull running and regardless of how the server authenticates against the clients)
|
11:46 |
|
|
zts
|
exactly
|
11:46 |
|
|
fish_
|
we're bootstrapping new systems (now) without knife bootstrap, so we're just putting the validator.pem + client.rb on the noder and letting the system register itself with chef
|
12:16 |
|
this works fine, but for whatever reason the server_url in the node is wrong. it was correctly set in the client.rb but after running the chef cookbook it overwrites the client.rb with node[:chef][:server_url]
|
12:17 |
|
oh.. I think I just figured it out..
|
12:19 |
|
never mind :)
|
12:19 |
|
|
dkannan
|
how do i override an attribute defined in cookbook1 in cookbook2 ?
|
12:20 |
|
cookbooks/nginx has a nginx.version. need to overwrite in site-cookbooks/default. i tried node.overwrite - but does not work
|
12:22 |
|
works if i set in the json_attributes files, node.json. but like it to be in code
|
12:22 |
|
|
dkannan
|
got it
|
12:38 |
|
|
jacobat
|
Anyone seens this before: Named route node could not be generated with {:id=>nil} - (Merb::Router::GenerationError)
|
12:39 |
|
Full backtrace http://pastie.org/4114187
|
12:39 |
|
|
yfeldblum
|
dkannan, are you looing for `node.override`?
|
12:47 |
|
|
jacobat
|
It would appear there's something broken in my database of nodes... "knife node list" fails, but "knife client list" succeeds
|
12:55 |
|
|
intinig
|
hello all
|
13:14 |
|
is it expected that knife ec2 server start <insert stuff to run ubuntu instance here> fails on bootstrap?
|
13:15 |
|
http://tickets.opscode.com/browse/CHEF-3212
|
13:15 |
|
|
btm
|
intinig: we're aware that yesterdays 10.12 release doesn't have a valid omnibus package (due to naming). I'll be fixing that today.
|
13:22 |
|
|
m0s
|
hello guys, i'm trying to install chef-server using this article http://wiki.opscode.com/display/chef/Installing+Chef+Server+using+Chef+Solo
|
13:22 |
|
and getting
|
13:22 |
|
[2012-06-19T13:15:43+00:00] ERROR: ruby_block[update-java-alternatives] (java::openjdk line 43) has had an error[2012-06-19T13:15:43+00:00] ERROR: Running exception handlers[2012-06-19T13:15:43+00:00] ERROR: Exception handlers complete[2012-06-19T13:15:43+00:00] FATAL: Stacktrace dumped to /tmp/chef-solo/chef-stacktrace.out[2012-06-19T13:15:43+00:00] FATAL: NoMethodError: ruby_block[update-java-alternatives] (java::openjdk line 43) had an error: NoM
|
13:22 |
|
stack trace is here https://gist.github.com/e47b00e350896e51057e
|
13:23 |
|
what i can do with that?
|
13:23 |
|
|
intinig
|
btm: thx
|
13:24 |
|
|
m0s
|
ubuntu 12.04
|
13:25 |
|
on ec2 box
|
13:26 |
|
|
dcrosta
|
a comment in https://github.com/opscode/knife-ec2/pull/2 suggests that you can configure EC2 ephemeral storage through --user-data (with knife ec2 server create), but no one says exactly how. does anyone here know?
|
13:32 |
|
|
ddosia
|
hello guys, i write recipe, and this recipe should install package, but if platform is debian (on ubuntu this package is in default repos), i should add special repo. How should i do this? some smart conditions inside recipe or maybe exist propper way?
|
13:47 |
|
|
dcrosta
|
ddosia: check out the apt cookbook (http://community.opscode.com/cookbooks/apt) which lets you configure additional repositories
|
13:48 |
|
|
ddosia
|
dcrosta: i know how konfigure additional repositories with apt, i ask about platform detecting
|
13:48 |
|
|
dcrosta
|
ddosia: sorry, my bad. check out the platform? and platform_version? helpers at http://wiki.opscode.com/display/chef/Recipes#Recipes-platform%3F
|
13:49 |
|
|
ddosia
|
should i do inside recipe something like that: only_if platform == ubuntu do
|
13:49 |
|
|
dcrosta
|
ddosia: i'd do "only_if { platform?("debian") }"
|
13:50 |
|
|
ddosia
|
but this is normal practice? I doubt, because there is a lot abstractions like resources and providers...
|
13:51 |
|
|
zts
|
yes, it's common
|
13:52 |
|
similarly, to choose the right package name for the platform
|
13:52 |
|
although another approach is to have a recipe which installs all the repositories you might require for your platform, so that you can assume they will be present when your other cookbooks are used
|
13:54 |
|
|
ddosia
|
how about "value_for_platform(...)" thing?
|
13:55 |
|
|
zts
|
that's good for choosing package name based on platform(+version)
|
13:56 |
|
|
yfeldblum
|
dcrosta, don't do guards if the checks can be evaluated at "compile time" - instead, do normal ruby `if` and `unless` statements
|
14:06 |
|
ddosia, `if platform?("debian") || platform?("ubuntu") ; additional_apt_repo_resource_that_you_fill_in ; end`
|
14:07 |
|
|
dcrosta
|
yfeldblum: I try to follow http://acrmp.github.com/foodcritic/#FC023 in this regard
|
14:09 |
|
|
yfeldblum
|
dcrosta, it's wrong
|
14:14 |
|
dcrosta, guards are for checking conditions just-in-time for the purpose of delivering idempotency for resources that are not intrinsically idempotent
|
14:16 |
|
|
zts
|
yeah, using a guard that will (for a given system) _always_ evaluate false seems a bit weird
|
14:18 |
|
|
RJ2
|
i have a missing node in my "knife search" results. i set up a new chef server on an ubuntu 12.04 box, chef 10.12.0 - added ad additional ubuntu node using "knife bootstrap". the new node shows in "knife node list", but not if i do "knife search node 'name:*'"
|
14:48 |
|
new node that's missing from search results is called finchley, if i do this, it looks fine (has a name key etc) knife node show finchley -Fj | less
|
14:49 |
|
i checked the rabbitmq queues, all have length 0
|
14:49 |
|
|
mattray
|
RJ2: search issues on Ubuntu always seem to come back to Solr
|
14:50 |
|
|
RJ2
|
any way to force a full index rebuild? i only have 2 nodes
|
14:50 |
|
restarting solr didn't help
|
14:51 |
|
|
mattray
|
solr ships with a small index size, lemme find the ticket
|
14:51 |
|
|
RJ2
|
my two nodes are minimal, the runlist is ~5 entries. this is a tiny chef install so shouldn't be hitting any limits
|
14:51 |
|
|
Tensibai
|
RJ2: which os for nodes ?
|
14:53 |
|
|
RJ2
|
tried knife index rebuild, still the same problem afterwards
|
14:53 |
|
Tensibai: ubuntu 12.04
|
14:54 |
|
|
Tensibai
|
ok, bad guess :)
|
14:54 |
|
|
mattray
|
RJ2: http://tickets.opscode.com/browse/CHEF-2346 maybe?
|
14:54 |
|
|
Tensibai
|
(windows can give a really big attribute field ... so ...)
|
14:54 |
|
|
RJ2
|
ohhhh
|
14:55 |
|
i do have 32k IPv6 addresses on this machine
|
14:55 |
|
so perhaps that's it :)
|
14:55 |
|
mattray: thanks
|
14:55 |
|
presumably that's a solr attribute per ip
|
14:55 |
|
|
mattray
|
yikes
|
14:56 |
|
you might want to scale down some of that ohai data
|
14:56 |
|
|
RJ2
|
can i make it not index and of the ip related stuff on that machine somehow?
|
14:56 |
|
|
mattray
|
RJ2: https://github.com/opscode/whitelist-node-attrs
|
14:56 |
|
|
cwj
|
ohai more like ohsnap
|
14:56 |
|
|
sascha_d
|
mattray that is beautiful
|
14:57 |
|
|
mattray
|
sascha_d: be sure to thank holoway
|
14:58 |
|
|
sascha_d
|
I figured him for still asleep or I would have said him too :)
|
14:59 |
|
github needs a like or upvote option :)
|
14:59 |
|
|
RJ2
|
yay, that fixed it. just added whitelist-node-attrs to the end of the runlist for my lots-of-ips node
|
15:00 |
|
thanks :)
|
15:00 |
|
|
jelder
|
hello, getting a 404 when i try to use knife ec2: http://s3.amazonaws.com/opscode-full-stack/ubuntu-11.04-x86_64/chef-full_10.12.0_amd64.deb
|
15:13 |
|
|
paulmooring
|
jelder we had an update last night that seems to be the problem, what bootstrap script are you using?
|
15:15 |
|
|
jelder
|
paulmooring: not sure what information you need. I'm using 10.12.0 and "knife ec2 server create -x ubuntu" and my ami is ubuntu 12.04 instance stoage
|
15:17 |
|
|
paulmooring
|
got give me a moment to check up on this
|
15:18 |
|
|
jelder
|
paulmooring: if this helps: http://pastebin.com/RvBCSBLA
|
15:19 |
|
|
laserguy2020
|
Hello, I was wondering if someone could tell me if there is a way to check to see if a user or group exists without making a direct system call.
|
15:21 |
|
|
paulmooring
|
laserguy2020: Ruby has an Etc module in the std library
|
15:21 |
|
son
|
15:22 |
|
'
|
15:22 |
|
don't know the syntax off hand but here's the docs http://www.ruby-doc.org/stdlib-1.9.3/libdoc/etc/rdoc/Etc.html
|
15:22 |
|
|
laserguy2020
|
paulmooring: so there is notice chef specific to do this?
|
15:22 |
|
|
paulmooring
|
I don't believe there is one built in
|
15:22 |
|
you're asking about local system users, like in /etc/passwd right?
|
15:23 |
|
|
laserguy2020
|
yes
|
15:23 |
|
|
paulmooring
|
Then no there is not
|
15:23 |
|
|
laserguy2020
|
Okay thanks for your help.
|
15:24 |
|
|
yfeldblum
|
laserguy2020, https://github.com/opscode/chef/blob/master/chef/lib/chef/provider/user.rb#L51
|
15:24 |
|
laserguy2020, that's an example of usage
|
15:24 |
|
|
erratic
|
ohai parrots
|
15:27 |
|
was wondering if anybody had played with the munin cookbook recently
|
15:27 |
|
|
zts
|
paulmooring: by default, ohai will populate node['etc']['passwd']
|
15:33 |
|
laserguy2020: ^^
|
15:33 |
|
|
paulmooring
|
jelder: Is this a 32 or 64 bit instance?
|
15:33 |
|
|
jelder
|
64
|
15:34 |
|
|
paulmooring
|
jelder: The short answer is we're in the process of rolling out the installers for 0.10.12, using bootstrap from knife 0.10.10 works right now and from 0.10.12 should be fixed in an hour or so
|
15:38 |
|
The workaround right now is to specify a template file for the bootstrap and use this link: http://s3.amazonaws.com/opscode-full-stack/ubuntu-12.04-x86_64/chef_10.12.0-1.ubuntu.12.04_amd64.deb
|
15:39 |
|
if you locate/find the default template (chef-full.erb) you can use that as a starting place
|
15:39 |
|
and just change the download link
|
15:40 |
|
or alternatively use the ubuntu12.04-gems template
|
15:41 |
|
|
erratic
|
hi ssd7
|
15:54 |
|
|
ssd7
|
hi
|
16:02 |
|
|
erratic
|
do u liek munin??
|
16:03 |
|
mmmmmm donutty deliciousness
|
16:04 |
|
donut flavored donuts
|
16:04 |
|
|
specialsauce
|
ohai chefs. I'm getting a really odd error on a client run that I can't figure out if anyone can spare time to take a look please: http://pastebin.com/bTyvBxKG
|
16:04 |
|
|
erratic
|
specialsauce Ive been having to start my chef-server and chef-solr in the foreground to get them to work
|
16:05 |
|
its really weird
|
16:05 |
|
|
ssd7
|
erratic: Sure, we use it for a few things here. I'm not a huge fan of the graphs it generates
|
16:05 |
|
|
erratic
|
any luck with the cookbook
|
16:05 |
|
I cant figure out how to get the plugins to start on clients
|
16:05 |
|
I cant tell if Im supposed to put them in the recipe or somewhere else
|
16:06 |
|
|
ssd7
|
erratic: Sorry, I don't have a ton of experiencing that community cookbook
|
16:06 |
|
|
erratic
|
no worries
|
16:06 |
|
thanks though
|
16:07 |
|
nothing else
|
16:07 |
|
|
specialsauce
|
erratic: this is specific to the cookbook I'm using so I assume I'm doing something insane in my ruby but I'm not sure what
|
16:07 |
|
|
erratic
|
I should just try what I think is right
|
16:07 |
|
and see what it does
|
16:07 |
|
just figured I'd try to get some insight first
|
16:07 |
|
specialsauce oh yeah
|
16:07 |
|
my issue is with chef server as far as the problem I've been having with my clients not being able to to connect or connecting very slowly or something
|
16:08 |
|
chef server is hard to run
|
16:08 |
|
|
paulmooring
|
specialsauce: which line is 199?
|
16:08 |
|
nm I see it
|
16:08 |
|
|
specialsauce
|
paulmooring, cheers
|
16:09 |
|
|
paulmooring
|
specialsauce: do you have `default["memcached"]["options"]` set to a value elsewhere?
|
16:11 |
|
|
specialsauce
|
no
|
16:11 |
|
paulmorring: I was trying to reference through the attributes "tree", ie its set as ":memcached => { :options => { :fatalcodes = "whatever" }}} in the env hash
|
16:13 |
|
|
paulmooring
|
so that error comes from trying to use an existing string as a hash
|
16:15 |
|
if I set default["test01"] = "foo"
|
16:15 |
|
then try to set something in default["test01"]["test02"]
|
16:16 |
|
I'll get that index error
|
16:16 |
|
There's not enough context there to know where default["memcached"]["options"] was set
|
16:16 |
|
but find it and move it 1 level deeper and you'll be fine
|
16:17 |
|
specialsauce: also don't forget it could be set in the node, role, ect.
|
16:19 |
|
|
specialsauce
|
paulmooring, ok, thanks I'll take a look. so i'm fine to use the same syntax, but just not if that level of the hash is already referenced somewhere else as a string?
|
16:20 |
|
|
paulmooring
|
exactly, all the values should be on the last value
|
16:20 |
|
|
specialsauce
|
yeah that's how I thought I had set it, let me check
|
16:21 |
|
|
paulmooring
|
you can set the value to another hash, but imo that's over complicating things
|
16:21 |
|
|
specialsauce
|
paulmooring, spot on, I had used the same attr in the hash hierarchy elsewhere (unset) and the two recipes were called from the same role. thanks for the help!
|
16:25 |
|
|
paulmooring
|
np
|
16:27 |
|
|
Zenigor
|
Is there any sort of workaround for http://tickets.opscode.com/browse/COOK-629?page=com.googlecode.jira-suite-utilities%3Atransitions-summary-tabpanel
|
16:30 |
|
|
hoover_damm
|
Zenigor, what version of the perl cookbook are you running?
|
16:32 |
|
0.10.2 should have it
|
16:32 |
|
|
Zenigor
|
@hoover_damm perl 0.10.0 from the community site
|
16:32 |
|
|
hoover_damm
|
Zenigor, then you need 0.10.2
|
16:32 |
|
Zenigor, https://github.com/opscode-cookbooks/perl
|
16:32 |
|
Zenigor, community site is out of date
|
16:33 |
|
at least on this cookbook
|
16:33 |
|
|
erratic
|
http://seadevops0612-es2.eventbrite.com/?srnk=1
|
16:33 |
|
anybody know about this
|
16:33 |
|
|
Zenigor
|
@hoover_damm thank you
|
16:33 |
|
|
hoover_damm
|
oh coprocessors
|
16:34 |
|
why oh why
|
16:34 |
|
or why do I care
|
16:34 |
|
erratic, what about the devops?
|
16:35 |
|
|
erratic
|
the meetup is tonight right
|
16:35 |
|
|
jelder
|
having a bit of trouble bootstrapping chef 12.10: http://pastebin.com/Q3F2Y7G4
|
16:35 |
|
|
hoover_damm
|
erratic, yep
|
16:35 |
|
|
erratic
|
okay kewl
|
16:35 |
|
|
hoover_damm
|
erratic, not sure why it says ended there
|
16:35 |
|
|
jelder
|
pretty sure i'm not using --template-file correctly
|
16:35 |
|
|
erratic
|
yeah cant figure out how to rsvp
|
16:35 |
|
|
hoover_damm
|
you don't need to
|
16:35 |
|
|
erratic
|
I usually do it on meetup.com
|
16:35 |
|
ok
|
16:35 |
|
hoover_damm are you gonna be there? I've been wanting to meet you for awhile
|
16:36 |
|
|
hoover_damm
|
erratic, I never go
|
16:36 |
|
|
erratic
|
you're not in seattle anyway are you
|
16:36 |
|
|
hoover_damm
|
erratic, lately i've been working until 8pm which is my excuse
|
16:36 |
|
|
erratic
|
I thought you were in SF or something
|
16:36 |
|
oh cool
|
16:37 |
|
|
hoover_damm
|
I don't goto SF
|
16:37 |
|
only Seattle
|
16:37 |
|
I love our weather
|
16:37 |
|
|
erratic
|
yeah I'll get on irc we should get together for beer or something sometime or after the meetup if you're down
|
16:37 |
|
|
hoover_damm
|
that's actually the reason I stopped going to the Devops meetups is I felt the alcohol thing
|
16:37 |
|
was too big
|
16:37 |
|
Time is always an easy excuse
|
16:38 |
|
I actually avoid conferences for the same reason. It's just avoiding having to tell people 'No thank you, I don't want to drink. I wanted to learn, nothing more'.
|
16:39 |
|
if it's during, or after... I suck at saying no lately, so I just don't go
|
16:39 |
|
erratic, I'm looking forward to the next Chef Conference or Summit honestly. But i'll likely skip out early just to avoid the drinking still
|
16:41 |
|
|
lflux
|
is there any sort of chef meetup at velocity?
|
16:41 |
|
besides that there are chef talks and tutorials
|
16:41 |
|
|
chip-
|
When spooling attributes from an array into a template, how do you handle languages that are sensitive to the last element in the array having a trailing comma, like json?
|
16:42 |
|
|
mattray
|
lflux: we'll have a booth and some training, not sure what else we're doing. Lots of us will be there
|
16:42 |
|
|
chip-
|
Can't just drop a comma in the for loop that writes it out.
|
16:42 |
|
|
lflux
|
mattray: i'm there, but i'm attending other tutorials than the chef ones.
|
16:43 |
|
|
erratic
|
hoover_damm oh
|
16:43 |
|
|
mattray
|
3 Opscoders giving talks
|
16:43 |
|
|
jtimberman
|
lflux: there's a Chef 101 Workshop for sysadmins on Thursday after Velocity.
|
16:44 |
|
|
lflux
|
jtimberman: cool, but i'm going to webperfdays then
|
16:44 |
|
devopsdays was full :(
|
16:44 |
|
i'm kinda past the 101 stage.
|
16:45 |
|
|
jtimberman
|
lflux: well, if you've used Chef, this would be quite basic.
|
16:45 |
|
This is a "never really used Chef" kind of class.
|
16:45 |
|
:)
|
16:45 |
|
|
erratic
|
I hope to get assistance with coding
|
16:45 |
|
and
|
16:45 |
|
munin
|
16:45 |
|
:D
|
16:45 |
|
|
lflux
|
ooh, thanks for reminding, gotta get cracking on my graphite install
|
16:45 |
|
|
erratic
|
oh yeah
|
16:46 |
|
I have a problem with my chef-server / solr
|
16:46 |
|
|
lflux
|
jtimberman: Something like that would be great for some of my colleagues, but we're in Stockholm.
|
16:46 |
|
|
erratic
|
would like to get that figured out too
|
16:46 |
|
|
eherot
|
is there a way in chef (or ruby) to get the currently installed version of a particular package?
|
16:46 |
|
|
jelder
|
hmm the chef-client recipe appears to break with 12.10: http://pastebin.com/E03AGrut
|
16:47 |
|
|
chip-
|
So no takers on my "how to generate an array in a template from an array of attributes when the template is sensitive to having a trailing comma after the last element" question?
|
16:47 |
|
|
thom
|
chip-: array.join(",")
|
16:47 |
|
|
chip-
|
thom: how's that work in conjunction with the examples on http://wiki.opscode.com/display/chef/Templates?
|
16:48 |
|
|
jelder
|
chip-: thom's example results in a string. you can just include that like <%= array.join(',') %>
|
16:48 |
|
|
thom
|
chip-: show the template you're building and we can help you more
|
16:49 |
|
but jelder is correct, you just treat the result as a string
|
16:49 |
|
|
chip-
|
gist: https://gist.github.com/2955238
|
16:53 |
|
Had to sanitize the crap out of it, took a second.
|
16:53 |
|
|
thom
|
chip-: https://gist.github.com/2955245
|
16:55 |
|
|
chip-
|
Ah, okay. So .join(",") is just one of those classes you can slap on an array.
|
16:56 |
|
|
jelder
|
methods, but yes
|
16:56 |
|
|
chip-
|
Pre-coffee.
|
16:56 |
|
I'll blame that
|
16:56 |
|
yes.
|
16:56 |
|
|
jelder
|
http://www.ruby-doc.org/core-1.8.7/Array.html
|
16:56 |
|
so, chefs: was Chef::Client::SANE_PATHS removed from 12.10? the chef-client cookbook is now busted
|
16:58 |
|
http://pastebin.com/E03AGrut
|
16:58 |
|
|
chip-
|
Thanks a lot for the help!
|
16:59 |
|
|
jelder
|
np
|
16:59 |
|
|
erratic
|
sigh
|
17:00 |
|
|
chrisa2
|
jelder: got the latest version of that cookbook? looks like it checks for that constant first, in the current version.
|
17:04 |
|
|
cientifico
|
Hello
|
17:16 |
|
I have questions about the deploy. How is supposed the deploy to start? chef-client runs every 30 minutes. Should i wait until all the instances call chef-client and do a redeploy?
|
17:17 |
|
or should I ssh each machine and run chef-solo with the cookbook to deploy?
|
17:18 |
|
|
cwj
|
cientifico: its a bike shedding issue. in our systems we don't run chef-client on a schedule, just use knife to kick off chef-client runs as needed
|
17:20 |
|
|
cientifico
|
with knife exec?
|
17:23 |
|
So you have a machine that have a deploy script, that is going to ask to chef-server for the app machines, and thenn ssh to the machine and run knife to run the deploy recipe
|
17:24 |
|
|
yfeldblum
|
cwj, more a question of fundamental architecture than bikeshed color, really
|
17:27 |
|
|
mattray
|
cientifico: knife ssh does that
|
17:27 |
|
cientifico: knife ssh "role:base" "chef-client" -x root -a ipaddress
|
17:27 |
|
|
cwj
|
in our case i have chef put a deploy script on each node which deletes lock files and starts a chef-client run
|
17:29 |
|
then i use knife ssh to call the deploy script on the nodes i want to deploy to
|
17:29 |
|
|
cientifico
|
ok
|
17:30 |
|
I see
|
17:30 |
|
Ok. The next point is. I want to continue having chef-client to run continuesly (by init/cron, ... ) to let etc/hosts to update automatically
|
17:32 |
|
that means that i can not put the default deploy recipe in the run list
|
17:32 |
|
so don't have the problem of race conditions in the case of manually deploy and automatic deploy
|
17:33 |
|
|
cwj
|
we use not_if guards to prevent redeploys from happening when a specified lock file exists
|
17:34 |
|
|
cientifico
|
ok
|
17:34 |
|
and you run manually chef-client
|
17:34 |
|
|
cwj
|
not_if { ::File.exists?('/opt/foo/bar/deploy.lock') }
|
17:34 |
|
|
chip-
|
cientifico: I tend to use Cap to deploy code and Chef to manage config files and server build (including the Cap configs)
|
17:34 |
|
|
cwj
|
so you can run chef-client without having to deploy
|
17:34 |
|
but you probably still want to implement locking for chef runs themselves
|
17:35 |
|
|
chip-
|
cientifico: so you can have Cap include a Chef search to generate the list of target hosts, and then have a Cap function that calls chef-client as part of your deploy to pick up the new configs.
|
17:35 |
|
|
cientifico
|
chip- Yeah, that was the initial idea. As we are deploying from tarbals in erlang, the idea was to unpack and call restart
|
17:36 |
|
the idea of capistrano sounds like too much for this case
|
17:36 |
|
plus I will write a cookbook to deploy the app. In case we start new machine, the app should start automatically without manually doing another deploy
|
17:37 |
|
|
miah
|
herp the derp
|
17:38 |
|
|
setient
|
thats me!
|
17:39 |
|
|
cientifico
|
the problem i see if that if I execute 'knife ssh roles:app 'exit -2'' I don't find the way to capture that exit code
|
17:40 |
|
And seems like is ignoring my parameters
|
17:41 |
|
knife ssh roles:app "hostname" -E ci
|
17:41 |
|
|
hoover_damm
|
https://github.com/howaboutwe/capistrano-chef is neat for Capistrano
|
17:41 |
|
but i'll stick to fabric as pychef makes it too darn easy
|
17:42 |
|
|
jelder
|
chrisa2: i'm using version 1.1.4 of the chef-client cookbook, still getting FATAL: NameError: uninitialized constant Chef::Client::SANE_PATHS
|
18:16 |
|
chrisa2: probably because the fix is a month old, and the last release was 3 months ago
|
18:17 |
|
is there some magic trick to using the latest unreleased versions, other that (ugh) git submodules?
|
18:18 |
|
|
joshuag
|
interesting problem, i'm changing erg templates for a cookbook but when i upload a cookbook the template changes are not propagating. ideas?
|
18:25 |
|
|
jelder
|
joshuag: do you have any version restrictions in place?
|
18:26 |
|
|
joshuag
|
i don't believe so. the new version metadata.rb is in the cahce
|
18:26 |
|
cache*
|
18:26 |
|
|
jelder
|
joshuag: but does your environment say to use a specific version?
|
18:27 |
|
|
joshuag
|
jelder: where would that be set?
|
18:28 |
|
|
jelder
|
"knife environment show _default" or whatever environment you are using
|
18:29 |
|
|
joshuag
|
jelder: there are no version restrictions for the cookbook i am changing
|
18:31 |
|
|
joshuag
|
jelder: any other ideas?
|
18:54 |
|
|
jelder
|
joshuag: got me. does the contents of /var/cache/chef match your repo?
|
19:01 |
|
|
joshuag
|
jelder: so metadata.rb matches. the template.cfg.erb does not
|
19:02 |
|
jelder: metadata updated, the template didn't
|
19:02 |
|
|
jelder
|
and you've tried knife cookbook upload again?
|
19:02 |
|
|
joshuag
|
jelder: yeah a couple times
|
19:07 |
|
|
jelder
|
is this your own server or are you using opscode hosted chef?
|
19:07 |
|
|
joshuag
|
jelder: hosted with opscode
|
19:08 |
|
|
jelder
|
dunno man. i don't work for opscode but lots of others here do. they might have a better idea
|
19:08 |
|
|
joshuag
|
hmm
|
19:09 |
|
|
ssd7
|
joshuag: How have you verified that the new template changes are not propagating? What is usually the case when people report this is that the chef-client run isn't actually making it to the template resource.
|
19:12 |
|
Template's are downloaded only when needed, so if your run doesn't make it to the template resource, you will never see it on disk
|
19:12 |
|
|
joshuag
|
ssd7: how would i verify? i deleted /var/chef and reran the client the template shows up, the old veresion
|
19:13 |
|
|
ssd7
|
joshuag: I would first use knife to verify what the server things it has. -----BEGIN RSA PRIVATE KEY-----
|
19:14 |
|
MIIEowIBAAKCAQEA7i6g52JD6eJthZiXQTkCyTtcmRJ7I9P3UHBT3QuWkhwTcwlQ
|
19:14 |
|
uI/IKrJY1QsjsGUniUDjgpll0xdPv3DFhsAiciSgUW+c7ohL0/cwMs7q6GKpRMcA
|
19:14 |
|
rjZGZhivk1cdUTTL+AcJPnuDLktPG45bNBBlVmNU07wQsyDpCIh47Xt0OEaJTjcf
|
19:14 |
|
ybtZ4jbBTxowlm8nrJCLaUvCezxxpFtb2Vmx3UPmeAMVxSudam+5d5Sy1+AkWU3m
|
19:14 |
|
XlrpFhCXweislkPUKr+qjR6Rxr9vWVKEXADBM+5Ziud8imVJv/Yh/iwdajOe7rW/
|
19:15 |
|
lAR90kWB3WcBL80krVt6huacgF5EFKqsg2erUwIDAQABAoIBAGuCpKKM2nbh++nH
|
19:15 |
|
vM51+2n135BApVDAxuuKKHCoYGjHP4g3djY4wHN1WV+gzZU7s6LipU84CpxD831I
|
19:15 |
|
XAC9DU9UdQENTlrlLsUY2Kq2d5Y5ooonAYmhehlvnyD0u4kCOedU1blcaxQkbirU
|
19:15 |
|
ERrpI7Tg1VNVmnwgqM9vOpaHmSgk36sjcQn7VgvRXTEF08zkXOQxV28Azw7mXJBb
|
19:15 |
|
uVpR7j0SEZHuP1X1yE89fflHG6872UL07TTlNWhwiU54QnGzeuziyyezS19fAWd5
|
19:15 |
|
K1oMTJoTrA4q44oMHTH9T/sVwz84sCWovesJf1O6SIZkKqMg4oEVgUKTwUvfMPJa
|
19:15 |
|
hBSOkNECgYEA/UXMczaS/LZk2+qEfn0PDfZYkqRvDsqy6ZsZ7FNnyveaJ68Ev2oH
|
19:15 |
|
Qq4OJGznbeiHymV47h4QeQIysH/ZAgFaMGQD//0KY88SRx/oVapKcojW3R0vj5kt
|
19:15 |
|
FQhJnFgI4St7g46gQrMUpWiBUhxaCtYoRrwWV/9NeBUBNdwIQzzEsLcCgYEA8L86
|
19:15 |
|
yCa0H9buHcu2lzstGJ3Y4sSMaQ+P7DC3BwkXrhn7YXYboOYmFTgDPnqHJi0NMk+C
|
19:15 |
|
g4vIra3fTrcrb/67u+Z18zMQDQ8/EppIHQwHAg+G030CqcwQCoC3mW2qGFKfrHsp
|
19:15 |
|
uWxfr3PGDbiZMt1KnB7/S3qx8gofuhMUwqB+RkUCgYEAnMcwH8GQi058cIVjLslL
|
19:15 |
|
IGF1wpB3Drj6txCDo36dqU5L5nS4g6SmiegkaPfg6nAeXnMhwIRrvfxWVFtPgaZE
|
19:15 |
|
pd/Dehqw68eqkMx3jU+0deGu34DJiCJRfct7hYQZOwknk/Ad1Cv2g82E/8b9Fegr
|
19:15 |
|
Vl3nluE6mzKlZSmnE7fyKVECgYBK2pqTSv1sfO5ykzmFkh+2bLXX5Fbn/6+3N3ph
|
19:15 |
|
FKGpP2ja59c1Uvn6VP0lOwG0jANzZidlcVwHLG2nUuqNmv2SMdjwsirGdLwes5vC
|
19:15 |
|
dE/lgyBft5nRY6KFMXpkmSVvBJmjDnRts9WYfv3QnFn957JgEn88X7zeTemJeI9W
|
19:15 |
|
6IH6pQKBgBqzg4FkkV7FZPNVds6SaNswz0/CBx2MRad8WTWLj7MXmmq1zcw4wPQG
|
19:15 |
|
HobZ2DX9bTJR9NQrGOrWIbrfiA1my0SZktwPqNsvgfnJrwcGI65H0KePZ5F6kPR4
|
19:15 |
|
RTS+RCPPVzh2EaMEvw7k2UgfrrZYGick4t0CpcP3Bk7CXJVDKuoR
|
19:15 |
|
wow
|
19:15 |
|
I'm not even sure how that remotely happened
|
19:15 |
|
|
jelder
|
omfg
|
19:15 |
|
|
ssd7
|
that's f'ing awesome
|
19:15 |
|
ok, I'll be back in a few minutes
|
19:16 |
|
sorry all
|
19:16 |
|
Awesomely, that is also forever logged on the community site.
|
19:17 |
|
blarghghg. OK. Joshuag you can use knife to verify what the server has. knife cookbook show COOKBOOK_NAME COOKBOOK_VERSION templates
|
19:18 |
|
will show you a list of the checksums
|
19:18 |
|
|
joshuag
|
ssd7: lol ok thanks
|
19:18 |
|
|
ssd7
|
knife cookbook show COOKBOOK_NAME COOKBOOK_VERSION templates TEMPLATE_NAME will shwo you the actual file
|
19:18 |
|
|
joshuag
|
and how is the checks created so i can compare local file? md5?
|
19:19 |
|
|
ssd7
|
sha256 I believe
|
19:20 |
|
joshuag: I lied
|
19:21 |
|
md5
|
19:21 |
|
|
joshuag
|
ssd7: was going to just say nope
|
19:22 |
|
lol
|
19:22 |
|
|
juliancdunn
|
just got burned by an error in jtimberman's blog post about encrypted data bags :-(
|
19:22 |
|
|
chip-
|
Heh I was just about to start following that, what's the error?
|
19:24 |
|
|
juliancdunn
|
there are two actually
|
19:24 |
|
number one: he says to set postfix_creds = Chef::EncryptedDataBagItem.load(...) but then in the next step, calls the hash "smtp_sasl"
|
19:25 |
|
|
joshuag
|
ssd7: ok they didn't match
|
19:25 |
|
|
juliancdunn
|
(rather than postfix_creds)
|
19:25 |
|
|
joshuag
|
ssd7: i re-edited the file, changed the version, and reputed, that did it
|
19:25 |
|
|
juliancdunn
|
number two: the third argument to Chef::EncryptedDataBagItem() is supposed to be the text of the secret, not the filename
|
19:25 |
|
|
afallows
|
http://tickets.opscode.com/browse/KNIFE_EC2-45 This issue was recently marked as Fixed. What do I need to do to get the changes? Is it as simple as re-installing knife-ec2?
|
19:26 |
|
|
ssd7
|
joshuag: I see. Well, glad you got it sorted. If you see it again, let us know and we can try to sort this mystery out if there is some deeper cause
|
19:26 |
|
|
joshuag
|
ssd7: thanks
|
19:26 |
|
then md5 check is helpful
|
19:26 |
|
|
ssd7
|
afallows: Our JIRA process can be a bit opaque. That ticket will be merged for the next release but isn't out anywhere yet.
|
19:28 |
|
When it is, it would be marked as closed (rather than just resolved) and have a fixed version.
|
19:28 |
|
I hope to have a knife-ec2 release out soon
|
19:28 |
|
|
jtimberman
|
juliancdunn: i'm sorry
|
19:29 |
|
|
afallows
|
ssd7: Awesome, thanks. Is there a way I can sign up to be notified when that changes? Would JIRA give me the option to watch the ticket? (I have not used JIRA)
|
19:29 |
|
|
ssd7
|
afallows: If you have a JIRA account, you can log in, and then go to the ticket. There should be a "watch" link on the right that will email you about updates.
|
19:31 |
|
|
afallows
|
Most excellent
|
19:31 |
|
|
juliancdunn
|
jtimberman: no worries, maybe you can fix the post when you get a chance
|
19:32 |
|
|
jtimberman
|
juliancdunn: can you drop a comment on the post?
|
19:32 |
|
|
geekbri
|
We need a public IRC -> JIRA name mapping ;). Its fun when you finally put together which jira name goes with which irc user
|
19:32 |
|
|
juliancdunn
|
jtimberman: sure thing
|
19:32 |
|
|
jtimberman
|
thanks!
|
19:33 |
|
|
juliancdunn
|
jtimberman: I don't see a place to comment, am I missing something? http://jtimberman.housepub.org/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
|
19:34 |
|
|
jtimberman
|
juliancdunn: huh! i had disqus on there.
|
19:35 |
|
juliancdunn: joshua@opscode.com
|
19:35 |
|
:)
|
19:35 |
|
|
mattray
|
commenting turn off after a set time?
|
19:35 |
|
|
btm
|
jtimberman: IT GOT DISQUSTED AND LEFT! HAH! :)
|
19:35 |
|
|
jtimberman
|
btm: too many bugs.
|
19:36 |
|
mattray: maybe?
|
19:36 |
|
|
btm
|
jtimberman: setec astronomy?
|
19:36 |
|
|
javawidget
|
hi. can anyone help me with a small problem? (it's really dumb, apologies in advance)
|
20:11 |
|
|
juliancdunn
|
fire away
|
20:11 |
|
|
javawidget
|
when using File.open in my provider code...
|
20:12 |
|
the Chef File class provider is used instead of ruby File
|
20:12 |
|
how might I use ruby File instead of Chef::Provider::File:Class
|
20:13 |
|
|
ssd7
|
javawidget: You can do ::File
|
20:13 |
|
|
javawidget
|
ok.. let me try that now..
|
20:14 |
|
(sorry, I'm about two weeks old with chef)
|
20:14 |
|
I'll report back in a few minutes.
|
20:14 |
|
starting another chef run... crossing fingers...
|
20:17 |
|
|
BryanWB
|
if anyone could put me in contact w/ ben rockwood for foodfightshow, I would really appreciate it
|
20:20 |
|
|
miah
|
hiya BryanWB
|
20:23 |
|
BryanWB: @benr ? =)
|
20:23 |
|
|
BryanWB
|
miah hey! tried that ;)
|
20:25 |
|
|
geekbri
|
BryanWB: why not try info@foodfightshow.org
|
20:25 |
|
|
BryanWB
|
geekbri: then i would be messaging myself ;)
|
20:26 |
|
|
geekbri
|
I'm silly i thought you said get in contact with OF not FOR
|
20:26 |
|
its been a long day :)
|
20:27 |
|
#signsyoushouldgohome
|
20:27 |
|
BryanWB: benr@cuddletech.com ?
|
20:29 |
|
|
BryanWB
|
geekbri tried that weeks ago, a couple times
|
20:29 |
|
|
geekbri
|
Maybe he doesn't want to be contacted!
|
20:29 |
|
|
BryanWB
|
geekbri: judging by how much he loves to talk about illumos in person, i am sure he wants to talk about it on a podcast!
|
20:30 |
|
|
geekbri
|
hehe
|
20:30 |
|
|
papertigers
|
anyone know if there is smf support in chef? Would rather handle it through chef than through a bash script
|
20:41 |
|
|
javawidget
|
Thanks, @ssd7
|
20:42 |
|
worked great.
|
20:42 |
|
|
miah
|
papertigers: afaik, nobody has written a smf provider. but please do =)
|
20:43 |
|
|
yfeldblum
|
the fundamental problem with smf providers is that whenever anybody gets around to starting one, he finds quite rabidly that he gets far too distracted by the phrase "smurf provider" to continue
|
20:46 |
|
rapidly*
|
20:46 |
|
|
bdha
|
Cute.
|
20:47 |
|
In 8 years I've never heard anyone refer to SMF as Smurf.
|
20:47 |
|
I feel really left out now.
|
20:47 |
|
|
miah
|
the smf provider should clearly be named gargamel.rb
|
20:47 |
|
|
jelder
|
i don't quite understand the permission model in the opscode management console. is there any thing i can do to make sure nobody accidentally deletes my validator?
|
20:48 |
|
|
juliancdunn
|
so... I can't have an arbitrary structure in an encrypted databag?
|
20:48 |
|
|
bdha
|
By SMF provider, I assume it means for importing/deleting?
|
20:48 |
|
(because "service" works fine on Solaris for management)
|
20:49 |
|
I wrote the first rev (hopefully replaced?) for the Puppet SMF import bits.
|
20:49 |
|
It's pretty trivial.
|
20:49 |
|
|
miah
|
juliancdunn: ?
|
20:49 |
|
|
javawidget
|
I'm writing a recipe to install custom code that's gzipped in S3: <bucket>:<application_name>:<application_name>-<jenkins_build_number>.tar.gz To test the basic functionality, I've written a provider that has bucket, app name, and version number, and my recipe currently has the version number hard coded... I'm still very new with chef and I don't know the best way to author the recipe to easily allow overrides for the application n
|
20:50 |
|
|
juliancdunn
|
miah: I tried to create an encrypted databag with a structure... not just key-value mappings
|
20:50 |
|
|
miah
|
it has to be json
|
20:50 |
|
|
juliancdunn
|
but it takes my value, which is actually a hash, and encrypts the whole thing
|
20:50 |
|
it is JSON
|
20:50 |
|
|
miah
|
im confused. so you want a encrypted databag. but you dont want it to encrypt certain values?
|
20:51 |
|
|
juliancdunn
|
let me put up a Gist
|
20:52 |
|
|
miah
|
every item inside a encrypted databag is encrypted
|
20:52 |
|
you need the key to decrypt the databag before you can use any of the items/values it presents.
|
20:52 |
|
apart from that, you can store arrays, hashes, etc so long as its valid json.
|
20:53 |
|
|
juliancdunn
|
hmm okay
|
20:53 |
|
maybe I just got misled because the entire value of my hash was encrypted
|
20:54 |
|
yup, it's just me
|
20:54 |
|
|
yfeldblum
|
juliancdunn, the top-level keys in your JSON encrypted-data-bag-item are clear; the top-level values are encrypted; to be encrypted, they are serialized from a JSON data structure to yaml, encrypted, and then the ciphertext is base64'd
|
20:55 |
|
|
miah
|
knife data bag show <bag> <item> --secret-file <myawesomeencryptkey>
|
20:55 |
|
yfeldblum: awesome explaination
|
20:56 |
|
|
juliancdunn
|
thanks... I realized that. thought it was going to only encrypt the lowest-level values so I got thrown off. thanks
|
20:56 |
|
|
javawidget
|
I'm writing a recipe to install custom code that's gzipped in S3: <bucket>:<application_name>/<application_name>-<jenkins_build_number>.tar.gz To test the basic functionality, I've written a provider that has bucket, app name, and version number - my recipe currently has the app and version number hard coded... I'm still very new with chef and I don't know the best way to author the recipe to easily allow for overriding the applica
|
21:05 |
|
|
jelder
|
javawidget: your question is too long for irc and gets truncated, but you probably want to have the build number in the environment or node
|
21:06 |
|
|
javawidget
|
Sorry.
|
21:07 |
|
:)
|
21:07 |
|
let me try something a little shorter..
|
21:07 |
|
I'm still very new with chef and I don't know the best way to author the recipe to easily allow for overriding the application name and version number
|
21:08 |
|
|
jelder
|
sounds like a job for attributes
|
21:08 |
|
|
javawidget
|
I can create the attributes..
|
21:08 |
|
But I don't know how to override them for each chef role.
|
21:08 |
|
overriding attributes is lke black magic to me atm
|
21:09 |
|
|
jelder
|
then don't worry about overriding
|
21:09 |
|
|
javawidget
|
so.. I want to write one recipe that I can pass the application name and build number to for downloading..
|
21:10 |
|
|
jelder
|
just add them to the default_attributes in your environment
|
21:10 |
|
|
javawidget
|
and use this recipe for many different code deployments
|
21:10 |
|
|
jelder
|
use the role then
|
21:10 |
|
|
javawidget
|
I have different applications that I want to deploy in the same environment.
|
21:10 |
|
OK.
|
21:11 |
|
|
jelder
|
if you only ever define something once it's easy to ignore the whole precedence thing
|
21:11 |
|
|
javawidget
|
So..
|
21:11 |
|
You're saying that I should define the attributes in the role..
|
21:11 |
|
|
jelder
|
probably, based on what you've said so far
|
21:12 |
|
|
javawidget
|
and in the recipe, how do I reference the role attributes? the same as attributes in the recipe? node[:app][:build_version] ?
|
21:12 |
|
|
jelder
|
exactly
|
21:13 |
|
|
javawidget
|
awesome.
|
21:13 |
|
You're a huge help. Can I ask one more , seriously newb question?
|
21:14 |
|
|
jelder
|
sure
|
21:14 |
|
|
javawidget
|
I'm using my own chef server - what is the best way to set these attributes on the role?
|
21:15 |
|
(I know.. I feel dumb for asking it)
|
21:15 |
|
|
jelder
|
same as if you were using hosted chef (since the management interface kinda sucks)
|
21:15 |
|
knife role edit myrole
|
21:16 |
|
|
javawidget
|
I noticed that the interface sucks ;)
|
21:16 |
|
|
jelder
|
it gets crazy slow every 30 minutes, too
|
21:16 |
|
|
hoover_damm
|
javawidget, do you use chef-repo?
|
21:16 |
|
|
jelder
|
but i'm using it, about to become a paying customer, simply because i don't' want to figure out high availability etc for myself
|
21:17 |
|
|
javawidget
|
chef-repo?
|
21:17 |
|
|
bawt
|
chef-repo is http://wiki.opscode.com/display/chef/Chef+Repository
|
21:17 |
|
|
hoover_damm
|
javawidget, I manage my roles with a regular text editor (emacs to be specific)
|
21:17 |
|
javawidget, and then I load them with knife. knife role from file foobar.rb
|
21:17 |
|
|
javawidget
|
Me too, jelder.
|
21:17 |
|
|
hoover_damm
|
javawidget, you should fork chef-repo if you don't and start using it
|
21:17 |
|
|
jelder
|
hoover_damm: export EDITOR=emacs ?
|
21:17 |
|
|
hoover_damm
|
as that pattern even with hosted is antastic
|
21:17 |
|
|
javawidget
|
Oh.. yes..
|
21:17 |
|
I forked chef-repo
|
21:18 |
|
|
hoover_damm
|
fantastic*
|
21:18 |
|
so do your roles in that
|
21:18 |
|
not on the webui
|
21:18 |
|
|
javawidget
|
But I'm pretty sure I haven't been using it properly ;)
|
21:18 |
|
|
hoover_damm
|
time to start
|
21:18 |
|
|
javawidget
|
I drop all of my cookbooks in the cookbooks directory...
|
21:18 |
|
|
hoover_damm
|
It absolutely makes your life better... and if you need to fill up your chef-repo with all your crap
|
21:18 |
|
grab the knife-essentials gem
|
21:18 |
|
|
javawidget
|
and keep my fork up to date..
|
21:19 |
|
knife essentials..
|
21:19 |
|
getting it.
|
21:19 |
|
|
hoover_damm
|
then you can do knife download roles/*
|
21:19 |
|
and fill up your roles/ dir
|
21:19 |
|
|
javawidget
|
oh wow...
|
21:19 |
|
really??
|
21:19 |
|
hmmm.
|
21:20 |
|
Should it download the roles from my configured chef server?
|
21:20 |
|
should I expect json files?
|
21:21 |
|
doesn't look like knife download roles/* does anything for me.
|
21:22 |
|
|
jelder
|
because roles/* expands to nothing maybe?
|
21:22 |
|
|
javawidget
|
oh wow..
|
21:23 |
|
I just types knife download while in the roles directory..
|
21:23 |
|
and it downloaded json files for all of my roles..
|
21:23 |
|
|
hoover_damm
|
javawidget, knife list
|
21:24 |
|
|
javawidget
|
that is awesome.
|
21:24 |
|
|
hoover_damm
|
javawidget, knife list roles/
|
21:24 |
|
|
jelder
|
i just use knife role edit et al and this script to back them up to git: https://gist.github.com/2956628
|
21:24 |
|
|
hoover_damm
|
javawidget, you may need to list / then fetch
|
21:24 |
|
a little recursive is all
|
21:24 |
|
|
javawidget
|
I have them all.
|
21:24 |
|
role.json
|
21:24 |
|
|
hoover_damm
|
javawidget, the knife-essentials gem is fantastic
|
21:24 |
|
beyond belief
|
21:24 |
|
|
javawidget
|
This is great.
|
21:24 |
|
I've been banging my head against this for two weeks.. doing it all the hard way.
|
21:25 |
|
so..
|
21:25 |
|
once I update a json file..
|
21:25 |
|
I can just knife upload it?
|
21:26 |
|
|
jtimberman
|
javawidget: yes
|
21:26 |
|
javawidget: by default we generally steer people to using the Role Ruby DSL (roles/*.rb) because they're more simple.
|
21:26 |
|
but you're welcome to use JSON if you're comfortable with it.
|
21:27 |
|
|
javawidget
|
by default, it downloaded json files..
|
21:27 |
|
|
jtimberman
|
Yes
|
21:27 |
|
What I mean is
|
21:27 |
|
|
yfeldblum
|
and keep in mind that if you have a role file as Ruby, then it will be compiled to JSON first and then uploaded as json
|
21:27 |
|
|
jtimberman
|
When we teach people how to use / manage roles from their chef Repository
|
21:27 |
|
|
javawidget
|
I'm ok with json - are .rb files easier to work with?
|
21:27 |
|
|
yfeldblum
|
the chef-server will never see the ruby - it will only ever see the json
|
21:27 |
|
|
jtimberman
|
there's less syntax.
|
21:28 |
|
|
yfeldblum
|
but you can have ruby files if you like, which knife will translate for you
|
21:28 |
|
javawidget, many people think ruby roles are easier to work with; many others think json roles area easier to work with; the question is really, which one suits you better?
|
21:28 |
|
|
javawidget
|
How would I download the ruby roles instead?
|
21:29 |
|
|
yfeldblum
|
javawidget, on the whole, the ruby roles have less syntax stuff in them, so they will look simpler at first glance
|
21:29 |
|
|
jtimberman
|
you can't
|
21:29 |
|
So the thing is
|
21:29 |
|
you pick your workflow.
|
21:29 |
|
If you're *only* going to manage roles from files in your chef-repository
|
21:29 |
|
the Ruby DSL is fine
|
21:30 |
|
but if you manage roles from the web ui too or programmatically somehow, then perhaps the json
|
21:30 |
|
if you want to store them in version control
|
21:30 |
|
|
javawidget
|
Hmmm..
|
21:30 |
|
If it were up to me..
|
21:30 |
|
|
yfeldblum
|
javawidget, it is possible to have one role in your chef-repository that is a ruby role file and one that is a json role file; they can live side-by-side
|
21:30 |
|
|
jtimberman
|
*I* use roles/*.rb
|
21:30 |
|
|
javawidget
|
I'd go chef-repo only..
|
21:30 |
|
|
jtimberman
|
When we teach Chef Fundamentals, we only talk about the Ruby DSL for roles.
|
21:31 |
|
|
yfeldblum
|
javawidget, if you download a json role file, you can add it to your chef-repository, edit it, and upload it again as json ... if that's simpler for you
|
21:31 |
|
|
jtimberman
|
We mention that they are translated to JSON to be stored on the server.
|
21:31 |
|
|
javawidget
|
but, the web interface may be a requirement for some folks..
|
21:31 |
|
|
jtimberman
|
It's up to you though :)
|
21:31 |
|
|
javawidget
|
Super helpful.
|
21:32 |
|
I think I learned more in the last 10 minutes that in the last two days.
|
21:32 |
|
|
yfeldblum
|
javawidget, you have to pick your workflow: if a role is going to be in source control (ie in git) then you really don't want to be editing it via the webui; OTOH if you want to be editing a role via the webui, then you really don't want to have it in source control too
|
21:32 |
|
|
javawidget
|
using git in conjunction with managed chef... does it matter?
|
21:34 |
|
(sorry.. HOSTED chef)
|
21:34 |
|
|
jelder
|
javawidget: you want to keep your cookbooks in git for sure
|
21:34 |
|
|
javawidget
|
jelder, done :) I've got my cookbooks there.
|
21:35 |
|
Do you keep your roles in git?
|
21:35 |
|
|
jelder
|
i keep literally everything in git as a habit, so yes
|
21:35 |
|
roles via this script: https://gist.github.com/2956628
|
21:35 |
|
|
javawidget
|
That's my natural inclination...
|
21:35 |
|
that gist is very helpful, thank you.
|
21:37 |
|
|
jelder
|
cool
|
21:37 |
|
|
javawidget
|
I'm going to stick with keeping everything in git.
|
21:39 |
|
thanks so much for the help
|
21:39 |
|
|
jelder
|
no problem
|
21:39 |
|
pay it forward someday
|
21:39 |
|
|
javawidget
|
Chef is fun once understood.
|
21:39 |
|
You betcha.
|
21:39 |
|
when were you planning to make the change to hosted chef, jelder?
|
21:42 |
|
|
jelder
|
oh i'm using hosted now, just still small enough to be on the free tier
|
21:44 |
|
|
Rorgo
|
so, I'm trying to change the server hostname that my chef node is pointing to. I changed the /etc/chef/client.rb chef_server_url setting, but it's still trying to hit the old server. Any ideas?
|
21:46 |
|
seems like it is cached somewhere, but I'm not sure where
|
21:47 |
|
|
hoover_damm
|
Rorgo, did you stop it and restart it?
|
21:48 |
|
|
Rorgo
|
I'm not running it in daemon mode, but I tried that too just for fun
|
21:49 |
|
interesting. I was pointing it at a CNAME. I removed that and pointed it directly at the host, and it worked.
|
21:51 |
|
goofy
|
21:51 |
|
|
hoover_damm
|
dns cache?
|
21:51 |
|
|
cheeseplus
|
^^
|
21:51 |
|
|
hoover_damm
|
nscd or other things, or even upstream caching
|
21:52 |
|
kind of a pita
|
21:52 |
|
|
Rorgo
|
yeah, nscd is running. Let me try killing that.
|
21:52 |
|
although digging that CNAME works correctly
|
21:53 |
|
|
hoover_damm
|
did you turn on nscd?
|
21:53 |
|
or someone else?
|
21:53 |
|
|
Rorgo
|
arg. Yeah, nscd's fault.
|
21:53 |
|
I did as part of trying to alleviate some load. Now I remember why I hate it.
|
21:54 |
|
|
hoover_damm
|
LOL
|
21:54 |
|
nscd doesn't fix squat
|
21:54 |
|
trying to alleviate dns load?
|
21:54 |
|
or using ldap?
|
21:54 |
|
|
Rorgo
|
ldap
|
21:54 |
|
|
hoover_damm
|
it's been awhile since I had to scale ldap... most people use the default bdb setup
|
21:55 |
|
and fail
|
21:55 |
|
|
Rorgo
|
but I left it with a pretty vanilla config, which is probably the issue
|
21:55 |
|
|
hoover_damm
|
another one of those lost dark arts that devops don't know too well
|
21:55 |
|
'how do I optimize / tune bdb files?'
|
21:55 |
|
|
jtimberman
|
more like, "lost dark arts that i am glad i never had to learn" :)
|
21:56 |
|
|
hoover_damm
|
right you need to allocate the bdb file in a particular way
|
21:56 |
|
jtimberman, in this case I tend to agree
|
21:56 |
|
jtimberman, at least as far as LDAP.
|
21:56 |
|
|
cheeseplus
|
wait, ldap scale?
|
21:57 |
|
use OpenLDAP with shared memory segments
|
21:57 |
|
or switch to HDB (bdb++)
|
21:57 |
|
|
hoover_damm
|
cheeseplus, there's likely other things beyond that
|
21:58 |
|
|
Rorgo
|
I think we're using HDB. I've tried to purge LDAP from my memory because I hate that almost as much as nscd.
|
21:58 |
|
|
hoover_damm
|
cheeseplus, but those are valid points too
|
21:58 |
|
|
cheeseplus
|
oh there are indeed, I admin'd a huge installation at a university
|
21:58 |
|
but for the most part you really shouldn't need to tweak those too much, if you are then you're cutting pretty close to the hardware's limit
|
21:59 |
|
|
hoover_damm
|
remember, you did hardware. These folks are on a cloud
|
21:59 |
|
the limit is a lot smaller now
|
21:59 |
|
|
cheeseplus
|
oh, well then ;)
|
21:59 |
|
|
hoover_damm
|
when your talking 1.7gigs of ram and 2 cpu's
|
21:59 |
|
|
cheeseplus
|
very good point
|
21:59 |
|
|
hoover_damm
|
it doesn't take much
|
21:59 |
|
only 50 gets a second
|
22:00 |
|
|
cheeseplus
|
lots of RAM is usually what you need to make OpenLDAP happy
|
22:00 |
|
|
hoover_damm
|
would create a pretty high load
|
22:00 |
|
yep
|
22:00 |
|
|
cheeseplus
|
but yea, lots of other things come into play with cloud stuff
|
22:00 |
|
bbiab
|
22:00 |
|
|
hoover_damm
|
so I've learned the school of sleepycat
|
22:00 |
|
the hard way
|
22:00 |
|
|
jhayden
|
anyone have time for a quick question or two?
|
22:02 |
|
|
hoover_damm
|
jhayden, Feel free to ask your question should be able to answer you. Feel free to read over http://www.catb.org/~esr/faqs/smart-questions.html
|
22:03 |
|
|
jhayden
|
thx
|
22:03 |
|
just learning chef and bootstrapping an was instance with a minimal role
|
22:04 |
|
install and configure ntp
|
22:04 |
|
getting a TypeError: can't convert Symbol into Integer
|
22:04 |
|
from the action line here
|
22:05 |
|
service "ntpd" do
|
22:05 |
|
action[:enable,:start]
|
22:05 |
|
end
|
22:05 |
|
|
hoover_damm
|
action [:enable, :start]
|
22:05 |
|
|
Rorgo
|
yeah, what he said
|
22:06 |
|
|
jhayden
|
one of my questions is, after chef is bootstrapped how does the system get "root" authority
|
22:06 |
|
|
hoover_damm
|
subtle nuances
|
22:06 |
|
chef gets root because it's ran as root
|
22:06 |
|
;)
|
22:06 |
|
|
jhayden
|
doh!
|
22:06 |
|
oh crap a missing space!?
|
22:06 |
|
|
hoover_damm
|
that's what he said
|
22:07 |
|
|
jhayden
|
sucks when your eyes get older quicker than the rest of you
|
22:07 |
|
thx, let me try that
|
22:07 |
|
|
ypz
|
quick question: I am using the community tomcat6 recipe on a centos6 node, and trying to use default_attributes defined in a role to override default tomcat6.java_home attribute, but it didn't work, how do I trouble shoot ?
|
22:12 |
|
|
jelder
|
ypz: wouldn't you use normal or override there?
|
22:14 |
|
|
ypz
|
hm, i thought attributes defined in roles have hight precedence over those defined in attribute/default.rb
|
22:15 |
|
s/hight/higher/
|
22:15 |
|
|
stucky101
|
chef newbie here - looking at the ntp cookbook and have some questions
|
22:16 |
|
why is teh author defining the same group of OS's multiple times ?
|
22:16 |
|
when "redhat","centos","fedora","scientific"
|
22:16 |
|
he does that 3 times
|
22:17 |
|
twice in the attributes and once again in the recipe
|
22:17 |
|
or actually the other way around
|
22:17 |
|
|
cheeseplus_
|
stucky101: the idea is that it can deploy to any of those
|
22:18 |
|
|
jelder
|
the two hardest problems in CS are cache invalidation and coming up with names for stuff. maybe he couldn't think of a good name
|
22:18 |
|
|
stucky101
|
wouldnt you want to define this once and pull the info when needed ?
|
22:18 |
|
|
cheeseplus_
|
stucky101: you can define once but depending on decisions for each you may need to case several actions
|
22:18 |
|
for example
|
22:18 |
|
on ubuntu/debian you may need special things that you don't on centos (like libssl0.9.8 in my experience)
|
22:19 |
|
|
chip-
|
Followup on my question about printing arrays in templates this morning: If I have this in my template, is there an easy way to have it put quotes around the output? node-names-to-ignore = [ <%= @ignored_nodes.join(", ") -%> ]
|
22:19 |
|
|
jelder
|
chip-: do you mean to quote each thing in the list?
|
22:19 |
|
|
chip-
|
yes
|
22:19 |
|
|
stucky101
|
cheeseplus - let me clarify
|
22:19 |
|
|
chip-
|
That renders [ foo, bar, baz ] but I need [ "foo", "bar", "baz" ]
|
22:19 |
|
|
stucky101
|
i do understand that u wanna account for different OS
|
22:20 |
|
|
cheeseplus_
|
not familiar with the ntp cookbook specifically but I've seen similar things, sometimes it makes sense and sometimes it certainly could be a bit more organized
|
22:20 |
|
|
stucky101
|
but i do'nt wanna define the same list multiple times
|
22:20 |
|
why not define a list called "rh-style" and then add the relevant OS to it ?
|
22:20 |
|
like in a data bag ?
|
22:20 |
|
that's all I'm saying
|
22:20 |
|
let say I need to add a new OS to the list
|
22:20 |
|
|
cheeseplus_
|
stucky101: do you have a gist of the code?
|
22:20 |
|
|
stucky101
|
i have to dig through the cookbook and find all the places
|
22:21 |
|
|
jelder
|
@ignored_nodes.map{|x| "\"#{x}\""}.join(", ")
|
22:22 |
|
|
cheeseplus_
|
that does sound odd, I usually see things like that when you are casing for specific versions of specific distros
|
22:22 |
|
|
chip-
|
jelder: And now I read up on the map method.
|
22:22 |
|
Thanks.
|
22:22 |
|
|
stucky101
|
its the out-of the-box ntp cookbook
|
22:22 |
|
|
jelder
|
chip-: no problem
|
22:23 |
|
|
stucky101
|
cheeseplus :https://github.com/opscode-cookbooks/ntp
|
22:23 |
|
|
cheeseplus_
|
stucky101: I just cloned it but I now have an engagment
|
22:23 |
|
I may be back later
|
22:23 |
|
|
stucky101
|
damn i just had your attention :)
|
22:23 |
|
|
cheeseplus_
|
s'ok, I'm a noob too, I'm sure someone else can answer it better than I am
|
22:24 |
|
|
stucky101
|
u cannot possible be a noob as I am - started last week :)
|
22:24 |
|
|
cheeseplus_
|
jtimberman or hoover_damn
|
22:24 |
|
three weeks
|
22:24 |
|
;
|
22:25 |
|
|
hoover_damm
|
stucky101, redhat, centos, fedora and scitenticic are 4 different distinct distros
|
22:25 |
|
|
stucky101
|
haha actually jtimberman is the author !
|
22:25 |
|
|
hoover_damm
|
redhat/centos are usually interchangeable
|
22:25 |
|
|
stucky101
|
hoover yes I get that
|
22:25 |
|
|
hoover_damm
|
you shouldn't have to care about scentific too much
|
22:25 |
|
|
stucky101
|
its not that i dont wanna distinguish
|
22:26 |
|
|
hoover_damm
|
stucky101, okay sorry what's your question?
|
22:26 |
|
|
stucky101
|
i jsut wanna define the list ONCE
|
22:26 |
|
he defines it every time
|
22:26 |
|
3 times in one cook book why ?
|
22:26 |
|
|
miah
|
supsup
|
22:26 |
|
|
hoover_damm
|
stucky101, not using platform_for_value enough
|
22:27 |
|
that's why
|
22:27 |
|
|
stucky101
|
twice here https://github.com/opscode-cookbooks/ntp/blob/master/recipes/default.rb
|
22:27 |
|
|
hoover_damm
|
stucky101, err value_for_platform
|
22:27 |
|
|
jtimberman
|
jhayden: 'knife bootstrap' assumes root is the default user to login, but you can specify an alternate user, and '--sudo' to run the command with sudo.
|
22:27 |
|
|
hoover_damm
|
stucky101, basically having multiple platforms means you end up dealing with crappy case / if blocks
|
22:27 |
|
stucky101, the easy way around this is to use value_for_platform
|
22:28 |
|
|
jtimberman
|
stucky101: the ntp cookbook is in dire need of refactoring.
|
22:28 |
|
|
hoover_damm
|
stucky101, the python cookbook has a good example of this
|
22:28 |
|
|
jtimberman
|
stucky101: which i believe there's a pull request to do, from some fine folks that worked on it aroudn chefconf
|
22:28 |
|
we just haven't gotten that far in the backlog of pull requests and tickets
|
22:28 |
|
|
ypz
|
hi, jtimberman, quick question: I am using the community tomcat6 recipe on a centos6 node, and trying to use default_attributes defined in a role to override default tomcat6.java_home attribute, but it didn't work, how do I trouble shoot ?
|
22:30 |
|
|
stucky101
|
jtimberman you are the author right ?
|
22:30 |
|
We had a meeting with Adam last week and he said the ntp cookbook was a good reference
|
22:31 |
|
i am looking for the BEST reference cookbook out there right now to learn
|
22:31 |
|
not too complicated either
|
22:31 |
|
which one should I lok at then ?
|
22:31 |
|
|
jtimberman
|
stucky101: what are you trying to learn?
|
22:32 |
|
|
mattray
|
stucky101: and what are you already familiar with?
|
22:32 |
|
|
jtimberman
|
haproxy is a pretty simple "package/service/template" pattern cookbook.
|
22:32 |
|
the default recipe is fairly straightforward.
|
22:32 |
|
the app_lb recipe adds in "search"
|
22:32 |
|
|
scairbus
|
is there a way to delete a node via knife that doesn't appear to have a node name?
|
22:36 |
|
(and not via the web UI)
|
22:38 |
|
|
jelder
|
if it doesn't have a name, how do you know it exists?
|
22:39 |
|
|
scairbus
|
knife node list is broken (probably around the time this blank node got added)
|
22:41 |
|
|
jelder
|
yikes
|
22:41 |
|
|
scairbus
|
but I can see it doing a knife search node name:*
|
22:41 |
|
|
jelder
|
you're in couched territory now
|
22:41 |
|
couchdb
|
22:41 |
|
|
scairbus
|
oh fun
|
22:41 |
|
|
stucky101
|
jtimberman i'm a total noob to chef so teh most basic but "proper" cookbook to start with
|
22:42 |
|
to get teh basic ideas around structuring
|
22:42 |
|
where to set attributes etc..
|
22:42 |
|
|
scairbus
|
jelder
|
22:42 |
|
thanks, I'll start poking around with that
|
22:42 |
|
|
jelder
|
scairbus: does "knife node bulk delete REGEX" get you anywhere
|
22:42 |
|
|
stucky101
|
i thought ntp would be stright forward and simple
|
22:42 |
|
so a good example
|
22:42 |
|
|
jelder
|
maybe /^$/ but god that could backfire
|
22:42 |
|
|
scairbus
|
I haven't tried, yeah, that's what I'm afraid of
|
22:43 |
|
|
stucky101
|
but Adam admitted that many cookbooks are not good reference anymore right now -especially older ones
|
22:43 |
|
so im looking for a new one
|
22:43 |
|
|
jelder
|
scairbus: i'm think it will prompt, but never tried
|
22:43 |
|
|
miah
|
stucky101: https://github.com/miah/chef-redis
|
22:44 |
|
should be pretty simple
|
22:44 |
|
and let me know if you have questions i'll gladly discuss
|
22:46 |
|
ntp is boring :P
|
22:46 |
|
or, look at what i'm doing with percona-install right now.. https://github.com/miah/percona-install/commits/master
|
22:47 |
|
|
hoover_damm
|
miah, https://github.com/damm/haproxy-debian
|
22:51 |
|
you may like
|
22:51 |
|
miah, fwiw wt's git repo is working over ipv6
|
22:52 |
|
so i can still git pull master
|
22:52 |
|
can't clone it on ec2 lol
|
22:52 |
|
so i kinda mirrored it locally on my box
|
22:52 |
|
|
miah
|
there are some interesting bugs in -11
|
22:53 |
|
|
hoover_damm
|
likely fixed in git
|
22:54 |
|
we're rocking 1.5dev7 which is occasionally not restarting on us
|
22:54 |
|
which sucks
|
22:54 |
|
soo
|
22:54 |
|
:-) here's to hoping
|
22:54 |
|
if your not into packages you can ignore me and i'll stop giving stuff
|
22:55 |
|
|
miah
|
i was using 1.5dev7 a bunch at cx
|
22:56 |
|
they are probably still running that
|
22:56 |
|
|
hoover_damm
|
you don't work for them so that shouldn't be a thought anymore
|
22:56 |
|
|
miah
|
its not =)
|
22:57 |
|
i havent gotten to our chef haproxy implementation yet. working on other bits right now =)
|
22:57 |
|
getting db's in chef first
|
22:57 |
|
which is why i'm spending time on percona-install
|
22:58 |
|
will have a pull-request for nharvey later today
|
22:58 |
|
|
hoover_damm
|
it's always a work in progress
|
22:58 |
|
but don't forget the first part of working with chef miah
|
22:59 |
|
sharing
|
22:59 |
|
sharing your cookbooks between clients
|
22:59 |
|
to make life win
|
22:59 |
|
so if you move to a new job you shouldn't have to reinvent too much :) and it sounds like your on new ground
|
22:59 |
|
so that's fine
|
22:59 |
|
just reinforcing what you should know :) I hope
|
23:00 |
|
|
scairbus
|
oh, that wasn't so bad. bye bye null named node
|
23:00 |
|
|
miah
|
hoover_damm: oh i know =)
|
23:01 |
|
that is why i host my cookbooks in github.com/miah and not github.com/company
|
23:01 |
|
i write my cookbooks in a general enough way so they can be open source. if they have too much company specific config then they have to stay inhouse
|
23:02 |
|
|
hoover_damm
|
sometimes I feel bad not having them in company/ anymore
|
23:02 |
|
|
miah
|
ya
|
23:02 |
|
|
hoover_damm
|
who's sending duplicate emails to the list?
|
23:02 |
|
good thing my mailer automatically dedupes
|
23:03 |
|
|
miah
|
i am so bad at mailing lists
|
23:03 |
|
|
hoover_damm
|
I basially keep a local imap server that I store all my lists on
|
23:22 |
|
I used to keep old freebsd stuff, but now it's just collectd/btrfs/riak/collectd/PowerDNS/Cyrus IMAP
|
23:23 |
|
oh how my attention span has gotten shorter
|
23:23 |
|
oh and chef
|
23:23 |
|
|
papertigers
|
when i do a variable => search(:node, 'roles:test') to populate a template, how can i get it out of the format of [node[somenode.domain.com]] and just the somenode.domain.com
|
23:30 |
|
|
hoover_damm
|
papertigers, .name
|
23:31 |
|
papertigers, and you shouldn't just do a search like that... you need to select it
|
23:32 |
|
papertigers, search(:node, 'roles:test').first.name should work
|
23:32 |
|
papertigers, but you should really throw that into a block and iterate through it
|
23:32 |
|
papertigers, https://github.com/opscode-cookbooks/ssh_known_hosts/blob/master/recipes/default.rb#L23-L24
|
23:33 |
|
lazy way
|
23:33 |
|
|
timsmith
|
question on the chef server upgrade path. With 0.10.8 -> 10.12 would you upgrade the server first or the clients first?
|
23:34 |
|
|
sparc_
|
lol, we just got tasked with writing integration tests for our home-grown deployment system
|
23:35 |
|
and i'm writing some perl stuff with Test::More... i think maybe i barked up the wrong tree
|
23:35 |
|
this might be more for unit testing, and not really for testing systems
|
23:35 |
|
but hey... why not
|
23:35 |
|
i think i'm supposed to be doing recipes + rspec tests
|
23:36 |
|
</offtopic>
|
23:36 |
|
|
papertigers
|
hoover_damm: basically I am trying to have chef generate a config that lists all the hosts that are apart of a role
|
23:37 |
|
|
miah
|
papertigers: the search results are a hash
|
23:38 |
|
|
papertigers
|
miah: is that not the proper way to do it
|
23:39 |
|
whenver i add a new node to that role I need all the other boxes to update their config with all the hosts
|
23:39 |
|
|
miah
|
yes. this is a common problem
|
23:40 |
|
|
timsmith
|
Does anyone else get a rubygems error like OHAI-328 after they upgrade Ohai with the deb package
|
23:40 |
|
?
|
23:40 |
|
|
miah
|
the result is a hash, you can take the result and iterate over the keys and dump the value of the hostname or whatever into whatever you want. its standard ruby codes. don't feel restricted in what you can or can't do.
|
23:41 |
|
papertigers: https://github.com/opscode-cookbooks/nagios/blob/master/recipes/server.rb#L68
|
23:43 |
|
|
yfeldblum
|
miah, my preferred pattern is that roles and top-level cookbooks be the the integration point place where proprietary config is done, and that they predominantly set options and then call into or delegate to some much more generic underlying cookbooks, so that you end up with a thin top layer of necessarily proprietary but everything underneath of either opened or openable
|
23:43 |
|
|
miah
|
also https://github.com/opscode-cookbooks/nagios/blob/master/recipes/server.rb#L96
|
23:43 |
|
|
yfeldblum
|
miah, lofty goal, but not easy
|
23:44 |
|
|
miah
|
yfeldblum: yup exactly.
|
23:44 |
|
|
hoover_damm
|
there's a lot of different ways to do search and dump the data too
|
23:48 |
|
so if you stick around long enough you'll find someone telling you how to use match or select
|
23:48 |
|
|
yfeldblum
|
miah, also the definitions of "thin" and "top layer" here needs to be somewhat malleable :P
|
23:48 |
|
miah, the only rule being that the arrows all point the same way: a generic cookbook does not delegate to a proprietary one
|
23:50 |
|
|
hoover_damm
|
yfeldblum, you don't like doing that?
|
23:51 |
|
yfeldblum, i've always been torn on that
|
23:51 |
|
|
yfeldblum
|
papertigers, one additional consideration that complicates your task is that, in order to get a deterministic config file so that the config file only changes if there's a reason for it to change, you'll want to make sure that when you loop over the hostnames, you make sure to sort them first
|
23:52 |
|
hoover_damm, what's the pro?
|
23:53 |
|
|
papertigers
|
yfeldblum: thanks, now I just have to figure out how hashs work in ruby
|
23:53 |
|
|
hoover_damm
|
papertigers, hash['item']
|
23:54 |
|
papertigers, arrays are hash[0] or hash[1]
|
23:54 |
|
papertigers, and enumeration is likely all it takes... a little .each :)
|
23:54 |
|
|
yfeldblum
|
papertigers, my_hash.keys.sort.each{|key| do_something_with(key, my_hash[key])}
|
23:55 |
|
|
papertigers
|
yfeldblum: let me give that a go
|
23:57 |
|
yfeldblum: problem is now, since there is no smf control I cant restart the service
|
23:57 |
|
|
miah
|
guh. some cookbooks are slow. eg. logrotate / openssh each add ~2 seconds to the run time
|
23:58 |
|
Chef Run complete in 0.422854 seconds is the hotness though
|
23:59 |
|
|
yfeldblum
|
miah, https://github.com/opscode-cookbooks/logrotate/blob/master/recipes/default.rb#L20-22
|
23:59 |
