Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-06-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 EugeneKay The data from the Master
00:00 Shell as for access on the master, it has access to the entire /srv/salt/ directory, and if you configure it, it can run Salt commands on other servers as well.
00:01 EugeneKay Eg, somebody gets root on one of my Minion machines, how much can they learn about the rest of my infratructure
00:01 efixit joined #salt
00:34 bhosmer joined #salt
00:36 halfss joined #salt
00:43 sarkis joined #salt
00:46 sgviking joined #salt
00:54 all_vs_one joined #salt
00:56 all_vs_one Hi. Could you give a hint how to do "wget...  && ./configure && ./make && ./make install" using state modules?
00:57 jmcnaught joined #salt
01:17 oliv_mc joined #salt
01:21 Nexpro1 joined #salt
01:22 auser joined #salt
01:23 godber joined #salt
01:38 koolhead17 joined #salt
01:38 koolhead17 joined #salt
01:48 mgw joined #salt
01:57 nrub joined #salt
01:57 echos Is there an easy way to modify the /etc/sudoers to enable the "wheel" group?
01:59 nouveaux echos:  do you mean so wheel group has sudo rights?
02:00 echos nouveaux: yes
02:00 nouveaux append %wheel ALL=(ALL:ALL) ALL
02:00 nouveaux to sudoers
02:01 echos but I thought you weren't supposed to modify the shudders file directly instead only via visudo
02:01 nouveaux nah
02:02 nouveaux you want to make sure you double check your edits so it works
02:03 nouveaux as long as anything you've applied work, it should be fine
02:03 nouveaux sudo will not work if there are errors in /etc/sudoers
02:04 echos nouveaux: so I best keep multiple shells open while testing
02:04 nouveaux another way to do it is to use salt to copy a known working sudoers file to your minions
02:04 nouveaux make sure you set the right permissions
02:04 nouveaux or just have the root password
02:05 nouveaux you can always "su -"
02:12 echos nouveaux: I opter for file.uncomment
02:21 mgw joined #salt
02:32 mgw joined #salt
02:44 sarkis joined #salt
02:46 favadi joined #salt
02:49 alexl joined #salt
03:02 robbyt joined #salt
03:02 lvicks joined #salt
03:02 newbie28 joined #salt
03:03 saras http://hackedgadgets.com/2008/06/09/order-dominos-pizza-via-command-line/ he said api but here cli to order pizza
03:03 robbyt joined #salt
03:37 Furao luminous: on data leaking trough the logs, these appears only when you run the minion as debug level, and those informations are already available elsewhere on the filesystem. they're also in pillar cached data in /var/cache/salt/minion/ and probably elsewhere too. so, in a centralized logging infra, the minion need to run at INFO level to hide the content of rendered templates before it's execution.
03:38 Furao it's kind of running many OSS daemon at debug level, it might show username and password
03:38 Furao sorry I'm 12 hours late :P
03:54 Ryan_Lane joined #salt
03:58 aat joined #salt
04:14 jdaggett joined #salt
04:21 koolhead17 joined #salt
04:24 raydeo joined #salt
04:35 efixit joined #salt
04:44 raz joined #salt
04:45 sarkis joined #salt
05:17 auser hey all
05:33 kmwhite joined #salt
05:43 jacksontj joined #salt
06:03 lvicks joined #salt
06:14 dthom91 joined #salt
06:16 aat joined #salt
06:16 sgviking joined #salt
06:41 koolhead17 joined #salt
06:41 koolhead17 joined #salt
06:46 sarkis joined #salt
07:05 lvicks joined #salt
07:09 Nexpro joined #salt
07:11 txmoose joined #salt
07:24 sgviking joined #salt
07:31 BlueAida1 joined #salt
07:32 auser joined #salt
07:35 probably1ine joined #salt
07:35 t0rrant_ joined #salt
07:35 Heartsbane_ joined #salt
07:37 andyshin` joined #salt
07:37 Ixan joined #salt
07:38 kevinbrolly_ joined #salt
07:38 keith4 joined #salt
07:38 sebgoa joined #salt
07:38 joehh joined #salt
07:39 austin987 joined #salt
07:39 Nazzy joined #salt
07:39 Nazzy joined #salt
07:50 greg joined #salt
08:07 azbarcea joined #salt
08:09 ogrisel joined #salt
08:32 faust joined #salt
08:46 sarkis joined #salt
08:56 nrub joined #salt
09:00 dhgbrg joined #salt
09:14 bhosmer joined #salt
09:28 ogrisel_ joined #salt
09:43 __gotcha joined #salt
09:43 __gotcha joined #salt
09:50 luminous Furao: thanks for sharing, that's a good point
09:51 luminous I had not thought of the log level
10:09 lvicks joined #salt
10:18 PlasmaAu joined #salt
10:19 PlasmaAu Hey. Is there a way via grains to get the local (10.x) ipv4 addr? I see it from grains.item ipv4, but not sure how to get it (as the public IP is there too)
10:25 yeenoghu The following packages have been kept back:
10:26 yeenoghu oops. sorry
10:42 backjlack joined #salt
11:19 backjlack joined #salt
11:21 Jarus joined #salt
11:26 dhgbrg_ joined #salt
11:28 ronc joined #salt
11:35 Furao PlasmaAu: check module network
11:52 sarkis joined #salt
11:55 halfss joined #salt
11:58 efixit joined #salt
12:04 scooby2 joined #salt
12:06 zooz joined #salt
12:07 adotbrown joined #salt
12:39 aranhoide joined #salt
12:40 aranhoide is it possible to get a random integer (not a random element of a list) in a salt jinja template?
12:44 Shell aranhoide: not within a Jinja template, as far as I can tell.
12:45 aranhoide Shell: thanks!
12:46 Shell aranhoide: if this is a state file, you could write a small state file in Python and require it from your Jinja one.
12:46 aranhoide Shell: I'll try that, thanks again
12:56 adotbrown joined #salt
12:57 f4cl3y joined #salt
12:57 f4cl3y joined #salt
13:05 adotbrown joined #salt
13:10 lvicks joined #salt
13:18 joehh aranhoide: I needed something similar and used a mako template
13:19 joehh that gave me "more" full access to regular python code
13:21 Furao aranhoide: just write a module that return random int.
13:21 Furao I wrote at least 15 modules, it's very easy
13:21 alekibango joined #salt
13:22 aranhoide thanks joehh and Furao
13:52 sarkis joined #salt
14:02 ogrisel joined #salt
14:07 aranhoide joined #salt
14:10 sebgoa joined #salt
14:15 dhgbrg joined #salt
14:37 aat joined #salt
14:42 mgw1 joined #salt
14:47 dhgbrg joined #salt
14:58 ronc joined #salt
15:04 Newt[cz] joined #salt
15:08 Newt[cz]1 joined #salt
15:18 danielbachhuber joined #salt
15:20 zooz joined #salt
15:32 yidhra joined #salt
15:33 yidhra joined #salt
15:41 dhgbrg joined #salt
15:53 sarkis joined #salt
15:56 Furao I don't like when I work around bugs in packages within salt :(
16:11 lvicks joined #salt
16:30 jacksontj joined #salt
16:37 mikedawson joined #salt
16:38 mikedawson joined #salt
16:39 jeddi joined #salt
16:45 raydeo joined #salt
16:45 luminous Furao: seeing as you are one of the only folks around.. maybe you are interested in this question: https://groups.google.com/forum/#!topic/salt-users/OCJzzX0gd1Q
16:45 luminous I'm not sure how much others are playing with zmq outside salt..
16:57 canci_ When running 'salt minion1.test.domain mymodule.foo' on the salt master the module seems to do something differently than when I run it by calling 'salt-call mymodule.foo' on the minion itself. (both runs complete, but return values differ)
16:58 canci_ How can I debug what goes wrong there? Usually I would use 'salt-call -l debug' on the minion, however as the call from the master is behaving strange, and that doesn't seem to have a debug option, I am unsure on how to proceed.
16:59 sarkis joined #salt
17:00 canci_ hm. I have just restarted the minion as 'salt-minion -l debug' and now it works
17:00 canci_ Could it somehow be that it was using an outdated pillar when called by the master, but that it used a recent pillar when called locally?
17:01 bdf joined #salt
17:18 jkleckner joined #salt
17:28 dhgbrg joined #salt
17:55 jkleckner joined #salt
17:58 logix812 joined #salt
18:08 ronc joined #salt
18:09 dhgbrg joined #salt
18:09 [ilin] joined #salt
18:21 clintberry joined #salt
18:27 aranhoide joined #salt
18:28 iMil hmm
18:28 iMil Comment:   State file.contains found in sls www is unavailable
18:28 iMil contains and contains_glob are unavailable within a sls?
18:29 jacksontj joined #salt
18:33 zooz joined #salt
18:35 aranhoide joined #salt
18:36 danielbachhuber joined #salt
18:49 oliv_mc joined #salt
19:06 nielsbusch joined #salt
19:07 fivethreeo joined #salt
19:12 Gifflen joined #salt
19:13 lvicks joined #salt
19:18 zooz joined #salt
19:25 Ivoz joined #salt
19:32 milind joined #salt
19:33 clintberry joined #salt
19:54 zooz joined #salt
19:54 ogrisel_ joined #salt
20:25 moreda joined #salt
20:28 auser joined #salt
20:30 raydeo joined #salt
20:32 nrub joined #salt
20:32 moreda Hi, do you know if some work is being done about serving files to the minions from the pillar directory? I'd like some files to be exclusively distributed to a certain set of minions (I took a look to the group lists and I found some hack involving templates using just a "{{ content }}" as content, but I think that it should be something less hackish :-)
20:33 moreda I'm working in a "almost multitenant" environment and I'm trying to figure out a configuration where "/srv/salt/." could be absolutelly public (even shareable with the community) and the "/srv/pillar/." the non public part.
20:34 auser yeah, moreda that's how I build my states… the exception is that I put the content of the files in my pillar and leave almost the rest blank
20:34 sebgoa joined #salt
20:36 moreda auser, do you mean that you put the contents of the files in pillar variables and then you "render" them in minimal jinja templates stored in the /salt part?
20:36 auser yep
20:36 auser that's exactly what I mean moreda
20:36 DigitalHermit joined #salt
20:37 moreda well, nice to know that we converge in the same type of solutions :-) … it's just that I miss the "file server with acls" that puppet offers
20:38 jkleckner joined #salt
20:38 moreda anyway it's not very practical when you have to distribute a certain .deb or .rpm file "private" to a set of minions
20:39 moreda though that could be solved downloading it for a certain 3rd party service (http/ftp) using authentication with credentials in pillar data
20:39 auser well… kinda moreda
20:39 auser there are several different ways you can accomplish it
20:39 auser you can use the gitfs which you can keep private to salt
20:39 auser I believe you can use that in conjunction with the pillar data
20:40 auser you can put all of the contents of your files in pillars
20:40 auser I believe you can mount different directories to serve pillar data
20:40 auser also, the private data is only served to the minions that your top.sls request
20:41 auser meaning, the minions that aren't supposed to have the pillar data described in pillar/top.sls won't see that data by default
20:42 moreda auser, yes, yes, I understand the basics of pillar maintaining "private" data just for the set of minions targeted … I have to take a look to gitfs though to check the whole picture
20:42 auser yeah, it's a REALLY nifty solution
20:43 moreda cool, I'll take a look then .. thanks a lot :-)
20:43 auser I have a bunch of states to release myself that are written in the same vain, so I hope I can get those released this week to serve as examples
20:43 auser of course moreda
20:45 oliv_mc joined #salt
20:47 moreda great… I'll be attentive to your github page ;-)
20:47 auser lol, I suppose that was said to keep _me_ to account, rather than for you… but regardless
20:47 auser we're here to help :)
20:48 moreda :D … hey, no worries… this is my first day in #salt but I'll be around and willing to help too as far as I can
20:52 Newt[cz] joined #salt
20:58 jacksontj joined #salt
21:04 auser joined #salt
21:05 auser be back in a bit
21:27 aat joined #salt
21:36 logix812 joined #salt
21:52 bhosmer_ joined #salt
22:06 raydeo joined #salt
22:06 andyshinn` joined #salt
22:07 zloidemon joined #salt
22:14 lvicks joined #salt
22:18 backjlack joined #salt
22:21 mgw joined #salt
22:43 ogrisel_ joined #salt
23:21 evxd joined #salt
23:22 evxd Hey all, are there any states to manage sudoers?
23:25 mgw evxd: https://github.com/saltstack/salt-states/tree/master/small/sudo
23:32 auser joined #salt
23:32 evxd mgw: thanks. that's not much different than managing a file in sudoers.d, which is what i'm doing. very well then.
23:37 dthom91 joined #salt
23:40 godber joined #salt
23:41 godber is overstate the only way to enforce an order to state execution?
23:41 godber or can I hope (if I am being sloppy) that things will roughly happen in the order listed in a state file?
23:42 godber specifically speaking, I want to put a file in a users home dir ... after creating that user
23:42 Shell godber: http://docs.saltstack.com/ref/states/ordering.html
23:43 godber aaaahhh yes
23:43 godber thank you Shell
23:44 Shell no worries
23:46 aat joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary