Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2013-08-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:07 KyleG joined #salt
00:07 KyleG joined #salt
00:11 billh joined #salt
00:12 billh When writing a salt module is there a way to get the username of the person who made the salt call?
00:14 billh For non-root users who have access to the salt command via a client acl.
00:15 billh I want to do an os.setuid to the calling user's account.
00:19 Jahkeup joined #salt
00:20 KyleG Does anybody else have wildly inconsistent behavior with state.single while having no issues at all with state.highstate?
00:24 mwillhite joined #salt
00:28 KyleG and what the hell...
00:28 KyleG "[ERROR   ] Git fileserver backend is enabled in configuration but could not be loaded, is git-python installed?"
00:28 KyleG [root@salt /usr/local/etc/salt/states]# grep -i git /usr/local/etc/salt/master
00:28 KyleG # https://github.com/grierj/range/wiki/Introduction-to-Range-with-YAML-files
00:28 KyleG [root@salt /usr/local/etc/salt/states]#
00:29 KyleG poppycock
00:35 rudd-o joined #salt
00:35 rudd-o hello guys
00:35 rudd-o multiple parallel salt-call invocations fail
00:35 rudd-o https://github.com/saltstack/salt/issues/4617#issuecomment-21972490
00:38 rudd-x anyone can confirm for me?  Please run this on a minion machine:  for a in 1 2 3 4 5 ; do salt-call event.fire_master None dummy & done
00:38 rudd-x you should see five return texts
00:38 rudd-x i am not seeing them
00:41 napperjabber joined #salt
00:45 ipmb joined #salt
00:52 rudd-x joined #salt
01:04 rudd-o_ joined #salt
01:09 dstanek joined #salt
01:09 troyready joined #salt
01:14 bhosmer joined #salt
01:25 mwillhite joined #salt
01:28 ipmb joined #salt
01:29 StDiluted joined #salt
01:39 dthom91 joined #salt
01:52 zonk1024 joined #salt
01:56 whit joined #salt
01:57 alekibango joined #salt
02:05 alunduil joined #salt
02:05 dstanek joined #salt
02:06 david_a joined #salt
02:07 gatoralli Can I serve files from a subdirectory with GitFS backend?
02:10 luminous gatoralli: how do you mean?
02:12 gatoralli If I have state files and other configurations inside a subfolder within a git repo, I can't seem to access them with salt-master
02:13 gatoralli i can only serve the files from the root directory of the repo
02:15 gatoralli thatch brought this up in an issue, http://git.io/QDnCQA
02:15 gatoralli i'm just wondering if any progress has been made since then
02:18 tseNkiN joined #salt
02:19 Cervantes joined #salt
02:19 Cervantes left #salt
02:29 napperjabber joined #salt
02:45 rberger joined #salt
02:45 StDiluted joined #salt
02:52 mannyt joined #salt
02:58 xl1 joined #salt
02:59 dstanek joined #salt
03:01 aat joined #salt
03:06 napperjabber joined #salt
03:08 Jahkeup joined #salt
03:10 xl1 joined #salt
03:21 aat joined #salt
03:26 dthom91 joined #salt
03:30 mannyt joined #salt
03:34 dstanek joined #salt
03:36 Lue_4911 joined #salt
03:40 ectospasm joined #salt
03:40 giantlock joined #salt
03:42 mwillhite joined #salt
03:51 kstaken joined #salt
04:00 berto- joined #salt
04:01 MaxK1 joined #salt
04:02 xl1 joined #salt
04:04 dthom91 joined #salt
04:07 quantumsummers|c joined #salt
04:07 quantumsummers|c joined #salt
04:11 joehh joined #salt
04:21 ramesh joined #salt
04:22 ramesh hello, how can i use pip packages with a requisite ?
04:40 kstaken joined #salt
04:46 joehh joined #salt
04:46 rudd-o_ joined #salt
05:13 Nexpro joined #salt
05:18 berto- joined #salt
05:23 nonuby joined #salt
05:24 nonuby what happens if on the master in two terminals salt '*' high.state is executed simultanueously?
05:34 pdayton joined #salt
05:49 ramesh nonuby: Only one can be executed at a time
05:50 ramesh As the process with that name would already be running, it will not allow to run
05:50 quantumsummers|c joined #salt
05:50 quantumsummers|c joined #salt
05:52 nonuby joined #salt
05:52 nonuby joined #salt
05:54 dthom91 joined #salt
05:58 az87c joined #salt
06:02 quantumsummers|c joined #salt
06:02 quantumsummers|c joined #salt
06:11 quantumsummers|c joined #salt
06:17 xl1 left #salt
06:24 UtahDave joined #salt
06:27 Nobbl joined #salt
06:28 pdayton joined #salt
06:34 tomtom joined #salt
06:49 ramesh how can i use pip packages with a requisite ?
07:01 UtahDave ramesh: you just require them like any other thing
07:06 ramesh UtahDave: i am trying to use "virtualenv" with require
07:06 ramesh but its not working
07:06 UtahDave ramesh: can you pastebin what you have so far?
07:07 ramesh sure
07:07 dthom91 joined #salt
07:08 ramesh UtahDave: http://pastebin.com/4y9rLvmt
07:08 ramesh so if i am using "python-virtualenv" instead of "virtualenv", it will work fine
07:08 ramesh because virtualenv is a pip package
07:09 UtahDave ramesh: Oh, I see
07:09 UtahDave you need   - pip: virtualenv
07:09 UtahDave instead of  - pkg: virtualenv
07:10 ramesh ahh, thats working now
07:10 UtahDave "pip" or "pkg" refer the the salt state module being used to install the software
07:10 ramesh Thank You very much UtahDave
07:10 UtahDave you're welcome!
07:12 ramesh I didn't found that anywhere in the salt docs
07:14 hjubal joined #salt
07:18 balboah joined #salt
07:20 UtahDave ramesh: look here: http://docs.saltstack.com/topics/tutorials/states_pt2.html#require-other-states
07:26 ramesh UtahDave: yeah i know that, but didn't found anything for pip in requisites
07:27 UtahDave well, requisites work that way for everything in salt. It's not specific to pip
07:27 ramesh ahh, i see
07:30 Furao ramesh: check github.com/bclermont/states there is plenty of pip, virtualenv and require example
07:31 zooz joined #salt
07:37 jpcw joined #salt
07:38 ramesh Thanks Furao
07:44 zpmorgan joined #salt
07:45 ggoZ joined #salt
07:49 ml_1 joined #salt
07:59 Lue_4911 joined #salt
08:14 aboe joined #salt
08:45 middleman_ joined #salt
08:49 kstaken joined #salt
08:54 MrTango joined #salt
08:54 iMil joined #salt
09:07 mechanicalduck joined #salt
09:19 sgviking joined #salt
09:30 berto- joined #salt
09:34 ChoHag How does salt ensure the integrity of the initial key exchange between nodes and the server?
09:36 ChoHag (Other than by installing the node by hand and eyeballing the fingerprint of the public key on both ends)
09:41 Guest49919 joined #salt
09:46 UtahDave ChoHag: One thing you can do is put the master's pub key fingerprint in the minion's config. Then the minion will only connect to that master
09:47 ChoHag That solves the comparatively simple problem of ensuring that a trusted minion connects only to a trusted master.
09:47 ChoHag How does the master ensure that only a trusted minion has connected to it?
09:48 ChoHag I've looked through puppet's code, because that's what I've been working with for years, and it ... doesn't. At all.
09:48 ChoHag Presumably salt has done better.
09:49 UtahDave ChoHag: The master only accepts connections from minions whose keys you have accepted
09:53 middleman_ joined #salt
10:08 ChoHag "you have accepted"
10:08 Jahkeup joined #salt
10:08 ChoHag So the administrator must eyeball the pubkey/fingerprint in the CSR against the keypair on the minion.
10:08 ChoHag Oh he left.
10:09 mike25ro ChoHag: you manually accept the key on the master...
10:09 mike25ro as far as i know :)
10:09 ChoHag There it is.
10:10 mike25ro salt-key -L ... or smth like that ...
10:10 ChoHag I love hearing that word in the description of an automation system. "Manually"
10:10 mike25ro ChoHag: I am a newbie.. so it might be that there is another way as well
10:10 ChoHag Me too, re. salt.
10:10 mike25ro this is how i have done it.. and read through docs...
10:11 ChoHag Actually not even a newbie. I've only ever used it through somebody else's fingers.
10:11 ChoHag PKI, on the other hand, I am quite familiar with.
10:11 mike25ro and from my point of view ... is normal... to CHECK the minions manually....
10:11 ChoHag So I am trying to find out how salt deals with the concepts before I get stuck in.
10:12 mike25ro i think you can see all your minions..  on master .. there is a folder /etc/salt/pki/master/minions
10:12 ChoHag Yeah, but from my point of view, the idea of an automation system is that it be automatic.
10:12 felixhummel joined #salt
10:12 ChoHag The idea of doing work is an anathema to me.
10:12 mike25ro everything ... AFTER you accept the bloody minion to connect to the master.. is automatic
10:12 mike25ro well... at some point we should work... don't we ? :)
10:12 ChoHag Why should I compare two large numbers with my feeble human brain?
10:13 mike25ro why should you compare 2 numbers? what numbers?
10:13 ChoHag The public key.
10:13 mike25ro why should you do that?
10:13 mike25ro am i missing smth?
10:13 ChoHag Probably.
10:13 mike25ro :)
10:14 ChoHag The keypair is generated by the minion.
10:14 mike25ro yeap
10:14 ChoHag Thus, the communication into the master is potentially from an untrusted source.
10:15 mike25ro could be ... but your master should never be public...
10:15 mike25ro all your infra should be behind firewalls
10:15 ChoHag Puppet's approach to this problem was to allow the user to create the keypair before running the agent and then leave the complicated problem of trust and go hack ruby.
10:15 mike25ro and the minions as well
10:15 ChoHag "Should be", indeed.
10:15 ChoHag SHould be rarely is.
10:16 mike25ro ChoHag:  that is also true :)
10:16 ChoHag And even if it is, it should not be relied upon.
10:16 ChoHag I am trying to build a system which relies as little as possible on trusting the underlying infrastructure.
10:16 mike25ro true again... but ... when a minion tries to connect to the master... you can see the minion via salt-key
10:16 mike25ro you can either accept or not the key
10:16 ChoHag Indeed.
10:17 ChoHag That decision must be made.
10:17 mike25ro yes it has to be made...
10:17 ChoHag If a human must make it, it is not automatic. If a machine must make it, it must be assured.
10:17 mike25ro true again
10:17 ChoHag So - how is it assured.
10:17 mike25ro i would prefer a human :) me ... in this case
10:18 mike25ro i didn't go that far.... automating the acceptance keys...
10:18 ChoHag Admin creates VM. Runs Agent. Blackhat runs evilVM with evilAgent which connects to the master and gets its key signed before the real VM is ready.
10:18 mike25ro i prefer manually ... so i know who is trying to connect
10:18 ChoHag I prefer automatically so I can sleep.
10:18 mike25ro hahaha
10:18 mike25ro ChoHag:  good point.
10:18 ChoHag Also the less I have to do, the smaller the attack surface is.
10:18 ChoHag Ideally.
10:19 mike25ro well... i realluy can not help .. .maybe on of the masters here ... can help you out... i know there are some on a working day
10:19 ChoHag Since the attack surface of most IT is mostly in the form of human error.
10:19 mike25ro but you are right with your approach/idea
10:19 ChoHag It's constructive laziness.
10:20 mike25ro my infra is small.... 100 vms.. .that i will be managing myself... i am just testing salt in vms.... and if all is great.. and so far it is... i am installing salt on all machines
10:20 ChoHag It's taken 2 decades of hard work so far to get to the point that I can put in the years of hard work required to make the things which will let me be lazy.
10:20 ChoHag Looking good so far.
10:20 mike25ro lazy is good :)
10:21 mike25ro UtahDave is one of the devs behind salt... you should ask him when you see him online.
10:21 ChoHag I did. Then he answered a bit, then I responded just after he left.
10:21 ChoHag My computer can sit online and wait for me.
10:22 mike25ro :)
10:22 * mike25ro is off.... going fishing
10:25 hazzadous joined #salt
10:32 Furao_ joined #salt
10:52 lemao joined #salt
10:57 middleman_ joined #salt
11:06 middleman_ joined #salt
11:27 bhosmer joined #salt
11:47 bhosmer joined #salt
11:48 Jahkeup joined #salt
11:54 derelm joined #salt
11:55 jslatts joined #salt
12:24 alekibango joined #salt
12:37 dstanek joined #salt
12:40 waverider joined #salt
12:48 felixhummel joined #salt
12:59 dstanek joined #salt
13:20 mechanicalduck joined #salt
13:20 backjlack joined #salt
13:25 napperjabber joined #salt
13:26 Nexpro joined #salt
13:32 mike25ro1 joined #salt
13:39 middleman_ joined #salt
13:41 mike25ro joined #salt
14:00 napperjabber joined #salt
14:01 mike25ro1 joined #salt
14:05 blee joined #salt
14:12 aat joined #salt
14:22 Nexpro1 joined #salt
14:23 Nobbl joined #salt
14:25 Ryan_Lane joined #salt
14:28 tomeff joined #salt
14:33 TJ1980 joined #salt
14:37 alunduil joined #salt
14:38 mechanicalduck_ joined #salt
14:46 ckao joined #salt
14:49 andrew joined #salt
15:00 dstanek joined #salt
15:24 mgw joined #salt
15:33 mgw joined #salt
15:51 monokrome joined #salt
16:09 napperjabber joined #salt
16:14 jpeach joined #salt
16:24 Nobbl joined #salt
16:25 aat joined #salt
16:35 UtahDave joined #salt
16:38 TJ1980 joined #salt
16:39 hazzadous joined #salt
16:40 dstanek joined #salt
17:00 kstaken joined #salt
17:00 Nobbl joined #salt
17:04 aat joined #salt
17:09 TJ1980 joined #salt
17:10 ggoZ joined #salt
17:12 TJ1980 joined #salt
17:17 TJ1980 joined #salt
17:23 subway Hmm... What is the right way express "If package 'A' and package 'B' are installed, install packages 'C' and 'D', otherwise install only package 'D' in a state file?
17:23 subway Should I be using grains in the module that handles the installation of packages 'A' and 'B'?
17:25 EugeneKay Sounds reasonable.
17:25 m_george|away joined #salt
17:27 Jahkeup joined #salt
17:28 subway Are there any best practices for handling naming grains?
17:29 Damoun joined #salt
17:43 m_george left #salt
18:03 StDiluted joined #salt
18:05 jslatts joined #salt
18:12 rustyrazorblade joined #salt
18:21 UtahDave subway: really they just need to be useful to you as a sysadmin
18:21 matanya joined #salt
18:28 Jahkeup joined #salt
18:30 lazyguru joined #salt
18:30 Lue_4911 joined #salt
18:43 Ryan_Lane joined #salt
18:59 rustyrazorblade joined #salt
19:00 ggoZ joined #salt
19:01 quantumsummers|c joined #salt
19:22 waverider joined #salt
19:27 henk joined #salt
19:31 Nexpro1 joined #salt
19:32 jkleckner joined #salt
19:34 rustyrazorblade joined #salt
19:37 jkleckner joined #salt
19:38 Ryan_Lane joined #salt
19:38 mike25ro1 is there a way to set a grain key+val from inside a state? for example if a pkg has been installed or a file copied... to set up a grain.  ..?
19:51 MaxK joined #salt
19:56 oz_akan_ joined #salt
20:03 auser joined #salt
20:04 brianhicks joined #salt
20:07 berto- joined #salt
20:11 rustyrazorblade joined #salt
20:13 jdelic joined #salt
20:22 ipmb joined #salt
20:26 drags joined #salt
20:32 Ryan_Lane joined #salt
20:40 george_torwell joined #salt
20:46 brianhicks joined #salt
20:50 mechanicalduck joined #salt
20:56 StDiluted joined #salt
21:00 mikedawson joined #salt
21:05 p3rror joined #salt
21:08 robertkeizer joined #salt
21:12 jkleckner1 joined #salt
21:12 it_dude joined #salt
21:22 Lue_4911 joined #salt
21:27 Ryan_Lane joined #salt
21:40 mike25ro1 left #salt
21:47 aat joined #salt
21:47 oz_akan_ joined #salt
22:00 brianhicks joined #salt
22:07 lazyguru joined #salt
22:10 auser joined #salt
22:11 brianhicks joined #salt
22:11 middleman_ joined #salt
22:21 Ryan_Lane joined #salt
22:32 aat joined #salt
22:40 hazzadous joined #salt
22:43 jkleckner joined #salt
22:45 oz_akan_ joined #salt
22:57 Ryan_Lane joined #salt
22:57 Ryan_Lane joined #salt
22:58 StDiluted joined #salt
23:00 middleman_ joined #salt
23:07 middleman_ joined #salt
23:32 jdelic joined #salt
23:47 middleman_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary