Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-03-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 connie joined #salt
00:01 hunter joined #salt
00:08 meteorfox joined #salt
00:08 meteorfo_ joined #salt
00:11 think-free joined #salt
00:21 cellofellow joined #salt
00:27 think-free joined #salt
00:28 druonysus whiteinge: do you know if the salt ldap module requires binding?
00:29 pugs1 whiteinge: i was afk too, no worries.
00:31 krow joined #salt
00:34 ndrei joined #salt
00:34 stanchan joined #salt
00:34 think-free joined #salt
00:35 nhubbard joined #salt
00:36 krow joined #salt
00:38 googolhash joined #salt
00:40 yomilk joined #salt
00:42 krow joined #salt
00:42 yomilk_ joined #salt
00:45 pugs1 whiteinge: you there?
00:46 think-free_ joined #salt
00:54 think-free joined #salt
00:54 greg joined #salt
00:54 TyrfingMjolnir joined #salt
00:57 pydanny joined #salt
00:57 gregmacdonald Hi Everyone, I have a security question. How can I ensure that a compromised minion can't call back to the master? Is it a simple matter of removing salt-call?
00:58 gregmacdonald Or using a second network card?
00:58 googolhash joined #salt
01:00 pydanny joined #salt
01:00 nhubbard gregmacdonald: revoke the keys for the compromised minion on the master and delete them on the minion
01:01 nhubbard should be located in /etc/salt/pki/master/minions/[minion_id]
01:01 think-free_ joined #salt
01:02 gregmacdonald i don't have a compromised minion... I'm wondering if there's a way to lock down the minions so it's impossible for them to initiate commands on the master, send data to other nodes, and whatnot. this might be a non issue
01:05 think-free joined #salt
01:06 nhubbard oh, I understand now
01:08 pydanny joined #salt
01:08 nhubbard I think you want to look at this: but I'm not 100% sure it will do what you need: http://docs.saltstack.com/en/latest/ref/peer.html
01:10 l0x3py joined #salt
01:11 gregmacdonald thanks. the nodes i'm configuring are partially exposed to the internet. so i'm curious if there's anything extra that can be done security wise.
01:12 nhubbard removing salt-call is an option, but if the hacker is trying to compromise them, reinstalling it would be simple if they have access
01:12 gregmacdonald ok, well i don't have the peer stuff configured, so that's one thing to not worry about
01:14 googolhash joined #salt
01:14 think-free joined #salt
01:15 ckao joined #salt
01:16 gregmacdonald ok, thx. it sounds like a remote possibility...
01:16 nhubbard they you should be fairly safe, we have a situation where a couple of our nodes are on the public internet so we are researching just using salt-ssh to manage those few nodes
01:17 gregmacdonald that's a good idea... thx
01:25 Networkn3rd joined #salt
01:26 quickdry21 joined #salt
01:30 n8n joined #salt
01:30 think-free joined #salt
01:30 xunil joined #salt
01:32 eliasp joined #salt
01:33 Networkn3rd joined #salt
01:33 hazzadous joined #salt
01:37 think-free_ joined #salt
01:38 n8n joined #salt
01:41 hazzadous joined #salt
01:43 think-free joined #salt
01:44 arthabaska joined #salt
01:51 krow joined #salt
01:53 justlooks joined #salt
01:54 krow1 joined #salt
01:56 think-free joined #salt
01:57 quickdry21_ joined #salt
02:02 n8n_ joined #salt
02:02 Ryan_Lane joined #salt
02:08 googolhash joined #salt
02:09 think-free joined #salt
02:10 ndrei joined #salt
02:14 yomilk joined #salt
02:20 xunil joined #salt
02:21 krow joined #salt
02:26 krow joined #salt
02:32 krow joined #salt
02:33 Eugene Wheee.... finally got around to open-sourcing my Statefiles. https://github.com/KHresearch/slug
02:37 ravibhure joined #salt
02:37 jkinning joined #salt
02:38 krow joined #salt
02:38 jeddi ahh .. was hoping you were using exim .. just trying to work out a decent strategy for pre-seeding (without losing future improvements) exim on debian.
02:39 jeddi Eugene: how do you find keeping the config files for each app / state / service under the same directory as the app / state service?
02:39 Eugene I've only done it a few days ago, but so far it's a lot more logical than what i had before
02:39 jkinning New user trying to figure out what system to use Ansible to Salt. My primary issue is configuration management and I believe Puppet and Chef would be overkill.  My systems are primarily SUSE Linux 11sp3 Servers with about 10 RHEL 6.5 servers. How difficult is salt to pick up on and learn?
02:40 Eugene All of the stuff associated with a particular state is in a single directory
02:40 jeddi what were you using before?   i just put everything under /srv/salt/fs/ ...   (i thinkt hat's how i first saw it described in the early walkthroughs, and it kind of stuck)
02:40 jkinning Also, is IRC only support channel? No forum?
02:40 jeddi jkinning: google groups list as well.
02:40 Eugene I had a naive recreation of what the target path would be, eg /srv/salt/machines/default/etc/sysconfig/network
02:40 Eugene Which would be copied over as /etc/sysconfig/network
02:40 jeddi jkinning:  http://www.saltstack.com/community/ - bottom left (mailing list)
02:41 Eugene I'm still exploring ways to provide machine-specific config stuff in a sane way(without other machines be able to access it)
02:41 jkinning Thanks jeddi
02:41 jeddi Eugene: yeah - that's what I have - a massive hierarchy under /srv/salt/fs/ ... it only 'breaks' (for tiny values of breaks) for files i want to share between two plcaes - f.e. my .toprc that i want in my user account as well as my /root/ directory .. similarly vim configs, that kind of thing.  i'm thinking i'll just use a 'shared' dir under fs/
02:41 Eugene Best I can figure involves a machine- or group- specific git repo
02:42 xunil joined #salt
02:42 jeddi Eugene: and, yeah, i guess the stock answer to that problem will be 'use pillars'
02:45 think-free joined #salt
02:45 Eugene Except pillars suck for large quantities of data, like HTTPS cert/keypairs ;-)
02:45 jeddi Eugene: for any non-trivial data that needs to be thrown over, yeah, I tend to think separate git repos that you pull via salt makes some sense.
02:45 Eugene Or data I don't necessarily want git-ed.
02:45 krow joined #salt
02:45 rgbkrk joined #salt
02:45 ravibhure joined #salt
02:45 Eugene That repo is nearly a straight cp from my prod salt repo. I ripped out a few machine-specific hacks for mail, which I haven't totally saltified yet
02:45 jeddi Eugene:  nice!
02:46 jeddi the official sanctioned recipe collection for saltstack ... it's a nice idea but bits feel a bit abandoned.  it'd be lovely to have a central location where you can see, if not The One True Way, then perhaps Several Ways That Actually Work.
02:46 taion809 joined #salt
02:46 Eugene That's kinda why I threw that repo up ;-)
02:46 krow1 joined #salt
02:46 Eugene This one being more of a focus on an actual, running infrastructure management. The Recipe Collection seems to be more "here's a few service examples that don't work
02:48 think-free_ joined #salt
02:49 fllr joined #salt
02:50 Eugene I even made it a nice, permissive license.
02:56 ajw0100 joined #salt
03:01 jkinning Will salt work with machines in a DMZ? Would that require the minion?
03:01 jeddi Eugene:  mmm ... i used to hit that public repo quite optimistically.   if salt and state weren't such overloaded words on the Net it'd be easier to find answers.
03:01 jeddi jkinning: if the machiens in the DMZ can see the salt master ... then it'll work fine.
03:02 jeddi jkinning: by minion - do you mean the process 'salt-minion' ?  that needs to eb running in the classic use case for salt, yes.
03:03 jkinning Yes the process salt-minion is what I meant. Thanks. Will conduct some testing next week.
03:07 ipalreadytaken joined #salt
03:09 ipalreadytaken joined #salt
03:10 krow joined #salt
03:15 quickdry21 joined #salt
03:16 krow joined #salt
03:19 n8n joined #salt
03:21 ajw0100 joined #salt
03:22 stanchan joined #salt
03:27 krow joined #salt
03:27 fllr joined #salt
03:32 krow joined #salt
03:37 krow1 joined #salt
03:42 krow joined #salt
03:42 favadi joined #salt
03:48 krow joined #salt
03:50 fllr joined #salt
03:53 krow joined #salt
03:54 baniir joined #salt
03:59 krow joined #salt
04:05 krow joined #salt
04:12 liko joined #salt
04:12 liko left #salt
04:16 smcquay joined #salt
04:16 fllr joined #salt
04:17 luminous joined #salt
04:20 sroegner joined #salt
04:20 krow joined #salt
04:24 ipalreadytaken joined #salt
04:29 jeremyfelt joined #salt
04:34 jeddi I'm seeing lots of errors on my minion doing a normal highstate run (ubuntu minion) like this:   Command "dpkg --compare-versions '0.7-20120110' lt '0.7-20120110'" failed with return code: 1
04:35 jeddi running at the CLI on the minion doesn't return an error (just the non-zero return value)
04:37 fllr joined #salt
04:38 Employee312 joined #salt
04:39 jcockhren Eugene++
04:39 * Eugene overflows his buffer
04:39 jcockhren Eugene: for certs, maybe not git backed pillars, but ext_pillars
04:40 jcockhren or just leverage a remote FS
04:40 jcockhren s3
04:40 Eugene I'm kinda surprised we don't have something for it natively
04:41 jeddi Eugene: i think previously people have indicatd it's because most people already have *some* method of storing & maintaining their certs ...
04:42 jeddi maybe a keepassx module :)
04:42 jcockhren you mean external filesystems or... or encrypting pillar data?
04:42 Eugene A way of referencing salt:// files that are minion- or group- restricted
04:44 jcockhren I misunderstand. how can we not do that already? "that" being getting data that is only intended for a subset of minions?
04:45 jcockhren ah. I get it
04:46 Eugene Pillar does it, but not for files. You can hexencode or whatever, but no.
04:46 Luke__ joined #salt
04:47 jcockhren yeah. I finally clicked
04:47 jcockhren it*
04:47 Eugene Heck, could probably extend Pillar to support it.
04:48 jcockhren the *only* way I know that could come close requires blurrying the lines b/t states and data
04:48 Eugene The existing file_roots already do that :-p
04:48 n8n joined #salt
04:49 Eugene IMO, states should really have a separate place from file_roots
04:49 Eugene And file_roots needs an access layer of some sort
04:49 Twiglet joined #salt
04:50 Eugene Yes, there's the existing Environment stuff.
04:50 jcockhren I'm thinking of dirty things like having a dummy state directory (and init.sls). files in there (in fact the entire 'state directory' can be targeted
04:50 whiteinge joined #salt
04:52 mgw joined #salt
04:52 jcockhren that way, one can selectively send and apply files that are referenced via salt://
04:53 jcockhren all that the ini.sls has to do is compile into a state that passes
04:53 jcockhren init.sls
04:53 jcockhren maybe using module.run: test.ping. or something. ;)
04:54 Eugene Hey, silly question, but what sort of price range does Saltstack, Inc have for those Careers? :v
04:56 xmj where i come from, salary isn't something you'd discuss publicly
04:58 Eugene Just my own curiousity.
04:59 jcockhren xmj: the people at bufferapp does it differently
04:59 jcockhren remember this? http://open.bufferapp.com/introducing-open-salaries-at-buffer-including-our-transparent-formula-and-all-individual-salaries/
05:00 xmj jcockhren: "openly"
05:01 xmj bah
05:04 rushm0r3 joined #salt
05:20 meteorfox joined #salt
05:23 ravibhure joined #salt
05:37 srage joined #salt
05:43 akitada joined #salt
05:48 Luke__ joined #salt
05:59 fllr joined #salt
06:08 sroegner joined #salt
06:21 rushm0r3 joined #salt
06:23 MZAWeb joined #salt
06:26 bhosmer joined #salt
06:34 Ryan_Lane joined #salt
06:34 Ryan_Lane joined #salt
06:39 jeddi some people have very weird attitudes towards remuneration.
06:39 jeddi or rather, the discussion of same.
06:49 nineteeneightd joined #salt
06:49 fllr joined #salt
06:56 flebel joined #salt
06:59 fllr joined #salt
07:04 stanchan joined #salt
07:07 thedodd joined #salt
07:09 smcquay joined #salt
07:13 krow joined #salt
07:14 stephanbuys joined #salt
07:18 xmj "get off my lawn"
07:20 Eugene Who would I complain at to get Salt packages in epel for el7? :v
07:20 * Eugene beta testing
07:20 MedicalJaneParis joined #salt
07:25 yomilk joined #salt
07:33 Shenril joined #salt
07:39 ndrei joined #salt
07:57 sroegner joined #salt
07:59 fllr joined #salt
08:02 ajw0100 joined #salt
08:06 krow1 joined #salt
08:08 yomilk joined #salt
08:10 joehillen joined #salt
08:12 rotschopf joined #salt
08:21 sieve joined #salt
08:27 harobed_ joined #salt
08:34 CeBe joined #salt
08:59 fllr joined #salt
09:04 yomilk_ joined #salt
09:25 vbabiy joined #salt
09:30 shoma joined #salt
09:42 n8n joined #salt
09:46 sroegner joined #salt
09:59 fllr joined #salt
10:07 N-Mi joined #salt
10:44 ravibhure1 joined #salt
10:49 ravibhure joined #salt
10:59 fllr joined #salt
11:02 bhosmer joined #salt
11:03 nliadm joined #salt
11:05 sieve joined #salt
11:07 sieve joined #salt
11:18 johtso joined #salt
11:23 elfixit joined #salt
11:28 favadi joined #salt
11:35 sroegner joined #salt
11:37 taion809 joined #salt
11:38 yomilk joined #salt
11:44 rglen_ joined #salt
11:47 hazzadous joined #salt
11:52 Luke__ joined #salt
11:58 sroegner joined #salt
11:59 toastedpenguin joined #salt
11:59 fllr joined #salt
12:31 scalability-junk joined #salt
12:56 mgw joined #salt
12:59 fllr joined #salt
13:03 sieve joined #salt
13:12 mgw joined #salt
13:12 sieve joined #salt
13:17 londo_ joined #salt
13:17 raizyr joined #salt
13:18 bhosmer joined #salt
13:24 Linz joined #salt
13:27 mgw joined #salt
13:28 favadi joined #salt
13:34 jeremyBass1 joined #salt
13:36 pydanny joined #salt
13:36 jslatts joined #salt
13:49 mgw joined #salt
13:50 [diecast] joined #salt
13:50 pydanny joined #salt
13:51 rgbkrk joined #salt
13:53 Luke__ joined #salt
13:59 fllr joined #salt
14:02 DaveQB joined #salt
14:03 johtso joined #salt
14:15 vbabiy joined #salt
14:21 mgw joined #salt
14:21 rgbkrk joined #salt
14:26 raizyr joined #salt
14:33 schimmy joined #salt
14:38 schimmy joined #salt
14:38 schimmy1 joined #salt
14:39 Linz joined #salt
14:41 mgw joined #salt
14:42 Linz_ joined #salt
14:47 rgbkrk joined #salt
14:52 mgw joined #salt
14:59 fllr joined #salt
14:59 smcquay joined #salt
15:01 rushm0r3 joined #salt
15:04 mgw joined #salt
15:08 bhosmer joined #salt
15:15 Networkn3rd joined #salt
15:22 jslatts joined #salt
15:24 sieve joined #salt
15:25 schimmy joined #salt
15:29 schimmy1 joined #salt
15:31 napper joined #salt
15:31 rushm0r3 joined #salt
15:34 rgbkrk joined #salt
15:41 srage joined #salt
15:46 untamo13 joined #salt
15:51 jeremyfelt joined #salt
15:57 frasergraham joined #salt
16:04 ajw0100 joined #salt
16:16 krow joined #salt
16:18 rushm0r3 joined #salt
16:20 pydanny joined #salt
16:23 baniir joined #salt
16:28 raizyr joined #salt
16:29 Gifflen joined #salt
16:32 krow joined #salt
16:32 Gifflen joined #salt
16:33 ipalreadytaken joined #salt
16:38 eliasp can someone point me at the right part of the docs, some blog post or something else on how to get details of a running job? I feel like some things aren't working when applying the highstate to my dev-environment but I have no idea where to lock for analysis data, returned error messages etc.
16:39 frasergraham joined #salt
16:42 lfn123 joined #salt
16:42 sroegner_ joined #salt
16:46 lfn123 i'm looking for some suggestions on how to handle the following scenario: 1. i have collectd stats gathering running on all production servers. 2. i have nginx running on some staging and prod servers. 3. i would like to enable the nginx collectd collector on the prod servers that have the nginx installed
16:46 lfn123 is there a way to have the collectd state check if the nginx state is enabled for a given server?
16:47 yomilk joined #salt
16:47 lfn123 or is there a way to have part of a pillar definition be conditional on a given state being enabled?
16:52 rgbkrk joined #salt
16:52 raizyr joined #salt
16:53 eliasp hmm, running 'salt-call -l debug state.highstate' manually on the minion worked as it should… that's weird
16:56 Luke__ joined #salt
17:01 Gifflen joined #salt
17:02 raizyr joined #salt
17:07 mgw joined #salt
17:08 ipalreadytaken joined #salt
17:27 ndrei joined #salt
17:30 Gifflen joined #salt
17:33 n8n joined #salt
17:35 rushm0r3 joined #salt
17:39 ndrei joined #salt
17:45 darrend joined #salt
17:47 napper joined #salt
17:48 Networkn3rd joined #salt
17:50 wkf joined #salt
17:50 krow joined #salt
17:53 ipalread_ joined #salt
17:56 krow joined #salt
17:58 zooz joined #salt
17:59 eliasp does anyone know, why pkg.latest doesn't remove an older version of a package on windows? doesn't the windows package provider support .latest but only .installed?
18:05 krow joined #salt
18:06 WiseDroid joined #salt
18:06 pydanny joined #salt
18:07 googolhash joined #salt
18:08 dmwuw joined #salt
18:09 ndrei joined #salt
18:09 sgviking joined #salt
18:09 dmwuw joined #salt
18:10 dmwuw joined #salt
18:10 krow joined #salt
18:13 all_the_fisch joined #salt
18:13 ocdmw joined #salt
18:15 napper joined #salt
18:17 jslatts joined #salt
18:31 hazzadous joined #salt
18:36 Shenril joined #salt
18:36 krow joined #salt
18:39 ajw0100 joined #salt
18:39 shoma joined #salt
18:44 tr_h joined #salt
18:46 krow joined #salt
18:47 ajw0100 joined #salt
18:51 ipalreadytaken joined #salt
18:52 krow joined #salt
18:53 all_the_fisch joined #salt
18:54 Ryan_Lane joined #salt
18:54 Ryan_Lane joined #salt
18:57 untamo13 joined #salt
18:57 krow joined #salt
19:02 hazzadous joined #salt
19:03 krow joined #salt
19:04 n8n joined #salt
19:14 krow joined #salt
19:17 krow1 joined #salt
19:18 schimmy joined #salt
19:23 schimmy joined #salt
19:32 all_the_fisch joined #salt
19:37 schimmy joined #salt
19:41 [diecast] joined #salt
19:43 DaveQB joined #salt
19:44 googolhash joined #salt
19:45 rgbkrk joined #salt
19:52 smcquay joined #salt
19:57 schimmy joined #salt
19:59 fllr joined #salt
20:01 schimmy1 joined #salt
20:03 all_the_fisch joined #salt
20:15 ndrei joined #salt
20:17 Ryan_Lane joined #salt
20:21 Linz joined #salt
20:21 ggoZ joined #salt
20:24 smcquay joined #salt
20:28 schimmy joined #salt
20:29 schimmy1 joined #salt
20:31 JesseC joined #salt
20:32 schimmy joined #salt
20:38 all_the_fisch joined #salt
20:39 xunil joined #salt
20:42 srage joined #salt
20:47 Luke joined #salt
21:13 dave_den joined #salt
21:16 zain joined #salt
21:19 krow joined #salt
21:22 Shish_ joined #salt
21:23 dh__ joined #salt
21:24 Bosch[] joined #salt
21:25 andabata joined #salt
21:26 rjc joined #salt
21:29 Linz_ joined #salt
21:29 Linz joined #salt
21:38 ndrei joined #salt
21:44 jaimed joined #salt
21:47 dh joined #salt
21:49 dangra joined #salt
21:50 n8n joined #salt
21:52 pentabular joined #salt
21:52 pentabular left #salt
21:54 Linz joined #salt
21:54 pydanny joined #salt
21:55 krow1 joined #salt
22:00 ndrei joined #salt
22:01 MichaelJ_ joined #salt
22:07 elfixit joined #salt
22:13 srage joined #salt
22:14 scarcry joined #salt
22:19 MK_FG joined #salt
22:24 krow joined #salt
22:27 Ixan joined #salt
22:30 nebuchadnezzar joined #salt
22:57 quickdry21 joined #salt
22:59 MZAWeb joined #salt
23:04 pentabular1 joined #salt
23:07 pentabular joined #salt
23:09 pentabular joined #salt
23:10 gasbakid joined #salt
23:17 krow joined #salt
23:19 forrest joined #salt
23:20 krow1 joined #salt
23:22 meteorfox joined #salt
23:23 ajw0100 joined #salt
23:24 robinsmidsrod joined #salt
23:30 pentabular joined #salt
23:35 all_the_fisch joined #salt
23:38 ajw0100 joined #salt
23:59 ipalreadytaken joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary