Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-09-12

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 seatan joined #salt
00:07 jmreicha joined #salt
00:15 fersur3 joined #salt
00:18 fersur3 Is there an option in the script at bootstrap.saltstack.org to set up with RAET?
00:20 notnotpeter joined #salt
00:29 pravka joined #salt
00:36 tmclaugh[work] joined #salt
00:45 kevinquinnyo joined #salt
00:49 Aidin joined #salt
00:51 larsfronius joined #salt
00:57 baweaver joined #salt
01:02 jmickle joined #salt
01:06 Aidin joined #salt
01:14 quasiben joined #salt
01:17 laax joined #salt
01:23 SunPowered joined #salt
01:24 tmclaugh[work] joined #salt
01:34 fgimian joined #salt
01:37 kwork joined #salt
01:47 catpigger joined #salt
01:49 scoates joined #salt
01:49 notnotpeter joined #salt
01:51 seatan joined #salt
01:52 jodv joined #salt
01:57 iggy fersur3: no, because they really don't want to make it easy to use
01:58 fersur3 Why not just ./bootstrap --enable-raet ?    I wanna test that shit.
01:59 forrest joined #salt
02:00 iggy you really don't
02:21 zwi joined #salt
02:26 tmclaugh[work] joined #salt
02:32 amcorreia joined #salt
02:36 ekristen joined #salt
02:48 quasiben joined #salt
02:59 joe_n joined #salt
03:14 frogger_ joined #salt
03:18 laax joined #salt
03:40 seatan joined #salt
03:44 writteno1f joined #salt
03:47 bkeep joined #salt
03:48 cyborgIone joined #salt
03:49 zer0def joined #salt
03:50 bkeep Is anyone using Salt to manage workstation or primarily just servers?
03:57 Configio joined #salt
04:01 jdubinsky joined #salt
04:02 traph joined #salt
04:02 traph joined #salt
04:13 kukacz joined #salt
04:16 Alekti joined #salt
04:18 TyrfingMjolnir joined #salt
04:18 jalaziz joined #salt
04:27 tmclaugh[work] joined #salt
04:31 jodv joined #salt
04:38 zwi joined #salt
04:42 zwi joined #salt
04:51 jodv joined #salt
04:52 larsfronius joined #salt
04:59 TyrfingMjolnir joined #salt
05:14 jalaziz joined #salt
05:19 laax joined #salt
05:28 tmclaugh[work] joined #salt
05:30 seatan joined #salt
05:31 tarq joined #salt
05:31 tarq hey guys
05:32 tarq anyone know if it's possible to use salt-cloud to deploy without installing the minion but instead automatically adding the deployed node to /etc/salt/roster
05:32 tarq atm I've got a deploy script that adds my ssh key to the deployed node
05:33 dopesong joined #salt
05:46 otter768 joined #salt
05:48 malinoff joined #salt
05:50 aristedes joined #salt
05:52 linjan joined #salt
06:03 lowfive joined #salt
06:07 jalaziz joined #salt
06:10 aristedes left #salt
06:12 ajw0100 joined #salt
06:14 forrest joined #salt
06:15 dopesong joined #salt
06:27 dopesong_ joined #salt
06:31 _ikke_ joined #salt
06:44 moogyver joined #salt
06:45 slav0nic joined #salt
06:56 moogyver is there anyway to offload a runner to something like a job host?  ie - I want to run the drac runner, but I don't want to run it from the master, but rather a bastion host that can talk to the DRACs?
06:57 moogyver the problem being that the drac execution module seems to be designed for managing the drac on the local minion, not for managing remote dracs.
07:01 jalaziz joined #salt
07:10 dopesong joined #salt
07:19 seatan joined #salt
07:20 arnoldB "Salt Package Manager for easier Salt Formula deployment" basepi, can you reveal a few details? I'm working on sth. similiar to his at the moment. (https://plus.google.com/+SaltStackInc/posts/FcjQjUkS2CA)
07:20 arnoldB s/ his/ this/
07:20 laax joined #salt
07:35 markm joined #salt
07:45 jbrnds joined #salt
07:47 otter768 joined #salt
08:02 Aidin joined #salt
08:06 PeterO_ joined #salt
08:10 joe_n joined #salt
08:21 kukacz joined #salt
08:22 anmolb joined #salt
08:22 kukacz_ joined #salt
08:25 golodhrim|work joined #salt
08:25 kukacz_ left #salt
08:25 golodhrim|work left #salt
08:26 darkhuy joined #salt
08:39 joe_n joined #salt
08:45 whytewolf arnoldB: the spm docs can be found here https://docs.saltstack.com/en/develop/topics/spm/
08:45 anmol joined #salt
08:45 arnoldB whytewolf: thx!
08:50 arnoldB sounds promising
08:51 jalaziz joined #salt
08:51 whytewolf hopefully it helps with all the broken formulas out there.
08:51 arnoldB though there are lot of open questions. will take a look at the source code..
08:51 Ben4738 joined #salt
08:55 arnoldB whytewolf: spm will help to fix broken formulas? how?
08:57 whytewolf well, once there is a packaged system for formulas. they can start working towards a formula comunity. and bad formulas will be noticed a lot easier
08:57 whytewolf in thoery
08:57 arnoldB hmm, right
09:02 Ben4738 left #salt
09:07 whytewolf moogyver: what you might look at and I am not sure if what you are asking is possable. but what you might look at it. a syndic master. [and before you start down that route I will appologize now]
09:14 cberndt joined #salt
09:19 seatan joined #salt
09:20 bfoxwell joined #salt
09:21 laax joined #salt
09:30 seatan joined #salt
09:32 sgargan joined #salt
09:37 jasonrm joined #salt
09:48 otter768 joined #salt
09:54 larsfronius joined #salt
10:00 Aidin joined #salt
10:06 SunPowered joined #salt
10:10 anmol joined #salt
10:11 mpanett__ joined #salt
10:21 SunPowered joined #salt
10:22 bfoxwell joined #salt
10:25 mariusv joined #salt
10:25 mariusv joined #salt
10:27 joe_n joined #salt
10:38 joe_n joined #salt
10:48 mariusv joined #salt
10:48 mariusv joined #salt
10:53 dopesong joined #salt
11:17 laax joined #salt
11:24 ippii joined #salt
11:24 ippii Hi team
11:25 ippii I am new to salt
11:25 ippii when I run states.highstate, I am getting this error
11:25 ippii Data failed to compile: ----------     Pillar failed to render with the following messages: ----------     Rendering SLS 'pkg' failed. Please see master log for details.
11:26 ippii what exactly went wrong?
11:26 ippii my config is fine?
11:27 ippii any help would be greatly appreciated.
11:28 quasiben joined #salt
11:33 Mate did you check the master log?
11:35 jdubinsky joined #salt
11:39 ippii yes
11:39 ippii it says
11:39 ippii Missing configuration file: /root/.saltrc
11:40 ippii other than that everything looks fine
11:42 amcorreia joined #salt
11:43 mariusv_ joined #salt
11:44 gerhardqux ippii: is there a /srv/pillar/pkg.sls that has an invalid syntax?
11:45 ippii nope
11:45 ippii [root@oc0455704565 ~]# ls /srv/salt/ config.sls    _modules  system.sls  tsm    vim.sls download.sls  prereq    top.sls     vimrc [root@oc0455704565 ~]#
11:46 ippii sorry
11:46 ippii yes
11:46 ippii I have
11:46 ippii will check and get back
11:46 ippii thanks fehardqux
11:47 ippii thanks gehardqux
11:47 gerhardqux yw
11:48 ippii one more question, I would like to copy a file from http and untar it
11:48 mariusv joined #salt
11:48 gerhardqux it's often helpful to debug from the minion with 'salt-call -l debug state.sls somestate' rather than kicking of an entire highstate
11:49 ippii oh sure gerhardqux
11:49 otter768 joined #salt
11:49 gerhardqux ippii: regarding your second question, you'll have to do this in two steps
11:50 ippii oh ok
11:50 gerhardqux first downloading it using file.managed
11:50 ippii ok
11:50 gerhardqux then extract it using cmd.run with an unless condition
11:51 ippii ok sure.
11:52 gerhardqux theres also salt.states.archive, but I think that cannot be implemented efficiently
11:53 ippii ok,
11:53 gerhardqux On second looks, try salt.states.archive first
11:53 ippii I found archieve.extracted.
11:53 ippii but that is not at all usefull.
11:54 gerhardqux what's wrong with it?
11:55 jngd joined #salt
11:55 ippii I am trying to reproduce, in between made some changes and now could not run that sls in /srv/salt
11:56 ippii so to run my top.sls file under /srv/salt, should i remove /srv/piller/top.sls?
11:56 joe_n joined #salt
11:57 gerhardqux ippii: pillar/top.sls and salt/top.sls are two different things
11:57 gerhardqux you should use them both
11:58 ippii oh , but how to run them individually, sorry for asking basic questions, I am very new to salt.
11:58 gerhardqux /srv/salt contains your state, and /srv/pillar contains the (sort of) configuration for these states
11:59 gerhardqux so you can run states on your minions, and they retrieve cfg from the pillar
12:00 gerhardqux you should do the salt tutorial if you haven't already. It touches on these concepts
12:00 ippii ok, so I need to run my state from minion vial salt-call command.
12:01 gerhardqux ippii: this is often very helpful while debugginh
12:01 ippii sure.
12:03 ippii how do run /srv/salt/top.sls file from master not the /srv/piller/top.sls
12:04 gerhardqux you cannot
12:05 gerhardqux you can ask all minions to run a highstate. The minions then fetch their states using master:salt/top.sls and the (sort of) cfg from master:pillar/top.sls
12:07 ippii ok
12:10 gerhardqux it's difficult for archive.extracted to know if your remote tarball has changed compared to what's on disc. This operation would be too expensive to run everytime.
12:10 Aidin joined #salt
12:11 zer0def joined #salt
12:13 laax joined #salt
12:13 ippii Actually, want to give quick demo to get the work on salt. so not gone through much reading.
12:13 steffo joined #salt
12:16 bluenemo joined #salt
12:16 gerhardqux the states tutorial is pretty short: https://docs.saltstack.com/en/2015.5/topics/tutorials/states_pt1.html
12:21 ippii thanks, for sharing the link
12:21 ippii [minion@oc0644314035 ~]$ sudo salt-call -l debug state.sls top
12:22 ippii this fails with
12:22 ippii local:     Data failed to compile: ----------     Pillar failed to render with the following messages: ----------     Error encountered while render pillar top file.
12:22 dopesong joined #salt
12:23 ippii this is my top,sls
12:23 ippii cat /srv/salt/top.sls  base:   '*':     - prereq.prereqs #    -config #    -download
12:24 Mate top.sls isnt a state file
12:24 Mate use state.highstate wo an argument
12:25 ippii tried that too
12:26 Mate state.sls top is definitely wrong
12:26 ippii ok
12:26 ippii local: ----------           ID: states     Function: no.None       Result: False      Comment: No Top file or external nodes data matches found      Started:      Duration:       Changes:     Summary ------------ Succeeded: 0 Failed:    1
12:27 ippii on running state.highstate
12:27 malinoff joined #salt
12:28 ippii local: ----------           ID: states     Function: no.None       Result: False      Comment: No Top file or external nodes data matches found      Started:      Duration:       Changes:     Summary ------------ Succeeded: 0 Failed:    1
12:28 ippii out put
12:28 ippii sudo salt-call -l debug state.sls download
12:28 ippii [DEBUG   ] LazyLoaded highstate.output local:     Data failed to compile: ----------     Pillar failed to render with the following messages: ----------     Error encountered while render pillar top file. [minion@oc0644314035 ~]
12:29 ippii would you like any config details
12:29 ippii to show here
12:29 gerhardqux please use gist.github.com for that
12:30 gerhardqux you can temporarily remove pillar/top.sls to run without a pillar
12:30 ippii oh ok
12:35 ippii the error     local:     Data failed to compile: ----------     No matching sls found for 'download' in env 'base
12:36 ippii but I have a file download under /srv/salt/
12:36 gerhardqux ippii: is /srv/pillar/top.sls gone now?
12:36 ippii yes, sir
12:37 ippii [root@oc0455704565 ~]# ls /srv/pillar/ data.sls         my_sls_file.sls  pkg/              [root@oc0455704565 ~]# ls /srv/pillar/
12:37 ippii removed the top.sls file
12:38 gerhardqux ippii: can you post the rest of the output in a gist?
12:43 zer0def joined #salt
12:47 gerhardqux and do the other states run fine? e.g. config or vim
12:48 gerhardqux it's not a unix permission error right? what are the permissions of /srv/salt/download.sls
12:48 ippii one day back I could execute them but after piller I guess
12:48 gerhardqux do the salt master logs tell you anything?
12:49 gerhardqux yes, you still have that error in /srv/pillar/pkg/init.sls
12:51 ippii will remove the pkg dir
12:51 ippii ls -ltr /srv/salt/download.sls  -rwxr-xr-x. 1 root root 310 Sep  9 15:55 /srv/salt/download.sl
12:53 gerhardqux do you run with selinux enabled?
12:53 ippii removed the pillal dir, still getting the same error
12:57 larsfronius joined #salt
13:00 gerhardqux did you check the salt-master logs?
13:01 homeshlice joined #salt
13:03 ippii execpt this error no other error
13:03 ippii Missing configuration file: /root/.saltrc
13:07 gerhardqux do you see the "[DEBUG] Could not find file from saltenv 'base', 'salt://download.sls'" error?
13:08 seatan joined #salt
13:09 djinni` joined #salt
13:10 ippii nope
13:11 gerhardqux it should be approx. 4 lines above the 'local:' line
13:12 mpanetta_ joined #salt
13:13 ippii no 'local:' at all
13:14 gerhardqux this one: 14:35 < ippii>  the error     local:     Data failed to compile: ----------     No matching sls found for 'download' in env 'base
13:16 ippii but here when I run this command from master
13:16 ippii salt '*' state.sls download -l debug
13:16 laax joined #salt
13:16 ippii it still shows that "illar failed to render with the following messages:
13:22 gerhardqux is your pillar/top.sls back?
13:22 ippii yes
13:22 ippii I removed the pillar dir
13:23 ippii but still it is back
13:23 ippii do you need any details from setup
13:25 ippii BTW, can we configure one minion to many masters?
13:26 gerhardqux ippii: yes, but let's not introduce extra complexity now :)
13:26 gerhardqux ippii: and there are quite some caveats right now for a multi-master setup
13:28 gerhardqux you can also stop the salt-master process and run it in debug-mode
13:28 gerhardqux using "salt-master -l debug"
13:30 jalaziz joined #salt
13:30 ippii ok
13:33 gerhardqux ippii: what is your setup?
13:33 gerhardqux one master, one minion?
13:33 ippii yes
13:34 ippii master is my TP and one VM  as minion
13:35 gerhardqux I'd still like to see the output of "sudo salt-call -l debug state.sls download"
13:35 gerhardqux no alternate file_roots? and everything is base?
13:35 ippii yes
13:36 sxar_ joined #salt
13:37 gerhardqux and you should figure out why /srv/pillar/top.sls reappeared
13:37 ippii but if I run salt-master in debug mode
13:38 ippii one sec
13:38 zwi joined #salt
13:39 gerhardqux and does the master also run a minion? Maybe one of your states reinstalled /srv/pillar/top.sls?
13:39 ippii nope
13:40 seatan joined #salt
13:41 AndreasLutro joined #salt
13:42 ippii 2015-09-12 19:08:55,827 [salt.utils.event ][DEBUG   ][8089] Sending event - data = {'id': 'oc0644314035.ibm.com', '_stamp': '2015-09-12T13:38:55.827331', 'result': True, 'pub': '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhnesextKNZC3NVaMI7F\nxnAOK+q0nqFVbndnu+v8rAemuCjLJLEeoMtVJTnPPER10sTEAkf0TNct7YZRsW7L\npi1csHaFBhhREv0fNBPNvqOTO0Ql2vI7QRVMaUR2J8Enerc2QuAIxxFGHLE7ptv9\nM4asgJ1avLWD/jogLrZ8LkCf/FeADsEDb73a
13:42 ippii sudo salt-call -l debug state.sls download
13:42 ippii output
13:43 ippii Got return from oc0644314035.ibm.com for job 20150912190856162039 2015-09-12 19:08:56,197 [salt.utils.event ][DEBUG   ][8095] Sending event - data = {'tgt_type': 'glob', 'fun_args': ['download'], 'jid': '20150912190856162039', 'return': ["No matching sls found for 'download' in env 'base'"], 'retcode': 1, 'tgt': 'oc0644314035.ibm.com', 'cmd': '_return', '_stamp': '2015-09-12T13:38:56.197298', 'arg': ['download'], 'fun': 'state.sls', 'id
13:44 gerhardqux can you put the entire output in a gist?
13:44 laax joined #salt
13:45 ippii ok sure.
13:45 gerhardqux there might be some clues in the lines above
13:45 ippii ok
13:50 otter768 joined #salt
13:50 Aidin joined #salt
14:05 seatan joined #salt
14:10 seatan joined #salt
14:11 laax joined #salt
14:13 mpanetta_ joined #salt
14:14 jalaziz joined #salt
14:17 dthorman joined #salt
14:20 Aidin joined #salt
14:24 steffo joined #salt
14:24 seatan joined #salt
14:27 slav0nic joined #salt
14:33 frogger_ joined #salt
14:36 sxar joined #salt
14:42 tmclaugh[work] joined #salt
14:44 jalaziz joined #salt
14:47 dopesong joined #salt
14:51 WildPikachu joined #salt
14:53 jalaziz joined #salt
15:04 steffo joined #salt
15:09 pratikmallya joined #salt
15:11 ippii erhardqux
15:12 tmclaugh[work] joined #salt
15:19 gerhardqux ippii: yes
15:21 jalaziz joined #salt
15:27 ippii I am setting  new Master VM and run the download command and see
15:38 gerhardqux ippii: did you say anything after "download command and see"? These seem to be your latest words.
15:39 ippii yes
15:40 b00n joined #salt
15:42 b00n hello, i'm trying to re-structure my file_roots so that files like ssh public keys are stored in the same directory called 'ssh' at the top of the file_roots but when I did that, I got the following error when trying to run highstate:
15:42 b00n No matching sls found for 'ssh' in env 'base'
15:42 jhauser joined #salt
15:43 b00n Does salt require that every directories in file_roots has a 'init.sls' in them?
15:44 dopesong_ joined #salt
15:46 Mate only if you want to include it
15:48 Mate salt wont try to collect all state files in a directory, you have to list them either in an init.sls file or in your top file
15:48 Mate (or any other state file which includes them)
15:51 otter768 joined #salt
15:53 b00n @Mate: I refer to those ssh key in the other state files (not in the same 'ssh' directory) but there is no sls file in the 'ssh' directory' It doesn't seem like salt allow that
15:56 iggy b00n: do you have ssh in your top file?
15:57 iggy or an include of just ssh?
15:58 larsfronius joined #salt
15:59 b00n @iggy: no I don't have 'ssh' in my top file
16:00 b00n @iggy: strange thing though, when I do 'show_highstate', 'ssh' is included as the list of states to be applied.
16:00 iggy then you have it included somewhere
16:00 iggy salt doesn't automatically add dirs to a highstate
16:01 b00n sorry, I meant to say 'show_top'
16:02 b00n @iggy: any hints as to how I can find out where it's being included?
16:02 iggy grep?
16:05 b00n @iggy: thanks, I forgot to mention i used gitfs as the file server backend. I'll try to see where the file_roots on the server are and do a grep there.
16:05 iggy there isn't one
16:06 iggy your best bet is probably to check in a minion's cache
16:07 giantlock joined #salt
16:07 b00n @iggy: ah...thanks, I was about to say, there doesn't seem to be pull from git on the server :)
16:11 viq joined #salt
16:11 perfinion joined #salt
16:15 ippili joined #salt
16:16 ippili rejoining
16:21 otter768 joined #salt
16:25 perfinion why does the new version chdir($HOME)? that fails miserably in so many cases
16:37 RandyT joined #salt
16:37 ippili I have only one"ssh.sls"  file under /srv/salt/
16:38 ippili when ran this command "salt '*' state.sls ssh
16:38 ippili the error
16:38 ippili Data failed to compile: ----------     No matching sls found for 'ssh' in env 'base'
16:38 ippili what could be the issue.
16:38 ippili ?
16:38 iggy salt-call cp.list_master | grep ssh
16:40 ippili no output
16:41 ippili @iggy
16:42 ippili @iggy
16:42 ippili even the logs only show this error
16:42 ippili 015-09-12 22:06:06,579 [salt.config      ][DEBUG   ][13898] Missing configuration file: /root/.saltrc
16:45 jodv joined #salt
16:45 gerhardqux ippili: does "salt-call cp.list_master" give any output at all?
16:45 ippili no ouput at all
16:46 ippili even simple setup is giving lot many issues
16:47 gerhardqux ippili: "salt-call -l debug cp.list_master"?
16:48 ippili [DEBUG   ] LazyLoaded nested.output local: [minion@oc0644314035 ~]$
16:50 ippili [DEBUG   ] LazyLoaded nested.output
16:50 ippili local:
16:50 ippili nothing more is printed
16:50 gerhardqux just these three lines?
16:51 ippili nope
16:52 gerhardqux does "salt yourminion test.ping" from the master work?
16:52 zer0def joined #salt
16:52 ippili [minion@oc0644314035 ~]$ sudo salt-call -l debug cp.list_master [DEBUG   ] Reading configuration from /etc/salt/minion [DEBUG   ] Including configuration from '/etc/salt/minion.d/_schedule.conf' [DEBUG   ] Reading configuration from /etc/salt/minion.d/_schedule.conf [DEBUG   ] Using cached minion ID from /etc/salt/minion_id:  [DEBUG   ] Configuration file path: /etc/salt/minion [DEBUG   ] Reading configuration from /etc/salt/minion [
16:52 ippili yes
16:52 ippili all the command works fine
16:52 ippili but only sls is having problem since today
16:53 ippili I could send some conf file yesterday
16:53 ippili but today, all of suddent everything is failing
16:54 ippili I am loosing confidence ....
16:54 seatan joined #salt
16:56 mariusv joined #salt
17:00 iggy A. gitfs isn't exactly a "simple config"
17:00 iggy gist the full output from cp.list_master
17:06 monkeybox joined #salt
17:07 tmclaugh[work] joined #salt
17:11 tmclaugh[work] joined #salt
17:14 mpanetta_ joined #salt
17:21 jodv joined #salt
17:34 cyborgIone joined #salt
17:35 tmclaugh[work] joined #salt
17:47 linjan joined #salt
17:48 johnkeates joined #salt
17:49 linjan joined #salt
17:51 johnkeates left #salt
18:01 zer0def joined #salt
18:03 Bryson joined #salt
18:07 flyx joined #salt
18:08 |_[O_O]_| hello everyone, do external pillars abide by standard import structures? (for example if i wanted to break up an external pillar into multiple files) -- https://docs.saltstack.com/en/latest/topics/development/external_pillars.html
18:10 flyx hi folks! if I run salt serverless with salt-call, do I have a possibility to provide some password I do not want to store in a file on the command line?
18:13 SunPowered joined #salt
18:19 traph joined #salt
18:24 trph joined #salt
18:25 gerhardqux flyx: which command needs your password?
18:26 flyx gerhardqux: openssl signing a key with my root CA
18:28 gerhardqux do you mean on the salt-call commandline, similar to "test=True"?
18:32 flyx I don't know about "test=True" I call "salt-call state.apply myconfig --local --file-root=... --pillar-root=..."
18:33 flyx basically, I'm setting up a single server and cannot use another machine as master
18:33 flyx so I cannot rely on pillar being a secure storage because it also needs to be on the target machine
18:33 gerhardqux you want to encrypt the private key with a password, and limit the timeframe where the password is available on the server.
18:34 otter768 joined #salt
18:34 gerhardqux and certainly never on disc (like bash history)
18:34 gerhardqux am I correct?
18:35 flyx actually, it's the password of the root CA I need. I haven't yet decided about whether I want my private keys to be password-protected or not (probably not)
18:36 Fiber^ joined #salt
18:41 gerhardqux flyx: isn't the point of the password on the root CA, that you have to type it in interactively?
18:42 flyx gerhardqux: I use /usr/bin/expect to type it in
18:46 gerhardqux so if you don't want to type it in interactively and you don't want to store it in a file, what is your question?
18:46 gerhardqux if there is a third option?
18:47 flyx well, calling salt-call won't let me type it in interactively, at least that's what I expect
18:47 flyx therefore, I want to use expect and provide the password in the command line when calling salt-call
18:48 flyx so that it makes it somehow available as jinja variable when rendering my states so that I can pass it to my expect script
18:49 armguy joined #salt
18:50 gerhardqux you can use the pillar to store it
18:51 gerhardqux but I guess you knew that
18:51 cberndt joined #salt
18:53 flyx yes. but pillar is located on the same machine (as I run salt without master), so it's not secure to have it there
18:53 flyx I would rather use a master and just put it in pillar, but I can't because I have just one server out there
18:54 flyx and my private machine is out of the question because I don't have DynDNS or a static IP
18:55 amcorreia joined #salt
18:58 zer0def joined #salt
18:58 gerhardqux I think you can add passw=value keyword args to state.apply, that you can just access from jinja, but I never tried.
19:00 ajw0100 joined #salt
19:02 trph joined #salt
19:04 gerhardqux it might appear somewhere in a dunder dictionary
19:10 gerhardqux and you need to be careful the password doesn't get stored in salt cache dirs, logfiles, bash history, etc.
19:15 mpanetta_ joined #salt
19:34 armguy joined #salt
19:47 cliluw joined #salt
19:50 flyx I guess it would be safer to write a script around the salt-call command that queries the password from the user, writes it to pillar, executes salt-call and then removes it
19:50 flyx when the password is in pillar, salt won't cache it anywhere, would it?
19:56 slav0nic joined #salt
19:59 shiriru joined #salt
20:16 mpanetta_ joined #salt
20:26 pratikmallya joined #salt
20:37 zwi joined #salt
20:38 trapha joined #salt
20:43 sjorge joined #salt
20:43 sjorge joined #salt
20:44 catpig joined #salt
20:48 kevinquinnyo joined #salt
21:07 ajw0100 joined #salt
21:14 kevinquinnyo joined #salt
21:20 iggy flyx: tl;dr scrollback, but you can set pillar on the command line
21:21 flyx iggy: I didn't find out how yet, currently doing something else
21:21 iggy and yes, even masterless caches pillar (afaik)
21:22 iggy you could use the gpg renderer maybe?
21:25 flyx I'm thinking about just not fixing the security problem in salt, but with something else. putting pillar in an encrypted partition and only mount it when needed or something.
21:27 Ztyx joined #salt
21:28 Ztyx left #salt
21:35 iggy you'd still have this problem in a masterful setup... root can read cached pillar data from a master
21:36 quasiben joined #salt
21:39 ajw0100 joined #salt
21:54 sgargan joined #salt
21:58 sgargan joined #salt
22:00 larsfronius joined #salt
22:17 ben__ joined #salt
22:19 jalaziz joined #salt
22:23 otter768 joined #salt
22:27 moogyver whytewolf: why the apology about syndic masters? don't like them?  and i figured it wasn't really possible - we'd just have to create a custom DRAC execution module for it.
22:33 zwi joined #salt
22:36 shiriru joined #salt
22:37 sgargan joined #salt
22:48 jodv joined #salt
22:48 aparsons joined #salt
22:52 aparsons_ joined #salt
22:58 pratikmallya joined #salt
23:16 JDiPierro joined #salt
23:30 cornfeedhobo where is the preferred place to store "global" data -- stuff that many state files and templates may use
23:39 trph joined #salt
23:42 fxhp joined #salt
23:46 cornfeedhobo pillars
23:46 * cornfeedhobo disappears
23:52 pratikmallya joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary