Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-01-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 mosen joined #salt
00:13 rem5 joined #salt
00:15 mapu joined #salt
00:18 keimlink_ joined #salt
00:45 diegows joined #salt
00:46 nidr0x joined #salt
00:51 nidr0x joined #salt
00:52 ageorgop joined #salt
00:52 baweaver joined #salt
01:02 iceyao joined #salt
01:10 nidr0x joined #salt
01:13 futuredale joined #salt
01:15 futuredale joined #salt
01:25 akhter joined #salt
01:35 yomilk joined #salt
01:45 Ahlee joined #salt
01:46 Ch3LL joined #salt
01:46 diegows joined #salt
01:47 NV joined #salt
01:49 rem5 joined #salt
01:53 Fabbe joined #salt
02:03 blckbit10 joined #salt
02:06 catpigger joined #salt
02:07 quasiben joined #salt
02:12 donmichelangelo joined #salt
02:12 retr0h joined #salt
02:12 retr0h joined #salt
02:12 retr0h left #salt
02:20 TooLmaN joined #salt
02:22 qu9 joined #salt
02:32 quasiben joined #salt
02:34 kitplummer joined #salt
02:45 anmol joined #salt
02:59 anmol joined #salt
03:03 malinoff joined #salt
03:09 tstapler joined #salt
03:12 quasiben joined #salt
03:13 anmol joined #salt
03:14 akhter joined #salt
03:15 tstapler Hello!
03:17 dlam hihi
03:17 whytewolf greetings
03:20 tstapler I'm looking for some help with salt-ssh, anyone willing and able?
03:21 iggy tstapler: just ask
03:21 relicanth joined #salt
03:22 tstapler Thanks, sorry new to irc in general.  I'm trying to deploy keys to several hosts running busybox.
03:23 tstapler I'm getting back tar: invalid option -- z
03:29 tstapler Followed by the --help printout for this specific version of tar.
03:30 iggy that's probably not super well tested (if at all)
03:30 iggy is this using the archive.extracted state?
03:32 tstapler Im running salt-ssh '*' --key-deploy --passwd
03:32 tstapler Not sure if that uses the archive.extracted state. Im pretty fresh to salt
03:32 iggy ahh, hmm, yeah, I'm guessing that's a bug
03:33 tstapler Hm alright, should I report ? What I am doing is pretty non-standard. Not sure if it should be a supported use case
03:35 iggy it wouldn't hurt, if it won't take too much work, it should be fixed
03:35 racooper joined #salt
03:36 tstapler Awesome, In the meantime  manually deploying my keys is probably my best option?
03:36 iggy have you tested anything else?
03:36 iggy I'm assuming none of salt-ssh is going to work
03:37 tstapler I haven't tested anything else yet
03:37 tstapler I'll do a ping and use a password
03:37 iggy the way it works is salt collects all the code it needs, tar's it up, copies it over, unpacks it, and runs it
03:37 tstapler Ah
03:37 iggy so I'm guessing you're getting hung up at the unpack part
03:40 iggy have you made sure your busybox includes zlib?
03:41 tstapler I'll check, I'm doing this as part of a Cyber Defence Competition so my VMs are provided
03:44 tstapler Hm, I'm not sure how to check if it includes zlib.
03:44 tstapler But it does have both tar and gzip so i suppose this version of tar just doesn't support gzip.
03:45 drunksignal joined #salt
03:46 relicanth joined #salt
03:46 iggy tar help output doesn't say anything about -z?
03:47 tstapler Nope Usage: tar -[cxthvO] [-X FILE] [-T FILE] [-f TARFILE] [-C DIR] [FILE] ...
03:47 iggy odd
03:48 tstapler I imagine this box is built with some rather insane options
03:48 tstapler Will probably be easiest to figure out how to enable the -z option
03:48 tstapler And reconfigure
03:49 dyasny joined #salt
03:49 nbastin tstapler: you would have to rebuild the root
03:49 tstapler Oh alright, thanks
03:49 nbastin tstapler: if you have a busybox builder you can ltib -c and under archival utilities -> tar -> Enable -z option
03:49 iggy yeah, tar is presumably built into busybox
03:51 nbastin if you don't care about the finer points of how -z works, you can just wrap it in a script that passes it to gzip before tar
03:51 nbastin (at the cost of more ram and disk used during this process)
03:51 tstapler For the most part the VM is just simulating being an embedded system
03:52 nbastin I see it is doing that well.. :-)
03:52 tstapler The additional resource usage shouldnt be a problem
03:52 tstapler nbastin: lol indeed
03:52 k_sze[work] joined #salt
03:52 nbastin tstapler: you could just not compress the file on the source
03:53 tstapler nbastin: Is there an option built into salt-ssh to disable the compression of commands?
03:53 nbastin oh, well that I have no idea.. :-)  But I would hope
03:54 iggy not one that I know of
03:54 tstapler If not I suppose I'll create an issue
03:54 nbastin unfortunate
03:54 tstapler perhaps an alias for tar?
03:54 tstapler Not sure how salt calls tar
03:54 tstapler Where can I find the source?
03:55 nbastin tstapler: well an alias wouldn't work, but if you move tar to tar-real or something
03:55 nbastin and then wrap tar-real in "tar" that is a script
03:55 nbastin but that gets hinky pretty quickly
03:55 kevinquinnyo1 joined #salt
03:56 tstapler ill try it out for science lol
03:56 tstapler and report my findings
03:56 tstapler thanks for all the help everyone!
03:56 nbastin it'll work fine for basic use cases, the "hinky" bits are when you need tar to accept input from stdio and streams and such
03:56 nbastin you can make a script wrap that right, but it's much more involved
03:57 dyasny joined #salt
03:57 tstapler hmm
03:58 tstapler I suppose opening an issue it is
04:00 relicanth joined #salt
04:01 yomilk joined #salt
04:01 hightekvagabond joined #salt
04:02 hightekvagabond joined #salt
04:02 iggy if nothing else it should lead to doc additions that the tar util needs to support the -z flag
04:03 yomilk joined #salt
04:06 ajw0100 joined #salt
04:08 NV joined #salt
04:09 Guest37097 joined #salt
04:10 kawa2014 joined #salt
04:11 moogyver joined #salt
04:11 ramteid joined #salt
04:13 evle joined #salt
04:14 bhosmer joined #salt
04:16 relicanth joined #salt
04:17 dhdh joined #salt
04:18 dhdh can I require a module run and return true in a state? I want to make a state to reload a service only after module nginx.configtest returns true.
04:19 yomilk joined #salt
04:20 relicanth joined #salt
04:23 rdas joined #salt
04:26 yomilk joined #salt
04:30 dhdh hm guess it just goes in a state and i require that state
04:38 relicanth joined #salt
04:47 drunksignal joined #salt
04:59 yomilk joined #salt
05:02 yomilk joined #salt
05:03 linjan joined #salt
05:09 bhosmer_ joined #salt
05:10 blckbit10 joined #salt
05:14 ageorgop joined #salt
05:18 yomilk joined #salt
05:23 yomilk joined #salt
05:30 yomilk joined #salt
05:47 iggy prereq?
05:47 drunksignal joined #salt
05:56 rotbeard joined #salt
05:56 calvinh joined #salt
06:01 Zachary_DuBois joined #salt
06:02 brianfeister joined #salt
06:02 zer0def joined #salt
06:03 bhosmer joined #salt
06:06 yomilk joined #salt
06:08 ageorgop joined #salt
06:12 scarcry joined #salt
06:14 scarcry joined #salt
06:43 jamesp9 joined #salt
06:52 shiriru joined #salt
06:53 anmol joined #salt
06:57 bhosmer joined #salt
07:00 akhter joined #salt
07:10 JTeatime joined #salt
07:10 blckbit10 joined #salt
07:27 felskrone joined #salt
07:40 rubendv joined #salt
07:40 rubendv joined #salt
07:50 linjan joined #salt
07:50 drunksignal joined #salt
07:52 bhosmer joined #salt
07:55 colttt joined #salt
07:55 federicob joined #salt
07:55 KermitTheFragger joined #salt
07:57 AirOnSkin joined #salt
07:58 mattiasr joined #salt
07:59 dgutu joined #salt
08:00 colegatron joined #salt
08:04 elsmo joined #salt
08:09 impi joined #salt
08:11 joe1234 joined #salt
08:11 Rumbles joined #salt
08:13 joe1234 good day, i tried a little search about dns server management for A/D and found only dnscmd options to use it in powershell script, is there already a saltstack formular for remote management like update, test, delete aso. maybe i overread it in the docs
08:19 viq joined #salt
08:26 om joe1234: It seems that dnscmd is your best bet afaik
08:26 om https://github.com/saltstack/salt/issues/8521
08:26 saltstackbot [#8521]title: Active Directory Service Integration / Improvements | As requested by @basepi in https://github.com/saltstack/salt/issues/8119, I'm re-opening this issue as a feature request....
08:26 om Hi all
08:27 zerthimon joined #salt
08:28 om I am trying to figure out the best method to make salt states run through a series of pillar files that are dynamically generated and added to salt-master by a frontend platform
08:29 om so that highstate runs for that config to run on a new minion
08:30 joe1234 thanks om exactly what i found but it was from 2013 so i thought this might have any changes already... but yes i thought to go this way .... you got a lil ps script as example for this somehow ? i am just starting up
08:30 om this might sound elementary, but I need separate pillar files for each new minion
08:32 om joe1234: no I don't really
08:33 av_ joined #salt
08:33 joe1234 om, why you dont use hostname in your pillar files ? and do greps on this files so you can easily find or create file to the appropriate hosts ... but i am new to this so just an idea if i understoud what you need
08:34 felskrone joined #salt
08:34 wksw joined #salt
08:34 om grep wouldn't be the best
08:34 wksw joined #salt
08:35 slav0nic joined #salt
08:35 om the PaaS frontend (ideally) would create a pillar file for each customer minion (which is a dedicated VPS for the PaaS customer)
08:35 blckbit10 joined #salt
08:36 om otherwise, would be quite complex for the PaaS frontend to generate the pillar file for all VPS every time.
08:36 om I think I answered my own question....
08:36 om use include
08:36 om https://docs.saltstack.com/en/latest/topics/pillar/
08:37 wksw how to make salt excute more fast
08:38 om so create pillars in that state pillar and have init.sls for that pillar state include '*' the file in that pillar :p
08:38 om wksw: that is not very specific
08:39 om however, you can run high state but only on the minions you need to run it on
08:41 om is it possible to do include: *.sls inside a pillar directory?
08:42 om I see this
08:42 om https://groups.google.com/forum/#!topic/salt-users/QoYkSwyENiI
08:44 babilen om: Salt will merge pillars "smartly", so your problem essentially boils down to pillar organisation and targeting. But then, why do you need multiple files anyway?
08:45 om to keep it clean
08:45 jeddi joined #salt
08:45 om each customer has entries in a DB with uid and all
08:46 bhosmer joined #salt
08:46 om the idea is each customer will have a VPS and a pillar file
08:46 om makes it easier to manage
08:46 om
08:47 babilen Sure, but why the need for multiple files?
08:47 om so if VPS101 is the uid and pillar filename is VPS101.sls, the high state run would run on the specific minion VPS101
08:48 babilen The highstate runs on the minions on which you run it
08:48 om each time a new customer joins via the Frontend GUI site, the account generates pillar date
08:48 babilen (and given that they should be idempotent you could run them on all minions all the time)
08:48 om data...
08:48 om of course
08:48 om that's not the issue
08:49 om I just don't want to have one pillar file for all customers
08:49 om it's harder to manage and debug if anything goes wrong right?
08:49 om what do you mean by Salt will merge pillars "smartly"'
08:50 babilen That's perfectly fine .. I organise pillars semantically (per service typically which might be a larger service such as "website example.com" and include configuration for DBs, LBs, ...)
08:51 babilen om: If you have a pillar with {'a': 1} and another with {'b': 2} and target both to your minion the pillar the minion sees will be {'a': 1, 'b': 2}
08:51 om currently, I organize pillars per state
08:51 babilen The "smartly" comes into play if you have nested pillars and collections in there. The merging strategy is discussed in https://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-source-merging-strategy
08:52 akhter joined #salt
08:53 om hmm...
08:53 om cool
08:53 babilen That enables you to split pillars semantically into meaningful blocks and just target them to your minions. If you want overrides or additions you just target more specific pillars also ..
08:53 om but not exactly what I am looking for
08:54 impi joined #salt
08:55 babilen So, for example, I typically "compose" the 'users' pillar. So, if a customer has something called "Product A" (say a Python WSGI application) we have a product_a.sls pillar in which I also have a "users: ..." bit if that application requires a specific user.
08:55 om babilen: perhaps this is the key/clue to what I need:  "a little Jinja and the file.readdir module you can loop over the contents of a directory and dynamically include them."
08:55 om ah I see
08:56 babilen In the end *you* would simply target your generic pillars to all applicable minions and then have, per minion, overrides/additions/customisations/... in another, generated, pillar minion_id.sls. As salt merges all dictionaries that are being targeted to it you don't have to include pillars from pillars or anything.
08:57 babilen The question now is: How to include those "minion specific" pillars? And the strategy you just mentioned is one way.
08:57 ramteid joined #salt
08:58 om babilen: problem with your method is privacy and security
08:59 om these are separate VPS for each separate customer
08:59 babilen And .. it sounded as if you generate those pillars dynamically from another datasource to begin with. If there is already an external pillar for that datasource (cf. https://docs.saltstack.com/en/latest/ref/pillar/all/ ) you could just reference it directly.
08:59 babilen Why is that a problem?
08:59 om pillar data on each VPS should only be pertinent to that VPS and customer
08:59 babilen Sure, that is why you target private data to *only* that minion / customer.
09:01 babilen It's all in the targeting. Generic pillars are targeted to everything, pillars of customer A are only targeted to minions of that customer and minion specific pillars are targeted to a single minion
09:01 om nice!
09:01 om cmd_yaml
09:01 babilen The resulting datastructure (a Python dictionary) is the result of the smart merging of all these individually targeted ones
09:02 om this is very powerful!  https://docs.saltstack.com/en/latest/ref/pillar/all/
09:02 om thanks
09:02 babilen It is indeed
09:02 babilen pillars are, in the end, simply Python dictionaries that are specific to one minion.
09:03 om babilen: I am in analysis stage for this PaaS
09:03 babilen How they are being constructed is entirely up to you and external pillars allow you to take full control of that.
09:03 babilen You could even write your own external pillar that reads the data from whatever backend datasource you have and munge it in whatever way you deem best.
09:04 babilen The result at the end is simply a dictionary. How you get there is entirely up to you.
09:04 babilen (and YAML is just an implementation detail of the 'default' case for pillars)
09:05 om them mysql module for pillars is perfect!
09:06 jeddi babilen: thank you for this .. hadn't noted that we can merge pillars .. not quite at the stage where I need too much sophistication, but great to hear about the way you're handling it.   few systems seem to handle two-way dependencies / hierarchies elegantly.
09:06 babilen :)
09:06 amcorreia joined #salt
09:08 om babilen: so essentially, I can have mysql db entries for specific PaaS users, and target the minion(s) of with that data as pillars.
09:08 om sick!
09:09 om this is better than what I thought!
09:10 om and backup this data as yaml or json from the db entries
09:10 impi joined #salt
09:11 babilen You got it :)
09:16 vkngpmhc joined #salt
09:18 Rumbles joined #salt
09:26 brianfeister joined #salt
09:28 s_kunk joined #salt
09:30 vkngpmhc joined #salt
09:31 LondonAppDev joined #salt
09:40 bhosmer joined #salt
09:40 GreatSnoopy joined #salt
09:43 keimlink joined #salt
09:46 jhauser joined #salt
09:48 wksw joined #salt
09:52 drunksignal joined #salt
09:53 keimlink joined #salt
09:56 yomilk joined #salt
09:57 Rumbles joined #salt
09:59 traph joined #salt
10:06 denys joined #salt
10:07 s_kunk_ joined #salt
10:10 s_kunk joined #salt
10:14 Andre-B joined #salt
10:29 giantlock joined #salt
10:38 lovecraftian joined #salt
10:38 lovecraftian joined #salt
10:38 wksw joined #salt
10:41 wksw why in version 2015 ""test.successed.without.changs" is not available
10:43 izrail joined #salt
10:43 wksw who know
10:43 babilen It is test.succeed_without_changes
10:45 wksw ok i will try  thank you
10:47 rdas joined #salt
10:48 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html#salt.states.test.succeed_without_changes
10:50 wksw thank you
10:52 fredvd joined #salt
10:53 drunksignal joined #salt
10:53 kitplummer joined #salt
11:02 jespada joined #salt
11:15 brianfeister joined #salt
11:15 fuzzy_id joined #salt
11:17 riftman joined #salt
11:18 JTeatime Anyone have an example of a realistic, complete salt config
11:18 JTeatime like if you publish your site's salt config to git hub, can you link me
11:27 job you can take a look at https://github.com/NLNOG/ring-salt
11:27 job but it doesnt cover everything about system administration
11:28 bhosmer joined #salt
11:31 JTeatime ah, this definitely helps
11:32 job no prob
11:41 ilbot3 joined #salt
11:41 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.3 | Paid support available for open source Salt! www.saltstack.com/support | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
11:42 colegatron joined #salt
11:44 viq joined #salt
11:48 AndreasLutro VSpike: we do, but they don't interact at all - terraform spawns an instance, cloud-init does initial provisioning, the instance connects to the salt master
11:50 VSpike AndreasLutro: This being cloud-init https://cloudinit.readthedocs.org/en/latest/ ? Not come across that before
11:54 drunksignal joined #salt
11:54 JTeatime it's widely used, but sadly under-documented
11:54 JTeatime it's really useful too, but the [lack of] docs are killing me
12:00 AndreasLutro doesn't really matter if you use cloud-init or something else, the point is salt doesn't come into the process until terraform is done with its job
12:02 quasiben joined #salt
12:03 jespada joined #salt
12:04 bluenemo joined #salt
12:05 iceyao joined #salt
12:05 VSpike AndreasLutro: yep, I understand that. Was just curious about a tool I'd not heard of :)
12:06 VSpike Presumably you could use the salt bootstrapper just as well
12:07 JTeatime cloud-init is really useful for 1) things that need to happen before even a low-level bootstrap can be run, like getting enough networking/usercreds stuff configured so that your boostrapper can connect for example, and 2) already used by a lot of cloud images to do stuff that always needs to happen once when an image is cloned, e.g. re-gen'ing SSH host keys
12:08 JTeatime it can also be the thing that launches your bootstrap
12:08 VSpike Hm, interesting. When you launch an AWS ubuntu AMI on EC2, does it use that already to generate the keys and so on?
12:09 JTeatime probably; I'm not sure about EC2
12:14 Andre-B_ joined #salt
12:16 anmol joined #salt
12:17 mephx joined #salt
12:19 yomilk joined #salt
12:23 BhavyaM joined #salt
12:28 akhter joined #salt
12:32 yomilk joined #salt
12:54 CeBe joined #salt
12:55 drunksignal joined #salt
12:59 teryx510 joined #salt
13:02 spaceSub Is there a way to pass custom libvirt xml templates to the virt runner. The default ones are.. not really great.
13:04 spaceSub No tty attached, but vnc listening to 0.0.0.0 w/o password.
13:04 brianfeister joined #salt
13:04 akhter joined #salt
13:07 spaceSub Not saying that's batshit crazy, but..
13:08 fredvd joined #salt
13:12 lothiraldan joined #salt
13:14 drunksignal joined #salt
13:17 bhosmer joined #salt
13:19 kawa2014 joined #salt
13:21 giantlock joined #salt
13:21 jessexoc joined #salt
13:28 DammitJim joined #salt
13:29 zerthimon what can be a problem if a module fails to overload ?
13:30 zerthimon works fine when copied inside /usr/lib/python2.7/dist-packages/salt/modules
13:30 zerthimon doesn't work from /var/cache/salt/minion/extmods/modules/
13:31 zerthimon the original module still runs instead of custom one
13:34 ponpanderer joined #salt
13:47 TooLmaN joined #salt
13:51 rm_jorge joined #salt
13:55 dgutu joined #salt
13:56 lompik joined #salt
13:56 agend joined #salt
14:03 spiette joined #salt
14:04 L2SHO_ joined #salt
14:07 yomilk joined #salt
14:10 Ahlee joined #salt
14:10 rm_jorge cri cri
14:10 rm_jorge wrong window .(
14:15 numkem joined #salt
14:17 t0nyhays joined #salt
14:18 t0nyhays Just starting to play around with pepa.  Any way to use gitfs to hold the yaml for this pillar?
14:28 mpanetta joined #salt
14:28 deniszh joined #salt
14:34 fredvd joined #salt
14:36 Andy_____ joined #salt
14:37 Andy_____ Hi all.
14:37 Andy_____ Having an issue with state.apply on debian 8.
14:37 Andy_____ getting 'state.apply' is not available.
14:37 anmol joined #salt
14:37 Andy_____ using the official repo (version 2015.8.3)
14:38 perfectsine joined #salt
14:40 hasues joined #salt
14:40 hasues left #salt
14:44 racooper joined #salt
14:45 Andy_____ Nevermind. The minion was running official debian salt-minion package (2014.x). Upgrading to salt repo fixed it.
14:45 Andy_____ </embarrasement>
14:46 Tyrm joined #salt
14:48 gh34 joined #salt
14:48 impi joined #salt
14:53 brianfeister joined #salt
14:58 ALLmightySPIFF joined #salt
14:58 losh joined #salt
15:02 kaptk2 joined #salt
15:03 amcorreia joined #salt
15:05 andrew_v joined #salt
15:05 bhosmer joined #salt
15:05 cyborg-one joined #salt
15:07 yomilk joined #salt
15:08 zmalone joined #salt
15:11 jessexoc joined #salt
15:11 yomilk joined #salt
15:13 mapu joined #salt
15:13 Fiber^ joined #salt
15:13 hasues joined #salt
15:13 anmol joined #salt
15:14 hasues left #salt
15:14 Brew1 joined #salt
15:20 edrocks joined #salt
15:23 kawa2014 joined #salt
15:29 deus_ex joined #salt
15:35 ekristen joined #salt
15:38 chiui joined #salt
15:40 saltyswede joined #salt
15:42 DammitJim joined #salt
15:43 hasues joined #salt
15:43 hasues left #salt
15:49 rominf joined #salt
15:49 lovecraftian joined #salt
15:49 lovecraftian joined #salt
15:51 zerthimon is there any way providing parameters to the state from command line, other than specifying a pillar dict  ?
15:53 KennethWilke joined #salt
15:59 Rumbles joined #salt
16:00 bhosmer joined #salt
16:03 dhdh joined #salt
16:09 blckbit10 joined #salt
16:12 _JZ_ joined #salt
16:12 yomilk joined #salt
16:16 ALLmightySPIFF joined #salt
16:18 _JZ_ joined #salt
16:20 kevinquinnyo1 joined #salt
16:23 treaki_ joined #salt
16:28 sroegner joined #salt
16:29 LondonAppDev How can I add a supervisor config and do reread and reload with a salt formula?
16:31 LondonAppDev Ah think I figured it.
16:32 jfindlay zerthimon: are you running state.apply?
16:32 mohae joined #salt
16:33 zerthimon jfindlay: doing salt-call state.sls
16:34 jfindlay zerthimon: not that I know of
16:34 jfindlay you can with state.single
16:35 jfindlay you can always provide pillar data on the command line
16:35 murrdoc joined #salt
16:36 zerthimon jfindlay: state.single... aha, maybe that's what I sould do
16:38 tstapler_ joined #salt
16:39 tstapler_ im running a salt-ssh test.ping for several busybox machines
16:39 tstapler_ some return True as expected
16:39 zerthimon jfindlay: hmm I need to apply a whole sls file paramterized, state.single will not do it for me, right ?
16:40 tstapler_ others exit with an IOError: [Errno 21] Is a directory: '/var/log/salt/minion'
16:40 jfindlay zerthimon: right
16:41 SmokeBeast joined #salt
16:41 SmokeBeast Good morning.  I am wonder how to get the /etc/salt/minion file updated using salt-ssh.
16:41 brianfeister joined #salt
16:43 SmokeBeast basically.. I want to update the /etc/salt/minion file on a minion with the masters IP address using salt-ssh.
16:43 SmokeBeast I have created an entry for the minion in the roster file on the master.
16:47 zerthimon jfindlay: Thanks for your answers, I'ma use a pillar dict as a parameter
16:54 bhosmer joined #salt
16:54 geekatcmu left #salt
16:56 dgutu joined #salt
16:57 cberndt joined #salt
16:57 blckbit10 joined #salt
16:58 SmokeBeast Anyone have an idea how to update the /etc/salt/minion file on a minion to point ot the master??
16:58 SmokeBeast Using salt-ssh.
17:01 pviktori joined #salt
17:01 jfindlay zerthimon: no problem
17:02 jfindlay SmokeBeast: you can use file.managed on that file, that's what I do
17:03 ingslovak joined #salt
17:04 impi joined #salt
17:05 JTeatime any estimate/plans for the next release date?
17:06 murrdoc 2weeks
17:07 jfindlay JTeatime: you mean Boron?
17:08 jfindlay the Boron release is anticipated to happen in March
17:08 JTeatime whatever the next stable version will be... 2016.________
17:08 JTeatime will I run into pain trying to use a salt-cloud provider from develop, on current stable?
17:09 jfindlay I'm not sure, probably not
17:10 jfindlay salt-cloud has been reasonably stable
17:10 Bryson joined #salt
17:15 onlyaneg1 joined #salt
17:18 ageorgop joined #salt
17:27 nethershaw joined #salt
17:32 wendall911 joined #salt
17:33 dlam joined #salt
17:37 KyleG joined #salt
17:37 KyleG joined #salt
17:37 writtenoff joined #salt
17:38 moogyver joined #salt
17:39 jor_ joined #salt
17:41 colegatron joined #salt
17:48 bhosmer_ joined #salt
17:48 QuisaZaderak joined #salt
17:53 mcfallen joined #salt
17:55 mcfallen Do I absolutely need the file_roots: line in my top.sls?
17:55 norii JTeatime: generally good to avoid but if your cloud provider is only develop then not much choice really
17:55 norii in develop..*
17:56 mcfallen https://docs.saltstack.com/en/latest/ref/states/top.html has to examples
17:56 moogyver file_roots: goes in your master config
17:56 moogyver not in the top.sls
17:57 mcfallen you mean in /etc/salt/master ?
17:57 moogyver yea
17:57 mcfallen thanks!
17:58 zmalone well, maybe /etc/salt/master, if you use the conf.d format, it'll be somewhere else
17:58 mcfallen sure. the doc is probably outdated . . .
17:58 moogyver sure - which is why i said master config, but mcfallen you'll want to check /etc/salt/master or /etc/salt/master.d/*
17:59 moogyver by default, it's in /etc/salt/master.  using /etc/salt/master.d is optional
18:00 mcfallen yes thanks. I have /etc/salt/master
18:00 mcfallen I'm just starting to learn salt, obviously.
18:00 giantlock joined #salt
18:01 mcfallen so if I set file_roots: and base in /etc  do I not want to have a top.sls in /srv/salt ?
18:02 mcfallen i.e. does the master config become the "root" top.sls in effect?
18:02 moogyver so file_roots is just describing where the fileserver is and what environments there are ( in the fileserver ).  you still need a top.sls file in whatever directory you're specifying in file_roots as base.
18:03 moogyver top.sls controls the targetting of what hosts get what states ( or in pillar's case, what pillar data )
18:03 moogyver file_roots is just describing the layout of the fileserver.
18:04 mcfallen nice. thanks.
18:05 moogyver so in that doc you linked, file_roots is saying the base environment is in /srv/salt.  then in /srv/salt/top.sls, you'd have that 'base: '*' stanza, which is saying 'all hosts get these state files'
18:05 moogyver you don't really *need* the top.sls if you're not using states and just want to use the fileserver for scripts/downloading files and such.  but it's necessary for the state stuff.
18:06 norii oh weird i never thought of using salt like a fileserver only
18:07 mcfallen gotha
18:07 mcfallen gotcha too
18:08 mcfallen I'm using salt in my home network for now so I don't have environments
18:08 writtenoff joined #salt
18:08 mcfallen just a bunch of Linux VMs of various flavors
18:09 racooper joined #salt
18:10 moogyver norii - we don't use states at all, so instead it's mostly a fileserve for us to host scripts and other various things
18:11 norii interesting. do you use another conf mgmt tool or did you just already had everything already in bash scripts moogyver?
18:11 zsoftich1 joined #salt
18:11 moogyver norii - chef.
18:12 norii i always waver back and forth between doing everything in shell scripts or using a dsl
18:12 norii nice
18:12 norii thats an interesting approach to getting salt in the door
18:12 moogyver political reasons.  one of the downsides at working at a large place.  always so much politics.
18:12 norii we have puppet in my shop now but i would love to move to salt
18:13 yomilk joined #salt
18:13 norii but everyone here seems to think ansible is a forgone conclusion and i am not sure why
18:13 moogyver salt is replacing our existing remote execution tool ( which isn't chef ) and our orchestration for provisioning bare metal systems
18:13 norii so i am going to present salt to the team and hopefully get some buy in
18:13 mephx joined #salt
18:14 moogyver ansible is good, it's simpler to setup, but it starts falling down at scale.  also, some of the neater things you can do in salt ( like reactors ), require enterprise ansible and ansible tower.
18:14 norii moogyver: thats good to know. we use ansible mostly for app deployement orchestration, if that makes any sense
18:14 norii exactly
18:14 norii good to know salt can handle those takss too
18:15 JTeatime do I remember right, that saltstack doesn't have any 'enterprise-only' components, like ansible and puppet do?
18:15 norii salt-mine and reactors are really amazing, which ive barely touched, but mostly i really love using jinja over erb for templating
18:15 moogyver JTeatime - it does ( or it will ).
18:15 JTeatime ah, alas
18:16 moogyver JTeatime : http://saltstack.com/enterprise/
18:16 moogyver norii - i just like that it's python over ruby. :)
18:17 sjmh need to match up my irc handle to my github, causes too much confusion when discussing issues
18:17 norii sjmh: that too is a huge factor
18:18 jfindlay JTeatime: that is correct.  The enterprise product we're working on is a separate project
18:18 jfindlay the original salt codebase and concept is intended to be completely open
18:19 t0nyhays anyone have any ideas if you can use gitfs with pepa?
18:20 dlam is there a way to get it to show the output when salt-call does a `apt-get install` or `apt-get output`?  (i just wanna get feedback its doing stuff cuz it takes long time)
18:22 jfindlay dlam: there's use_vt, https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.run
18:22 jfindlay or you could watch the log
18:24 zer0def uh, i'm going to ask a dumb question - is there a reason for which modules and states for glance, keystone and neutron aren't served through official apt repos, yet still exist in the pypi tarball?
18:25 jfindlay zer0def: what do you mean by the official apt repos?
18:25 zer0def by definitions of this: https://docs.saltstack.com/en/latest/topics/installation/ubuntu.html - the official one, not Joe's PPA
18:26 zer0def oversimplified the statement by stating "Joe's PPA"
18:26 jfindlay hmm, if you're comparing the pypi archive to the packages of the same release version, they should have the same contents
18:27 zer0def ok, let me just retry with a fresh ubuntu 14.04 and get back with a diff
18:27 jfindlay zer0def: if you can confirm that there are modules missing in the ubuntu packages that are in the equivalent pypi archive, then you should file a bug at https://github.com/saltstack/salt-pack/issues/new
18:29 QuisaZaderak joined #salt
18:29 Ashald hi guys
18:29 Ashald I ran into issues with rest_cherrypy backend for API
18:30 Ashald it times out incoming calls if processing them takes more than 5 mins
18:30 Ashald and decided to try rest_tornado
18:30 brianfeister joined #salt
18:30 Ashald but so far the only thing I was able to get form it is 2016-01-25 13:30:34,096 [tornado.access   ][WARNING ][14137] 400 POST /login (A.B.C.D) 0.93ms
18:31 Ashald using the same settings as for rest_cherrypy
18:31 Ashald anyone had such an issue before?
18:31 Ashald I'm using pepper client
18:31 sfz- joined #salt
18:32 deniszh joined #salt
18:33 aron_kexp joined #salt
18:34 XenophonF is there a way to tell a git.latest state to perform a recursive clone?
18:35 jfindlay Ashald: I have limited experience with salt-api, but you could try to ping Seth one way or another.  You might consider filing an issue on the pepper repo
18:36 jfindlay XenophonF: you mean to update submodules?
18:37 jfindlay `git submodule update --recursive?`
18:37 denys joined #salt
18:39 zer0def jfindlay: ok, i might've gotten overhyped, just ran a diff and it returned nothing… so i guess the docu might be in need of regeneration
18:39 zer0def no biggie, though
18:39 XenophonF i think so, jfindlay - deployment instructions say to use `git clone --recursive ...`
18:40 jfindlay zer0def: thanks.  We've had documentation issues recently, I'll ping our docs guy
18:42 jfindlay zer0def: what version?
18:42 zer0def jfindlay: latest, 2015.8.3
18:42 zer0def well, latest stable*
18:42 bhosmer_ joined #salt
18:43 mapu joined #salt
18:43 Rumbles joined #salt
18:44 jfindlay XenophonF: if you pass `submodules: true` to git.latest, that seems to trigger the `--recursive` flag, but I haven't used it
18:44 XenophonF i guess i can run `git submodule update` separately
18:44 grumm_servire joined #salt
18:44 XenophonF ah thanks jfindlay, let me try that
18:45 XenophonF should have RTFSed first ;)
18:46 ajw0100 joined #salt
18:46 losh joined #salt
18:47 jfindlay no problem
18:47 blckbit10 joined #salt
18:49 QuisaZaderak joined #salt
18:50 wryfi_ is there a convenient way to do a dns lookup inside of a state?
18:50 ageorgop joined #salt
18:50 wryfi_ i have a file that requires an ip address, but i don't want to hard-code it
18:51 jfindlay wryfi_: the easiest thing would be to use jinja
18:51 wryfi_ i am using jinja.
18:53 jfindlay the closest thing I can find is network.dig
18:53 jfindlay there's got to be something better than that :-)
18:53 jfindlay or should be
18:55 jfindlay zer0def: would you mind filing a bug on that doc issue you found?
18:55 Crazy67 joined #salt
18:58 drawsmcgraw joined #salt
18:58 edrocks joined #salt
19:00 baweaver joined #salt
19:01 tstapler_ I'm getting an error when running salt-ssh on certain busy-box hosts
19:02 tstapler_ https://gist.github.com/anonymous/f61b62221f75acb05f0e
19:03 tstapler_ I'm not sure if I'm just missing some configuration or a quirk of busybox
19:03 tstapler_ but I have several other  busybox hosts which work but run a different version of busy box
19:03 jfindlay tstapler_: does the problem happen consistently?
19:04 tstapler_ Yes
19:04 tstapler_ Every time i try to ping it
19:06 bja_ joined #salt
19:07 bja_ is there a salt module or other mechanism for logging a messaging during state render?
19:07 bja_ or rather, during template render
19:07 bja_ something that the person running a highstate might see
19:11 baweaver joined #salt
19:13 linjan joined #salt
19:19 zer0def jfindlay: to which repo should i submit it?
19:19 zer0def inb4 "to the main 'salt' one"
19:19 jfindlay zer0def: yes
19:20 jfindlay thanks
19:20 zer0def my pleasure
19:21 cpowell joined #salt
19:23 GreatSnoopy joined #salt
19:23 robertsonai joined #salt
19:24 tstapler_ @jfindlay: After some additional probing it seems like the affected minions
19:24 tstapler_ are missing directories. All the minions that work have more salt directories
19:29 zer0def jfindlay: funnily enough, i haven't thought about just substituting the state module name - apparently the docu is generated, just not indexed in the list of builtin states; regardless, filing a bug now
19:30 wryfi_ hmm, jfindlay i also found salt.modules.dnsutil
19:31 wryfi_ is there some way to call that in jinja?
19:31 baweaver joined #salt
19:31 wryfi_ i tried {{ salt['modules.dnsutil.A']('hostname.foo.com') }}
19:32 wryfi_ but that failed with: Unable to manage file: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'modules.dnsutil.A'
19:33 baweaver joined #salt
19:33 jfindlay wryfi_: `{% set IP_addr = salt['dnsutil.A']('hostname.foo.com') %}`
19:34 jfindlay and then later `master: {{ IP_addr }}` or whatever
19:34 wryfi_ ah, let me try that. thanks!
19:34 jfindlay in jinja the `salt` dictionary offers exec module funcs just like the CLI
19:36 BhavyaM joined #salt
19:36 Brew1 joined #salt
19:37 bhosmer_ joined #salt
19:37 Brew1 joined #salt
19:38 jgarr joined #salt
19:39 Guest91149 joined #salt
19:39 jgarr Does someone have a way to clean salt minion certs through the salt-api (or something similar) when they rebuild hosts? I'm looking for a script or some way to clean the cert during anaconda
19:41 giantlock joined #salt
19:42 brianfeister joined #salt
19:44 hal58th joined #salt
19:47 baweaver joined #salt
19:47 hightekvagabond joined #salt
19:48 jgarr looks like this should be pretty easy to do in cobbler post install trigger. Now just trying to figure out if there's an easy way to clean it with salt-api
19:49 ido_ joined #salt
19:50 akhter joined #salt
19:52 Guest24515 Hi, I'm trying to use the user module to create users. I want to use uid 0 and gid 0 (root) and It's not working. Is someone one help me please?
19:53 jgarr Guest24515: you won't be able to create a user with uid/gid 0 because it's already taken
19:53 jgarr or are you trying to modify the root user?
19:55 Guest24515 I'm trying to create another root user with different name.
19:56 Guest24515 I understand that it's by design that I cannot do it?
19:57 jgarr correct. the root user already exists so I'm not sure how you would do that. Things would likely break if you changed the name
19:57 jgarr lots of things in linux just assume there is a user with uid 0 named root
19:57 zmalone jgarr: on some platforms, you can have multiple users defined with the same uid
19:57 babilen root is root is the user with uid 0
19:57 zmalone it's ugly, but I've seen places where people do it to not have a single shared root account, but avoid sudo/su
19:57 babilen Yeah, you can do it
19:58 babilen Guest24515: What are you actually trying to achieve?
19:58 mpanetta That sounds horribly insecure...
19:58 jgarr we have uid overlap with local and ldap accounts. but that also causes problems.
19:58 zmalone permissions behavior gets crazy though, and the behavior of what username to stick on things with uid 0 as owner is undefined and erratic
19:58 ajw0100 joined #salt
19:58 s_kunk joined #salt
19:58 s_kunk joined #salt
19:58 jgarr I echo babilen, what are you trying to do, there's probably a different way
19:58 zmalone oh, it's terrible, and shouldn't be done
19:58 babilen The important part if the uid, not the name .. but then *some* tools might behave differently
19:59 mpanetta Yeah don't quite get the point of having 2 accounts with UID==0
19:59 mpanetta They are basically the same accoun
19:59 mpanetta t
19:59 mpanetta but with different logins...
19:59 zmalone I agree babilen, but many tools try to show name instead of uid, so an ls -l might show the first match in /etc/passwd, and might show the last
20:00 babilen indeed
20:01 |Fiber^| joined #salt
20:01 zmalone mpanetta: different passwords too, but it's all undone by the unpredictable logging that results
20:01 mpanetta zmalone: Yeah
20:02 t0nyhays left #salt
20:02 zmalone but when you are just trying to check a box on a security audit, some people get weird trying to match the letter of a requirement but not the spirit
20:02 om zmalone:   you can avoid sudo/su by adding the appropriate user entry in /etc/sudoers or /etc/sudoers.d/xyzuser
20:02 om I believe there is a salt state/module for sudoers
20:02 om haven't use it yet
20:03 Guest24515 The idea is to have a user with full permissions (like root) with the same password on all the servers.
20:03 mpanetta bleh
20:03 babilen Just configure sudo
20:03 mpanetta yeah
20:03 babilen (passwordless if you insist)
20:03 Guest24515 It can be done using -  "useradd -ou 0 -g 0 user"
20:04 om yea
20:04 Guest24515 Yes... I don't want to use sudo
20:04 om passwordless
20:04 zerthimon what is the command to sync custom modules ?
20:04 om but still need to type in the 4 letter word
20:04 mpanetta I hope none of these boxes are on the internet :P
20:04 babilen Many things can be done, but I would consider that a rather unusual and controversial way of achieving something that is, IMHO, much better achieved by configuring sudo
20:05 elsmo joined #salt
20:05 om mpanetta: probably uncabled and powered down :)
20:05 zerthimon salt '*' saltutil.refresh_modules ?
20:05 mpanetta om: That would be the only way to truly secure a computer with no root password :P
20:05 babilen zerthimon: saltutil.sync_modules -- https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_modules
20:06 om :D
20:06 zerthimon babilen: thanks!
20:06 dlam hey is there a place that lists all the stuff/syntax you can use in a - require: ?
20:06 tracphil_ joined #salt
20:07 GrueMaster joined #salt
20:08 jaybocc2 joined #salt
20:08 om any state resource perhaps dlam ?
20:08 om https://docs.saltstack.com/en/latest/ref/states/requisites.html
20:08 Guest24515 Is there an easy way to edit the user module so I will be able to create a user with uid and gid 0?
20:09 babilen Guest24515: You could just run the command with cmd.run -- but then, what is the actual error you run into?
20:09 om Guest24515: does it fail/prevent you from using - uid: and - gid:  ?
20:09 om not sure
20:09 babilen hmm .. not sure I want to support that
20:10 babilen It.feels.so.wrong
20:11 dyasny joined #salt
20:11 om it feels like someone will end up with several users with the same uid
20:11 om xD
20:11 heaje joined #salt
20:11 mpanetta Sounds like cats and dogs will be living together
20:11 mpanetta And there will be mass hysteria :P
20:11 zmalone babilen: It's an acceptable approach on a lot of platforms, and used to be very common
20:11 zmalone https://en.wikipedia.org/wiki/Toor_(Unix)
20:11 saltstackbot [WIKIPEDIA] Toor (Unix) | "Toor, the word "root" spelled backwards, is an alternative superuser account in Unix-like operating systems, particularly BSD and variants...."
20:11 om but the birds will be eaten
20:11 JTeatime I wish more tools allowed settings a uid/gid for non-existent users/groups but permitted pre-existing ones to not match
20:11 zmalone doesn't mean it's modern, but it is something a lot of places fo
20:11 babilen zmalone: I am aware of toor
20:12 babilen zmalone: But this is Linux and not BSD
20:13 Guest24515 it's failed - Failed to create new user ....
20:13 om JTeatime: it's tea time indeed.  I think that's the case
20:13 mpanetta babilen: Not only that, the times are different, security practices are different...
20:13 babilen Well, sure you can do it, but I like to adhere to the principle of least surprise. There are "natural" solutions that other admins/users will immediately understand and then solutions that will feel weird, out of place or are simply surprising
20:13 om Guest24515: yea, I had forgotten about that little safety net
20:13 JTeatime om: oh, it is?
20:13 yomilk joined #salt
20:13 Guest24515 I thought to run "cmd.run" but i want the hash the password.
20:13 babilen Guest24515: What is the error you get?
20:14 keimlink joined #salt
20:15 Guest24515 babilen:  Failed to create new user ...
20:16 om safety net
20:16 om iirc
20:17 babilen Guest24515: Could you run the minion in debug mode (salt-minion -l debug) and paste the actual error it encounters?
20:17 Bowers joined #salt
20:17 babilen (use one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … please)
20:17 babilen bbl
20:18 Guest24515 [salt.loaded.int.module.cmdmod                             ][ERROR   ][22779] Command ['useradd', '-u', '0', '-g', '0'                          , '-m', 'user1'] failed with return code: 4 [salt.loaded.int.module.cmdmod                             ][ERROR   ][22779] stderr: useradd: UID 0 is not unique [salt.loaded.int.module.cmdmod                             ][ERROR   ][22779] retcode: 4 [salt.state
20:18 berto- joined #salt
20:18 ajw0100 joined #salt
20:18 om won't allow you to create a new user with existing uid
20:18 om for another use
20:18 om user
20:18 om safety net...
20:19 om You can probably still use cmd.run and hash the password.
20:19 chesty joined #salt
20:19 Guest24515 I understand, but I want to bypass this safety net :)
20:20 om :)
20:20 om salt.modules.shadow.gen_password
20:21 om meh... best not
20:21 Guest24515 om: And how can I use this hash password in cmd.run ?
20:22 DammitJim joined #salt
20:22 om perhaps salt.modules.shadow.set_password is better
20:22 jim__ joined #salt
20:22 Guest24515 om: there is no password param like in salt.modules.user
20:22 jim__ o/
20:22 ablemann joined #salt
20:22 buMPnet joined #salt
20:22 babilen Didn't you say earlier that useradd allows you to create that user?!
20:22 om good point
20:22 tvinson joined #salt
20:23 jim__ looking for information on the way salt-cloud bootstraps minions.
20:23 om me too
20:23 om jim__:
20:23 jim__ I've tried to pare down the bootstrap script, and it's installing salt correctly, but it's not configuring the minion_id how I'd like
20:23 jim__ is there a list of the environment variables that get set when salt-cloud runs the bootstrap script on the minion?
20:24 Guest24515 babilen: I'm not sure that I understand your question. I cannot create a user with uid and gid 0
20:24 jim__ I'd like to do something like `echo "id: $_SALT_CLOUD_MINION_ID_HERE >> /etc/salt/minion"`
20:25 jim__ anyone have experience with this type of thing?
20:25 om script_args: -C ?
20:25 jim__ I'm _so_ close to getting this working and it's making me nuts.
20:25 Guest24515 babilen: salt.states.user
20:26 cpowell joined #salt
20:26 om script_args: -C <-  gets new keys and the keys get pre-seeded on the master, and the /etc/salt/minion file has the right 'id:' declaration.
20:26 om "right"
20:26 jim__ @om with the built-in bootstrap script you mean?
20:27 jfindlay om: you may also need to use the `-F` option
20:27 jfindlay but this has been changed on bootstrap develop: -C implies -F
20:28 jim__ @jfindlay @om, I've found I don't like the rest of the configuration I get from the built in bootstrap script. it's setting things I don't need/want set
20:28 jfindlay yeah, I think that should be changed, but it will take some discussion and planning
20:28 tligda joined #salt
20:29 om sorry, that's just what's good for linode I saw
20:29 jim__ http://pastebin.com/KMcxVsR2
20:29 jfindlay jim__: although technically it is making explicit the defaults anyway
20:29 jim__ that's my bootstrap
20:29 jim__ trying to KISS this as much as possible
20:29 jim__ let me get my salt-cloud map file on pastebin so you can see what I'm talking about
20:31 Guest24515 Thank all about your help. Just wanted to ask if you have an idea for me :)
20:31 jim__ http://pastebin.com/udLd7xtR
20:31 bhosmer_ joined #salt
20:31 jim__ @jfindlay @om take a look, feel free to mock my ineptitude
20:31 babilen Guest24515: Okay, so this boils down to passing "-o" to useradd. You could fork the salt.states.user and salt.modules.useradd modules, implement a "- unique_uid: False" parameter and then place them in _states and _modules in your file_root respectively
20:31 jim__ just got a new gig, and I'm finally leaving puppet behind
20:32 babilen \o/
20:32 jim__ my salt-cloud profiles and provider are working 100%
20:32 Rumbles joined #salt
20:32 om jim__: wohoo!  Me too!  Well, waiting on the new gig, but yea, puppet going away
20:32 jfindlay jim__: nice
20:32 jim__ puppet is just so freaking slow T_T
20:32 jfindlay to both, actually
20:32 om clunk
20:33 jfindlay finally cutting the string :)
20:33 om so what's wrong with your map file?
20:33 jim__ @om nothing was wrong with my map file
20:33 om jim__
20:33 om nice
20:33 om :D
20:34 bja_ joined #salt
20:34 jim__ it issue is figuring out what environment variables get generated from that map file, which my bootstrap picks up
20:34 jim__ I'm just going to dump `env` to /tmp/env in my bootstrap and see what happens
20:35 om ok I misunderstood.  Thought you needed to change the minion_id
20:37 Guest24515 babilen: wow, thanks! Can you please help me to implement this issue? I will write you on private
20:40 jim__ @om this is what I'm talking about, from the map file, these are the key names; http://pastebin.com/qAzgEhgD
20:41 jim__ when I run my salt-cloud -m command, with the map file I showed you in pastebin, the minion_id is getting set to the hostname.
20:41 jim__ even though the aws name is correct, it's not setting to the hostname
20:41 babilen Guest24515: Well ... you would copy the respective Python modules from within salt into _modules and _states in your file_roots. I'd get a git clone somewhere (git clone https://github.com/saltstack/salt.git) and then switch to the salt branch you are using (git checkout 2015.8). Find salt/modules/user.py and salt/states/useradd.py in there and copy them to /srv/salt/_states and /srv/salt/_modules respective
20:41 jim__ hate having to blackbox this. I need to level up my python reading skills.
20:41 babilen ly
20:43 babilen Guest24515: Once you've done that you can add an additional argument to https://github.com/saltstack/salt/blob/develop/salt/states/user.py#L184 and hand it over to the useradd module ..
20:44 babilen Guest24515: That is essentially Python programming and walking you through that would be quite involved, but that is the general approach.
20:45 babilen My recommendation is still to configure sudo in this context
20:45 om +1
20:49 jsky joined #salt
20:49 babilen Guest24515: I mean if you want to be super hacky you could just add "-o" to the useradd call on https://github.com/saltstack/salt/blob/develop/salt/modules/useradd.py#L114 similar to how the other options are added there, but that would change the behaviour for *all* calls. You essentially want to make that explicit ..
20:50 sjmh jgarr - re: the client keys/cobbler stuff - you could either just use /keys action in the API, which simulates the key wheel module, or you can fire an event from the cobbler server and have the reactor pick it up to do something like removing keys ( either via just nuking the file or by using a local runner to do it )
20:51 DammitJim joined #salt
20:52 jgarr sjmh: I was looking into the api endpoints but it doesn't look like the api is running (at least not on 8000) but I didn't look into it any more
20:52 jgarr I figured someone in here probably has a script they use for similar situation I could use as an example. But if not I can make something
20:52 sjmh jgarr - you have to install the salt-api and configure it - doesn't start up by default
20:53 sjmh we go with the cobbler trigger -> send event -> reactor -> runner method
20:54 jgarr the cobbler trigger sends an event to the reactor instead of using the API? is any system allowed to send events to reactor (I've never used it)
20:55 felskrone joined #salt
20:55 sjmh the reactor is on the master and just listens to the event bus.  any minion can send events to the bus.  so we have a minion installed on our cobbler server and during a pre-trigger, it sends an event up.   reactors listen for specific tags in the event bus and when they find them, execute task(s).
20:56 sjmh so we send something like /example.com/prov/v1/ks/start and provide some data about the system that's booting
20:56 sjmh and the reactor sees that event and does pre-cleanup of keys and some other tasks
20:56 snarfy joined #salt
20:57 lemur joined #salt
20:57 sjmh it was easier for us to do it that way, because we already had firewall ACL's and the like for all of our minions to talk to our master, rather than needing to open ACL's for the API port as well.
20:58 jgarr that sounds pretty nice, you know if there's docs or if you have code examples?
20:59 jgarr Although my cobbler server isn't (yet) a salt minion. I'll dig into the api first. If I run into any problems at least I know of a suitable backup
20:59 sjmh there's docs on the reactor, yeah, but nothing on our setup, as it's specific to us.
21:00 sjmh jgarr : i can share the cobbler trigger:  https://gist.github.com/sjmh/1950f594e21ec62c3895
21:01 sjmh can't share the other stuff unfortunately
21:01 sjmh also we're on an older version of cobbler, hence the ks_meta stuff instead of the newer autoinstall_meta
21:01 hightekvagabond joined #salt
21:02 jgarr that's alright, thanks. Is there a way to make keys for api auth instead of username/password?
21:02 Rumbles joined #salt
21:04 jim__ @om http://pastebin.com/qAzgEhgD
21:04 sjmh jgarr - not that i know of, no.
21:04 snarfy i dont understand salt mine. i got my mine conf on a minion mine_functions: network.ip_addrs: [eth0], can someone tell me what I need to do from the master to see if this data is actually available?
21:05 sjmh at least not w/ cherrypy?
21:05 om jim__: I PM'd you
21:05 om did you get that?
21:05 jgarr sjmh: this looks promising https://github.com/madflojo/salt-api-reactor-formula
21:06 sjmh jgarr : well, they're disabling the auth in the API
21:06 sjmh and just requiring you to pass in a key in your event data
21:08 sjmh it's talked about here - https://gist.github.com/sjmh/1950f594e21ec62c3895
21:08 sjmh oops
21:08 sjmh https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#salt.netapi.rest_cherrypy.app.Webhook
21:09 snarfy it should be enough to set that minion mine config, restart, and salt-call mine.get 'foo-minion' ip_addrs, n'est-ce pas?
21:11 QuisaZaderak joined #salt
21:12 snarfy ok i see the mine data in the cache
21:12 Guest24515 babilen: I have added "o" cmd.extend(['-ou', str(uid)]) - /usr/lib/python2.6/site-packages/salt/modules/useradd.py. I see the same error. Is there something that I need to be so the changes will be effected?
21:14 yomilk joined #salt
21:15 writtenoff joined #salt
21:16 mohae joined #salt
21:23 snarfy oh. nevermind me.
21:23 snarfy i was trying to salt-call from a master that didn't have itself as a master
21:23 writteno1 joined #salt
21:23 snarfy cos i'm a genius
21:25 babilen Guest24515: sync the module, but I would just add "-o" as the rest will be filled in anyway
21:25 bhosmer joined #salt
21:30 sjmh snarfy - lol.  i think i have that same thought about 3 times a day
21:30 sjmh 'gj genius'
21:31 strangecolor joined #salt
21:36 foundatron joined #salt
21:41 AlberTUX joined #salt
21:41 Guest24515 babilen: salt minion saltutil.sync_modules  . I still cannot see the changes. I asssume that i'm doing something wrong.
21:42 blckbit10 joined #salt
21:43 DammitJim this is the worse question you guys will hear today
21:43 DammitJim in Linux, can I add a group of users to another group?
21:43 DammitJim so, I have a group called tomcat6
21:43 DammitJim can I add the managers group to tomcat6?
21:43 DammitJim or I have to resort to adding all the users manually?
21:44 om manually
21:44 om or use ACL's
21:44 DammitJim DAMMIT!
21:44 DammitJim oohhhh... ACL's
21:44 DammitJim I'm listening :)
21:44 sjmh man setfacl
21:44 DammitJim yeah, I use ACLs
21:44 DammitJim so, it is doable... I have acls through salt
21:44 DammitJim just wasn't sure if that was an option
21:45 DammitJim on regular settings
21:45 DammitJim thanks
21:46 cliluw joined #salt
21:46 sjmh yeah you'd just have to use acl's to allow the managers group access to whatever the tomcat6 group is.  i don't think there's anything in ACL's for doing subgrouping.
21:50 DammitJim wait
21:51 DammitJim so, I"ll have to do this manually for each folder that the tomcat6 group owns?
21:51 DammitJim I can't have a blanket ACL that will say that anything owned by the tomcat6 group will be acceessible for another group, right?
21:52 sjmh DammitJim - not that i know of, no.  maybe something with the default acl on the folder? I don't have alot of experience with ACLs though.
21:52 blckbit10 joined #salt
21:58 DammitJim thanks
22:00 tligda_ joined #salt
22:01 [7hunderbird] joined #salt
22:02 Rumbles joined #salt
22:03 jgarr joined #salt
22:03 strangecolor is it possible to use a requisite to check if a pip package is installed?
22:04 bja_ joined #salt
22:05 akhter joined #salt
22:05 jgarr so I got external auth working (pam) and have two things I can't figure out. 1) on the local system I can run salt -a pam ... but I still am prompted for my username. Shouldn't it get that from the running user? 2) I set up the api but if I try to curl the api I get <p>No permission -- see authorization schemes</p> when I send my username and login password
22:05 strangecolor https://dpaste.de/OC75
22:07 DammitJim what is the default amount of worker_threads if not specified on the master?
22:11 jgarr nvm, just found the -d eauth='pam' for curl
22:12 mcfallen so uh. I'm wondering if all the files in /srv/salt should be owned by root or can they be owned by a less privileged user?
22:13 dhdh joined #salt
22:13 strangecolor mcfallen: You can do either.  It is common for Salt to run as root, so they can be owned as root.  However, if you want to run an an UNPRIVILEGED user you do that too.
22:13 strangecolor https://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
22:14 deniszh joined #salt
22:14 strangecolor But yes, those are generally owned by Root.
22:15 edrocks joined #salt
22:15 sjmh jgarr - unfortunately, no, the -a pam doesn't take in your current user - which means you can auth as a diff user.  more flexible, but yes, also somewhat annoying.
22:16 giantlock joined #salt
22:17 mcfallen thanks
22:18 jgarr I'm looking into pepper which I think can solve the problem with the config file. Right now I'm exploring the api still. Trying to find the right /key flags to delete a key. docs says it wraps the module but that doesn't give me any hints to the url to use. I was trying /key/delete/minion but that's not it
22:18 jgarr logging in with a token for now seems to solve most of my testing problems
22:19 hightekvagabond joined #salt
22:19 bhosmer_ joined #salt
22:20 DammitJim dammit... I can't remember how to apply a highstate to only certain minions
22:21 baweaver joined #salt
22:21 DammitJim like how do I call minions server101, server 201, server301, server401 and server501 but not server901?
22:22 sjmh specify them as a list to the salt command?
22:22 DammitJim too much work!
22:22 DammitJim I thought one could use regular expressions or something like that
22:23 sjmh salt -L 'web1,web2,web3' test.ping
22:23 sjmh you can
22:23 DammitJim LOL
22:23 sjmh https://docs.saltstack.com/en/latest/topics/targeting/globbing.html#regular-expressions
22:23 DammitJim well, actually the server is server101.mydomain.com, server201.yourdomain.com and others
22:23 DammitJim ah, yes! with -E
22:23 DammitJim thanks
22:23 aharvey joined #salt
22:25 DammitJim thanks
22:26 snarfy ok so... i'm having a massive brain fart day. and i wasn't super clever to begin with. I'm trying to get a string variable from the salt mine
22:26 snarfy but examples for salt-mine it iterating through the resulting dictionary
22:27 snarfy and i can't do that. i need to set server1 = salt['mine.get']('particularserversip')
22:28 jim__ I've gone back to the salt default bootstrap.sh, and my minions are now `test.ping`ing after doing the deploy with salt-cloud
22:28 jim__ now I'm able to run `state.sls redis.server`
22:28 jim__ but when I try state.highstate, I get this;      Comment: No Top file or external nodes data matches found.
22:28 jim__ googling has been ineffective
22:29 snarfy instead i get like {'serverfqdn': ['ip address']}
22:29 sjmh jim__ - do you have the file_roots and top.sls file setup?
22:30 kawa2014 joined #salt
22:33 snarfy any environment separation can make things complicated too...
22:33 jim__ I don't have file_roots set, because I want to use the default @sjmh
22:33 jim__ my top.sls has a compound match, for two grains (which are set correctly)
22:35 sjmh and that's in /srv/salt?
22:37 sjmh that message only comes when it can't match anything in the top file jim__ - so i'd try and maybe set a simpler match or try and verify that targetting with those grains on the command line work too.
22:37 giantlock joined #salt
22:40 tligda joined #salt
22:41 jim__ @sjmh. oh man. I re-read my top.sls, and realized I was trying to match 'G@environment:production' when I wanted 'G@environment:development'
22:41 jim__ straight copypasta problems
22:41 sjmh :)
22:41 sjmh cool, glad it wasn't something simple
22:41 jesusaur joined #salt
22:41 sjmh er
22:41 sjmh was
22:44 zenlot1 joined #salt
22:48 jim__ I GOT A NEW ERROR! @sjmh you are a sir. thank you for listening to my dumbness
22:49 sjmh jim__ - glad i could help.
22:49 hasues joined #salt
22:49 hasues left #salt
22:52 baweaver joined #salt
22:52 tehsu any updates on when will 2015.8.4 be out?
22:54 Tyrm joined #salt
22:55 jfindlay tehsu: should be in a week or two
22:55 tehsu ok, enterprise support said week of 25th, so just checking
22:55 tehsu thanks
22:56 jfindlay ok, then sounds like this week :-)
22:56 Tyrm joined #salt
22:56 jfindlay but occasionally we find things during the release process that means moving it back a few days
22:57 tehsu yeah, makes sense, thank you
22:58 jfindlay sure
23:00 baweaver joined #salt
23:02 blckbit10 joined #salt
23:04 baweaver joined #salt
23:14 bhosmer_ joined #salt
23:15 yomilk joined #salt
23:16 baweaver joined #salt
23:17 strangecolor joined #salt
23:19 morissette joined #salt
23:20 aharvey joined #salt
23:22 strangecolor I am configuring a vagrant box using a masterless minion.  On vagrant up I run the highstate command.  My environment is provisioned successfully.  My problem:  if I vagrant ssh into my vagrant box and want to install something as the vagrant user, with pip, I get a permission denied.  The same occurs for most things installed salt.  I understand this is because Salt is installing everything as root.  My question is if there is a best practices way t
23:22 strangecolor o allow my devs to use the vagrant box and install using pip and make modifications as the vagrant user without have to chown or do any additional setup?  I see that pip.installed allows you to set a user, but you can’t do this for pkg.installed.  Any help would be appreciated.
23:26 JTeatime strangecolor: (off-topic) you should never use pip to install globally, as root;  use your package manager (apt, yum, whatever) to install python modules required by software installed from packages.  use pip to install modules globally-per-user (in the user's $HOME), or locally to a virtual environment specific to a project/application.
23:27 strangecolor JTeatime, what about something like virtualenvwrapper - which is what I was installing globally in this case
23:27 JTeatime strangecolor: either use your distribution package, or, if that's too old, install it in $HOME
23:28 strangecolor Sorry - to clarify.  In my current setup I install pip globally and then, as vagrant user, install virtualenvwrapper.  This is not good practice?
23:28 JTeatime no that's fine
23:30 hightekvagabond joined #salt
23:32 JTeatime (usually you just need to do `pip --user install virtualenvwrapper` instead of `pip install virtualenvwrapper`, and also make sure $HOME/.local/bin is in your path
23:36 qasedfgg joined #salt
23:36 strangecolor JTeatime, so I need to set a user when doing pip.installed and also set bin_env in salt - that is what you are suggesting?
23:37 JTeatime hrm, actually I don't know how to do it in salt; I'm just starting w/ salt
23:38 strangecolor Right on.  Yes, that is how I normally work around this issue with shell scripts :)
23:38 baweaver joined #salt
23:38 JTeatime I don't think you need bin_env
23:39 JTeatime I assume user: does what --user does
23:39 JTeatime and you'll need to make sure ~/.local/bin is in $PATH some other way; you could add something to put it into ~/.profile or ~/.bash_profile or /etc/profile or /etc/bash_profile etc.
23:40 strangecolor Yes, I currently set my .profile using file.append
23:42 colegatron joined #salt
23:48 strangecolor If you can install states one by one with state.apply <name-of-state> is there an opposite to this so you can remove a state one by one?
23:50 cpowell joined #salt
23:53 murrdoc joined #salt
23:56 bja_ joined #salt
23:58 jgarr how can I have a reactor state apply to the master? I have a state run on my custom job but I'm not sure how to make that state run on the master instead of the minion

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary