Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 baweaver joined #salt
00:01 jhauser joined #salt
00:04 akhter joined #salt
00:08 kevinquinnyo1 another thing in the same vein -- I used to obsess over using runners, or orchestrations when I needed "order" and requisites between states have some "circular-dependence" issues, and I realized that sometimes it's really easy to solve by using the {'order': 'last'} on something and just be done with it.
00:09 kevinquinnyo1 it may be ugly, but it's very readable
00:10 ninjada joined #salt
00:12 lws joined #salt
00:12 mr_chris joined #salt
00:14 baweaver joined #salt
00:19 zmalone joined #salt
00:20 pipps joined #salt
00:26 flowstate joined #salt
00:27 aqua^c joined #salt
00:28 meekrab joined #salt
00:29 SheetiS joined #salt
00:30 amcorreia joined #salt
00:31 zmalone joined #salt
00:35 rem5 joined #salt
00:39 lws joined #salt
00:43 armguy joined #salt
00:46 armguy I am probably over thinking this but is there a way to change the contents of a file before a cmd.run happens then back to its original state after cmd.run finishes.
00:50 zmalone left #salt
00:51 mr_chris joined #salt
00:59 edrocks joined #salt
01:01 iceyao joined #salt
01:04 ninjada joined #salt
01:07 iceyao_ joined #salt
01:10 hasues joined #salt
01:12 bluenemo joined #salt
01:12 hasues left #salt
01:19 iceyao joined #salt
01:21 Knuta armguy: keep a separate copy of both states of the file, copy the desired version both before and after the command?
01:24 brianfeister joined #salt
01:27 flowstate joined #salt
01:30 meekrab joined #salt
01:30 ssplatt joined #salt
01:30 armguy ahh duh.. Thanks Knuta
01:32 AdamSewell joined #salt
01:37 Slimmons joined #salt
01:46 k_sze[work] joined #salt
01:46 mr_chris joined #salt
01:46 mythical joined #salt
01:46 nidr0x joined #salt
01:46 ageorgop joined #salt
01:46 baweaver joined #salt
01:51 mythical I have to talk about saltstacks security to a IA board in a few days, and I'm running a little short on material (probably because I don't think there's much to talk about).  I'm bringing up the fact that the master/minion communication is always aes encrypted, and only the master requires opened ports 4505/4506.  Also, how pillars can help with security, and how you can configure it to be run by non-privileged users.  Is there any
01:51 mr_chris joined #salt
01:55 flowstate joined #salt
01:56 catpigger joined #salt
02:01 mr_chris joined #salt
02:04 renaissancedev joined #salt
02:05 Knuta mythical: your line got cut after "Is there anyt".
02:06 mythical Is there anything major I'm missing :)
02:06 mythical thanks for letting me know
02:06 Knuta I figured there wasn't much content after that, but figured I'd mention it regardless :-)
02:07 _W_ joined #salt
02:07 Knuta mythical: you should probably mention that the minions are authenticated with keys.
02:23 lws joined #salt
02:31 rem5 joined #salt
02:33 favadi joined #salt
02:34 sjmh joined #salt
02:36 sagerdearia joined #salt
02:38 jerredbell joined #salt
02:39 mr_chris joined #salt
02:43 blu_ joined #salt
02:44 ramteid joined #salt
02:48 mr_chris joined #salt
02:48 cyborg-one joined #salt
02:50 pipps joined #salt
02:52 evle joined #salt
03:01 kitplummer joined #salt
03:02 kitplumm_ joined #salt
03:03 edrocks joined #salt
03:04 kojiro joined #salt
03:07 quasiben joined #salt
03:09 beardedeagle joined #salt
03:10 racooper joined #salt
03:11 brianfeister joined #salt
03:18 beardedeagle lol when example code fails hard
03:18 sjmh joined #salt
03:25 flowstate joined #salt
03:25 kojiro joined #salt
03:30 kojiro I'm trying to figure out a good way to set an initial random value in a config file, only if that initial value isn't already set. I have `gitlab_rails['initial_root_password'] = "{{ salt['random.get_str'](32) }}"` now, but it gets a different random value every time the state is run.
03:31 kojiro The rest of the file is rendered from a Jinja template, so it also gets rewritten each time the previous state is run
03:35 ninjada joined #salt
03:43 josuebrunel joined #salt
03:45 amy_ joined #salt
03:49 spuder joined #salt
03:51 ITChap joined #salt
04:03 kevinquinnyo1 joined #salt
04:04 meekrab joined #salt
04:05 meekrab joined #salt
04:11 jpeach joined #salt
04:23 dkrae joined #salt
04:27 flowstate joined #salt
04:30 beardedeagle kojiro: right to a file and read from that each state run?
04:30 beardedeagle write* even
04:30 bb74352 joined #salt
04:34 iceyao joined #salt
04:43 mr_chris joined #salt
04:50 brianfeister joined #salt
04:59 iceyao joined #salt
05:00 spuder joined #salt
05:04 ivanjaros joined #salt
05:05 kawa2014 joined #salt
05:06 edrocks joined #salt
05:06 mr_chris joined #salt
05:10 onlyanegg joined #salt
05:16 ashmckenzie joined #salt
05:19 subsignal joined #salt
05:20 ecdhe joined #salt
05:26 flowstate joined #salt
05:28 mr_chris joined #salt
05:36 kshlm joined #salt
05:38 mr_chris joined #salt
05:45 jhauser joined #salt
05:46 amy_ joined #salt
05:46 lorengordon joined #salt
05:49 sauvin joined #salt
05:50 iggy belak: that's not exactly correct.. "doesn't take into account on already installed packages"
05:53 favadi joined #salt
05:58 GreatSnoopy joined #salt
06:10 aqua^c joined #salt
06:12 planetvortex joined #salt
06:13 sjmh joined #salt
06:13 planetvortex left #salt
06:14 nidr0x joined #salt
06:18 ajspa joined #salt
06:19 ecdhe joined #salt
06:19 rdas joined #salt
06:20 ivanjaros joined #salt
06:25 iceyao joined #salt
06:27 flowstate joined #salt
06:28 catpig joined #salt
06:30 iceyao_ joined #salt
06:30 XenophonF joined #salt
06:32 punkoivan joined #salt
06:36 freelock joined #salt
06:51 keimlink joined #salt
07:01 hillna joined #salt
07:01 JonGretar joined #salt
07:01 Freek joined #salt
07:01 m0nky joined #salt
07:01 djural joined #salt
07:01 phtes joined #salt
07:01 simonmcc joined #salt
07:02 ninjada_ joined #salt
07:03 bbhoss joined #salt
07:03 shawnbutts joined #salt
07:03 supermike joined #salt
07:03 dgutu joined #salt
07:03 kutenai joined #salt
07:03 czchen joined #salt
07:03 OliverMT joined #salt
07:04 ramblinpeck joined #salt
07:05 meekrab joined #salt
07:08 ajspa joined #salt
07:10 edrocks joined #salt
07:15 nidr0x joined #salt
07:24 rdas joined #salt
07:24 flowstate joined #salt
07:27 toanju joined #salt
07:29 toastedpenguin joined #salt
07:31 josuebrunel joined #salt
07:36 manji joined #salt
07:37 dmaiocchi joined #salt
07:40 linjan__ joined #salt
07:41 manji joined #salt
07:41 dmaiocchi joined #salt
07:49 donmichelangelo joined #salt
07:50 brianfeister joined #salt
07:53 illumi joined #salt
07:54 illumi left #salt
07:56 dkrae joined #salt
07:57 jhauser joined #salt
08:01 slav0nic joined #salt
08:03 dmaiocchi joined #salt
08:05 garphy joined #salt
08:05 hlub_ Is it somehow possible to copy all the files matching salt://*/readme.rst to a directory?
08:06 hlub_ like, if there is a way to iterate over those file sources in SLS file.
08:11 RealMurphy joined #salt
08:14 hlub I think I solved this, and the answer is cp.list_master.
08:17 RealMurphy Hi, I'm just beginning to use salt and thus may ask in weird ways ;) I'm trying to manage many hosts' ssh host keys via salt. keys are already present in an external pillar (file_tree), but now I'm already stuck what module to use to manage the files by the local minions - obviously I do not want to overwrite the files if they have not changed in the pillar but how do I detect this change?
08:19 ggoZ joined #salt
08:27 flowstate joined #salt
08:32 ajspa joined #salt
08:36 ninjada joined #salt
08:37 rrei joined #salt
08:39 GreatSnoopy joined #salt
08:43 ronnix joined #salt
08:44 ninjada joined #salt
08:52 s_kunk joined #salt
08:57 rmnuvg joined #salt
09:02 babilen RealMurphy: Use file.managed
09:02 babilen argh
09:03 babilen Ah, well ..
09:06 colttt joined #salt
09:06 iceyao joined #salt
09:12 edrocks joined #salt
09:14 Atomics joined #salt
09:22 Atomics Hi everybody. I'm actually trying to work with saltcloud for deploy a farm of web server on a vsphere. I'm getting an error when i define the network setting like the one in this issue : https://github.com/saltstack/salt/issues/31974  . anyone with a workaround ? Thanks
09:22 saltstackbot [#31974]title: run "salt-cloud -p vm salt_test_05 " was throwed the AttributeError. | when i run `salt-cloud -p vm salt_test_05` in the salt master ,it throwed the `AttributeError: 'NoneType' object has no attribute 'key'`...
09:26 renaissancedev joined #salt
09:26 flowstate joined #salt
09:39 brianfeister joined #salt
09:43 giannello joined #salt
09:45 lero joined #salt
09:49 Garyx joined #salt
09:50 ravenx joined #salt
09:50 ravenx is there way to have all my states in my sls file run as a user
09:50 ravenx instead of having to repeat myself all the time via:   - user: ravenx
09:50 ravenx like 40 tuimes.
09:51 Rumbles joined #salt
10:02 brianfeister joined #salt
10:06 colttt_ joined #salt
10:14 LotR joined #salt
10:14 oeuftete joined #salt
10:16 akoumjian joined #salt
10:25 TyrfingMjolnir joined #salt
10:26 flowstate joined #salt
10:38 N-Mi joined #salt
10:39 SeaPhor joined #salt
10:51 CeBe1 joined #salt
10:52 kevinquinnyo1 joined #salt
10:53 ninjada joined #salt
10:54 sylvain31 joined #salt
10:58 teryx5101 joined #salt
11:01 sylvain31 joined #salt
11:01 renaissancedev joined #salt
11:02 netzvieh is there is possibility to delete config files etc that were once managed by salt and are not needed anymore?
11:02 netzvieh or basically a undeploy?
11:05 AndreasLutro netzvieh: not without you writing states that do exactly what you want
11:06 amcorreia joined #salt
11:06 netzvieh hmm, so no undo this state. that'd actually be a nice feature
11:06 AndreasLutro good luck implementing it
11:07 bluenemo joined #salt
11:15 edrocks joined #salt
11:21 ninjada joined #salt
11:24 quasiben joined #salt
11:25 flowstate joined #salt
11:29 GreatSnoopy joined #salt
11:31 hrumph joined #salt
11:36 garphy joined #salt
11:43 morissette joined #salt
11:46 blarghmatey joined #salt
11:53 blarghmatey joined #salt
11:54 rem5 joined #salt
11:58 ssplatt joined #salt
12:05 ronnix_ joined #salt
12:13 justanotheruser joined #salt
12:14 AdamSewell joined #salt
12:15 honestly oh so salt doesn't like dangling symlinks :|
12:15 honestly they're not dangling on the target, goddammit
12:15 honestly why can't things ever just work :(
12:16 ronnix joined #salt
12:17 west575 joined #salt
12:18 XenophonF omg no kidding
12:23 honestly the symlink handling in file.recurse seems to be broken in many ways, there's a lot of issues on the tracker...
12:23 campbellm joined #salt
12:25 flowstate joined #salt
12:28 mapu joined #salt
12:32 AdamSewell joined #salt
12:35 Muchoz joined #salt
12:36 AdamSewe_ joined #salt
12:41 cpowell joined #salt
12:44 AdamSewell joined #salt
12:45 nidr0x joined #salt
12:50 campbellm joined #salt
12:53 DammitJim joined #salt
12:54 Yopes joined #salt
12:55 subsignal joined #salt
12:56 subsignal joined #salt
12:56 Yopes is there anyone who uses salt-api with salt-syndic ?
12:56 teryx5101 joined #salt
12:57 ninjada joined #salt
12:58 subsignal joined #salt
12:59 babilen Be the first!
12:59 teryx510 joined #salt
13:01 Yopes I'm trying, but i can see only the locals minions
13:01 Yopes An idea ?
13:04 ivanjaros joined #salt
13:07 babilen Ah, in that case you might get more help if you were to describe what you've done, what you've expected and what happened instead. I do not use salt-syndic with salt-api, but a more detailed question might allow people in #salt to provide some information.
13:07 babilen (as I don't think that you are actually trying to simply find one person who used that combination, but rather intend to ask that person a question)
13:08 squishypebble joined #salt
13:09 numkem joined #salt
13:12 gh34 joined #salt
13:12 babilen Can I get the user salt is running as on the minion within a SLS ?
13:13 babilen (I'd like to set HOME as environment variable to that user's HOME in a cmd.run state)
13:14 babilen And I'd rather not hardcode "root" :)
13:14 BitBandit joined #salt
13:16 babilen Hmm, maybe salt['config.get']('user', 'root')
13:18 edrocks joined #salt
13:20 babilen Hmm, that won't work if users set sudo_user :-/
13:20 AdamSewell joined #salt
13:25 ronnix joined #salt
13:26 flowstate joined #salt
13:28 AdamSewell joined #salt
13:29 scoates joined #salt
13:34 drawsmcgraw joined #salt
13:35 AdamSewell joined #salt
13:35 perfectsine joined #salt
13:36 pid1 joined #salt
13:36 _JZ_ joined #salt
13:39 cpowell joined #salt
13:43 racooper joined #salt
13:44 babilen A combination of config.get user/sudo_user and user.info worked :)
13:44 XenophonF i wish salt had better windows support
13:46 edrocks joined #salt
13:47 disbound joined #salt
13:47 XenophonF the whole shell-out-to-powershell thing gets tedious after a while
13:48 babilen I wish Windows had better bash support ;)
13:48 XenophonF hah well that's easier, cygwin to the rescue :)
13:48 edrocks joined #salt
13:52 west575_ joined #salt
13:52 jvblasco joined #salt
13:57 tkharju joined #salt
13:58 honestly I wish I could file.recurse with only some files run through templating :(
14:01 jerredbell joined #salt
14:02 remyd1 joined #salt
14:03 Rumbles joined #salt
14:03 mpanetta joined #salt
14:04 perfectsine joined #salt
14:06 hasues joined #salt
14:08 hasues left #salt
14:09 remyd1 Hi, I made a script script to use with salt. All the states in it are Ok. I would like to know if it will work, in particular the event section. The goal is to reinstall a minion (tftp stuff through salt formula), accept its new key and apply some states. Here is the script: http://paste.debian.net/442074/
14:09 babilen honestly: template_include_pat/template_exclude_pat support or somesuch?
14:11 babilen Well, that gets tricky as soon as you want different template engines for different files
14:12 ronnix_ joined #salt
14:13 iceyao joined #salt
14:14 ajolo joined #salt
14:16 remyd1 line 22 -> 26. Any idea ? I followed this: https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.event
14:16 tharkun joined #salt
14:17 jvblasco Hi, can someone point me to the documentation to write a state module? I know i found it 2 months ago, but i've been looking for it in the current docs, and cannot seem to find it
14:17 jvblasco has it been removed or something?
14:17 gtmanfred jvblasco: https://docs.saltstack.com/en/latest/ref/states/writing.html
14:17 jvblasco i know there was an example of a basic state module implementation to use as a guide
14:17 ssplatt iirc the basics are find a module and copy it
14:18 gtmanfred nope, there is an example on writing them
14:18 jvblasco gtmanfred: thnx so much
14:18 gtmanfred my pleasure :)
14:18 jvblasco been looking for that document for an hour or so
14:18 jvblasco ;)
14:18 jvblasco and i knew it existed
14:19 gtmanfred hehe just have to know the google keywords that I know from when I found it
14:19 gtmanfred 'custom salt states writing'
14:19 gtmanfred actually, i searched this this time
14:19 gtmanfred 'saltstsack custom satate'
14:19 babilen satay state
14:20 Atomics I know i already ask my question but i'm hoping to have more chance this time :) I'm using saltcloud and i'm block by this issue : https://github.com/saltstack/salt/issues/31974 . Does anyone have a quick win for me ? :)
14:20 saltstackbot [#31974]title: run "salt-cloud -p vm salt_test_05 " was throwed the AttributeError. | when i run `salt-cloud -p vm salt_test_05` in the salt master ,it throwed the `AttributeError: 'NoneType' object has no attribute 'key'`...
14:22 kawa2014 joined #salt
14:23 feliks joined #salt
14:25 TooLmaN joined #salt
14:25 flowstate joined #salt
14:28 remyd1 Just a basic question. Do you still using cron or are you doing everything through salt schedule ?
14:30 jvblasco gtmanfred: that was the way to go, i tried salt write state module and stuff like that, and found the writing execution modules document, but not the states one
14:30 gtmanfred :)
14:31 babilen remyd1: Both, but I'd default to salt schedule
14:31 remyd1 Ok, thx babilen
14:31 ronnix joined #salt
14:35 remyd1 http://paste.debian.net/442074/ => line 22-26 am I right or should I switch the line which is adding my minion's key with the event watch line (24 <-> 25)
14:39 kbyrne joined #salt
14:43 zmalone joined #salt
14:48 remyd1 Or do you think there will be a timeout problem ?
14:52 justaname joined #salt
14:57 doberman joined #salt
14:57 doberman Any good way that you can suggest for changing txqueuelen via salt?
14:57 adam1980 joined #salt
14:59 noraatepernos joined #salt
15:00 justaname Hello All, I"m getting the following error when running highstate 'RuntimeError: maximum recursion depth exceeded'
15:00 justaname Any ideas?
15:02 Brew joined #salt
15:03 babilen doberman: You can run "ip link set $IFACE txqueuelen $VALUE" in a cmd.run state. A better approach is probably to configure it in something like /etc/network/interfaces and define a "up" stanza for that interface such as "up ip link set $IFACE txqueuelen $VALUE"
15:03 babilen doberman: You can manage /e/n/i with salt if you wish
15:03 Jimlad joined #salt
15:04 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html
15:04 autofsckk joined #salt
15:04 newjersey joined #salt
15:05 babilen doberman: Well, make that /usr/sbin/ip in there, but you get the idea :)
15:05 doberman babilen: thanks for the suggestions, I'll see what makes most sense. If I do cmd.run on highstate/state apply, will that "ip" command be persistent on reboot?
15:05 murrdoc joined #salt
15:05 babilen It won't
15:05 ht joined #salt
15:06 babilen I would recommend to manage this in /e/n/i, but not only because it will be persistent, but also because it is easier to understand whenever people try to debug network problems.
15:07 doberman That's fine, I'm just wondering how to do it as /e/n/i is managed by the actual cloud/vm/dedicated provider
15:07 doberman s/as/in/
15:07 TiKiTiK joined #salt
15:09 TiKiTiK left #salt
15:10 doberman babilen: does it make sense adding it in /etc/network/if-up.d/ and put something like if $IFACE is eth0 tweak that value to N?
15:11 babilen You could, but I typically keep i close to the interface definition and use /etc/network/if-up.d/ for more "general" scripts
15:12 babilen If you already have a lot of logic in there, then sure .. go for it
15:12 doberman None logic for any interface for now
15:12 babilen (or if you need to do this for many interfaces that match a certain pattern .. or somesuch)
15:12 babilen I mean it really depends on "what is the easiest and least confusing way to achieve this?"
15:13 amy_ joined #salt
15:13 babilen If all you need is to define this for one interface and you already configure that interface in /e/n/i I'd just keep it there
15:13 doberman Got it. Thanks a lot, babilen!
15:15 babilen You are welcome .. I mean you might also not want to manage /e/n/i with salt and just have salt drop in a script into /etc/network/if-up.d/. That might be the best approach if you have other parties/tools managing /e/n/i and you don't want to step on their toes
15:15 babilen It's really hard to give a definite answers, but that pops into my mind .. I'm sure there are other considerations that you are aware of for your specific usecase. :)
15:17 onlyanegg joined #salt
15:18 jvblasco joined #salt
15:21 doberman babilen: I will probably go with the /etc/network/if-up.d/ way as /e/n/i is not managed by salt and it's automatically generated by the cloud hosting.
15:22 babilen Figured as much .. perfect reason to go the /etc/network/if-up.d/ route
15:22 spuder joined #salt
15:26 traph joined #salt
15:29 dmz joined #salt
15:29 zmalone joined #salt
15:29 noraatepernos If I wanted to read about how my sls files could travel from ec2 to digitalocean what would I read about?  I know my pillar has to have both ‘do’ and aws api keys.  Is the rest of it just if statements in jinja where required?
15:30 rocketnova joined #salt
15:30 noraatepernos I have node.js workers that I want to be able to deploy anywhere.  Would be heavenly.  If I could spin one up effortlessly and have it register with the job manager.
15:30 dmz howdy y'all, just looking at salt and had quick question; i see i can configure for external auth which is great but what is best approach for automted services using salt + end-user admins using it (with external auth for admins and automated services needing key based or specific location based restrictions on access); any suggestions on what i can go read to grok if that is possibel?
15:36 Cadmus joined #salt
15:37 onlyanegg joined #salt
15:37 Cadmus left #salt
15:38 Eugene dmz - I'm not sure what the question is? You want to manage service accounts(with logins across machines?), and user accounts(with ssh-key or password auth)?
15:39 noraatepernos https://docs.saltstack.com/en/latest/topics/targeting/grains.html#grains-in-the-minion-config When they say “in the minion config” to where are they referring?  Is this a .sls file and where would it live?
15:39 Eugene Or are you talking about eAuth / PAM / LDAP?
15:39 Eugene noraatepernos - the config /etc/salt/minion on each minion instance
15:39 justaname Hello All, I"m getting the following error when running highstate 'RuntimeError: maximum recursion depth exceeded' - any ideas?
15:40 Eugene justaname - that sounds like a circular dependency in your highstate tree
15:40 Eugene I suggest a stiff drink and a good read-through to see what introduced it
15:40 AndreasLutro nah... that's a recursion in the python code
15:40 dmz i'm looking at using pam/radius for my admin auth. can my scripted back-end stuff accounts be restricted to specific hosts (so admin or non authorized people don't use the service accounts on their own) and can i have service accounts that auth outside of the pam used for admins
15:40 AndreasLutro check the stack trace in the minion/master logs
15:40 noraatepernos Eugene: For amazon ec2 and Digital Ocean, is the best way to do this to launch from “base” image that has this file pre-configured?  So if I want to launch a “webserver” I’d have a machine image with the roles value including -webserver?
15:41 dmz does that make sense? multiple types of auth and location based restrictions for some accounts
15:41 noraatepernos I’m missing something about salt which is *when* one decides what an instances role is.
15:41 zmalone joined #salt
15:41 traph joined #salt
15:42 Eugene dmz - so you're worried about user-account login on your minions? You would need to build a state that pushes out the access rules you need. I would make setting-up access accounts part of the state for install+configuring the service/role on the minion
15:43 dmz no i'm looking at my admin users access to the salt system itself
15:43 dmz since i'm using pam all of my minions are already auth to pam so I have group/user/2fa access control there already; i'm looking at the users of the salt system; well users & automated scripts using it
15:44 AndreasLutro noraatepernos: salt does not have a concept of roles, how you implement a role-based system is up to you
15:44 Eugene noraatepernos - There's More Than One Way To Do It ;-). You can define the properties of minions either minion-side(in grains), or master-side(in pillar). Remember that minions can control their own grains, so its not recommended to do any kind of "sensitive" targeting(eg, "give me this SSL key") from grains, because a compromised minion can pwn your whole stack. I do all of my targeting PIllar-side because it makes sense to keep it all in one spot
15:44 Eugene dmz - ah, sorry I haven't played with that system very much. I'm sure somebody here has, patience
15:44 noraatepernos AndreasLutro: I think that’s why I’m confused in this area, thanks.
15:45 AndreasLutro noraatepernos: maybe this helps if you're looking for a way to implement roles https://www.lutro.me/posts/dangers-of-targetting-grains-in-salt
15:46 noraatepernos Eugene: In the end, I have to target a minion in some way, meaning it has to have *some* means to be identified.
15:46 dmz no rush; i'll be around for a while too, someone will show up w/something :)
15:46 noraatepernos AndreasLutro: Thanks.
15:46 ajspa joined #salt
15:48 Eugene noraatepernos - when I add a minion(on the Master), I add a pillar for it that lists its properties. https://github.com/EugeneKay/srv-salt/blob/pepper/pillar/minion/wenatchee.sls
15:48 AdamSewell joined #salt
15:48 Eugene Then I do this in highstate https://github.com/EugeneKay/srv-salt/blob/pepper/states/top.sls
15:50 noraatepernos Eugene: Thank you so much.  Taking a step back, when is it determined that the instance you’re launching has the role “guacamole” for instance?
15:50 noraatepernos At the command line from master?
15:51 Eugene I use `vim` to create the pillar/minion/foo.sls before I run `salt-cloud` to spin it up
15:51 Eugene Automating this is a work-in-progress in my tooling
15:51 Eugene Take a look at pillar/top.sls as well; if the minion-specific config isn't present then the defaults are the only thing used.
15:52 noraatepernos I think that’s what I’m missing.  If I could issue a command like “salt-cloud launch ec2 in us-east-1 with ami asdh827hd with roles webserver” it would be nice :)
15:53 Eugene Yeah, that's what I want as well. There's a missing piece of glue, something like `salt-cloud --roles=`. Unfortunately, as has been pointed-out, the roles concept is not built-in to Salt (yet?)
15:54 dfinn joined #salt
15:54 svjness joined #salt
15:54 ronnix joined #salt
15:55 Eugene You can probably come close by basing the pillar targeting on the minion name, eg prod-app-### and detect the "app" in the middle. This increases complexity, and you need to make sure you get the right minion names
15:58 babilen Are SaltConf 16 videos available already or even streamable?
15:59 noraatepernos Eugene: It’s weird because this doc almost implies that roles are built in, but really it’s just a yaml key.  Still, ‘node_type’ appears out of nowhere in this document it seems like https://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
16:00 AndreasLutro noraatepernos: "For this example to work, you would need to have defined the grain node_type for the minions you wish to match."
16:01 AndreasLutro quoted from right below the example
16:04 murrdoc joined #salt
16:05 rihannon joined #salt
16:10 Tanta joined #salt
16:10 rrei hey guys
16:10 Fiber^ joined #salt
16:10 rrei I'm trying to automate the key exchanges going on when starting to use salt-ssh
16:11 noraatepernos AndreasLutro: I see now, thanks.
16:11 rrei using Vagrant
16:11 rrei but I don't understand exactly what happens. who gives who what, and when
16:11 onlyanegg joined #salt
16:11 rrei can anyone give me an explanation or point me to a good place to read about this?
16:12 AdamSewell joined #salt
16:12 rrei so far I figured that the master installs its public key in the minion's .ssh/authorized_keys
16:13 rrei and that the ssh keys for the master are only generated on the first call to salt-ssh
16:13 rrei but I haven't figured out yet where the master keeps the keys for the minions, if it does that at all
16:14 rrei currently I run vagrant up and then from the master I have to do a salt-ssh with '-i' on the first run to set up the proper key exchanges
16:14 rrei and only then can i start using salt-ssh normally
16:15 subsignal joined #salt
16:15 AndreasLutro why do you use salt-ssh?
16:15 bltmiller joined #salt
16:15 edrocks joined #salt
16:15 rrei well, because I want to be able to control machines without having to install the minion on them
16:16 rrei I think in production I won't be able to install whatever I like
16:17 rem5 joined #salt
16:17 AndreasLutro fair enough, salt-ssh uses an ssh keypair located in /etc/salt/pki/something, -i allows deployment of said key to ~/.ssh/authorized_keys on the target host
16:18 noraatepernos What this example is missing is targetting by a grain’s list.  https://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file However, it was added here but I’m not sure what the top.sls matching glob would look like https://github.com/saltstack/salt/commit/b72fa96756582efc11c3a1f117999afd60a215c7
16:18 lws joined #salt
16:18 noraatepernos I seem to remember seeing something with a “G” at some point.
16:19 rem5 joined #salt
16:20 rrei AndreasLutro: if i understood correctly, '-i' does something a bit different. It makes the master trust the minion key automatically, similar to salt-key --accept
16:20 noraatepernos Oh, simpler than I thought http://www.saltstat.es/posts/role-infrastructure.html
16:20 rrei -i, --ignore-host-keys                         By default ssh host keys are honored and connections                         will ask for approval
16:21 AndreasLutro yeah nevermind, I am remembering something else. without -i the first time the target host's public identity won't be in your known_hosts file
16:23 rrei yes, I think so. it gets added to .ssh/known_hosts and then -i is not necessary anymore
16:23 AndreasLutro I mean, it won't be there regardless... yes that
16:23 tharkun joined #salt
16:24 rrei you gave me an idea! I think I found a solution to my problem
16:24 rrei I'm going to give it a go
16:24 rrei :P
16:24 keldwud joined #salt
16:24 rrei AndreasLutro: once again, thanks!
16:25 garphy joined #salt
16:25 keldwud so I was using the new 2016.3 docs and they were awesome but sometime between yesterday and today they were changed to be more like the current layout :(
16:25 AdamSewell joined #salt
16:25 rrei btw, I'm using the version of salt-ssh that includes your fix of the serialization of arguments to execution functions
16:25 svjness joined #salt
16:25 rrei works like a charm! :)
16:26 rrei now I can pass '123' to an execution function and it won't get serialized as an integer
16:26 keldwud the new documentation had a neat little search box for modules but it is gone now
16:26 rrei keldwud: new documentation? different layout?
16:27 writtenoff joined #salt
16:27 keldwud and the landing page for the new documentation was *way* nicer than how it is currently
16:27 keldwud rrei: https://docs.saltstack.com/en/2016.3/
16:27 rrei perhaps someone was just experimenting with sphinx themes
16:27 keldwud although that no longer looks anything like it did up until yesterday
16:27 keldwud I really liked the new layout, was much more useful for me
16:28 keldwud wished I had a screenshot available to show the differences
16:29 keldwud in particular, I really liked the "all salt modules" search box that used to be available in the new version but is now gone
16:36 Frantic joined #salt
16:37 pjs joined #salt
16:38 AdamSewell joined #salt
16:39 sjmh joined #salt
16:41 hal58th joined #salt
16:52 beardedeagle joined #salt
16:58 ltsampros joined #salt
16:58 ajspa joined #salt
17:00 keldwud is it possible to grant mongodb roles in a state rather than a one-off using the module grant_roles?
17:01 keldwud or is it better to just do it from the cli instead of wanting to do it via sls file?
17:02 keldwud and does pyMongo need to be installed on the minion, then?
17:04 ageorgop joined #salt
17:04 viq joined #salt
17:05 ronnix joined #salt
17:06 jfindlay keldwud: those new features should be part of the new docs layout.  There might be a problem with the docs build currently
17:06 keldwud jfindlay: I think there might be because I was getting a bunch of 404s
17:07 orion Hi. I'm using 2015.8.8 on Ubuntu 14.04, and iptables rules do not persist across reboots despite me specifying "save: True". Is this a known problem?
17:07 jfindlay keldwud: also, you should get debug log message about the mongodb exec module depending on pymongo, which would be minion side
17:08 jfindlay I'll tell Jacob about the docs errors
17:08 amy_ joined #salt
17:08 jfindlay orion: did you check the saved iptables file(s) to verify (general debugging question)?
17:09 Tanta_G joined #salt
17:09 nidr0x joined #salt
17:09 keldwud I'm hoping to grant a role to a mongodb user using a sate file instead of having to manually add it using the module so that I can bring up my whole stack with state files only
17:10 jfindlay that sounds like a winning strategy :-)
17:11 keldwud so the functionality I need is found in the salt.modules.mongodb.user_grant_roles but not available in SALT.STATES.MONGODB_USER
17:12 keldwud my limited understanding of salt leads me to believe that modules can only be run from the command line
17:12 keldwud and that I can't use it in an sls file. or *can* I use modules inside of a state file?
17:13 jfindlay keldwud: module.run
17:13 lero joined #salt
17:14 jfindlay one of the nice things about salt is that it gives you layers but lets you construct custom stuff by hand when necessary, for example with the cmd exec module you can sort of simulate a real execution module and with the module.run state you can with the proper requisites construct a fully idempotent state
17:15 jfindlay s/layers/structure/
17:15 keldwud ok cool, the module.run looks like it might give me what I was looking for
17:15 keldwud I was worried that part of my build process was going to include one-off commands from the command line
17:18 punkoivan joined #salt
17:20 baweaver joined #salt
17:21 hasues joined #salt
17:21 hasues left #salt
17:27 zmalone joined #salt
17:29 pipps joined #salt
17:30 lemur joined #salt
17:32 cpowell joined #salt
17:33 ajw0100 joined #salt
17:34 Eugene joined #salt
17:34 punkoivan joined #salt
17:38 irctc684 joined #salt
17:39 irctc684 how can make saltstack talk to a siem
17:44 AdamSewell joined #salt
17:44 ronnix joined #salt
17:44 aw110f joined #salt
17:44 keldwud if I'm adding an init.d file using file.managed, is it safe to call service.running for it in the same, umm, not sure what you call it, a statement, paragraph, or whatever
17:44 punkoivan joined #salt
17:45 keldwud i.e. http://pastie.org/10815357
17:45 keldwud or would it be better to give it its own 'namespace' and include a require statement?
17:46 AndreasLutro keldwud: those are 2 states within the same ID, and that would work just fine
17:46 AndreasLutro though you might want to add a require anyway just to be safe
17:47 keldwud so I don't understand how I would include a require statement when it is referring to the same ID
17:48 keldwud would it work if I told it to require itself?
17:48 jfindlay the uniqueness of a require (and similar requisites) is `<module>: <SLS ID>`
17:49 keldwud yeah, so the second section of that sls doesn't have a unique ID, service.running (in my example) is under the same ID as file.managed, right?
17:49 dmaiocchi joined #salt
17:50 lero joined #salt
17:50 keldwud or maybe I just put a watch on it instead of a require
17:50 keldwud so that it won't start the service until the init.d file shows up anyway
17:51 jfindlay good point
17:51 ajspa joined #salt
17:51 keldwud like this? http://pastie.org/10815362
17:52 keldwud that should work, right?
17:52 keldwud this is so much fun. I'm really enjoying salt
17:53 spuder joined #salt
17:54 GreatSnoopy joined #salt
17:55 jfindlay keldwud: looks good, although you could still do a
17:55 jfindlay - require:
17:55 jfindlay - file: disable transparent hugepages
17:56 keldwud so the recursion of that won't break anything?
17:57 RandyT joined #salt
17:57 AndreasLutro there is no recursion, it's 2 states, one requiring the other
17:57 ronnix joined #salt
17:57 lws joined #salt
17:57 jfindlay they have the same ID, but use different state modules
17:58 cpowell joined #salt
17:59 whatever_sd_ joined #salt
18:00 doriftoshoes_ joined #salt
18:01 keldwud ok cool, thanks
18:01 keldwud that's what I was getting hung up on. was unsure if I could have it call itself
18:01 jfindlay https://docs.saltstack.com/en/latest/ref/states/highstate.html
18:01 keldwud why file: and not name: ?
18:02 keldwud oh so that's what those are called. ID declaration or highstate component
18:02 AndreasLutro "state IDs" is easier :p
18:03 keldwud yeah, I like state IDs. I was struggling earlier with how to reference it but now I'm all clear :)
18:03 cpowell joined #salt
18:03 keldwud so in jfindlay's example, he referred to the sate ID in a require statement by calling it with file:
18:04 AndreasLutro requiring a state by id was only recently added and doesn't work all that well - doesn't trigger watches for example
18:04 keldwud are there other ways it can be called?
18:04 s_kunk joined #salt
18:04 AndreasLutro you can require a state by its ID or its "name" argument
18:04 keldwud so require: \ - name: <state id>?
18:05 AndreasLutro no
18:05 AndreasLutro - state_type: (state_id|state_name)
18:05 keldwud ahh, ok. but the gotcha there is if I use states as a require, it won't trigger watches?
18:06 AndreasLutro there are no gotchas with that above example
18:06 jfindlay keldwud: if you find any more doc problems can you paste or copy the error details to me?
18:06 keldwud I must have confused it with your prior statement about require a state by id not triggering watches
18:06 AndreasLutro in 2016.3 you can use `id: state_id` and it'll match regardless of which state type it is, but if you use it in a watch, it won't trigger the watch
18:07 keldwud jfindlay: it was just a layout issue and missing content. if I clicked on links from my cached pages from yesterday they went to 404 pages but if I browse there using the en/2016.3 links from the new layout, they all work
18:07 keldwud what's the difference between a state id and a state name?
18:08 AndreasLutro the id is.. an id, the name is just an argument you pass to the state function (which defaults to the id)
18:08 bbradley joined #salt
18:09 DammitJim joined #salt
18:13 keldwud state.archived is what I want for tar.gz files, right?
18:14 AdamSewell joined #salt
18:14 orion 10:08:55 <@jfindlay> orion: did you check the saved iptables file(s) to verify (general debugging question)? -- the proper rules are found in /etc/iptables/rules.v4
18:15 dayid joined #salt
18:15 jfindlay orion: if the rules get saved, I wonder what the reason is that iptables is not loading them upon service (re)start
18:16 lws joined #salt
18:16 bowhunter joined #salt
18:17 akhter joined #salt
18:18 orion I've determined that the problem is that the iptables-persistent package was not installed.
18:30 keldwud if I want to call a state name from another sls file, do I use name.state name where name is from <name>.sls?
18:31 keldwud also, I'm trying to find some documentation on state types but coming up short
18:32 beardedeagle jfindlay: I think a coworker of mine put a pr in that would resolve that (firewall). he still needs to fix a couple of things before it gets approved though.
18:32 AndreasLutro keldwud: a file.managed state has the type "file" - it's just the bit before the dot
18:33 AndreasLutro keldwud: if you want to require a state from another sls you need to include the sls, otherwise it works as if it was in the same file
18:34 autofsckk hello, im really new with salt, i've been reading for 2 or 3 days now, making some experiments with vagrant, other vm on the server and a real dev server, it is not very clear to me on how to use git-gitfs ?  by any chance anybody here know a good tutorial? or something i can read to like understand how to manage the minions using it? thanks in advance
18:37 noum joined #salt
18:37 noum Hi, I'm just starting to explore Salt. What is the equivalent of Ansible Galaxy or Chef Supermarket in SaltStack?
18:38 ecdhe noum, are you familar with salt-formulas?
18:38 ecdhe https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
18:38 ecdhe https://github.com/saltstack-formulas
18:41 ecdhe autofsckk, this is not the answer to your question, but I've used salt for a couple years without gitfs; it's great for tasks like letting github host your formulas, but I don't want github to be a critical part of my deployment infrastructure.
18:41 noum ecdhe: thanks.
18:42 keldwud is there a way to enable firewalld services (stored in /etc/firewalld/services) using state.firewalld? or can I only open ports using .present and not using xml files
18:43 pipps joined #salt
18:44 keldwud or maybe it would just be easier to manually specify the ports
18:46 autofsckk ecdhe: we use our own git server and is kind of important/usefull in some ways, we use now puppet and use git a lot
18:46 ecdhe autofsckk, that makes sense; sorry for not answering the question!
18:47 autofsckk ecdhe: not a problem, thanks for answering me :D
18:48 amcorreia joined #salt
18:51 ahammond where can I find best practices around salt-cloud credentials (as in, I probably want it to have it's own credentials for every cloud provider)?
18:56 toanju joined #salt
19:00 bltmiller joined #salt
19:01 pipps joined #salt
19:03 Tanta_G joined #salt
19:04 jvblasco joined #salt
19:04 edrocks joined #salt
19:05 mapu joined #salt
19:07 jeffspeff joined #salt
19:08 cyborg-one joined #salt
19:09 dmaiocchi joined #salt
19:14 garphy joined #salt
19:15 kevinquinnyo is there any way for me to see the output of a state + orchestration + some other stuff that is triggered via a reactor, in the same way that it's presented by default from the command line?
19:16 kevinquinnyo without having to just tail the salt-master log / salt-run state.event pretty=True / tail -f all the salt-minion logs?
19:16 kevinquinnyo etc..
19:16 Brew joined #salt
19:17 manji joined #salt
19:17 kevinquinnyo when i have over 500 states that run it's very difficult to debug individual problems
19:18 ronnix_ joined #salt
19:20 cswang joined #salt
19:20 Tanta_G look at the output filters for salt, you can narrow down what it reports to only changes: https://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html
19:21 major joined #salt
19:21 keimlink joined #salt
19:21 jfindlay kevinquinnyo: have you thought about setting up a returner?
19:22 kevinquinnyo hm
19:22 kevinquinnyo i knew you could do that for runners
19:22 kevinquinnyo but can you do it for a reacotr?
19:22 major are there any config directives for specifying the path to the ssh keys to connect with when using salt-ssh?
19:22 jfindlay good question
19:23 jfindlay major: you can specify a key per minion in a roster
19:23 mrking joined #salt
19:24 pipps joined #salt
19:24 major jfindlay, I don't see that option in the docs
19:24 mrking I'm skeptical of putting a plain text password into a salt pillar. What's the best way to handle using a password for a salt state?
19:24 major salt-ssh specific?
19:24 jfindlay I don't see any salt-ssh option for specifying a key on the command line
19:25 west575 joined #salt
19:25 jfindlay mrking: you can try the gpg renderer: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
19:25 jfindlay major: https://docs.saltstack.com/en/latest/topics/ssh/roster.html
19:25 major jfindlay, right, nothing there mentions a key
19:26 mrking i'll give that documentation a try. thanks.
19:27 jfindlay major: see the `priv` setting
19:27 major snap
19:28 major jfindlay, thanks for removing the haze from my eyes :)
19:28 jfindlay major: sure :)
19:32 baweaver joined #salt
19:34 major quick question, did salt-ssh ever implement dealing with passphrases on the key, or is the ssh-agent still the only way to go?
19:35 pipps joined #salt
19:36 jfindlay I'm not sure.  I thought that it worked but I've never tried
19:36 major I know it didn't use to and prepping the keys via ssh-agent was the work around
19:37 west575 joined #salt
19:37 major what abotu grains in the roster file?
19:39 edrocks is there anyway to have a jinja pillar value keep it's line breaks when you put it in a state file(yaml)?
19:39 lero joined #salt
19:39 jfindlay major: you might be able to pass that through the `minion_opts` config
19:39 major hmm
19:40 jfindlay but see the note about the thin dir: https://docs.saltstack.com/en/latest/topics/ssh/roster.html#thin-dir
19:41 major thanks again
19:41 nZac joined #salt
19:43 jfindlay no problem
19:44 ronnix joined #salt
19:45 josuebrunel joined #salt
19:48 west575 joined #salt
19:50 major hmm, I don't suppose there is a priv_dir or something to use instead? or some way to emulate that via other options
19:51 bVector anyone have a good alternative to make that is python based?
19:51 major it isn't so much an issue as much as it would just cut down on some clutter .. actually .. it might not matter either way
19:51 dmaiocchi joined #salt
19:52 bVector make really doesn't fit my thought patterns well, fabric might be ok but I figured someone might have gone down this road already
19:52 major hurm
19:52 major snap ..  salt-ssh doesn't hangled signed SSH certs?
19:52 major wow .. my typing isn't handling words
19:53 jfindlay bVector: at my last job I hacked something with multiprocessing and multithreading, but I modeled it after make :)
19:53 lemur joined #salt
19:53 jfindlay major: ssh-agent?
19:53 bVector this looks neat but a bit dated https://github.com/paver/paver
19:54 major salt-ssh.rsa-cert.pub files are .. special
19:54 major salt is using its own ssh libraries or something weird?
19:54 jfindlay bVector: scons is python
19:54 major maybe it is me
19:54 bVector salt calls out to the ssh executable I think
19:55 disbound joined #salt
19:55 bVector there should be a way to pass in your own args if you know how to do it via the ssh command
19:55 major jfindlay, http://www.lorier.net/docs/ssh-ca
19:56 jfindlay there could be better handling of native ssh options from my experience as well, unless I am wrong and you can specify a ssh_config file, for example
19:56 major basically you end up with 3 ssh files, the salt-ssh.rsa, salt-ssh.rsa-cert.pub and salt-ssh.rsa.pub
19:57 AndreasLutro I've been using salt-ssh for like 2 years now and have never seen rsa-cert.pub
19:57 major AndreasLutro, it is a feature of SSH
19:57 major when you sign an ssh key
19:57 major as opposed to passing around unsigned keys that people trust via the authorized_keys file
19:57 AndreasLutro oh, I see
19:58 major I know WinSCP can't handle signed SSH keys .. which is sort of one more reason to use them IMHO .. but .. yah
19:58 jfindlay major: there was an issue about salt-ssh with certificates recently, but I can't find it
19:58 major anyway, you can make your sshd trusted all keys signed by an SSH user CA and configure it such that ssh clients can't get a username/password prompt w/out a trusted cert
19:59 major also, a signed cert is limited to being used for specific user logins, which are part of the signing signature
19:59 kevinquinnyo will reactor's tasks queue sequentially on the salt-master if it receives a handful of the same events that triggered it (a salt api call for example) in a row, quicker than the time it takes the reactor to complete?
19:59 major so if you sign a cert to be used by the salt user, then that key can never be used to login as another user
19:59 keldwud well that was interesting. I managed to freeze my shell after running salt \* state.apply test=True
19:59 major all in all it is very nice
20:00 keldwud ctrl-c doesn't get me out of it
20:00 bVector major: https://github.com/saltstack/salt/blob/b642b951802f0e421323f485c6272c0eb8c63f68/salt/client/ssh/shell.py#L88
20:00 bVector you could add your own flags and make a Saltfile
20:01 keldwud oh wow, I think it locked up the whole system
20:01 major keldwud, you took it to 11?
20:02 keldwud is that normal? is it possible to lock up a system by applying a "bad" salt state?
20:02 keldwud yeah, I brought up a console for that system and even the console is not responding and neither is ssh
20:03 bVector if you have a reactor loop it might just be using 100% cpu or something fun
20:03 major keldwud, you accidentally stop the terminal?
20:03 major oh, never mind then
20:03 keldwud I don't have any reactors, no
20:04 keldwud here is the error I *used* to be getting http://pastie.org/10815519
20:04 major I have accidentally sent my login shell a SIGSTOP a few times and almost rebooted the server before sending the shell SIGCONT .. but that doesn't effect ssh and such
20:04 keldwud then I went into my graylog-web-admin.sls and removed the pillar references and just manually entered the username and password
20:04 bVector did it have any special characters in the username or password?
20:04 keldwud I was using the following modules
20:05 keldwud salt.modules.mongodb.user_grant_roles
20:05 keldwud and I called that using module.run
20:05 keldwud I also was using salt.states.mongodb_user
20:06 keldwud .present
20:06 mrking joined #salt
20:06 keldwud I didn't have any special characters in the fields and in the mongodb_user.present state I used the name, passwd, user parameters
20:07 rocketnova joined #salt
20:08 mrking I'm trying to follow the salt.renderers.gpg doc "https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html" and i'm getting stuck on the command: # gpg --homedir /etc/salt/gpgkeys --armor --export <KEY-NAME>         > exported_pubkey.gpg    what do I put for Key-Name? pubring.gpg, pubring.gpg~, random_seed, secring.gpg, trustdb.gpg?
20:08 keldwud but, yeah, the only thing that changed between when state.apply would successfully complete and the whole node locking up was after I enabled that file to run
20:08 keldwud or that state to be applied, rather
20:09 keldwud I'm super concerned and curious as to how in the heck I caused my system to lock up completely
20:09 keldwud could it be that I ran in-line comments that contained jinja comments?
20:10 keldwud that's another thing that I did to change the file to get it to be accepted, I removed the pillar data by trying to comment it out
20:10 keldwud or is this completely unrelated to salt?
20:10 AndreasLutro mrking: gpg --list-keys - the bist after the /
20:11 AndreasLutro bit*
20:12 Brew joined #salt
20:12 mrking what is the bist?
20:13 AndreasLutro bit*
20:13 mrking didn't see your second message.
20:13 flebel joined #salt
20:15 jhauser joined #salt
20:16 mrking still a little confused what you mean by the bit after the /
20:18 west575 joined #salt
20:20 rbjorkli1 joined #salt
20:21 bowhunter joined #salt
20:23 lws joined #salt
20:24 mrking does anyone know how to retrieve the public key when using salt.renderers.gpg?
20:26 AndreasLutro mrking:
20:26 AndreasLutro pub   2048R/C183C0E3 2014-10-01
20:26 AndreasLutro uid                  Andreas Lutro <anlutro@gmail.com>
20:26 AndreasLutro the id would be C183C0E3
20:28 mrking where is that located? when i run gpg --list-keys nothing returns.
20:30 AndreasLutro eh
20:30 AndreasLutro wherever you generated the gpg key
20:31 AndreasLutro might have to --list-secret-keys instead
20:31 AndreasLutro not sure
20:32 mrking thanks. i'll see if I can figure that out. #rookiestatus
20:32 jeffspeff joined #salt
20:35 pipps joined #salt
20:42 nidr0x joined #salt
20:44 Eugene #IRCDoesntUseHashTagsThoseAreChannelsHere
20:44 keldwud what would cause my minions to not connect after hard resetting my salt master?
20:45 Eugene Have you waited a few minutes and checked again? Minions don't always detect the drop immediately in my experience
20:45 justaname joined #salt
20:45 baweaver :D
20:45 Eugene I've also seen subsequent runs of test.ping cause them to reconnect magically
20:45 baweaver Eugene: couldn't help it
20:45 Eugene baweaver - I hope you're proud of what you've done
20:46 baweaver always am
20:46 keldwud Eugene: yeah that appears to have been the issue
20:46 justaname Howdy - I keep getting RuntimeError: maximum recursion depth exceeded in highstate debug.  minion logs return: https://gist.github.com/ryanlraines/d81a7978d18260a2db800315b0b4d7ea
20:46 justaname Anyone care to help?
20:46 keldwud I had left my desk for about 10 minutes and when I came back, the minions were responding again
20:46 keldwud now I gotta figure out how and why my master locked up in the first place. looks like I wasn't able to re-create the issue
20:47 Eugene In my nagios monitoring I have a check for Salt Highstate that runs once an hour; since adding that I've never had a minion-not-responding.... except for timeouts, which are a different problem
20:51 toanju joined #salt
20:57 major possible to set the pki_dir on a per-minion basis?
20:58 Edgan 16.04 salt debs?
20:59 upb joined #salt
21:04 rocketnova joined #salt
21:08 josuebrunel joined #salt
21:10 flebel joined #salt
21:10 Garyx joined #salt
21:10 subsignal joined #salt
21:13 amy_ joined #salt
21:15 hemebond joined #salt
21:15 Eugene Edgan - I always wait for XX.04.1 before trying to deploy; it takes time for packages to get built ;-)
21:16 Eugene You can probably use the deb-src for 14.04 or 15.10 and roll-your-own
21:16 Eugene But I would not put that in production
21:16 Eugene In fact, it looks like there isn't a 15.10 from the Saltstack repo proper, just PPAs.
21:18 CeBe joined #salt
21:19 Edgan Eugene: I am going to try the trusty packages
21:24 bowhunter joined #salt
21:25 pipps99 joined #salt
21:36 Kurzweil joined #salt
21:46 bltmiller joined #salt
21:47 winsalt joined #salt
21:47 Garyx joined #salt
21:48 winsalt good afternoon everyone
21:48 winsalt anyone around that has tried to use salt with windows?
21:50 pipps joined #salt
21:53 winsalt Im new to salt and have a mixed environment.  I've read through the documentation but am having issues getting started.  Literally getting started, i cant figure out how to create the top file where it will identify both CentOS and Windows grains
21:53 winsalt any help would be greatly appreciated
21:53 west575 joined #salt
21:54 nZac joined #salt
22:00 subsignal joined #salt
22:01 jfindlay well, here I was suspecting you would be the windows salt expert :-)
22:02 winsalt win!
22:02 winsalt i wish...
22:02 baweaver joined #salt
22:02 jfindlay did you checkout https://docs.saltstack.com/en/latest/ref/states/top.html#advanced-minion-targeting?
22:03 jfindlay there are examples targeting based on grains in a top file there
22:03 winsalt yes i did but it doesnt show how to target windows.  I have 2008 and 2012 nodes
22:03 winsalt each have different configs
22:03 jfindlay hmm
22:04 winsalt which is what has me perplexed
22:04 jfindlay without remembering exactly what the windows grains are I suspect something like `osfullname:(Window2008|Windows2012)` should work
22:05 jfindlay try `salt win-min grains.items` to check what the os* grains evaluate to
22:05 * jfindlay commutes home
22:07 radhac joined #salt
22:07 belak Is there a way to have a sub-state that I could include with different parameters? I've got a common action where I make both a postgres user and database... and it's getting tiring having to copy that everywhere
22:08 kevinquinnyo belak: what i did was create a custom module
22:09 kevinquinnyo and i put common, general functions in there
22:09 kevinquinnyo within the context of the module, you still have access to __pillar__ and __grains__
22:09 kevinquinnyo and all that
22:10 kevinquinnyo you could create something _modules/ in your in your salt files root, ie /srv/salt/_modules/my_utilities.sls
22:11 major bleh .. the openssh-formula doesn't handle certs ;(
22:12 kevinquinnyo belak: well i dont know if you would be able to call a state directly from there though... but you could at least use it to return the dict data that the postgres and whatever else need
22:14 kevinquinnyo i have a quick question:  should i not expect to see 'root' when i run:  salt 'sometgt*' cmd.run "whoami" user="someuser" group="someuser"
22:14 ahammond I have a gitfs issue: [WARNING ] Found invalid hash file [_modules.lk] when attempting to reap cache directory.
22:14 ahammond any ideas about this? I've never heard of _modules.lk
22:14 west575 joined #salt
22:14 keldwud when I am adding a GPG key to my repositories, how do I get salt to recognize it and add it so that it can install packages from the new repository
22:15 keldwud I have used file.managed to ensure the file is in the correct location
22:16 ahammond we don't have a _modules.lk anywhere in our formulas
22:17 keldwud can I put two name:s in a file.managed?
22:17 kevinquinnyo oh nevermind i think i was reading old docs, it's runas, not user
22:17 keldwud or do I have to put each name/source in a separate state ID?
22:18 kevinquinnyo keldwud: good question
22:18 kevinquinnyo i always use py renderer so i've been doing iteration for that
22:18 keldwud because it appears to be working in some cases but not others
22:18 kevinquinnyo for file in ['file1', 'file2']:
22:19 jhauser joined #salt
22:20 kevinquinnyo keldwud: from the docs i'm reading it doesn't look like it supports that
22:20 keldwud once I separated them into separate state IDs, it resolved my issue of the file not being copied over
22:20 keldwud thank you for the confirmation, kevinquinnyo
22:20 kevinquinnyo sure
22:21 keldwud which doc did you reference, btw?
22:21 keldwud good for me to know for future reference
22:21 kevinquinnyo it wouldnt make sense to have multiple in a single state, since they would all have the same context -- you may as well just do a file.managed, then copy it to other locations
22:21 kevinquinnyo https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
22:21 kevinquinnyo actually
22:22 kevinquinnyo ohh thats a shame i thought they did javscript fragments so i could give you the url at the right spot on the page
22:22 kevinquinnyo search for 'salt.states.file.managed'
22:23 kevinquinnyo oh they do, lol
22:23 kevinquinnyo https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
22:23 jvblasco joined #salt
22:25 jeffspeff joined #salt
22:26 baweaver joined #salt
22:31 amcorreia joined #salt
22:32 amcorreia joined #salt
22:38 west575 joined #salt
22:38 cliluw joined #salt
22:38 amcorreia joined #salt
22:39 zenlot6 joined #salt
22:39 fusionx86 joined #salt
22:45 lws joined #salt
22:49 catpig joined #salt
22:50 bowhunter joined #salt
23:03 cpowell joined #salt
23:07 pydevops joined #salt
23:08 pipps joined #salt
23:27 baweaver joined #salt
23:27 rem5 joined #salt
23:27 hax404 joined #salt
23:27 danielcb joined #salt
23:27 capri joined #salt
23:29 west575 joined #salt
23:30 rem5 joined #salt
23:33 subsignal joined #salt
23:34 west575 joined #salt
23:47 pipps joined #salt
23:48 onlyanegg joined #salt
23:50 hexa- joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary