Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-06-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 kevinquinnyo joined #salt
00:16 woodtablet left #salt
00:17 MrLudo joined #salt
00:23 nZac joined #salt
00:47 aqua^c joined #salt
00:47 nZac joined #salt
00:50 mapu joined #salt
00:52 mosen joined #salt
00:54 infrmnt1 joined #salt
00:57 fannet_ joined #salt
01:02 hasues joined #salt
01:07 amcorreia joined #salt
01:11 iceyao joined #salt
01:12 hasues left #salt
01:12 iceyao_ joined #salt
01:16 dendazen joined #salt
01:22 netcho joined #salt
01:24 keekz joined #salt
01:24 lempa joined #salt
01:27 mpanetta joined #salt
01:37 DEger joined #salt
01:39 catpiggest joined #salt
01:46 sagerdearia joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.10, 2015.8.10, 2016.3.1 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:51 nethershaw joined #salt
01:56 raygunsix joined #salt
02:00 sagerdearia joined #salt
02:10 aqua^c joined #salt
02:20 ajw0100 joined #salt
02:25 raygunsix_ joined #salt
02:25 raygunsix_ joined #salt
02:25 cyborg-one joined #salt
02:30 nZac joined #salt
02:32 om joined #salt
02:35 sagerdearia joined #salt
02:46 berserk joined #salt
02:47 berserk joined #salt
02:47 Eureka703 joined #salt
02:49 smcquay joined #salt
02:56 juanito__ joined #salt
03:00 tuxx joined #salt
03:22 netcho joined #salt
03:32 nZac joined #salt
03:37 raygunsix joined #salt
04:01 nZac joined #salt
04:04 badon_ joined #salt
04:06 badon joined #salt
04:09 rem5 joined #salt
04:19 linjan__ joined #salt
04:33 bfig joined #salt
04:33 bfig__ joined #salt
04:35 berserk joined #salt
04:35 manji joined #salt
05:01 dendazen joined #salt
05:05 DarkKnightCZ joined #salt
05:18 kawa2014 joined #salt
05:22 netcho joined #salt
05:27 impi joined #salt
05:28 glyf joined #salt
05:29 Rumbles joined #salt
05:31 badon joined #salt
05:37 mosen joined #salt
05:38 nZac joined #salt
05:45 sjmh joined #salt
05:47 yuhlw_ joined #salt
05:51 netcho joined #salt
05:57 iceyao joined #salt
05:59 dmaiocchi joined #salt
06:01 illern joined #salt
06:03 rdas joined #salt
06:06 dmaiocchi joined #salt
06:12 iceyao joined #salt
06:19 fxhp joined #salt
06:22 kshlm joined #salt
06:39 nZac joined #salt
06:40 lubyou joined #salt
06:41 manji joined #salt
06:48 manji joined #salt
06:51 iceyao joined #salt
06:56 DEger joined #salt
06:57 kaushal_ joined #salt
06:59 fannet_ joined #salt
07:01 manji joined #salt
07:01 DEger joined #salt
07:02 toanju joined #salt
07:04 fracklen joined #salt
07:07 fracklen joined #salt
07:13 Ayo joined #salt
07:14 jhauser joined #salt
07:22 ravenx joined #salt
07:23 ravenx how can i use client_acl to restrict certain users to only a few servers
07:28 KermitTheFragger joined #salt
07:29 GreatSnoopy joined #salt
07:31 ravenx joined #salt
07:33 fracklen joined #salt
07:40 nZac joined #salt
07:47 manji joined #salt
07:48 gcmacmalloc joined #salt
07:50 deniszh joined #salt
07:51 lero joined #salt
08:00 linjan joined #salt
08:03 fracklen joined #salt
08:06 fracklen joined #salt
08:08 fracklen_ joined #salt
08:09 fracklen joined #salt
08:12 krymzon joined #salt
08:12 s_kunk joined #salt
08:18 s_kunk joined #salt
08:18 s_kunk joined #salt
08:19 arnaud hello
08:21 arnaud I just configured my mysql returner (master job cache)
08:21 arnaud and i'm surprised about informations stored
08:21 arnaud nothing about changes
08:25 jhauser joined #salt
08:30 iceyao joined #salt
08:31 kbaikov joined #salt
08:32 mikecmpbll joined #salt
08:34 Rumbles joined #salt
08:37 keimlink joined #salt
08:38 krymzon joined #salt
08:39 kbaikov joined #salt
08:41 _mel_ joined #salt
08:42 Derailed Hey everyone. I'm really confused about one aspect of salt's execution model. Can one minion see all the commands that another minion is receiving? Including arguments? The docs say that all salt commands are always published to ALL minions.
08:42 AndreasLutro Derailed: no
08:42 AndreasLutro where does it say that?
08:43 Derailed https://docs.saltstack.com/en/latest/topics/development/architecture.html
08:43 Derailed "The Salt master works by always publishing commands to all connected minions and the minions decide if the command is meant for them by checking themselves against the command target.
08:43 Derailed "
08:44 tuxick sounds crazy
08:44 Derailed in addition: if I send a 'test.ping' to one minion, a completely different minion DOES receive some kind of message: 2016-06-29 08:43:49,717 [salt.transport.mixins.auth][TRACE   ][3189] Decoding payload: {'load': '\xf7Gw\x84\x9d5\xc3\xbbe`\xd2\x85\x94,\x0b\xb1\x85L\xd3
08:44 Derailed I really need to know if it's the case that one minion can see all the commands going to another minion
08:45 Elsmorian joined #salt
08:45 AndreasLutro might be unrelated, salt sends a lot of messages back and forth in the background for keeping the connection alive and more
08:46 AndreasLutro I think the docs are just wrong though
08:46 Derailed No. it's definitely a message triggered by the 'test.ping', I'm trying to work out if it's decryptable by that minion or not
08:46 Derailed but if I'm understanding correctly, it's the MINION that decides if it's the target of a command, and not the master. and that REALLY worries me
08:47 AndreasLutro there's just no way that's true. if it was the case I'd get ping timeouts every time I target a single minion and there are other minions that are down
08:48 AndreasLutro open an issue for it on github imo
08:48 Derailed see for yourself: set the log_level to 'all' on one of your minions, and watch the logs when you send a test.ping to another minion
08:49 Derailed nah, you wouldn't see ping timeouts: as it says: it sends the message to all connected minions immediately
08:49 AndreasLutro yeah I'm seeing it
08:49 Derailed this is only a problem for me if that minion can decrypt the message
08:50 Derailed I don't want random minions seeing commands being sent to other minions
08:50 Derailed (imagining maliciousness)
08:51 tuxick salt documentation leaves some room for improvement anyway
08:54 Trauma joined #salt
08:55 krymzon_ joined #salt
08:57 Derailed Yup. I can confirm it. any minion can see all commands sent to every minion
08:57 Derailed that is NOT VERY WELL documented
08:57 Derailed and it's pretty upsetting
08:58 Derailed 2016-06-29 08:57:07,993 [salt.transport.mixins.auth][TRACE   ][3894] Decoded payload: {'load': {'tgt_type': 'glob', 'jid': '20160629085707785877', 'tgt': 'master', 'ret': '', 'user': 'sudo_admin', 'arg': [], 'fun': 'test.ping'}, 'enc': 'aes'}
08:58 kbaikov joined #salt
08:59 AndreasLutro the hell
09:01 permalac I get this weird comment on a test=True execution  State 'grains.present' was not found in SLS 'ceilometer.control'       , I have the same code on another file and it works. I have even copy pasted from the working one and still.
09:02 manji joined #salt
09:04 Derailed AndreasLutro, this is in the documentation on the pillar stuff: "Be aware that when sending sensitive data via pillar on the command-line that the publication containing that data will be received by all minions and will not be restricted to the targeted minions. This may represent a security concern in some cases."
09:06 kbaikov joined #salt
09:13 jhauser joined #salt
09:13 Garo_ joined #salt
09:17 manji joined #salt
09:19 tuxick sounds like a design flaw to me
09:19 Trauma joined #salt
09:19 Derailed it sounds like something I could have worked around a whole hell of a lot easier if I had known before.
09:20 tuxick ?
09:20 AndreasLutro I kinda understand it because you can target by grains and stuff... but surely there must be a better way to implement that
09:20 Derailed My use case is such that the owners of some minions don't always trust the owners of other minions
09:20 Derailed so I have to be careful with what minions can see
09:20 tuxick makes sense
09:21 Derailed so, anything even REMOTELY secret has to go in pillars.
09:21 Derailed now, I already knew that
09:21 Derailed but I didn't realise that even things like command line arguments could be leaked
09:22 Derailed and publishing any NEW pillar data also leaks to all minions
09:23 Derailed so to get new data to a minion safely, I have to use a program to generate a new pillar file, THEN tell the minion to refresh its pillar, THEN ask the minion to do the job I want it to do, using the data in the pillar
09:23 Derailed that's a lot messier than what I thought I'd be able to do.
09:23 tuxick i prefer the push system ansible uses anyway
09:24 tuxick but that too feels a bit nasty, using ssh/root
09:24 Derailed whelp, I am thoroughly depressed and having a mild anxiety attack. so I'm getting out of here. I'll sleep on it and tomorrow I can work out just how the HELL I'm going to fix this :-(
09:24 iceyao joined #salt
09:26 Phil-Work joined #salt
09:26 Derailed thanks tuxick and AndreasLutro for your input
09:27 Phil-Work is there any way to stop pkg.install being destructive and removing packages which conflict with what you're trying to install?
09:28 fredvd joined #salt
09:28 Phil-Work just had a problem where 14 servers (handily, only staging) got pretty much wiped clean because rsyslog was installed by Salt which removed a load of other packages which conflicted
09:29 tuxick sounds like a stupid package manager doing what it gets told?
09:29 iggy Derailed: you understand correctly
09:29 Phil-Work tuxick, indeed
09:29 Phil-Work that package manager being apt
09:30 Phil-Work but I can't see a way to make salt tell it to stop being destructive in these instances
09:30 iggy Phil-Work: that's why we test things before production
09:31 Phil-Work iggy, indeed
09:31 Phil-Work it is the testing that destroyed them
09:31 iggy I've said it plenty of times... salt is a loaded weapon that you are being handed
09:31 Phil-Work I could, admittedly, have done the testing on a smaller subset of servers rather than '*'
09:31 iggy it's your job to not shoot your toes off
09:32 Rkp the test=True option at the end of the line can sometimes give you info on what will be done
09:33 Phil-Work it gives no useful info here
09:33 Rkp I don't know how much insight it gives on package installation
09:33 Phil-Work it simply says rsyslog will be installed, not that everything else will be uninstalled
09:33 Rkp ouch, then it's a nice "gotcha"
09:33 iggy loaded weapon
09:34 Phil-Work even a loaded weapon has a safety catch ;)
09:34 Phil-Work ideally the "test" output needs bulking out for package installs
09:35 mikecmpbll i can understand clearly using the ssh_auth states how to ensure keys are present on a minion—how would I approach ensuring that no others are present and maintaining the whole state of authorized_keys ?
09:36 netcho joined #salt
09:39 Phil-Work mikecmpbll, can't you just manage the file rather than use the module?
09:40 mikecmpbll Phil-Work : oddly, that only really dawned on me as i was writing it out, but yeah i guess that'd do it.
09:40 nZac joined #salt
09:43 Phil-Work the modules are great if you want to manually and automatically manage things
09:43 Phil-Work but most of the time, they get in the way if you're doing purely automated management
09:44 Phil-Work and given that, certainly Debian 8, has something.d directories for most stuff, there's rarely any need to use most of the modules
09:48 hrumph joined #salt
09:48 hrumph hi
09:51 hrumph wehn calling a function f in module m, with a signature like def f(*args):, can i use __salt__['m.f'](mylist), because it sure as heck doesn't seem to be working
09:51 hrumph i'm trying to chase down a bug here
09:51 mikecmpbll Phil-Work : thanks for the philosophical advice ????????
09:58 pfallenop joined #salt
10:03 manji joined #salt
10:08 tpaul joined #salt
10:11 Trauma joined #salt
10:28 Trauma joined #salt
10:29 netcho joined #salt
10:39 hrumph wait i'm wrong i'm sorry, just i'm new to python....
10:40 hrumph still found a bug but didn't understand why it was a bug
10:42 hrumph this time i didn't understand what pythong was doing
10:48 hax404 joined #salt
10:52 dendazen joined #salt
10:57 hax404 joined #salt
10:59 tinyRick joined #salt
10:59 ajv joined #salt
11:00 rem5 joined #salt
11:00 dmaiocchi joined #salt
11:01 fannet_ joined #salt
11:03 DEger joined #salt
11:06 manji joined #salt
11:12 teryx510 joined #salt
11:15 kevinquinnyo joined #salt
11:24 netcho joined #salt
11:25 manji joined #salt
11:28 Trauma joined #salt
11:29 subsignal joined #salt
11:30 tracphil_ joined #salt
11:32 netcho joined #salt
11:35 numkem joined #salt
11:37 MadHatter42 joined #salt
11:40 netcho joined #salt
11:41 nZac joined #salt
11:55 Slimmons joined #salt
12:03 DammitJim joined #salt
12:05 morissette joined #salt
12:06 netcho joined #salt
12:08 CeBe1 joined #salt
12:11 subsignal joined #salt
12:11 numkem joined #salt
12:13 subsignal joined #salt
12:17 amcorreia joined #salt
12:21 Slimmons I'm trying to use the salt-api, and it doens't seem to be working.  Any ideas on what could be wrong?  Here's a gist of my setup.  https://gist.github.com/Slimmons/a6ed94db751cf57bec59519155af9ecd
12:21 west575 joined #salt
12:22 tracphil joined #salt
12:28 iceyao joined #salt
12:34 abednarik joined #salt
12:38 glyf joined #salt
12:41 kawa2014 joined #salt
12:45 rhodgin joined #salt
12:47 ravenx joined #salt
12:47 ravenx is there a way to activate a venv in the start of an .sls file
12:47 ravenx instead of having to do everything via:      cmd.run:  - name:  source venv/bin/activate && run-script.sh?
12:48 nZac joined #salt
12:49 nZac joined #salt
12:50 numkem joined #salt
12:53 dendazen joined #salt
12:55 abednarik joined #salt
12:55 netcho joined #salt
12:56 oida joined #salt
12:57 Sylvain31 joined #salt
12:57 rhodgin joined #salt
13:03 Slimmons I'm a salt noob, so I'm not 100% sure, but do you know if https://docs.saltstack.com/en/latest/ref/states/all/salt.states.virtualenv_mod.html can activate the venv?  I would think it could.
13:05 gmacon joined #salt
13:06 ravenx Slimmons:  i have a similar question too
13:07 jenastar joined #salt
13:07 mage_ what are you trying to achieve?
13:07 ravenx i need to run a buncha scripts with the venv activated
13:07 ravenx instead of having to do everything via:      cmd.run:  - name:  source venv/bin/activate && run-script.sh?
13:07 ravenx is there some state i can declare?
13:07 mage_ just use the python from the venv?
13:07 ravenx waht if it's a shell script?
13:08 mage_ use $> env python?
13:09 Slimmons I'm trying to use the salt-api, and it doens't seem to be working.  Any ideas on what could be wrong?  Here's a gist of my setup.  https://gist.github.com/Slimmons/a6ed94db751cf57bec59519155af9ecd
13:10 ravenx what is the $>
13:10 ravenx i have never seen it in my life
13:11 mage_ I mean just use env python
13:11 ravenx in the shell script?
13:13 mage_ or use /bin/sh -c "..."
13:14 rem5 joined #salt
13:16 mage_ something like /bin/sh -c ". your/venv/bin/activate && run-script.sh"
13:17 dps joined #salt
13:20 dps Hi.  Really dumb question. I have salt-ssh configured correctly, i.e. I can run: sudo salt-ssh -i '*' -r 'uptime'.  My problem is that when I run salt-ssh '*' cp.list_master I see a huge json stack tracey-dump.  I have no idea why.  I have successfully executed this command on other masters and basically just seen a file of directories.  am I doing something wrong? I do not have any backend other than file roots configured.
13:21 ravenx thanks mage
13:22 rem5 joined #salt
13:22 nZac joined #salt
13:29 protoz joined #salt
13:34 Trauma joined #salt
13:35 mpanetta joined #salt
13:36 mjimeneznet joined #salt
13:36 mapu joined #salt
13:37 mjimeneznet Hi, I have a doubt about workflow. We have saltmaster in a server, and the salt code in github in the master branch. How can multiple developers works with branchs for saltstack code and then use branchs on the saltmaster server?
13:43 AndreasLutro mjimeneznet: either set up different environments in salt (difficult) or just set up different salt masters for each environment/branch you want to test/stage
13:43 bowhunter joined #salt
13:43 dps here is a gist from my issue above btw: https://gist.github.com/dsulli99/d81f202614f5c91da9b65c0d2ec6b534
13:43 dps i am not even sure what to call that output btw
13:44 dps (its longer than i posted, that is just the begging, it is very comprehensive)
13:44 dps looks like some sort of environment dump
13:44 tapoxi joined #salt
13:45 rhodgin joined #salt
13:45 mjimeneznet AndreasLutro: you can have different saltmaster under /home/user in the same server? now we have as root user under /srv/SaltMaster
13:47 tuxick was trying to connect a minion but decided it had wrong hostname
13:47 tuxick i changed hostname but it still tries to connect as old hostname
13:47 tuxick where is this 'remembered' ?
13:47 AndreasLutro mjimeneznet: we run an entirely different server for the staging/testing salt masters
13:48 AndreasLutro tuxick: the master doesn't connect to the minion, the minion connects to the master
13:49 tuxick oww nevermind
13:49 tuxick AndreasLutro: i know :)
13:49 tuxick forgot minion_id
13:50 mjimeneznet AndreasLutro: wow... is a bit crazy have a server for each staging/testing...
13:51 AndreasLutro you think?
13:51 AndreasLutro for quick development and testing you should just set up local VMs anyway
13:52 Guest_84857 joined #salt
13:52 Guest_84857 Allah is doing
13:52 Guest_84857 sun is not doing Allah is doing
13:53 Guest_84857 moon is not doing Allah is doing
13:53 dps alrighty then
13:53 Guest_84857 stars are not doing Allah is doing
13:53 Slimmons lol english is hard
13:53 Guest_84857 planets are not doing Allah is doing
13:53 AndreasLutro lol this spam again
13:53 Slimmons I hope this is the intro to a rap song
13:53 Slimmons turn my headphones up
13:54 Slimmons anybody used salt-api and think they can give me a hand figuring out a problem?
13:54 Guest_84857 galaxies are not doing Allah is doing
13:54 Guest_84857 oceans are not doing Allah is doing
13:54 Guest_84857 mountains are not doing Allah is doing
13:54 dps here you go Slimmons https://soundcloud.com/iamwaltbreezy/guccihomesnippetprod-by-waltbunmixed
13:55 Guest_84857 trees are not doing Allah is doing
13:55 Guest_84857 mom is not doing Allah is doing
13:55 Slimmons lol
13:55 Slimmons nice dps
13:55 Guest_84857 dad is not doing Allah is doing
13:55 Guest_84857 boss is not doing Allah is doing
13:55 Guest_84857 job is not doing Allah is doing
13:55 Slimmons but can allah help me with my salt-api problems?
13:55 Slimmons is he doing remote deploys?
13:56 Guest_84857 dollar is not doing Allah is doing
13:56 Guest_84857 degree is not doing Allah is doing
13:56 Guest_84857 medicine is not doing Allah is doing
13:56 Guest_84857 customers are not doing Allah is doing
13:56 sagerdearia joined #salt
13:57 Guest_84857 you can not get a job without the permission of allah
13:57 Guest_84857 you can not get married without the permission of allah
13:57 dps lol @ slimmons
13:58 Guest_84857 nobody can get angry at you without the permission of allah
13:58 Slimmons dps: I wonder why that guy from the song you linked is holding an unfinished rifle.  There's no sites on it.  Looks like they bought the platform, then just handed it to him.
13:58 abednarik joined #salt
13:58 Slimmons I wonder if this person talking about allah even knows what these things say.  Most of them don't even make sense
13:58 protoz joined #salt
13:59 tuxick religion may cause serious braindamage
14:00 tuxick and vice versa
14:00 dps im sure he is trying to articulate that allah is all powerful.  there are like 99 names for allah http://www.searchtruth.com/Allah/99Names.php
14:00 inad922 joined #salt
14:01 dps slimmons: not sure about the rifle. that guy makes some cool beats though.
14:01 ravenx ^
14:01 ravenx ^
14:01 ravenx lol
14:01 tuxick my cat also has 99 names
14:01 tuxick i used them all when trying to walk in kitchen
14:01 dps haha
14:02 tuxick cool, ran salt on a freshly installed vm
14:02 tuxick only thing failing is some selinux pain
14:02 tuxick but software + accounts etc all ok
14:02 jenastar joined #salt
14:04 badon joined #salt
14:05 gcmacmalloc joined #salt
14:06 tuxick yet for some unknown reason it keeps updating my authorized_key for my own useraccount
14:07 kevinquinnyo joined #salt
14:08 catpig joined #salt
14:08 kevinquinnyo i'm trying to replace a line like this 'tcp|d|s=22|d=7.7.7.7 # possible comment here' using file.replace module function
14:09 netcho joined #salt
14:10 kevinquinnyo if i manually set a variable: rule='tcp\|d\|s=22\|d=7.7.7.7' Then run file.replace with pattern='^{0}(( +)?\#.*)?$\n'.format(rule)
14:11 kevinquinnyo it works as expected. But if rule='tcp|d|s=22|d=7.7.7.7' And i do rule=rule.replace('|', '\|') it doesn't work.  Any ideas on how i can get this to work
14:11 rem5 joined #salt
14:11 kevinquinnyo i just realized this is more of a python re.search question than a file.replace question most likely
14:17 schemanic joined #salt
14:17 _JZ_ joined #salt
14:18 bowhunter joined #salt
14:20 morissette joined #salt
14:22 kawa2014 joined #salt
14:23 knine joined #salt
14:24 toastedpenguin joined #salt
14:25 tuxick awww ffs
14:26 tuxick "parse error somewhere in /srv"
14:26 tuxick Rendering SLS 'base:roles.mail-imap.mysql' failed: Jinja variable 'dict object' has no attribute 'imap-sql-users'
14:26 tuxick pretty sure i didn't touch that, and it worked this morning
14:27 tuxick what it meant was "don't use comma separated hostnames in top.sls"
14:27 berserk joined #salt
14:27 rhodgin joined #salt
14:28 manji lol
14:32 rem5 joined #salt
14:36 Trauma joined #salt
14:36 west575_ joined #salt
14:37 tuxick trying to create user and group vmail
14:37 tuxick leads to "conflicting ID"
14:40 tuxick ah
14:41 DEger joined #salt
14:41 dmaiocchi joined #salt
14:41 west575 joined #salt
14:44 west575__ joined #salt
14:44 pryorda joined #salt
14:44 TooLmaN joined #salt
14:44 pryorda is there a way to hide a password from say something like this....
14:45 pryorda https://gist.github.com/pryorda/927785181cc36224dfc7dc246bcecb7e
14:45 pryorda I'm calling it via salt-call state.sls blah
14:47 Brew joined #salt
14:48 west575 joined #salt
14:50 manji joined #salt
14:51 tapoxi joined #salt
14:53 tuxick ok, all i still need now is figure out why it updates my authorized_keys file on every run
14:53 tuxick and some day figure out how ext_pillar is supposed to work
14:54 dorei joined #salt
14:54 dorei hello
14:54 dorei is there a way to have a jinja template file in utf16-le encoding?
14:57 netcho joined #salt
15:00 kshlm joined #salt
15:03 fannet_ joined #salt
15:05 tuxick oww, found a problem, not getting newlines in a file i create from pillar
15:07 tuxick contents_pillar screwing up?
15:10 raygunsix joined #salt
15:10 ajv joined #salt
15:14 corichar joined #salt
15:15 berserk joined #salt
15:23 pryorda Anyone looking at what I pasted?
15:24 dfinn joined #salt
15:29 FreeSpencer joined #salt
15:29 FreeSpencer joined #salt
15:29 nobrak joined #salt
15:29 nobrak joined #salt
15:30 snergster joined #salt
15:30 tvinson pryorda: are you looking to prevent the password from showing up in the console output from salt?
15:33 pryorda Yes and in the name
15:34 pryorda looks like i just have to use a script
15:34 tvinson one way i know to do that, and there may be a better one, is to use cmd.script with output_loglevel: quiet, and then pass the passsword in with env
15:34 pryorda yep thats what i was going to do :)
15:34 pryorda Seems like there is no way to secret it
15:35 ageorgop joined #salt
15:35 subsignal joined #salt
15:36 coval3nce joined #salt
15:36 basepi joined #salt
15:37 jnilsson joined #salt
15:42 irctc847 joined #salt
15:46 mapu joined #salt
15:48 aagbds joined #salt
15:48 runner7532 joined #salt
15:49 bearonis joined #salt
15:50 glyf joined #salt
15:51 bearonis The `user.present` always shows that the result was changed on each highstate (i.e., Function: user.present - Result: Changed) is this normal? This is shown for every user even if they already exist.
15:51 runner7532 I need some help for Salt on Windows. I am trying to add a domain user to the Local Administrators group on her PC.
15:53 runner7532 Looking at this page https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_useradd.html I figured the command to user is a variation of salt CompName user.addgroup User administrators
15:55 pryorda Interesting tvinson my script cant read the variables that were created :/
15:57 tvinson pryorda: what does a paste look like?
15:58 pryorda sec
15:59 runner7532 THe command returns false every time no matter the way I try the command
16:03 runner7532_ joined #salt
16:06 pryorda tvinson: https://gist.github.com/pryorda/db888ea9e84da3e6919850564436edfe
16:07 pryorda I think it might because im switching shells?
16:07 mavhq joined #salt
16:12 toanju joined #salt
16:15 bltmiller joined #salt
16:16 mavhq joined #salt
16:19 bltmiller joined #salt
16:19 tapoxi joined #salt
16:20 woodtablet joined #salt
16:22 blueelvis joined #salt
16:24 manji joined #salt
16:26 Edgan joined #salt
16:27 Trauma joined #salt
16:27 Fiber^ joined #salt
16:32 dmaiocchi joined #salt
16:32 oida joined #salt
16:34 jab416171 what's the best way to manage something like HISTSIZE in root's .bashrc or .bash_profile?
16:34 jab416171 file.managed? file.append?
16:35 bfig_ joined #salt
16:35 bfig___ joined #salt
16:36 netcho joined #salt
16:37 garphy joined #salt
16:39 woodtablet i would go with file.managed
16:41 woodtablet how do i do a dict.has_key kind of thing with pillars? I have a pillar like so: https://gist.github.com/gwaters/9d2b851c1b326ca4405317d14bd9ae43 I want to be able to do a formula where it will look in a role pillar  and if the dict has the key of the hostname, run the state file. The available pillar modules dont seem to have this function, and I dont  really want to have to loop through the entire pillar.get_items and see  if the value match
16:41 hasues joined #salt
16:42 babilen foo in d.keys()
16:43 babilen (or just "foo in d" or "if d.foo is defined")
16:43 woodtablet babilen: wonderful! thanks!
16:45 onlyanegg joined #salt
16:46 woodtablet i didnt know "in" was a key word, very helpful
16:53 abednarik joined #salt
16:56 hasues left #salt
16:58 Brew joined #salt
16:59 dmaiocchi joined #salt
17:04 fannet_ joined #salt
17:05 knine Is Salt still sending its releases to EPEL, or is it recommended to use http://repo.saltstack.com/#rhel ?
17:06 kwakhed joined #salt
17:07 mapu joined #salt
17:07 kwakhed So Tornado Transport seems to be more stable in 2016.3, sounds promising. Doesn't seem to be a lot of documentation though. Anyone have any links or documentation I could check out?
17:10 kevinquinnyo anyone know if there is an OnApp cloud module out there somewhere?
17:13 mikecmpbll joined #salt
17:16 bltmiller joined #salt
17:17 tvinson knine: https://github.com/saltstack/salt/issues/29132
17:17 saltstackbot [#29132][OPEN] Saltstack Yum Repo overwriting packages from CentOS Base | It appears that Salt 2015.8.1 from repo.saltstack org is pulling two dependencies from that repo that are overwriting the Base CentOS repo.  PyYAML 3.10 and python-crypto 2.0.1 are being replaced....
17:19 tvinson saltstack repo is broken and dangerous right now
17:19 KyleG joined #salt
17:19 KyleG joined #salt
17:20 dmaiocchi joined #salt
17:25 knine thanks tvinson.  I can handle using an older version of Salt in the name of system stability
17:25 pryorda tcolvin: do you know of a way to delete a salt-key from within a state?
17:25 pryorda i.e salt-key -d hostname*
17:26 tberch8 joined #salt
17:26 abednarik joined #salt
17:26 bltmiller pryorda: would this work? https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html
17:32 beardedeagle joined #salt
17:34 rylnd joined #salt
17:34 pryorda bltmiller: not sure.
17:34 pryorda I mean the idea sounds like it would work.
17:34 rylnd hey guys, quick question: does salt or salt-cloud support add tags to VMware Virtual Machines?
17:37 mpanetta joined #salt
17:40 s_kunk joined #salt
17:40 s_kunk joined #salt
17:42 bltmiller joined #salt
17:42 bltmiller pryorda: only one way to find out :)
17:42 DEger joined #salt
17:43 glyf joined #salt
17:45 tapoxi joined #salt
17:46 toastedpenguin1 joined #salt
17:48 linjan joined #salt
17:55 writtenoff joined #salt
17:58 abednarik joined #salt
17:59 sjorge joined #salt
18:01 sjorge joined #salt
18:01 tberch8 joined #salt
18:09 dmaiocchi joined #salt
18:10 gcmacmalloc joined #salt
18:14 berserk joined #salt
18:15 fannet_ joined #salt
18:20 berserk joined #salt
18:20 ajw0100 joined #salt
18:20 rem5 joined #salt
18:22 fracklen joined #salt
18:22 berserk_ joined #salt
18:25 M-cpt joined #salt
18:25 berserk joined #salt
18:26 west575 joined #salt
18:28 amcorreia joined #salt
18:28 whaity joined #salt
18:37 tberch8 joined #salt
18:38 drawsmcgraw joined #salt
18:40 Slimmons Anybody worked on salt-api much, that can help me out with a problem?
18:41 dmaiocchi joined #salt
18:47 tvinson Slimmons: i've done some work with it, what are you seeing?
18:47 Slimmons https://gist.github.com/Slimmons/a6ed94db751cf57bec59519155af9ecd
18:47 Slimmons here's how I have it set up
18:47 Slimmons the problem is that it's returning ok, like everything worked, but nothings actually happening
18:48 rem5_ joined #salt
18:52 subsignal joined #salt
18:54 tvinson i haven't spotted anything yet, but have you looked at the event bus when hitting the api?
18:54 nZac joined #salt
18:57 nZac joined #salt
18:57 ignarps joined #salt
18:58 patrek joined #salt
19:00 subsignal joined #salt
19:02 graffic joined #salt
19:02 tberch8 joined #salt
19:03 SubOracle joined #salt
19:03 Dev0n joined #salt
19:03 thehaven joined #salt
19:05 subsigna_ joined #salt
19:05 GreatSnoopy joined #salt
19:10 dmaiocchi joined #salt
19:13 gulaghad joined #salt
19:14 tvinson Slimmons: dumb question, but did you restart the salt master after adding the reactor configuration?
19:15 Horgix joined #salt
19:15 Ssquidly joined #salt
19:16 berserk joined #salt
19:19 rem5 joined #salt
19:19 mikecmpbll joined #salt
19:20 Slimmons Yeah, I restarted it.  How do I look at the event bus?
19:21 Slimmons I actually restarted the whole server just to make sure.
19:21 deniszh joined #salt
19:25 sjmh hm, do you have to pass something special in to run .bat scripts on windows hosts via cmd.script?
19:25 sjmh https://gist.github.com/sjmh/c4a3da29432febec8a8bd9ac247cf5f1
19:26 kevinquinnyo Slimmons: on salt master, you can run: salt-run state.event pretty=True
19:26 ajw0100 joined #salt
19:26 bltmiller joined #salt
19:27 cyborg-one joined #salt
19:28 noraatepernos joined #salt
19:29 noraatepernos Hi all.  In deployments with git, should I run git.latest as www-data in my nginx environment?
19:29 noraatepernos I think I just need to ensure that the target is owned by www-data as well.
19:32 kevinquinnyo noraatepernos: sure, there is a 'user' keyword argument you can pass to git.latest
19:32 toanju joined #salt
19:32 kevinquinnyo the only consideration would be if it's a private repo and you'd have to give www-data access to your git repo which might not be a good idea
19:33 Slimmons tvinson: I updated the gist to show the output of the event bus
19:33 Slimmons and thanks kevinquinnyo for the info.
19:33 kevinquinnyo if that's the case do git.latest as root or an admin user, then do cmd.run 'chown -R /var/www/whatever-the-path-is' and set a requisite so it runs after git.latest
19:34 tvinson Slimmons: salt/netapi/hook/services/restar typo in curl?
19:35 Slimmons it was, but only for that last time I ran it
19:36 Slimmons I re-ran it with correct name, and it did the same thing
19:36 Slimmons which is weird right?  shouldn't it have failed?
19:38 tvinson i don't think it should have failed, you're not calling the state directly. you're putting an event on the bus.
19:39 wryfi when using environments, does salt merge the pillar top file the same way as it merges the state tree topfile?
19:42 Trauma joined #salt
19:43 DEger joined #salt
19:45 abednarik joined #salt
19:45 badon joined #salt
19:49 wryfi is anyone doing anything to create inline docs for their salt states? using sphinx or similar?
19:58 dmaiocchi joined #salt
20:04 blueelvis joined #salt
20:05 Ayo joined #salt
20:11 jhauser joined #salt
20:19 alinuxninja joined #salt
20:19 tberch8 joined #salt
20:24 renaissancedev joined #salt
20:30 bltmiller joined #salt
20:36 rem5 joined #salt
20:36 teryx510 joined #salt
20:39 noraatepernos joined #salt
20:39 renaissancedev Does anyone know if the cloud subsystem is one of the ones that supports the _ prefix? (As in _modules or _states)
20:40 Trauma joined #salt
20:45 Rumbles joined #salt
20:46 iggy renaissancedev: no
20:49 irctc183 joined #salt
20:50 irctc183 hello everyone!
20:50 irctc183 I have one small problem, would someone be able to help
20:51 renaissancedev iggy: No it doesn't support it or no you don't know?
20:52 irctc183 basically I don't know
20:52 kevinquinnyo what's the syntax for passing an arg and some kwargs to a custom runner from a reactor
20:52 kevinquinnyo (that's a mouthful i know)
20:58 nZac joined #salt
21:00 nZac joined #salt
21:03 snergster joined #salt
21:05 fannet_ joined #salt
21:05 bltmiller joined #salt
21:07 lero joined #salt
21:21 aurynn hey, so I just stumbled across doc indicators that using `salt 'target' some_command` broadcasts to all minions, and lets those minions decide if it was for them? This seems like a massive security flaw if so (IE can't use it in a multi-tenant environment), and is there a plan to fix it?
21:22 woodtablet babilen: i switched to the if statement, and it works when the minion is the role group, but if it is not, i get a weird error "ID test in SLS core.test is not a dictionary". I looked in the /var/log/salt logs on the master but didnt see anything. I thought the if would only run if it was in the dict. https://gist.github.com/gwaters/991085d152f08132fe914073dc34753b
21:22 woodtablet aurynn: what about using nodegroups ? or does that still broadcast to all the minions ?
21:24 aurynn woodtablet, I'm looking at https://docs.saltstack.com/en/latest/topics/development/architecture.html (item #4 in Job Flow)  and a note in https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html#setting-pillar-data-on-the-command-line
21:24 kevinquinnyo woodtablet: if you want the error to go away, you might be able to just put an {% else %} and then an empty dict
21:24 aurynn specifically " sending sensitive data via pillar on the command-line that the publication containing that data will be received by all minions and will not be restricted to the targeted minions"
21:25 woodtablet kenvinquinnyo: ok, i ll try that, but why does it need a dict ? thats the part that confuses me
21:25 kevinquinnyo because that's what a state is
21:25 woodtablet kevinquinnyo: ohhh
21:26 subsignal joined #salt
21:26 woodtablet kevinquinnyo: i see, thank you for opening my eyes. i came from chef.. and my brain wasnt thinking in the right context. thanks kevin
21:26 kevinquinnyo if you were to write a state in python (not in jinja) it would look like states['test'] = {'name': 'pkg.installed', 'pkgs': ['telnet']}
21:26 kevinquinnyo np
21:26 aurynn I mean, this is equal parts horrifying and rampant security leak if I'm ever doing stuff with the CLI
21:27 aurynn and architecturally seems bogus? as the pillar correctly does server-side targeting
21:28 pcn From the CLI, you're passing it into the targeted minions, right?
21:28 aurynn pcn, yes
21:28 ajw0100 joined #salt
21:28 aurynn look at the docs - it broadcasts _targetted to a single minion_ message to _all minions connected_
21:28 kevinquinnyo woodtablet: honestly that's why i prefer the py renderer.  I think jinja puts the wizard behind the curtain a bit
21:28 aurynn which is _clownshoes_
21:28 pcn It seems like it's clearly saying "don't send your secrets this way"
21:29 aurynn it's saying "don't ever use this in a multi-tenant environment unless you want to leak everything"
21:29 pcn But I'm not in your position, are you thinking of a particular approach that requires a CLI to trasnmit secrets?
21:29 aurynn This isn't just CLI behaviour; this is using the module interface to send commands
21:29 aurynn it's just easily demonstrable on the cli
21:30 woodtablet kevinquinnyo: ya, python is much more clear and straight forward to me as well
21:31 woodtablet aurynn - so secrets is gpg encrypt in the pillars, but i can see your security concerns
21:31 woodtablet aurynn - i mean i gpg encrypt my pillars.
21:32 aurynn pillar itself does server-side targetting. a minion only gets access to what it sees directly
21:32 aurynn but minions themselves decide if they're going to run a module
21:32 aurynn and if you pass a pillar blob it goes to everywhere?
21:32 manji joined #salt
21:32 aurynn which is aagh
21:36 aurynn Looks like a hard rearchitect to using external pillars
21:44 aurynn or tiered masters
21:46 jhauser joined #salt
21:48 woodtablet aurynn: or just seperate masters completely
21:50 lero joined #salt
21:51 tberch8 joined #salt
21:52 rem5 joined #salt
21:52 ruxu joined #salt
21:56 nZac joined #salt
22:09 tberch8 joined #salt
22:10 cabal51 hi, I'm having issues with a few pkg.latest states they fail with this warning:
22:10 cabal51 [WARNING ] Failed to compare version '1.0.2-0.1466124804' to '' using RPM: 'module' object has no attribute 'labelCompare'
22:10 cabal51 [ERROR   ] LooseVersion instance has no attribute 'version'
22:10 cabal51 does this have to do with the weirdness around amazon's amis?
22:11 toofer joined #salt
22:12 glyf joined #salt
22:12 cabal51 there's also a traceback with "AttributeError: LooseVersion instance has no attribute 'version'"
22:23 Heartsbane joined #salt
22:23 Heartsbane joined #salt
22:34 zenlot6 joined #salt
22:38 _JZ_ joined #salt
22:38 iggy aurynn: it's documented (and common sense) therefore not a security issue
22:43 iggy I can't think of a single config mgmt system I'd trust for multi-tenancy tbh
22:46 subsignal joined #salt
22:46 aurynn I am rather astonished that "let the minions decide if they are the thing that should act" and passing data down is "it's common sense to do this"
22:49 abednarik joined #salt
22:52 br joined #salt
23:02 kevinquinnyo1 joined #salt
23:05 fannet_ joined #salt
23:06 iggy that's how message queues work... things subscribe, they get messages, they decide what to do
23:07 Derailed I would assert that could be clearer in the documentation. All the 'targeting' tutorials and stuff really do make it sound like the master is doing the targeting
23:10 aurynn my experience with RMQ has the queue itself determining who gets messages
23:10 aurynn not the consumers
23:10 aurynn which is a lot of where the shock is coming from
23:11 seandavi joined #salt
23:12 seandavi New to salt and salt-cloud, so may be naive questions.
23:15 seandavi I have a salt master running on an ec2 instance and am trying to deploy minions using salt-cloud into ec2.
23:15 keimlink joined #salt
23:16 ajw0100 joined #salt
23:16 seandavi Deployment of an instance works fine.  salt-key reports that the new machine's key has been accepted, etc.
23:17 seandavi But, salt '*' test.ping returns only for the master. Any minions report "minion did not return [Not Connected]".
23:18 seandavi I have a security group that allows port 22 on both master and minions. I am using private IPs for communication as recommended by docs for a master running in ec2.
23:18 seandavi Any suggestions on how to move forward with troubleshooting the connection?
23:19 tberch8 joined #salt
23:19 aurynn seandavi, salt uses some high ports for communications, 4405 and 4406
23:20 seandavi So, those need to be open on the master for incoming?  Outgoing is open for all traffic on both master and minions.
23:21 aurynn yeah, minions connect to the master, so they need those ports open
23:21 aurynn I think there's a page on the docs about firewalls
23:25 renaissancedev joined #salt
23:28 seandavi So, opened ports 4405-4406 on master and no change.  Any other ideas on what to try for troubleshooting?
23:31 iggy it's 4505/4506
23:39 seandavi Thanks for the detail.
23:40 seandavi Docs pointed me to try this on minion: nc -v -z MASTER_IP 4505
23:42 sagerdearia joined #salt
23:44 DEger joined #salt
23:45 seandavi Worked after getting the right ports.  However, ping still returns "minion did not return. [No response]"
23:46 aqua^c joined #salt
23:53 seandavi Now running the salt-minion daemon on one minion in debug mode. It appears that the connection from master is never made.
23:54 seandavi I can do straight ssh to the minion using the private key file.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary