Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:17 brent_ joined #salt
00:19 Steve___ joined #salt
00:24 amcorreia joined #salt
00:35 edrocks joined #salt
00:40 west575 joined #salt
00:52 raspy joined #salt
00:52 ivanjaros joined #salt
00:55 edrocks joined #salt
00:57 antpa joined #salt
01:05 fannet joined #salt
01:06 catpigger joined #salt
01:22 racooper joined #salt
01:38 Nahual joined #salt
01:40 DammitJim joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.11, 2015.8.11, 2016.3.2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:59 ivanjaros joined #salt
02:03 beardedeagle joined #salt
02:10 ksa joined #salt
02:25 Zachary_DuBois joined #salt
02:37 raspy joined #salt
02:38 edrocks joined #salt
02:47 brent_ joined #salt
02:53 ivanjaros joined #salt
02:54 bastiand1 joined #salt
02:55 _JZ_ joined #salt
03:06 fannet joined #salt
03:13 onlyanegg joined #salt
03:32 onlyanegg joined #salt
03:34 antpa joined #salt
03:38 ws2k3 joined #salt
03:48 ivanjaros joined #salt
03:56 ivanjaros joined #salt
04:02 nethershaw joined #salt
04:17 ZachLanich_ joined #salt
04:25 brotatochip joined #salt
04:33 ZachLanich_ joined #salt
04:37 raspy joined #salt
04:41 edrocks joined #salt
04:43 raspy joined #salt
04:48 brent_ joined #salt
04:53 ivanjaros joined #salt
04:59 ivanjaros joined #salt
05:02 akhter joined #salt
05:03 west575 joined #salt
05:03 zer0def joined #salt
06:02 west575 joined #salt
06:11 tpaul joined #salt
06:23 om joined #salt
06:34 MTecknology iggy: how the crap do you get pillar data into your custom script?!
06:35 MTecknology {{ vm }} has what I expect it to, why isn't {{ pillar }} there?
06:35 antpa joined #salt
06:37 brent_ joined #salt
06:37 MTecknology Why can't there be a __allvars__ ? :(
06:39 nkuttler MTecknology: https://docs.saltstack.com/en/latest/ref/states/vars.html
06:39 fracklen joined #salt
06:42 MTecknology nkuttler: I was referring to python.. I'm trying to figure out how to get pillar data when using salt-cloud into the deploy script
06:42 MTecknology {{ pillar[] }} isn't a thing here
06:43 fracklen joined #salt
06:44 edrocks joined #salt
06:45 MTecknology or is this just not possible at all?... :S
06:45 MTecknology seems like jinja stuff /should/ be working here
06:47 t0m0 joined #salt
06:55 iggy no
06:55 iggy the bootstrap script isn't rendered
06:56 iggy what are you trying to do? sounds... odd
07:02 MTecknology ah...
07:03 MTecknology iggy: just trying to have salt-cloud deploy a VPS, install/configure openvpn, establish a vpn connection, and restart the salt-minion process
07:03 MTecknology I'll have a script that handles making sure the vpn is always running
07:06 MTecknology knowing it's not rendered changes things a bit, but I was pretty sure I read the docs as saying it is
07:08 fannet joined #salt
07:08 MTecknology https://docs.saltstack.com/en/latest/topics/cloud/config.html#pillar-configuration
07:08 MTecknology I guess that doesn't really say one way or the other
07:09 MTecknology k... I'm gonna get back at this in the morning.
07:10 MTecknology Seems like openvpn is establishing a connection, but probably running into a firewall problem
07:10 MTecknology even though my firewall says it's fine and happy
07:16 iggy MTecknology: if you were using salt.{states,modules}.cloud.X (vs salt-cloud), you could use pillar values (and then pass certain bits via script_args)... but that would be pillar data local to the minion running those states/modules
07:17 iggy you could use script_args and just have as many profiles as you needed (maybe with some inheritance thrown in to make that easier to maintain)
07:17 jxm_ joined #salt
07:19 MTecknology iggy: I'm fine keeping a script on the salt master that has private data. What I'm trying to do new is actually deploy a VM and get it connected over openvpn. I have it to the point that servers can connect and ping the GW, but can't talk to anything else.
07:21 iggy as I said, we use tinc... it's just a matter of laying down a couple tinc config files and upping that before installing salt-minion and then letting it do the rest
07:21 honestly MTecknology: did you enable client-to-client in the openvpn config?
07:22 MTecknology honestly: yup, I did
07:22 honestly hmm
07:29 MTecknology I give up for tonight... nap time
07:36 brent_ joined #salt
08:01 Electron^- joined #salt
08:28 brent_ joined #salt
08:47 edrocks joined #salt
09:04 ivanjaros joined #salt
09:05 akhter joined #salt
09:07 brent_ joined #salt
09:09 fannet joined #salt
10:11 CeBe joined #salt
10:19 alexhayes joined #salt
10:36 antpa joined #salt
10:38 ronnix joined #salt
10:50 edrocks joined #salt
11:09 fannet joined #salt
11:20 sjorge joined #salt
11:22 brent_ joined #salt
11:30 cyborg-one joined #salt
12:03 bastiandg joined #salt
12:10 hasues joined #salt
12:52 edrocks joined #salt
12:55 Misfit joined #salt
12:57 jaybocc2 joined #salt
13:01 hasues left #salt
13:10 fannet joined #salt
13:14 ronnix joined #salt
13:15 antpa joined #salt
13:25 chrichip joined #salt
13:30 jab416171 joined #salt
13:49 Sammichmaker joined #salt
13:50 west575 joined #salt
13:56 ivanjaros joined #salt
14:07 brent_ joined #salt
14:27 Fiber^ joined #salt
14:30 johnkeates joined #salt
14:33 mikecmpbll joined #salt
14:34 lero joined #salt
14:39 ivanjaros joined #salt
14:54 timoguin joined #salt
14:55 edrocks joined #salt
15:01 akhter joined #salt
15:04 mohae_ joined #salt
15:08 dyasny joined #salt
15:11 jaybocc2 joined #salt
15:11 fannet joined #salt
15:21 timoguin joined #salt
15:28 ingslovak joined #salt
15:42 west575 joined #salt
15:48 ageorgop joined #salt
15:51 marie1972 joined #salt
15:52 marie1972 left #salt
15:54 Steve___ Is it possible to mirror a pillar and grain?  Basically I store my environment for a machine as a pillar (from Foreman), and i want to target based on environment in my pillar top file, but it doesn't seem like that's possible for pillars.  Is there some way to just create an "environment" grain from my "environment" pillar?
15:57 tpaul joined #salt
15:58 edrocks joined #salt
15:59 jaybocc2 joined #salt
16:08 badon_ joined #salt
16:09 antpa joined #salt
16:13 vodik joined #salt
16:15 vodik joined #salt
16:21 lero joined #salt
16:24 johnkeates joined #salt
16:33 brent_ joined #salt
16:40 ssplatt joined #salt
16:51 _JZ_ joined #salt
16:56 pcdummy I did never target with pillar, not sure thats possible.
16:56 vodik joined #salt
16:58 dyasny joined #salt
16:58 edrocks_ joined #salt
17:04 dynamicudpate joined #salt
17:05 impi joined #salt
17:07 timoguin joined #salt
17:12 fannet joined #salt
17:12 lero joined #salt
17:22 ivanjaros joined #salt
17:22 iggy targetting pillars with pillars is not possible
17:22 catpig joined #salt
17:23 iggy I've seen scenarios where certain pillar info was mirrored into grains to deal with chicken-egg scenarios like that
17:26 lero joined #salt
17:38 west575_ joined #salt
17:44 Steve___ iggy do you know how that was done?
17:45 brotatochip joined #salt
17:53 edrocks_ joined #salt
18:11 jaybocc2 joined #salt
18:17 babilen Steve___: https://gist.github.com/bentwire/eda7be0880d2d2c3f95d4d8828d94e16
18:17 babilen (custom grain)
18:22 babilen https://github.com/saltstack/salt/issues/23910
18:22 saltstackbot [#23910][OPEN] Please implement static pillars | Hi,...
18:26 timoguin joined #salt
18:26 badon_ joined #salt
18:27 jaybocc2 joined #salt
18:37 fracklen joined #salt
18:45 writtenoff joined #salt
18:53 akhter joined #salt
18:57 jjasinski_ joined #salt
19:01 edrocks joined #salt
19:01 fracklen joined #salt
19:05 lero joined #salt
19:06 mpanetta joined #salt
19:10 c4rc4s joined #salt
19:11 Steve___ thanks!
19:13 fannet joined #salt
19:19 krymzon joined #salt
19:24 kojiro joined #salt
19:27 fracklen joined #salt
19:33 ZachLanich joined #salt
19:33 Pulp joined #salt
19:33 arif-ali joined #salt
19:41 mikecmpbll joined #salt
19:45 keimlink joined #salt
19:51 mapu joined #salt
19:57 lorengordon joined #salt
20:01 ssplatt joined #salt
20:08 impi joined #salt
20:09 timoguin joined #salt
20:11 antpa joined #salt
20:12 alexhayes joined #salt
20:12 fracklen joined #salt
20:29 lovecraftian joined #salt
20:30 kus joined #salt
20:30 edrocks joined #salt
20:38 jaybocc2 joined #salt
20:43 nicksloan joined #salt
20:45 ssplatt joined #salt
20:54 jaybocc2 joined #salt
21:00 amiskell joined #salt
21:04 edrocks_ joined #salt
21:04 edrocks__ joined #salt
21:14 fannet joined #salt
21:14 edrocks joined #salt
21:22 edrocks joined #salt
21:24 edrocks_ joined #salt
21:29 MTecknology iggy: random thought .. there's definitely jinja processing that happens to the deploy script. You have {{ minion }} (minion config) and {{ vm }} (secret keys) ... seems like we should be able to include pillar data for just this process at that point.
21:29 MTecknology Then I don't need to store unencrypted keys on disk...
21:31 edrocks joined #salt
21:31 ssplatt joined #salt
21:34 alexhayes joined #salt
21:40 ksa joined #salt
21:40 iggy MTecknology: that would be news to me, but salt-cloud runs in the master context... no pillar so to speak
21:41 ksa joined #salt
21:43 MTecknology iggy: that's the thing, though... I expect it to be available in the master context only, and that's who I gave the pillar data to. It's data for the master, I just don't want the data stored in plain text. I'd like to store it encrypted by gpg in the pillar file and have it rendered when the script is being run through jinja
21:44 iggy see 91082734876501238947120938479 tickets about pillar in master context
21:45 MTecknology k?
21:48 iggy I wouldn't count on reliable pillar access from master context
21:49 MTecknology ah, ya.. :(
21:49 ssplatt i’m trying to add a java keystore import step to my x509 cert formula. i’m thinking i need to combine the cert and key and convert them to p12 format before importing but i don’t see any ‘salt’ way of doing that. i’m hoping i don’t have to drop back down to cmd.run to use openssl but it seems i may have to
21:49 MTecknology I feel like it probably exists, though. The documentation hints at it.
21:49 MTecknology If there were such thing in jinja as {{ __ALL_THE_VARIABLES__ }}, I think I'd find it
21:50 iggy ssplatt: letsencrypt?
21:50 ssplatt nah i just want an internal cert
21:50 ssplatt probably only going to use this part for elasticsearch
21:50 iggy fair enough, cmd.run it is
21:51 ssplatt but, was thinking it may be useful elsewhere
21:52 MTecknology I really like acmetool for working with letsencrypt
21:52 MTecknology it's easy to tie into the way salt works
21:53 iggy the letsencrypt formula works alright
21:54 ssplatt …i really hate working with java keystores...
21:54 MTecknology I tend to never actually use formulas for anything beyond reference material
21:55 iggy I wish I still had the code from my old job that handled all this stuff
21:55 akhter joined #salt
21:55 MTecknology you didn't make a secret copy before you left?
21:55 MTecknology for their benefit.. in case they have questions later
21:56 MTecknology last client would sue me senseless if I did that
21:57 ssplatt employer should hire you as a consultant and pay you a consultant fee if they need you to answer questions
21:57 ssplatt copying your previous work is good just for your own portfolio of knowledge
21:58 ssplatt i kept a git repo of my previous ansible stuff, helped me a few times with my new salt things.
21:58 evilRails joined #salt
22:00 MTecknology ssplatt: they kept me on the secret books for 9 months until my replacement was trained up
22:04 MTecknology shouldn't the minion keys salt-cloud generates be auto-accepted on the master?
22:04 ssplatt joined #salt
22:08 ssplatt MTecknology: that also works.
22:19 nidr0x joined #salt
22:20 brent_ joined #salt
22:31 MTecknology iggy: whatever I deploy with salt-cloud has a denied key. :(
22:31 MTecknology not even unaccepted like it just wasn't ever added, but like salt-cloud intentionally put it there and requires an option to change that behavior
22:45 iggy that sucks
22:46 MTecknology I feel like the default behavior would be accepted..
22:52 ssplatt joined #salt
22:55 MTecknology bleh... I'm just gonna go the file a few bugs and wait route. I'm getting nowhere.
23:05 amiskell joined #salt
23:05 jaybocc2 joined #salt
23:06 edrocks_ joined #salt
23:06 nicksloan joined #salt
23:11 manji joined #salt
23:15 fannet joined #salt
23:15 krymzon joined #salt
23:18 amcorreia joined #salt
23:21 jaybocc2 joined #salt
23:23 Deliant joined #salt
23:27 ws2k3 joined #salt
23:28 ws2k3 joined #salt
23:37 timoguin joined #salt
23:41 lumtnman joined #salt
23:46 timoguin joined #salt
23:53 beardedeagle joined #salt
23:57 jeddi joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary