Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 jjasinski_ joined #salt
00:13 antpa joined #salt
00:26 badon_ joined #salt
00:28 alexlist joined #salt
00:37 ronrib joined #salt
00:43 mikecmpbll joined #salt
00:44 nidr0x joined #salt
00:46 scoates anyone familiar with running the test suite on Python 3? following https://docs.saltstack.com/en/latest/topics/tutorials/writing_tests.html#running-the-test-suite ; I get from Crypto.PublicKey import RSA -> ImportError: No module named 'Crypto' ; which package is this?
00:51 scoates looks like it's pycrypto, which is in requirements/zeromq.txt
00:54 alexdong left #salt
00:54 mohae joined #salt
00:55 BretFisher joined #salt
01:00 jaybocc2 joined #salt
01:05 catpigger joined #salt
01:08 jjasinski__ joined #salt
01:09 edrocks joined #salt
01:15 fannet joined #salt
01:36 beardedeagle joined #salt
01:42 beardedeagle joined #salt
01:45 jerryc joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.11, 2015.8.11, 2016.3.2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:49 flebel joined #salt
01:56 flebel_ joined #salt
01:57 akhter joined #salt
01:59 debian112 joined #salt
02:05 flebel_ joined #salt
02:10 g3cko joined #salt
02:11 bastiand1 joined #salt
02:12 writtenoff joined #salt
02:13 flebel_ joined #salt
02:22 akhter joined #salt
02:23 flebel joined #salt
02:25 akhter joined #salt
02:26 iggy MTecknology: fwiw, salt-cloud always accepts my keys... I don't do anything special
02:27 MTecknology iggy: that would have been worth something earlier, ya... turns out using a custom deploy script means you need to have your script stick the minion keys in place before letting salt-minion ever get installed (or run)
02:28 iggy I guess I could have shared my custom script which does that
02:28 * iggy runs
02:29 MTecknology or... salt-cloud could provide samples that don't result in a broken configuration
02:29 MTecknology or... maybe it could provide documentation
02:31 iggy PRs accepted
02:31 MTecknology ya, but I need to wrap my head around it before I can write decent docs
02:31 iggy realistically, salt-cloud is severely limited, I think most people just skip past using it
02:32 MTecknology salt-cloud docs feel like when the reactor system was first released, but... the reactor docs got better
02:32 MTecknology more importantly... I've tried to create two DO servers and each have failed
02:35 flebel joined #salt
02:35 MTecknology root@salt:/etc/salt/pki/master# salt-cloud -p do web.lustfield.net
02:35 MTecknology Error: There was a profile error: Too many failures occurred while waiting for the IP address.
02:35 * MTecknology grumbles
02:44 jerryc joined #salt
02:45 sxar joined #salt
02:48 badon joined #salt
02:49 sxar On Windows minions, should pkg.remove be able to remove externally installed packages that appear in pkg.list_pkgs?
02:50 pppingme joined #salt
02:54 justanotheruser joined #salt
02:56 evle joined #salt
03:00 zifnab joined #salt
03:03 MTecknology iggy: excellent timing... apparently DO is having some issues with "Event Processing Delay" ... I get the feeling that has something to do with salt-cloud now failing in ways that make zero sense
03:12 edrocks joined #salt
03:15 ZachLanich joined #salt
03:16 fannet joined #salt
03:33 BretFisher left #salt
03:46 timoguin joined #salt
03:49 theboy181 joined #salt
03:50 theboy181 left #salt
03:52 raspy joined #salt
03:58 Garo_ joined #salt
04:14 antpa joined #salt
04:33 Edgan joined #salt
04:43 writtenoff joined #salt
05:13 evilRails joined #salt
05:15 edrocks joined #salt
05:16 Shirkdog joined #salt
05:17 fannet joined #salt
05:19 jhauser joined #salt
05:26 iggy sounds like the cherry on top of your weekend
05:31 amy joined #salt
05:50 writtenoff joined #salt
05:50 felskrone joined #salt
05:53 alexhayes joined #salt
05:55 neilf__ joined #salt
05:59 MTecknology iggy: they got back up...
06:04 MTecknology iggy: So... I can now run 'salt-cloud -p do <fqdn>' and have a server deployed in digitalocean with a shared openvpn config, make sure it connects to the ovpn server within 30 seconds or it self-destructs, kicks off a highstate into the background, lets salt-cloud finish up, one minute later the highstate is kicked off ... the ordering is because the highstate will disable root login over ssh. If
06:04 MTecknology I just forked the process into the background, systemdipshit kills it on logout so I get to use atd... whatever... I guess. highstate also removes systemd
06:05 MTecknology Still missing the pillar stuff. I guess in reality, it's not protecting /that/ much so... ooooh well. I'll live without.
06:07 MTecknology salt-cloud -p do <fqdn>; wait... it'll be talking to my salt master, syslog host, backups system, ..., but nothing I haven't explicitly allowed and no client-client chatter
06:08 MTecknology dedicated openvpn server for just these suckers too, so I can keep tight control
06:09 MTecknology I'm excited. This was a good weekend project. Tomorrow, I'll try to get my website deployed fully using salt and then switch DNS. That'll be an easy project. git push; static website (including dynamic search) auto-updated
06:12 writtenoff joined #salt
06:21 jxm_ joined #salt
06:27 jjasinski_ joined #salt
06:28 amy joined #salt
06:31 arif-ali joined #salt
06:43 Sylvain31 joined #salt
06:46 Sylvain31 hi, can I get a return value from a state in jinja and using it as a parameter to the next one. For now what I've found is: {% email_pwd = salt['cmd.run']('get_password %s'|forma(email)) %} is there some internal mechanism to retrieve a return value between state?
06:47 zer0def joined #salt
06:51 raspy joined #salt
06:53 golden_ joined #salt
06:55 fracklen joined #salt
07:06 armin joined #salt
07:14 writtenoff joined #salt
07:17 edrocks joined #salt
07:18 fannet joined #salt
07:27 joe1 left #salt
07:28 vilitux joined #salt
07:36 brent_ joined #salt
07:41 Lucky24 joined #salt
08:02 debian112 joined #salt
08:09 krymzon joined #salt
08:11 lero joined #salt
08:14 kbaikov joined #salt
08:15 writtenoff joined #salt
08:22 kbaikov joined #salt
08:24 ageorgop joined #salt
08:29 rsys joined #salt
08:30 keimlink joined #salt
08:32 alexhayes joined #salt
08:32 Micromus joined #salt
08:45 ronnix joined #salt
09:06 TyrfingMjolnir joined #salt
09:16 writtenoff joined #salt
09:19 fannet joined #salt
09:19 impi joined #salt
09:20 edrocks joined #salt
09:24 manji joined #salt
09:44 jhauser joined #salt
09:54 Electron^- joined #salt
09:55 jhauser joined #salt
10:07 jhauser joined #salt
10:11 impi joined #salt
10:13 blackflow joined #salt
10:16 writtenoff joined #salt
10:16 blackflow Hello. In a template filed applied by a state, can I somehow list (via grains?) all the hostnames (I need their IPv4s actually) to which some other state XYZ is set to be applied?
10:17 blackflow s/filed/file
10:18 blackflow The problem I'm trying to solve is to list automatically in Postfix' mynetworks file all IPv4s of servers that had SSMTP state applied (so they must be listed as allowed to use the smarthost).
10:18 blackflow Alternatively I list them via pillar, but I thought maybe there's a more elegant and automated way...
10:18 jhauser joined #salt
10:18 babilen You can populate the salt mine with the information you need and then target them in the same way in which you target the state
10:19 babilen (or set a grain when you run the state and target based on that, or apply the state to only those boxes that have a specific pillar value set and target the mine call based on that ..)
10:20 blackflow that was the alternative I was considering, target "ssmtp.sls" state to '*' and check via pillar if the hostname is in list of ssmtp servers. That same list I can then use to build the list of ipv4s...
10:21 babilen Do you have no other means for targeting apart from a manually curated list?
10:21 babilen No other logic that guides this?
10:37 akhter joined #salt
10:45 blackflow babilen: it's not targeting that troubles me, it's constructing a list of IPv4s of targets that had state X applied
10:46 blackflow babilen: oh, wait, I see what you mean. I can ask for host data via grains.
10:46 blackflow no. It'd be great if there was some way to tag hosts
10:51 felskrone joined #salt
11:07 babilen blackflow: The underlying question is not "Which hosts have state FOO applied?" but "How do you target hosts that should have state FOO?"
11:07 amcorreia joined #salt
11:08 babilen You can, naturally, tag hosts with their states, but it would be easier if you had a common method to identify hosts that should have a specific state
11:09 babilen I mean .. how are you applying the state to begin with?
11:12 akhter joined #salt
11:16 blackflow babilen: well, literally a list of them, as it's a bit heterogenous setup involving X hosts with Y jails each, not all the same.
11:17 babilen Where do you keep that list?
11:17 blackflow babilen: that's why I want to maintain the list in ONE place. A pillar would be best it looks like.
11:17 babilen Or rather: Which target expression do you use in your top.sls ?
11:18 babilen Which brings me back to the question: "Do you have no other means for targeting apart from a manually curated list? No other logic that guides this?"
11:18 writtenoff joined #salt
11:20 fannet joined #salt
11:20 blackflow babilen: I have four dedicated servers (for now), arwen, rochelle, zoey and xoth. Each is a service-jail host, in two failover pairs. the hosts need ssmtp, then a few jails on each need ssmtp. the jails are named like <service>.arwen.example.com where <service> are stuff like nginx, postgres, uwsgi, sites_1, sites_2, ...
11:21 babilen What decides if a jail needs ssmtp?
11:22 blackflow a few have some cron based tasks and I need them to report failure by mail. sites_X need ssmpt to relay customer sites' contact forms. uwsgi needs to sent out mail too.
11:22 blackflow nginx, postgres, bind, and a few other kinds don't.
11:22 babilen But you don't want all of them to be able to send mail?
11:22 blackflow no need
11:22 babilen Would it be problematic?
11:22 edrocks joined #salt
11:23 blackflow I could simplify and set them all, EXCEPT the MTA itself, to ssmtp to the MTA and be done with it :)
11:23 babilen The question is: What do you gain by not doing that?
11:24 blackflow well, technically, it's a security only measure. reducing the attack surface as much as possible by turning off unnecessary features.
11:25 babilen Okay .. I guess that you are keeping the ssmtp configuration in pillars already?
11:25 blackflow yes
11:25 babilen Why not target the state based on that pillar and then dynamically generate the pillar top.sls or just target it manually there ?
11:26 babilen Or introduce a specific key in the pillar (ssmtp:enabled → True)
11:26 blackflow that's the approach that looks the best, yes.
11:27 blackflow so it was either doing the list in states' top.sls (which kinda complicates the postfix' mynetworks template that needs to find out which hosts apply ssmtp.sls), or do the list in pillars and adjust the ssmtp.sls state to run only if minion ID is listed in the pillar.
11:27 blackflow or, as you say, "ssmtp_enable" is set
11:33 babilen The "No other logic, but a manually curated list" usecase is simply the worst :)
11:34 babilen But then, it sounds as if you actually *do* have a logic in that certain services want to send mails. You could make the ssmtp state a dependency of those and use the same targeting logic
11:34 babilen Various approaches :)
11:37 blackflow yeah. I'm still very new to Salt and need to identify all the antipatterns. Manual lists are always the worst, agreed, that's why I wanted to minimize the impact by having it defined in only one place.
11:40 s0undt3ch joined #salt
11:51 Rumbles joined #salt
11:55 impi joined #salt
12:12 numkem joined #salt
12:19 writtenoff joined #salt
12:25 west575 joined #salt
12:29 edrocks joined #salt
12:29 TomJepp joined #salt
12:29 TooLmaN joined #salt
12:33 akhter joined #salt
12:37 dyasny joined #salt
12:39 edrocks joined #salt
12:42 nicksloan joined #salt
12:48 wangofett joined #salt
12:49 antpa joined #salt
12:50 timoguin joined #salt
12:53 gh34 joined #salt
12:53 fredvd joined #salt
12:54 Brew joined #salt
12:57 amiskell joined #salt
13:00 ssplatt joined #salt
13:13 west575_ joined #salt
13:20 writtenoff joined #salt
13:21 fannet joined #salt
13:23 juanito joined #salt
13:27 nonades joined #salt
13:28 west575__ joined #salt
13:33 akhter joined #salt
13:35 akhter joined #salt
13:36 antpa joined #salt
13:40 akhter joined #salt
13:41 tpaul joined #salt
13:42 racooper joined #salt
13:47 nick79 joined #salt
13:51 bowhunter joined #salt
13:52 akhter joined #salt
13:52 mikeym joined #salt
13:54 WKNiGHT joined #salt
13:55 antpa joined #salt
13:57 akhter_1 joined #salt
13:58 mapu joined #salt
13:58 mpanetta_ joined #salt
13:59 jerredbell joined #salt
13:59 timoguin joined #salt
14:02 amy_ joined #salt
14:03 dyasny joined #salt
14:10 antpa joined #salt
14:12 Edgan joined #salt
14:15 drawsmcgraw joined #salt
14:15 tapoxi joined #salt
14:21 writtenoff joined #salt
14:22 numkem joined #salt
14:24 robinsmidsrod joined #salt
14:29 akhter joined #salt
14:31 ZachLanich joined #salt
14:32 beardedeagle joined #salt
14:34 akhter_1 joined #salt
14:38 jenastar joined #salt
14:40 akhter joined #salt
14:44 akhter joined #salt
14:48 akhter joined #salt
14:51 subsignal joined #salt
14:52 mohae_ joined #salt
14:54 subsignal joined #salt
14:55 ssplatt has anyone succefully added subjectAltname: to a x509 certificate_managed?
14:55 ssplatt i keep getting state errors when i add it.
14:57 ssplatt i’m thinking it’s a bug, since the docs for states.x509.certificate_managed say “kwargs: Any arguments supported by x509.create_certificate are supported.”
14:58 giany is there any recipe that will allow me to run update-grub ?
14:59 ssplatt giany: we made a grub formula and had a cmd.wait: - name: update-grub
14:59 ssplatt that watched for other states to change
15:01 LotR ssplatt: did you put the formula on github or can't it be open sourced?
15:01 ssplatt have not put it on github
15:02 ssplatt https://gist.github.com/ssplatt/7336d12c641180c850d0509e7118e004
15:03 ssplatt thats teh code for the specifically
15:03 ssplatt teh rest of the formula is kind of butchered for our env
15:04 edrocks joined #salt
15:04 ALLmightySPIFF joined #salt
15:05 ssplatt https://gist.github.com/ssplatt/7336d12c641180c850d0509e7118e004  added in the grub_default_config state
15:05 dyasny joined #salt
15:05 ALLmightySPIFF joined #salt
15:05 ssplatt the grub.do_update is a toggle in pillar that you can set to true or false in case you want to completely skip that part or not
15:07 ALLmightySPIFF joined #salt
15:14 Misfit joined #salt
15:14 cro joined #salt
15:16 spuder joined #salt
15:20 akhter joined #salt
15:21 fannet joined #salt
15:22 writtenoff joined #salt
15:22 Sylvain31 hi, is it possible to fireup ipython and init in some way to be able to run such command? salt['pillar.get']('customers:email:accounts') ?
15:22 akhter joined #salt
15:25 akhter_1 joined #salt
15:26 akhter joined #salt
15:28 akhter_1 joined #salt
15:28 _JZ_ joined #salt
15:30 g3kk0 joined #salt
15:31 Sylvain31 … work around: "salt 'mta0*' pillar.get 'customers:email:accounts' --out=yaml > t" ipypton: import yaml;  v = yaml.load(open('t'))
15:31 anotherZero joined #salt
15:38 g3kk0 anyone know why salt-cp would sometimes randomly fail reporting this '[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'salt.example.com_master', 'tcp://127.0.0.1:4506', 'clear')'
15:41 scsinutz joined #salt
15:43 akhter joined #salt
15:45 komljen joined #salt
15:45 akhter joined #salt
15:47 akhter_1 joined #salt
15:49 jenastar left #salt
15:49 komljen Hello everyone, I just discovered that after I install docker-py module I had to restart salt-minion to be able to use dockerng states. Does anybody have same issues? I'm running salt 2016.3.2
15:51 akhter joined #salt
15:54 akhter joined #salt
15:54 fxhp joined #salt
15:56 scsinutz joined #salt
15:58 Rumbles joined #salt
15:58 Ch3LL komljen you probably need to use the refresh argument in the state
15:58 Ch3LL let me find the docs...i think thats the argument
15:59 Ch3LL apologies its reload: https://docs.saltstack.com/en/latest/ref/states/index.html#reloading-modules
16:01 cowza joined #salt
16:01 akhter joined #salt
16:05 spuder_ joined #salt
16:07 komljen hmm, I'm using that already and I think it worked well with older versions of salt
16:08 komljen here is the state file: https://github.com/komljen/rancher-salt/blob/master/salt/docker/init.sls
16:08 komljen I also tried to put reload in state where I'm installing docker-py with cmd.run and also try to use pip.installed
16:08 komljen same result
16:09 hasues joined #salt
16:10 Sylvain31 is there a way to hide passwords in state without writing my own state?
16:11 cmarzullo not really as I understand it. need     - show_changes: False
16:13 Sylvain31 cmarzullo: but if passed for a cmd.run as name: it will be show anyway no custom jinja filter? could look like: "password_manager {{ pass|hide_this }}"
16:16 brotatochip joined #salt
16:17 shiriru joined #salt
16:17 cmarzullo hmmm havn't tried that in cmd.run. what about output_loglevel: quiet for the cmd.run state?
16:18 pipps joined #salt
16:18 writtenoff joined #salt
16:19 shiriru joined #salt
16:20 Sylvain31 hum, may be. or cmd.script with a jinja template passing password inside… should be very slow. one alternative thay raise in my tired mind, is to query pillar from the script given the good key…
16:21 woodtablet joined #salt
16:22 Sylvain31 somewhat salt-call pillar.get passwordstore:custmomer:account_id:pass  --out=newline_values_only
16:22 Sylvain31 I stop on such garbage… ;) bye
16:23 Sylvain31 it works for the moment.
16:28 onlyanegg joined #salt
16:33 tiwula joined #salt
16:40 dyasny joined #salt
16:42 impi joined #salt
16:42 pipps joined #salt
16:46 scsinutz1 joined #salt
16:50 dyasny joined #salt
16:52 writtenoff joined #salt
16:56 DammitJim joined #salt
16:56 DammitJim is orchestration what one uses to deploy a product to multiple minions?
16:57 DammitJim like if I am rolling out a new web app, but it requires a database and nginx as a reverse proxy?
16:57 notnotpeter joined #salt
16:57 cmarzullo To me, it's one of those words that means different things to different people.
16:57 jespada joined #salt
16:57 cmarzullo To me it means starting server one and notifying server two that one is alive.
16:59 akhter joined #salt
17:00 Sokel Why would grains.get fqdn_ip4 show 127.0.1.1 when the lo interface is clearly 127.0.0.1. fqdn_ip4 is not showing the real IP of the system, no matter how many times I clear the salt cache
17:01 tiwula joined #salt
17:01 DammitJim Sokel, what does your /etc/hosts file say?
17:01 DammitJim on the minion?
17:04 tapoxi joined #salt
17:07 chmod666org joined #salt
17:11 Sokel Just has the typical 127.0.0.1 localhost... and ::1 localhost6...
17:11 DammitJim I'm looking to update my /etc/sysctl.conf file to bandaid the tcp flaw
17:11 Sokel There's nothing specific about the system in it.
17:12 DammitJim Sokel, I don't know if this is required, but I have an entry there for the IP address of my machine with the FQDN and host name
17:12 DammitJim other systems for you report the proper IP?
17:15 Edgan joined #salt
17:15 Sokel Correct. Everything reports as they should.
17:15 fredrick joined #salt
17:16 DammitJim weird
17:16 Sokel That's what I'm saying. Makes zero sense.
17:16 DammitJim did you restart the minion?
17:16 Sokel Yes, several times.
17:16 fredrick Anyone doing autoscaling with aws using sqs?
17:18 amy_ joined #salt
17:21 ageorgop joined #salt
17:22 fredrick Sokel: any chance if you do a ifconfig it is wrong as well?
17:22 fannet joined #salt
17:22 sagerdearia joined #salt
17:23 Edgan gtmanfred: https://github.com/saltstack/salt/pull/35452
17:23 saltstackbot [#35452][OPEN] move routine call out of try/except block | What does this PR do?...
17:26 scsinutz joined #salt
17:26 Sokel fredrick: https://paste.fedoraproject.org/408865/12820031/
17:26 pipps joined #salt
17:28 Rumbles joined #salt
17:31 fredrick Sokel: bummer I had the same issue but it was obvious that it was in the config wrong under /etc/udev/rules.d/70-persistent-net.rules
17:31 fredrick But yours looks correct
17:38 cowza joined #salt
17:40 jenastar joined #salt
17:43 scsinutz1 joined #salt
17:44 tuxx joined #salt
17:44 fracklen joined #salt
17:48 akhter joined #salt
17:48 brent_ joined #salt
17:49 impi joined #salt
17:50 akhter joined #salt
17:51 hasues left #salt
17:51 akhter joined #salt
17:55 writtenoff joined #salt
17:55 scsinutz joined #salt
17:59 cliluw joined #salt
18:03 heaje joined #salt
18:04 pipps joined #salt
18:06 akhter joined #salt
18:07 akhter joined #salt
18:09 raspy joined #salt
18:10 raspy hi all, I have a salt file thats using a jinja template, im getting two variables in one line, what is the correct way to add new lines for this if statement http://pastebin.com/fVikmjem
18:10 bluenemo joined #salt
18:10 raspy to the if/else/endif
18:11 jaybocc2 joined #salt
18:11 Edgan raspy: I think you want to change {% else %} to {%- else %}
18:11 blackflow left #salt
18:12 raspy thx Edgan, is there some way to test jinja templates through a salt command line or some util?
18:13 scsinutz1 joined #salt
18:13 iggy MTecknology: you should blog that shit up (well, as much of it as you can make public)
18:15 MTecknology iggy: I will next sunday when I fly out to san jose
18:16 jaybocc2 joined #salt
18:18 MTecknology hopefully I'll get a first class seat, but not likely. Usually that's only DEN->FSD :(
18:18 cscf 'apache_module.enabled' is not available. <- is there another undocumented python dependency I need?  a2enmod is installed.
18:20 bowhunter joined #salt
18:20 MTecknology cscf: did a2enmod only become available after things were loaded? (as part of a state)
18:20 raspy this helped me test jinja templates http://jinja2test.tk/
18:20 cscf MTecknology, I've re-run it a few times
18:21 MTecknology cscf: https://github.com/saltstack/salt/blob/develop/salt/states/apache_module.py#L28 -- that's all I see
18:21 scsinutz joined #salt
18:21 iggy cscf: it's virtual name changed
18:22 iggy wait, nvm, that was htpasswd
18:22 MTecknology hm.. this seems like an interesting way to do the check... could be breaking - https://github.com/saltstack/salt/blob/develop/salt/modules/apache.py#L41
18:26 jaybocc2 joined #salt
18:26 pipps joined #salt
18:26 iggy cscf: you do have a new enough version that has enabled (vs enable) right?
18:27 iggy although, why they didn't put version annotations on that, I'll never understand
18:28 Edgan joined #salt
18:28 subsignal joined #salt
18:32 iggy https://github.com/saltstack/salt/issues/35458
18:32 saltstackbot [#35458][OPEN] SALT.STATES.APACHE_MODULE needs version annotations | Description of Issue/Question...
18:35 raiden joined #salt
18:36 Guest21148 salt --versions-report shows libnacl is not installed. I tried installing libnacl using pip but after that too it does not work
18:36 dyasny joined #salt
18:36 Guest21148 now it is searching for libsodium
18:36 Guest21148 says module 'nacl' is not available
18:36 iggy don't use raet?
18:37 dyasny joined #salt
18:37 Guest21148 using ZeroMQ
18:37 cscf iggy, salt 2015.8.8 (Beryllium)
18:37 tyler-baker joined #salt
18:38 amy_ joined #salt
18:39 cscf Neither "enable" or "enabled" is available.
18:39 bearonis joined #salt
18:39 cscf Last time I had this problem, it was with iptables rules, and there was an undocumented dependency on python-netfilter iirc
18:40 sesa joined #salt
18:40 cowza joined #salt
18:46 akhter joined #salt
18:50 marie1972 joined #salt
18:50 akhter joined #salt
18:54 fredvd joined #salt
18:55 iggy on the minion run `which apachectl || which apache2ctl`
18:56 marie1972 left #salt
18:56 stooj joined #salt
19:01 anotherZero joined #salt
19:03 mpanetta joined #salt
19:03 pipps joined #salt
19:03 pipps joined #salt
19:04 writtenoff joined #salt
19:05 Sammichmaker1 joined #salt
19:05 DammitJim joined #salt
19:06 DammitJim if I want a state to manage a file and then run a command
19:06 DammitJim do I do a require:
19:06 DammitJim - sls: <sls_id> ?
19:07 mdpolaris joined #salt
19:07 cyrus_mc left #salt
19:07 mdpolaris Has anyone used reactors with Salt Environments?
19:08 mvmike joined #salt
19:12 Guest21148 yeah tried it out once
19:13 pipps joined #salt
19:15 pipps joined #salt
19:15 mdpolaris i can’t seem to get saltenv passed through the event. It keeps trying “base”, but the state only exists in my “dev” environment right now
19:16 iggy I don't use environments at all
19:17 lungaro joined #salt
19:17 akhter joined #salt
19:17 iggy DammitJim: require - sls: foo means run everything in foo.sls before the state
19:17 DammitJim iggy, so, the state has to be on a different file?
19:18 Guest21148 how are you passing saltenv through event?
19:18 Guest21148 can you show state
19:18 iggy DammitJim: with sls, yes... it's not super clear what you're trying to do... maybe gist some example code?
19:19 cscf iggy, 'apachectl' exists
19:19 mdpolaris do you just have a separate salt master for testing changes? I have a testing system has has 2 environments setup, and then my production environment just has the single environment. I am trying to basically have, Dev, stage and prod but using only 2 systems so i can test dev and staging on the same minions
19:19 DammitJim iggy, I have an sls file with a file.manage and a cmd.run
19:19 DammitJim I want the cmd.run to only run if the file.managed took effect
19:20 iggy cscf: that wasn't really what I was asking... I was curious where it was installed
19:20 cscf iggy, /usr/sbin/apachectl
19:20 iggy DammitJim: onchanges
19:21 DammitJim oh, thanks!
19:23 iggy cscf: what distro?
19:23 cscf iggy, Ubuntu 16.04
19:23 fannet joined #salt
19:23 iggy cscf: can you do `salt-call apache.check_mod_enabled status` ?
19:24 cscf iggy, Local: False
19:24 iggy so it's at least loading the deb_apache module
19:26 iggy and the state just checks if apache.a2enmod is loaded (which it should be)
19:26 cscf iggy, what exactly is  apache.a2enmod ? a python script?
19:27 iggy it's a python function that wraps the a2enmod cli command
19:28 boredatwork joined #salt
19:29 edrocks joined #salt
19:30 dyasny joined #salt
19:35 Satyajit joined #salt
19:36 Sammichmaker joined #salt
19:37 fxdgear joined #salt
19:38 fracklen joined #salt
19:41 fxdgear howdy! I'm trying to get salt-api working. i've been doing lots of googling and i can't figure outhow to define `uesrname` and `password` for users. I started by following this post here:  http://bencane.com/2014/07/17/integrating-saltstack-with-other-services-via-salt-api/
19:41 fxdgear i can get the example in the post working.
19:41 fxdgear but when i try to connect to any other URI I get 401's :(
19:41 fxdgear even when i try hitting the `login` uri but I don't know where the username/passwords are stored.. and how to edit those
19:43 akhter joined #salt
19:44 fracklen joined #salt
19:45 rubenb fxdgear: What URI are you trying?
19:46 fredrick joined #salt
19:47 fxdgear @rubenb i'm trying to hit `/login`
19:48 fxdgear and trying to get `/minions`
19:48 rubenb fxdgear: Have you set up the authentication?
19:48 fxdgear but everything is coming back as 401.... and I'm struggling to find any documentation that helps me "get off the ground" with understanding the auth system. it seems every post has some sort of assumption... :/
19:48 fxdgear maybe i'm making it too difficult?
19:49 fxdgear in my `/etc/salt/master.d/salt-api.conf` I have setup these 3 lines...
19:49 fxdgear ```externalauth:
19:49 fxdgear pam:
19:49 fxdgear saltdev:
19:49 fxdgear - .*
19:49 fxdgear ```
19:49 fxdgear but where is the pw defined?
19:50 rubenb fxdgear: check: https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
19:51 rubenb Password is stored in pam (ie: /etc/shadow , or normal linux accounts)
19:51 rubenb Well, not stored in pam, but it uses pam to authenticate
19:52 fxdgear @rubenb Ok maybe my problem is the way i created the certs referenced in the post i linked ^^
19:52 fxdgear cause I created the certs according to that post which were different
19:52 rubenb fxdgear: Which version of cherrypy are you using?
19:53 rubenb Default versions on debian don't really work with ssl.
19:54 rubenb This is my salt-api.conf: https://gist.github.com/anonymous/7f147d1d5306ffc955430c68f555c15a
19:55 akhter joined #salt
19:55 ajw0100 joined #salt
19:56 fxdgear @rubenb thanks for the help. I'll poke at this a bit and try starting with the salt docs for the api
19:56 fredrick any one have luck setting up asg using sqs on amazon?
19:57 rubenb fxdgear: Have been brute-forcing this for 2 days last week, so I feel the pain.
19:57 fxdgear :)
19:57 rubenb Also, it seems that some api endpoints require the X-Auth-Token, and some require the username and password.
19:58 timoguin joined #salt
20:00 cyborg-one joined #salt
20:00 mdpolaris @rubenb i have been playing with this for a couple weeks and in my learning the general workflow is to hit /login with a username and password which will return a token, for all other calls you set the token in the X-Auth header
20:00 rubenb fxdgear: Also, if it fits your need: https://github.com/saltstack/pepper
20:02 rubenb mdpolaris: If I post a {mid: 'new_minion_id'} to /keys, I get hit with a 500 error when using the X-Auth-Token. If I post the username, password and eauth, I get what I need.
20:02 mdpolaris one exception to this is /run, you can execute any salt functions you are permitted with a 1 off command that inlcudes the username and pass instead of the token, handy if you don’t need the session management, otherwise you will probably want to use the session management and use the token. So far from my expereince if you want to use authenticated webhooks you will have to use the sessions management
20:07 mdpolaris Unfortunately i haven’t used /keys so i don’t have first hand experience. Not sure if you found the netapi docs, but they helped me find my way a little bit: https://docs.saltstack.com/en/latest/topics/netapi/index.html
20:07 mdpolaris not so much helpful for examples, but its the backend functions so you might get some direction on what to pass through knowing what the backend is expecting
20:10 fxdgear @rubenb question... users defined in the salt-api.conf external_auth section, are they gonna be users that exist on the host machine?
20:10 rubenb mdpolaris: That might be very useful.
20:10 fxdgear ie if I wanna make a new user to access the API I need to create that user on the host?
20:11 rubenb fxdgear: If you use pam: I think so.
20:13 mdpolaris i also had some benefit testing locally with “salt -a pam ‘MINION_ID’  test.ping This will test the salt external auth system using the CLI, so you can remove cheerypy from the mix for testing permissions
20:13 rubenb PS: You can't use root, and should be slapped when trying.
20:14 rubenb Good point, mdpolaris :)
20:14 fxdgear I never really try to do anything as root I'm logged into this box as the default `ubuntu` user...
20:14 fxdgear but thinking I might need to create a salt-dev user for doing some of the salt-api testing...
20:15 rubenb fxdgear:  'sudo useradd saltdev && sudo passwd saltdev'
20:16 * Heartsbane blames robawt
20:16 * robawt probably deserves it
20:16 brent_ joined #salt
20:16 Heartsbane It is Monday.
20:17 robawt amen
20:21 dRiN_ joined #salt
20:23 blu_ joined #salt
20:25 jaybocc2 joined #salt
20:26 jschoolcraft joined #salt
20:30 cwyse joined #salt
20:31 DammitJim joined #salt
20:35 writtenoff joined #salt
20:35 anotherZero joined #salt
20:41 pipps joined #salt
20:42 amy_ joined #salt
20:43 jenastar joined #salt
20:44 akhter joined #salt
20:44 debian112 ok, so I need some input here
20:45 DammitJim +1 on debian, debian112
20:45 DammitJim :)
20:46 debian112 I am trying to auto create configs with templates.
20:46 debian112 http://paste.debian.net/789755/
20:46 DammitJim nice
20:46 DammitJim that seems to look good?
20:47 DammitJim isn't BONDO some kinda glue? LOL
20:47 debian112 template: http://paste.debian.net/789756/
20:48 debian112 I keeping getting this:
20:48 debian112 http://paste.debian.net/789757/
20:48 debian112 I am sure I am missing something small
20:48 debian112 just wanted more eyes here
20:48 debian112 any idea?
20:49 DammitJim let me check mine
20:49 DammitJim maybe you can't have a - for a name?
20:49 shazaum_ joined #salt
20:49 DammitJim it's saying you are giving it a dash instead of in
20:49 DammitJim so, I think it's thinking that the variable is BONDO, but not BONDO-VLAN?
20:50 edrocks joined #salt
20:50 cmarzullo yeah I'd avoid hyphens in your variable names.
20:51 DammitJim did that help debian112 ?
20:51 DammitJim I am only trying to help you because your name has the word Debian
20:51 DammitJim actually I should deduct points because it isn't capitalized, but that's a different problem
20:52 debian112 ok hyphen was the problem
20:52 debian112 works now
20:53 debian112 thanks all
20:53 debian112 I used under_score
20:53 cmarzullo I feel bad I don't use the context keyword. I just pass - config: {{ config }} to my template
20:55 Rumbles joined #salt
20:56 debian112 yeah, I tend to do some crazy stuff just to save time ...
20:57 Dave___ joined #salt
20:57 DammitJim I pass a big context every time since I have so much data usually
20:58 Dave___ Has anyone successfully got Solaris 10 working as a minion ?
21:02 ajw0100 joined #salt
21:04 scsinutz joined #salt
21:05 fredrick ok anyone get aws autoscaling to work at all?
21:05 scsinutz1 joined #salt
21:08 FroMaster joined #salt
21:08 scsinutz2 joined #salt
21:09 viq joined #salt
21:14 west575 joined #salt
21:22 mdpolaris coming back to environments and reactors…I have it working. Unfortunately my filesystem cleanup/reorg pushed one of my open shells into a now archived directory so much of my testing was actually doing nothing! Monday for sure.
21:24 antpa joined #salt
21:24 fannet joined #salt
21:24 mdpolaris You just need to add saltenv: “ENVIRONMENT” to your kwarg for the reactor. EX:
21:25 mdpolaris reac_action:
21:25 mdpolaris local.state.apply:
21:25 mdpolaris - tgt: minion
21:26 mdpolaris - : arg:
21:26 manji joined #salt
21:26 pipps joined #salt
21:26 jhauser joined #salt
21:26 mdpolaris - state_to_execute    (sorry about the typo above)
21:27 mdpolaris - state_to_execute    (should have been indented again, ignore previous line)
21:28 mdpolaris - kwarg:
21:28 mdpolaris salrenv: dev
21:28 verdurin joined #salt
21:30 jxm_ joined #salt
21:37 verdurin Does anyone have an example of pkg.group_installed in a state file?
21:39 pipps joined #salt
21:46 timoguin joined #salt
21:46 verdurin Okay, it appears our installed is too old to support that - ah well
22:09 bltmiller joined #salt
22:12 bltmiller is there a salt module that allows me to diff the same file across many minions? essentially I want to see at a glance whether or not foo.txt is the same across minions A, B, and C. the closest thing I've found is https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.get_diff but that compares against a file on the master
22:12 timoguin joined #salt
22:13 amcorreia joined #salt
22:15 bltmiller I'm thinking maybe I can do that with survey.diff? never used it before though
22:15 keimlink joined #salt
22:16 Electron^- joined #salt
22:16 fxdgear joined #salt
22:18 scsinutz joined #salt
22:28 ajw0100 joined #salt
22:28 lorengordon joined #salt
22:35 pipps joined #salt
22:39 jaybocc2 joined #salt
22:42 bltmiller joined #salt
22:43 amy_ joined #salt
22:45 jaybocc2 joined #salt
22:46 fxdgear joined #salt
22:47 bltmiller turns out you totally can: `salt-run survey.diff 'web*' cmd.run 'cat /path/to/foo.txt'`
22:48 ajw0100 joined #salt
22:54 pipps joined #salt
22:58 ry joined #salt
23:01 bltmiller joined #salt
23:07 shadoxx bltmiller: good info
23:07 edrocks joined #salt
23:07 bltmiller it would be really handy though for survey.diff to support matching against grains, pillar, node groups, etc.
23:08 bltmiller as best as I can surmise, it only supports globbing?
23:08 lero joined #salt
23:13 jeddi joined #salt
23:15 pipps joined #salt
23:17 spuder joined #salt
23:21 spuder_ joined #salt
23:25 fannet joined #salt
23:34 amcorreia joined #salt
23:43 timoguin joined #salt
23:44 amy_ joined #salt
23:49 fxhp_ joined #salt
23:52 akhter joined #salt
23:57 pipps joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary