Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jimklo joined #salt
00:07 skeezix-hf joined #salt
00:09 ekristen joined #salt
00:21 flowstate joined #salt
00:24 ninjada joined #salt
00:26 skeezix-hf joined #salt
00:37 ninjada joined #salt
00:47 felskrone joined #salt
00:51 pipps joined #salt
00:55 XenophonF ch0k3: it's difficult to debug this without sample input
00:55 XenophonF e.g., the JSON you're trying to run through this ext_pillar module
00:55 XenophonF i'm assuming that at the top-most level, it's a list
00:55 XenophonF and that's probably not what Salt wants
00:56 XenophonF the top-most bit of pillar is a dictionary (YAML/JSON mapping)
00:57 XenophonF hm, just glanced over the IRC log and that was babilen's point, too
00:59 XenophonF so in YAML, you'd have something like `foo: [bar, baz, qux]' not `[bar, baz, qux]` in a Pillar SLS file
00:59 XenophonF that might not be exactly proper YAML one-line syntax but hopefully it makes sense regardless
00:59 skeezix-hf joined #salt
01:00 XenophonF so in JSON, you would have to have something similar, like `{"foo": ["bar", "baz", "qux"]}`
01:01 jimklo joined #salt
01:01 XenophonF or a more complicated Pillar mapping: `{"foo": {"bar": ["baz", "qux"]}}`
01:03 XenophonF iirc you can't have a top-level list in json anyway
01:05 beardedeagle joined #salt
01:18 subsignal joined #salt
01:19 flowstate joined #salt
01:26 whitenoise joined #salt
01:32 flowstate joined #salt
01:36 catpigger joined #salt
01:39 Nahual joined #salt
01:41 skeezix-hf joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:01 jimklo joined #salt
02:04 clevodearia joined #salt
02:06 beardedeagle joined #salt
02:09 bluenemo joined #salt
02:11 skeezix-hf joined #salt
02:22 flowstate joined #salt
02:28 AhnoldT joined #salt
02:29 AhnoldT Hi All.
02:30 pipps joined #salt
02:32 AhnoldT Question on multiple colons in a pillar.  Is it allowed?  For example, will this work:   "custom.conn.url: jdbc:mysql://mysql.abc.com:3306/ManyColons"
02:33 AhnoldT Then I'm planning to call it like this: custom.conn.url="{{ pillar['tomcat']['myapp']['custom.conn.url'] }}".  Will the multiple colons work?
02:34 AhnoldT Or will Salt get confused and start parsing the entries as if it was a separate 'definition'?
02:50 clevodearia joined #salt
02:51 stooj joined #salt
02:53 quasiben joined #salt
02:54 catpig joined #salt
02:54 clevodearia joined #salt
02:57 bastiandg joined #salt
02:58 skeezix-hf joined #salt
03:02 edrocks joined #salt
03:02 jimklo joined #salt
03:03 clevodearia joined #salt
03:07 stooj joined #salt
03:09 clevodearia joined #salt
03:12 skeezix-hf joined #salt
03:25 skeezix-hf joined #salt
03:44 pipps joined #salt
03:51 ninjada joined #salt
04:03 jimklo joined #salt
04:07 beardedeagle joined #salt
04:34 ninjada joined #salt
04:35 jacksontj joined #salt
04:40 flebel joined #salt
04:44 NightMonkey joined #salt
04:48 pipps joined #salt
04:53 flowstate joined #salt
05:04 jimklo joined #salt
05:08 beardedeagle joined #salt
05:19 flowstate joined #salt
05:30 zer0def joined #salt
05:31 swa_work joined #salt
05:44 notCalle joined #salt
05:45 pipps joined #salt
06:04 jimklo joined #salt
06:11 thehaven_ joined #salt
06:19 flowstate joined #salt
06:30 venkat joined #salt
06:31 venkat left #salt
06:35 augg joined #salt
06:44 jxm_ joined #salt
06:49 augg I've been getting some pretty serious memory leaks on 2016.3.3. anyone have similar experiences? 2015.8.12 works fantastic for me so far
06:55 augg 8.1 will always be there, waiting for you
06:56 augg < wrong buffer
06:59 MTecknology augg: I can't say I've had similar experience, but I can say I have a hard time managing services on a raspi using salt
07:00 ageorgop joined #salt
07:01 augg yeah its a bummer running into hiccups like those. often times fixes dont propagate to production very quickly
07:04 MTecknology I'm actually hoping part of the reason for issues with the pi were with dns, but it seems like salt really beats the snot out of it.
07:04 edrocks joined #salt
07:05 jimklo joined #salt
07:10 beardedeagle joined #salt
07:14 armyriad joined #salt
07:15 Salander27 joined #salt
07:15 MTecknology 5 min for 60 relatively simple states on the pi
07:17 augg hyeah
07:18 armyriad joined #salt
07:18 flowstate joined #salt
07:27 coredumb MTecknology :O
07:28 babilen The real question is: How long would it have taken to run the commands salt executes alone?
07:28 babilen They are slow .. that's well known
07:29 ninjada joined #salt
07:33 Gareth joined #salt
07:40 whitenoise joined #salt
07:40 bocaneri joined #salt
07:47 DarkKnightCZ joined #salt
07:47 barmaley joined #salt
07:54 CeBe joined #salt
08:06 jimklo joined #salt
08:18 flowstate joined #salt
08:29 ninjada joined #salt
08:41 ninjada joined #salt
08:42 LeProvokateur joined #salt
08:46 ch0k3 XenophonF: many thx
08:46 ch0k3 now its working
08:46 ch0k3 I have now the rpm list into the pillar's namespace
08:46 ch0k3 now I have to apply it
08:50 babilen ch0k3: So you didn't return a dictionary from ext_pillar ?
08:50 babilen (beforehand that is)
08:52 ninjada joined #salt
08:54 upb joined #salt
08:56 ivanjaros joined #salt
09:04 Hipikat joined #salt
09:06 ch0k3 babilen: my json output was not in the expected format
09:06 ch0k3 that was the problem
09:06 babilen So you didn't return a dictionary because of that?
09:07 ch0k3 basically, yes
09:07 ch0k3 :|
09:07 upb joined #salt
09:07 jimklo joined #salt
09:08 ch0k3 I should have put my json list into this format instead '{'bla' : ["item1"], ["item2"], ["item3"]}
09:08 ch0k3 and instead was ["item1", "item2", "item3"]
09:13 ninjada joined #salt
09:14 ch0k3 babilen: so I finally have the rpm list into the pillar's namespace
09:14 ch0k3 so how can I create a salt state that implements that?
09:17 ch0k3 I know I have to create a jinja template like this
09:17 ch0k3 {% for rpm in pillar.get('rpms', {}).items() %}  {% endfor %}
09:17 ch0k3 but what's the directive in salt that installs it?
09:18 flowstate joined #salt
09:24 ninjada joined #salt
09:31 DarkKnightCZ joined #salt
09:32 felskrone joined #salt
09:33 whitenoise joined #salt
09:39 ninjada joined #salt
09:41 coredumb question about schedule state
09:41 coredumb when a scehdule is set from an sls called during highstate
09:42 coredumb what happens on the minion when applying high state ?
09:42 coredumb does a new long lasting process run for the schedule ?
09:49 augg left #salt
09:53 ninjada joined #salt
10:08 jimklo joined #salt
10:19 flowstate joined #salt
10:32 krymzon joined #salt
10:33 coredumb ok how is minion validating that python-dateutil is present ?
10:34 coredumb Missing python-dateutil. Ignoring job borg_backup2.
10:34 coredumb while indeed dateutil is present and correctly importable
10:36 coredumb and --version-reports shows up dateutil version :(
10:37 silver310 joined #salt
10:37 silver310 Hello, Is there any way to blacklist a certain state from being applied to a specific minion?
10:40 coredumb ah it needs a minion restart ....
10:44 clevodearia joined #salt
10:45 perfectsine joined #salt
10:49 perfectsine_ joined #salt
10:55 ivanjaros joined #salt
11:07 edrocks joined #salt
11:08 jimklo joined #salt
11:18 whitenoise joined #salt
11:19 flowstate joined #salt
11:24 coredumb how does one pass a script arguments to a scehduled cmd.run function ?
11:25 ivanjaros joined #salt
11:32 krymzon joined #salt
11:53 coredumb sometimes this yaml identation drives me crazy
11:56 mavhq joined #salt
12:09 jimklo joined #salt
12:14 hemebond Something that highlights ancestor nodes would be useful.
12:14 XenophonF ch0k3: just feed the list of packages to a pkg.installed state
12:15 XenophonF you don't need the for loop in jinja
12:18 XenophonF just use the pkgs kwarg to pkg.installed, and write the list out using the |yaml serializer
12:18 flowstate joined #salt
12:21 SpX joined #salt
12:31 amcorreia joined #salt
12:33 krymzon joined #salt
12:33 XenophonF coredumb: if you're using emacs, you can modify yaml-font-lock-keywords
12:34 XenophonF add a regexp for "^ +" and set the font face to something, like a light gray background
12:34 coredumb XenophonF: I was doing "- job_args: cmd" instead "- job_args:\n<ident>- cmd"
12:34 coredumb and I don't use emacs btw ^^
12:35 ch0k3 joined #salt
12:36 ch0k3 XenophonF: the jinja script seems to be working, however I want to skip some packages from the list with a 'if not statement' imediately after the loop with the pilar.get
12:39 felskrone joined #salt
13:02 quasiben joined #salt
13:08 ch0k3 does anyone knows how can I validate an if not case with a var in jinja ?
13:08 ch0k3 I have this - {% if ({{package}} != "gpg-pubkey") %}
13:09 ch0k3 but this throws the error - failed: Jinja syntax error: expected token ':', got '}';
13:12 babilen You never use {{ ... }} inside {% ... %}
13:14 coredumb {% if not .... %}
13:17 ch0k3 so how can I retrieve the var then?
13:17 ch0k3 the package is a var
13:17 flowstate joined #salt
13:25 coredumb ch0k3: directly without the {{ }}
13:25 ch0k3 oh great, now it works :D
13:25 ch0k3 fantastic!
13:37 pipps joined #salt
13:41 dendazen joined #salt
13:44 pipps99 joined #salt
13:55 whitenoise joined #salt
14:12 jimklo joined #salt
14:15 beardedeagle joined #salt
14:17 flowstate joined #salt
14:30 ninjada joined #salt
14:32 zer0def joined #salt
15:09 edrocks joined #salt
15:13 jimklo joined #salt
15:16 beardedeagle joined #salt
15:17 flowstate joined #salt
15:21 zer0def joined #salt
15:27 ivanjaros joined #salt
15:31 justinclift joined #salt
15:32 justinclift Looking to choose between Ansible and Salt for a new setup.  Just went to download Salt... but it seems to *require* giving an email address?
15:32 justinclift Can that be skipped?
15:32 justinclift If not, no worries, that makes the choice easy. ;)
15:33 LotR apt install salt-master requires no such thing :)
15:33 justinclift Not using Ubuntu
15:35 justinclift Guess we're using Ansible then.
15:35 krymzon joined #salt
15:36 justinclift Hopefully one day the company behind Salt decides not to be so damn user unfriendly. :(
15:36 justinclift :)
15:36 armonge joined #salt
15:36 anthonypaip joined #salt
15:38 justinclift Yep, definitely.  The Ansible page directs straight to the GitHub setup.  No forced marketing bullshit.
15:38 justinclift Thanks for your time guys.  Good luck. ;)
15:40 pintonium joined #salt
15:43 Vaelatern joined #salt
15:46 Roelt if that's the reason for choosing a package, might be a good idea he's going to annoy the ansible people
15:48 Roelt it's not that hard to figure out https://github.com/saltstack/salt with a link to the packages.. :)
15:58 Trauma joined #salt
15:58 clevodearia joined #salt
16:01 clevodearia joined #salt
16:05 catpig joined #salt
16:13 jnials_ joined #salt
16:15 jimklo joined #salt
16:18 flowstate joined #salt
16:21 zer0def joined #salt
16:32 ageorgop joined #salt
16:34 zer0def joined #salt
16:37 quasiben joined #salt
16:43 XenophonF justanotheruser: i've never given an email address to download a minion
16:44 DarkKnightCZ joined #salt
16:44 XenophonF wow, that's weird and annoying
16:45 XenophonF justanotheruser: goto https://repo.saltstack.com/
16:45 XenophonF er, hm, i guess justinclift left?
16:46 XenophonF sorry justanotheruser i was blindly tab-completing on "just"
16:46 XenophonF also, expecting quick responses on a sunday might be a tad unrealistic ;)
17:03 zer0def joined #salt
17:03 cyborg-one joined #salt
17:16 jimklo joined #salt
17:17 beardedeagle joined #salt
17:26 lorengordon joined #salt
17:27 ZachLanich joined #salt
17:29 jab416171 joined #salt
17:29 Antiarc joined #salt
17:29 ange joined #salt
17:29 aitrus joined #salt
17:29 Zachary_DuBois joined #salt
17:29 Ssquidly joined #salt
17:29 Patch joined #salt
17:29 snaggleb joined #salt
17:29 KingOfFools joined #salt
17:29 dunz0r joined #salt
17:29 tvinson joined #salt
17:29 asoc joined #salt
17:29 AvengerMoJo joined #salt
17:29 gnord joined #salt
17:29 twiedenbein joined #salt
17:29 saltsa joined #salt
17:29 aalmenar joined #salt
17:29 khorben joined #salt
17:29 iter joined #salt
17:29 ntropy joined #salt
17:29 stickmack joined #salt
17:29 eightyeight joined #salt
17:29 v0rtex joined #salt
17:29 alias joined #salt
17:29 wwalker joined #salt
17:29 aberdine_ joined #salt
17:29 tru_tru joined #salt
17:29 Hydrosine joined #salt
17:29 tuxx_ joined #salt
17:29 rickflare joined #salt
17:29 carmony joined #salt
17:29 Qlawy joined #salt
17:29 __alex joined #salt
17:29 weylin joined #salt
17:29 nikogonzo joined #salt
17:29 iggy joined #salt
17:29 daveleigh joined #salt
17:29 devtea joined #salt
17:29 asyncsrc1 joined #salt
17:29 dober joined #salt
17:29 trent__ joined #salt
17:29 Fiber^ joined #salt
17:30 pipps joined #salt
17:30 ninjada joined #salt
17:31 Roelt it's irc, never expect a quick response..
17:32 Lionel_Debroux joined #salt
17:34 Awesomecase joined #salt
17:40 Awesomecase joined #salt
17:43 flowstate joined #salt
17:45 Borromini joined #salt
17:46 Borromini hi guys. i'm trying to set stuff looping over pillar values, but salt complains about duplicate id's, and i'm unsure how to fix this. the for loop doesn't seem to be working too well either :-/
17:47 Borromini this is the state file: https://paste.debian.net/828086/
17:47 Borromini how do i fix this? do i just move crontab.XXX outside the loop?
17:49 writtenoff joined #salt
17:49 Borromini that doesn't seem to be working.
17:54 clevodearia joined #salt
17:56 Borromini ok. i've modified the for loop so it correctly extracts the usernames, but it breaks on a yaml formatting error, i suspect trailing whitespace?
17:56 Borromini https://paste.debian.net/828088/ < state file & salt output
18:01 PerilousApricot joined #salt
18:06 clevodearia joined #salt
18:16 zer0def joined #salt
18:17 flowstate joined #salt
18:17 jimklo joined #salt
18:17 clevodearia joined #salt
18:21 coredumb Attempt to run a shell command with what may be an invalid shell! Check to ensure that the shell <t> is valid for this user.
18:21 coredumb CommandExecutionError: The shell t is not available
18:21 TomJepp joined #salt
18:21 coredumb from a cmd.run that runs a script shell
18:21 coredumb any idea ?
18:22 ixs joined #salt
18:22 ivanjaros3916 joined #salt
18:22 barmaley joined #salt
18:24 coredumb ah that may be my identation again >_<
18:25 ZachLanich joined #salt
18:25 graffic joined #salt
18:25 nihe joined #salt
18:26 ropes joined #salt
18:26 clevodearia joined #salt
18:35 losh joined #salt
18:35 clevodearia joined #salt
18:37 jhabib joined #salt
18:39 clevodearia joined #salt
18:40 krymzon joined #salt
18:40 ageorgop joined #salt
18:43 jhabib Hi there! I'm trying to provision a few SoftLayer VSes using Salt. I have a couple of questions: I need each VS to have two local hard drives. Can I do that by using 'disk_space' twice in my cloud.profiles.d config file?
18:43 carmony_ joined #salt
18:45 jhabib Second question: I need the SoftLayer VSes to be able to talk to each other using SSH and a ssh-key pair. Would it be correct to assume that after provisioning via salt, I can proceed to do ssh configuration on each minion as it were a regular RedHat machine? Third: can I ssh into the minion without password using an ssh key pair?
18:45 Patch joined #salt
18:45 tvinson joined #salt
18:46 jhujhiti 'salt' commands on my salt master hang forever with no output after switching to raet... any ideas? i turned trace-level debugging on and it shows me nothing unusual
18:47 devtea joined #salt
18:47 jhabib sorry @jhujhiti, I have no idea what raet is.
18:47 keimlink joined #salt
18:54 eightyeight joined #salt
18:55 tremon joined #salt
18:55 wwalker joined #salt
18:55 jab416171 joined #salt
18:57 edrocks joined #salt
19:04 CeBe joined #salt
19:18 tremon hi all, any pointers on how to debug pygit's "callback returned error"? it looks like it's ignoring the configured privkey, but all I can find so far are reports that claim to have been fixed already
19:18 jimklo joined #salt
19:23 dave_leigh joined #salt
19:23 aitrus joined #salt
19:23 asyncsrc1 joined #salt
19:25 tremon oh maybe it's https://github.com/libgit2/pygit2/issues/552 . I'll retry with an rsa key
19:25 saltstackbot [#552][OPEN] ECDSA and ed25519 keys do not work | Hello,...
19:28 Borromini joined #salt
19:32 tremon yup, that appears to be my issue. thanks for listening ;)
19:38 Borromini anyone able to take a peek at my problem? :)
19:39 scoates joined #salt
19:55 jimklo joined #salt
20:03 swa_work joined #salt
20:06 armonge joined #salt
20:11 perfectsine joined #salt
20:16 sandro_ joined #salt
20:17 flowstate joined #salt
20:17 synapse joined #salt
20:19 perfectsine_ joined #salt
20:37 armonge joined #salt
20:38 ZachLanich joined #salt
20:42 XenophonF hey Borromini i'll look at your paste in a sec but i'm guessing that you need to add some kind of increment to the state ID
20:42 drlkf joined #salt
20:42 drlkf hi, is it possible to make ext_pillar data available during the pillar top rendering ?
20:44 XenophonF Borromini: for example, https://github.com/irtnog/apache-formula/blob/c018acbbdb643aadfe38abb70d9a404f97f64c84/apache/init.sls#L93
20:45 XenophonF drlkf: what do you mean? i have pillar/top.sls in ext_pillar (git), and it works just fine
20:45 Borromini XenophonF: thank you, will check that link
20:46 XenophonF Borromini: is system:cron:user a list?
20:46 Borromini XenophonF: it is, but it can just have a single member
20:46 drlkf XenophonF: I mean having some data defined in some ext_pillar module, that would be available to do some matching within the top file (example: 'I@myextkey:myextdata')
20:46 XenophonF oh never mind
20:46 Borromini XenophonF: do you want me to pastebin the pillar?
20:46 XenophonF Borromini: you have a syntax error in your formula
20:46 XenophonF line 9 of your paste
20:47 Borromini ok
20:47 XenophonF missing `:` at the EOL
20:47 XenophonF drlkf: yes
20:47 cyborg-one joined #salt
20:48 psy0rz joined #salt
20:48 XenophonF drlkf: https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#reminder
20:48 pcdummy joined #salt
20:48 pcdummy joined #salt
20:48 diegows joined #salt
20:49 XenophonF note that a refresh happens automatically as part of a state.highstate job
20:49 XenophonF tremon: pygit2 is pretty limited
20:49 XenophonF i ended up switching back to GitPython as a consequence
20:50 XenophonF libssh/libssh2 (can't remember which libgit2 uses) is where the limitation lives
20:50 Borromini XenophonF: bah... i have been looking at that file for ages >_> thanks!!!
20:50 Bryson joined #salt
20:50 XenophonF Borromini: glad you got it working! we all make that mistake
20:51 XenophonF i wish the yaml parser threw better errors
20:51 drlkf XenophonF: I already have tried refreshing the pillar but from any standard pillar file including the top file, I see an empty pillar dict (I printed it directly in the salt-master code)
20:51 Borromini XenophonF: yeah. it works with multiple users now, but it breaks with a single user. is there a way around this?
20:52 XenophonF Borromini: always specify a list as the value of system:cron:user
20:52 XenophonF even if it's just a list with a single entry
20:52 Borromini ah ok
20:52 Borromini gotcha :D
20:52 XenophonF maybe rename the variable to "users" to make it more obviously a list
20:53 Borromini yeah, thank you :)
20:53 XenophonF drlkf: what if you call pillar.get on a key that would get handled by your ext_pillar?
20:53 XenophonF what do you get then?
20:54 drlkf I would get the correct value associated with the key
20:55 drlkf it's just that I don't manage to find a way to see it during the pillar rendering
20:55 jimklo joined #salt
20:56 drlkf because it seems the pillar dict is assigned only once everything is merged
20:57 XenophonF oh wait
20:57 XenophonF you're trying to use a pillar value in the pillar top.sls?
20:57 drlkf yes
20:57 XenophonF you can't do that
20:58 XenophonF you're asking for the value of something before you assign the value
20:58 Trauma_ joined #salt
20:58 drlkf yes hence my question if it was possible to explicitly make the ext_pillar values available during the pillar rendering
20:58 XenophonF it's like telling the computer to set a variable to 1 if the variable is 1
20:58 flowstate joined #salt
20:59 XenophonF sorry i misunderstood you
20:59 XenophonF no you can't do that
20:59 XenophonF not with ext_pillar and not with anything else
20:59 drlkf darn
20:59 drlkf alright thanks for the help
20:59 Salander27 joined #salt
20:59 XenophonF sorry i confused things
21:12 vodik joined #salt
21:15 vodik joined #salt
21:17 flowstate joined #salt
21:20 tremon XenophonF: thanks. I'm using pygit2 because I've read that gitpython doesn't support authentication. is that still the case or do I have other options?
21:25 DEger joined #salt
21:30 sarlalian joined #salt
21:33 Trauma joined #salt
21:42 krymzon joined #salt
21:45 Borromini left #salt
21:48 mpanetta joined #salt
21:49 Edgan joined #salt
21:56 jimklo joined #salt
22:04 ninjada joined #salt
22:10 GnuLxUsr joined #salt
22:12 ninjada joined #salt
22:19 flowstate joined #salt
22:26 hoonetorg joined #salt
22:27 jimklo joined #salt
22:27 deei joined #salt
22:29 deei left #salt
22:31 TTimo joined #salt
22:46 mrBen2k2k2k_ joined #salt
22:47 ageorgop joined #salt
22:49 mrBen2k2k2k____ joined #salt
22:55 ninjada joined #salt
22:59 edrocks joined #salt
23:00 nsidhu joined #salt
23:05 ninjada joined #salt
23:10 TTimo joined #salt
23:12 schemanic_ joined #salt
23:12 schemanic_ Hi
23:13 schemanic_ How to DevOps guys audit SaltStack minions?
23:13 beardedeagle joined #salt
23:14 schemanic_ How would I go about explaining to a security auditor how I know that a minion is reporting truthfully when I issue commands to it?
23:16 vodik joined #salt
23:16 hemebond schemanic_: You would have to compare the output I guess.
23:16 hemebond Use Saltstack to query the minion and then query the minion directly and compare the results.
23:16 flowstate joined #salt
23:16 TTimo left #salt
23:17 schemanic_ hemebond, Yeah, the best we could think of was to push the minion's own state/pillar files back up to the master with cp.push then diff the pillar and state tree on the master
23:17 hemebond Wouldn't you have to compare the results of those pillars and states?
23:18 hemebond e.g., these pillars and states should result in app1 having configuration setting A.
23:22 schemanic_ something like that.
23:23 schemanic_ However, my people said something about preferring SSH because of it's trustworthiness or something like that
23:23 schemanic_ I might be able to get out of this by just using Salt SSH for my auditing
23:23 hemebond Oh, they're concerned about the encryption and security of the connection>
23:24 hemebond ?
23:25 pipps joined #salt
23:26 schemanic_ hemebond, the scenario is this
23:26 schemanic_ Right now we have about 5 admins who could ssh to any of our minions
23:27 schemanic_ The question is posed: "What if one of those admins sshed into a minion and hacked it to report false data or send a hacked file in response to the salt master's cp.push command?"
23:27 ageorgop joined #salt
23:28 schemanic_ our auditing right now is based around pulling config files off our servers to a laptop and diffing them from what we pulled 2 weeks ago to see if anyone's been tampering with them
23:29 andi^ joined #salt
23:29 schemanic_ So what I'm trying to do is use SaltStack's abilities to automate or simplify that process, but the security of the method is in question
23:29 schemanic_ also most of my team is older and fear automation or haven't working with SaltStack before
23:30 schemanic_ So essentially I need is 1) to be able to prove that when a minion is configured with SaltStack, that it actually is as it says, and 2) that if I push a file from a minion to the master that that file is genuine
23:31 hemebond Hmm. I wonder if you could move salt-minion into a chroot and so that it _thinks_ it's updating the minion.
23:32 schemanic_ hmm
23:32 hemebond They would, I assume, have to setup a hacked minion to report back false information.
23:32 hemebond Which is probably possible.
23:33 schemanic_ Here's an easier question
23:33 schemanic_ Say I want a state to create a procedurally generated directory or filename, how would I do that
23:33 hemebond What do you mean?
23:34 schemanic_ for example, if I want to do file.directory -name <date>
23:34 hemebond Yip. What about it?
23:34 hemebond Oh
23:34 hemebond How would you do that?
23:34 hemebond Just with Jinja and/or Python.
23:34 schemanic_ how would I do that? Am I able to call a function that would generate a date and use it in my state declaration
23:35 schemanic_ So i need to go after 'how to call python functions in jinja'
23:35 subsignal joined #salt
23:35 hemebond Well, I just searched "jinja date"
23:36 hemebond But you might have to write your own module or something for it.
23:36 schemanic_ oh no I dont want to do that
23:37 hemebond http://grokbase.com/t/gg/salt-users/163bt7zdz3/how-to-get-current-timestamp-in-salt-pillars-states < that work?
23:39 schemanic_ I see how he's setting the variable by calling out to the system which is cool
23:41 hemebond There's a reply at the bottom that has another approach.
23:41 schemanic_ The link to the salt documentation doesn't include the example the user says it does
23:43 hemebond I'm talking about http://grokbase.com/t/gg/salt-users/163bt7zdz3/how-to-get-current-timestamp-in-salt-pillars-states#20160401ygnyk7vczqi3zvmk5gm2rn3r3q
23:44 schemanic_ I found that alright
23:44 schemanic_ The first reply is pointing to the wrong article is all. The right one is 'Understanding Jinja'
23:45 schemanic_ I see
23:46 schemanic_ {% set curtime = None | strftime() %}
23:46 XenophonF tremon: I'm using SSH public key auth with GitPython.
23:46 PerilousApricot joined #salt
23:50 schemanic_ XenophonF, for what?
23:56 ninjada joined #salt
23:56 justanotheruser joined #salt
23:57 mosen joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary