Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 edrocks joined #salt
00:03 keltim it's not really a matter of that, using the gpg returner prohibits masterless use, and using something like git-crypt causes constant problems with people forgetting to make sure their files are encrypted before pushing
00:04 keltim and shit like that
00:27 abednarik joined #salt
00:29 \ask joined #salt
00:30 jeddi joined #salt
00:35 nayplum joined #salt
00:41 nZac joined #salt
00:48 Edgan keltim: You shouldn't be grain matching in the top of pillars
00:50 Edgan keltim: I store pillars in a limited access git server. This is one reason using formulas and map.jinjas if helpful. Then defaults can be in the map.jinja with the formulas. Then pillars becomes secrets and overrides.
00:57 nZac joined #salt
00:58 Tanta joined #salt
00:59 MTecknology Edgan: I usually have two git repos for pillar, one for secrets and one for not-secrets
00:59 MTecknology since salt is nice enough to mash it all together, it seems to work out pretty well
01:00 MTecknology I don't mind map files for that kinda thing, though, I just don't like formulas
01:01 mpoole I've never had a problem with people not encrypting things, the big pain in the ass with salthiera is if one item doesn't decrypt (someone encrypted it with the wrong key) salt doesn't load any of that ext_pillar
01:01 abednarik joined #salt
01:02 MTecknology I didn't know that
01:02 MTecknology never not done it right... :S
01:02 djgerm1 is there a good way to easily dynamically get an AWS instance ID for populating variables in states?
01:04 nicksloan joined #salt
01:09 sh123124213 joined #salt
01:10 aleph0_ joined #salt
01:20 woodtablet left #salt
01:28 gnomethrower hey guys
01:28 gnomethrower how do you do check if a pillar item is blank, and proceed only if it's not?
01:29 jholtom I'd probably do it with jinja
01:30 jholtom so something like {% if pillar['key'] %} do stuff here {% endif %}
01:30 jholtom and if its blank, that stuff won't be included
01:33 gnomethrower jholtom: thanks, that will probably work :)
01:33 jholtom no problemo
01:34 Edgan MTecknology: The problem is unless you tightly control the non-secret repo, then people can give themselves access to secrets through the top file in the non-secret repo.
01:34 prg3 joined #salt
01:35 keltim djgerm1, yeah, use the ec2 grain on github
01:36 keltim then it's ec2:instance_id
01:36 keltim as a grain
01:36 mk-fg joined #salt
01:37 keltim Edgan, as root, yeah
01:37 keltim but I'd not say just "people"
01:45 gnomethrower jholtom: That basically worked
01:45 gnomethrower i did it a little messier
01:45 gnomethrower {% if pillar.get('rmusers') %}
01:46 jholtom yep
01:54 gnomethrower hokay
01:55 gnomethrower is there any documentation on how to use map.jinja>?
01:55 gnomethrower I'm having trouble getting my head around it and i'm under the impression it's the least insane way to manage different OS-related variables
02:01 MTecknology Edgan: ya, but you gotta draw a line somewhere and if you require signed commits and at least x reviews before accepting a merge into whatever branch, and send out diff emails on commit... I'd say you're /probably/ reasonably safe
02:02 nickabbey joined #salt
02:03 cmarzullo gnomethrower: you can look at some of the public formulas. Those workflows are often heavily dependant on pillar.
02:04 tony__ joined #salt
02:05 gnomethrower cmarzullo: thanks. I took a look at those already and couldn't find a simple one to learn from
02:05 gnomethrower most were fairly complex
02:05 gnomethrower but i'll give that another go.
02:08 cmarzullo I have this little skeleton generator that sets it up for you. If you do formulas.
02:13 tony__ If I have a custom FUSE mount, how would I invoke it with salt? The official docs don't seem to have any fuse example.
02:14 Nahual joined #salt
02:16 spiette joined #salt
02:17 bltmiller joined #salt
02:21 gnomethrower cmarzullo: I ended up using the "Good example" from https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#light-conditionals-and-looping
02:22 gnomethrower i will clean it up more later
02:22 catpiggest joined #salt
02:24 cmarzullo cool. good luck.
02:28 nZac joined #salt
02:30 Edgan I just take one of my existing formulas and search replace it as a template.
02:30 Edgan I have a very template friendly style
02:31 TyrfingMjolnir joined #salt
02:31 Edgan https://storage.cygnusx-1.org/formula.txt
02:49 orianbsilva_ joined #salt
02:54 evle joined #salt
02:58 XenophonF joined #salt
03:03 edrocks joined #salt
03:07 kuromagi^ joined #salt
03:31 mk-fg joined #salt
03:33 mpanetta joined #salt
03:49 gnomethrower out of curiosity, why does pillar.get require colons as a separator instead of a dot?
03:49 gnomethrower when calling, say, "userlockdown.somevar"
03:50 bltmiller joined #salt
04:04 irated joined #salt
04:04 irated joined #salt
04:05 gnomethrower Hi - is there anything wrong with this line?
04:05 gnomethrower {% for username, user in pillar.get('userlockdown:users', {}).items() %}
04:06 gnomethrower to reference items in /srv/pillar/userlockdown/init.sls
04:12 gnomethrower in particular, is there a difference between pillar.get and salt['pillar.get'] in terms of functionality?
04:22 DEger joined #salt
04:25 SaucyElf joined #salt
04:26 gnomethrower Never mind - https://salt.readthedocs.io/en/stable/topics/pillar/index.html - It should be noted that within templating, the pillar variable is just a dictionary. This means that calling pillar.get() inside of a template will just use the default dictionary .get() function which does not include the extra : delimiter functionality. It must be called using the above syntax (salt['pillar.get']('foo:bar:baz', 'qux')) to get the salt function,
04:26 gnomethrower instead of the default dictionary behavior.
04:27 gnomethrower that mostly answers my question :)
04:33 bltmiller joined #salt
04:37 stooj joined #salt
04:51 bocaneri joined #salt
04:58 SaucyElf_ joined #salt
05:13 preludedrew joined #salt
05:14 thebinary joined #salt
05:22 PatrolDoom joined #salt
05:22 armyriad joined #salt
05:22 DEger joined #salt
05:25 ruxu joined #salt
05:31 impi joined #salt
05:32 thebinary joined #salt
05:33 nZac joined #salt
05:50 nidr0x joined #salt
06:09 catpig joined #salt
06:15 stooj joined #salt
06:16 netcho joined #salt
06:26 bltmiller joined #salt
06:27 nidr0x joined #salt
06:34 gladia2r joined #salt
06:39 rdas joined #salt
06:41 stooj joined #salt
06:41 sh123124213 joined #salt
06:50 stooj joined #salt
07:00 edrocks joined #salt
07:03 juanito joined #salt
07:10 scristian joined #salt
07:17 XenophonF joined #salt
07:18 stooj joined #salt
07:19 lord2y joined #salt
07:20 ruxu joined #salt
07:25 cyteen joined #salt
07:34 nidr0x joined #salt
07:38 gnomethrower hey guys
07:38 gnomethrower trying to find an "elegant" way to do something - I want to add ssh keys to my users, then remove any ssh keys that match a blacklist
07:38 gnomethrower I ended up with this gist: https://gist.github.com/Zorlin/3f9f5a3297164ed75dfa55e317cd7aa0
07:39 gnomethrower Which throws the error ID 'username' in SLS 'userlockdown' contains multiple state declarations of the same type
07:39 gnomethrower which on the surface seems like a reasonable error, I'm just wanting to avoid copying a bunch of logic etc and adding a new action
07:39 gnomethrower though I think that's probably the best way to do it
07:40 gnomethrower even though that is not "elegant"
07:42 neilf__ joined #salt
07:50 o1e9 joined #salt
07:51 jhauser joined #salt
07:53 amy_ joined #salt
07:56 edgr joined #salt
07:57 stooj joined #salt
08:06 gnomethrower joined #salt
08:06 gnomethrower joined #salt
08:08 ronnix joined #salt
08:08 gnomethrower What am I doing wrong here? Is this not possible?
08:08 gnomethrower https://gist.github.com/Zorlin/3f9f5a3297164ed75dfa55e317cd7aa0/60c9c603ba7877b0efffa96849e26fe4b55e72b6
08:09 gnomethrower Note I've tried this and it also doesn't work - https://gist.github.com/Zorlin/3f9f5a3297164ed75dfa55e317cd7aa0/976fb609ced1da9985c489c5ebb642de521c7de8
08:09 AndreasLutro yes that is not possible
08:10 AndreasLutro you need a colon at the end of line 2 and you need to specify the module as well as the function
08:10 AndreasLutro i.e. ssh_auth.present:
08:10 gnomethrower AndreasLutro: Darn
08:10 gnomethrower well, the issue is I want to add and then remove pubkeys
08:10 gnomethrower but don't want to duplicate ~10-15 lines of logic
08:11 gnomethrower hmm... okay, will probably do it the less nice way :)
08:12 JohnnyRun joined #salt
08:12 AndreasLutro gnomethrower, like this? https://bpaste.net/show/d650efbe9624
08:13 gnomethrower that's roughly the logic I would be copying
08:13 gnomethrower although I do like the trick on line 2. :)
08:13 AndreasLutro not really a trick, just need to make sure all state IDs are unique
08:14 AndreasLutro oh and also you can't have two state functions in the same state using the same state module
08:15 AndreasLutro so you'd have to do something like this https://bpaste.net/show/f7c745820cdd
08:15 muxdaemon joined #salt
08:15 gnomethrower ah
08:15 gnomethrower actually that's very close to what i want
08:17 AndreasLutro what's missing?
08:19 cyborg-one joined #salt
08:20 gnomethrower not sure yet. off to experiment :)
08:21 eThaD joined #salt
08:21 gnomethrower AndreasLutro: May I PM you?
08:22 AndreasLutro sure though I'd prefer to help you in the channel
08:22 eThaD joined #salt
08:22 gnomethrower okay
08:22 gnomethrower https://gist.github.com/Zorlin/4feb6608f2da1fe344234dddfeb3506f
08:22 gnomethrower this is what I have so far, which all works
08:22 gareth_ joined #salt
08:23 gnomethrower I want to extend it to remove a blacklist of keys
08:23 gnomethrower (thus blacklisted.pub)
08:23 AndreasLutro right, you'll have to create a new state for that since you can't have two ssh_auth state functions in the same state ID
08:23 Guest99650 winexe randomly get 'return code was 1'. Any ideas?
08:23 gnomethrower when you say new state
08:24 gnomethrower I'm guessing I can't do this inside that opening for loop?
08:24 AndreasLutro sure it can. just add a new "root" key on line 14
08:24 AndreasLutro {{username}}-sshkey:
08:24 AndreasLutro for example
08:24 AndreasLutro then another below called {{username}}-remove_blacklisted_sshkeys for example
08:25 AndreasLutro https://gist.github.com/anlutro/cd0c16d1d23d55ded19b
08:25 AndreasLutro in case you're not clear on the difference between state id/functions
08:26 gnomethrower AndreasLutro: saved that, thank you
08:26 gnomethrower it will be a great reference :)
08:27 AndreasLutro should probably make an image out of it or something... ascii art is not very pretty
08:28 toanju joined #salt
08:29 gnomethrower AndreasLutro: Wow, that worked!
08:29 gnomethrower Thank you so much! :)
08:30 inad922 joined #salt
08:31 Lionel_Debroux_ joined #salt
08:48 mritchie joined #salt
08:53 Reverend what a hero
08:59 vodik joined #salt
09:10 toanju joined #salt
09:10 mikecmpbll joined #salt
09:13 babilen joined #salt
09:15 Miouge joined #salt
09:21 necronian joined #salt
09:21 sfxandy joined #salt
09:26 bookwar joined #salt
09:37 bigjazzsound joined #salt
09:45 amy_ joined #salt
09:47 eThaD Hey guys. Is there a way for saltmasters to share job execution state? I have a minion which is configured to use two masters (master type is not set). When i run a job through one master i can get job result through it, but i get an empty response through another one.
09:49 netcho joined #salt
09:50 amy_ joined #salt
09:52 s_kunk joined #salt
09:53 jeddi joined #salt
09:54 lord2y joined #salt
09:56 cyteen joined #salt
09:58 lasseknudsen2 joined #salt
10:02 eThaD joined #salt
10:03 bookwar joined #salt
10:05 AndreasLutro eThaD: salt-syndic might
10:09 eThaD documenataion states: job results are returned to the master that originated the request in a best effort fashion. Events/jobs without a master_id are returned to any available master.
10:10 eThaD Sounds similar.
10:10 eThaD Kill the master and results are gone.
10:11 AndreasLutro you can also try "master_type: str" in the minion config
10:11 AndreasLutro iirc that will return jobresults to every master
10:11 AndreasLutro but it will also cause issues like duplicate reactor runs
10:12 lasseknudsen joined #salt
10:13 PatrolDoom https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html#using-environment-variables-in-sls-modules
10:13 PatrolDoom trying to do as the example, where it doesn't do anything but just gives output
10:13 PatrolDoom e.g. "not running state blah"
10:14 AndreasLutro those examples look kinda malformed
10:14 N-Mi_ joined #salt
10:15 PatrolDoom yeah i was thinking that as well
10:15 afics joined #salt
10:15 PatrolDoom i know i've seen a example how to do so but i dont think it was this pafe
10:15 PatrolDoom page*
10:16 AndreasLutro well salt['environ.get']('MYENVVAR') is correct at least
10:16 netcho joined #salt
10:17 AndreasLutro it's just the yaml formatting that's screwed up
10:17 PatrolDoom yeah its def not correct, got a few complaits
10:17 PatrolDoom from salt about not being dict
10:20 AndreasLutro https://github.com/saltstack/salt/pull/38989
10:20 saltstackbot [#38989][OPEN] Documentation: fix SLS in environment variable examples | Indentation errors and I'm not sure what was going on with the "A." in the test state.
10:21 eThaD AndreasLutro: does "str" means standart? Does it differ from not setting master_type at all?
10:21 AndreasLutro "str" is a horrible name... it means multiple hot masters, meaning it connects to every master simultaneously
10:21 PatrolDoom ah nice
10:22 AndreasLutro there's a comment above master_type in the default salt minion config you can read
10:22 AndreasLutro also https://docs.saltstack.com/en/latest/topics/highavailability/index.html
10:23 jcl[m] left #salt
10:23 AndreasLutro and https://docs.saltstack.com/en/latest/ref/configuration/minion.html#minion-primary-configuration
10:28 eThaD so, yes
10:29 eThaD basically i have two masters in master part of configuration file of a minion
10:31 cacasmacas joined #salt
10:31 eThaD and i've set master_type to str
10:32 eThaD and it still returns result to the master i've run a job through
10:32 eThaD i'm doing an async run by the way
10:34 eThaD the interesting thing is that second master has a correct job StartTime
10:46 eThaD joined #salt
10:46 xavier__ joined #salt
11:00 zulgabis joined #salt
11:06 const joined #salt
11:07 const hi all
11:07 const why master can throw 'Incorrect decryption' exception?
11:07 const my bad, master shows exception from Minion
11:13 nicerobot[m] joined #salt
11:15 eThaD joined #salt
11:16 Rumbles joined #salt
11:20 cacasmacas joined #salt
11:22 netcho joined #salt
11:23 lasseknudsen2 joined #salt
11:29 eThaD joined #salt
11:30 Ryan_Lane joined #salt
11:30 eThaD joined #salt
11:41 eThaD joined #salt
11:48 ruxu joined #salt
11:51 abednarik joined #salt
11:54 darioleidi joined #salt
11:54 CrummyGummy joined #salt
11:58 CrummyGummy Hi, any idea how I can set the zabbix-agent version in the zabbix formula? I'm looking at the examples/docs but not getting it...
11:59 jerrykan[m] joined #salt
11:59 Salander27 joined #salt
11:59 ThomasJ|m joined #salt
11:59 freelock[m] joined #salt
11:59 saintaquinas[m] joined #salt
12:03 amy_ joined #salt
12:05 eThaD joined #salt
12:07 joehh joined #salt
12:08 eThaD joined #salt
12:20 amy_ joined #salt
12:25 evle1 joined #salt
12:28 kettlewell joined #salt
12:31 kettlewell joined #salt
12:39 numkem joined #salt
12:50 netcho joined #salt
12:51 rylnd joined #salt
12:57 lord2y joined #salt
13:01 amcorreia joined #salt
13:02 amy_ joined #salt
13:05 edrocks joined #salt
13:12 irctc859 joined #salt
13:12 muxdaemon joined #salt
13:12 irctc859 Hello
13:13 lasseknudsen joined #salt
13:13 irctc859 anybody knows why grains['username'] is not outputting the right username?
13:14 irctc859 it was before but not anymore -_-'
13:17 cloph how do you test? and what is returned isntead of the right name?
13:21 Lionel_Debroux joined #salt
13:25 raspado joined #salt
13:29 irctc859 hmm Im testing with a linux master and a local windows minion
13:29 irctc859 it is returning the name of my machine
13:30 irctc859 instead of the current logged in user account
13:30 xavier__ hello, does anyone know how to deal with jinja templates in utf8 ? i have french accents inside and jinja claims about characters not in range.
13:31 xavier__ i am using saltstack version 2016.11.1, jinja 2.8 on ubuntu 16.04
13:33 edrocks joined #salt
13:37 cloph irctc859: as you don't give actual commands and output, sorry for asking the obvious: sure it is not just the hostname of the minion to reply, and and empty response?
13:38 cloph also your epectation seems a little of "currently logged in user account"...
13:40 irctc859 sorry. here is my command from master: "salt ''winminion" grains.item username
13:40 cloph if you want the value, you'd use grains.get
13:41 cloph if you want to see who is logged in, use status.w (or "cmd.run who" or something similar)
13:41 irctc859 alright Ill try it out
13:41 irctc859 thanks!
13:46 ssplatt joined #salt
13:46 xavier__ left #salt
13:48 kojiro joined #salt
13:49 xavier__ joined #salt
13:51 ronnix joined #salt
14:00 electrolinux joined #salt
14:02 ssplatt joined #salt
14:10 abednarik joined #salt
14:21 LostSoul joined #salt
14:23 krymzon joined #salt
14:32 sgo_ joined #salt
14:35 netcho joined #salt
14:36 nZac joined #salt
14:41 ReV013 joined #salt
14:41 nicksloan joined #salt
14:41 beardedeagle joined #salt
14:43 ReV013 Hi. Is it possible to use x509 state module under windows? There seem to be problems with m2crypto dependency
14:44 ReV013 using minion 2016.11.1 from binary installer
14:46 babilen What happens if you address those problems?
14:47 irctc859 @cloph So... I tested a bit more and found out that whenever my windows minion started salt-minion-debug.bat, the salt-master would return the correct username with "salt 'winminions*' grains['username']".
14:47 keltim joined #salt
14:49 saltANDO joined #salt
14:54 nickabbey joined #salt
14:56 xet7_ joined #salt
15:01 saltANDO Hello. I wonder if anyone can help me with this. I'm pretty sure that must be something stupid but I can't realiza what is. Im trying to run mysql_query.run in a state file but the output says "state mysql_query.run found in sls is unavailable". Here is the sls file and the output. http://pastebin.com/wH1VR2SV
15:02 bakins joined #salt
15:04 const I have salt 2016.11.0 on Centos 6 with python 2.6 and recently added a minion on ubuntu (python-2.7) 2016.11.1 Added this minion's key to a master server and cannot do anything with this minion now, due to 'Incorrect decryption' error returned when I try to execute 'salt 'minion' state.sls state'
15:09 edrocks joined #salt
15:09 netcho joined #salt
15:15 k_sze[work] joined #salt
15:16 bookwar joined #salt
15:17 nickabbey joined #salt
15:17 Tanta joined #salt
15:17 abednarik joined #salt
15:20 saltANDO My question's output is also here https://gist.github.com/anonymous/a2303e49a8b57cabb6ab5462fb90ceb9
15:21 muxdaemon joined #salt
15:31 xet7 joined #salt
15:33 ssplatt joined #salt
15:33 austin_ joined #salt
15:33 austin_ is it possible to execute the wheel module in a state file ?
15:38 keltim_ joined #salt
15:38 _JZ_ joined #salt
15:40 nZac joined #salt
15:45 mpanetta joined #salt
15:48 bookwar joined #salt
15:51 candyman88 joined #salt
15:57 Sketch you can execute modules in state files
16:00 Sketch no special instructions, they get called just like states
16:00 Sketch unless you want to use them for tests, then you can do stuff like {% if salt['service.available']('postfix') %}
16:03 austin_ Sketch: got it. thanks
16:03 muxdaemon joined #salt
16:05 sp0097 joined #salt
16:05 nZac joined #salt
16:07 netcho joined #salt
16:10 kojiro joined #salt
16:18 debian112 joined #salt
16:18 bowhunter joined #salt
16:20 austin_ apparently the exec mdoule `wheel.confg` does not exist
16:20 austin_ it woudl seem to me that you can't add the wheel mod to a state file?
16:20 austin_ it must be an execution module ?
16:20 austin_ its not exactly clear in documentation
16:21 ronnix joined #salt
16:25 keltim_ I noticed ansible has a neat jinja filter available called "ipaddr" ( http://docs.ansible.com/ansible/playbooks_filters_ipaddr.html )that allows for all kinds of ip address manipulation .. is there some way to have this in salt? it's just an interface to python's netaddr. but installing that and trying it of course does not work :/
16:26 bookwar joined #salt
16:27 Sketch yeah, it may be only execution modules that work
16:27 Sketch i didn't realize wheel moduels were a different thing
16:27 keltim_ otherwise, is there a pure jinja way to convert something like '192.168.24.3' to '3.24.168.192.in-addr.arpa' ?
16:28 gmoro joined #salt
16:29 teclator_ joined #salt
16:30 keltim_ not resorting to stuff like salt['cmd.shell']('some shell crap to produce the ptr')
16:31 Trauma joined #salt
16:40 djgerm1 thanks @keltim - I assume you mean https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_info.py ? If so, Thanks! That should do it!
16:41 bltmiller joined #salt
16:48 nicksloan joined #salt
16:49 nicksloan joined #salt
16:54 nicksloan joined #salt
16:56 netcho joined #salt
16:57 sp0097 joined #salt
17:07 muxdaemon joined #salt
17:14 xet7 joined #salt
17:17 hasues joined #salt
17:19 abednarik joined #salt
17:22 DammitJim joined #salt
17:24 nicksloan joined #salt
17:29 woodtablet joined #salt
17:30 raspado joined #salt
17:33 ttbigc joined #salt
17:38 ttbigc Hello, anyone share the experience with large scale salt deployment. I got about 30,000 hosts, in 6 locations, to  make math easy let just say 5,000 hosts at each location. I was looking to have one master and then 5 syndic's.  My main question any reason to look at multimaster-PKI and can you have a multimaste that also does sydnic as I want to only have one host that sends out commands
17:39 ssplatt joined #salt
17:41 impi joined #salt
17:42 beardedeagle anyone know how you would set nopreempt with the keepalived formula
17:47 muxdaemon joined #salt
17:49 nixjdm joined #salt
17:49 edrocks joined #salt
17:52 darioleidi joined #salt
17:53 nickabbey joined #salt
17:55 bltmiller joined #salt
17:56 debian112 joined #salt
17:57 muxdaemon joined #salt
18:09 KennethWilke joined #salt
18:15 woodtablet joined #salt
18:17 Inveracity joined #salt
18:28 KennethWilke joined #salt
18:29 nickabbey joined #salt
18:32 AbstractLion joined #salt
18:33 nickabbe_ joined #salt
18:40 prg3 joined #salt
18:42 Praematura joined #salt
18:43 s_kunk joined #salt
18:43 s_kunk joined #salt
18:51 ChubYann joined #salt
18:52 austin_ ttbigc: yes. we do multimaster active/active for our moms and syndic masters
18:52 austin_ each minion is connected up to those active/active syndics
18:52 austin_ rsync keys accordingly
18:53 austin_ if you have multiple MoMs, dont forget to set the master_id to whatever your have in your master/syndic_master list
18:53 bltmiller joined #salt
18:59 theblazehen joined #salt
19:04 jav joined #salt
19:10 aw110f joined #salt
19:21 nickabbey joined #salt
19:21 xet7 joined #salt
19:25 bowhunter joined #salt
19:29 hackel joined #salt
19:30 woodtablet joined #salt
19:30 xbglowx joined #salt
19:35 mikecmpbll joined #salt
19:36 SaucyElf joined #salt
19:39 bltmiller joined #salt
20:07 SaucyElf_ joined #salt
20:08 fredrick joined #salt
20:09 tapoxi hi all, matching by multiple grains w/python api? example: client.cmd('role:lb', 'haproxy.disable_server', ['{0}.{1}'.format(host, dc), 'home']) - I want to match role:lb and datacenter: oregon
20:11 cscf what's the salt function to get the ip address of an interface?  I forget
20:12 tapoxi grains.get ipv4?
20:13 cscf that gives all ips, I want to get eth0's ip
20:13 cyborg-one joined #salt
20:14 mpanetta joined #salt
20:14 cscf Just in case this is an XY problem: I want /etc/ssh/sshd_config to have ListenAddress: {{ eth0 }}
20:14 cscf So it only listens on the mgmt interface and not the internet one
20:15 tapoxi cscf: grains.get ip_interfaces
20:16 tapoxi under there it's interfacename:ip
20:16 tapoxi if you run a salt-call grains.items it'll show you everything
20:18 Sketch i think you can do something like {{ grains['ip_interfaces']['eth0'][0] }}
20:19 Sketch (or ip4_interfaces might be safer)
20:19 PatrolDoom ^ i do something similar w/ a context
20:19 PatrolDoom works like a charm
20:20 cscf tapoxi, that's exactly what I was trying to remember! thanks!
20:21 tapoxi np
20:26 ssplatt joined #salt
20:26 CampusD joined #salt
20:30 CampusD question, is there a way to monitor certain .sls files and if they change execute a state.apply ? if so, what would be the best approach to implement it
20:32 tapoxi CampusD: I think you can do that with GitFS and Reactor
20:33 tapoxi CampusD: gitfs fires an event on update, then you can use reactor to catch that and call state.apply
20:34 xbglowx joined #salt
20:35 rylnd_ joined #salt
20:42 jas02 joined #salt
20:47 bltmiller joined #salt
20:51 hasues left #salt
21:00 pppingme joined #salt
21:09 leak1t joined #salt
21:14 CampusD thanks tapoxi, I'll look into that option
21:15 Tanta joined #salt
21:20 eThaD joined #salt
21:20 muxdaemon joined #salt
21:25 zer0def joined #salt
21:29 snarfy^ joined #salt
21:30 muxdaemon joined #salt
21:32 nickabbey joined #salt
21:36 muxdaemon joined #salt
21:36 djgerm joined #salt
21:46 muxdaemon joined #salt
21:51 jas02 joined #salt
22:01 bltmiller joined #salt
22:03 edrocks joined #salt
22:06 Xopher joined #salt
22:24 xbglowx joined #salt
22:25 abednarik joined #salt
22:48 Sammichmaker joined #salt
22:52 jas02 joined #salt
23:03 keltim_ is there no way to manage an AWS elastic ip with a state module?
23:03 druonysus_ joined #salt
23:04 keltim_ there's an execution module for it, but the state module (boto_ec2) has almost no capabilities
23:04 muxdaemon joined #salt
23:08 gtmanfred based on the people who wrote it, i would be surprised if that was in there
23:21 jeddi joined #salt
23:23 skullone is there a recommended way to allow salt commands to be run on the master without 'sudo' ?
23:24 skullone i tried setting up the external_auth with pam, but i still get auth failures ;(
23:24 gtmanfred skullone: publisher acls
23:24 gtmanfred skullone: https://docs.saltstack.com/en/latest/ref/publisheracl.html
23:25 skullone ah, i thought the external_auth section did
23:25 skullone did this*
23:25 gtmanfred it can do that, but you still have to auth
23:25 gtmanfred there are multiple ways to do it
23:26 gtmanfred depends if you want people to have to authenticate again
23:26 gtmanfred also, external_auth is used for authenticating with salt-api
23:26 skullone ahh
23:31 DEger joined #salt
23:31 skullone aww, it doesnt take the group syntax like external_auth ;(
23:33 cacasmacas joined #salt
23:34 gtmanfred are you having problems using sssd with pam above and that is what is not working?
23:35 gtmanfred if you are, you need to install python-sss
23:36 gtmanfred https://github.com/saltstack/salt/pull/38926
23:36 saltstackbot [#38926][MERGED] add note about pysss for pam eauth | What does this PR do?...
23:39 djgerm joined #salt
23:46 skullone the publisher_acl worked - but was hoping you could do the 'group%' syntax like external_auth
23:46 sfxandy joined #salt
23:48 cyteen joined #salt
23:49 mavhq joined #salt
23:53 jas02 joined #salt
23:57 druonysus_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary