Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-03

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 edrocks joined #salt
00:12 Derailed_ joined #salt
00:14 shakalaka joined #salt
00:19 sh123124213 joined #salt
00:20 arif-ali joined #salt
00:21 abednarik joined #salt
00:22 orion joined #salt
00:23 orion Hi. I use the network.system state to set the hostname, and *every* time I run highstate on Ubuntu 16.04, it adds a "SEARCH" line.
00:24 orion Why? Shouldn't it only be applied once, and then never again?
00:25 nickabbey joined #salt
00:25 funabashi joined #salt
00:27 eThaD joined #salt
00:30 gableroux joined #salt
00:40 PatrolDoom joined #salt
00:53 djgerm when I run highstate or apply, I get the following      Comment: No Top file or external nodes data matches found. …. and nothing happens…. any clue on where to look?
00:53 ivanjaros joined #salt
00:54 whytewolf djgerm: that error means one of two things. the top file doesn't exist where the minion is looking for it. or the minion is not finding a match for it's self in the top file it does find
00:55 whytewolf orion: that sounds like something that should be a bug report.
00:56 sh123124213 joined #salt
01:00 xet7 joined #salt
01:00 jas02_ joined #salt
01:01 tomthesalesman joined #salt
01:02 tomthesalesman left #salt
01:07 djgerm Oddly, when I specify another branch on the command line saltenv=Otherbranch … it sees that top file and it works…. man this is such a weird one. and applying states manually one at a time work (and automatically get from the correct environment)
01:10 djgerm is there a nuclear option to blow away all of the gitfs cache on the master?
01:14 djgerm oh i think i found it. some target didn't have a colon at the end…. testing if that fixed it
01:18 gableroux_ joined #salt
01:19 djgerm yup. that was it.
01:24 gableroux_ joined #salt
01:57 Renich joined #salt
01:58 nickabbey joined #salt
02:08 edrocks joined #salt
02:09 PatrolDoom joined #salt
02:10 PatrolDoom joined #salt
02:17 Nahual joined #salt
02:17 huddy joined #salt
02:21 woodtablet left #salt
02:27 gableroux_ joined #salt
02:28 onlyanegg joined #salt
02:36 lompik joined #salt
02:39 evle joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:52 mavhq joined #salt
02:59 nshttpd joined #salt
03:02 onlyanegg joined #salt
03:08 jas02_ joined #salt
03:12 writtenoff joined #salt
03:30 amagawdd joined #salt
03:47 catpig joined #salt
03:51 KaczuH joined #salt
04:01 aw110f joined #salt
04:09 jas02_ joined #salt
04:09 edrocks joined #salt
04:15 stooj joined #salt
04:17 aw110f joined #salt
04:31 PatrolDoom joined #salt
04:43 thebinary joined #salt
05:09 spuder joined #salt
05:13 bocaneri joined #salt
05:16 CampusD joined #salt
05:17 CampusD question, what would be the best way to check whether pillars are available? Would something like this work? {% if pillar.items == True %}
05:18 sh123124213 joined #salt
05:19 gableroux joined #salt
05:22 MTecknology huh?
05:23 MTecknology why would pillar not be available?
05:23 keldwud_ joined #salt
05:24 CampusD salt cache broken
05:25 CampusD would a state like this return True if available? https://gist.github.com/anonymous/835380fcf1186ec79324ef6b531e4937
05:25 CampusD I want to make sure pillars are there before certain states get run
05:28 XenophonF CampusD: it'd probably better to do something like {% if 'myapp' in pillar %}
05:29 XenophonF e.g., let's say i have a state named tomcat.shibboleth-idp, where the shibboleth:idp pillar contains all of its configs
05:30 CampusD you would check for shibboleth:idp ?
05:30 XenophonF so I could use `{% if 'idp' in salt['pillar.get']('shibboleth', {}) %}` to control whether the states in that SLS run
05:30 XenophonF I don't actually do this, mind
05:30 CampusD gotcha
05:31 XenophonF i'm actually ok with tomcat.shibboleth-idp throwing a ton of errors if it isn't configured correctly
05:31 XenophonF adding a guard like that seems more trouble than it's worth IMO
05:32 justan0theruser joined #salt
05:32 CampusD we don't control the master and sometimes those who do will be doing changes live in prodution
05:32 CampusD we get our iptables rules from pillar
05:32 XenophonF hm
05:33 CampusD and if they are not there they get wiped out
05:33 CampusD whatever we had before before a new state was applied
05:33 CampusD I just wanted to safeguard from it happening if pillar is down
05:33 XenophonF alternatively, if you loop over a list/dict of firewall rules, you could do something like this:
05:34 XenophonF {% for rule in salt['pillar.get']('firewall_rules', []) %}
05:34 XenophonF and then if the pillar isn't there, you'll iterate over the empty list
05:35 XenophonF here's a more complicated example of relying on defaults:
05:35 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/metadata-providers.xml#L125
05:36 CampusD cool, will take a look and see how to implement it
05:36 CampusD thanks XenophnF
05:36 XenophonF that's well after a value's been pulled out of pillar, so we're deep in iterating over what ends up being a tree-like data structure composed from several levels of dictionaries/lists
05:36 XenophonF np hope that helps
05:37 XenophonF the fun starts at line 71
05:38 mTeK joined #salt
05:38 ashmckenzie joined #salt
05:40 bocaneri joined #salt
05:48 voidspacexyz joined #salt
06:01 onlyanegg joined #salt
06:07 fracklen joined #salt
06:07 fracklen joined #salt
06:08 netcho joined #salt
06:08 fracklen joined #salt
06:13 jas02_ joined #salt
06:40 onlyanegg joined #salt
06:50 Zachary_DuBois joined #salt
06:50 mswart joined #salt
07:02 jas02_ joined #salt
07:04 jas02_ joined #salt
07:12 edrocks joined #salt
07:33 sjorge joined #salt
07:37 ravenx joined #salt
07:37 ravenx could someone help me with a salt cli -> salt-api json formatting issue?
07:37 ravenx https://github.com/saltstack/salt/issues/39138
07:37 saltstackbot [#39138][OPEN] Stuck on formatting JSON for rest_cherrypi | Things are going swimmingly when I convert:...
07:38 ravenx here is the post i made regarding it
07:41 onlyanegg joined #salt
07:42 aw110f joined #salt
07:46 gnomethrower joined #salt
07:47 gnomethrower Hey guys
07:47 gnomethrower I have a Ubuntu 14.04 salt master, using salt 2015.8.0 - and I'm using salt to manage and create a bunch of user directories, such as /home/foo
07:48 gnomethrower Problem is it seems to be creating them in a nested fashion - as /home/foo/home/foo!
07:49 rdas joined #salt
07:50 ravenx i think you gotta show us your formulas
07:50 ravenx or your salt command
07:50 gnomethrower ravenx: Sure... I need a few minutes to gather them
07:52 LondonAppDev joined #salt
08:05 toanju joined #salt
08:09 druonysus__ joined #salt
08:10 druonysus__ joined #salt
08:11 eThaD joined #salt
08:26 iggy ravenx: have you tried pepper?
08:28 eThaD joined #salt
08:29 eThaD joined #salt
08:31 ravenx iggy: what is that?
08:31 iggy ravenx: it's a lib/client for talking to salt-api
08:31 eThaD joined #salt
08:36 ravenx ah, let me take a look
08:37 ravenx it's sooooorta what i want
08:37 ravenx but for now, i just really need the json formatted for my curl.
08:38 eThaD joined #salt
08:38 mikecmpbll joined #salt
08:39 iggy it may show that if you turn on debug output
08:39 iggy kind of a round-about way to get that, but deperate times...
08:39 ravenx calls for desperate measures!
08:39 scristian joined #salt
08:40 ravenx debug for the pepper client?
08:40 iggy yeah
08:40 eThaD joined #salt
08:41 ravenx i'm tryin got find the docs for this lol
08:42 eThaD_ joined #salt
08:42 onlyanegg joined #salt
08:42 iggy hopefully your ticket leads to some doc improvements so nobody else has to go through the same
08:43 eThaD joined #salt
08:45 ravenx :( thanks
08:45 ravenx good ness
08:46 ravenx i hope pepper at least has a man page
08:46 ravenx what kinda lib/client has no doc?!?!!?
08:47 eseyman joined #salt
08:49 teclator joined #salt
08:50 ravenx ( i think i wil also try plan B which is to wait until babilen wakes up lol)
08:55 AndreasLutro clearly it's self-documenting code /s
08:55 cyteen joined #salt
08:58 ravenx lol
08:58 ravenx it could be
08:58 ravenx if it had docstrings + sphinx
08:59 eThaD joined #salt
09:01 eThaD joined #salt
09:02 inad922 joined #salt
09:02 eThaD joined #salt
09:06 Rumbles joined #salt
09:07 mikecmpbll joined #salt
09:09 mikecmpbll joined #salt
09:14 edrocks joined #salt
09:19 KaczuH joined #salt
09:22 babilen What have I done?
09:23 gladia2r joined #salt
09:25 stooj joined #salt
09:27 netcho_ joined #salt
09:27 toanju joined #salt
09:28 ravenx lol
09:30 ravenx not much, i was just wondering if you knew how to work with the expr_form that you suggested me yesterday
09:30 ravenx into a json block for my curl
09:30 ravenx i've only managed to get a test.pign going but anything more complex than that, nope.
09:31 amagawdd joined #salt
09:31 babilen I just wanted to give you an additional and relevant query term for your documentation search -- If you use different targeting methods you have to switch to the right one by setting expr_form
09:33 ravenx right, so in my case i have a feeling that i hav eto set expr_form to 'pillars'
09:33 ravenx what i dont get is if i need "tgt=" anymore
09:34 ravenx and as my command is salt --pillar 'app_role:dev'  where should i put the app_role:dev?
09:34 Reverend morning everyone
09:35 mikecmpb_ joined #salt
09:36 ravenx morning
09:36 iggy I never knew you could use --pillar instead of -I
09:37 iggy that would go in the tgt though
09:37 ravenx o_o
09:37 ravenx really?!
09:38 netcho joined #salt
09:38 netcho joined #salt
09:38 ravenx the --pillar would go in the tar
09:38 ravenx target*
09:38 ravenx or the 'app_role:dev'?
09:38 daxroc Anyone come across a state where salt becomes unresponsive - because zeromq dies?
09:38 iggy app...
09:39 ravenx oh
09:39 iggy expr_form=pillar tgt=app_role:dev
09:39 ravenx for the longest time i thought it was went in args=
09:39 ravenx -_-
09:39 iggy args is... well... args for the state/module
09:40 ravenx alright let me try this.
09:41 ravenx if this works i will cry tears of joy
09:41 ravenx cuz i've been stuck on this probvlem for 3 days now
09:41 ravenx cuz my devs are too good for the command line
09:44 hlub asdf, I treid to use pillar_pcre and matches like 'postgres:*' in top.sls for the states. The motivation is to automatically include states if there is any config for them in pillar. This almost works. The only problem is that when I configure something like 'logstash: {}' in pillar, the match does not work wince that * does not match an empty dict. :/
09:44 s_kunk joined #salt
09:45 ravenx iggy: OMFG IT WORKS ADAKSJSJ
09:45 ravenx iggy: thank you so so much.
09:45 netcho_ joined #salt
09:46 hlub So it seems that there is no way to detect if the pillar contains an empty dict under some key.
09:48 AndreasLutro hlub: keep a separate pillar dict named "services" or similar which maps which services are enabled
09:49 AndreasLutro then you'd match on 'services:postgres' and that'll check if pillar['services']['postgres'] is true or false
09:49 AndreasLutro your postgres pillar sls would look like this: services: { postgres: true }
09:51 hlub not a bad idea but then I should also specify what does service:postgres:false represent
09:53 ivanjaros joined #salt
09:53 AndreasLutro if you set that pillar to false, -I services:postgres simply won't match
09:53 AndreasLutro you probably won't override the pillar value like that honestly
09:54 AndreasLutro alternatively you could add an "enable: true" to every services's configuration dict to make sure that it's never empty
09:54 hlub someone might expect that the boolean value would have some purpose
09:56 AndreasLutro you could give it value if you wanted
09:57 AndreasLutro for example if it's false, disable the postgres service
09:57 AndreasLutro service.{{ 'running' if pillar.postgres.enable else 'dead' }}
09:58 hlub yeah
10:00 jas02_ joined #salt
10:00 jas02_ joined #salt
10:05 Neighbour can anyone tell me which function is called in salt/modules/boto_rds:exists? conn.describe_db_instances looks like it refers to /usr/lib/python2.7/site-packages/boto/rds2/layer1.py but any logging I insert there does not show on the minion console (-l debug)
10:06 hlub AndreasLutro: or even a variable that could hold one of the trhee values: enabled, disabled, absent.
10:08 Firewalll joined #salt
10:10 babilen ravenx: You might want to share the actual command you are trying .. that would have been an easy spot :)
10:11 teclator joined #salt
10:19 theblazehen joined #salt
10:28 ravenx babilen: https://github.com/saltstack/salt/issues/39138
10:28 saltstackbot [#39138][OPEN] Stuck on formatting JSON for rest_cherrypi | Things are going swimmingly when I convert:...
10:28 ravenx those were my failed json attempts
10:28 ravenx while trying to implement this CLI:  salt --pillar 'app_role:dev' state.sls
10:28 netcho joined #salt
10:28 netcho joined #salt
10:30 AndreasLutro ravenx: [{"client": "local", "tgt": "app_role:dev", "expr_type": "pillar", "fun": "test.ping"}]
10:30 AndreasLutro arg and kwarg are arguments to test.ping
10:33 ravenx i see where i messed up now
10:33 ravenx thanks guys
10:34 theblazehen joined #salt
10:36 viccuad__ joined #salt
10:37 viccuad__ Hi folks. I have heard that "the saltstack people do not recommend putting grains in /etc/salt/minion", which sounds kind of weird. Does anybody if that's true, and if so, the reasons? thanks in advance
10:40 babilen viccuad__: /etc/salt/grains{,.d} is nice
10:40 amcorreia joined #salt
10:42 _KaszpiR_ joined #salt
10:43 onlyanegg joined #salt
10:44 eThaD joined #salt
10:46 viccuad__ babilen: fair enough. Thanks :)
10:49 sjorge joined #salt
10:52 mikecmpbll joined #salt
10:52 jas02_ joined #salt
11:09 nickadam joined #salt
11:09 netcho joined #salt
11:14 jas02_ joined #salt
11:18 KaczuH joined #salt
11:18 evle1 joined #salt
11:19 eThaD joined #salt
11:23 LondonAppDev joined #salt
11:25 KaczuH joined #salt
11:26 sjorge joined #salt
11:27 jas02_ joined #salt
11:33 eThaD joined #salt
11:36 jas02_ joined #salt
11:36 jas02_ joined #salt
11:44 sjorge joined #salt
11:51 abednarik joined #salt
11:52 TyrfingMjolnir joined #salt
11:59 eThaD joined #salt
12:02 sjorge joined #salt
12:05 Reverend is there a way to make the minion ID change in salt... i.e. from the salt master to the minion?
12:16 edrocks joined #salt
12:19 abednarik joined #salt
12:20 phx joined #salt
12:21 lasseknudsen joined #salt
12:23 denys joined #salt
12:26 lasseknudsen2 joined #salt
12:27 DanyC joined #salt
12:32 swills joined #salt
12:40 Rkp_ I think so? but you'd need to restart the salt minion and re-accept the key?
12:43 onlyanegg joined #salt
12:44 inad922 joined #salt
12:45 sp0097 joined #salt
12:47 XenophonF are there any saltstack-formulas paired with a particular winrepo/winrepo-ng package repository?
12:48 XenophonF like, is the package repo part of the formula or is it a separate git repo?
12:51 lasseknudsen joined #salt
12:52 _KaszpiR_ joined #salt
13:03 Rumbles joined #salt
13:09 scoates joined #salt
13:10 numkem joined #salt
13:11 daxroc I've several mine.gets in a pillar is this a good / bad practice?
13:13 daxroc I'm thinking it's v.bad because the master seems to get lost serving these mine requests. In my example there are ~8 mine.get calls in the pillar, when applied to ~100 minions thats 800 calls right ? this seems to incapacitate the master i've not figured out why yet.
13:16 daxroc https://www.irccloud.com/pastebin/h4MKAgav/
13:16 daxroc Thats an example of the mine queries in the pillar.
13:21 theblazehen joined #salt
13:24 ssplatt joined #salt
13:25 Lionel_Debroux_ joined #salt
13:32 Nahual joined #salt
13:37 Tanta joined #salt
13:39 theblazehen joined #salt
13:39 edrocks joined #salt
13:41 [diablo] joined #salt
13:42 [diablo] Good afternoon #salt .... is there a method to have the default installation of salt-minion try to connect to the salt master, and if fails that is disables the salt-minion service?
13:43 [diablo] retry_dns I guess must be the one
13:47 toanju joined #salt
13:48 hoonetorg joined #salt
13:50 netcho joined #salt
13:53 CampusD joined #salt
13:57 darioleidi joined #salt
13:58 drawsmcgraw joined #salt
14:00 mswart left #salt
14:08 _Cyclone_ joined #salt
14:12 beardedeagle joined #salt
14:14 austin_ joined #salt
14:19 netcho joined #salt
14:20 stickmack joined #salt
14:23 toanju joined #salt
14:25 beardedeagle joined #salt
14:32 nickabbey joined #salt
14:36 fracklen joined #salt
14:40 austin_ i'm a touch confused on s3 ext pillar
14:40 austin_ how do i reference the pillar file i'm after?
14:42 AndreasLutro I think you put top.sls and other sls files in there as you woould on a regular filesystem
14:44 austin_ so `s3://public-deployment-data/parameters.yml` ?
14:44 austin_ bucket + file
14:44 austin_ o wait. sorry. so i need the top file in there as well?
14:44 onlyanegg joined #salt
14:44 AndreasLutro I guess so. the docs are a bit sparse so I'm just guessing
14:44 AndreasLutro nor have I used it myself
14:44 austin_ ummm... so ext_pillar is all or nothing with s3 ext pillar ?
14:45 AndreasLutro nah I suppose it merges them together
14:45 AndreasLutro we use multiple external pillars and they all get merged, after all
14:45 austin_ are you keeping multiple top files ?
14:45 AndreasLutro none of our external pillars use .sls files
14:46 austin_ ah. ok so like a db or something
14:46 austin_ is your top file local then ?
14:46 austin_ that is what is confusing to me
14:46 AndreasLutro actually that's not technically true. we use git_pillar which is an external pillar and that does come with a top.sls
14:49 KaczuH joined #salt
14:51 gableroux joined #salt
14:52 nineteen joined #salt
14:52 yuhl___ joined #salt
14:56 racooper joined #salt
14:56 djgerm joined #salt
15:02 ravenx it's a friday and getting awfully close to 5pm and i just feel like standing on my chair right now and yelling:  "VAGRANT!    UP!!"
15:06 * babilen recommends switching to kvm with vagrant-libvirt .. so much faster than pesky vbox
15:07 gheistbane joined #salt
15:08 lompik joined #salt
15:12 gheistbane We are having an issue with git.latest, in that, it is not updating an existing clone to the specified branch version.   This seems to work at some times, and other times, not so much.   http://pastebin.com/GuD0DKQs
15:13 gheistbane am I maybe missing some option or setting?  We want this to be able to update code in prod, and then if we have to fail back, I can run it again with the older brand and it will checkout the old branch... instead we keep seeing it only having develop branch code... it seems to be defaulting to the develop branch.
15:14 gheistbane any assistance is appreciated.
15:14 mpanetta joined #salt
15:15 mpanetta joined #salt
15:18 swills joined #salt
15:19 bowhunter joined #salt
15:20 thebinary joined #salt
15:22 sarcasticadmin joined #salt
15:26 Sammichmaker joined #salt
15:34 amagawdd joined #salt
15:34 anotherzero joined #salt
15:38 NV joined #salt
15:38 mdpolaris joined #salt
15:38 austin_ is there a way to see what the compiled master config looks like ?
15:38 austin_ i have several master.d/*.conf files
15:39 Brew joined #salt
15:40 mdpolaris I am trying to test the SDB interface with Vault and when i perform a query all i get back is the same string: salt ‘minion’ sdb.get sdb://sdb_vault/secret/salt?twx_login
15:40 mdpolaris the minion returns this exactly: sdb://sdb_vault/secret/salt?twx_login
15:41 mdpolaris Vault is storing the key at /secret/salt and the field is twx_login
15:48 eThaD joined #salt
15:49 keltim joined #salt
15:49 APLU joined #salt
15:49 Cadmus Is there a sensible way to restart a salt minion using salt? Naivelt using "cmd.rum 'systemctl restart salt-minion'" naturally fails as the minion dies halfway through (CentOS 7 if it makes a difference)
15:50 spuder joined #salt
15:51 austin_ Cadmus: https://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt
15:51 Cadmus Cunning, thanks austin_
15:57 swa_work joined #salt
15:59 djgerm1 joined #salt
16:04 anotherzero joined #salt
16:04 swa_work joined #salt
16:05 catpig joined #salt
16:07 mdpolaris ok, i have more info on the SDB issue
16:09 mdpolaris is anyone familiar with the SDB interface? The sdb queries work with salt-run, however they do not execute from a minion with either salt ‘MINION’ sdb.get or salt-call sdb.get
16:09 mdpolaris well to be accurate, they do execute, however whatever string I enter after sdb.get is simply returned back by the minion
16:11 nickabbey joined #salt
16:13 amagawdd joined #salt
16:29 onlyanegg joined #salt
16:30 tapoxi joined #salt
16:33 tapoxi anyone using the salt formula? is there a way for it to set publisher acl?
16:33 LondonAppDev joined #salt
16:35 spuder joined #salt
16:37 quasiben joined #salt
16:37 swa_work joined #salt
16:44 DanyC joined #salt
16:45 swa_work joined #salt
16:51 DanyC joined #salt
16:52 XenophonF it doesn't look like the formula is set up to use that
16:52 XenophonF it shouldn't be difficult to add, if you're feeling motivated
17:02 nidr0x joined #salt
17:04 PatrolDoom joined #salt
17:16 pcn Can I create a namespace in my _modules, e.g. so I can run salt '*' mynamespace.mymodule.foo?
17:17 pcn Do I need a __virtual__ to do that?
17:18 swa_work joined #salt
17:18 pcn Hm, that doesn't seem to do it
17:20 PatrolDoom joined #salt
17:26 armyriad joined #salt
17:27 aw110f_ joined #salt
17:32 spuder_ joined #salt
17:32 debian112 joined #salt
17:34 debian112 left #salt
17:36 sh123124213 joined #salt
17:36 edrocks joined #salt
17:37 stickmack joined #salt
17:38 Karunamon question.. I've got a minion that's driving me nuts. It thinks it has a 'devel' environment that it needs to be pulling from. Only problem, its config file is *empty*, and the master it's talking to does not and never has had anything but one environment.
17:38 Karunamon (which is the default 'base')
17:39 filippos joined #salt
17:39 Karunamon tried nuking /var/cache/salt/minion to no effect
17:40 Karunamon the minion in question is an ubuntu 14 machines in with about a hundred other ubuntu 14 machines.. only this one is unhappy.
17:42 pcn Have you checked it's /etc/salt/minion* to see if that's somehow set there?
17:43 Karunamon only thing in there is the default (all comments) config file. it's running on defaults
17:44 beardedeagle Best practices for saltstack formulas: Better to make a formula completely standalone or dependent on other formulas?
17:44 abednarik joined #salt
17:45 whytewolf is there anything in /etc/salt/minion.d? also I'm not sure about this but check it's pillars for an environment: "devel" [some minion settings can be pillar settings]. also check grains. and also check your top file.
17:45 whytewolf Karunamon: is there anything that has a settings of devel?
17:45 Karunamon minion.d has a _schedule.conf that does a mine.update
17:46 whytewolf ok a mine.update wouldn't do that
17:46 Karunamon not anywhere in my environment that I'm aware of, whytewolf. We've never used anything but the one environment
17:46 whytewolf Karunamon: not just enviroment ANYthing that has a value of devel
17:48 Karunamon nothing containing the word 'devel' case insensitive anywhere in the state dir on the master, or in /etc/salt on the minion..
17:48 whytewolf and in pillar?
17:49 Karunamon no pillar on the minion, no matches on master
17:49 eThaD joined #salt
17:49 whytewolf okay, that setting had to have come from somewhere.
17:50 Karunamon i know. something obvious has to be getting overlooked here
17:50 patrek joined #salt
17:50 whytewolf if you are using gitfs do you have a devel branch
17:51 Karunamon ..son of a gun, yes
17:51 Karunamon except why on earth is this one minion using that branch
17:51 fracklen joined #salt
17:52 sjorge joined #salt
17:52 sjorge joined #salt
17:53 whytewolf check if there is a top file in that branch
17:53 Karunamon yeah, there is. It's a separate copy of our state tree which is in master
17:53 whytewolf check the contents
17:55 Karunamon not sure what I'm looking for here - this one minion has no unique targeting
17:56 Arendtsen joined #salt
17:56 baffle joined #salt
17:56 blue joined #salt
17:56 asoc joined #salt
17:56 davromaniak joined #salt
17:56 davromaniak joined #salt
17:56 netzvieh joined #salt
17:56 jwon joined #salt
17:56 RobertLaptop joined #salt
17:56 lubyou joined #salt
17:56 whytewolf joined #salt
17:56 oyvindmo joined #salt
17:56 Mate joined #salt
17:56 Mate joined #salt
17:56 pjs joined #salt
17:56 Nebraskka joined #salt
17:56 nihe joined #salt
17:56 ekkelett joined #salt
17:56 Karunamon it's using base '*' just like everything else
17:56 descrepes joined #salt
17:56 TooLmaN joined #salt
17:56 jerrcs joined #salt
17:56 Qlawy joined #salt
17:56 khorben joined #salt
17:56 varesa joined #salt
17:56 Roelt joined #salt
17:56 whytewolf there had to be something that told it that devel was it's environment.
17:56 skullone joined #salt
17:56 LotR joined #salt
17:56 pietdv joined #salt
17:56 the_lalelu joined #salt
17:56 SamYaple joined #salt
17:56 dh joined #salt
17:56 devtea joined #salt
17:56 egilh joined #salt
17:56 inire joined #salt
17:56 stotch joined #salt
17:56 gadams joined #salt
17:56 MTecknology joined #salt
17:56 elektrix joined #salt
17:56 hoolio joined #salt
17:56 kevc joined #salt
17:56 whytewolf there are only two places that happens. the top file and a config setting called enviroment
17:56 ntropy joined #salt
17:56 cscf joined #salt
17:56 baikal joined #salt
17:56 sybix joined #salt
17:56 Sacro joined #salt
17:57 chamunks joined #salt
17:57 mattp joined #salt
17:57 dhoutz joined #salt
17:57 mr_kyd joined #salt
17:57 carmony joined #salt
17:57 varesa joined #salt
17:57 swa_work joined #salt
17:58 whytewolf Karunamon: on the minion run salt-call config.get environment
17:58 rome_390 joined #salt
17:58 Karunamon None.
17:58 georgemarshall joined #salt
17:58 whytewolf ok, then it has to be a top file
17:58 mTeK joined #salt
17:59 Karunamon I could probably just nuke the devel branch (it's old), but that doesn't seem like fixing the root cause
18:00 whytewolf Karunamon: try state.show_top
18:01 Karunamon ----------
18:01 nickabbey joined #salt
18:01 Ch3LL joined #salt
18:01 varesa joined #salt
18:01 majuscule joined #salt
18:01 watersoul joined #salt
18:01 whytewolf just a blank line? no enviroment? no nothing?
18:02 Karunamon correct.
18:02 Karunamon salt-call state.show_top
18:02 Karunamon local:
18:02 Karunamon ----------
18:03 Trauma joined #salt
18:04 varesa joined #salt
18:04 Karunamon forcing environment:base in the minion config.. I can see the correct sls being picked up (and the bogus one not), but the minion decides the file doesn't apply to it and does nothing
18:05 whytewolf that would sugest the minion is still being told that it's enviroment is devel in a top somewhere
18:06 varesa joined #salt
18:06 bbhoss joined #salt
18:08 whytewolf there is no setting in the code of salt that would default to devel. typically if possable dev maybe. although that is a long shot as well.
18:09 varesa joined #salt
18:09 Karunamon is there anywhere else on the minion something like that would be getting stored, or is this definitely coming from the master?
18:10 sh123124213 joined #salt
18:11 ivanjaros joined #salt
18:12 whytewolf there is only 2 places this gets set. a minion config settings. which we tested and it isn't. and from top. which is merged from all enviroments
18:12 whytewolf [each gitfs branch can be an environment]
18:14 varesa joined #salt
18:23 _JZ_ joined #salt
18:24 pcn whytewolf do you know if it's possible to namespace modules, e.g. "salt '*' foo.bar.function" so that I can fence off my own stuff?
18:26 debian112 joined #salt
18:26 whytewolf pcn: i wish it was. there is no reason it sholdn't be except the sync scripts ignore the init dunder that would make it possable
18:26 woodtablet joined #salt
18:26 alexlatchford joined #salt
18:27 pcn Ah
18:27 pcn OK, good to know
18:30 cyborg-one joined #salt
18:31 eThaD joined #salt
18:33 beardedeagle joined #salt
18:40 swa_work joined #salt
18:41 PatrolDoom joined #salt
18:42 bowhunter joined #salt
18:43 varesa joined #salt
18:43 debian112 joined #salt
18:43 gableroux joined #salt
18:44 varesa joined #salt
18:44 Dr_Jazz joined #salt
18:45 iggy the lazyloader would probably also need some work
18:46 whytewolf the lazyLoader should already handle it. there is at least one set of mainline modules that already use a namespace
18:48 whytewolf inspectlib
18:50 iggy daxroc: salt mine has enough other issues (on top of that one) that you may want to look at other options (a pillar talking to an actual service discovery system, etc...)
18:51 keltim joined #salt
18:52 Edgan joined #salt
18:52 eThaD joined #salt
18:53 woodtablet left #salt
18:55 Karunamon whytewolf: so I trashed that devel branch on my gitfs.. and the minion is still acting as if the master is providing it
18:55 Karunamon cache cleared, minion/master restarted, etc
18:56 nickabbey joined #salt
18:58 netcho joined #salt
19:01 dstokes joined #salt
19:02 edrocks joined #salt
19:03 keltim joined #salt
19:05 swa_work joined #salt
19:07 Karunamon had to rm /var/cache/salt/master/gitfs
19:07 bocaneri joined #salt
19:07 Karunamon now I just have to figure out why this one particular minion thinks the same state that applies to 500 other machines doesn't apply to it, even though we don't use machine specific targeting in this environment :x
19:08 Neighbour it's probably the master that decides that
19:08 Karunamon it would have to be - I went as far as purging the minion on that client. There's nothing left anywhere but the server side for this to occur
19:10 druonysus__ joined #salt
19:19 ChubYann joined #salt
19:21 MTecknol1gy joined #salt
19:23 Neighbour check your state top.sls
19:23 Neighbour that should determine which states get executed on which minion(s)
19:24 Karunamon https://gist.github.com/Karunamon/469b9a74a425db09eb95babe505390bd
19:24 MTecknology joined #salt
19:24 Karunamon the machine I'm having issues with is os_family:Debian as shown by grains.get
19:27 Karunamon and yet:   Name: states - Function: no.None - Result: Failed
19:27 Karunamon salt 'foobox' grains.get os_family => foobox: Debian
19:28 swa_work joined #salt
19:34 eThaD joined #salt
19:34 PatrolDoom joined #salt
19:36 DammitJim joined #salt
19:42 beardedeagle joined #salt
19:53 alvinstarr joined #salt
19:58 toanju joined #salt
20:08 ssplatt joined #salt
20:08 hackel joined #salt
20:09 keltim joined #salt
20:12 dstokes left #salt
20:19 Praematura joined #salt
20:20 cyborg-one joined #salt
20:22 cscf Karunamon, that sometimes means your top.sls has broken formatting
20:24 jrklein joined #salt
20:25 bluenemo joined #salt
20:28 hackel joined #salt
20:33 Karunamon cscf: Changed the syntax in the topfile to use a compound matcher and suddenly it works
20:33 Karunamon ¯\_(ツ)_/¯
20:51 doubletwist joined #salt
20:51 cscf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html says to use 'openssl passwd -1' to generate the hash.  Isn't that really obsolete?
20:52 gableroux joined #salt
20:56 whytewolf well, md5 passwords are kind of frowned on.
20:57 cscf Yeah, it's 5000 rounds of sha512 these days, isn't it?
20:58 ecdhe 5000 rounds isn't needed, cscf
20:58 whytewolf $6 is typical which is just sha-512
20:58 cscf I did see a distro that was using 5000 rounds, but I guess it's not default
21:00 ecdhe cscf, if an application needs so many rounds, it should use a hash with an engineered cost.  SHA512 is a cryptographic hash but it's not engineered to be costly.  If you need cryptographic, use it just once.  If you need costly, try bcrypt, scrypt, etc.
21:00 s_kunk joined #salt
21:00 cscf ecdhe, I would guess their idea was to increase security without increasing dependencies
21:02 ecdhe With the right hash algorithm, you can guarantee RAM costs as well as computation costs, making it easier to overwhelm GPU password cracking platforms, for instance.
21:02 whytewolf seems to be a round way to go about it. would be easier to use bcrypt or scrypt
21:02 druonysus__ joined #salt
21:03 netcho_ joined #salt
21:03 JPT Review your threat model: What are you trying to achieve, what kind of attacks might happen, what is the worst case that might happen? Make your decision based on that rather than how much of dependencies it might add. :-)
21:03 cscf litecoin used a version of scrypt to try to prevent GPU mining.  Then someone made a GPU algo for it that worked ok.  Then they claimed it was to prevent ASICs. Then people started making ASICs for it. lol.
21:04 cscf net result - greater imbalance because ASICs existed but were harder to get
21:04 cscf Anyway, not intending to discuss the details of hashes, just wondering why the docs recommend MD5
21:05 whytewolf most likely because the author is a bunch of old hats that are used to seeing $1 in their shadow files
21:06 whytewolf to be fair the change to sha512 as default has been a slow one even knowing the issues with md5
21:06 cscf So the pillar var for the hashed password should include the $6$, right?
21:06 ecdhe cscf, didn't mean to give you a hard time!  I just love discussing hashes.
21:06 cscf ecdhe, how terribly surprising, given your name.  XD
21:07 whytewolf cscf: the output of openssl passwd includes the hash level so yes
21:07 cscf using 'mkpasswd -m sha-512'
21:07 cscf have to install 'whois' pkg but it's more foolproof
21:11 whytewolf well you still need to install something. openssl tends to be everywhere already
21:13 whytewolf not defending md5... just the choice to use openssl instead of installing something
21:14 whytewolf ahh mkpasswd is part of expect on centos ..
21:15 whytewolf what they should do. since python is on the system is use this python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
21:16 keltim joined #salt
21:18 gableroux joined #salt
21:19 cscf See, I'm sure that works, but I find that close to the 'roll your own' that one doesn't do.
21:20 cscf When dealing with crypto, I like commands on the order of 'mkpasswd -m sha-512'
21:21 cscf Also, mkpasswd's man page is amusing: "mkpasswd - Overfeatured front end to crypt(3)"
21:21 cscf BUGS:  This programs suffers of a bad case of featuritis.
21:25 whytewolf one of the issues is the mkpasswd for debian is not the same as the mkpasswd for redhats.
21:31 varesa joined #salt
21:37 pcn is saltutils.sync_modules particularly expensive for some reason?
21:38 heewa joined #salt
21:39 pcn I'm getting timeouts running that across an couple of hundred nodes
21:39 pcn I guess I need smaller batch sizes
21:39 heewa I'm still having periodic minion hangs. Tried running `salt-call -l debug state.apply a.simple.sls` and sometimes it hangs after `Initializing new AsyncAuth for …` with subsequent `SaltReqTimeoutError, retrying.`. On the salt-master debug output, nothing. Any ideas?
21:39 eThaD joined #salt
21:42 whytewolf pcn: it can be a little hungry if lots of modules exist. it basiclu file.recuses the modules to the proper place
21:43 LewB joined #salt
21:45 pcn Hmm, only have 2
21:46 eThaD joined #salt
21:48 varesa joined #salt
21:49 pcn not a big deal, -b 5 is doing better
21:53 sjorge joined #salt
21:53 sjorge joined #salt
21:56 drawsmcgraw left #salt
21:57 fracklen joined #salt
21:57 djgerm1 when you're using gitfs, can you specify branch and support tags?
21:58 djgerm1 oh look at that. yes
21:59 beardedeagle joined #salt
21:59 beardedeagle What is the process for getting access to the Salt Stack Formulas org?
22:00 ranomore1 joined #salt
22:01 beardedeagle Just says to ping a saltstack employee so I guess...ping gtmanfred
22:01 whytewolf post to the salt-users group a write up to the formula you wrote with a link to a github repo.
22:01 beardedeagle ah
22:01 beardedeagle can do that too
22:07 ranomore1 Has anyone tried boostrapping SPM (salt package manager) packages in their formula setups? For example, I boostrap a masterless minion with vagrant, but the formula I'm testing needs another formula. Since the package installs a state, it needs to be run before a highstate is run.
22:09 ranomore1 Doesn't seem that there is a manifest format for required spm packages on a particular minion or master either.
22:28 eThaD joined #salt
22:32 swa_work joined #salt
22:34 sarcasticadmin joined #salt
22:37 onlyanegg joined #salt
22:39 mauli joined #salt
22:41 abednarik joined #salt
22:42 riftman joined #salt
22:46 tercenya joined #salt
22:48 hlub joined #salt
22:49 eThaD joined #salt
22:52 mavhq joined #salt
22:52 Rumbles joined #salt
23:00 swa_work joined #salt
23:04 ronnix joined #salt
23:08 ronnix joined #salt
23:31 eThaD joined #salt
23:32 swa_work joined #salt
23:43 swa_work joined #salt
23:58 gableroux joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary