Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-03-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 PeterO_ joined #salt
00:14 Satyajit joined #salt
00:21 cachedout I have been playing around with securing salt-masters with yubikeys today and I wrote up a little post on how to do it, if anybody is interested it is here: https://medium.com/@mikeplace/using-hardware-otp-authentication-with-saltstack-8cb20b3d05e6#.91t9pa6w1
00:34 Dev0n joined #salt
00:36 Edgan cachedout: you are running the salt command on the salt master or from your laptop?
00:37 cachedout In my case, I am running my master on my laptop but since the key outputs directly to the console prompt so I am guessing (but have not confirmed) that it would work fine
00:41 Edgan cachedout: Without a way to pass the yubikey through ssh, or using it with the api this is useless to me. My salt masters are in AWS, and obviously I can't plug yubikeys into the instances.
00:42 cachedout Let me do a quick test.
00:43 Edgan cachedout: I do have a yubikey and I do use it with LastPass and Gmail.
00:44 cachedout I just tested this over SSH and the key output to the remote machine just fine
00:44 cachedout So it should work
00:44 Edgan cachedout: ah, since it acts as a keyboard, you are typing into an input field, and it just types into your ssh?
00:45 cachedout Correct
01:08 shoemonkey joined #salt
01:16 twork_ my latest edit: https://gist.github.com/twork/99e3a0a158fe5b485a80c4761c06349c
01:25 SaucyElf_ joined #salt
01:39 whytewolf twork does your current users seection have jinja in it? the one you want to import?
01:40 twork_ whytewolf: you mean, the one that's been running along in the past?
01:40 twork_ oh yeah. no, it does not.
01:40 whytewolf accounts.yml
01:40 whytewolf okay one sec
01:41 whytewolf might have a much simpler way but i need to test it
01:41 twork_ wait, hang on.  i misread you.  yes:
01:41 twork_ it is nothing but one import statement.
01:42 whytewolf no i mean the file being imported not the one doing the import
01:42 twork_ aha.  no: it's just a vanilla piller file.
01:42 whytewolf okay.
01:47 twork_ (i think you've already answered one of my basic questions, so thanks.  yes, pillar files can contain templates?)
01:47 packeteer joined #salt
01:48 icebal_ joined #salt
01:50 whytewolf yes
01:51 jeffspeff joined #salt
01:51 whytewolf BUT, no pillar references
01:51 twork_ ahhh.
01:51 heyimawesome joined #salt
01:51 twork_ thus my issue.
01:52 twork_ well
01:52 whytewolf also functions are run in the master scope
01:52 twork_ what i have isn't a "pillar reference", it's a reference to a file somewhere elee in my filesystem...?
01:52 whytewolf https://gist.github.com/whytewolf/7b7c2658b7500d166db8ce13d8ba5700
01:52 whytewolf yeah
01:53 twork_ ok, so that wasn't my problem, at least as such
01:53 whytewolf no, your problem was trying to do importing
01:53 whytewolf which is what the jist i just posted was about
01:53 whytewolf s/jist/gist
01:54 twork_ thanks, reading...
01:54 twork_ ...but yeah, i'd gotten that far, i think, but, "well then how do i get bits from a to b?" ...ok, back to reading
01:56 whytewolf whole thing is there. basicly import the yaml into a variable structure. [tmp] translate that variable structure a little bit, then output it as yaml
01:56 catpigger joined #salt
01:57 twork_ ok, that's definitely nothing i would have ever come up with myself.  gotta turn to other stuff for the moment but thanks.
02:00 whytewolf that is also why i asked about being pure yaml. if it was jinja based might not have been as clean
02:01 twork_ i think there's a lot of enilghtenment waiting for me in that little glob o' text.
02:04 edrocks joined #salt
02:25 twork_ whytewolf: just back, gave it a whirl... maybe i didn't adjust your code to fit properly, but i get: Failed to load ext_pillar stack: Encountered unknown tag 'import_yaml'
02:25 onlyanegg joined #salt
02:37 twork_ ...which is weird since... there it is, right there in the docs page on jinja...
02:37 sh123124213 joined #salt
02:46 al joined #salt
02:46 hemebond Paste?
02:47 twork_ ? which?
02:47 hemebond The code containing the error.
02:49 twork_ https://gist.github.com/twork/d7cf3df99f7dfbbeb38ad34be5c67993
02:51 hemebond And this is in your regular pillar or in an external pillar?
02:51 twork_ external
02:51 sp0097 joined #salt
02:52 hemebond Seems like a bug.
02:52 twork_ whee!
02:52 hemebond But I'm not familiar with external pillars.
02:52 hemebond What is the external pillar?
02:52 catpiggest joined #salt
02:54 twork_ the code i pasted is all of it (cribbed from whytewolf's help at https://gist.github.com/whytewolf/7b7c2658b7500d166db8ce13d8ba5700 )
02:55 overyander joined #salt
02:55 twork_ "SETASIDE/account-base.yml" points to a file alongside it, where there's a vanilla pillar file (users: ...)
02:56 hemebond Sure. It looks fine to me.
02:56 hemebond It's almost as if the external pillar rendering doesn't get the custom tags.
02:56 twork_ does look that way
02:57 sh123124213 joined #salt
02:57 hemebond That path is from the root, yes?
02:57 twork_ but since whytewolf just made that up (and tested it) that seems... odd...
02:57 twork_ no
02:57 hemebond It will work fine in regular pillar data.
02:57 hemebond Try an absolute path (from the root of the pillar).
02:57 hemebond (root of the pillar mount point)
02:57 twork_ yeah
02:57 twork_ trying...
02:58 hemebond I have an old file using import_yaml and it's just `import_yaml "globals.yml"` but that yml file is in the root, higher than the file that's importing.
02:58 hemebond Still, that's not the error you're getting.
03:00 whytewolf twork_: which ext_pillar are you using?
03:00 amcorreia joined #salt
03:00 twork_ uh...
03:00 whytewolf [sorry had stepped out for a quick bite to eat]
03:01 twork_ shame on you
03:01 djgerm so… i am running highstate right now…. and it seems to be stuck… sitting… for who knows what…. is there a way I can see what it's working on?
03:01 twork_ "which ext_pillar"?
03:01 twork_ are there multiple implementations?
03:02 twork_ or you mean something else?
03:02 whytewolf git_pillar
03:02 whytewolf ?
03:02 whytewolf filetree
03:02 djgerm var/log/salt/master is silent too…
03:02 twork_ my own file tree
03:02 whytewolf ohhhhh.
03:02 whytewolf um ...
03:02 whytewolf yeah ...
03:02 hemebond "my own file tree"?
03:04 twork_ hemebond: fles, in the filesystem, where my master lives
03:04 hemebond Oh, that's just regular pillar.
03:04 hemebond But you've got it in ext_pillar?
03:04 twork_ yeah
03:04 hemebond Why?
03:05 twork_ i have two pillar archives ("arvhives"? whatever, "places where i keep pillar foo").  one is vanilla pillar, the other is extended, parked side by side.  as for why:
03:06 whytewolf ...
03:06 twork_ funny you should ask.  i was trying to remember earlier.  There Was A Reason.
03:06 hemebond I hope it's amazing.
03:07 whytewolf it must be amazing.
03:07 whytewolf it has to be
03:07 whytewolf other wise. it seems a little crazy
03:07 twork_ i needed a batch of pillar data to behave in some logic-bound way, and i couldn't make the plain pillar do it.  ext solved my problem.
03:08 whytewolf o.0
03:08 twork_ so since then i've been parking stuff related to that same set of apps in the same area.
03:08 twork_ because, usually, it works fine.
03:09 twork_ i gather than i've strolled off into the weeds.
03:10 whytewolf i think you left the weed patch too
03:10 twork_ that would explain the weird sounds, and the lights...
03:11 hemebond So you maybe wanted some deterministic merging perhaps?
03:11 twork_ yes
03:11 hemebond Or wanted to access pillars in pillars.
03:11 hemebond Doesn't the top.sls determine order for pillars?
03:11 hemebond I always thought it did.
03:11 twork_ i think the former.  but obviously my memory is failing me.
03:11 hemebond But then I don't rely much on merging.
03:12 twork_ i have notes somewhere.
03:12 whytewolf neither do i.
03:13 whytewolf anyway. that kind of explains your errors. different ext_pillars handle jinja rendering differently... and apperently your's decideds to be just raw jinja with out the salt extras
03:13 twork_ ok, well i'm glad we had this little talk.  i'll see if that's the clue i needed.
03:13 twork_ aaahhh
03:14 twork_ yeah, one thing i do recall clearly from when i was trying (and trying... see, i know i had some reason that pushed me...)
03:15 twork_ ...was that some of the ext_pillar logic just... didn't act the way i thought it should from the docs.
03:17 twork_ anyhow.  this batch of data wants to live in a plain pillar, i guess, so i'll see what happens when i tote it over there.  thanks guys, as always.
03:19 hemebond Good luck 👍
03:19 twork_ rather.  thanks.
03:29 twork_ ok, because it bugged me... if anybody still cares, after reading some comments, i think the motivation was to have one body of pillar data, and have different subsets of it map to different minions... in some fairly convoluted ways.
03:31 al joined #salt
03:32 twork_ now you've got me wondering if that's still necessary.
03:58 sh123124213 joined #salt
03:59 shoemonkey joined #salt
04:04 ivanjaros joined #salt
04:06 edrocks joined #salt
04:14 djgerm Ok, this is a weird one. I had two minion that started spouting off about not being able to apply highstate cause it couldn't render a require state that it is not part of the high state. "This is likely due to a missing include statement or an incorrectly typed ID."
04:14 djgerm So I spun up a new instance, same cloud map, same minion ID+1
04:14 djgerm takes the highstate just fine
04:23 stooj joined #salt
04:30 llua joined #salt
04:33 hemebond twork_: Yeah, that's weird, and doesn't sound like something you'd need external pillars for.
04:33 justanotheruser joined #salt
04:52 leonkatz joined #salt
04:56 sh123124213 joined #salt
05:03 prg3 joined #salt
05:10 evle1 joined #salt
05:21 hasues left #salt
05:34 filippos joined #salt
05:39 sh123124213 joined #salt
05:48 filippos joined #salt
05:57 filippos joined #salt
05:58 leonkatz Anybody know why i get this the first time I run through my state.apply, but the second time it always workds.Reason: 'ddns' __virtual__ returned False
05:59 hemebond leonkatz: Possible problem with a module?
06:00 shoemonkey joined #salt
06:06 sh123124213 joined #salt
06:08 edrocks joined #salt
06:16 leonkatz i guess i thought it was dnspython, but reading up on it, might be psutil
06:16 leonkatz now i'm trying to figure out how to get the latest version with pip
06:23 bocaneri joined #salt
06:30 bocaneri joined #salt
06:33 sh123124213 joined #salt
06:38 sh123124213 joined #salt
06:58 ivanjaros3916 joined #salt
07:02 leonkatz not psutil, just checked its intalled
07:02 leonkatz and still failed
07:03 sp0097 left #salt
07:07 _JZ_ joined #salt
07:13 hemebond Tried running in debug mode to see what the error is?
07:20 fracklen joined #salt
07:39 babilen leonkatz: Are you reloading modules after installing dnspython ?
07:41 babilen __virtual__ just tries to import a couple of dns.* modules, so if you have those it should work. This requires that you reload modules after installation (i.e. "reload_modules: True")
07:41 babilen https://docs.saltstack.com/en/latest/ref/states/requisites.html#reload
07:41 babilen Assuming "dnspython" actually provides those modules
07:46 leonkatz i didn't try that
07:46 leonkatz i just add salt-cloud as required
07:46 leonkatz which seems to have resolved the issue here, but this is a salt master
07:47 leonkatz wonder what will happen on a minion
07:47 babilen salt-cloud is required?
07:47 leonkatz it just works
07:47 leonkatz but again this is a salt master
07:47 babilen You haven't mentioned salt-cloud before
07:48 leonkatz i just know that it installs a bunch of pips so i thought i would try it
07:48 leonkatz and it worked
07:48 babilen Try to do what with it?
07:49 leonkatz but its not a good solution, because i dont' want to install salt-cloud on my minions
07:49 babilen I really don't understand what this has to do with salt-cloud at all.
07:49 leonkatz - require:
07:49 leonkatz - pip: dnspython
07:49 leonkatz - pip: psutil
07:49 leonkatz - pkg: salt-cloud
07:49 leonkatz nothing
07:50 babilen So, again: Do you reload modules after installing dnspython?
07:51 leonkatz can i add that right to my dnspython pip.installed?
07:51 leonkatz no i have not
07:53 babilen Yes, that is exactly where you'd add it
07:53 leonkatz ok trying it now
07:54 leonkatz would be nice if that was in the info for the ddns state
07:55 leonkatz seems to be a real issue for that, everything else seemed to work ok
07:55 leonkatz gonna take a few minutes i'm provisioning a server
07:55 babilen It should mention that you have to install dnspython - The "reload_modules" thing is pretty common to all modules, so I wouldn't necessarily agree that it should be documented in each module
07:56 leonkatz just not sure how i would have found out if you hadn't told me
07:56 leonkatz is there a good way to educated myself
07:57 leonkatz maybe i'm not doing it right
07:58 babilen Good qurstion
07:59 babilen Question even
07:59 babilen Reading the entirety of https://docs.saltstack.com/en/latest/ref/states/requisites.html is definitely not a bad idea
08:00 shoemonkey joined #salt
08:01 leonkatz read it several times, understand and remember it definitely not, i have to look at documentation over and over again
08:02 leonkatz that worked, thank you so much
08:02 leonkatz one more question if i provision a master as a minion of another minion it doesnt automatically get accept the certificate
08:02 leonkatz i have to manually accept it
08:02 leonkatz other minion just get added
08:03 leonkatz am i just doing something wrong
08:03 babilen Could you rephrase that?
08:03 babilen What do you mean by "provision a master as a minion of another minion" ?
08:04 leonkatz I have a master, i'm using it to provision another server that is also a master, and a syndic,
08:05 leonkatz not sure if thats what you are asking about
08:09 babilen You mean you want to provision a syndic?
08:23 Tanta joined #salt
08:59 Tanta joined #salt
09:10 edrocks joined #salt
09:19 Tanta joined #salt
09:21 Praematura joined #salt
09:33 smcquay joined #salt
09:36 Trauma joined #salt
09:40 Tanta joined #salt
09:43 Trauma joined #salt
09:46 ronnix joined #salt
10:01 shoemonkey joined #salt
10:13 xet7 joined #salt
10:32 Inveracity joined #salt
10:51 Jimlad joined #salt
10:52 jdipierro joined #salt
10:57 geomacy joined #salt
11:12 upb joined #salt
11:25 catpig joined #salt
11:28 evle joined #salt
11:43 oms101_ joined #salt
11:51 Yoda joined #salt
11:51 Yoda joined #salt
11:54 Praematura joined #salt
11:58 geomacy joined #salt
12:02 shoemonkey joined #salt
12:13 edrocks joined #salt
12:31 Jimlad joined #salt
13:06 patrek joined #salt
13:32 fracklen joined #salt
13:33 shoemonkey joined #salt
13:40 Yoda joined #salt
13:40 Yoda joined #salt
13:42 ivanjaros joined #salt
13:56 Praematura joined #salt
14:15 edrocks joined #salt
14:19 DEger joined #salt
14:21 jwon joined #salt
14:21 esharpmajor joined #salt
14:21 Tanta joined #salt
14:22 vaelen joined #salt
14:22 stotch joined #salt
14:22 Eugene joined #salt
14:23 packeteer joined #salt
14:49 snc joined #salt
14:52 snc joined #salt
15:04 alem0lars joined #salt
15:11 aphor What's the best way of embedding a config file template into a state module?
15:16 geomacy joined #salt
15:20 DEger joined #salt
15:22 jcristau joined #salt
15:58 prg3 joined #salt
15:59 swills_ joined #salt
15:59 zenchike1 joined #salt
16:02 cachedout joined #salt
16:17 edrocks joined #salt
16:25 colegatron_origi joined #salt
16:25 colegatron_origi lask
16:25 dendazen joined #salt
16:26 colegatron_origi left #salt
16:37 DEger joined #salt
17:08 brousch__ joined #salt
17:12 TomJepp joined #salt
17:19 aphor never mind... modules/debian_ip.py is an example of using a jinja template from an execution module.
17:20 cachedout joined #salt
17:24 amcorreia joined #salt
17:57 abednarik joined #salt
17:58 abednarik joined #salt
18:00 shoemonkey joined #salt
18:02 fracklen joined #salt
18:05 Praematura joined #salt
18:18 netcho joined #salt
18:22 felskrone joined #salt
18:24 Trauma joined #salt
18:40 KingJ joined #salt
18:50 fracklen joined #salt
18:50 PatrolDoom joined #salt
18:55 KingJ joined #salt
19:13 patrek joined #salt
19:17 cyborg-one joined #salt
19:18 KingJ joined #salt
19:19 edrocks joined #salt
19:20 XenophonF joined #salt
19:25 patrek joined #salt
19:26 fracklen joined #salt
19:29 blue0ctober joined #salt
19:51 aldevar joined #salt
19:52 aldevar left #salt
19:57 ahrs joined #salt
20:11 shoemonkey joined #salt
20:15 shoemonk_ joined #salt
20:23 sh123124213 joined #salt
20:26 felskrone joined #salt
20:29 bgdnlp joined #salt
20:30 hasues joined #salt
20:30 hasues left #salt
20:31 sh123124213 joined #salt
20:37 netcho_ joined #salt
20:38 mlb55 joined #salt
20:41 oaken_chris joined #salt
20:46 mlb55 left #salt
20:53 abednarik joined #salt
21:07 karlthane_ joined #salt
21:07 LostSoul_ joined #salt
21:08 Hipikat joined #salt
21:08 vod1k joined #salt
21:08 honestly_ joined #salt
21:09 ahrs joined #salt
21:11 KingJ_ joined #salt
21:15 swa_work joined #salt
21:16 yuhl______ joined #salt
21:16 jwon joined #salt
21:16 justanotheruser joined #salt
21:16 cliluw joined #salt
21:18 Valfor joined #salt
21:18 nledez joined #salt
21:18 ecdhe joined #salt
21:18 Shirkdog joined #salt
21:18 Bryson joined #salt
21:18 __number5__ joined #salt
21:18 J0hnStee- joined #salt
21:18 fxhp joined #salt
21:18 FreeSpencer joined #salt
21:18 rpb joined #salt
21:18 tercenya_ joined #salt
21:19 nledez joined #salt
21:19 Dev0n joined #salt
21:21 edrocks joined #salt
21:23 PatrolDoom joined #salt
21:24 bbradley joined #salt
21:33 nebuchadnezzar joined #salt
21:45 rawzone joined #salt
21:51 fracklen joined #salt
21:54 DEger joined #salt
21:56 aldevar joined #salt
21:59 ekristen joined #salt
22:00 MTecknology hm..  {% if debapt['release'] == 'stretch' %} {% set debapt['release'] = 'jessie' %} {% endif %}  <-- I take it this isn't possible?
22:02 twiedenbein joined #salt
22:02 smcquay joined #salt
22:02 UForgotten_ joined #salt
22:02 cswang_ joined #salt
22:02 darvon joined #salt
22:02 nikogonzo69 joined #salt
22:02 tru_tru joined #salt
22:02 viq joined #salt
22:02 coldbrewedbrew joined #salt
22:02 wwalker_ joined #salt
22:02 rhand joined #salt
22:04 AndreasLutro {% do debapt.update({'release': 'jessie'}) %}
22:04 AndreasLutro {% do debapt.update(release='jessie') %}
22:04 AndreasLutro always forget you can do that
22:06 MTecknology ah, nice. Thanks!
22:09 aphor IMO salt/jinja needs a way to load something into the jinja context to do all that kind of logic.
22:10 MTecknology actually, I ended up realizing that this logic belongs in pillar, even if it is a temporary band-aid
22:10 duckfez joined #salt
22:12 MTecknology I wandor what other issues I'll have trying to deploy proxmox on debian 9...
22:16 swills joined #salt
22:25 aldevar left #salt
22:35 Tanta joined #salt
22:59 onlyanegg joined #salt
23:03 dps joined #salt
23:14 CmndrSp0ck joined #salt
23:35 ronnix joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary