Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-03-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 whytewolf humm, can i not use branches with dots in them in github?
00:02 hemebond That might confuse Git
00:02 whytewolf normal git handels it fine
00:02 hemebond Hmm.
00:02 hemebond I thought it used periods as a sepratator.
00:03 Edgan I know this sounds weird, but how do I change the pkg.installed provider to apt on a yum based system?
00:03 hemebond provider?
00:03 hemebond Sorry
00:03 woodtablet left #salt
00:03 whytewolf not weird at all
00:03 Edgan whytewolf: ok, how?
00:04 whytewolf looking it up. trying to remeber the magic sauce
00:04 keldwud joined #salt
00:04 keldwud joined #salt
00:05 whytewolf hemebond: had it
00:05 whytewolf https://docs.saltstack.com/en/latest/ref/states/providers.html
00:06 whytewolf i think there is also a module config that does it for all packages
00:06 whytewolf s/module/minion
00:06 dps joined #salt
00:06 Edgan whytewolf: I only need to do it for one
00:07 Edgan whytewolf: but I tried "- provider: apt" and got the same error about yum.
00:07 whytewolf okay, then yeah -provider: aptpkg
00:08 daxroc joined #salt
00:08 Edgan whytewolf: oh documentation, it calls it apt, here, https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
00:08 whytewolf or yumpkg
00:09 whytewolf ahhh, typo the name of the module is aptpkg
00:13 Edgan whytewolf: just ran across another typo
00:15 _JZ_ joined #salt
00:24 dxiri joined #salt
00:24 masber joined #salt
00:26 Edgan whytewolf: that isn't working either
00:27 schemanic_ joined #salt
00:35 nikdatrix joined #salt
00:40 whytewolf humm. i don't have time to dig into code. but that sounds like a bug. the setting is defintly provider. and the instrctions do list pkg as one of the states that can be overridden. and the module in question is aptpkg and yumpkg
00:41 Edgan whytewolf: this might be another salt-ssh only issue :\
00:51 whytewolf oh lovely
00:53 bbradley joined #salt
00:55 cyteen joined #salt
01:01 dxiri joined #salt
01:19 Tanta joined #salt
01:31 dxiri joined #salt
01:33 WildPikachu joined #salt
01:47 onlyanegg joined #salt
01:53 djgerm joined #salt
01:59 jdipierro joined #salt
02:00 pipps joined #salt
02:05 dxiri joined #salt
02:29 DammitJim joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
03:05 schemanic_ joined #salt
03:05 scsinutz joined #salt
03:06 LordOfLA joined #salt
03:15 masber joined #salt
03:22 evle joined #salt
03:38 vegasq joined #salt
03:39 jauz_ joined #salt
04:06 justanotheruser joined #salt
04:14 Sarph joined #salt
04:15 bocaneri joined #salt
04:17 cryptolukas joined #salt
04:22 Klaus_Dieter joined #salt
04:37 nikdatrix joined #salt
04:41 DEger joined #salt
04:43 DEger joined #salt
04:49 Guest45332 joined #salt
04:58 rdas joined #salt
04:59 Guest82302 joined #salt
05:21 catpig joined #salt
05:28 mavhq joined #salt
05:56 Vaelatern joined #salt
05:57 sh123124213 joined #salt
06:00 jdipierro joined #salt
06:00 calvinh joined #salt
06:08 impi joined #salt
06:14 karlthane joined #salt
06:38 nikdatrix joined #salt
06:43 candyman88 joined #salt
06:52 ronnix joined #salt
07:01 DarkKnightCZ joined #salt
07:02 golodhrim|work joined #salt
07:05 sh123124213 joined #salt
07:08 q1x babilen: thanks!
07:10 felskrone joined #salt
07:22 xdfreak22 joined #salt
07:23 xdfreak22 hello
07:24 Ricardo1000 joined #salt
07:28 fracklen joined #salt
07:33 fracklen_ joined #salt
07:34 sjorge joined #salt
07:34 sjorge joined #salt
07:36 DEger joined #salt
07:38 ReV013 joined #salt
07:44 Praematura joined #salt
07:46 sh123124213 joined #salt
07:47 Reverend joined #salt
08:03 dps joined #salt
08:07 aldevar joined #salt
08:13 Inveracity joined #salt
08:13 Ricardo1000 joined #salt
08:14 dps_ joined #salt
08:22 JohnnyRun joined #salt
08:23 candyman88 joined #salt
08:23 fracklen joined #salt
08:24 fracklen joined #salt
08:28 nikdatrix joined #salt
08:33 nikdatrix joined #salt
08:44 o1e9 joined #salt
08:53 Reverend joined #salt
08:58 Rumbles joined #salt
08:59 ronnix joined #salt
09:21 msn joined #salt
09:26 s_kunk joined #salt
09:43 mikecmpbll joined #salt
09:47 dRiN joined #salt
10:02 jdipierro joined #salt
10:04 LondonAppDev joined #salt
10:04 LondonAppDev_ joined #salt
10:05 LondonAppDev joined #salt
10:12 Inveracity I'm trying to do some test rendering of pillar files, issue written up here: https://github.com/saltstack/salt/issues/40176
10:12 saltstackbot [#40176][OPEN] Testing pillars | Description of Issue/Question...
10:13 Inveracity if you've got an idea or a different approach I'd love to know about it :)
10:20 eseyman joined #salt
10:20 KingOfFools left #salt
10:35 Rumbles is it possible to run a pip install with the --no-binary option using salt? Can I just put --no-binary after the module name in my state file?
10:38 Rumbles Inveracity, have you tried salt[grains.get]('id') ??
10:39 Rumbles sorry
10:39 Rumbles salt['grains.get']('id')
10:39 dendazen joined #salt
10:41 Inveracity goodness me I can't believe it was that simple, that totally works Rumbles, thank you!
10:42 Rumbles np :)
10:43 Inveracity regarding the --no-binary option, I wonder if you can set it in a pip configuration file prior to running the state
10:47 Praematura joined #salt
10:50 Inveracity this is the best example I could find: https://github.com/rbtcollins/pip/commit/a66d3e2e8b608689676cecdefe3aba1a1472f21b#diff-8f31e8f015fdddcac99e505cd0b3d717R206
10:50 haam3r Rumbles: Have you tried the 'install_options' or 'global_options' variables for the pip.installed state...they seem to be lacking proper documentation but the names suggest they might be the right place
10:52 Rumbles thanks I'll have a look
10:54 haam3r Rumbles: install_options actually has an example as well...somehow missed it the first time reading
10:56 rdas joined #salt
11:07 gmoro joined #salt
11:08 gmoro joined #salt
11:10 N-Mi joined #salt
11:10 N-Mi joined #salt
11:22 rdas joined #salt
11:27 DEger joined #salt
11:41 JohnnyRun joined #salt
11:51 Rumbles joined #salt
11:54 harkx joined #salt
12:01 numkem joined #salt
12:22 shoemonkey joined #salt
12:23 impi joined #salt
12:29 shoemonkey joined #salt
12:34 candyman88 joined #salt
12:45 ssplatt joined #salt
12:49 Tanta joined #salt
12:57 msn joined #salt
12:58 msn this is my sls file http://paste.debian.net/922955/ I am trying to execute 2 commands but want to make sure the second command only executes when the first one returns True
13:00 msn and on running highstate i get http://paste.debian.net/922956/
13:01 darioleidi joined #salt
13:18 ronnix joined #salt
13:18 rylnd hey guys, is it possible to have a generic salt-cloud profile and us that in two map files with two different providers? i have trouble doing that. it seems that when i define a provider in the map file, i need to have a profile that uses this provider too
13:19 filippos joined #salt
13:19 fenlee joined #salt
13:23 fenlee hello guys, could some1 please help. I'm new in Salt and that happens have to deal with existent Salt config, I'm reading much about Salt and unfortunately how many I'm getting so much more questions appear.
13:23 haam3r msn: change " - pkg: createcakey" in your second cmd to "- cmd: createcakey"
13:24 fenlee now the aim is adding shared folder to the container by salt config thru salt-container-map
13:26 fenlee tried to make it by existent example but stuck on  No pillar value 'name:container_path:testshare' found. where exactly has to be placed mentioned ?
13:27 haam3r rylnd: profiles inherit providers..so no. You have to map a profile to a specific provider
13:27 fenlee any suggestions, please
13:28 djgerm joined #salt
13:28 shoemonkey joined #salt
13:29 rylnd haam3r: so why can i specify a provider then in the map file at all? that confuses me a little
13:31 Inveracity fenlee, I know this is not very helpful of me, but I would suggest going back to the beginning and learn saltstack from the ground up with the tutorials. It will help you greatly and you'll waste less time than trying to reverse engineer other peoples work.
13:33 eprice joined #salt
13:34 shoemonkey joined #salt
13:34 msn haam3r: thanks
13:35 haam3r rylnd: I'm going through the docs, but I can't seem to find a place that says you can do that
13:37 racooper joined #salt
13:39 numkem joined #salt
13:41 rylnd haam3r: the docs are not very extensive. i can use 'provider: environment1:vmware' as a provider in the map file
13:52 DEger joined #salt
13:53 dyasny joined #salt
13:58 schemanic_ joined #salt
13:58 dev_tea joined #salt
13:58 AvengerMoJo joined #salt
14:03 catpig joined #salt
14:04 jdipierro joined #salt
14:11 LondonAppDev joined #salt
14:12 vegasq joined #salt
14:26 cachedout joined #salt
14:26 q1x does anyone know if it is possible to append port rules to an existing zone using https://docs.saltstack.com/en/latest/ref/states/all/salt.states.firewalld.html ?
14:28 q1x it seems to just overwrite the current policy (and kicking me out in the process :)
14:37 Tanta finally started using salt for my own stuff
14:37 Tanta its nice to not write it for a company
14:38 jdipierro joined #salt
14:39 tapoxi joined #salt
14:39 CrummyGummy joined #salt
14:40 7GHAAL2J0 joined #salt
14:41 Brew joined #salt
14:42 cryptolukas joined #salt
14:43 zwobot joined #salt
14:47 sh123124213 joined #salt
14:50 _JZ_ joined #salt
14:50 krobertson left #salt
14:51 zwobot joined #salt
14:51 zwoboter joined #salt
14:52 Vee_ joined #salt
14:52 sarcasticadmin joined #salt
14:53 zwobot joined #salt
14:58 felskrone joined #salt
14:59 Praematura joined #salt
15:03 PatrolDoom joined #salt
15:03 cyborg-one joined #salt
15:05 fracklen joined #salt
15:06 Vee_ how long would you expect grain-targeting to take with ~ 300 minions?
15:06 Vee_ time sudo salt -G osarch:x86_64 test.ping --out=text |wc -l 308
15:07 Vee_ real0m15.100s
15:07 Vee_ is what I see, but wondering if this is slow or expected
15:15 Rumbles joined #salt
15:22 ReV013 left #salt
15:31 msn how do I specify a file which is required
15:40 juntalis joined #salt
15:44 lclemens joined #salt
15:45 toanju joined #salt
15:45 onlyanegg joined #salt
15:55 sp0097 joined #salt
15:56 DarkKnightCZ joined #salt
15:56 dxiri hello everyone, I am trying to use virt.init to launch a new VM, but for some reason, the cloned VMs do not have a serial or vnc graphics adapter, any reason why?
15:57 johnkeates joined #salt
16:01 raspado joined #salt
16:04 dps joined #salt
16:08 dxiri according to this: https://docs.saltstack.com/en/latest/topics/tutorials/cloud_controller.html vnc consoles are default
16:09 khaije1 joined #salt
16:12 cryptolukas joined #salt
16:15 zeromorphism joined #salt
16:15 DarkKnightCZ joined #salt
16:16 scsinutz joined #salt
16:18 q1x anyone managing php.ini on centos7?
16:18 q1x (in the context of apache)
16:19 babilen q1x: I would assume that many people do that - Anything you'd ask this hypothetical person?
16:20 q1x babilen: Well, I'm stumped I can't find anything in the apache and php formulas about how to change a setting in php.ini.
16:21 q1x I guess the question is, do I need to create a new state with template to manage it or can I use a pillar somehow?
16:22 babilen You could render it from pillar data or use a file.managed state for the entire file
16:23 pipps joined #salt
16:23 babilen I think you might even be able to render it with Python using ConfigParser
16:23 babilen (so - template: py)
16:23 q1x babilen: is the renderer included in apache or php formula?
16:24 babilen I'd be surprised if it were, but I haven't checked
16:24 q1x ah, so "roll your own" :)
16:24 babilen Writing an INI file with Python from dictionaries is quite easy
16:25 babilen But yeah: Roll your own
16:25 meir joined #salt
16:25 catpig joined #salt
16:25 q1x babilen: Yeah, I can use a simple jinja template that will do what I need but I was hoping to avoid it
16:25 q1x and use a 'community prefered' way (ie: formula)
16:26 whytewolf lol
16:26 babilen I'd recommend to use Python as the template and render the string with ConfigParser, but sure .. you can use a jinja template
16:26 whytewolf most of the community i have seen actually rolls their own more then use formulas
16:26 whytewolf also https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ini_manage.html
16:26 babilen Ah, even better
16:27 babilen When was that added?
16:27 whytewolf long time ago. I remeber fumbaling around with it back in 2014.*
16:27 q1x whytewolf: I must admit we're moving over from Puppet, so 'puppet module install' is what I'm used to currently ;-)
16:27 Ahlee Does anybody know of a write up behind the logic of changed/unchanged and test=True behavior?
16:28 q1x whytewolf, babilen: thanks for the insight :)
16:29 babilen whytewolf: tbh, If I have a dictionary describing the file already, I'd rather just hand it to ConfigParser
16:29 whytewolf Ahlee: sorry no, test=True is kind of a pain to use. as it doesn't take into account most if not all of requisits. and heaven help you if you have onlyif's unless or jinja that change things
16:29 Vee_ g1x: you can also file.manage a file inside /etc/php.d/ - this way you don't need to manage entire huge php.ini, only add extras that you need
16:29 meir hi all.
16:30 Ahlee whytewolf: Yeah. That's what I thought.
16:30 q1x whytewolf: wow, am I right in assuming this module can edit the options in the .ini in place?
16:30 q1x Vee_: ah! thanks for that
16:31 whytewolf babilen: depends on a case by case basis for me. for openstack ini_manage is a god send.
16:31 catpig joined #salt
16:31 whytewolf q1x: yes
16:32 babilen whytewolf: Sure, it looks very useful -- Just for the "turn dictionary into ini file" usecase I wouldn't deconstruct the dictionary in jinja only to generate the states
16:32 meir hi all. i am using file.blockreplace and although the state works, i get empty lines added between each new line.you can see state and file at:   http://pastebin.com/b2iyigBU       any ideas?  thanks in advance
16:32 babilen If all you want is "tweak setting foo" then its fine .. Much like the augeas states
16:33 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.augeas.html
16:34 q1x whytewolf: cool, testing that now
16:35 q1x whytewolf: that works, awesome! You just saved me a lot of time :)
16:39 whytewolf babilen: I like the concept of augeas. i have not taken the time to use it yet. but plan to for dealing with some networking nasty setups that use openvswitch and centos networking together. since the built in networking states in saltstack just are not up for that job.
16:39 dps joined #salt
16:40 babilen whytewolf: I would expect the INI states you just mentioned to be pretty close in the way you use them to what augeas does more generically
16:40 pipps joined #salt
16:40 babilen But then I wasn't familiar with those states yet
16:40 whytewolf yeap
16:40 babilen Take home lesson: Always google "$PROBLEM saltstack" as its likely that salt has a state for that already :)
16:41 whytewolf or two or three
16:41 babilen Do you do a lot of Openstack work with SaltStack?
16:41 whytewolf I manage my personal openstack setup with it.
16:41 Edgan joined #salt
16:42 fracklen joined #salt
16:42 babilen Given RedHat's involvement you see a lot more Ansible in the OpenStack world, so I was curious how SaltStack is working
16:43 whytewolf saltstack used to be very good. however as openstack as changed saltstack has started to lag behind... starting to lack some critical things that make me need to use cmd.run more and more :(
16:43 Edgan babilen: Have they announced the actual open sourcing of Tower yet? That is the biggest reason not to use Ansible.
16:44 babilen I'm not aware of that
16:44 brakkisath joined #salt
16:44 DarkKnightCZ joined #salt
16:45 Edgan babilen: The have said for months they plan on open sourcing it, but still haven't done it last I heard.
16:45 whytewolf babilen: and yeah. helion also uses ansiable for their cloud deployment. and honestly it drives me nuts. but i think that is more about the way hp designed their anisable then ansiables fault
16:45 pipps joined #salt
16:45 Edgan babilen: I do expect them to get around to it
16:45 babilen Well .. lets see when SaltStack open-sources Enterprise ;)
16:46 Edgan whytewolf: I know you probably don't care for it, but kubernetes's has official salt code for setting it up
16:46 jrgochan Hello all. Is there a way in jinja to recursively create an array of all the files in a directory so I can pass them to a salt state? Kind of like the answer to this SO? http://stackoverflow.com/questions/18426944/how-to-i-include-all-files-from-inside-a-directory-in-jinja2
16:46 babilen whytewolf: SUSE are pretty involved in SaltStack
16:46 johnkeates i don't like suse
16:46 jrgochan I'd like to have the array without having to manually specify everything.
16:46 johnkeates i like debian
16:46 babilen So .. bbl! Have a good time and see you guys later ...
16:46 babilen johnkeates: Everybody likes Debian ;)
16:46 johnkeates ;-)
16:47 * whytewolf prefers linux. the flavor doesn't matter anymore i just see blonde brunette, redhead
16:47 johnkeates i do wonder sometimes, everybody likes debian and its solid, yet there seems to be an eternal lack of developers :P
16:47 Edgan babilen: I just use The Foreman. The problem with Ansible is that it is only the push model till you get Tower, which gives you more like pull. Salt has push and pull out of the box.
16:47 MajObviousman apparently I still have a highlight on the word "redhead"
16:47 * MajObviousman is amused
16:47 jrgochan the girl in the red dress perhaps?
16:47 johnkeates i wanted to use Foreman, but it's too puppet-oriented and it doesn't play nice with my stuff
16:48 johnkeates i also don't like salt enterprise
16:48 johnkeates so now i have to build my own 1337-web-ui
16:48 sh123124213 joined #salt
16:48 johnkeates and then we're full-circle :P
16:48 whytewolf johnkeates: just patch hilite up and use that :P
16:49 MajObviousman Foreman is de-puppeting, so I understand
16:49 MajObviousman by that I mean it is moving to be more CM-agnostic
16:49 Edgan MajObviousman: nah, it is still fairly puppet, and the installer is still puppet. But it can do Salt, Chef, and I think Ansible now.
16:50 q1x saltstack <3
16:50 MajObviousman Edgan: good to know, thanks for the data point
16:50 q1x johnkeates: I've hooked up foreman to our saltstack setup
16:50 q1x works ok-ish
16:50 MajObviousman I want to deploy foreman here in another month or so. I've grown unhappy with spacewalk
16:50 Edgan MajObviousman: I made my own installer. If you know what the installer is doing the setup is actually fairly easy.
16:50 MajObviousman not sure if katello will be an improvement
16:51 Edgan MajObviousman: I did it in Salt.
16:51 MajObviousman but hopefully it is better than rsyncing repos and lvm snapshotting
16:51 MajObviousman Edgan: do you have your installer shared somewhere?
16:51 q1x too bad foreman doesn't understand nested variables, that makes pillar integration a bit useless
16:51 q1x Edgan: I'm interested in that
16:51 * MajObviousman takes notes
16:52 Edgan q1x: I use it as a web dashboard to keep an eye on the health. I don't use it as an external node classifer.
16:52 Edgan MajObviousman: no :\
16:52 MajObviousman could I bribe you into sharing it with some attaboys?
16:53 q1x Edgan: I'm using it mostly for deployment of fresh installs (bare metal and ovirt) and Katello for repo mirroring
16:53 Edgan MajObviousman: I can tell you it really just boils down to settings.yaml, /etc/default/foreman, and database.yml plus nginx+ssl configuration.
16:53 MajObviousman noted, thanks
16:53 q1x Edgan: I was hoping to use the node groups as a way to supply pillar data, but that didnt go as planned :-/
16:53 * MajObviousman adds to notes
16:54 MajObviousman that'll learn you to volunteer information about your work!
16:54 Edgan q1x: I have done that before with foreman and puppet. I found it interesting, but prefer the data in git.
16:54 feld joined #salt
16:56 Edgan MajObviousman: Also for foreman-proxy, another settings.yaml and a salt.yml
16:56 q1x Edgan: It's not a show stopper for me, I do like the Katello kickstarts already integrate Freeipa and Saltstack by default
16:56 Trauma joined #salt
16:56 pipps joined #salt
16:58 Edgan q1x: Thoughts on FreeIPA? I had it on my todo list for a while, but after the last re-analysis I am thinking OpenLDAP instead. I want the ability to have push replication instead of pull. I want to be able to have a production LDAP cluster that feeds read only copies. It seems FreeIPA can't do that.
16:58 johnkeates FreeIPA is the best
16:58 candyman88 joined #salt
16:58 johnkeates i switched to it a year ago, never going back to stand-alone LDAP / KRB
16:58 johnkeates and AD can suck it too
16:58 inad922 joined #salt
16:59 Edgan johnkeates: not looking for KRB
16:59 johnkeates well, you get it for free
16:59 johnkeates you don't have to use it, but it's there anyway
16:59 Edgan johnkeates: even free I don't want it :\
16:59 johnkeates you can't not-have it
16:59 pipps joined #salt
16:59 johnkeates FreeIPA requires Kerberos 5, LDAP via 389, and apache2 for the API
16:59 Edgan johnkeates: yeah, FreeIPA seems to be the opens ource AD
17:00 DammitJim joined #salt
17:00 q1x Edgan: I haven't setup IPA myself, it was already here. I do like the easy setup on the 'client' side though.
17:00 johnkeates FreeIPA has 'relations' between servers, you can set who pushes or pulls, and you can tell them they are in specific locations so that inter-location push/pulls are done using edge servers instead of far-away servers
17:01 q1x Kerberos logins, sudo, the works :)
17:01 johnkeates you can also issue a replication command on any server between any servers
17:01 johnkeates so on server1, you can tell ipa to have server2 and server3 sync using push from server2 to server3
17:01 johnkeates or have server3 pull from server2
17:01 q1x johnkeates: we're considerening moving CA to IPA as well
17:01 aldevar left #salt
17:02 Edgan johnkeates: That sounds like different domains. I want one domain, and what I read online said no push replication. They want it, but haven't written it
17:02 johnkeates no, it's one single domain
17:02 johnkeates also, push isn't push in the sense that the LDAP server UDP's the data over, the command is sent over and the remote server reads the data
17:02 johnkeates we have CA on IPA too
17:03 johnkeates we have three CA's actually.. but it's less problematic/complicated than you might think
17:03 johnkeates one is managed using Salt, one is managed using IPA and one by the RADIUS/Firewall/VPN combo
17:03 Edgan johnkeates: I need real push, where the server with the real data is behind a firewall the slave can't get to
17:04 johnkeates ah, then you'll have problems since you'd need to have the master connect to a public port on the slave
17:04 johnkeates i'd suggest fixing that by having a slave next to the master that is exposed to the other slave
17:04 johnkeates you'd get Master->Slave1->Slave2
17:04 johnkeates that way the master  is still unreachable by slave2 but slave1 is a working intermediary
17:05 nZac joined #salt
17:05 Edgan johnkeates: That doesn't help in this case. I think with OpenLDAP I still have to open the master for the initial sync, if I don't pre-feed the data on disk, but it is just one time.
17:06 johnkeates hmm
17:06 johnkeates well, i think this is setup will be trouble in most cases
17:06 johnkeates also because you might at some point want multi-master or clustering and they still need bi-directional comms
17:06 q1x thanks everyone! I'm off for now
17:07 Edgan johnkeates: I plan to do multiple master in location A. Then do multiple slaves in each satellite location. I don't want any of the satelitte's changing the data.
17:09 Edgan johnkeates: Then if the satelittes get hacked, it only affects them.
17:09 Edgan johnkeates: and location A has the highest security of the locations
17:11 johnkeates well, security best comes in layers ;-)
17:11 johnkeates but i get your idea of walling off the 'master' location
17:12 vexati0n joined #salt
17:12 Edgan johnkeates: I agree it does
17:12 DarkKnightCZ joined #salt
17:12 vexati0n has a recent update made it impossible to use GitFS from both ssh/authenticated and https/non-authenticated sources simultaneously?
17:13 vexati0n i used to be able to do both, but now if i have ssh authentication completed it says it is unable to find a hostname for "https"
17:14 johnkeates looks like a formatting error to me
17:14 johnkeates did you try encapsulating it in quotes
17:14 vexati0n holy moses
17:15 vexati0n oh yeah there's a colon in a url
17:15 vexati0n geez now i feel dumb
17:15 nZac left #salt
17:15 johnkeates depending on how long you've been staring at the issue, it isn't uncommon to miss that :P
17:16 johnkeates i'm off to get food, since java alone isn't always enough
17:16 vexati0n eh. nope, no work.
17:16 vexati0n Error occurred fetching gitfs remote 'https://github.com/saltstack-formulas/ntp-formula.git': Failed to resolve address for https: Name or service not known
17:16 vexati0n the line is enclosed in quotes
17:17 starryeyed joined #salt
17:18 vexati0n ^^ nevermind, apparently it's ubunty's fault for building pygit2 wrong.
17:46 feld joined #salt
17:47 msn joined #salt
17:50 Edgan vexati0n: I use it with xenial without problem. How was it built wrong?
17:51 DarkKnightCZ joined #salt
17:54 onlyanegg joined #salt
17:59 censorshipwreck joined #salt
17:59 cyteen joined #salt
18:03 fracklen joined #salt
18:14 DarkKnightCZ joined #salt
18:14 DarkKnightCZ left #salt
18:17 pipps joined #salt
18:17 brakkisa_ joined #salt
18:25 meca Hi, is it possible to specify multiple file roots for a gitfs_remote ?
18:27 pipps joined #salt
18:30 it_dude joined #salt
18:30 it_dude joined #salt
18:33 LondonAppDev joined #salt
18:36 Edgan meca: yes
18:38 meca this is what I have: http://paste.awesom.eu/FuzL
18:38 meca v1 works but v2 does not
18:39 Edgan meca: https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
18:41 meca I've been looking at that
18:41 Edgan meca: https://paste.fedoraproject.org/paste/sNLfg-mJi-F3AyOxzd-QL15M1UNdIGYhyRLivL9gydE=  This is the style I use. It isn't multiple, but being list style, it should be easy to add to
18:42 ChubYann joined #salt
18:42 meca in the doc it doesnt show multiple root paths, look at section "PER-REMOTE CONFIGURATION PARAMETERS"
18:43 meca As soon as I add a second path, like the v2 example in my paste I get 'No Top file or external nodes data matches found.'
18:43 whytewolf i think gitfs_root is only a string, i think [have not tested] you have to add the same repo multiple times which different root settings
18:43 meca whytewolf: I tried that too, but it gives me an error with multpile remotes with the same name
18:43 Edgan meca: see MULTIPLE REMOTES
18:45 nixjdm joined #salt
18:45 meca Yes but they are three different remotes
18:45 nicotine_ joined #salt
18:45 meca I'm talking about multiple paths for a single remote
18:46 meca I've been asked to switch over from roots to git, so conf files are in their own folder
18:46 meca if its not possible Ill just move the files to the state they belong to
18:48 whytewolf i think that may be your best coarse of action.
18:52 meca whytewolf: Egan: Got it to work with multiple remotes, I had to give them a different 'name:'. Thanks for the help!
18:52 nicotine_ Regarding the returner for states -- I'm slightly confused on result, changes, and test=True -- should one NEVER set changes when test=True, and put what would change in comment instead?  And if test=True, and there WOULD Be no changes, should one set result to True, or None?
18:54 DEger joined #salt
18:54 fracklen joined #salt
18:56 aldevar joined #salt
18:58 aldevar1 joined #salt
19:05 onlyanegg Is it possible to change the log level on the  minion without restarting? I have an issue that I think may be (at least temporarily) fixed by restarting, so I'd like to get more info without restarting.
19:06 seanz joined #salt
19:12 onlyanegg joined #salt
19:15 pipps joined #salt
19:25 iggy no
19:26 wendall911 joined #salt
19:27 Renich joined #salt
19:33 gtmanfred onlyanegg: unfortunately not yet https://github.com/saltstack/salt/issues/570
19:33 saltstackbot [#570][OPEN] master/minion should accept a SIGHUP and reload config |
19:38 cyborg-one joined #salt
19:42 pipps joined #salt
19:43 guy_in_hsv joined #salt
19:43 guy_in_hsv hello
19:44 aldevar joined #salt
19:46 gtmanfred hi
19:47 guy_in_hsv Question: when using the publisher_acl option of the master config, I see the error "[WARNING ] Authentication failure of type "user" occurred." when a use tries to use a command they are not allowed to run. I see in the source code there is the a statement that would throw out "msg = 'Authentication failure of type "user" occurred for user {0}'.format(username)" but can't figure what I need to do to use that. I'm sure it's someth
19:47 guy_in_hsv THank you
19:47 gtmanfred your message got cut off at `I'm sure it's somethi`
19:48 guy_in_hsv it was just... i'm sure it's something simple...
19:48 guy_in_hsv Basically : if a user in the publisher_acl list issues a command, I would like to know which user.
19:48 guy_in_hsv if the command fails
19:49 gtmanfred it should just be logged to the /var/log/salt/master
19:49 gtmanfred you could put a beacon on the master, that looks for that line in the log, and does some sort of reaction like sending you an email
19:50 gtmanfred https://docs.saltstack.com/en/develop/ref/beacons/all/salt.beacons.log.html
19:50 gtmanfred https://docs.saltstack.com/en/develop/ref/beacons/all/salt.beacons.journald.html
19:50 gtmanfred https://docs.saltstack.com/en/latest/topics/beacons/
19:51 guy_in_hsv I'll take a look at beacons
19:52 gtmanfred yeah, have a reaction that emails you or posts the log error to a slack/irc/hipchat channel when someone does this
19:53 guy_in_hsv I guess - let me ask the question another way. Is there a way to return the username of a failed auth?
19:53 guy_in_hsv I see in https://fossies.org/linux/salt/salt/master.py .   Line 1798 the ability is thee
19:53 gtmanfred no, it is only logged in the log file
19:53 guy_in_hsv currently I still see just ' user '
19:54 gtmanfred hrm, it should put the user in there
19:55 guy_in_hsv version : salt 2016.11.3-3604-g2554be3
19:56 gtmanfred can you open an issue about it, and I will try to replicate it tomorrow?
19:56 guy_in_hsv Sure thing
19:56 gtmanfred thanks
19:56 guy_in_hsv thanks for reminding me about beacons
20:02 pipps joined #salt
20:04 englishm_llnw joined #salt
20:07 tberc joined #salt
20:16 scarcry joined #salt
20:18 snowtree joined #salt
20:22 DarkKnightCZ joined #salt
20:29 Trauma joined #salt
20:31 scarcry joined #salt
20:32 SaTa joined #salt
20:34 dxiri guys, I am using the virt runner to create some VMs, but for some reason, clones do not have VNC or serial consoles, using virt-clone directly on my base image and making a clone that way works, so the image its fine
20:35 dxiri where can I look in salt to see what's going on here?
20:35 dxiri I am running my init command like this: salt-run -l debug virt.init centosTEST33 4 2048 salt://centos6-base.img seed=False enable_vnc=True
20:52 smcquay joined #salt
20:54 DEger joined #salt
20:54 brakkisath joined #salt
20:58 smcquay joined #salt
21:05 samodid joined #salt
21:05 pipps joined #salt
21:08 samodid Hello there.
21:08 samodid I have question about salt-cloud and nova driver. Hope here I can find help
21:08 samodid https://github.com/saltstack/salt/blob/2016.11/salt/cloud/clouds/nova.py#L42
21:10 samodid looks like that's unreliable option
21:10 samodid is not it ?
21:11 netcho joined #salt
21:11 samodid I tried to use it, but it did not work for me
21:16 theblazehen joined #salt
21:19 it_dude_ joined #salt
21:21 aldevar left #salt
21:23 brakkisa_ joined #salt
21:27 juntalis joined #salt
21:28 brakkisath joined #salt
21:31 Artoria2e5 joined #salt
21:35 onlyanegg joined #salt
21:43 brakkisa_ joined #salt
21:49 pipps joined #salt
21:52 dps_ joined #salt
21:53 onlyanegg thx, gtmanfred
21:56 nikdatrix joined #salt
22:01 raspado joined #salt
22:03 pipps joined #salt
22:05 khaije1 Any simple way for me to tell which returners are available for use as master-side job caches? I'd like to use Mongo/Mongo_Future is possible?
22:07 ashmckenzie joined #salt
22:08 Artoria2e5 left #salt
22:09 dxiri ok, I found the culprit to my issue of the vnc and console not being available to clones, templates/virt/libvirt_domain.jinja has some non-working conditionals
22:10 dxiri I removed those conditionals, and the clones now have serial and vnc consoles from the get go, so I think I found a bug :)
22:12 nikdatrix joined #salt
22:17 pipps joined #salt
22:17 DarkKnightCZ joined #salt
22:21 raspado joined #salt
22:21 kiorky joined #salt
22:32 pipps joined #salt
22:33 pipps99 joined #salt
22:41 keldwud joined #salt
22:41 Praematura joined #salt
22:42 onlyanegg joined #salt
22:44 hemebond joined #salt
22:47 dxiri k, just opened https://github.com/saltstack/salt/issues/40212
22:47 saltstackbot [#40212][OPEN] Salt-virt not respecting enable_vnc=True | Description of Issue/Question...
22:50 catpig joined #salt
22:52 pipps joined #salt
23:02 pipps joined #salt
23:04 dps joined #salt
23:13 keldwud joined #salt
23:19 N-Mi joined #salt
23:19 N-Mi joined #salt
23:22 pipps joined #salt
23:23 pipps joined #salt
23:30 raspado joined #salt
23:38 keldwud joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary