Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-03-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 zwobot joined #salt
00:26 keltim joined #salt
00:28 shoemonkey joined #salt
00:30 keltim can someone tell me what is wrong with this pillar? http://pastebin.com/raw/3d320Deg
00:31 hemebond keltim: It's not valid YAML
00:31 keltim I guessed
00:31 hemebond You have equals signs.
00:31 djgerm key: value
00:31 keltim oh for FS
00:31 hemebond keltim: http://yaml-online-parser.appspot.com/
00:31 djgerm ^_^
00:31 keltim yes I know, for some reason I was blind to that
00:32 keltim ugh I wasted about an hour on that
00:34 raspado_ joined #salt
00:34 ahammond our saltmaster has a number of git remotes, including our primary state repo. I push a branch up to that state repo and then go to the salt master and sudo salt-run fileserver.update. Then on a salt minion, I try to execute a state I modified in that branch using sudo salt-call state.sls foo saltenv=my_branch
00:34 ahammond This fails since all the other git remotes don't have my_branch.
00:35 ahammond How to I configure salt so that this won't fail?
00:35 ahammond (and so that I can test my branch on a single server before merging it to production)
00:35 raspado_ joined #salt
00:37 k_sze[work] joined #salt
00:43 Praematura joined #salt
00:50 sp0097 joined #salt
00:51 fracklen joined #salt
00:54 scsinutz joined #salt
00:57 PatrolDoom joined #salt
00:59 cachedout joined #salt
01:00 PatrolDoom joined #salt
01:06 fxhp joined #salt
01:09 scsinutz1 joined #salt
01:09 scsinutz joined #salt
01:10 msn joined #salt
01:16 fortest joined #salt
01:34 nikdatrix joined #salt
01:38 scsinutz joined #salt
01:41 newbiefromla joined #salt
01:41 newbiefromla hello everyone - new here! and exploring salt
01:41 newbiefromla anyone with experience using saltstack to spin aws ec2 instance?
01:41 hemebond newbiefromla: I do.
01:43 newbiefromla i am confused by private key, id, key, keyname.
01:43 newbiefromla i keep getting You are not authorized to perform this operation.', 'Code': 'UnauthorizedOperation'}
01:44 newbiefromla what private key is it asking? Private key to access the minion?
01:44 hemebond id is the access key
01:44 hemebond key is the AWS secret key
01:44 newbiefromla ok I got id, key from IAM
01:44 hemebond Private key (keyname) is the SSH key you have in AWS IAM.
01:44 scoates joined #salt
01:45 hemebond And you should have the private key file on your machine for that private key in AWS.
01:45 hemebond "private_key" is the path to that file
01:46 Tanta joined #salt
01:46 newbiefromla so that means I need to scp my private key from my laptop to salt master?
01:47 hemebond Yes, or wherever you're running salt-cloud from.
01:47 newbiefromla ok got it. thanks a lot
01:47 hemebond Good luck ????
01:47 newbiefromla will try it. thanks a lot.
01:54 newbiefromla yes it works
01:54 newbiefromla thanks
01:58 newbiefromla What if I need to change the security group from 'default' or 'test 2' ? It seems to have problem finding this group name. Can we have space in YML conf file?
01:58 hemebond Use SecurityGroupId
01:58 hemebond I don't think I got the group name to work.
01:58 hemebond So I just use the gid
01:59 hemebond The parameter takes a list of gids.
01:59 newbiefromla ok good to know
01:59 hemebond Which itself is on a network interface parameter.
01:59 hemebond network_interfaces
02:03 hemebond Does Salt mess with Jinja?
02:03 hemebond Anyone know?
02:07 cachedout joined #salt
02:13 PatrolDoom joined #salt
02:15 shoemonkey joined #salt
02:31 PatrolDoom joined #salt
02:32 ahrs joined #salt
02:46 evle joined #salt
02:46 onlyanegg joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:52 ali_ joined #salt
02:59 shoemonkey joined #salt
03:05 _JZ_ joined #salt
03:10 onlyanegg joined #salt
03:34 Praematura joined #salt
03:35 nikdatrix joined #salt
03:45 catpig joined #salt
03:50 cachedout joined #salt
03:54 dxiri joined #salt
03:55 PhilA_ joined #salt
04:00 y3k joined #salt
04:01 y3k What is saltstack's version control/change control system?
04:01 y3k RCS? SCCS? GNU? SCCS?
04:01 y3k oops
04:01 hemebond y3k: The project uses Git
04:01 y3k i said SCCS twice
04:01 y3k CVS?
04:02 hemebond Git is a CVS, yes.
04:02 y3k ahh ok
04:02 y3k sweet thanks! :D
04:02 hemebond I don't know what those others are.
04:02 y3k hehe
04:03 y3k okay next question, What is salt's build function? Make, Odin, Cons, SCons, Ant?
04:03 hemebond Salt is written in Python. There is no build process.
04:04 y3k there's no initial configuration?
04:04 hemebond No compilation at least.
04:04 hemebond Initial configuration? There are default config files, yes.
04:05 y3k ahh it uses pip
04:05 hemebond You can do.
04:05 hemebond I used PIP to install my master, but I use distribution packages for minions.
04:05 y3k gcc for module compiling is an optional dependency
04:06 y3k wow this is a tricky assignment...
04:06 hemebond ?
04:07 whytewolf assignment?
04:07 y3k college stuff :D
04:07 y3k Do a quick research on the Internet about Configuration Management Tools and provide the following information about at least 4 tools:  name, URL, cost, main version control and change control features (1st tier), build function (2nd Tier), integrates the configuration management activities with the development and support process activities (3rd tier).
04:07 hemebond Is the assignment specifically on Saltstack or did you just choose salt?
04:08 y3k i knew about salt, puppet, ansible, and chef
04:08 whytewolf ahhh, fun
04:08 y3k salt is first on my list
04:08 hemebond Sounds like an interesting course.
04:08 y3k i really enjoyed it
04:08 y3k it's almost over now
04:08 y3k no programming involved but more about the fundamentals of software engineering
04:09 hemebond btw, you listed GNU when asking about the CVS...
04:09 y3k yeah?
04:09 whytewolf yeah. theory and practice.
04:09 hemebond Does the GNU project have it's own CVS?
04:09 y3k hell if i know hahaha
04:09 whytewolf GNU backs git last i heard
04:09 y3k i think it does
04:10 y3k let's see if i can show you where i got those
04:10 y3k from my book
04:10 hemebond Wait... am I confusing CVS with SCM?
04:10 whytewolf GNU begot linus, linus begot linux and it was good, then GNU said.. but you have to call it GNU/Linux and Linux was all wtf
04:10 hemebond CVS was a source code control, yeah?
04:10 y3k Some of the earlier and more popular ones applied mostly to controlling source code are the Revision Control System (RCS), which was written by Walter Tichy at Purdue University, and the Source Code Control System (SCCS), which was provided with most of the UNIX systems. Today, GNU (which is an acronym that stands for “GNU’s Not UNIX”) and the Free Software Foundation (FSF) make a clone of SCCS known as CSSC available. Other tools include Concu
04:10 y3k rrent Versions Systems (CVS); Project Revision Control System (PRCS), which is a tool like CVS and RCS with an easier-to-use front end that has been developed by Paul Hilfinger of the University of California, Berkeley; and Subversion, a CVS
04:10 y3k Tsui, Frank; Karam, Orlando; Bernal, Barbara. Essentials of Software Engineering (p. 241). Jones & Bartlett Learning. Kindle Edition.
04:11 whytewolf CVS is RCS with networking, SVN is CVS but better
04:11 whytewolf hint, most people won't know RCS... it ins't exactly widly used anymore
04:12 y3k yeah i slightly remember hearing about that one when i was real young
04:12 whytewolf I used to use it to manage my Gentoo etc backups
04:12 y3k i'll stick with CVS since that's basically what git is
04:12 whytewolf world of difference between cvs and git
04:13 hemebond Git says it's an SCM.
04:13 whytewolf it is a SCM
04:13 hemebond So my bad for saying it was a CVS.
04:13 hemebond CVS is its own thing.
04:14 y3k ahh you're right i just looked it up on stackoverflow
04:14 y3k http://stackoverflow.com/questions/802573/difference-between-git-and-cvs
04:15 * whytewolf is starting to feel old.
04:15 hemebond Be sure to conclude your report with "Salt is the best".
04:15 y3k geez usually people advertise what source code control they are under on the main git page!
04:15 hemebond For extra marks.
04:16 hemebond main git page?
04:16 y3k haha
04:16 y3k https://github.com/saltstack/salt
04:16 hemebond Github uses Git
04:16 hemebond That's the only SCM it uses.
04:16 y3k it's own source code control
04:16 hemebond What is?
04:17 y3k git?
04:17 y3k sorry roommate distracted me
04:17 hemebond "usually people advertise what source code control they are under"
04:17 hemebond Salt is on Github. Github uses Git.
04:17 y3k yeah
04:18 whytewolf he is talking about build method.... which since it is written in a scripting lang it doesn't have
04:18 y3k no i'm past that
04:18 y3k i'll just say "python" lol
04:18 whytewolf SCCS is typically a function of SCCS
04:18 y3k god it sure looks all GNU like...
04:19 whytewolf errr. I mean build method
04:19 y3k maybe it's CSSC?
04:19 y3k :D
04:19 y3k salt is awesome by the way
04:20 y3k i wish i could use it on my solaris boxes...
04:20 y3k i mean i could but...old outdated version
04:20 Klaus_D1eter_ joined #salt
04:20 whytewolf salt supports solaris
04:20 whytewolf ahh
04:20 whytewolf older then 9?
04:20 y3k pretty sure it's ancient
04:20 whytewolf 9 is pretty ancient
04:21 y3k version 0.10.2 of salt
04:21 whytewolf ohhh. yeah that is an old version of salt
04:21 y3k ahh and i think we tried it but it failed to install
04:21 whytewolf don't even number like that anymore
04:21 y3k https://docs.saltstack.com/en/latest/topics/installation/solaris.html
04:21 y3k some parts didn't download
04:22 y3k yeah i hate solaris but i will not be getting on that soapbox today
04:22 whytewolf lol, I miss some things about solaris. but not everything
04:23 bocaneri joined #salt
04:24 whytewolf what i don't miss, HP-UX
04:24 y3k hrm...
04:24 y3k haha
04:24 y3k sparc
04:24 y3k mmmmm
04:25 y3k okay i think the 3rd tier is basically request integration
04:25 y3k usually only available in commercial support
04:26 whytewolf salt has commercial support. in salt enterprise
04:26 y3k Right, is there any kind of special development support?
04:27 bocaneri joined #salt
04:27 y3k can an enterprise user request a feature and have that feature added?
04:27 hemebond Salt is open source.
04:27 hemebond Anyone can add a feature if it's good :-)
04:27 whytewolf hell, I have requested features with out an enterprise contract and gotten it :P
04:27 y3k haha oh you say that with such pride but we're not all developers
04:28 y3k :P
04:29 whytewolf but no, enterprise doesn't not mean you will get your wishlist fullfilled. however with the extendability of salt it often isn't needed. you might not be a programmer. but most companies have at least one on staff
04:29 y3k integrates the configuration management activities with the development and support process activities
04:30 y3k oh yes my company has two large buildings full of developers
04:30 y3k but i'm not planning on putting in a purchase order...just researching for the assignment
04:31 y3k alright i'm off to #ansible town!
04:31 hemebond ????
04:31 y3k thanks for the chat hemebond and whytewolf
04:31 DEger joined #salt
04:31 whytewolf have fun storming the castle
04:31 onlyanegg joined #salt
04:32 y3k i may come back to chat again as i am a configuration administrator and salt has been looked at by my company but we are bound to solaris software and hardware :(
04:32 whytewolf hemebond: about your question earlier about jinja being messed with in salt. the answer is not really. there is a ton of things passed into jinja but it still uses the systems jinja
04:33 hemebond whytewolf: Strange. There have been a few things recently that work directly in Jinja but not via Salt.
04:34 whytewolf hemebond: there are features that might be turned off
04:34 hemebond I think that might be the case.
04:36 whytewolf here is where the jinja magic happens https://github.com/saltstack/salt/blob/develop/salt/utils/jinja.py
04:47 k_sze[work] joined #salt
04:47 whytewolf okay, heading to bed. have a good night
04:47 k_sze[work] joined #salt
04:48 k_sze[work] joined #salt
04:49 hemebond gnight
04:51 newbiefromla joined #salt
04:52 DEger joined #salt
04:59 felskrone joined #salt
05:08 cachedout joined #salt
05:24 dude joined #salt
05:25 dude left #salt
05:36 nikdatrix joined #salt
05:44 DarkKnightCZ joined #salt
05:46 golodhrim|work joined #salt
05:48 felskrone joined #salt
05:50 dknight87 joined #salt
05:52 fracklen joined #salt
05:53 dknight87 hi guys, I have to install python packages cryptography, virtualenv using salt. These pkgs are present as .whl files locally on the salt server. How can I use these whl files to install the pkgs on the salt clients?
05:53 hemebond dknight87: cmd.run? Can whl files be install with PIP?
05:54 dknight87 hemebond: yes, afaik, they can be
05:54 hemebond You can give pip.installed a path to a file rather than just a package name.
05:54 hemebond Might work with a local path to the whl file.
05:55 sp0097 left #salt
05:56 dknight87 hemebond: could you give me an example please?
05:56 hemebond - names: - /path/to/my.whl
05:57 hemebond I haven't tested with local files but it works with URLs.
06:01 keltim joined #salt
06:10 calvinh joined #salt
06:24 masber joined #salt
06:28 Edgan joined #salt
06:28 StarHeart joined #salt
06:30 cryptolukas joined #salt
06:37 onlyanegg joined #salt
06:45 alex_zel joined #salt
06:54 raspado joined #salt
07:02 DarkKnightCZ joined #salt
07:03 fracklen joined #salt
07:09 sh123124213 joined #salt
07:17 felskrone joined #salt
07:21 DEger joined #salt
07:21 Ricardo1000 joined #salt
07:35 candyman88 joined #salt
07:35 Praematura joined #salt
07:36 nikdatrix joined #salt
07:37 dps joined #salt
07:38 fracklen joined #salt
07:39 Ricardo1000 Hello
07:39 hemebond Hello
07:39 candyman88 joined #salt
07:40 Ricardo1000 Does any one know, where I can find any graphs or info about resource consumption of saltstack ?
07:40 hemebond Resource consumption?
07:40 Ricardo1000 like memory, cpu, I/O
07:40 hemebond Well it depends on how you use it.
07:40 Ricardo1000 salt master and salt minions
07:41 hemebond e.g., how complex your templates are, now must data you're moving about, etc.
07:41 Ricardo1000 hemebond: As I know, there are some memory leaks presents
07:41 hemebond Oh really?
07:42 Ricardo1000 hemebond: I understand, but maybe someone can provide some info about already implemented environments
07:42 hemebond I have salt-master running on my workstation all the time. Right now there are 17 salt-master processes running, each using 0.2 or 0.4 percent of memory.
07:43 hemebond And zero CPI
07:43 hemebond *CPU
07:43 hemebond No wait, 0.7
07:43 Ricardo1000 hemebond: about memory leaks
07:43 Ricardo1000 hemebond: https://github.com/saltstack/salt/issues/31979
07:43 saltstackbot [#31979][MERGED] Memory leak in salt-master | Description of Issue/Question...
07:43 candyman88 joined #salt
07:43 Ricardo1000 hemebond: like example
07:44 hemebond Ah, that's an older version. Maybe it's been fixed.
07:44 Ricardo1000 hemebond: how many minions, those masters are serve ?
07:45 hemebond I'm only serving about a dozen. This is a test setup.
07:46 Ricardo1000 hemebond: I need info about thousands or at least hundreds :)
07:46 hemebond Ah :-)
07:47 candyman88 joined #salt
07:49 Pulp joined #salt
07:51 candyman88 joined #salt
07:55 rem5_ joined #salt
07:56 candyman89 joined #salt
07:57 dxiri joined #salt
07:58 fracklen joined #salt
07:58 fracklen joined #salt
08:00 candyman88 joined #salt
08:00 colttt joined #salt
08:02 Ricardo1000 hemebond: How are you distributing salt packages and python modules to destination servers, during upgrade ?
08:03 hemebond salt packages? I install from the official repo.
08:07 aldevar joined #salt
08:14 KaczuH joined #salt
08:15 dRiN joined #salt
08:18 JohnnyRun joined #salt
08:19 ronnix joined #salt
08:21 nikdatrix joined #salt
08:24 o1e9 joined #salt
08:24 teclator joined #salt
08:25 CrummyGummy joined #salt
08:27 Danny_ joined #salt
08:28 jas02 joined #salt
08:30 Danny_ Hey, I need an advice. Here is the problem: we want to let our clients to write and apply their own states, but we don't want to give them the option to run states on other's instances, but only on their machines. What is the best solution for it? salt-runners? salt syndic? other?
08:31 hemebond salt-call?
08:31 jas02 Hello, how can I call restart of firewalld service based on change of firewall rules/zones? Can't figure out. I tried watch_in directive, without success.
08:32 hemebond jas02: Are you watching actual states or trying to watch a file path?
08:33 samodid joined #salt
08:34 jas02 hemebond: I am watching states
08:34 hemebond Then it should work. Paste the relevant states somewhere so we can have a look.
08:34 hemebond Or maybe look at onchanges/onchanges_in
08:38 onlyanegg joined #salt
08:45 inad922 joined #salt
08:46 jas02 hemebond: firewalld states/service https://gist.github.com/jas02/3fa2b76f1df0cdf3e49126f2f9d25c4d
08:48 hemebond Try swapping watch_in for onchanges_in
08:49 hemebond Oh, watch_in is the most appropriate.
08:49 hemebond So your service "firewalld" isn't reloaded when your rules change?
08:50 JohnnyRun joined #salt
09:00 jas02 hemebond: No, When I add some new port to be opened, nothing happens.
09:01 hemebond Does the state change?
09:01 hemebond Does it report changes?
09:01 jas02 hemebond: It'a added to the firewalld configuration, but service isn't reloaded
09:02 hemebond Does pgpool report that it's made changes?
09:03 mikecmpbll joined #salt
09:07 hemebond Are there any errors in the minion log?
09:20 jas02 hemebond: I have to check it, give me some time. Unfortunately I have to switch to other task for a while.
09:27 dknight87 joined #salt
09:31 dknight87 hi guys, I have cryptography and virtualenv pkgs downloaded as tar.gz and whl files locally on the salt server. How can I club these whl, tar.gz files into a single package and then deploy it using salt to all the minions?
09:31 dknight87 please advise
09:31 dknight87 cryptography seems to have a lot of dependencies. Whereas virtualenv comes as a single whl file
09:36 cdunklau dknight87: pip can install directly from wheels
09:36 cdunklau dknight87: so maybe just grab/build wheels for all the cryptography deps and it's off to the races
09:38 zwobot hello guys, i want to access pillar data from a custom grain. i found this issue https://github.com/saltstack/salt/issues/33526 and their approach seems not to work. is there a proper way to do it?
09:38 saltstackbot [#33526][OPEN] Accessing pillar data in custom grains module in Salt | Description of Issue/Question...
09:42 q1x joined #salt
09:44 s_kunk joined #salt
09:47 s_kunk joined #salt
09:48 netcho joined #salt
09:54 toanju joined #salt
09:56 N-Mi joined #salt
09:56 N-Mi joined #salt
10:02 LondonAppDev joined #salt
10:05 jhauser joined #salt
10:05 KingJ joined #salt
10:10 q1x morning! Is anyone here using the salt.states.zabbix* modules? If so, how do you perform a lookup of the host/usergroup names to the group ids as to supply these ids to the hosts/users?
10:11 jhauser_ joined #salt
10:16 Neighbour q1x: I made a custom module to retrieve information from zabbix and present it as a dict (with a variable keyfield). I then call this from jinja and use the dict to translate the names to ids.
10:22 dknight87 cdunklau: is it possible to club all these tar.gz and whl files into one single package and then install it?
10:24 gmoro joined #salt
10:29 jhauser joined #salt
10:29 Rumbles joined #salt
10:39 onlyanegg joined #salt
10:40 kjsaihs joined #salt
10:42 jhauser joined #salt
10:45 q1x Neighbour: cool! any chance I can find your code somewhere? :)
10:50 candyman89 joined #salt
10:51 mike25de joined #salt
10:52 mike25de hi guys ... in my state i have grains["ip4_interfaces"]["eth0"][0]  which works just fine, but i want to add a default like:  salt['grains.get']('ip4_interfaces:eth0:???', 'myDefaultHere') what should i put in after the eth0?
10:56 cdunklau dknight87: you'd need to unpack it
10:56 cdunklau dknight87: are you deploying an application or just an environment?
10:57 cdunklau dknight87: either way, really. you could make a PEX file: https://github.com/pantsbuild/pex
11:01 dxiri joined #salt
11:10 aldevar joined #salt
11:17 dknight87 cdunklau: im trynig to setup superset, a python package. This pkg has a set of prereqs to be deployed first. And of course, the virtualenv
11:24 Trauma joined #salt
11:26 hlub_ am I correct that there is no states for maintenance of mine data?
11:30 evle joined #salt
11:39 DEger joined #salt
11:53 Neighbour q1x: Eventually i'm going to make a PR for salt's repo, but until then, I've sent you a pastebin link with the function definition
12:00 shoemonkey joined #salt
12:08 netcho joined #salt
12:09 PhilA_ joined #salt
12:12 DEger joined #salt
12:19 numkem joined #salt
12:30 bluenemo joined #salt
12:40 onlyanegg joined #salt
12:42 LondonAppDev joined #salt
12:53 cyborg-one joined #salt
13:00 Joy is there a way to use watch on a file created by cmd.run?
13:00 hemebond watch can be used on any state.
13:01 Joy but not within the same state?
13:01 hemebond If the state makes a change, anything watching it will be triggered.
13:01 Joy so i just have to split them up and reference the cmd.run by id?
13:01 hemebond Yes, as long as the module and function are different.
13:01 hemebond Multiple modules can be used under the same ID.
13:01 Joy it's somewhat confusing that watching file: <whatever is created:> doesn't simply work
13:02 hemebond You can only watch states.
13:02 Joy hemebond: that's my question - it didn't work for me - i tried using a single state, which first creates a rsyslog.d snippet and then issues a service restart
13:02 dxiri joined #salt
13:02 hemebond Paste your state and we can have a look.
13:03 Joy and there was no apparent way to reference the snippet file created by cmd
13:03 hemebond No, you would watch the cmd.run
13:04 Joy activate separate log:
13:04 Joy cmd.run:
13:04 Joy - name: 'make -C /opt/tools/rsyslog install'
13:04 Joy - creates: /etc/rsyslog.d/100-tools.conf
13:04 Joy service.running:
13:04 Joy - name: rsyslog
13:04 Joy - watch:
13:04 Joy - cmd: /etc/rsyslog.d/100-tools.conf
13:04 Joy - reload: True
13:04 Joy this didn't work
13:04 hemebond You shouldn't paste in IRC
13:04 hemebond You should paste in paste.debian.net or something.
13:04 Joy sorry, figured nobody would care for 9 lines in all this idleness :)
13:05 hemebond Yeah, no, it should be `- cmd: activate separate log`
13:05 Joy ah, so self-reference wouldn't be a faux pas?
13:07 hemebond It's fine and very common.
13:07 Joy ok, so i guess this is also the reason why you can't have more than one cmd within a single state
13:07 hemebond Correct.
13:08 Joy that seemed like an arbitrary restriction until now
13:10 dyasny joined #salt
13:10 Joy i do wonder why it appears to not to notice the existence of the file earlier
13:10 Joy the output is       Result: True
13:10 Joy Comment: The service rsyslog is already running
13:11 hemebond What do you mean?
13:11 Joy it doesn't say mention the fact that prerequisites weren't met so there was no need to touch the service
13:12 hemebond When a service watches another state, a change in the watched state will trigger a restart or reload. Otherwise it just enforces the running and enabled part.
13:13 rem5 joined #salt
13:13 Joy ah, so the enforcement stays, watch merely complements it
13:14 hemebond The watch basically creates a special require
13:14 hemebond I've gotta go. Good night.
13:15 ssplatt joined #salt
13:19 chowmein__ joined #salt
13:20 babilen Is there a good way to (securely) share files between minions these days?
13:21 Flying_Panda hey guys acording to documentation I need external auth setup to use the api what roles do i need to give the user so it can write to the messagebus just @runner right ?
13:23 Joy thanks hemebond
13:26 brousch__ joined #salt
13:30 nikdatrix joined #salt
13:32 racooper joined #salt
13:33 keltim joined #salt
13:41 onlyanegg joined #salt
13:41 vegasq joined #salt
13:42 Tanta joined #salt
13:42 riftman joined #salt
13:45 preludedrew joined #salt
13:48 dxiri joined #salt
13:50 mpanetta joined #salt
13:55 q1x can I generate a md5 hash of a string in a jinja template?
13:57 mpanetta joined #salt
13:58 netcho joined #salt
14:02 jas02_ joined #salt
14:03 Neighbour q1x: Yes, use {%- set md5_hash = salt['hashutil.md5_digest']('yourstring') %} to set the jinja-variable md5_hash to the md5 hash of 'yourstring'
14:06 vegasq joined #salt
14:06 q1x Neighbour: awesome, thanks!
14:08 it_dude joined #salt
14:10 tapoxi joined #salt
14:11 tapoxi hi everyone, migrating to gitfs. what's the syntax for directories in there (e.g. _modules _runners)
14:13 netcho joined #salt
14:18 Trauma joined #salt
14:20 jas02 joined #salt
14:32 babilen tapoxi: I don't quite follow - Could you elaborate on the "syntax" bit?
14:32 tapoxi babilen: https://github.com/saltstack/salt/issues/12511
14:32 saltstackbot [#12511][MERGED] allow custom runners in "_runners" directories | [The current approach for enabling custom runners](http://docs.saltstack.com/en/latest/ref/runners/#writing-salt-runners) requires modification of the `runner_dirs` on the master. I think an additional `_runners` directory in the file_roots should be considered as well. Basically, in the same manner custom modules are allowed, however not sent to minions....
14:32 tapoxi I'm not sure what directory names salt looks for that begin with an underscore
14:33 babilen What are you trying to do?
14:33 ssplatt joined #salt
14:34 babilen There is no difference between GitFS and "normal" file_roots, so I'm not sure what you are after
14:34 tapoxi So I'm migrating to gitfs, but currently I have multiple file_roots for pillar, fileserver direcoties, and states
14:34 tapoxi but those would all be in the same repo
14:35 babilen And you don't want them to be in the same repository?
14:35 babilen You could use a repo each or split them in any way you like
14:36 tapoxi I do want them in the same repository, but I'm not sure how salt knows "this dir is for custom exec modules", "this dir is for custom runners" etc
14:36 babilen Well, I wouldn't mix pillar and states
14:36 tapoxi yeah, that's temporary until migrating to vault in the next release
14:36 babilen Custom modules are placed in _modules and runners in _runners
14:36 tapoxi babilen: right, but where is that documented
14:37 tapoxi I'm trying to see what other directory names it can look for
14:37 babilen I can think of, at least, _grains, _pillars, _modules, _grains, _runners from the top of my head
14:37 jas02 joined #salt
14:38 babilen _engines
14:38 babilen https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.saltutil.html could be a start
14:40 babilen Did you find a more comprehensive list beforehand?
14:40 tapoxi not really, I've just found the bug report
14:41 babilen And you simply wondered what else there is?
14:43 q1x Neighbour: that worked like a charm, thanks a lot! :)
14:43 rem5_ joined #salt
14:44 q1x Saltstack <3
14:44 tapoxi babilen: right
14:47 jas02 joined #salt
14:50 tiwula joined #salt
14:52 PatrolDoom joined #salt
14:52 sarcasticadmin joined #salt
14:54 Brew joined #salt
14:54 mchlumsky joined #salt
14:56 Praematura joined #salt
15:04 _JZ_ joined #salt
15:17 catpig joined #salt
15:21 onlyanegg joined #salt
15:26 Sylvain31 joined #salt
15:29 dxiri joined #salt
15:32 rylnd a question about the salt-syndic: the salt-master and salt-syndic daemon need to be started on the syndic node, correct? on the "master of the universe" i have to accept the key of the syndic node. but on the syndic node i have to accept the keys of the minion that use that syndic node as master, correct?
15:34 rylnd tapoxi: i was looking for that list a couple of weeks back. i found one but did not find it in the docs but some github issue if i remember correctly
15:34 Inveracity joined #salt
15:39 snowtree joined #salt
15:40 sh123124213 joined #salt
15:43 mk-fg joined #salt
15:43 mk-fg joined #salt
15:45 raspado joined #salt
15:53 scsinutz joined #salt
15:57 Heartsbane joined #salt
15:57 Heartsbane joined #salt
16:00 dxiri joined #salt
16:02 cscf I think that pkg.installed should set the packages as manually installed, or have an option for it.  I know it would take a little longer each run, but I just had a server break because of this.
16:03 xet7 joined #salt
16:04 whytewolf tapoxi: one place to look at what is availble as a _ directory is to look at the modules/runners that do the syncing. namely saltuil [both module and runner]
16:04 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_all
16:05 whytewolf https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.saltutil.html#module-salt.runners.saltutil
16:06 Sketch i just discovered http://melpa.org/#/salt-mode
16:06 babilen cscf: It should do that
16:09 babilen I have a setup that uses letsencrypt to generate certificates. We moved some webservers behind a LB and now have to share the generated certs whenever they are updated between minions.
16:10 babilen Do we finally have a good way to securely send files from one minion to another?
16:11 babilen Or other approaches .. I can think of a couple, but I'd rather use something that doesn't require a lot of work. Couple of years back I wrote something that exchanges file via reactor system, but I'm not too happy with that.
16:11 babilen Essentially: Any updates on https://github.com/saltstack/salt/issues/31863 ?
16:11 saltstackbot [#31863][OPEN] How to securely copy file from one minion to another? | How do I use Salt to securely copy a sensitive file (a cryptographic key) from one specific minion to another specific minion?  I don't want any other minion to be able to read the file....
16:13 babilen Plan would be to use an inotify beacon to watch the files, trigger the "Write/Send certs" functionality (???), notify the master that an update has happened and run states on all minions that use those files
16:15 snowtree joined #salt
16:16 jas02 joined #salt
16:17 mk-fg joined #salt
16:18 mk-fg joined #salt
16:18 impi joined #salt
16:19 cro joined #salt
16:20 woodtablet joined #salt
16:24 scsinutz joined #salt
16:24 fracklen joined #salt
16:35 Flying_Panda Is there anyway in the reactor to call an execution module to be launched on the salt master ( which is not a minion)
16:35 Flying_Panda or a runner.cmd to update some stuff on the master when somthing hits zeromq
16:36 Rumbles_ joined #salt
16:36 whytewolf Flying_Panda: a.) it should be a minion b.) there is a runner for that.
16:36 whytewolf https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.salt.html
16:36 Flying_Panda SuSE are funny about susemanager being a minion of itself
16:37 babilen That's not too uncommon really
16:37 babilen (running a minion on the master)
16:37 Flying_Panda yup
16:38 Flying_Panda but hey ho enterprise support means more than my job to invalidate it :P
16:38 Flying_Panda even though its stupid :p
16:38 scsinutz joined #salt
16:38 scsinutz joined #salt
16:39 whytewolf lol. so SuSE is enforcing a bad practice. as part of their enterprise support? sounds about on par for SuSE
16:39 Flying_Panda They have a no https api set as default on localhost in their config which you cant change to https without breaking susemanager :p
16:40 Flying_Panda well played suse well played
16:40 babilen Why is it stupid?
16:41 Flying_Panda Should be no reason to not allow you to run minion on master
16:42 numkem joined #salt
16:42 babilen Ah, and SuSE manager is "funny" when you do that?
16:42 Flying_Panda nope they just say " wont support it"
16:42 babilen Ah, right
16:43 babilen Sorry, I thought you meant "They run a minion on the master .. how funny!"
16:44 babilen Is SuSE manager nice now that they switched to Salt?
16:44 Flying_Panda well its running 2015.08
16:44 DarkKnightCZ joined #salt
16:44 Flying_Panda so its like an old salt
16:44 Flying_Panda means I dont need to touch susemanager itself though can just live on the salt side
16:45 babilen That is quite old, yeah
16:45 babilen Man .. it really looks as if we still can't easily share files from one minion with other minions
16:45 babilen Maybe I could write them to Vault via sdb, but then I'd have to setup vault in that environment :-/
16:45 whytewolf SuSE is pretty good about being VERY restrictive about what you can do on their systems. I know when i worked at IGT we had a system they built. we couldn't do backups of it because they wouldn't allow us to install a backup manager on it. and we wern't allowed to setup NFS so that a system with the backup manager could back it up. pretty much anything we came to them with ended up being a "we won't
16:46 whytewolf support the system" not "we won't support your changes".
16:46 Flying_Panda and I suppose it gives the windows admin somthing to click if they need to look at linux
16:46 babilen \o/
16:46 Flying_Panda honestly its a nightmare im bugging them now asking how much of there config can I change :p wish me luck
16:47 babilen Good luck!
16:47 Flying_Panda Really dont like http anywhere in the enviroment
16:47 Flying_Panda especially when want to AUTH!
16:49 Flying_Panda oh looks like I cant use the salt runner
16:49 Flying_Panda :P
16:49 Flying_Panda o new
16:49 Flying_Panda to new
16:49 whytewolf figures. lol
16:50 Flying_Panda so looks like I need to deploy a minion then just target my master and call the modules
16:51 woodtablet joined #salt
16:51 whytewolf is suse going to flip out about that?
16:52 Flying_Panda Probbly will double check they did say susemanager isnt allowed to be a member of itself gonna try and ask if im allowed to manage it through salt
16:52 nixjdm joined #salt
16:53 Flying_Panda cheers for your help whytewolf
16:53 whytewolf np, good luck on the SuSE support front. I dpn't envy you
16:54 Flying_Panda Its a pain id rather just use a standalone saltmaster but the whole ' its included in SuSe so use it' argument is hard to overcome
16:55 Flying_Panda for there first 4 months they didint even have a working pillar
16:55 whytewolf well, right up until "this standard practice that everyone uses will lose compleate support"
16:56 fracklen joined #salt
16:56 stooj joined #salt
16:56 Flying_Panda and the first release after sp2 didnt actually support sp2 hard the jinja in there highstate for it but didint actually write the rpm keys for itself as it was reffering to a file which didint exist
16:57 Flying_Panda how they manage to release this is beyond me :p
16:58 whytewolf they don't test. which is why support is lost  if changes are made. they don't have the reasouces to make sure that some changes won't disrupt what they have so they auto assume all changes are bad
17:01 pipps joined #salt
17:02 snowtree joined #salt
17:04 sp0097 joined #salt
17:04 Edgan joined #salt
17:05 englishm_llnw joined #salt
17:20 DarkKnightCZ joined #salt
17:24 Trauma joined #salt
17:24 wendall911 joined #salt
17:30 Trauma joined #salt
17:33 pipps joined #salt
17:40 avalarion joined #salt
17:42 fracklen joined #salt
17:43 wendall9111 joined #salt
17:47 brasticstack joined #salt
17:53 aldevar joined #salt
17:57 KingJ joined #salt
18:00 aldevar joined #salt
18:00 swa_work joined #salt
18:03 Trauma joined #salt
18:04 aerbax_ joined #salt
18:04 theblazehen joined #salt
18:07 Rumbles joined #salt
18:08 scsinutz1 joined #salt
18:13 scsinutz2 joined #salt
18:14 Jayme joined #salt
18:15 pipps joined #salt
18:15 Guest80777 I'm using saltstack 2016.3.4 and trying to get log_granular_levels: to work, but no dice
18:16 Guest80777 log_granular_levels:      salt: info      salt.modules: debug      salt.utils: debug      salt.utils.jobs: debug
18:16 scsinutz3 joined #salt
18:16 DammitJim joined #salt
18:16 Guest80777 `log_granular_levels:      salt: info      salt.modules: debug      salt.utils: debug      salt.utils.jobs: debug`
18:17 Guest80777 well, it's correctly formatted in the file, but /var/log/salt/master just contains [INFO] level messages
18:17 Praematura joined #salt
18:19 censorshipwreck joined #salt
18:20 fracklen joined #salt
18:22 Guest80777 ahh, I have to bump `log_level_logfile` to debug as well
18:32 Kelsar joined #salt
18:45 jgarr joined #salt
18:47 it_dude joined #salt
18:52 jgarr my eauth pam config stopped working (not sure why yet) via the salt-api. From what I can tell the api sends the auth to the master but the master rejects the credentials. I didn't change my config but have upgraded to 2016.11.1.
18:57 pipps joined #salt
18:58 theblazehen joined #salt
18:59 tapoxi joined #salt
18:59 scsinutz joined #salt
19:02 s_kunk joined #salt
19:04 raspado joined #salt
19:06 aldevar joined #salt
19:09 pipps joined #salt
19:17 it_dude joined #salt
19:24 ChubYann joined #salt
19:26 sh123124213 joined #salt
19:35 sh123124213 joined #salt
19:36 oida joined #salt
19:36 pipps joined #salt
19:37 phtes joined #salt
19:40 toanju joined #salt
19:45 jas02 joined #salt
19:59 GP_MikeD joined #salt
20:00 impi hello
20:00 GP_MikeD I'm trying to use a condition in my sls file based on hostname matching and I keep getting Jinja syntax error: expected token ':', got '}'
20:00 impi i am currently using python fabric to deploy code to servers
20:00 Rumbles joined #salt
20:01 GP_MikeD My syntax is: {% if grains['host'] != {{ myvar }}: %}
20:01 impi is there anyone here that are deploying code to their servers with salt?
20:01 GP_MikeD Any help would be appreciated
20:01 GP_MikeD Yes
20:01 GP_MikeD @impi: Yes, I am for server builds
20:02 impi hey GP_MikeD thaks for letting me know, you would happen to have a url for such a functionality?
20:02 DEger joined #salt
20:02 impi i want to wrap my head around, the syntax and how to build a custom deploy
20:03 GP_MikeD I use the file.recurse: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
20:03 GP_MikeD @impi: Then I template any config files with file.manage
20:03 atmoz joined #salt
20:04 impi thank you very much for that GP_MikeD
20:05 GP_MikeD @impi: First, build a manual setup of your machine the way you want it. Then break down the directories, and config files as steps to put your salt config and build & test each step at a time
20:05 GP_MikeD Sure
20:05 impi will do
20:07 GP_MikeD @impi: Tip, you can also specify a particular state to apply with salt '*' state.apply path.to.sate
20:07 GP_MikeD @impi: that way you don't have to run the whole setup each time... just at the end when all is done for a fresh build
20:08 impi thats really cool
20:08 Brew joined #salt
20:08 GP_MikeD :)
20:10 GP_MikeD @impi: if you are going to have different roles (eg. web server, ftp server, etc.), then you might want setup custom grains configured in the miniions.
20:11 impi yes i will
20:11 impi i need to learn a lot still
20:11 pipps joined #salt
20:11 cyborg-one joined #salt
20:12 GP_MikeD @impi: it takes time. I've been working with Salt for ~2 yrs. I still have some learning to do as well.
20:12 impi did you go straight to salt, or do you come from a puppet chef back ground?
20:13 impi sorry to ask you a silly question i guess
20:14 GP_MikeD @impi: It's OK. I worked with Puppet a little bit, but decided to look around and settled on Salt because I found the yaml syntax easier to read/write.
20:15 GP_MikeD Anyone know what's wrong with my syntax?   {% if grains['host'] != {{ myvar }}: %}
20:15 hemebond GP_MikeD: Don't use {{ }} when you're already inside Jinja.
20:15 GP_MikeD @homebond: Even though this is a sls file and not a template?
20:16 hemebond Yeah. It's just Jinja.
20:16 hemebond It's the same everywhere.
20:16 PatrolDoom joined #salt
20:16 hemebond That would fail in a template file too.
20:17 GP_MikeD @homebond: OK. Thanks. I wasn't sure if it was matching the variable value or the literal string.
20:17 hemebond You also have a colon in there.
20:17 hemebond A string literal would be "myvar"..
20:18 hemebond And would be, literally, "myvar"
20:19 GP_MikeD Exactly, which was my concern. Ok so use the variable name without quotes (and no colon). Got it.  ;)
20:19 hemebond ????
20:19 hemebond Just remember that this is (mostly) regular old Jinja2 so you can refer to the Jinja2 website and documentation.
20:20 impi GP_MikeD, thank you for all the advise, really great of you man
20:20 impi good luck on your side, and see you around here soon
20:22 GP_MikeD @impi: no problem. Happy to help
20:23 filippos joined #salt
20:24 dxiri hi guys, have a noob question I can't find the answer for, how can I make a state so that if a config file is changed, it restarts the associated service, but if it doesn't then just ensure its running?
20:26 cscf dxiri, you make a service.running state  with - watch: config_file
20:26 GP_MikeD @dxiri: use the watch feature in salt.states.service ==> https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html
20:26 cscf dxiri, but that only works if config_file is a state
20:26 cscf It won't watch a random file on disk
20:27 hemebond States tutorial, part 2: https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html
20:27 dxiri http://pastebin.com/gyZQ5bTV
20:27 dxiri looking now :)
20:27 hemebond That indentation is all wrong. Is that just the paste?
20:29 scsinutz joined #salt
20:31 GP_MikeD left #salt
20:34 vexati0n so... trying to get the azurearm cloud provider to work... but it keeps saying "The cloud driver, 'azurearm', configured under the 'azure_checkpoint-dev' cloud provider alias, could not be loaded."
20:34 vexati0n I've got all the required items in the config file, but it refuses to actually work
20:35 vexati0n also , yes, i have current versions of both azure and azure-storage installed.
20:35 dxiri hemebond: yes paste sucked
20:35 hemebond driver: azure
20:35 hemebond No?
20:35 vexati0n that's for Azure classic
20:35 hemebond Is it bad docs then? https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.azurearm.html
20:35 vexati0n but I'm using  Azure Portal, not Azure Classic Portal
20:36 vexati0n ugh. salt has so many different versions of their docs everywhere
20:36 hemebond Yeah, other page has azurearm.
20:36 vexati0n "The required 'certificate_path' configuration setting is missing from the 'azure' driver, which is configured under the 'azure_checkpoint-dev' alias."
20:37 vexati0n so yeah. Azure Classic Portal uses the management certificates, but Microsoft removed that functionality with the new portal
20:37 hemebond I see.
20:37 hemebond What version of salt?
20:37 vexati0n 2016.11.3
20:38 hemebond And you've got all the pre-reqs installed?
20:38 vexati0n yes, and all the options in config
20:38 hemebond And you can import azure manually via python console?
20:39 hemebond Restarted salt-master?
20:39 felskrone1 joined #salt
20:40 vexati0n there's this -- "[WARNING ] Missing dependency: 'azurearm'. The azurearm driver requires 'azurearm' to be installed."
20:40 vexati0n but there's no such pip package as 'azurearm'
20:40 hemebond pip install azure
20:40 vexati0n yeah that's done
20:40 hemebond So you can import it via console?
20:40 vexati0n "Requirement already satisfied: azure in /usr/local/lib/python2.7/dist-packages"
20:41 dxiri http://pastebin.com/BiVWec6a
20:41 vexati0n yeah no problem on console
20:41 dxiri ok added the watch part...but seems to not be working
20:42 hemebond And restarted salt-master?
20:42 hemebond Other than that, check the master/cloud log for errors.
20:42 dxiri getting: Service libvirt-bin is already enabled, and is dead
20:42 Karunamon|2 joined #salt
20:43 hemebond Looks okay to me.
20:43 vexati0n yeah. everything's been reloaded, and no errors in master log
20:44 hemebond -l debug
20:44 hemebond ?
20:45 vexati0n i just keep getting "missing dependency: 'azurearm'"
20:46 hemebond Take a look at https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/azurearm.py
20:46 hemebond See if you can import all those dependencies manually.
20:46 vexati0n may have found something on github
20:46 ronnix joined #salt
20:47 hemebond Looks like the docs in that file haven't been updated.
20:48 vexati0n the larger question is why on earth would anyone use Azure on purpose
20:48 vexati0n but mine is not to question
20:48 Rumbles joined #salt
20:49 hemebond Windows houses likely prefer Azure. Non-windows houses will use anyone but.
20:50 k_sze[work] joined #salt
20:55 dxiri so, the problem I am having now is that even though it does start the process, I always get the same failed message
20:56 hemebond dxiri: Can you start it manually?
20:56 dxiri yes
20:56 hemebond systemd or init?
20:56 scsinutz1 joined #salt
20:58 dxiri systemd
20:58 dxiri ubuntu 16
20:58 dxiri LTS
20:59 hemebond Anything in the minion logs?
21:01 dxiri first: http://pastebin.com/Uec3fy12
21:01 dxiri thats the latest version of the sls file
21:01 dxiri minion logs show:
21:01 dxiri 2017-03-22 21:01:47,160 [salt.state       ][ERROR   ][23443] Service libvirt-bin is already enabled, and is dead
21:02 hemebond Ubuntu 16 is Xenial?
21:03 hemebond It is. Check out https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1567272
21:03 hemebond Try removing -d from the startup options.
21:06 scsinutz joined #salt
21:07 tehsu joined #salt
21:07 ventris joined #salt
21:07 scsinutz joined #salt
21:08 prions joined #salt
21:08 tehsu is it a possibility that local_batch will come back in a later version to the api?
21:08 ny001 joined #salt
21:09 dxiri hemebond: ah! let me try that
21:10 ny001 Hi everyone. I am using the salt orchestrate runner. Within the init.sls file I run another salt state file on a target minion. Is it possible to reference custom grain data?
21:11 ny001 I have tried salt['grain.get']('mydata') and salt just errors that its not available
21:12 hemebond ny001: Within the orchestration?
21:12 ny001 but when i run salt 'target host' grains.get mydata on salt master this works fine so i know the grain is available
21:12 jas02 joined #salt
21:12 ny001 yes thats right
21:12 scsinutz1 joined #salt
21:12 hemebond I don't believe orchestration runs under the context of any particular minion, so there would be no grains available.
21:12 hemebond However there is a way to access the grains cache on the master.
21:12 ny001 ah i see
21:13 ny001 i didnt know that. How would I go about accessing that ?
21:13 hemebond {%- set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
21:13 ny001 I see this open https://github.com/saltstack/salt/issues/21404. Maybe this is related to issue i am having
21:13 saltstackbot [#21404][OPEN] Add support for custom grains (from _grains) in master/runners/etc | Currently core grains work in master side code (runners, scheduler, orchestrate, etc). The data is grain data from the master which is to be expected but isn't well documented anywhere....
21:15 ny001 so cahed_grains would then be a dictionary of all of the grains available on the target minion?
21:15 hemebond It's all the grains.
21:15 hemebond The top-level entries are minion names.
21:15 hemebond *IDs
21:15 ny001 ok cool
21:16 ny001 do you know how fresh that data is?
21:16 ny001 how frequently its refreshed?
21:16 hemebond Pass.
21:16 ny001 thats cool I can check into that. thanks alot for your help
21:17 dxiri hemebond:      Comment: Service libvirt-bin is already enabled, and is running
21:17 dxiri thank you!
21:17 hemebond ????
21:21 jgarr I have 2 salt-masters (version 2016.11.1 and 2016.3.2) both with the same config files (I just copied them) and running the salt-api. Same eauth.conf and same salt-api.conf. I can run pepper '*' test.ping on the 3.2 server but 11.1 always returns access denied
21:23 jgarr salt master logs on the failer server just shows '[WARNING ] Authentication failure of type "eauth" occurred.'
21:24 hemebond That sounds familiar.
21:25 hemebond Can you post your config?
21:26 jgarr interestingly it looks like /var/log/secure shows the failed pam login
21:26 ny001 Hi hemebond
21:27 jgarr at least it does for pam_unix. pam_sss is successful
21:28 ny001 one more question. How can I print the contents of the data structure cached_grains when running the sls file? I want to see what the data structure looks like so i know how to parse it and get the values I need
21:28 jgarr I thought this may be something to look at but my masters are running as root https://github.com/saltstack/salt/issues/20720
21:28 saltstackbot [#20720][MERGED] external_auth PAM Fails of salt-master run as non-root | When trying to authenticate via external auth, I am getting 'Authentication failure of type "eauth".  This happens both with a curl or a salt -a....
21:28 jgarr my guess is eauth is only looking at pam_unix or something
21:29 hemebond ny001: salt-run cache.grains db9*
21:29 hemebond cache.grains is a runner, so it can be called via salt-run
21:29 hemebond On the command line.
21:33 jgarr wait, the sss failure doesn't make sence though because both servers use pam_sss and only the 11.1 server is failing
21:33 ny001 thank you very much hemebond :-)
21:33 JohnnyRun joined #salt
21:34 jgarr hemebond: my config on both servers for rest and eauth are literally copy/paste from the examples. Only difference is my username in the api.conf
21:34 jas02 joined #salt
21:34 hemphill joined #salt
21:35 jgarr I'm going to upgrade my test server and see if I get the same error
21:36 hemebond So the permissions are identical in the configs?
21:38 hemebond What is pam_sss?
21:38 hemebond Do you have python-sss installed?
21:40 Tanta joined #salt
21:40 gtmanfred if you are using sssd you need python-sss installed
21:40 gtmanfred i just updated the docs at some point for that
21:41 gtmanfred explained in the note here https://docs.saltstack.com/en/latest/ref/auth/all/salt.auth.pam.html
21:42 jgarr gtmanfred: let me check
21:44 Flying_Panda whytewolf you here ?
21:45 jgarr yay! that was it. Thanks gtmanfred and hemebond!
21:45 babilen I'm working on a setup in which we use letsencrypt behind a LB to manage/renew certificates and I'd like to share them between all webserver minions. Is there a nice way these days to securely share files between minions?
21:45 babilen I'd love to setup a inotify beacon to watch the cert and trigger an update on other minions once certbot renews it
21:46 babilen Just not sure if there's a nice way to get the file from A to B
21:46 pipps joined #salt
21:46 babilen I've wrote something with reactors two years ago, but don't really like that approach too much
21:46 babilen s/'ve//
21:47 gtmanfred there might be a way to store documents into sdb, though i don't think there is anything right now
21:47 gtmanfred or alternatively minionfs, but i don't think you can limit which minions could see the key, so that is not ideal
21:47 babilen sdb was what I thought about too, but it'd has to be something like vault. Not sure if the vault sdb module manages multiline strings (or @files) at the moment
21:48 babilen I can't really make the key available to all minions
21:48 gtmanfred i do not believe that it does
21:48 jgarr I'm still wondering why my test server worked. It doesn't have python-sss installed
21:48 gtmanfred you could also use external pillars
21:48 babilen I mean if I could I could just put it in the mine
21:48 gtmanfred actually, that would be a little difficult to do
21:48 babilen gtmanfred: Which one though and how do I write to it?
21:49 gtmanfred you would have to use like the mysql or postgres ext_pillar, and then write to it using the .query functions for the modules
21:49 babilen I'm literally just fishing for inspiration .. don't mind coding something, but I hoped that there are more approaches now :)
21:49 Praematura joined #salt
21:50 babilen Maybe I just go with something like lsyncd and leave salt out of the picture and just trigger the service reload via beacons :-/
21:50 babilen I can't justify running a db server just for that :)
21:51 babilen I'll play with sdb and resort to something "outside of salt" if that doesn't work
21:52 babilen Thanks for the comments, gtmanfred .. if you can think of anything else let me know
21:53 gtmanfred will do
21:53 babilen Cheers :)
21:53 babilen Surprisingly hard :)
22:01 pipps joined #salt
22:01 ub1quit33 joined #salt
22:03 DEger joined #salt
22:07 mikecmpbll joined #salt
22:13 Laogeodritt joined #salt
22:13 ub1quit33 joined #salt
22:16 amcorreia joined #salt
22:16 JohnnyRun joined #salt
22:19 scsinutz joined #salt
22:19 jgarr with pepper via the api how should modules be formatted? trying api.low([{'client': 'local', 'tgt': '*', 'fun': 'cmd.run uptime'}]) but returning uptime is not available
22:19 vexati0n woot, finally got azurearm to work, no thanks to the docs.
22:21 cmarzullo joined #salt
22:21 rschneberger joined #salt
22:22 synical joined #salt
22:22 masber joined #salt
22:27 hemebond What was missing?
22:32 om2 joined #salt
22:45 ProT-0-TypE joined #salt
22:45 ProT-0-TypE hi! can I use cache.localfs to store some data directly? if yes, is there any example how to use it?
22:50 jas02 joined #salt
22:52 jgarr ahh, I figured out I needed arg: uptime in my array. now to figure out how to do better tgt matching
22:57 pipps joined #salt
22:57 sarcasticadmin joined #salt
23:00 justanotheruser joined #salt
23:02 nikdatrix joined #salt
23:02 jgarr woot, just found expr_form for match type
23:03 jgarr I think I'm all set now
23:06 tiwula joined #salt
23:09 gtmanfred jgarr: use tgt_type, expr_form is being deprecated
23:09 gtmanfred jgarr: also, use the status.uptime module instead of cmd.run uptime
23:15 Mykha joined #salt
23:16 dps joined #salt
23:19 scsinutz joined #salt
23:23 GP_MikeD joined #salt
23:23 GP_MikeD Does anyone know how to extract the name(s) from mount.swaps
23:26 chowmein__ joined #salt
23:30 chowmein__ joined #salt
23:32 Tech01x joined #salt
23:33 Tech01x hello... I'm having a problem trying to configure apache mpm in the apache formula
23:34 Tech01x does anyone have an example pillar that configures the prefork mpm?
23:39 sp0097 joined #salt
23:44 dxiri hi guys, quick question! I am trying to create a new disk profile for salt virt, but after creating it, it doesn't seem to get loaded for some reason
23:44 dxiri https://docs.saltstack.com/en/latest/topics/virt/disk.html
23:44 dxiri trying to follow the very first example there
23:45 dxiri placed that bit of yaml into /etc/salt/master.d/virt-profiles.conf
23:45 dxiri but when running salt '*' virt.get_profiles, I get only the default disk profile
23:46 dxiri any reason why?
23:47 pipps joined #salt
23:54 jas02 joined #salt
23:55 kojiro joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary