Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-05-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:19 khaije1 joined #salt
00:20 khaije1 Is it possible to get a list of member nodegroups using jinja in a pillar file?
00:24 PerilousApricot joined #salt
00:27 manji joined #salt
00:31 schemanic Salt is rendering some parts of a template as objects rather than yaml, is there any way to diagnose that?
00:39 schemanic Rather, is JSON acceptable notation in YAML?
00:39 schemanic I have a macro that seems to be spitting out JSON notation
00:39 schemanic or rather, I'm using one
00:39 whytewolf are you sure it is json
00:40 whytewolf minamized yaml and json look a lot alike
00:40 Xenophon1 joined #salt
00:41 schemanic whytewolf, see the macro on line 7 here: https://github.com/saltstack-formulas/salt-formula/blob/master/salt/files/master.d/f_defaults.conf
00:41 schemanic it looks to be being piped to JSON with 'stuff...|json'
00:42 schemanic When my config file renders I end up with JSON in a file meant to be consumed from /etc/salt/master.d
00:42 whytewolf ahh. don't see it as an issue
00:43 SaucyElf joined #salt
00:43 schemanic whytewolf, you mean to say that when things are rendered that way, they're valid for consumption by salt?
00:43 whytewolf yes. it is valid ymal
00:43 schemanic ie, I shouldn't try to correct them or alter this formula
00:43 schemanic Okay
00:43 schemanic hmm
00:44 whytewolf this is also valid yaml https://gist.github.com/whytewolf/3b440cfad0eb2c4ab59500f8338ffd09
00:45 whytewolf the only difference between json and yaml in that tight of space is json has double quotes around strings. and yaml doesn't by efault.
00:46 schemanic That stands to reason. JSON is a subset of YAML if I understand correctly yes?
00:46 SaucyElf_ joined #salt
00:47 whytewolf yes. yaml is a superset of json. a yaml parser can more then likely understand json, but a json parser won't understand yaml
00:48 SaucyEl__ joined #salt
00:48 whytewolf http://yaml.org/spec/1.2/spec.html#id2759572
00:50 schemanic so iy's okay for double quotes to appear inside an sls file?
00:51 whytewolf yes
00:51 schemanic Okay
00:52 schemanic Thanks. I'm sorry if I sound needlessly incredulous. I'm going through the issues I've encountered getting my salt master set up from this formula and I'm a bit paranoid about what parts about what I've seen have actually caused my problems
00:55 NightMonkey joined #salt
01:04 dspec12 joined #salt
01:06 SaucyElf joined #salt
01:07 SaucyElf_ joined #salt
01:16 manji joined #salt
01:18 whytewolf if you really are having that much problem with the formula... then don't use it
01:23 manji joined #salt
01:53 packeteer joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.5 <+> Support: https://www.saltstack.com/support/ <+> SaltStack Webinar on Carbon, Nitrogen, and Enterprise 5.1 on May 18, 2017 https://goo.gl/PvsOvQ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> Due to spam, please register with NickServ
02:13 XenophonF joined #salt
02:19 Terminus joined #salt
02:31 cyborg-one joined #salt
02:32 db` joined #salt
02:32 db` left #salt
02:35 SaucyElf joined #salt
02:36 zerocoolback joined #salt
02:45 JPT joined #salt
02:52 Xenophon1 joined #salt
02:52 J0hnSteel joined #salt
02:52 SaucyElf joined #salt
02:54 MTecknology whytewolf: Can we uninstall formula support from salt?!
02:54 hemebond "formula support" ?
02:58 SaucyElf_ joined #salt
02:59 wangofett joined #salt
03:01 SaucyElf joined #salt
03:01 fracklen joined #salt
03:05 wangofett joined #salt
03:08 SaucyElf joined #salt
03:10 wangofett joined #salt
03:12 MTecknology hemebond: logic wasn't meant to be applied
03:12 hemebond ????
03:12 MTecknology I can't render that :(
03:12 whytewolf just like formulas
03:15 justanotheruser joined #salt
03:17 wangofett joined #salt
03:20 manji joined #salt
03:21 SaucyElf_ joined #salt
03:22 MTecknology thumbs up!
03:32 miruoy joined #salt
03:39 SaucyElf joined #salt
03:42 hemebond ????  ☺
03:45 onlyanegg joined #salt
03:45 manji joined #salt
03:47 SaucyElf_ joined #salt
03:47 edrocks joined #salt
03:52 SaucyEl__ joined #salt
03:53 SaucyE___ joined #salt
03:57 SaucyElf joined #salt
03:59 SaucyElf_ joined #salt
04:01 manji joined #salt
04:07 jalaziz joined #salt
04:21 dspec12 joined #salt
04:27 manji joined #salt
04:38 iggy bennabiy: https://github.com/saltstack/atom-salt for atom
04:39 iggy bennabiy: and check out https://github.com/saltstack/atom-salt/issues/5 for a hopeful fix (WFM, nobody else has tested afaik)
04:46 onlyanegg joined #salt
04:55 manji joined #salt
04:59 onlyanegg joined #salt
05:00 schemanic is there a way to verify if an external pillar is being gotten?
05:10 onlyanegg joined #salt
05:18 xet7_ joined #salt
05:23 manji joined #salt
05:34 wangofett joined #salt
05:39 manji joined #salt
05:45 wangofett joined #salt
05:53 druonysus joined #salt
05:54 onlyanegg joined #salt
05:56 wangofett joined #salt
05:59 preludedrew joined #salt
06:01 do3meli joined #salt
06:01 do3meli left #salt
06:01 colttt joined #salt
06:01 hemebond salt-run saltutil.has_ext_pillar_got_got
06:01 wangofett joined #salt
06:05 whytewolf but then how would know if has_ext_pillar_got_got has been gotten :P
06:06 capnhex joined #salt
06:06 golodhrim|work joined #salt
06:12 wangofett joined #salt
06:14 jas02 joined #salt
06:17 evle joined #salt
06:21 dspec12 joined #salt
06:28 candyman88 joined #salt
06:31 wangofett joined #salt
06:31 aldevar joined #salt
06:32 manji joined #salt
06:32 aldevar left #salt
06:34 aldevar joined #salt
06:36 wangofett joined #salt
06:42 wangofett joined #salt
06:43 fracklen joined #salt
06:48 wangofett joined #salt
06:49 edrocks joined #salt
06:54 wangofett joined #salt
06:54 XenophonF joined #salt
06:58 Ricardo1000 joined #salt
07:01 wangofett joined #salt
07:02 jhauser joined #salt
07:07 wangofett joined #salt
07:07 dario joined #salt
07:09 fracklen joined #salt
07:11 mbologna joined #salt
07:12 wangofett joined #salt
07:14 mbologna joined #salt
07:20 fredvd joined #salt
07:23 felskrone joined #salt
07:24 wangofett joined #salt
07:29 yuhl joined #salt
07:29 impi joined #salt
07:31 yuhl left #salt
07:32 yuhl joined #salt
07:35 it_dude joined #salt
07:38 jas02 joined #salt
07:43 JohnnyRun joined #salt
07:53 cmichel joined #salt
07:53 hoonetorg joined #salt
07:58 onlyanegg joined #salt
08:04 dspec12 joined #salt
08:06 yuhl joined #salt
08:09 o1e9 joined #salt
08:09 bdrung_work joined #salt
08:12 capnhex joined #salt
08:15 xet7_ joined #salt
08:17 pbandark joined #salt
08:21 Mattch joined #salt
08:25 Rumbles joined #salt
08:31 xet7 joined #salt
08:37 capnhex joined #salt
08:39 megamaced joined #salt
08:43 rgrundstrom joined #salt
08:45 fracklen joined #salt
08:45 fracklen joined #salt
08:50 rgrundstrom left #salt
08:50 rgrundstrom joined #salt
08:52 rgrundstrom joined #salt
08:58 ronnix joined #salt
09:00 flebel joined #salt
09:05 sh123124213 joined #salt
09:06 Nageswar joined #salt
09:13 Nageswar left #salt
09:24 gaborn joined #salt
09:25 ronnix joined #salt
09:40 wangofett joined #salt
09:44 inad922 joined #salt
09:50 wangofett joined #salt
09:53 Ricardo1000 joined #salt
09:56 toanju joined #salt
09:57 zerocoolback joined #salt
09:59 onlyanegg joined #salt
10:01 candyman88 joined #salt
10:02 tellendil joined #salt
10:27 jas02 joined #salt
10:30 manji joined #salt
10:36 losh joined #salt
10:53 edrocks joined #salt
11:06 LondonAppDev joined #salt
11:21 Kelsar joined #salt
11:23 candyman88 joined #salt
11:26 cablekev2n joined #salt
11:28 jas02 joined #salt
11:28 riftman joined #salt
11:31 tellendil_ joined #salt
11:33 tellendil_ Hey, I've got a problem with salt-ssh and mine, I'm running "salt-ssh myhost mine.update" and it returns None. However I have some functions defined in the roster file. Is this normal ?
11:33 tellendil_ I've got the same problem with mine.valid
11:34 hemebond tellendil_: Have you checked the mine for the data?
11:34 hemebond All that command does is tell the minion to update the mine.
11:35 tellendil_ hemebond: How can I check for the entry to be populated ? My current test is "  mine.functions:     cmd.run: ["echo hello"]"
11:35 hemebond mine.get
11:36 bdrung_work joined #salt
11:38 tellendil_ hemebond: ok right, having the previous test, it works but now if I try to alias it, I get "TypeError encountered executing say_hello: 'FunctionWrapper' object is not callable" which leads me to https://github.com/saltstack/salt/issues/27808 but this seems fixed from quite a long time ago...
11:39 hemebond How the heck does salt mine work with salt-ssh?
11:40 hemebond Which version of Salt are you using?
11:41 demize By being configured in the master config/pillar/roster
11:41 demize It's really slow though.
11:41 hemebond But... so does salt-ssh use the master for stuff?
11:42 tellendil_ salt-ssh 2016.11.5 (Carbon) is my version. Yes, if you add the mine info in the roster it is supposed to work
11:42 hemebond I learned something new today.
11:45 demize Anyway, seems like a regression then.
11:48 _KaszpiR_ joined #salt
11:50 tellendil_ ok I guess I should open a new issue and link to the previous one right ?
11:50 tellendil_ or should i comment the previous one ?
11:58 hemebond New one I reckon, with a reference to the old.
12:00 onlyanegg joined #salt
12:02 wangofett joined #salt
12:05 LondonAppDev joined #salt
12:09 wangofett joined #salt
12:15 wangofett joined #salt
12:20 ronnix joined #salt
12:20 toanju joined #salt
12:23 coredumb Hey folks, I'm looking for an external pillar that supports jinja (and maybe salt contexts like pillars and grains) and can also serves as master_tops
12:23 coredumb anything like that ?
12:26 tellendil_ if I have a mine with two "cmd.run" commands, I get conflicting IDs. is there a way of coping with that without using aliases ?
12:30 jas02 joined #salt
12:34 jas02 joined #salt
12:36 Reverend joined #salt
12:38 wangofett joined #salt
12:40 ozux joined #salt
12:40 dario joined #salt
12:45 wangofett joined #salt
12:46 thinkt4nk joined #salt
12:47 thinkt4nk joined #salt
12:49 Praematura joined #salt
12:51 wangofett joined #salt
12:52 edrocks joined #salt
12:55 amcorreia joined #salt
12:56 wangofett joined #salt
13:02 wangofett joined #salt
13:02 ivanjaros joined #salt
13:05 mugundan joined #salt
13:09 sjorge joined #salt
13:09 ssplatt joined #salt
13:09 babilen tellendil: Why don't you want to use aliases? How are you planning to tell them apart?
13:09 hemebond babilen: I think they encountered a bug when using aliases.
13:10 hemebond A regression.
13:10 babilen The question is a bit like "How do I do that, without doing $SOLUTION"
13:11 hemebond Yeah. In this case they're after a workaround. Which is unlikely to exist.
13:12 babilen I'd argue that salt-ssh is not the right approach if you need features like the mine, beacons or reactors
13:12 hemebond It never occurred to me that those might actually work with salt-ssh.
13:12 babilen I'm still not sure how the mine would work with it
13:12 hemebond I always saw salt-ssh as Ansible.
13:12 babilen Well, beacons and reactors don't work
13:13 hemebond I guess you just tell it to update manually.... nah I don't get it either.
13:13 babilen But wouldn't that require you to contact all minions in your roster?
13:13 hemebond I guess so.
13:13 babilen In Ansible you have access to data from boxes targeted in your "Playbook"
13:14 babilen So boxes you "touched" before
13:14 hemebond salt-ssh uses rosters, no?
13:14 hemebond So you tell your roster to update the mine.
13:14 babilen It does, yeah, but I wouldn't necessarily expect it to contact all minions configured therein, but only those that I targeted
13:14 hemebond Then run it again to use the mine data... I guess.
13:15 babilen But then .. I don't actually know how to use the mine with salt-ssh and what kind of setup that entails
13:16 babilen The above is just my "That's what I would expect", but that does not have to have anythin to do with reality
13:21 goal joined #salt
13:22 goal in a state, is there a way to render a jinja template into a variable (and pass context variables as you do so)?
13:23 hemebond goal: Maybe include?
13:23 rgrundstrom Anyone that can see what im writing now?
13:23 hemebond rgrundstrom: Can you see what I'm typing ????
13:24 rgrundstrom Wee it works :) That small note in the topic about regestering your nick is a little bit to small :)
13:24 hemebond Oh, excellent. Yes, been a bit of spam lately.
13:24 rgrundstrom Is it possible to use unless and onlyif in file.managed?
13:24 LondonAppDev joined #salt
13:25 hemebond Yes
13:26 goal hemebond: no way to pass variables to that? My problem is that I want to render a template in order to use the result as the `repl:` value to file.replace
13:26 hemebond Macro?
13:26 rgrundstrom so if i use unless: - file.exists: <absolut path> should work. Thank you
13:27 hemebond That doesn't seem right, no.
13:27 goal hemebond: hmm yes maybe. Thanks.
13:31 Brew joined #salt
13:33 c_g joined #salt
13:36 drawsmcgraw joined #salt
13:40 babilen rgrundstrom: I don't think so
13:49 stewgoin joined #salt
13:49 debian112 joined #salt
13:50 PatrolDoom joined #salt
13:50 rgrundstrom babile: Got it working :)
13:51 babilen rgrundstrom: I typically use "test -f /path/to/file", but what did you do?
13:52 rgrundstrom {% if not salt['file.file_exists']('<absolut path>') %}
13:52 babilen Ah .. you can use "unless: test -f /path/to/file"
13:53 rgrundstrom There is a load of other stuff that should happen if my file is missing so i prefer the if.
13:53 bennabiy iggy: thank you. I commented on your patch, as it does not match the current state of the package
13:54 bennabiy iggy: Thank you for the link as well. It was just what I was looking for.
13:57 debian112 joined #salt
14:00 sh123124213 joined #salt
14:01 onlyanegg joined #salt
14:02 racooper joined #salt
14:04 PatrolDoom rgrundstrom: +1 - TIL
14:07 ronnix joined #salt
14:08 Hobbe joined #salt
14:08 cablekev1n joined #salt
14:10 drawsmcgraw joined #salt
14:17 brousch__ joined #salt
14:19 candyman89 joined #salt
14:23 johnkeates joined #salt
14:29 rgrundstrom PatrolDoom: ??
14:30 edrocks joined #salt
14:30 tellendil joined #salt
14:30 PatrolDoom {% if not salt['file.file_exists']('<absolut path>') %}, i learned something :D
14:31 rgrundstrom PatrolDoom: Well there are proberbly loads of other ways to use it. But this is the way i do it. :) Happy to be of service.
14:31 PatrolDoom indeed
14:32 babilen rgrundstrom: Perfectly fine then, just wanted to correct your "unless: ..." approach.
14:36 tellendil joined #salt
14:37 rgrundstrom Ok now im getting a bit frustrated. Im trying to use file.line to ensure that there is a speifik line there but its giving me a relly hard time.
14:38 rgrundstrom https://gist.github.com/anonymous/f3ede755826be21971eb76e5e943624c#file-gistfile1-txt
14:38 hemebond Using file_exists would run at the Jinja compilation phase. Would `unless` run in its own thread/process that's already handling the file?
14:38 mugundan joined #salt
14:38 hemebond rgrundstrom: Your YAML indentation is wrong.
14:39 rgrundstrom hemebond: Please correct me instead... Cause im not too used to work with YAML
14:39 hemebond rgrundstrom: You can use http://yaml-online-parser.appspot.com/ to test your YAML
14:39 hemebond You need to indent the content lines several times.
14:40 mugundan joined #salt
14:40 tellendil joined #salt
14:43 Reverend joined #salt
14:46 tom[] joined #salt
14:53 fracklen joined #salt
14:54 fracklen joined #salt
14:58 babilen hemebond: It would run right before the state is executed, so the semantics are indeed different
14:58 hemebond Are states run in their own process/thread?
14:58 hemebond Or are processes/threads just re-used for each state?
14:59 babilen Hey .. I'm using a reactor that is triggered by inotify and should restart the webserver of a minion. It's just that we are using different webservers for the projects. Is there a way to get hold of minion's pillar settings in the reactor SLS? The master pillar settings? Any other settings/data ?
15:01 hemebond Could you not use the reactor to just apply a regular state?
15:01 mugundan11 joined #salt
15:03 babilen I have the following at the moment http://paste.debian.net/933619/ -- The indirection is needed because I can't set "batch: 1" directly in the reactor.
15:04 babilen This is triggered by an inotify beacon on salt/beacon/foo-web*.test/inotify//var/lib/dehydrated/certs/*/*/cert.pem ... (letsencrypt cert renewal)
15:05 hemebond Hmm. I only have a few reactors. And they mostly either run simple modules or apply regular states to do their stuff.
15:05 hemebond You can use `cmd.state.apply:` to apply a state or run a highstate.
15:07 babilen I have to run orchestration as that is the only way I get "batch: 1" in there (until https://github.com/saltstack/salt/issues/41268 is solved)
15:08 babilen It's just that dependending on the minion I have to restart apache, nginx, lighttpd, ...
15:08 babilen And we obviously set it in the minion's pillar data
15:08 hemebond I thought orchestration could just use regular states.
15:08 hemebond I haven
15:09 hemebond haven't done any orchestration yet, sorry.
15:09 babilen Yeah, but how would I restart a service with a regular state?
15:09 hemebond module.run?
15:09 babilen Hmm .. maybe, but that's a nightmware in respect to different init systems
15:10 mugundan joined #salt
15:10 babilen I wonder what https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.mod_watch does exactly
15:11 hemebond But if you use module.run to call service.restart, does the init system matter?
15:11 ntropy it doesn't
15:11 babilen Ah, that is what you were thinking of
15:11 ntropy and you can use all the available modules and states in orchestration
15:11 babilen Sure
15:11 hemebond ntropy: What about pillars and stuff?
15:12 hemebond Wait... babilen is already using pillars in the orch.
15:12 hemebond I'm confused.
15:12 babilen I just would have to use a state as I don't have access to minion's pillar data otherwise
15:12 hemebond And it's 3am. Oh crap.
15:12 babilen hemebond: They are handed in from the outside
15:12 hemebond Oh right, of course.
15:13 hemebond ntropy: Accessing minion pillars in the orch states/files possible?
15:13 ntropy not quite sure, but i think so; my orchestration states take pillar as arguments on command line
15:14 hemebond Oh.
15:14 babilen I just dislike the lasagna code of reactor_config → reactor SLS → orchestration SLS → state
15:14 Heartsbane joined #salt
15:14 Heartsbane joined #salt
15:14 babilen ntropy: Yeah, that's the data you hand in from the outside (more or less what I'm doing in the paste to pass arguments), but that doesn't allow me to get the pillar of "minion_foo", does it?
15:15 ntropy a quick test is the best way to be sure, let me see
15:16 ntropy orchestration docs don't mention pillar
15:16 fracklen joined #salt
15:16 onlyanegg joined #salt
15:17 hemebond I would bite the bullet and go with the lasagna.
15:18 babilen It's just so convoluted .. I mean this should, essentially, be possible in "reactor SLS" and the "orchestration SLS → state" ist just unnecessary bitrot and complexity
15:18 hemebond Yeah, but reactor and orch is all master stuff.
15:19 fracklen_ joined #salt
15:19 rmelero joined #salt
15:19 babilen And then it isn't even just "→ state" but "state → execution_module" :)
15:19 hemebond Also, orch should be high-level stuff, not the low-level details of what service gets restarted.
15:19 babilen hemebond: The master has access to all pillar data
15:19 babilen Yeah, that's why I dislike hardcoding it there
15:20 hemebond Oh, then maybe use https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cache.html#salt.runners.cache.pillar
15:20 babilen I essentially want to say "restart webserver" (whatever is appropriate for the box)
15:20 hemebond I use the grains one to fetch grains within pillars.
15:20 hemebond Should be higher-level.
15:20 babilen Guess I'll have to play a little more
15:20 hemebond e.g., "Refresh the application for the client" or something.
15:21 hemebond {%- set cached_grains = salt.saltutil.runner('cache.grains', tgt='web*') %}
15:21 hemebond Should be able to do something similar with the pillar one.
15:22 tom[] joined #salt
15:22 babilen Let me look into that .. thank you
15:22 hemebond Good luck ????
15:23 Nageswar joined #salt
15:23 _JZ_ joined #salt
15:24 tellendil joined #salt
15:27 tellendil joined #salt
15:29 sarcasticadmin joined #salt
15:29 Nageswar hello
15:29 ahrs joined #salt
15:31 ntropy babilen: so yeah, afaics minion pillar isn't immediately available in orchestrate states
15:31 aldevar left #salt
15:33 Nageswar_ joined #salt
15:35 wangofett joined #salt
15:37 mikecmpbll joined #salt
15:39 Nageswar joined #salt
15:44 Xenophon1 joined #salt
15:44 racooper joined #salt
15:47 wangofett joined #salt
15:50 tellendil joined #salt
15:52 raspado joined #salt
15:52 wangofett joined #salt
15:57 tellendil joined #salt
15:58 LostSoul joined #salt
15:58 pmcg joined #salt
15:58 wangofett joined #salt
16:06 drawsmcgraw joined #salt
16:08 rgrundstrom left #salt
16:10 drawsmcgraw1 joined #salt
16:10 wangofett joined #salt
16:13 iggy bennabiy: nice catch, I just realized I was basing mine off of https://github.com/nevins-b/atom-salt instead of upstream
16:17 SaucyElf joined #salt
16:19 armyriad joined #salt
16:28 tellendil joined #salt
16:28 Praematura joined #salt
16:31 druonysus joined #salt
16:34 gtmanfred going to turn this back on and see if i see any spamming in the next day or so and will remove the quieting
16:35 pmcg joined #salt
16:37 Trauma joined #salt
16:39 Inveracity joined #salt
16:41 nixjdm joined #salt
16:42 coval3nce joined #salt
16:48 gtmanfred i am not sure if it is possible to overwrite the grains about the system like the OS or whatever, so you might start with checking that first, and seeing if that is actually a problem
16:49 gtmanfred (i think you might be, but i am not 100% sure)
16:49 gtmanfred oh, yup you can
16:49 gtmanfred hrm, that is an interesting question then
16:49 MichaelB joined #salt
16:50 gtmanfred coval3nce: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.match.html#salt.modules.match.filter_by
16:50 tellendil joined #salt
16:50 gtmanfred use match.filter_by and match on the id, instead of grains
16:50 MajObviousman I wonder why this channel is getting targeted
16:51 gtmanfred MajObviousman: because freenode is only one step above hackernews in levels of awfulness on the internet.
16:51 MajObviousman gtmanfred: does match query the minion the way test.ping does, or is it master-only?
16:51 MajObviousman you'll not see disagreement from me on that one, gtmanfred
16:52 MajObviousman oftc is better, but been getting similar attention in the past 18 months
16:52 gtmanfred match uses the same logic that the minion uses when checking messages on the master event bus to see if i should run them
16:52 sh123124213 joined #salt
16:53 gtmanfred MichaelB:my gut tells me that you shouldn't need to filter that through the json filter
16:53 gtmanfred but that may be super wrong
16:53 gtmanfred i haven't tried to do something like that before
16:55 tellendil joined #salt
16:58 gtmanfred aight, i gotta go to the grocery store o/
17:00 onlyanegg joined #salt
17:00 MajObviousman enjoy
17:08 pf_moore joined #salt
17:10 tellendil joined #salt
17:13 SalanderLives joined #salt
17:17 rmelero joined #salt
17:18 ChubYann joined #salt
17:20 tellendil joined #salt
17:26 impi joined #salt
17:27 manji joined #salt
17:28 jab416171 joined #salt
17:30 tellendil joined #salt
17:31 anotherZero joined #salt
17:32 swills joined #salt
17:48 cliluw joined #salt
17:53 nixjdm joined #salt
17:56 rmelero joined #salt
18:05 mavhq joined #salt
18:08 cyteen joined #salt
18:11 chowmein__ joined #salt
18:18 drawsmcgraw joined #salt
18:19 sh123124213 joined #salt
18:20 Bryson joined #salt
18:27 wangofett joined #salt
18:32 coval3nce joined #salt
18:32 overyander joined #salt
18:34 edrocks joined #salt
18:36 major is there any docs that might highlight how to use the sudoers formula to support variable sudoers.included files while supporting a common sudoers file?
18:40 PatrolDoom joined #salt
18:41 Bryson joined #salt
18:48 thinkt4n_ joined #salt
18:49 rmelero joined #salt
18:50 Memphis joined #salt
18:53 cwang joined #salt
18:55 o1e9 joined #salt
18:57 MTecknology major: I don't understand the question
18:59 major Different server groups have need for different included suoders files in sudoers.d, was looking at using the sudoers formula, but I am not entirely certain how to have different sudoers.included items with a common sudoers pillar...
19:00 major I may be over thinking the issue before attempting to even draw it up
19:01 MTecknology don't use formulas and the problem is probably much easier
19:01 major ... you are not wrong there .. I was honestly thinking that it would be easier to just use static files to manage in sudoers.d and simply manage those..
19:02 major though I also think part of my problem was that I wasn't entirely aware that pillar data with the same ID would be merged
19:03 MTecknology This is my sudo pillar stuff - http://dpaste.com/0EN4EAF
19:03 c_g joined #salt
19:04 MTecknology {% for file in list %} file.managed
19:05 MTecknology I'm curious what kind of formula you would want to make around that... I gotta look
19:05 nixjdm joined #salt
19:05 major just have need to limit specific users/groups/systems to specific commands across .. a lot of nodes..
19:06 dlam joined #salt
19:06 major the sudoers formula supports that, but it seems slightly more complex then just specifying which files you want to manage in which group
19:06 major particularly as the content of the files themselves is fundemdentally static
19:06 major I dunno .. could be just me
19:06 major often is
19:07 major https://github.com/saltstack-formulas/sudoers-formula
19:08 MTecknology check_cmd, eh?
19:08 keldwud joined #salt
19:09 keldwud joined #salt
19:09 MTecknology nice!
19:09 major I think I will just try for various sudoers.<group> pillars which define sudoers.included_files and see if it merges cleanly
19:11 MTecknology I prefer doing the logic inside individual sls files and then including other files as needed, but that's because I don't like doing logic inside top.sls.
19:12 major I can see that
19:12 major this is a whole new ground-up-rewrite for a stack of stuff .. so I am generally just trying to look at various ways in which this stuff can be done .. no real hard layout in place yet
19:16 keltim joined #salt
19:19 MTecknology I strongly suggest staying away from formulas, they just muddy up the water because you have to write salt around how someone wrote the formula. They're cool for referencing and using as turnkey deploys (which should obviously be test only.. for the same reasons)
19:21 major understood
19:21 rmelero joined #salt
19:21 major like I said .. this is mostly a "look at various ways this stuff can be done" .. not expecting to deploy this stuff so much as present some ideas here at the end of the month
19:22 major at least .. I certainly hope this doesn't get deployed ....
19:22 major just trying to model this as if it was going to apply to the real network so that others can get an idea of the options
19:23 MTecknology I can share what my structure looks like
19:24 MTecknology just gotta trim some stuff first
19:25 Praematura_ joined #salt
19:31 hashwagon joined #salt
19:34 MTecknology http://dpaste.com/03410AP
19:37 jas02 joined #salt
19:39 major salt-data, salt-states and salt-pillar?
19:39 beardedeagle joined #salt
19:39 * major thinks.
19:39 candyman88 joined #salt
19:39 MTecknology three different git repositories
19:41 MajObviousman yeah, I wanted formulas to be better than they are
19:41 MajObviousman especially the firewall one
19:42 MTecknology ferm!
19:42 MTecknology seriously... more people need to know about ferm. Not my favorite group of people, but one heck of a tool
19:43 major hmm
19:45 MTecknology https://gist.github.com/MTecknology/33b9e5a56fd5503484b5c4e77ae358e5
19:45 MTecknology ignore the port knocking stuff. It's not pretty and I don't plan to make it pretty.
19:46 major kinda like fwbuilder, but w/out the UI and w/out support for Cisco ASA/PIX/FWSM/ACL, BSD pf/ipfw/ipfilter, and HP ProCurve ACLs?
19:47 nicksloan joined #salt
19:48 jfelchner joined #salt
19:56 PatrolDoom yeah ferm is nice
19:57 PatrolDoom very simple
20:00 drawsmcgraw joined #salt
20:00 fracklen joined #salt
20:03 fracklen_ joined #salt
20:05 nixjdm joined #salt
20:18 debian112 joined #salt
20:22 fracklen joined #salt
20:25 lorengordon seems like someone should write a ferm module/state
20:25 MTecknology what would it do?
20:27 onlyanegg joined #salt
20:27 MTecknology ferm is a really simple pkg.installed, file.managed, service.running state where anything that may modify the template generated just has  -listen_in: file: ferm
20:28 lorengordon lol, sounds like many unix-y services. just manage a file. no problemo.
20:29 lorengordon and yet, we have all these modules that make managing the file directly unnecessary, and people seem to find value in them
20:34 MTecknology such as?
20:35 cwright joined #salt
20:37 onlyanegg joined #salt
20:44 wangofett joined #salt
20:48 jf_sebas1ian joined #salt
20:51 wangofett joined #salt
20:52 dlam i have a long running 'file.directory' state because it recursively sets permissions:  is there a way to say, check if the root folder has the right permissions and decided if the state should be run from that?
20:52 hashwagon Any common pitfalls with setting up users in a salt state? I'm using pillar for username and password and it's showing correctly in pillar.items. The user exists on the system, but I can't login to it. I know the password is correct in pillar.
20:53 hashwagon This is with user.present
20:55 hashwagon I actually just tested making a user with the username and password in the state as a test.. same thing can't login hmm.
20:57 fracklen joined #salt
20:59 Vasya666 joined #salt
21:03 onlyanegg joined #salt
21:05 nixjdm joined #salt
21:07 _JZ_ joined #salt
21:09 debian112 joined #salt
21:11 p0licy joined #salt
21:11 colttt joined #salt
21:15 sjorge joined #salt
21:15 edrocks joined #salt
21:26 Praematura_ joined #salt
21:44 cliluw joined #salt
21:48 jas02 joined #salt
21:55 Blah123 joined #salt
22:03 sh123124213 joined #salt
22:03 heaje joined #salt
22:04 nixjdm joined #salt
22:12 censorshipwreck joined #salt
22:15 nicksloan joined #salt
22:16 edrocks joined #salt
22:20 sh123124213 joined #salt
22:59 debian112 joined #salt
23:03 wangofett joined #salt
23:08 wangofett joined #salt
23:14 yidhra joined #salt
23:23 wangofett joined #salt
23:27 coval3nce joined #salt
23:28 Praematura_ joined #salt
23:33 cyborg-one joined #salt
23:36 wangofett joined #salt
23:49 jas02 joined #salt
23:52 wangofett joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary