Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-06-07

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 onlyanegg joined #salt
00:02 edrocks joined #salt
00:03 wangofett joined #salt
00:10 wangofett joined #salt
00:11 dxiri joined #salt
00:12 Spencer joined #salt
00:13 zerocoolback joined #salt
00:14 onlyanegg joined #salt
00:15 wangofett joined #salt
00:16 Spencer joined #salt
00:18 SpencerE joined #salt
00:20 SpencerE Hi all.
00:20 SpencerE I was wondering if anyone was able to answer a quick proxy question.
00:22 wangofett joined #salt
00:22 jas02 joined #salt
00:23 PatrolDoom don't ask to ask, just ask
00:24 SpencerE Just wasn't sure if anyone was around
00:25 SpencerE Is it expected behavior for an execution module to operate commands off the salt-proxy server for a proxy minion that is not the proper type?
00:25 SpencerE For instance, running a system.reboot (which should only apply to Linux systems) will incorrectly match for an ESXI minion
00:26 woodtablet left #salt
00:27 SpencerE For the Windows execution modules, there are strict checks in place to ensure that they will only operate against Windows minions, however, the Linux variants only negate match to exclude devices and default any that don't match.
00:28 hemebond joined #salt
00:29 Trauma joined #salt
00:37 zerocoolback joined #salt
00:42 SpencerE joined #salt
00:43 mosen joined #salt
00:45 leon joined #salt
00:46 Guest96267 left #salt
01:02 onlyanegg joined #salt
01:12 dxiri joined #salt
01:15 zulutango joined #salt
01:16 gnomethrower joined #salt
01:17 Rubin joined #salt
01:18 demize joined #salt
01:19 dendazen joined #salt
01:46 amcorreia_ joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.5 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
02:04 edrocks joined #salt
02:08 dxiri joined #salt
02:11 zerocoolback joined #salt
02:23 mpanetta_ joined #salt
02:40 dxiri joined #salt
02:51 fritz09 joined #salt
02:52 hemebond Can't extend across environments :-(
03:01 MTecknology SpencerE: While I would actually *LOVE* to properly address your question, you have left the channel so......
03:06 sh123124213 joined #salt
03:06 dxiri joined #salt
03:32 miruoy joined #salt
03:33 LeProvokateur joined #salt
03:34 dxiri joined #salt
03:45 dxiri joined #salt
03:52 dxiri joined #salt
03:56 mpanetta joined #salt
03:57 icebal joined #salt
04:01 dxiri joined #salt
04:06 edrocks joined #salt
04:11 dxiri joined #salt
04:12 cyborg-one joined #salt
04:27 GothAck joined #salt
04:27 dxiri joined #salt
04:32 bigjazzsound joined #salt
04:36 sh123124213 joined #salt
04:38 sh123124213 joined #salt
04:45 Bock joined #salt
04:46 hoonetorg joined #salt
04:51 preludedrew joined #salt
05:08 golodhrim|work joined #salt
05:08 GothAck joined #salt
05:29 eseyman joined #salt
05:46 buhm joined #salt
05:47 inad922 joined #salt
05:51 J0hnSteel joined #salt
05:52 do3meli joined #salt
05:52 do3meli left #salt
06:05 qwertyco joined #salt
06:11 sh123124213 joined #salt
06:13 impi joined #salt
06:19 toastedpenguin joined #salt
06:23 capnhex joined #salt
06:34 zerocoolback joined #salt
06:39 aldevar joined #salt
06:46 fracklen joined #salt
06:51 zerocoolback joined #salt
06:53 saltsa joined #salt
07:05 losh joined #salt
07:06 xet7 joined #salt
07:06 zerocoolback joined #salt
07:09 sh123124213 joined #salt
07:14 Kelsar joined #salt
07:15 JohnnyRun joined #salt
07:15 Kelsar joined #salt
07:15 ronnix joined #salt
07:17 jas02 joined #salt
07:18 mbologna joined #salt
07:19 jas02 joined #salt
07:20 felskrone joined #salt
07:25 preludedrew joined #salt
07:35 lasseknudsen joined #salt
07:35 capnhex joined #salt
07:38 Hybrid1 joined #salt
07:44 o1e9 joined #salt
07:48 fracklen joined #salt
07:49 JohnnyRun joined #salt
07:54 saintpablo joined #salt
07:56 candyman88 joined #salt
07:56 saintpablo joined #salt
07:59 mikecmpbll joined #salt
07:59 candyman89 joined #salt
08:01 BlackBishop joined #salt
08:01 Rumbles joined #salt
08:03 coredumb Morning
08:03 hemebond ????
08:03 coredumb https://pastebin.com/w20D2sdA < Am I missing something that my ntpd service doesn't get restarted on file change?
08:03 evle1 joined #salt
08:03 Antiarc joined #salt
08:04 hemebond Looks fine to me.
08:04 hemebond Oh.
08:04 hemebond You should be using "watch_in" I think.
08:06 coredumb really? What's the difference? Shouldn't it still work?
08:06 hemebond I think "watch" has special semantics/triggers for services.
08:07 hemebond "The onchanges requisite makes a state only apply if the required states generate changes"
08:07 babilen I prefer to use listen_in
08:07 hemebond So your service states won't apply at all if the file isn't changed.
08:08 babilen But the semantics are different, so choose the appropriate one
08:08 coredumb damn
08:10 coredumb that's not obvious
08:11 coredumb hemebond: works fine with watch_in thanks
08:13 oida_ joined #salt
08:14 coredumb s/it's not obvious/I should read doc more carefully/
08:14 hemebond ????
08:19 JohnnyRun joined #salt
08:20 babilen coredumb: Take a look at listen_in
08:20 pbandark joined #salt
08:22 coredumb babilen: that's interesting
08:22 coredumb That may come in handy
08:22 coredumb thx!
08:23 saintpablo joined #salt
08:23 babilen Sounded as if you might have overlooked my earlier comment .. hence the repeat
08:24 babilen They don't do the same, but listen_in is quite nice in most cases
08:27 coredumb babilen: I didn't overlook it but I didn't see it flash across my eyes in the documentation page
08:27 coredumb so thanks again for repeating to force me to find it ;)
08:28 saintpablos joined #salt
08:30 jas02 joined #salt
08:31 Mattch joined #salt
08:36 inad922 joined #salt
08:37 Antiarc joined #salt
08:38 jas02 joined #salt
08:48 colegatron joined #salt
08:52 mikecmpbll joined #salt
09:00 sh123124213 joined #salt
09:01 absolute- Morning guys
09:01 absolute- Has anyone here got a 'creative' master setup?
09:02 absolute- I'm going to look into Syndic, but I'm wondering if I could have a setup that's almost like a PKI
09:02 absolute- With sub-masters controlling specific areas
09:04 sh123124213 joined #salt
09:05 sh123124213 joined #salt
09:05 zerocoolback joined #salt
09:06 N-Mi joined #salt
09:06 N-Mi joined #salt
09:10 zulutango joined #salt
09:11 zerocoo__ joined #salt
09:11 nona joined #salt
09:12 jas02_ joined #salt
09:12 Thana404 joined #salt
09:14 mikecmpb_ joined #salt
09:17 Thana404 joined #salt
09:17 Thana404 left #salt
09:17 Thana404 joined #salt
09:18 jas02 joined #salt
09:19 mikecmpbll joined #salt
09:19 sh123124213 joined #salt
09:20 Thana404 joined #salt
09:24 ronnix joined #salt
09:24 mikecmpb_ joined #salt
09:27 mikecmpbll joined #salt
09:33 ronnix joined #salt
09:34 Praematura joined #salt
09:38 mt5225 joined #salt
09:39 Rumbles if I do a highstate with test=True, salt tells me a new file will be created, but not what will be created in that file, is there a way (other than running without test=True) to see what will be created in that file? (it's coming froma  jinja template and I want to understand what will go in the file before pushing it out)
09:40 Trauma joined #salt
09:41 blathijs joined #salt
09:45 jijiki left #salt
09:45 manji joined #salt
09:46 babilen Rumbles: Two options: 1. cp.get_template 2. Create a dummy file with some content on the minion to get a diff
09:50 Rumbles ok, thanks babilen
09:51 saintpablo joined #salt
09:51 candyman88 joined #salt
09:53 saintpablo joined #salt
09:54 saintpablos joined #salt
09:55 tellendil joined #salt
09:55 qwertyco joined #salt
10:02 colttt joined #salt
10:03 sh123124213 joined #salt
10:09 aldevar joined #salt
10:09 Reverend babilen: forgot to say, thank you for yesterday. I set that orchestration sls up for the reactor, and it worked like a charm :D
10:09 Reverend you da real mvp
10:10 edrocks joined #salt
10:12 bluenemo joined #salt
10:22 pbandark Hi.. I am using "http.query" state module.  Is it possible to store result which we get from "http.query" ?
10:27 harvey-saltface joined #salt
10:30 zerocoolback joined #salt
10:33 zerocoolback joined #salt
10:48 do3meli joined #salt
10:48 do3meli left #salt
10:53 absolute- You  can save it to a jinja2 variable
10:53 absolute- {% set http_return = salt[ 'http.query' ](foo='bar') %}
10:59 mt5225 joined #salt
11:01 pbandark absolute-: so i need to use execution module ?
11:02 absolute- Oh, I though it was, my bad
11:02 absolute- misread what you said
11:03 zerocoolback joined #salt
11:03 absolute- I guess it depends what you're doing?
11:04 pbandark I am querying http url which returns server details. and from return output, I want to fetch one specific value.
11:05 absolute- Sounds like it would be better as an execution module then, as it's not stateful?
11:05 pbandark i can use execution module as well.
11:05 pbandark let me give a try
11:10 beebee joined #salt
11:13 absolute- Anyone know where the default location for gitfs is?
11:16 ronnix joined #salt
11:17 absolute- nevermind
11:17 absolute- bad config :[
11:19 coredumb hey folks
11:19 coredumb using gitfs for my states, the salt-master suddenly can't access anything on git fs anymore with "pygit2 does not support detecting stale refs for authenticated remotes"
11:20 coredumb what's up with that? O_o
11:21 babilen coredumb: Did you read the issue that comes up if you google for that phrase?
11:22 coredumb babilen: yeah can't make sense out of it in my setup
11:22 babilen How so?
11:24 absolute- Can you clear cache: /var/cache/salt/master/gitfs/ ?
11:24 coredumb babilen: well why the hell would I suddenly end up with a stale commit ?
11:24 coredumb absolute-: I did already
11:24 coredumb it recreates the 2 gitfs paths but it's empty there
11:26 coredumb cloning these repo is super fine outside of salt O_o
11:29 coredumb wt*
11:29 CrummyGummy joined #salt
11:30 candyman88 joined #salt
11:33 patrek joined #salt
11:33 tellendil joined #salt
11:36 mt5225 joined #salt
11:42 skrobul pbandark: you can also use file.managed and specify source as http:// or https://
11:43 skrobul I used it for distributing files across few servers. Works quite nicely if combined with source_hash
11:43 coredumb how can my master suddenly become unusable without touching anything except pushing commits in a repo ? O_o
11:47 usernkey joined #salt
11:48 dendazen joined #salt
11:53 mr_kyd joined #salt
11:53 Reverend ssh wise or just the master service?
11:54 coredumb Reverend: just the master service
11:54 Reverend have you tried restarting it?
11:54 coredumb suddenly it decided that my git repos shouldn't be fetched anymore
11:54 coredumb sure it's running in debug right now
11:56 coredumb gitfs remote 'git@xxxx:salt/saltmaster-config.git' is up-to-date
11:56 coredumb obviously it's not as I don't have any state any more >_<
11:56 amcorreia joined #salt
11:57 pbandark ok skrobul
11:57 dxiri joined #salt
11:58 candyman88 joined #salt
12:03 brousch joined #salt
12:03 dxiri joined #salt
12:04 coredumb O_o
12:04 coredumb ok my default env is "prod"
12:05 coredumb and I've set my git fs to have git master branch point to prod
12:07 coredumb for some reason the master has created env.p file in gitfs cache with *base*prod
12:07 coredumb if I keep *prod I get back my states ...
12:09 coredumb still it seems it can't sync latest commits O_o
12:13 ronnix joined #salt
12:13 dxiri_ joined #salt
12:17 saintpablo joined #salt
12:22 kojiro joined #salt
12:23 stewart311 joined #salt
12:27 Neighbour Can I use grain targeting for a module.function called from jinja? If so, how?
12:28 zulutango joined #salt
12:30 stewart379 joined #salt
12:31 dxiri joined #salt
12:32 stewart379 Does anyone have experience using salt-cloud with vmware, I have bootstrap working but its not executing highstate or sls after deployment
12:33 Neighbour stewart379: Can you confirm the salt-minion is running, can connect to the master, and its key is accepted by the master?
12:38 mt5225 joined #salt
12:40 sh123124213 hmmm, any reason there are no updated packages for rh5 ? https://repo.saltstack.com/yum/redhat/5/x86_64/2016.11/
12:42 SpencerE joined #salt
12:42 thinkt4nk joined #salt
12:45 GMAzrael anyone have an autosign set up but salt still denies keys?
12:46 edrocks joined #salt
12:48 candyman88 joined #salt
12:49 dxiri joined #salt
12:52 colttt hello, i use only git as  fileserverbackend nad have only a master branch, now I've a top.sls , when I run a highstate, i got the error "No Top file or external nodes data matches found." do I something wrong?
12:52 nfahldieck joined #salt
12:54 numkem joined #salt
12:54 babilen colttt: Did you target any states to your minion?
12:56 colttt yes.. in the minion.log I got "Unable to render top file: could not found expected ':' "
12:56 sh123124213 paste the top file somewhere and link it plx
12:56 colttt https://paste.debian.net/970436/
12:57 colttt thats my top.sls
12:57 sh123124213 'I@roles:webserver and I@ssl:*'
12:57 sh123124213 need :
12:57 sh123124213 'I@roles:webserver and I@ssl:*':
12:57 SpencerE Does anyone know if it is proper for a proxy minion to execute modules that only apply to the host salt-proxy? For instance, the proxy minion would execute the system.reboot module on the salt-proxy not the proxy minion.
12:59 XenophonF colttt: line 9
12:59 colttt sh123124213: ohh damn.. thanks for this!
12:59 sh123124213 np
13:05 toastedpenguin joined #salt
13:06 joeblough joined #salt
13:08 dxiri joined #salt
13:08 NegiLXXXVIII joined #salt
13:13 colttt what is wrong with that: {% if grains['fqdn'] is not 'ssh*' %}
13:13 XenophonF that's invalid jinja
13:14 XenophonF hang on let me quote you chapter and verse
13:16 c_g joined #salt
13:16 Neighbour colttt: jinja does not do wildcard matching
13:16 racooper joined #salt
13:17 Neighbour (afaik)
13:17 colttt hmm and now?
13:18 XenophonF colttt: you'll need to use a string method like startswith
13:18 babilen colttt: What do you want to match and why don't you target suitable stables in top.sls ?
13:18 XenophonF https://docs.python.org/2/library/stdtypes.html#str.startswith
13:18 NegiLXXXVIII left #salt
13:18 babilen (assuming the string actually starts with that)
13:18 XenophonF alternatively, you can use a PCRE match, which is pure YAML
13:19 XenophonF for example: https://github.com/irtnog/salt-pillar-example/blob/master/top.sls#L47
13:19 babilen Code like that is an antipattern in my opinion (i.e. fqdn/id matching in state SLSs
13:19 babilen )
13:19 NegiLXXXVIII joined #salt
13:19 XenophonF you're probably right
13:20 XenophonF a host naming convention like that doesn't really scale beyond SMB sized networks
13:20 XenophonF but keying off the minion ID works for me at the scales i work at
13:21 NegiLXXXVIII left #salt
13:21 colttt babilen: i already do that in the top.sls, but what happens when someone call this state directly..
13:22 ssplatt joined #salt
13:22 XenophonF colttt: {{ if grains['fqdn'].startswith('ssh') }}
13:22 XenophonF er, i mean {%
13:22 XenophonF you get the idea ;)
13:23 ronnix joined #salt
13:23 colttt jep i got it.. {% if not grains['fqdn'].startswith('ssh') %}
13:23 XenophonF it's better to use native jinja stuff IMO, like |dictsort instead of .items()
13:23 XenophonF but sometimes there's no alternative
13:24 XenophonF babilen: I'd love to see a writeup of the different approaches to minion targeting
13:25 XenophonF we have on the order of 10^2 servers, so it'd be nice to see how things work at larger scales
13:29 dxiri joined #salt
13:29 nnagi joined #salt
13:29 nnagi hi there
13:31 swills joined #salt
13:32 nnagi is anyone familliar with the win_lgpo state module?
13:33 candyman88 joined #salt
13:38 shambat joined #salt
13:42 shambat if I have two states where one requires another, how can I make sure that the required state is finished running before the next state fires? Having a problem where two dockerng states are linked but don't work since it claims that the lnked container isn't running.
13:43 XenophonF shambat: https://docs.saltstack.com/en/latest/ref/states/requisites.html
13:46 nnagi is tehre a way to set the group policies for a specific user group in windows with salt?
13:46 shambat XenophonF: I already have a "require"-section in the dockerng-state that needs to wait. Is that all that should be needed?
13:47 shambat require: name_of_required_dockerng_state
13:47 XenophonF that's not the correct syntax
13:47 Rumbles that would make sure the state has run, but if the docker container takes some time to start up could it be that your state finishes before the docker is available?
13:47 XenophonF but yes, you need to require the other state
13:48 XenophonF oh, that's a good point
13:48 sjorge joined #salt
13:48 XenophonF nnagi: I'm not sure you can filter local policies like you can for GPOs
13:50 hemebond left #salt
13:50 dxiri joined #salt
13:50 XenophonF well, i guess i'm wrong - https://technet.microsoft.com/en-us/library/cc766291(v=ws.10).aspx
13:50 XenophonF doesn't look like salt currently lets you configure that
13:51 nnagi XenophonF: well yes. until now i set the polices for all non administrators.
13:51 XenophonF or at least it would let you do it but you'll basically have to shell out to do it
13:51 mt5225 joined #salt
13:52 nnagi XenophonF: yeah i was afraid i'ld have to do that
13:52 nnagi well maybe salt will be able to do taht in the future
13:53 XenophonF definitely file a bug report against win_lgpo!
13:53 XenophonF or make the feature request on the mailing list or something
13:54 shambat Rumbles: how can I ensure that the container has started?
13:54 nnagi yeah i wanted to add that as a feature request but couldn't find where to put that
13:55 Rumbles honestly, I'm not sure, I don't play with docker/LXC, how would you do it manually?
13:55 edrocks are there any examples of using multiple pillar environments?
13:56 Rumbles maybe you could do it in a similar way from within your state?
14:02 aldevar joined #salt
14:06 johnkeates joined #salt
14:10 johnkeates has anyone taken the time yet to create a 'nice' set of beacon configuration formulas?
14:10 Brew joined #salt
14:10 shambat Rumbles: in a regular script I would probably join the two run-commands with a "&&"
14:14 Rumbles I'm not sure how you would require two things, but maybe you could write a small script that does all the steps and then run that as your require?
14:14 Rumbles maybe there is a better way?
14:15 lorengordon nnagi: i'm sort of familiar with the lgpo module, but i don't understand the question
14:16 lorengordon is there a specific windows feature that you want to leverage? i don't recall any ability in windows to apply a policy to a user group...
14:16 nnagi lorengordon: i want to manage the policys for the non administrator group in windows.
14:17 nnagi but in the current win_lpgt module there seems to be no option to define for whom you want to set the policys
14:17 lorengordon ok... "non administrator" group... that is a group you have created?
14:17 nnagi no that is a group allready there by default
14:18 nnagi its made by windows
14:18 lorengordon i'm looking at my workstation, which is fairly vanilla, and there is no "non administrators" group
14:18 nnagi and windows automatically sorts new useres into the two groups Administrators and Non Administrators
14:19 nnagi if you start the mmc
14:19 johnkeates it also adds those users to the 'chose the wrong OS' group
14:19 nnagi and define a new group policy object
14:20 nnagi you can select eather the local machine, a specific user or one of the grous
14:20 nnagi *groups
14:20 lorengordon _which_ mmc?
14:20 johnkeates mmc.exe
14:20 nnagi ok
14:20 nnagi open the command line
14:21 lorengordon i can run mmc. then what?
14:21 johnkeates open GPO object editor
14:21 mpanetta_ joined #salt
14:21 lorengordon yep, i've got local computer as an option
14:21 nnagi then chose data-> add new snap-in
14:21 johnkeates gpedit.msc works too
14:21 johnkeates but only for local access
14:22 johnkeates not for servers
14:22 dxiri joined #salt
14:22 lorengordon ahh, ok. that's not an actual group.
14:22 nnagi and in the dialog for for the group policy object click on the search button
14:23 XenophonF lorengordon: applying local policy to multiple users was a new feature of windows vista
14:23 _JZ_ joined #salt
14:25 lorengordon i see it now. it looks like a policy path of some kind, not an actual user group
14:25 capnhex left #salt
14:25 dendazen joined #salt
14:26 jas02 joined #salt
14:26 nnagi yes it not an actual group you create
14:28 lorengordon ok, so, yeah, looks like a feature request then
14:28 nnagi yeah i placed it in the git
14:28 lompik joined #salt
14:28 lorengordon right now, the lgpo module is only referencing the "local computer policy", and not "local computer\non-administrators" or the other three user-based policies
14:29 winsalt joined #salt
14:29 ronnix joined #salt
14:30 nnagi yes that was also the impression i got when i read the module description
14:30 lorengordon group policy makes my head hurt enough, i think i'd have a fit trying to manage per user policies like this :p
14:30 nnagi thank you for you help lorengordon
14:31 onlyanegg joined #salt
14:31 nnagi yeah i'm managing those policys on a regular basis
14:31 spicyJalapeno joined #salt
14:31 nnagi always a pain in the a**
14:31 lorengordon more power to you :D
14:31 nnagi :D
14:32 lorengordon i can definitely see the value in a tool like salt being able to manage the policies though
14:32 dxiri joined #salt
14:32 lorengordon way easier than dealing with the ms utils
14:32 nnagi absoluly
14:32 nnagi *absolutly
14:32 lorengordon do you know, does lgpo.exe do this?
14:32 nnagi i don't know
14:33 lorengordon https://blogs.technet.microsoft.com/secguide/2016/09/23/lgpo-exe-v2-0-pre-release-support-for-mlgpo-and-reg_qword/
14:34 nnagi i'm only starting with salt and learning the basics to be able to automatically setup multiple machines at once
14:35 nnagi ohh that sounds interesting
14:36 lorengordon i like salt's yaml better, but lgpo.exe gets the job done too
14:36 johnkeates I wonder how hard it would be to re-implement those tools in a python library. You could run it straight from the minion
14:36 nnagi yeah
14:36 lorengordon johnkeates: that's what the current win_lgpo module does
14:36 johnkeates well, that module just wraps it afaik
14:36 nnagi might be a way until salt also supports mlgpo
14:36 lorengordon well, not in a standalone python library, but it is a pure python module
14:36 johnkeates there was some python lib for MOF files, but that's not really up to date anymore
14:37 lorengordon win_lgpo is not actually wrapping the lgpo.exe utility
14:38 edrocks anyone running latest develop in prod? any major issues recently?
14:38 lorengordon nnagi: i pinged the win_lgpo author in your feature request
14:39 nnagi thank you!
14:43 sh123124213 can somebody explain me what is this fips python package needed for @ the minion ?
14:43 johnkeates it's needed for fips
14:43 sh123124213 what is fips :D
14:43 johnkeates something american :p
14:43 sh123124213 ahahhaa
14:43 johnkeates federal information protection standard
14:44 johnkeates or something like that
14:44 sh123124213 so why would the minion need it I'm asking :)
14:44 sh123124213 some module or ..
14:44 Inveracity joined #salt
14:44 johnkeates the idea being that they have a list of crypto and hashing stuff and if you comply to those specs you are fips compatible
14:44 johnkeates it probably needs it for some AES or something
14:44 nnagi so it takes your date and provides it to the fed? :D
14:45 johnkeates probably :D
14:45 johnkeates but it does so in a totally secure manner
14:45 johnkeates so it's ok
14:45 johnkeates i think fips modules in most software is there so that if can be used in government jobs
14:46 johnkeates some bureaucrat wants to tick the checkbox for 'is FIPS certified' or something before software is allowed to be used
14:46 johnkeates it's not about quality or security, it's about clipboard warriors getting their rocks off
14:47 bwellsnc I know this doesn't sound good, but I am needing to see if salt can ignore a section of config because my devops team is using ansible to manage one section of a file but I am responsible for the rest.  I know they should be handling it all but I can't fix that right now
14:48 johnkeates yes, it can
14:48 johnkeates you can set file.lines up with markers and limits
14:48 _KaszpiR_ joined #salt
14:49 bwellsnc ah ok, thanks!
14:51 dxiri joined #salt
14:54 heaje joined #salt
14:56 SpencerE When writing proxy modules, it is best to contain execution modules to their own namespace, or attempt to standardize to common namespace (Like Windows and Linux share)?
14:56 johnkeates both: use a namespace and subnamespace as needed
14:56 johnkeates if you at some point would get into the main tree your prefix will probably be removed
14:57 SpencerE Thanks.
14:58 Brew joined #salt
15:01 kaslcrof joined #salt
15:02 cyborg-one joined #salt
15:05 PatrolDoom joined #salt
15:05 mt5225 joined #salt
15:07 edrocks do `pillar_roots` work like `file_roots` when you add multiple directories to a single environment? ie do they look in the other environments if a key isn't found in the top level one?
15:08 candyman88 joined #salt
15:15 sarcasticadmin joined #salt
15:16 evle joined #salt
15:19 dxiri joined #salt
15:19 felskrone joined #salt
15:20 ujjain joined #salt
15:20 ujjain joined #salt
15:26 xet7 joined #salt
15:34 bwellsnc Ok, the only thing I can find is blockreplace with markers, but this wants to overwrite the content... which is what I don't want.  I need the start marker and end marker to basically tell salt to ignore that section and leave it alone
15:34 absolute- I asked this earlier but hopefully it'll hit people in a different time zone now
15:34 absolute- Anyone using a funky master setup?
15:34 colegatron joined #salt
15:34 gtmanfred can you ask your question? you will get better answers if you just ask what you want to know
15:35 absolute- I was wondering how possible a PKI-like scenario would be with child masters looking after their relevant minions
15:35 gtmanfred what do you mean by pki-like?
15:36 gtmanfred bwellsnc: yeah, block replace is only going to modify what is between the markers, there isn't really anything to say make sure not to touch this, unless you only ever use blockreplace or append, and never file.managed.
15:36 gtmanfred you could always use a jinja templated config file
15:37 absolute- Like a top level master and child masters that are in control of their own minions
15:37 absolute- A tiered approach
15:37 dxiri joined #salt
15:37 gtmanfred that is what the syndic is
15:37 gtmanfred basically
15:37 gtmanfred absolute-: https://docs.saltstack.com/en/develop/topics/topology/syndic.html
15:37 absolute- I've only read a little but I thought you had to go 1 for 1
15:37 absolute- I'll have to have a better look into it
15:37 gtmanfred you can have as many syndic masters as you want
15:38 gtmanfred and then as many minions on each syndic as you can run
15:38 bwellsnc well, what might have to happen is I basically do my deployment and have our devops do theres right after to change the sections that they need... until they take over this file
15:38 gtmanfred you could even do HA syndic masters, with an HA master of masters
15:38 bwellsnc This really is a temporary fix
15:38 absolute- But does give me the ability for master a ONLY manage minions in zone a
15:38 gtmanfred the top master of masters can manage all the minions
15:39 gtmanfred but each syndic master can only control the minions on its level
15:39 gtmanfred if you want to do it without syndic, you can do that too, there isn't really a limitation there, if you just want the top master to configure all your masters
15:40 gtmanfred if you have multiple groups like that, you might also want to look into our enterprise product
15:40 gtmanfred because that is what that actually does
15:40 gtmanfred it can run commands in each area, but i believe also configure those masters
15:40 gtmanfred but enterprise will give you true rbac control
15:40 gtmanfred https://saltstack.com/saltstack-enterprise/
15:41 absolute- Oh that's literally what syndic does haha
15:41 absolute- Is not read up on it fully, just heard about it
15:41 absolute- And thought it was for replication / HA
15:42 gtmanfred nah,the reason syndic exists is because stuff like puppet and chef fall over when you put to many minions on one master, so to spread the load out horizontally, but still be able to control from one point
15:42 gtmanfred imagine syndics like what they are named for, crime syndications, mobs
15:42 fracklen joined #salt
15:43 DammitJim joined #salt
15:50 dxiri joined #salt
15:53 swills joined #salt
15:53 stomith joined #salt
15:54 Karunamon Is there a supported way to get pkgrepo.managed to use a proxy when adding Ubuntu PPAs?
15:55 dxiri_ joined #salt
15:56 mpanetta joined #salt
15:58 gtmanfred are you using proxies for all http connections in salt?
15:59 gtmanfred i believe that you would need to use theses options in the pillar or minion config https://docs.saltstack.com/en/latest/ref/configuration/minion.html#proxy-host
16:00 Praematura joined #salt
16:00 dxiri joined #salt
16:02 st8less joined #salt
16:03 Karunamon Ah! it's set at the minion level
16:04 rmelero joined #salt
16:04 mt5225 joined #salt
16:05 nickabbey joined #salt
16:06 aldevar left #salt
16:09 impi joined #salt
16:09 gtmanfred yar, it has to be reachable from config.get
16:09 gtmanfred so if you want, you could set pillar_opts: True on the master, which would pass the master config to the minions
16:09 gtmanfred (not always super secure)
16:11 fracklen joined #salt
16:13 nickabbey joined #salt
16:13 LondonAppDev joined #salt
16:14 Pulp joined #salt
16:17 dxiri joined #salt
16:21 SalanderLives joined #salt
16:23 inad922 joined #salt
16:24 woodtablet joined #salt
16:25 mpanetta joined #salt
16:27 jas02 joined #salt
16:28 st8less_ joined #salt
16:28 tiwula joined #salt
16:31 dxiri joined #salt
16:41 tellendil joined #salt
16:42 minum joined #salt
16:42 LondonAppDev joined #salt
16:43 mt5225 joined #salt
16:47 mt5225 joined #salt
16:49 dxiri joined #salt
16:50 druonysus joined #salt
16:52 edrocks joined #salt
17:01 nickabbey joined #salt
17:04 spartakos joined #salt
17:06 mt5225 joined #salt
17:07 mt5225 joined #salt
17:08 dxiri joined #salt
17:08 mt5225 joined #salt
17:11 mt5225 joined #salt
17:19 ChubYann joined #salt
17:20 ChubYann joined #salt
17:21 ChubYann joined #salt
17:22 mt5225 joined #salt
17:25 dxiri joined #salt
17:26 ChubYann joined #salt
17:26 Trauma joined #salt
17:32 NeoXiD joined #salt
17:34 mt5225 joined #salt
17:35 nickabbey joined #salt
17:38 nickabbey joined #salt
17:38 mt5225 joined #salt
17:41 micaelbergeron joined #salt
17:43 micaelbergeron hi everyone, I'm using salt carbon (2016.11.5) and I am seeing a weird behavior where running a `salt-call state.sls ...` works, but the same call coming from a master doesn't. does anyone have any idea how to debug this?
17:43 jrgochan anyone know how to append strings to an empty list in jinja?
17:45 lordcirth_work jrgochan, mylist.append('string')
17:45 censorshipwreck joined #salt
17:45 lordcirth_work I see no reason it wouldn't work with an empty list
17:46 jrgochan https://pastebin.com/4QrEXvRm
17:46 jrgochan perhaps i'm using the {% %} impropery?
17:47 dxiri joined #salt
17:48 wendall911 joined #salt
17:48 demize You'd need to do the append in {{}}'s because it's a variable expression
17:48 gtmanfred you do not
17:48 demize However, there's the do tag that allows using those in {%%}'s.
17:48 gtmanfred you can do {% do thing.append() %}
17:49 gtmanfred jrgochan: also, please use gist in the future, pastebin.com uses flash for it's ads, and has been known to have ads that spread malware
17:49 jrgochan will do
17:50 jrgochan thank you for the explanation :)
17:50 jrgochan i promise i'll find some time to read http://jinja.pocoo.org/docs/2.9/templates/#list-of-control-structures
17:50 jrgochan and gist it is
17:51 jrgochan thanks again!
17:51 gtmanfred no problem
17:51 gtmanfred http://jinja.pocoo.org/docs/2.9/templates/#expression-statement
17:52 jrgochan <3
17:52 gtmanfred i made homemade corn tortillas last night, it is almost taco time
17:53 edrocks joined #salt
17:54 lordcirth_work Isn't it always taco time?
17:54 Sokel joined #salt
17:55 gtmanfred i mean who am i to argue with that
17:56 dxiri joined #salt
17:56 sh123124213 joined #salt
17:58 Sokel Hi all. I'm having a little trouble here. I'm noticing a few machines act up with this problem. I run state.sls on the master to a machine, I get module not found. If I run salt-call on the minion locally, it works. Anywhere I can look? https://paste.fedoraproject.org/paste/fZHhDWEt8U-1Rzixc~O-Pl5M1UNdIGYhyRLivL9gydE=
18:01 jrgochan is there an easy way to remove duplicates from a list in jinja?
18:01 micaelbergeron @Sokel seems I'm having a similar issue
18:02 micaelbergeron Sokel: but mine is with bundle install
18:06 operator_ joined #salt
18:06 gtmanfred Sokel: have you tried running salt \* saltutil.refresh_modules on the minions?
18:07 gtmanfred or a state.highstate, that will also reload modules
18:07 gtmanfred https://docs.saltstack.com/en/latest/ref/states/requisites.html#reload
18:07 lordcirth_work jrgochan, in python you can do list(set(mylist)) - don't know if it will work in jinja2 without imports
18:08 jrgochan doesn't seem to. can I import things directly?
18:08 gtmanfred we would need to add a unique function to the possible jinja functions
18:09 Sokel gtmanfred: Same error.
18:09 gtmanfred which state module is it failing on?
18:09 whytewolf gtmanfred: could go the anisable route and add a unique filter
18:09 gtmanfred that is what i was saying
18:09 whytewolf function, filter. i havn't had coffee yet...
18:10 gtmanfred heh
18:10 _KaszpiR_ jrgochan https://github.com/saltstack/salt/pull/37465 so something like {{ list|unique}}
18:10 gtmanfred oh awesome
18:10 gtmanfred that won't be in until 2017.5 though
18:10 gtmanfred it isn't in 2016.11
18:10 gtmanfred 2017.5/Nitrogen
18:10 Sokel gtmanfred: It does this with every "state" that I have created. All it ever spits out is Module 'state' is not available.
18:10 dxiri joined #salt
18:10 gtmanfred Sokel: give me an example
18:11 jrgochan ooo
18:11 jrgochan sweetness
18:11 jrgochan i'll try to jam it into my install
18:11 jrgochan thanks!
18:11 gtmanfred Sokel: are you using execution modules or state modules in your state files?, because you need to be using the state module, and not the execution module that you use on the commandline
18:11 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/
18:13 Sokel gtmanfred: https://paste.fedoraproject.org/paste/cy8xYPMVKkepPhmmpPOArV5M1UNdIGYhyRLivL9gydE= - so I shouldn't be doing this then?
18:14 gtmanfred oh, interesting
18:14 gtmanfred that should work.
18:15 gtmanfred can you login to that minion and run `salt-call -l debug state.sls linux.snmp`
18:15 gtmanfred and gimme a paste of that
18:16 jrgochan is there anything i need to do to get salt to read in the modifed utils/jinja.py file?
18:22 Tantagel joined #salt
18:22 dendazen joined #salt
18:23 dxiri joined #salt
18:26 lordcirth_work tip: if you're wondering when pkg.installed will be done, ssh in and tail -f /var/log/apt/term.log
18:27 iggy jrgochan: restart the minion?
18:30 dxiri joined #salt
18:31 mikecmpbll joined #salt
18:33 gtmanfred time to play with kitchen-salt
18:33 qwertyco joined #salt
18:37 aneeshusa joined #salt
18:37 dxiri_ joined #salt
18:37 losh joined #salt
18:38 woodtablet joined #salt
18:38 SalanderLives joined #salt
18:39 lordcirth_work "ERROR executing 'nfs3.list_exports': Executor 'direct_call.get' is not available" - what is direct_call.get and where do I get it?
18:44 jrgochan works like a charm!
18:44 winsalt does anyone know why salt returns look like "file_|-blahblahblah_|-blahblahblah_|-managed" in python?
18:44 candyman88 joined #salt
18:45 dxiri joined #salt
18:47 aldevar joined #salt
18:48 Inveracity joined #salt
18:51 sh123124213 joined #salt
18:51 dxiri joined #salt
18:52 cyborg-one joined #salt
18:55 _KaszpiR_ joined #salt
18:58 dxiri joined #salt
18:59 nickabbey joined #salt
19:04 dxiri joined #salt
19:06 lordcirth_work winsalt, you might need to be more specific?
19:08 winsalt its not a very serious question, im just curious why it gets formatted like "<module>_|-<id>_|-<name>_|-<function>"
19:12 dxiri joined #salt
19:13 ub1quit33 joined #salt
19:18 nickabbey joined #salt
19:19 sh123124213 if you add __virtual__ to a module does it mean that it might be loaded faster or already by the module loader ?
19:21 dxiri joined #salt
19:21 whytewolf sh123124213: https://docs.saltstack.com/en/latest/ref/modules/#virtual-function
19:21 nafg joined #salt
19:27 nickabbey joined #salt
19:27 sh123124213 whytewolf: Its still not clear to me.
19:28 sh123124213 whytewolf: would you have a no/yes answer for me ? :)
19:28 whytewolf it doesn't have to do with loading time
19:28 sh123124213 thnx
19:29 hashwagon joined #salt
19:29 nickabbey joined #salt
19:30 rem5 joined #salt
19:36 ChubYann Sokel, Did you verify you have salt-common installed ?
19:39 Praematura_ joined #salt
19:41 swa_work joined #salt
19:42 mt5431 joined #salt
19:42 raspado joined #salt
19:52 dxiri joined #salt
19:55 KennethWilke joined #salt
19:55 iggy winsalt: how would you expect them to look?
19:57 winsalt i would expect it to be like <module>.<function> at least
19:57 winsalt the stuff that gets inserted between the module and function name is in the body of the return anyway
20:01 aboe joined #salt
20:02 rem5 joined #salt
20:04 dxiri joined #salt
20:08 dxiri joined #salt
20:09 elektrix users/groups Q: using user.present to create user, adding to groups w/ "- groups". in another state, I use group.present to add user to another group.
20:10 elektrix problem: when I re-run a high state, the user.present will reset to the default groups, then the other state re-adds the other group. So this isn't idempotent
20:10 elektrix but
20:11 elektrix if in user.preset I add "remove_groups: false", this fixes it
20:12 elektrix however, this doesn't deal w/ the case if a user is added to a group from some other method (manual or whatever), there's not a way to remove the user from that manually added group
20:12 elektrix any ideas?
20:14 elektrix nm...looks like group.present members does "Replace existing group members with a list of new members."
20:16 lordcirth_work elektrix, there's an option: remove_groups: False
20:17 lordcirth_work oh, sorry you mentioned that
20:17 elektrix I saw that...my issue is that if someone adds someone to a group (manually, maybe malware does it...whatever), that extra group won't be removed
20:17 elektrix no prob
20:18 lordcirth_work elektrix, Salt generally doesn't have a concept of "clobber everything that Salt didn't do"
20:18 lordcirth_work It's kinda hard to implement
20:20 lordcirth_work elektrix, however, if you want to remove a known group, you can use group.present with delusers
20:21 dxiri joined #salt
20:21 elektrix ok, I'll play around with some things...thanks!
20:24 onlyanegg joined #salt
20:34 absolute- what's the best way to auto-fire a state based on changes on the master
20:34 absolute- eg. a file in my salt fs changes, ship it off to a minion & restart a service (in a state)
20:34 absolute- Just using beacons?
20:34 absolute- On the master's fs
20:34 viq joined #salt
20:35 whytewolf absolute-: use gitfs, and have a git hook that hits a webhook that fires off a state
20:38 cyteen joined #salt
20:41 mpanetta joined #salt
20:41 dxiri joined #salt
20:42 dxiri joined #salt
20:48 testerbeta joined #salt
20:48 c_g joined #salt
20:48 lordcirth_work Are Salt execution modules expected to handle being given too few args, or just let Python handle the failure?
20:49 lordcirth_work Looking at modules/nfs3.py del_export() for example
20:52 testerbeta left #salt
20:53 edrocks joined #salt
20:54 onlyanegg joined #salt
21:00 dxiri joined #salt
21:02 dxiri joined #salt
21:03 fracklen joined #salt
21:09 lordcirth_work What's the correct way to errorcheck/assert in a Salt module?  Ie making sure that an arg is a list?
21:10 stomith joined #salt
21:10 jrgochan is there any way for file.managed not to clobber the user/group information?
21:10 lordcirth_work jrgochan, but it already doesn't by default?
21:11 lordcirth_work If you don't specify, it doesn't clobber, iirc
21:11 jrgochan the documentation says it changes the uid/gid to the user running the salt process
21:12 lordcirth_work jrgochan, only if the file doesn't exist, I think?
21:13 major okay .. soo .. I am about to delve into multi masters .. is there a good document (like .. I can understand after a bottle of whiskey or two) on the subject?
21:13 lordcirth_work jrgochan, where in the docs do you see this?
21:13 jrgochan https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
21:14 jrgochan ahh, so it doesn't overwrite uid/gid, but if the file has to be created it doesn't copy the uid/gid from the salt file server
21:14 lordcirth_work jrgochan, no, it doesn't copy permissions from server unless you use mode: keep, and that doesn't copy user too I think
21:15 jrgochan it does not copy user information :/
21:15 jrgochan man. not bueno
21:15 dxiri joined #salt
21:16 jrgochan Is there a way for a minion to query user information for a file in the SFS?
21:16 lordcirth_work jrgochan, why would you want to do that?
21:18 jrgochan i have quite a lot of files that I want to manage with salt and don't want to manually specify each one of their user/group stats
21:22 lordcirth_work I suspect an XY problem, but I don't know your situation
21:22 jrgochan XY problem?
21:22 garethhowell_ joined #salt
21:22 sh123124213 joined #salt
21:23 lordcirth_work When someone asks how to do Y, which is very difficult, because they assume it's the best way to do what they actually want, which is X, but the people helping don't know that.
21:23 jrgochan ahh, i see
21:23 ntropy_ joined #salt
21:23 Sarph joined #salt
21:23 lordcirth_work Extremely common on help IRCs
21:24 mihait_ joined #salt
21:24 jrgochan I just have several thousand files that i'm trying to manage on my RHEL machines. Mostly stored in a "default" directory. any deviations to those machines on our hosts are in a "custom" directory. I didn't want to create sls files for every file and hand code the user/group/mode in
21:24 bbhoss_ joined #salt
21:25 tom][ joined #salt
21:25 jrgochan I'd like one state that, for example, compares the default/custom directories (preferring custom), and pushes everything out
21:25 lordcirth_work jrgochan, but what do these files actually do?  Are any of them jinja?
21:25 dxiri joined #salt
21:25 lordcirth_work Is there any logic involved in certain machines getting certain subsets of files?
21:26 gadams_ joined #salt
21:26 jrgochan all machines get all the files, only differences and what we put in our custom heirarchy
21:26 lordcirth_work For example archive.extracted with a tarball will preserve permissions
21:26 Hazelesque_ joined #salt
21:26 mishanti2 joined #salt
21:26 zach_ joined #salt
21:26 jrgochan https://gist.github.com/anonymous/a23a0d965f68a4f238d85068148772e5
21:26 SamYaple_ joined #salt
21:26 elektrix_ joined #salt
21:27 haam3r_ joined #salt
21:27 Xenophon1 joined #salt
21:27 jrgochan that's essentially what I'm trying to do, but I can't find a way to automate the user: and group: information
21:28 jrgochan and an archive would be a bit hard to maintain changes in :/
21:28 lordcirth_work That's... not pretty
21:28 jrgochan nope. it's definitely not. but I can't think of any other solution, aside from just shelling out to rsync
21:28 jrgochan and that has some problems as well
21:28 lordcirth_work rsync.syncronized exists
21:29 DammitJim joined #salt
21:29 jrgochan true, but it doesn't have the sweet diffs that file.managed has
21:29 dxtr_ joined #salt
21:33 c4rc4s_ joined #salt
21:33 kavakava joined #salt
21:33 ThomasJ|d joined #salt
21:33 cb joined #salt
21:33 hax404 joined #salt
21:33 KingJ joined #salt
21:33 whyzgeek joined #salt
21:33 hoonetorg joined #salt
21:33 iggy !xyproblem
21:33 beardo joined #salt
21:33 AvengerMoJo joined #salt
21:33 pppingme joined #salt
21:33 iggy I must have broken it
21:33 toofoo[m] joined #salt
21:33 iggy !paste
21:33 iggy what have I done!
21:33 iggy saltstackbot: ping
21:33 gomerus[m] joined #salt
21:33 ThomasJ|m joined #salt
21:34 nledez joined #salt
21:34 nledez joined #salt
21:34 Vishal_ joined #salt
21:34 hemebond joined #salt
21:35 dxiri joined #salt
21:35 Vishal_ left #salt
21:35 wangofett joined #salt
21:39 daxroc joined #salt
21:41 Praematura_ joined #salt
21:42 major if I run a high level master, with a collection of salt-syndic attached to the high-level master .. can the syndic masters run a different branch of the checked out state repository?
21:45 dxiri joined #salt
21:45 mt5431 joined #salt
21:47 major I think I just made everyones head implode..
21:49 sh123124213 joined #salt
21:53 wangofett joined #salt
21:54 georgemarshall joined #salt
21:55 dxiri joined #salt
21:57 SamYaple joined #salt
22:00 nidr0x joined #salt
22:02 kavakava joined #salt
22:03 nickabbey joined #salt
22:06 dxiri joined #salt
22:06 onlyanegg joined #salt
22:07 POJO joined #salt
22:11 zach_ left #salt
22:11 zach joined #salt
22:16 dxiri joined #salt
22:18 hemebond major: I just have no experience with syndics :-)
22:18 hemebond Do the syndics pull down the file_roots from the master?
22:19 sarcasticadmin joined #salt
22:20 lordcirth_work joined #salt
22:20 hemebond Or are the syndic file roots managed independently?
22:22 nickabbey joined #salt
22:23 major thats sort of what I am wondering ;)
22:23 hemebond I'll have a quick read.
22:23 major with salt-formula would let you target each syndic master to have a different file_roots
22:23 major soooo
22:24 hemebond Oh, does syndic just allow the passing of events and commands?
22:25 major yah .. generally it allows a stack of minions to point at the syndic master instead of a high level master
22:25 hemebond Looks like it's just for controlling so yeah I guess you could have whatever file_root you wanted.
22:26 major the syndic master has its own keys it signs things with, so its minions are its own, but it still accepts commands from the high level master(s) and forwards them along to its own minions
22:26 hemebond "Each Syndic must provide its own file_roots directory"
22:26 hemebond So, yes, you can have a different branch on the syndic from the master.
22:26 major yup
22:26 hemebond Because it has its own file_root not connected to the master in any way.
22:26 major I wonder what sort of carnage I can cause w/ that
22:27 hemebond Probably all the damage.
22:27 hemebond *carnage
22:30 dxiri joined #salt
22:34 sh123124213 joined #salt
22:45 mavhq joined #salt
22:45 kavakava joined #salt
22:47 hexa- joined #salt
22:48 onlyanegg joined #salt
22:55 edrocks joined #salt
22:56 dxiri joined #salt
23:20 nidr0x joined #salt
23:20 lkannan joined #salt
23:26 poseur joined #salt
23:30 aneeshusa joined #salt
23:32 jrgochan is there any desire to change the behavior on file operations so the user/group information is updated to what is on the SFS?
23:35 hemebond jrgochan: I don't know what that means.
23:36 hemebond jrgochan: Oh, you mean you want to use the user/group info from the Salt master file system on the minions? I doubt it. How would that even work?
23:36 hemebond I believe it keeps the executable bit.
23:38 jrgochan i'm not sure how the salt file system works, but we've got a giant directory of customized files and we need to keep the user/group info intact when copying to the minion
23:38 jrgochan right now I can only do that easily with rsync
23:38 hemebond Yeah, doesn't sound like the kind of thing you'd use Salt for explicitly.
23:39 jrgochan it's supposed to manage files and their configs/metadata, though?
23:39 hemebond Correct.
23:39 hemebond And you can do it with Salt.
23:39 hemebond But you're managing the user/group configuration outside of Salt, on the filesystem.
23:40 hemebond Salt can call rsync for you.
23:40 jrgochan still. having to explicitly specify user/group seems odd to me
23:40 hemebond But it's not really "managing" the directory to just dump it on the minion.
23:40 jrgochan it should just default to what's on the SFS
23:40 hemebond How would that work?
23:40 hemebond What if the user/group doesn't exist?
23:41 jrgochan it would on the reference file on the SFS, so you should try that first, then either error and notify the user, or default to root:root?
23:41 hemebond What if the minion is running as a non-root user?
23:41 jrgochan ahh. wasn't aware of that caveat
23:42 hemebond If you want to manage something with Salt it has to be in Salt.
23:42 jrgochan perhaps only allow if ran as root?
23:42 hemebond So you could create a register of user/group settings and let Salt manage it for you.
23:42 jrgochan i'd be happy with some way to query the user/group information from the salt master, but i'm not sure how
23:42 hemebond Again, you're still not managing anything with Salt.
23:42 iggy file.recurse ?
23:42 hemebond You're just dumping files.
23:43 jrgochan file.recurse doesn't copy the user/group info either
23:43 iggy that sucks
23:43 hemebond If you want Salt to manage the user/group then put them into Salt.
23:44 iggy but that would be a huge change to make at this point
23:44 jrgochan I just don't want to manually specify all of that information. Nor does my boss. If it's against salt's methodology, that's fine, but i think i'll manage files with rsync, and services with salt
23:45 iggy if they aren't templated, I don't think I'd use salt for that anyway
23:45 iggy git or something else would probably work better
23:45 hemebond Yeah. Not really something you want or need Salt for.
23:47 jrgochan I've got to somehow make it adhere to my coworker's old custom CM setup. He's quite averse to change
23:59 Trauma joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary