Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-08-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:06 dendazen joined #salt
00:12 woodtablet left #salt
00:12 pipps joined #salt
00:13 simmel joined #salt
00:19 pipps joined #salt
00:34 pipps joined #salt
00:43 edrocks joined #salt
01:20 Nahual joined #salt
01:24 justan0theruser joined #salt
01:50 KevinAn2757 joined #salt
01:52 ilbot3 joined #salt
01:52 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:02 omie888777 joined #salt
02:08 onlyanegg joined #salt
02:14 zerocoo__ joined #salt
02:22 bstevenson joined #salt
02:37 jab416171 joined #salt
02:47 evle joined #salt
02:52 justanotheruser joined #salt
02:55 justanotheruser joined #salt
03:01 onlyanegg joined #salt
03:10 edrocks joined #salt
03:11 Antiarc joined #salt
03:22 irated joined #salt
03:44 donmichelangelo joined #salt
03:48 edrocks joined #salt
03:55 llua joined #salt
04:06 chowmeined joined #salt
04:14 Brew joined #salt
04:20 masber joined #salt
04:33 fritz09 joined #salt
04:36 stanchan joined #salt
04:41 high_fiver joined #salt
04:47 ilbot3 joined #salt
04:47 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
04:47 bob_twinkles joined #salt
04:47 jrklein joined #salt
04:47 pyvpx joined #salt
04:47 egil joined #salt
04:47 nledez joined #salt
04:47 jkaberg joined #salt
04:47 ekkelett joined #salt
04:47 nledez joined #salt
04:47 _KaszpiR_ joined #salt
04:47 jerrcs joined #salt
04:47 high_fiver joined #salt
04:47 izrail joined #salt
04:47 Whissi joined #salt
04:47 hammer065 joined #salt
04:47 _monokrome joined #salt
04:48 irated joined #salt
04:48 sjorge joined #salt
04:48 mr_kyd joined #salt
04:48 irated joined #salt
04:48 gtmanfred joined #salt
04:48 ntropy joined #salt
04:48 georgemarshall joined #salt
04:48 gtmanfred joined #salt
04:48 gnord joined #salt
04:48 absolutejam joined #salt
04:48 Morrolan joined #salt
04:48 ecdhe joined #salt
04:48 high_fiver joined #salt
04:48 gareth_ joined #salt
04:48 chadhs joined #salt
04:48 fleaz joined #salt
04:48 gadams joined #salt
04:48 tom[] joined #salt
04:48 JPT joined #salt
04:48 debian112 joined #salt
04:49 karlthane joined #salt
04:49 ahrs joined #salt
04:49 djinni` joined #salt
04:49 tedski joined #salt
04:49 babilen joined #salt
04:49 Nazca joined #salt
04:49 weylin joined #salt
04:49 brianthelion joined #salt
04:49 xer0x joined #salt
04:49 babilen joined #salt
04:49 mk-fg joined #salt
04:50 TooLmaN joined #salt
04:50 high_fiver joined #salt
04:50 hashwagon joined #salt
04:50 miruoy joined #salt
04:50 shakalaka joined #salt
04:50 jmiven joined #salt
04:50 inetpro joined #salt
04:50 mk-fg joined #salt
04:50 haam3r_ joined #salt
04:50 inire joined #salt
04:50 NightMonkey joined #salt
04:50 jab416171 joined #salt
04:50 mTeK joined #salt
04:50 valkyr2e joined #salt
04:51 asoc joined #salt
04:51 freelock joined #salt
04:51 flebel joined #salt
04:51 blathijs joined #salt
04:51 high_fiver joined #salt
04:51 pewpew joined #salt
04:51 dijit joined #salt
04:51 v0rtex joined #salt
04:51 swills joined #salt
04:51 swills joined #salt
04:52 jesusaurum joined #salt
04:52 justanotheruser joined #salt
04:52 golodhrim|work joined #salt
04:52 Udkkna joined #salt
04:52 marcinkuzminski joined #salt
04:52 beebeeep joined #salt
04:52 ToastOffice joined #salt
04:53 whytewolf joined #salt
04:54 nineteen joined #salt
04:55 teratoma joined #salt
04:55 Horgix joined #salt
04:55 llua joined #salt
04:57 jhujhiti joined #salt
04:58 chowmeined joined #salt
04:58 evle joined #salt
05:01 Kelsar joined #salt
05:04 cyborg-one joined #salt
05:07 lessthan joined #salt
05:07 lessthan is salt compatible with python3 now?
05:07 benjiale[m] joined #salt
05:07 toofoo[m] joined #salt
05:07 hackel joined #salt
05:07 gomerus[m] joined #salt
05:07 ThomasJ|m joined #salt
05:07 jerrykan[m] joined #salt
05:07 psychi[m] joined #salt
05:07 aboe[m] joined #salt
05:07 theblazehen joined #salt
05:07 fujexo[m] joined #salt
05:09 whytewolf lessthan: https://docs.saltstack.com/en/latest/topics/releases/2017.7.0.html#python-3
05:09 lessthan whytewolf, so if I install the default on ubuntu (which defaults to python3), what happens exactly?
05:10 whytewolf which ubuntu defaults to python 3?
05:11 lessthan whytewolf, hmm actually not sure, just read it somewhere
05:11 lessthan https://github.com/saltstack/salt/issues/11995
05:13 whytewolf humm, someone was smoking crack. ubuntu trusty is 2.7.5
05:13 lessthan ah k, that's what I thought
05:13 lessthan especially back in 2014 when it was posted XD
05:14 whytewolf i think 18.04 will be python3 but that isn't out yet. but in thoery it should work. they do want more testing so. hey if you have python3 go for it and report back
05:14 tyler-baker joined #salt
05:14 lessthan will do
05:14 doubletwist joined #salt
05:14 Dev0n joined #salt
05:16 Bock joined #salt
05:18 masuberu joined #salt
05:19 Ni3mm4nd joined #salt
05:19 whytewolf humm, i think the confustion is that since trust ubuntu has had support for python3. but it isn't the default python
05:20 pipps joined #salt
05:21 pipps joined #salt
05:22 coredumb I've been surprised how easy it's been to install salt on openbsd
05:22 coredumb not even needed to use ports :O
05:25 masber joined #salt
05:26 impi joined #salt
05:28 Ni3mm4nd joined #salt
05:31 rgrundstrom joined #salt
05:31 rgrundstrom Good morning everyone
05:33 honestly_ joined #salt
05:39 zer0def joined #salt
05:41 wedgie joined #salt
05:50 rgrundstrom Someone that can help me out here: https://gist.github.com/anonymous/62e912f0af9ad30327c33edd888e9357#file-gistfile1-txt Questions is in the gist.
05:55 whytewolf pkg.install is not a state function
05:56 rgrundstrom whytewolf: You are right ... pkg.installed , misstyping on my part.
05:57 whytewolf you would want pkg.installed. - version: latest
05:57 whytewolf also not sure pkgs, works with - version
05:57 oida_ joined #salt
05:58 whytewolf however, pkg.latest does have pkgs also
05:59 whytewolf one other thing to question about the original setup. the service.restart. what service is being restarted?
06:00 rgrundstrom One service that is using all the other
06:00 rgrundstrom One service that is using all the other packets* ( I cant tell you which one it is )
06:01 whytewolf but you don't need the for loop in the restart. you just need - pkg: install_baseline and if any package in the pkgs in the pkgs list is update the state is counted as changed to the watch will trigger
06:01 whytewolf no problem. didn't need to know just making sure it wasn't something that needed to be iterated over.
06:02 jhauser joined #salt
06:02 maestropandy joined #salt
06:05 rgrundstrom whytewolf: update: https://gist.github.com/anonymous/8114a19c139055ebe582b6086a8f5147#file-gistfile1-txt
06:06 maestropandy Hi All, I am new to SaltStack, I am looking for best documents to start up SaltStack with more excersise to practice, please help me
06:06 whytewolf rgrundstrom: close
06:07 rgrundstrom maestropandy: https://docs.saltstack.com/en/getstarted/ <- This is were i started.
06:07 whytewolf the tutorials are a great place to start
06:08 whytewolf rgrundstrom: https://gist.github.com/whytewolf/3f8007ad5e2b620af12be42f3e1b4724
06:08 rgrundstrom whytewolf: Can you see something else that needs to change?
06:09 whytewolf your watch was a little off.
06:09 whytewolf the one i posted would be able optimal
06:09 whytewolf [even limiting to one pillar call to reduce render time a couple of microseconds]
06:10 rgrundstrom Not sure I understand you. Could you give me an example?
06:10 whytewolf https://gist.github.com/whytewolf/3f8007ad5e2b620af12be42f3e1b4724
06:10 whytewolf using set to set a variable from the pillar.get instead of using pillar.get twice
06:11 rgrundstrom Yes that is better
06:12 noitoi joined #salt
06:12 whytewolf it really only saves a couple of microseconds. not enough to worry about in most setups. but in large setups every microsecond counts
06:12 cyteen joined #salt
06:13 mavhq joined #salt
06:14 DragonDiesSnowBe joined #salt
06:15 rgrundstrom whytewolf: Update: https://gist.github.com/anonymous/0263527d740b8571145e3f8e9df3dbbd#file-gistfile1-txt
06:15 whytewolf your watch is still wrong
06:16 whytewolf also you don't have an endif
06:16 maestropandy thanks rgrundstorm
06:17 whytewolf watch.pkg isn't going to work. you need - watch: \n      - pkg: install_baseline
06:18 rgrundstrom whytewolf: update: https://gist.github.com/anonymous/bb8164ac772d3c34b2cb40549916ebd3#file-gistfile1-txt
06:18 felskrone joined #salt
06:18 whytewolf https://i.imgur.com/vUJBo79.gif
06:23 Ricardo1000 joined #salt
06:25 saltsa joined #salt
06:36 preludedrew joined #salt
06:40 do3meli joined #salt
06:40 do3meli left #salt
06:43 shadoxx joined #salt
06:45 sjorge joined #salt
06:47 dh joined #salt
06:49 armyriad joined #salt
06:49 gnomethrower joined #salt
06:51 Elsmorian joined #salt
06:51 edrocks joined #salt
06:54 hoonetorg joined #salt
06:59 JohnnyRun joined #salt
07:01 egil left #salt
07:02 egilh joined #salt
07:11 viq joined #salt
07:12 kukacz joined #salt
07:18 kukacz_ joined #salt
07:22 maestropandy joined #salt
07:24 maestropandy1 joined #salt
07:27 doubletwist joined #salt
07:28 sen joined #salt
07:34 babilen joined #salt
07:36 nku joined #salt
07:38 eseyman joined #salt
07:39 o1e9 joined #salt
07:42 Rumbles joined #salt
07:48 MTecknology joined #salt
08:03 ilbot3 joined #salt
08:03 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
08:03 gareth_ joined #salt
08:04 Naresh joined #salt
08:04 maestropandy joined #salt
08:08 FuzzyVeg joined #salt
08:09 FuzzyVeg left #salt
08:13 impi joined #salt
08:15 __[0_0]__ joined #salt
08:15 todder joined #salt
08:15 Laogeodritt joined #salt
08:17 pbandark joined #salt
08:18 sh123124213 joined #salt
08:21 NV joined #salt
08:26 manwe178 joined #salt
08:27 golodhrim|work joined #salt
08:27 nku hm, do i really have to run ssh-keygen as command, or am i missing a modul?e
08:28 Mattch joined #salt
08:33 arif-ali nku, what are you trying to do, can you explain the issue?
08:34 nku generate an ssh key
08:34 nku for a user that will send backups to another machine and needs ssh access to it
08:34 uncool joined #salt
08:37 arif-ali nku, sorry, how is this related to salt? But, yes, to create an ssh key, you need to run ssh-keygen
08:38 nku obviously...
08:41 doubletwist joined #salt
08:43 pbandark joined #salt
08:45 mechleg nku: i do not believe there is a salt module to generate ssh keys for you.  but it is not hard to make a simple state to do it using cmd.run
08:53 jhauser joined #salt
08:57 schasi joined #salt
08:57 honestly I need to dump data from pillar into a file, and it needs to be human-readable
08:58 honestly the |yaml jinja filter works but is very much not human-readable
08:58 honestly what do?
08:58 noitoi left #salt
08:59 joho joined #salt
09:01 babilen honestly: |yaml(False) ?
09:02 schasi Hi there
09:03 pbandark joined #salt
09:07 nebuchadnezzar joined #salt
09:09 maestropandy joined #salt
09:09 joho left #salt
09:10 nickknick joined #salt
09:11 LotR joined #salt
09:11 kiorky joined #salt
09:12 nickknick Hi, is there a way to group nodes in a roster file?
09:13 _KaszpiR_ joined #salt
09:14 stankmack joined #salt
09:14 babilen What do you mean by that?
09:16 nickknick i have node1 with ip x.x.x.x and node2 with ip y.y.y.y and i want to group both nodes  with name group1. Then salt-ssh group1 cmd.run 'do something'
09:17 babilen Don't think you can do that in the roster file, but you can use other things for targeting
09:18 babilen You might want to look into nodegroups
09:19 golodhrim|work|2 joined #salt
09:19 nickknick mmmh..ok thx...can i call nodegroups withsalt-ssh?
09:19 babilen ssh_list_nodegroups
09:20 golodhrim|work|3 joined #salt
09:20 babilen Maybe there is newer functionality, but my feeling is that you might want to look into a master/minion architecture or masterless if you want to do fancy things ;)
09:21 nickknick it is not possible to install saltclients on server...we have to do this over ssh
09:21 babilen So you install a salt-client over SSH ;)
09:22 nickknick :-)
09:23 babilen That's essentially what salt-ssh is doing
09:23 nickknick ..it is not possible ...ports are blocked...
09:23 babilen Fair enough
09:27 Bosch joined #salt
09:29 golodhrim|work joined #salt
09:30 nickknick left #salt
09:30 nicknick joined #salt
09:32 nicknick left #salt
09:32 nickknick joined #salt
09:34 k_sze[work] joined #salt
09:35 huddy joined #salt
09:56 schasi I have the following in a pillar: roles: [ Common, Monitoring ] . Will a {% if "Monitoring" in pillar['roles'] %} then work from a state?
10:02 coredumb schasi: yes
10:03 schasi Thank you ;-)
10:05 pk joined #salt
10:05 do3meli joined #salt
10:05 do3meli left #salt
10:08 babilen schasi: I'd use salt.pillar.get('roles', []) in lieu of pillar['roles'] as it will fail gracefully if roles aren't defined
10:08 pradiprwt joined #salt
10:08 babilen (or salt['pillar.get'] if you want this to be compatiable with salt-ssh)
10:09 coredumb oh salt.pillar.get isn't compatible with salt-ssh? damn
10:09 babilen I remember a bug report about that
10:10 babilen Might have changed in 2017
10:10 babilen Let's check
10:10 pradiprwt Hi Everyone, I am trying to add Junos OS as a proxy minion, but I am facing some issue. Can anyone please help me
10:10 pradiprwt ERROR >>>>> minion return: {'fun_args': ['show version'], 'jid': '20170817154023791156', 'return': "'junos' __virtual__ returned False: The junos module could not be loaded: junos-eznc or jxmlease or proxy could not be loaded.", 'retcode': 254, 'success': False, 'fun': 'junos.cli', 'out': 'nested'}
10:11 babilen pradiprwt: Did you install unos-eznc and jxmlease on the minion?
10:11 babilen (cf. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.junos.html)
10:12 babilen junos-eznc naturally
10:12 pradiprwt babilen : No
10:12 babilen You might want to (and reload the minion)_
10:12 pradiprwt ok
10:12 demonkeeper joined #salt
10:12 babilen One way to do so would be in a state with "reload_modules: True"
10:12 nickknick joined #salt
10:13 Kelsar joined #salt
10:13 mrud joined #salt
10:13 mrud joined #salt
10:15 babilen coredumb: https://github.com/saltstack/salt/issues/39720 + https://github.com/saltstack/salt/issues/41794
10:16 rgrundstrom Just wanted to say this is the BEST irc channel ever :)
10:16 nielsk joined #salt
10:17 marcinkuzminski joined #salt
10:17 pradiprwt babilen : Installed those packages but still have same issue
10:17 pradiprwt [WARNING ] /usr/lib/python2.7/dist-packages/salt/proxy/dummy.py:22: RuntimeWarning: tmpnam is a potential security risk to your program   FILENAME = os.tmpnam()  [CRITICAL] fx2 proxy minion needs "racadm" to be installed.
10:17 babilen pradiprwt: And you restarted the minion?
10:17 pradiprwt yes
10:17 babilen So install "racadm"
10:18 babilen Hmm, that would be the fx2 proxy minion
10:18 pradiprwt I tried but it looks like some dell related thing
10:18 babilen Yeah, it is .. the error should be unrelated
10:19 babilen Which version do you use?
10:19 pradiprwt Salt: 2017.7.1
10:20 pradiprwt I have one VM which have junos OS installed, I want to aaccess that VM as a proxy minion
10:20 babilen Sure, that's fine
10:21 froztbyte joined #salt
10:21 babilen Could you open a Python REPL and try the import in https://github.com/saltstack/salt/blob/2017.7.1/salt/modules/junos.py#L32-L38
10:23 pradiprwt sure
10:24 feliks joined #salt
10:24 benjiale[m] joined #salt
10:24 pradiprwt babilen : These two library is giving error while importing
10:24 maestropandy joined #salt
10:25 toofoo[m] joined #salt
10:25 pradiprwt from jnpr.junos.utils.sw import SW     from jnpr.junos.utils.scp import SCP
10:25 babilen That's what causes the problem then
10:25 babilen Fix that and saltstack should be happy
10:26 hax404 joined #salt
10:26 pradiprwt ok I will fix this
10:33 edrocks joined #salt
10:34 pradiprwt babilen :  Still same issue, after solving library issue
10:35 babilen So all imports work now, you restarted the minion and you still get "The junos module could not be loaded: junos-eznc or jxmlease or proxy could not be loaded." ?
10:36 pradiprwt babilen :  Awesome it is working now, but minion side have same error message
10:36 babilen So, what is working?
10:36 pradiprwt yeah
10:36 babilen And which error message are you referring to?
10:37 pradiprwt [WARNING ] /usr/lib/python2.7/dist-packages/salt/proxy/dummy.py:22: RuntimeWarning: tmpnam is a potential security risk to your program   FILENAME = os.tmpnam()  [CRITICAL] fx2 proxy minion needs "racadm" to be installed.
10:37 babilen Yeah, that's unrelated as you don't have a fx2 proxy mimion
10:37 babilen So it's not too surprising that you cannot initialise the module
10:37 babilen Did you forget to restart the minion?
10:38 pradiprwt I have restarted the minion
10:39 pradiprwt for solve this issue what I need to do
10:41 babilen Which issue?
10:42 pradiprwt fx2 proxy mimion
10:42 babilen That shouldn't have an effect .. there might be a way to get salt to not *try* to load that module, but it's perfectly fine the way it is now
10:43 pradiprwt Thanks babilen, Now I can got for my next task..
10:43 babilen Have fun
10:43 schasi babilen: Are you a main developer of saltstack? Or just a heavy user?
10:43 babilen The latter
10:54 Reverend joined #salt
10:56 schasi Does anyone know if I can set my VM profile for salt-cloud in my state file for orchestration? Will a "memory" or "cores" be passed on? Or do I have to create different profiles for that?
11:01 _KaszpiR_ joined #salt
11:02 jschoolcraft joined #salt
11:17 evle1 joined #salt
11:20 Guest39996 left #salt
11:21 Armageddon joined #salt
11:27 kedare joined #salt
11:27 kedare Hi all
11:31 Reverend hi kedare
11:36 ilbot3 joined #salt
11:36 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
11:46 edrocks joined #salt
11:49 golodhrim|work joined #salt
11:54 Tucky joined #salt
11:58 ilbot3 joined #salt
11:58 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
12:12 Psy0rz joined #salt
12:17 donmichelangelo joined #salt
12:19 ssplatt joined #salt
12:21 zerocoolback joined #salt
12:24 gareth__ joined #salt
12:37 bstevenson joined #salt
12:43 noobiedubie joined #salt
12:47 jespada joined #salt
12:56 SaucyElf_ joined #salt
12:56 promorphus joined #salt
12:58 lionel joined #salt
13:00 edrocks joined #salt
13:06 JohnnyRun joined #salt
13:07 bluenemo joined #salt
13:19 mchlumsky joined #salt
13:21 cofeineSunshine joined #salt
13:22 cofeineSunshine hi
13:22 schasi hi
13:22 schasi Did you find your error, cofeineSunshine?
13:23 cofeineSunshine schasi: brb
13:24 jdipierro joined #salt
13:25 Shirkdog joined #salt
13:25 Sacro joined #salt
13:25 cofeineSunshine joined #salt
13:26 cofeineSunshine hi again
13:26 cofeineSunshine No, I didn't found the cause of the problem
13:26 cofeineSunshine Looks like some rackspace networking issues
13:26 cofeineSunshine that neither ssh session nor salt-minion connection can survice
13:26 cofeineSunshine *survice
13:27 cofeineSunshine *survive
13:28 lordcirth_work cofeineSunshine, looking at the issue page, interesting.  Is transport=tcp slower?
13:28 lordcirth_work I thought the point of zmq was to be really fast/scalable
13:28 cofeineSunshine Hasn't tryed this yet
13:29 cofeineSunshine at the moment
13:29 beardedeagle joined #salt
13:29 cofeineSunshine I feels like some post startup network configuration changes in rackspace rackconnect stack. That kill irecoverably ssh and salt-minion connection
13:30 cofeineSunshine but that's only rackspace related
13:30 lordcirth_work Yeah, definitely a rackspace problem, but in general it would be good if salt-minion would handle it
13:31 ouemt joined #salt
13:31 cofeineSunshine yes
13:32 cofeineSunshine i think tinkering in network level would solve it
13:32 cofeineSunshine looks like one end thinks it is online another end doesn't think so
13:35 cgiroua joined #salt
13:35 Ahlee joined #salt
13:35 promorphus joined #salt
13:38 agustafson joined #salt
13:41 gmoro joined #salt
13:42 keltim joined #salt
13:43 edrocks joined #salt
13:45 racooper joined #salt
13:48 feliks is it possible to use golang's feature `go get github.com/$repo` from within saltstack?
13:51 _JZ_ joined #salt
13:55 atnar joined #salt
13:58 daxroc Afternoon all
13:58 edrocks joined #salt
14:00 cyborg-one joined #salt
14:02 daxroc I've a question around salt mine data. I'm making a query like  "salt['saltutil.runner']('mine.get', tgt='G@ec2_tags:Cluster:example and G@ec2_roles:service', fun='service_key', tgt_type='compound').values()|first|default(None)" Which does return what I need but with the mine function name which is a grain key so it comes back like "{ my_func:key: value }" is it possible to strip this out in the query or in the mine fucntion definition
14:02 daxroc ? I thought thats what the values|first  would do
14:03 babilen daxroc: Could you run that manually and show the output?
14:04 babilen I would have expected the same as you, but that obviously depends on the data you get back initially. I haven't seen the mine function alias being part of the returned data though - It's normally organised by host
14:04 lordcirth_work Yeah, check exactly what the function returns without .values() or filters
14:07 daxroc https://www.irccloud.com/pastebin/RiMq0PHm/
14:08 babilen That "service:key" bit is weird
14:08 babilen That shouldn't be a single key
14:08 lordcirth_work Yeah, shouldn't it be a hierarchy?
14:09 babilen It should, but it looks as if - for some reason - salt uses the string "service:key" as the literal key, rather than interpreting it as a nested map
14:09 daxroc https://www.irccloud.com/pastebin/mzfFwgOQ/
14:09 babilen Which is, quite possibly, due to the way you declared the mine function alias
14:09 daxroc The soruce is from a grains item - custom grain
14:09 babilen But the value is correct?
14:09 daxroc Yeah the value is good.
14:10 lordcirth_work Yeah, don't use colons in keys, that's messy and probably dangerous
14:10 MajObviousman joined #salt
14:11 MajObviousman so that was interesting
14:11 babilen daxroc: Does your custom grain return that key?
14:13 mavhq joined #salt
14:13 daxroc Yes it would return grains['service']['key'] = 'value'
14:13 babilen The datastructure should be {'minion1_id': value, 'minion2_id': value, ....}
14:14 babilen And calling grains.items service:key returns what?
14:14 babilen I guess that salt, at one point, trips over the :
14:14 lordcirth_work Is there a way to set --state-verbose=False in shell env?
14:15 babilen Does grains.get behave similar? (in the function definition)
14:15 daxroc @babilen it returns the hostname: \n value when queried via grains.get
14:16 babilen Use grains.get then, grains.item doesn't work here
14:17 babilen See "salt 'foo' grains.item locale_info:defaultencoding" vs "salt 'foo' grains.get locale_info:defaultencoding"
14:17 evle joined #salt
14:17 nku bah.. why would file.append tell me a file "is in the correct state". i want salt to append a damn line, not tell me about it's "state"
14:18 daxroc @babilen Hym grains.item is diferent returns the service:key: value
14:18 nku and do that randomly..
14:18 babilen nku: It means it doesn't have to append that line (anymore) as it is already there
14:18 nku babilen: well, it is not
14:19 babilen Yes it is!
14:19 babilen (iow: please provide more information)
14:20 bd joined #salt
14:22 fatal_exception joined #salt
14:22 rwaweber joined #salt
14:27 pualj_ joined #salt
14:32 sh123124213 joined #salt
14:36 sarcasticadmin joined #salt
14:36 DammitJim joined #salt
14:38 SaucyEl__ joined #salt
14:38 lordcirth_work nku, please pastebin the state
14:38 promorphus joined #salt
14:40 SaucyElf_ joined #salt
14:43 fatal_exception joined #salt
14:45 exegesis joined #salt
14:45 dendazen joined #salt
14:47 doubletwist joined #salt
14:48 beardo joined #salt
14:52 bildz joined #salt
14:53 reavon joined #salt
14:55 jeblair joined #salt
14:59 pualj_ joined #salt
15:01 bstevenson joined #salt
15:04 onlyanegg joined #salt
15:11 lordcirth_work Is there a way to make archive.extracted assume that a http:// source archive hasn't changed if it's been downloaded already?  "keep: True" still redownloads
15:13 bildz For those supporting windows boxes (i know.. i have to), I have a state file that will change the service account for a service to a domain account, however, salt says it's successful, but it hasn't changed at all and is still the local account
15:15 lordcirth_work bildz, salt-call -l debug is probably a good place to start
15:16 bildz thanks, lordcirth_work.  I'll check it out
15:18 tiwula joined #salt
15:21 Arendtsen joined #salt
15:22 heaje joined #salt
15:23 tapoxi joined #salt
15:25 tapoxi hi all, can I set grains at the provider or profile level in salt-cloud?
15:26 ushmodin joined #salt
15:28 MajObviousman yes you can
15:29 mirko joined #salt
15:29 cyteen joined #salt
15:31 MajObviousman it goes in the following order: /etc/salt/cloud, provider config, profile config, map
15:31 MajObviousman basically all of that gets smashed together and that's the contents of _salt (iirc) during salt-cloud invocations
15:32 MajObviousman so if you set the same value in both provider config and profile config, the profile will win. And you can set grains (or really anything you want) at any level and it will trickle down
15:32 beardedeagle joined #salt
15:34 tapoxi MajObviousman I guess what I mean is will it merge grains
15:34 tapoxi since I have some grains that are common across a profile but some that are specific
15:34 tapoxi *to each host
15:35 MajObviousman I think it should merge them, but extends operates differently
15:35 MajObviousman so I'm not actually sure
15:41 * MajObviousman runs a test
15:45 edrocks joined #salt
15:45 gmoro joined #salt
15:48 noobiedubie joined #salt
15:52 mikea- joined #salt
15:55 wych joined #salt
15:55 MajObviousman so I dropped grains: into each level of provider, profile, and map, specifying a different grain and value at each level. The answer is ...
15:56 MajObviousman none of them survived the provisining, strangely
15:56 MajObviousman I wonder if my deploy script is stomping on them
15:57 * MajObviousman files away for later study
15:58 tapoxi weird, thanks for taking a peek MajObviousman
15:58 MajObviousman np
15:59 MajObviousman I'm rolling a very old version (2015.5.11), so treat my experiment as inconclusive, not as evidence of it doesn't work
16:02 woodtablet joined #salt
16:04 Brew joined #salt
16:04 johnkeates joined #salt
16:05 pipps joined #salt
16:07 ecdhe joined #salt
16:09 renaissancedev joined #salt
16:11 edrocks joined #salt
16:20 nkuttler joined #salt
16:23 pipps joined #salt
16:24 xet7 joined #salt
16:32 LostSoul joined #salt
16:41 jdipierro joined #salt
16:44 promorphus joined #salt
16:45 wendall911 joined #salt
16:46 nixjdm joined #salt
16:51 evilet joined #salt
17:05 aphistic joined #salt
17:05 tapoxi joined #salt
17:07 schasi Why are you rolling an old version, MajObviousman?
17:12 edrocks joined #salt
17:14 SaucyElf_ joined #salt
17:24 pipps joined #salt
17:25 SamYaple joined #salt
17:25 lkolstad joined #salt
17:26 spicyJalapeno joined #salt
17:30 spicyJalapeno is there a built in function to do a version comparison of the kernelrelease grain?
17:34 spicyJalapeno just to check if the kernel is > or <
17:38 pjs joined #salt
17:40 pualj_ joined #salt
17:41 lordcirth_work spicyJalapeno, a string compare should work
17:42 lordcirth_work spicyJalapeno, where do you want to compare? In jinja?
17:42 mikecmpbll joined #salt
17:43 spicyJalapeno lordcirth_work:  yes in jinja
17:45 lordcirth_work spicyJalapeno, something like: {% if grains.get('kernelrelease') > '4.4.0-81' might work
17:47 pualj joined #salt
17:48 cro joined #salt
17:50 spicyJalapeno ok cool, thanks lordcirth_work, i will test that out
17:51 lordcirth_work er, forgot the %}, but yeah
17:52 MajObviousman schasi: well, there's several reasons. At the top of the list is little available time, followed shortly by a metric arseload of red tape to cut
17:52 schasi I don't know what red tape to cut means :D
17:52 schasi But little available time, I have heard that before ;-)
17:53 MajObviousman I have to qualify package sources with DirSec
17:53 MajObviousman e.g. the red tape says "No you can't do this until you do X, Y, Z, R, Q, and M first. And each of those things is non-trivial."
17:53 lordcirth_work schasi, "red tape" is an idiom for bureaucracy/paperwork
17:54 schasi Wooo
17:54 schasi Never had that before
17:54 MajObviousman https://en.wikipedia.org/wiki/Red_tape
17:54 MajObviousman American idiom, maybe? I don't know if other English-speaking countries use the term
17:55 schasi I would like a little more structure at my job, but not more red tape
17:55 MajObviousman they usually go hand in hand
17:55 MajObviousman unless you work at a very small company and wear many hats
17:55 schasi I do work at a very small company
17:56 schasi Hence the lack of (given) structure
17:56 MajObviousman "The origin of the term is somewhat obscure, but it is first noted in historical records in the 16th century, when Henry VIII besieged Pope Clement VII with around eighty or so petitions for the annulment of his marriage to Catherine of Aragon."  ok so the Brits started the red tape idiom
17:57 lordcirth_work very common here in Canada
17:57 MajObviousman so then I feel safe calling it an English idiom
17:57 schasi I have never heard it before
17:58 lordcirth_work schasi, where are you, if you don't mind?
17:58 schasi Germany
17:58 schasi I do think we have our fair share of bureaucrazy
17:58 schasi ;-)
18:00 sarlalian joined #salt
18:01 pipps joined #salt
18:03 sarlalian joined #salt
18:06 pipps joined #salt
18:10 brianthelion left #salt
18:10 brianthelion joined #salt
18:10 Rumbles joined #salt
18:11 overyander joined #salt
18:11 brianthelion Can anyone point to an example of using an orchestration runner to (1) cloud.create both a master and a minion and (2) configure them to talk to each other?
18:12 brianthelion I can do part 1 but part 2 is hurting my brain
18:14 lordcirth_work brianthelion, that's an interesting use case
18:15 brianthelion I can get the grains back from the master, but only at runtime and it would seem that i need them at render time to get the master IP and render it into the minion bootstrap script
18:15 MajObviousman I wish there was a way to force a re-render midstream, but the only way I know is to do an orchesration of orchestrations
18:16 brianthelion lordcirth_work: seems like a pretty straightforward thing that folks must be doing
18:16 brianthelion no?
18:16 MajObviousman one orcehstration each for steps 1 and 2. Since 2 is its own distinct run, it would render at run time, after both systems are created and grains populated
18:16 MajObviousman you could also use mine
18:17 brianthelion MajObviousman: Haven't played with mine yet, but I'll check it out
18:17 MajObviousman I don't fully understand it myself
18:18 MajObviousman been meaning to use it in some load balancing orchestrations, but haven't gotten to it
18:22 shanth_ joined #salt
18:22 edrocks joined #salt
18:23 lordcirth_work Salt mine?  It's a system for the minion to expose data for the master to poll
18:23 lordcirth_work I export ssh host pubkeys so that all my minions are immune to MITM
18:27 shanth__ joined #salt
18:28 pipps joined #salt
18:30 keldwud joined #salt
18:30 keldwud joined #salt
18:30 schemanic joined #salt
18:31 schemanic Hello channel
18:34 woodtablet hello salt user =D
18:34 schemanic :) woodtablet
18:34 schemanic I think I understand about templates and template variables better now
18:35 schemanic in file.managed, you create a 'context' attribute, whose children ARE the template variables
18:36 schemanic My understanding before was that context's children were references to <something else not a part of the conversation>
18:36 schemanic rather than definitions being set by myself
18:37 nixjdm joined #salt
18:39 ChubYann joined #salt
18:43 johnkeates joined #salt
18:44 schemanic Is there a way to get environment variables from salt?
18:44 promorphus joined #salt
18:44 jdipierro joined #salt
18:47 cyborg-one joined #salt
18:49 aldevar joined #salt
18:52 A_Person joined #salt
18:55 sh123124213 joined #salt
18:57 schasi Isn't that what salt.states.environ is for?
18:58 pipps joined #salt
19:05 promorphus joined #salt
19:12 Rumbles joined #salt
19:12 lordcirth_work environ controls the env of the salt process, not the whole system.  Not sure which he wants
19:16 robawt joined #salt
19:16 pipps joined #salt
19:17 DammitJim1 joined #salt
19:19 scottk_ joined #salt
19:20 scottk_ i'm trying to update my salt-minion on a cent6.9 box. i keep getting the error No module named salt.scripts. Does the 2017 minion not play nice with Cent 6.x?
19:23 johnkeates isn't CentOS lagging behind like 5  years?
19:23 johnkeates might be a python issue
19:23 stevednd does anyone here use the slack returner?
19:25 scottk_ i think it is a python issue after researching it more. it looks like salt-minion wants to run on python 2.7, but everything else is defaulting to 2.6.
19:26 johnkeates 2.6 is pretty ancient at this point i guess
19:26 scottk_ i guess i'll stick to the 2016 release.
19:27 pipps joined #salt
19:27 MajObviousman you can roll pyenv and get a new python without touching the system default
19:27 MajObviousman pair that with virtualenv and keep total separation of both verions and modules
19:28 schemanic hello
19:28 dwfreed even better, run it under a modern python3, and then you don't need a third party module for virtual environments :)
19:29 schemanic how do you guys handle setting up gpg rendering in saltstack? Does anyone use the salt-master-formula with this?
19:29 * dwfreed wonders who wrote saltstackbot's detection of whether a user is registered and identified
19:29 MTecknology don't use formulas
19:29 MajObviousman yeah I don't suggest running 2.7 unless you are stuck with on-system or a backwards tool
19:29 MajObviousman in which case, get a better tool
19:30 scottk_ thanks
19:30 MajObviousman np
19:30 schemanic MTecknology, could you elaborate a bit?
19:30 MajObviousman I forget that 3.3 rolled venvs in to core
19:31 schemanic do I follow you that you're saying I shouldn't use a formula to set up GPG encryption?
19:31 _KaszpiR_ joined #salt
19:31 MTecknology I'm saying don't use formulas for anything other than reference
19:31 MajObviousman ^
19:32 MajObviousman formulas aren't well suited for any but the most generic of cases
19:32 MajObviousman for instance, in order to use the MySQL formula, you have to keep your root password in pillar
19:33 schemanic Thats not a problem if you can GPG encrypt them as I understand it
19:33 MTecknology or if you want to do something else
19:34 MTecknology schemanic: formulas are often over-engineered and tend to tweak things in the OS that they probably shouldn't. They try to be super flexible at the cost of adding a lot of complexity, and often a lot of complication comes with. If you ever want to tweak a formula for different use cases, you're gonna have a bad time.
19:35 MajObviousman much like saltstack itself
19:35 MajObviousman earlier versions had some bizarre contortions to support all cases and it led to ... interesting behavior
19:35 schemanic Okay great, but my question has to do with setting up GPG rendering. What's a good way to do that
19:36 MTecknology I strongly recommend dropping gpg keys into a salt master by hand, every time (unless you're working with masterless, in which case the gpg rendering isn't enough).
19:37 MajObviousman schemanic: at the top of your sls you can set up a custom render chain
19:37 MajObviousman the default renderer is yaml,jinja
19:37 MajObviousman you could do yaml,gpg,jinja
19:38 MTecknology schemanic: This is exactly what I do - https://github.com/MTecknology/saltstack-demo/blob/master/pillar/keys/index.sls#L3
19:38 schemanic I understand the second part. Whats involved in making sure the minions can see the public key
19:38 MTecknology the minions don't need a public key for it. You store encrypted data and the master decrypts it using those keys
19:39 MTecknology the master and minions already have a different encrypted channel set up
19:39 MajObviousman right. The minion never knew that gpg was in use
19:39 brianthelion lordcirth_work: Do you have any specific thoughts on how i could use mine to get to the "right" solution for my orchestration problem?
19:39 MajObviousman wait, hmm, now I'm not sure
19:40 schemanic MTecknology, this is interesting, but I'm not understanding everything that's going on here. This seems to be a list of keys, but you're saying you recommend dropping the keys off manually. Is this a set of instructions on what to do with those keys?
19:40 MajObviousman "Finally, the following Renderer can decrypt GPG data stored on the master, before passing it through another renderer: gpg"
19:40 MajObviousman I've never tried it
19:40 cliluw joined #salt
19:41 MajObviousman schemanic: did you read https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html?
19:41 alvinstarr joined #salt
19:41 MTecknology schemanic: ^ that doc first, I only showed you how I store and unpack the generated gpg keys
19:43 MTecknology generate the master gpg stuff, and encrypt the contents w/ my personal gpg key. To unpack them, I need to use my personal gpg key (and then another symmetric gpg key) to unpack that data on a new master.
19:43 MajObviousman MTecknology: is this your (hopefully sanitized) full setup?
19:43 upb joined #salt
19:44 MTecknology MajObviousman: it's maybe ~70% and ya.. hopefully sanitized
19:44 * MajObviousman clones for later review
19:44 MajObviousman always enriching to see how other folks accomplish common tasks
19:44 MajObviousman I learned how to shell script from reading Slackware boot scripts. Came away with a lot of nasty habits
19:44 MTecknology lol
19:45 schemanic I see
19:45 MTecknology I learned bash scripting from #bash. I used to share them for review and routinely took a bit of a bashing on my bash, but now my bash is #bash-worthy
19:45 MTecknology s/them/bash scripts/
19:46 schemanic So if I follow you MTecknology, you have your own key that applies to you as a sysadmin and the various tasks thereof. You then generate another set of keys, and encrypt those with your key. Once you decrypt the keys, you can place them on a new salt master.
19:47 MTecknology pretty much - I decrypt them /on/ the master
19:48 schemanic I see. I'm still not understanding the pillar file you sent - if you have to decrypt them manually what use is placing this information in pillar?
19:48 MTecknology it's just a text file of information..
19:49 MTecknology go up a level or two
19:49 schemanic MTecknology, Okay, so you're not telling salt to do anything with the information. It's meant for people to read
19:50 MTecknology it's meant for /me/ to read, yes
19:50 schemanic I was just confused as to why it was in the form of an sls file
19:50 noobiedubie joined #salt
19:50 MTecknology because adding the .sls extension makes vim give me the editing magic I wanted
19:51 MTecknology it could just as easily not exist
19:51 MajObviousman as an aside MTecknology, you might add a {% if 'data' in data %} on line 1 of https://github.com/MTecknology/saltstack-demo/blob/master/states/_reactor/minion_request.sls
19:51 MTecknology Is it possible for data to not be there?
19:51 MajObviousman I had an issue with that when my reactor event was getting triggered in conditions without a payload and it was difficult to troubleshoot
19:51 MajObviousman yes
19:51 schasi So the gpg encryption is just to have them secure while in transport? And then they are in "cleartext" on the master?
19:51 MajObviousman I had it happen to me
19:51 MTecknology good to know!
19:52 MajObviousman mmmyep
19:52 MTecknology schemanic: yup
19:52 MajObviousman now it could be that newer versions of salt don't have that issue
19:54 MajObviousman I'm tickled by your duplication of the puppet runinterval feature
19:54 MajObviousman nifty way to do it
19:54 schemanic so basically all I need to worry about is getting my encrypted gpg keys onto my salt master, and I could write a state to say, pull them down from s3
19:55 MajObviousman schemanic: yep
19:55 schemanic That's helpful. I'll follow a guide to get things set up from there.
19:55 MajObviousman not only you but anyone can write a state and use the public key to encrypt the data. Only the salt master with the private key can decrypt it
19:55 MajObviousman so you can keep the pubkey in your repo safely
19:55 schasi I have a hard time following you guys, but it sounds interesting ;-)
19:56 schemanic As I understand it it's possible to have multiple public keys yes?
19:56 MajObviousman as in distinct keys will all be unlocked by a single private key?
19:56 MajObviousman distinct public keys
19:57 schemanic I believe so
19:57 MajObviousman I'm not sure how that'd work, honestly
19:57 MajObviousman but apparently gpg has figured it out
19:57 * MajObviousman learns from https://www.gnupg.org/gph/en/manual.html#AEN111
19:57 MTecknology MajObviousman: what puppet thing?
19:58 MajObviousman MTecknology: your highstate tick
19:58 MajObviousman puppet is built around systems checking in at regular intervals and seeing if there's a change of state. One of the things I didn't like about it at first, honestly
19:59 MTecknology doesn't puppet runinterval just do a "highstate" every X minutes?
19:59 MTecknology er, no, I'm thinking chef
19:59 schemanic MTecknology, can you elaborate on what you meant by another, symmetric key to decrypt your other gpg keys?
20:00 MTecknology schemanic: extra layer of encrypting the tarball w/ gpg
20:00 schemanic I'm researching asymmetric vs symmetric and I'm not sure, but the term you used doesn't seem to line up with what I heard you say
20:00 schemanic You said you use multiple keys to decrypt the encrypted tarball?
20:01 MTecknology MajObviousman: I wanted systems running highstates ~1x/day, but also every time I pushed out changes, without getting excessive
20:02 pipps99 joined #salt
20:03 MTecknology schemanic: First- worry about making your salt have gpg keys to render your gpg blobs from pillar.   Then- tar czf saltkeys.tgz /etc/salt/gpg; that tarball is what I've encrypted 2x.
20:04 MTecknology your salt master **
20:04 MajObviousman not just one but TWO rounds of rot13. Why MTecknology, you shouldn't have
20:04 MajObviousman so indulgent
20:04 MTecknology MajObviousman: hm?
20:05 MajObviousman I'm being a snarky asshole and joking about your 2x encryption
20:06 MTecknology ah.. you should see how I do my backups
20:06 MTecknology or my password vault... :P
20:07 johnkeates .txt file ? :p
20:07 MTecknology They're the two most recent posts on my blog, if you're curious.
20:08 iggy joined #salt
20:09 schemanic right, are you just saying you've symmetrically encrypted it, which uses one key to encrypt/decrypt, and just did that with two different keys
20:10 schemanic one is your own, another is some other key that you are managing in some other way
20:10 johnkeates two keys symmetrical is the same as one key symmetrical
20:10 johnkeates there is no added security here
20:10 schemanic johnkeates, please elaborate
20:11 johnkeates the security is the same factor: you need a key
20:11 schemanic also, please understand that I don't yet understand MTecknology, so I'm asking for them to confirm/deny my assertion
20:11 johnkeates the actor that would want that key would be able to get both keys the same way, at the same time, using the same method
20:11 johnkeates there is no control, no change in factors and no change in methods
20:11 schemanic you're saying that if an actor has one key they have both keys?
20:11 johnkeates no, i'm saying that the process of gaining access the identical
20:12 johnkeates security isn't the key or the amount of key
20:12 johnkeates it's the factors or methods
20:12 schemanic I'm not asking about crypto culture. I'm asking what MTecknology did
20:12 johnkeates hence the 2FA/MFA authentication hype
20:12 MajObviousman "hype"
20:13 johnkeates well, it's a 'public' hype, but in terms of industrial norm, it's simply best practise
20:13 MajObviousman rotating passwords every 3 months was best practice for a while
20:13 johnkeates yeah
20:13 johnkeates and then new insight was gained
20:13 johnkeates just as using multiple symmetric keys once was thought to be more secure than one key
20:14 schemanic I will ask my question again: Do I understand correctly that the scenario being described is the same piece of information encrypted against one set of credentials, and then encrypted again against another set of credentials? I'm asking because I don't know if there exists some other method that encrypts the information once but uses two credentials in a 'nuclear launch sequence' type way, where two actors need to supply cre
20:14 schemanic ds at the same time to decrypt
20:14 johnkeates hashicorp's vault
20:14 johnkeates (which works neatly with salt btw)
20:15 schemanic You have spoken a name without other meaning.
20:15 cro joined #salt
20:15 johnkeates you said: i dont know if there exists
20:15 johnkeates and i gave you an exist
20:15 schemanic no damnit
20:15 schemanic I'm talking about gpg encryption here
20:16 johnkeates okay
20:16 schemanic you just started interjecting opinions you thought needed to be a part of the conversation and you derailed my understanding of MTecknology's methods
20:16 johnkeates yep
20:16 johnkeates the beauty of irc
20:17 schemanic MTecknology, or MajObviousman, can you please help me? It's killing me that I don't know if I've understood you correctly or not and come closure would be much appreciated.
20:17 schemanic some* closure.
20:18 schemanic The reason is that I've seen information suggesting that there is a process with GPG that uses multiple keys, and I'm trying to distinguish between what you've said, and that, or ascertain that what I'm reading is incorrect
20:19 pipps joined #salt
20:19 MajObviousman schemanic: I don't know much about GPG, but I do know a thing or two about LUKS. It allows for up to 8 keys to decrypt the drive, and it uses double encryption to do it
20:20 MajObviousman you encrypt the drive with a symmetric key. Then you encrypt the symmetric key with a passphrase given by the user
20:20 MajObviousman we'll call the first key A and the latter B, B', B'' etc
20:21 MajObviousman this only works because it's using a symmetric key on both steps
20:21 schemanic I think I'm understanding what MTecknology meant when I read this SO article: https://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys
20:22 schemanic I think it's possible to encrypt something once in such a way that *either of* N public keys will decrypt it
20:22 MajObviousman I read that page too. In the most upvoted answer, he is using distinct keypairs, one for each user
20:22 MajObviousman he knows ahead of time that he should use Alice's pubkey for the letter to Alice, Bob's keypair for the letter to Bob, etc
20:22 schemanic but I think that MTecknology encrypted it with one keypair per encryption
20:23 schemanic so step 1 must be performed by actor A, and step 2 must be performed by actor B
20:24 MajObviousman let's back up a bit
20:24 MajObviousman are you familiar with symmetric vs asymmetric key cryptography?
20:25 schemanic You're right, I've misused terms
20:25 schemanic but yes
20:26 schemanic symmetric = one key for both decryption and encryption
20:26 MajObviousman yes
20:26 schemanic asymmetric uses a keypair
20:26 MajObviousman yes, perfect
20:26 schemanic so MTecknology used two symmetric keys
20:26 schemanic not keypairs
20:27 MajObviousman crap I didn't realize it was getting so late. I gotta head to a meeting
20:27 schemanic Thank you MajObviousman
20:27 schemanic also MTecknology
20:27 MajObviousman np, hope it all makes sense in the end
20:27 schemanic even you johnkeates, I acknowledge your points are useful
20:27 schemanic yes it does
20:29 pipps joined #salt
20:29 MTecknology 15:09 < schemanic> right, are you just saying you've symmetrically encrypted it, which uses one key to encrypt/decrypt, and just did that with two different keys
20:29 MTecknology schemanic: no... my personal gpg key and a symmetric key
20:29 schemanic OH
20:29 schemanic you're using both kinds
20:30 schemanic so once with your public key
20:30 schemanic and once with the symmetric key
20:30 MTecknology which is stored in my password vault (and access to that requires a yubikey)
20:30 MTecknology (and a special script and two additional passwords)
20:31 schemanic Are you a one person operation? or is the symmetric key meant to be shared with a team so others can do similar things?
20:31 MTecknology I'm solo, but I designed it picturing a team of sys admins with varying levels of access
20:32 schemanic mmm
20:32 MTecknology I built at home, and then I imported into work
20:32 schemanic You're one of the ones with an insanely elaborate home setup as I recall yes?
20:33 MTecknology this one - http://imgur.com/a/fjdoE
20:33 schemanic You've sent this to me before. Always so impressive
20:34 MTecknology I don't remember names, but I like showing it off
20:34 schemanic how does the stuff protecting the symmetric key work? Multiple entries in the password vault and a password per entry to retrieve, stitch, and reconstitute?
20:34 MTecknology check out my latest blog post
20:37 schemanic Thats quite elaborate
20:40 MTecknology It's fun because the luks volume headers aren't stored with the encrypted data so I can freely upload that encrypted pile and download it from anywhere, but it remains completely useless without the headers file *and* the entire rest of that decryption process.
20:46 johnkeates LUKS is the best.
20:47 johnkeates by the way, it is only limited (key number wise) because of the header size limits, right?
20:47 MajObviousman that was quick
20:47 schasi Can I have salt-cloud not install the saltstack repository on FreeBSD when using bootstrap, but use FreeBSDs own repository?
20:47 johnkeates when setting it up, I think I read somewhere that it just uses key wrapping and the upper wrap can be anything, but the lower wrap has to be symmetrical
20:47 MajObviousman "home" setup
20:48 MajObviousman I recall stating that you were where I wanted to be in a few years
20:48 johnkeates schasi: bootstrap.sh you mean? it's using basic parameters to control it's operation, you might be able to pass some stuff along to tell it which version to use. by default it uses latest stable, but it supports git and system repo's too iirc
20:49 MTecknology schasi: You're typically better off if you don't use the bootstrap script and write something yourself.  It'll be 6,000 times easier to maintain and modify.
20:49 MTecknology schasi: Example- https://gist.github.com/MTecknology/66ce7c7f148fc9da936bcf26cc572cd7
20:49 johnkeates darn, corosync/pacemaker decided to throw up.. Node storage-2-prod: UNCLEAN (online) back to work it is!
20:49 schasi I actually use salt-cloud
20:50 johnkeates salt-cloud uses bootstrap.sh ?
20:50 schasi And wrote a cloud/clouds/ provider for ovirt
20:50 schasi (well, took another provider and changed the code)
20:50 schasi And that provider module somewhere calls bootstrap, from utils.py afaik
20:51 schasi And I guess that installs the repository, which I would rather not want (as FreeBSD has salt already and it is even newer than the salt packages)
20:51 MajObviousman schasi: have you shared the ovirt code by chance? Because I'm looking at doing an ovirt deploy here in a few weeks
20:51 schasi I haven't, because it is a piece of crap so far, just barely working well enough
20:52 MTecknology schasi: Get it on github! NOW!!@
20:52 iggy ovirt still exists?
20:52 MajObviousman yep
20:52 schasi ovirt still exists :D
20:52 MTecknology iggy: it's redhat.. why not? :P
20:52 MajObviousman and there are some future clients still using it that need my ruinously overpriced consulting to help them transition off of it
20:52 * MajObviousman smiles charmingly
20:53 schasi What do you transition them off to?
20:53 MajObviousman haven't decided yet
20:53 MTecknology schasi: this is almost exactly what I use - https://github.com/MTecknology/saltstack-demo/blob/master/data/etc/salt/cloud.deploy.d/ovpn_deploy
20:54 johnkeates i love overpriced consulting
20:55 johnkeates it's my core business
20:55 johnkeates at the same time, there often isn't much coice :p
20:55 johnkeates choice*
20:56 MTecknology johnkeates: schemanic: There's a #salt-offtopic channel for randomness :)
20:56 MajObviousman I'm still developing out my niches, but I think ovirt transitions could be very profitable
20:56 MajObviousman and joining Linux systems as first class citizens to Active Directory
20:56 johnkeates FreeIPA <3
20:56 johnkeates or RH IdM
20:56 MajObviousman I've been using sssd
20:56 johnkeates yes
20:56 johnkeates that's part of the deal
20:57 johnkeates well, you can use SSSD without IPA/IdM ofcourse
20:57 johnkeates I like putting IPA in between even if just for plain sensible uid/gid translation and caching
20:57 schasi I can send you the ovirt code if you want, mtecknology
20:57 johnkeates make it a secret github gist and post it here, i want in!
20:58 schasi I would rather clean it up before putting it somewhere public though
20:58 johnkeates or hastebin poastebin
20:58 MajObviousman we've been joining straight up with adcli
20:58 MajObviousman still using simple_allow for user/group gating, but moving towards GPO model
20:59 MTecknology MajObviousman: johnkeates: That's way off topic at this point. It really should be in #salt-offtopic.
20:59 MajObviousman true
20:59 schasi johnkeates: Do you mean me?
20:59 MajObviousman no, you're still on topic
20:59 johnkeates yes, you
21:00 MTecknology schasi: I don't personally have any interest in it. The quicker you get it out the door, the quicker you can have other people fixing it up for you.
21:00 MajObviousman oh, I misread
21:00 johnkeates you can make a secret paste or gist
21:00 johnkeates so we have the ovirt
21:00 MajObviousman yassss, all the ovirts
21:00 johnkeates that way you can share it but still not have it super public
21:00 MTecknology iirc, gitlab lets you host private repos without paying - maybe you'd wanna start it there?
21:00 MajObviousman I was gonna suggest that or bitbucket
21:03 fatal_exception joined #salt
21:04 jdipierro joined #salt
21:12 cofeineSunshine hi
21:12 cofeineSunshine I have a case
21:13 JPT Open it. What's inside?
21:14 cofeineSunshine I need to write a state that checkouts source into folder named /srv/project_name_$(date +%Y%m%d_%H%M) and create a symlink /srv/project_name to it
21:15 JPT The date part is a bit complicated but it's probably possible to achieve that using jinja templates for your states
21:16 JPT If you're going to use a version control system anyway, why the date name folder thing?
21:16 cofeineSunshine because thats the way it is now
21:16 JPT okay
21:16 cofeineSunshine i know
21:16 schasi ovirt salt-cloud module (WIP): https://gist.github.com/schasi/7e0209e6c014f3a58b45722f510c5e94
21:16 schasi MTecknology, johnkeates, MajObviousman
21:17 JPT cofeineSunshine: In case of git, this will be interesting: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
21:17 pipps joined #salt
21:18 MajObviousman much obliged
21:18 schasi It does take several loops to work and everything
21:18 MajObviousman from your description, I expected hideous trolls to pop out at me when I opened the page
21:18 MajObviousman I'm actually a bit disappointed
21:20 schasi The trolls ran away when they saw my code ;-)
21:20 schasi Nah, it's just that I "made it work" and then didn't spend any more time on it so far
21:21 schasi My long reach goal would (have) be(en) to make it nice and send a pull request
21:21 schasi And become a "saltstack contributor" ;-)
21:21 pipps joined #salt
21:22 MajObviousman you still can
21:24 schasi I guess now more able people will take and whip it into shape
21:24 schasi For me to use :D
21:28 ahrs joined #salt
21:30 stankmack joined #salt
21:33 schasi MTecknology: What are your best candidates to migrate users from ovirt to?
21:40 Rumbles joined #salt
21:50 MTecknology schasi: esxi and proxmox are my current favorites, but I've heard good things about openstack
21:54 iggy "good"
21:56 kukacz joined #salt
21:57 sarlalian joined #salt
21:57 MajObviousman "cantankerous"
21:57 MajObviousman that's openstack
21:57 MajObviousman and you spend a lot of resources to accomplish ... what?
21:59 pipps joined #salt
22:04 pipps joined #salt
22:05 edrocks joined #salt
22:09 frew dumb question: if I am doing salt 'foo-*' cmd.run '...'; is there a way to get jinja in the body to the command?
22:09 eichiro joined #salt
22:10 frew or some other way to template I guess
22:10 MTecknology Very unlikely
22:11 frew ok; I can always run salt pillar.get ahead of time, but it seems like a silly middle step
22:12 MTecknology what you're doing with cmd.run is probably already silly
22:12 pipps joined #salt
22:12 frew ok?
22:13 frew we have 150 machines, for 150 humans, I want to see if a certain directory exists for the human who owns the machine in question
22:14 frew so sandbox-frew needs to check /home/frew/foo, sandbox-mtecknology needs to chech /home/mtecknology/foo, etc
22:14 frew anyway I'll just write a program; thanks anyway.
22:15 MTecknology needs to check why? to do what? You're skipping a lot of details about what you actually need
22:15 MTecknology without knowing what it is you need, it's impossible to propose any solution
22:15 frew I want to email the users to say: "you put the thing in the wrong place, can you tell me why?  If there is no good reason, I suggest you move it."
22:15 GMAzrael joined #salt
22:16 * MTecknology stares blankly
22:16 * frew continues programming.
22:16 MTecknology wfm
22:29 frew if anyone is interested: https://gist.github.com/frioux/53d10c6198bbe1fb1aaf4343d2172296
22:29 rpb joined #salt
22:37 Bruce joined #salt
22:37 XenophonF joined #salt
22:39 pipps joined #salt
22:40 dendazen joined #salt
22:41 ssplatt joined #salt
22:48 CrummyGummy joined #salt
22:48 schasi I am somewhat intrigued about openstack too
22:48 schasi But it seems very... big
22:49 schasi Anyway, gotta hit the sack. cu
22:50 ws2k3 joined #salt
22:50 iggy it is
22:51 iggy like most projects of it's size, you're not going to get installed in 30 minutes or mastered in a week
22:51 iggy but once you do, it's pretty powerful
23:00 johnkeates i've been looking at openstack as well, but so far none of my clients managed to hit the threshold where investing in migrating to that makes sense :(
23:00 johnkeates with the salt-cloud integration it would be very nice to use
23:00 johnkeates and I suspect that certain components of openstack itself can be setup using salt making the whole experience rather nice
23:02 pfallenop joined #salt
23:02 pfallenop joined #salt
23:10 iggy yeah, we deploy openstack using salt (sadly it's very specific to our network or I'd liked to have released that upstream)
23:19 GMAzrael_ joined #salt
23:21 pcn_ left #salt
23:21 onlyanegg joined #salt
23:21 irated joined #salt
23:21 irated joined #salt
23:29 ssplatt joined #salt
23:36 KevinAn2757 joined #salt
23:36 skullone_ joined #salt
23:38 GMAzrael joined #salt
23:47 woodtablet next time johnkeates comes in here i gotta ask him about hyperion
23:49 Deliant joined #salt
23:51 StolenToast joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary