Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-08-28

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:27 cyborg-one joined #salt
00:46 tiwula joined #salt
01:00 GMAzrael joined #salt
01:14 shoemonkey joined #salt
01:42 GMAzrael joined #salt
01:50 Diaoul joined #salt
01:51 ilbot3 joined #salt
01:51 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:01 omie888777 joined #salt
02:10 brokensyntax joined #salt
02:32 Diaoul joined #salt
02:35 AvengerMoJo joined #salt
02:44 GMAzrael joined #salt
02:44 JPT joined #salt
02:53 AvengerMoJo joined #salt
03:00 hoonetorg joined #salt
03:00 AvengerMoJo joined #salt
03:02 omie888777 joined #salt
03:15 Diaoul joined #salt
03:25 A_Person___ joined #salt
03:26 shred joined #salt
03:33 michelangelo joined #salt
03:33 shanth_ joined #salt
03:50 cyborg-one joined #salt
04:05 lbv joined #salt
04:12 tirpitz joined #salt
04:15 mosen joined #salt
04:21 shanth_ joined #salt
04:23 jeddi joined #salt
04:39 AvengerMoJo joined #salt
04:40 fxhp joined #salt
04:52 aleph- joined #salt
04:58 frygor_ joined #salt
05:14 AvengerMoJo joined #salt
05:16 sh123124213 joined #salt
05:27 tiwula joined #salt
05:28 shred joined #salt
05:40 CmndrSp0ck joined #salt
06:01 sh123124213 joined #salt
06:02 CmndrSp0ck joined #salt
06:03 oida_ joined #salt
06:07 Guest2883 left #salt
06:14 AvengerMoJo joined #salt
06:23 _KaszpiR_ joined #salt
06:34 wogi left #salt
06:37 colttt joined #salt
06:48 AvengerMoJo joined #salt
06:59 omie88877777 joined #salt
06:59 jas02 joined #salt
07:02 kiorky joined #salt
07:05 darioleidi joined #salt
07:05 JohnnyRun joined #salt
07:05 jas02 joined #salt
07:09 pualj joined #salt
07:10 johnj joined #salt
07:10 lorengordon joined #salt
07:16 it_dude joined #salt
07:17 evle joined #salt
07:19 Hybrid joined #salt
07:29 CrummyGummy joined #salt
07:31 evle1 joined #salt
07:31 zulutango joined #salt
07:33 evle joined #salt
07:35 Rubin joined #salt
07:35 zerocoolback joined #salt
07:39 impi joined #salt
07:40 GMAzrael joined #salt
07:43 ivanjaros joined #salt
07:47 mike25de joined #salt
07:48 * mike25de hi all
07:56 mike25de anyone around? :)
08:03 Hybrid1 joined #salt
08:08 Rubin joined #salt
08:11 hemebond hi
08:12 johnj joined #salt
08:12 impi joined #salt
08:15 pewpew /bin/sh: -c: line 0: unexpected EOF while looking for matching `"'
08:15 pewpew /bin/sh: -c: line 1: syntax error: unexpected end of file
08:15 jhauser joined #salt
08:16 _KaszpiR_ joined #salt
08:18 Mogget joined #salt
08:21 Mogget joined #salt
08:24 Mogget joined #salt
08:25 chowmeined joined #salt
08:27 Mattch joined #salt
08:29 Mogget joined #salt
08:29 k1412 hello everyone, it's possible to launch on a minion only a part of my top file ? Exemple I only want redeploy my certificate on my minion with a precise id ?
08:30 jkaberg joined #salt
08:30 nku k1412: you probably want state.apply
08:31 viq nku: "state.apply state", not just "state.apply" as that will do highstate
08:31 k1412 nku: I have actually a '*' .. in my top.sls for multiple common action but it's not possible only run again 1 of these ?
08:31 nku viq: that sounds broken..
08:31 viq k1412: why not run through the whole thing though? Salt is idempotent, unless you did horrible things ;)
08:32 k1412 viq: incase I did an horrible thing ^^ (I just begin so I go step by step ^^)
08:33 nku i read somewhere that state.apply was supposed to replace state.sls? or is that wrong
08:33 viq nku: k1412: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.apply
08:33 mike25de hi guys ... i use in one of my states some data (  import_yaml   ) loaded from a file.  Is it possible to MERGE the yaml data (similar to a jinja map) with a pillar data?
08:34 k1412 thanks, I will look at it
08:34 viq nku: so, as documented, state.apply calls state.highstate if called without arguments, or state.sls if called with arguments
08:34 _KaszpiR_ joined #salt
08:35 nku viq: obviously. that's a dangerous behavior. i guess i'll keep not using it then and won't recommend it again
08:37 viq nku: most examples nowadays use state.apply, IIRC it was added as a convenience wrapper to make it less confusing. *shrug*
08:37 mechleg what is dangerous behavior of state.apply?
08:37 viq mechleg: that if you don't give it arguments it'll apply highstate
08:37 nku mechleg: mixing highstate and sls
08:37 mechleg there should be nothing dangerous with running a highstate
08:37 mike25de hemebond: do you have a sec? :P
08:38 nku just one typo away from deploying something you don't want. anyway
08:38 * nku shrugs
08:38 viq nku: a lot of damage is one typo away in automation land ;)
08:39 nku yeah.. reminds me, i need to configure salt-api
08:41 Hybrid joined #salt
08:43 mechleg mike25de: you might want to look into pillar.filter_by() to see if that can help with your problem
08:43 mike25de mechleg: thanks buddy - i will take a look!!!
08:45 mikecmpbll joined #salt
08:45 mike25de mechleg: i did not know that feature existed... i see is a new one :) thanks again!
08:47 zerrac joined #salt
08:48 zerrac Hello there, i have trouble to connect to a local ldap to create users. I tried with https://gist.github.com/anonymous/e522e06dd9f913e2ebe5b3e4a3e8ca87 . I end up with an error : https://gist.github.com/anonymous/ba7e9942b425c2d88eab1bdefe9fc072
08:49 Naresh joined #salt
08:51 viq zerrac: I believe URL should be 'ldap://127.0.0.1' not just 127.0.0.1
08:52 svg joined #salt
08:53 zerrac viq: i just tried with no success :/
08:54 viq try adding / at the end
08:55 viq url: 'ldap://127.0.0.1/'
08:55 svg left #salt
08:56 pualj joined #salt
08:56 viq also seems like dn should be at same level as bind, not under it
08:57 viq no, sorry
09:00 zerrac it doesnt work with trailing /
09:01 zerrac i was wondering if the ldap connexion goes from salt master host or from the minion directly ?
09:02 hemebond If it's in a state, it's from the minion.
09:03 jespada joined #salt
09:04 hemebond Have you tested using the ldap3.connect module function to make sure you've got the connection stuff working?
09:08 zerrac yes i tried :https://gist.github.com/anonymous/fd5982099107fb56a0ce42eb91f8974c
09:09 hemebond uh. do you have the python ldap package installed on the minion?
09:09 zerrac tcpdump show nothing on port 389 (on salt master and ldap host)
09:10 hemebond Is python-ldap (or similar) installed on the minion?
09:10 johnj joined #salt
09:10 zerrac python-ldap3 yes, python-ldap no
09:11 hemebond Restarted the minion?
09:11 hemebond At least the salt-minion service?
09:11 zerrac yes, the vm was restarted
09:13 hemebond On the minion, from a python console, can you import `ldap`?
09:14 zerrac yes, ldap3 and ldap (i just installed python-ldap)
09:14 hemebond The salt module imports `ldap`
09:14 hemebond So if you can import that it should work.
09:16 zerrac ok it work with python-ldap installed ... ty so much!
09:30 mike25de guys i am trying to merge in a state ... pillar data with data from an import_yaml file. Anyone ... has any idea how to do it?
09:31 yuhl joined #salt
09:37 hemebond mike25de: Can you paste what you've got? (or a cut-down version)
09:37 babilen You might also want to take a look at the various map.jinja files around
09:37 babilen defaults.merge should come in handy
09:37 mike25de hemebond: i just read... a bit... i think exactly babilen ... i will do that... because it seems to be similar to map.jinja
09:38 mike25de the idea is that i have pillar data + external yaml file (generated by other app) which should merge with the pillar data
09:38 mike25de i will... try some more...
09:38 mike25de thanks guys for the ideas
09:39 hemebond Right. Similar to the defaults.yml I then override using pillar data.
09:39 chowmein__ joined #salt
09:42 GMAzrael joined #salt
09:47 yuhl joined #salt
09:49 mike25de i am reading through ... https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.filter_by
09:49 yuhl joined #salt
09:49 mike25de but int the example...
09:50 mike25de salt '*' pillar.filter_by '{web: Serve it up, db: I query, default: x_x}' web   -> this should return the Serve it up... but it returns de x_x ... am i not understanding it correctly?
09:50 hemebond I'm not sure this is what you want.
09:50 hemebond You're just trying to merge some pillar data over some YAML, yeah?
09:51 mike25de hemebond:  yes... but now.. i took it slow.. to understand the filter process :)
09:51 yuhl joined #salt
09:52 mike25de i have a pillar static file ... + a yaml file (generated by other app) ... and in my state i need to merge those 2 ( eventually even overwrite some pillar from CLI)
09:53 mike25de but now i was trying to understand the example from above... which confuses me a lot :)
09:54 hemebond {%- import_yaml "path/to/defaults.yml" as defaults %}
09:54 hemebond {%- set settings = salt['pillar.get']('my:overrides', defaults, merge=true) %}
09:55 mike25de awesome
09:55 mike25de let me try :)
10:03 oxae joined #salt
10:10 mike25de hemebond:  https://gist.github.com/anonymous/5437e75a26702eabf9ea59eb11158cdb
10:10 mike25de something is wrong :) maybe my head
10:11 omie888777 joined #salt
10:12 johnj joined #salt
10:12 babilen mike25de: Yeah, the content of the file is the "default" whereas the pillar you access is used to override those
10:13 mike25de ah... so it is the other way around...
10:13 mike25de the pillar overrides the data file?
10:13 mike25de how can i ... do it in reverse...? from the file to override the pillar? :)
10:14 babilen That's not how pillar.get works .. look into defaults.merge and merge it yourself
10:14 hemebond Your pillar and yaml files are almost the same. So all the data will be from the pillar.
10:14 mike25de ah ok
10:14 babilen pillar.get provides access to the pillar with the additional functionality to define a "baseline" / "default"
10:14 felskrone joined #salt
10:14 mike25de ah ok - got it
10:15 mike25de but then... can i use somehow... pillar.filter_by ?
10:15 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.defaults.html#salt.modules.defaults.merge allows you to manually merge data as you desire
10:17 babilen Both pillar.get and grains.filter_by are for specific applications (i.e. pillar data retrieval and filtering on grains) and have been extended to allow for the definition of "default values"
10:17 babilen My understanding is that you are simply looking for a way to merge to arbitrary datasets
10:18 mike25de yeah babilen
10:24 mike25de so i would... do {%- set np = salt['defaults.merge'](  dictPillar,  dictExternalFile ) %}   .. ?
10:25 k_sze joined #salt
10:27 babilen Pretty much
10:29 cliluw joined #salt
10:34 mike25de babilen: thanks it worked
10:34 mike25de thanks for all the help guys!
10:34 mike25de :)
10:49 mavhq joined #salt
10:51 docm joined #salt
10:51 docm left #salt
11:13 johnj joined #salt
11:22 johnkeates joined #salt
11:45 GMAzrael joined #salt
11:49 johnkeat_ joined #salt
11:56 Trauma joined #salt
12:00 ahrs joined #salt
12:10 shoemonkey joined #salt
12:12 Trauma_ joined #salt
12:14 johnj joined #salt
12:14 Nahual joined #salt
12:15 drags joined #salt
12:27 AvengerMoJo joined #salt
12:27 yuhl joined #salt
12:27 evle joined #salt
12:31 yuhl joined #salt
12:32 simondodsley Hi all. New to this IRC and would like to ask a simple question. I'm looking to create a module to control an external storage array that has a RestAPI interface and a Python module available. Should I be doing this as an execution module, a proxy minion, or something else? Also, which repo is best to do PR against for this? salt-contrib, or salt/devel?
12:36 hemebond simondodsley: Sounds like a custom execution module. Of course you'll still need a minion to run the commands; either a full minion or a proxy minion.
12:36 hemebond Custom execution modules can just be dropped into your Salt master; no need to put it into Salt unless you want to; which would be /saltstack/salt/
12:38 simondodsley hemebond: Thank you. Custom module it will be then.
12:48 pualj joined #salt
12:51 GMAzrael joined #salt
12:52 pualj joined #salt
12:52 gh34 joined #salt
12:59 numkem joined #salt
13:03 Brew joined #salt
13:03 jeddi joined #salt
13:04 ssplatt joined #salt
13:04 Trauma joined #salt
13:06 johnkeates joined #salt
13:09 johnkeates what do you guys use for persistent storage?
13:13 noobiedubie joined #salt
13:15 johnj joined #salt
13:29 mchlumsky joined #salt
13:29 Udkkna joined #salt
13:34 shoemonkey joined #salt
13:36 MMolicious joined #salt
13:36 KennethWilke joined #salt
13:38 edrocks joined #salt
13:42 bildz joined #salt
13:43 MMolicious joined #salt
13:44 MMolicious When changing the network configuration via network.managed for a minion the connection between the master and minion gets a timeout. Is it possible to reastablish the connection between a master and minion during a high.state and continue the salt-run?
13:45 A_Person joined #salt
13:53 cgiroua joined #salt
13:55 hemebond MMolicious: The highstate should continue.
13:55 hemebond The timeout you're seeing is likely just the salt command line timing out.
13:56 hemebond What it does it poll the job list to see if the minion has returned the result of the highstate.
13:56 hemebond Assuming the minion does eventually return the highstate result, you can fetch it manually using the salt-run jobs.lookup_jid function.
13:57 GMAzrael joined #salt
14:02 Trauma joined #salt
14:12 inad922 joined #salt
14:16 johnj joined #salt
14:23 Trauma joined #salt
14:28 ivanjaros joined #salt
14:31 sarcasticadmin joined #salt
14:33 edrocks joined #salt
14:33 rawkode joined #salt
14:38 pipps joined #salt
14:41 viq hemebond: though will it, if the TCP session is broken due to IP change?
14:48 dxiri joined #salt
15:03 shred joined #salt
15:07 noobiedubie can someone help with getting my minions to sign their responses
15:08 noobiedubie master key verification works but it keeps dropping minion response because it says they are not signing their responses
15:08 noobiedubie i have minin_master.pub in the pki/minion dir
15:08 noobiedubie along with master.pub and master_sign.pub
15:10 noobiedubie what am i missing?
15:10 numkem joined #salt
15:10 noobiedubie also have minion_sign_messages set to true
15:13 kwilke joined #salt
15:16 johnj joined #salt
15:18 hashwagon joined #salt
15:20 nethershaw joined #salt
15:26 noobiedubie anyone?
15:32 GMAzrael joined #salt
15:39 tiwula joined #salt
15:40 dxiri joined #salt
15:48 edrocks joined #salt
15:53 jas02 joined #salt
15:53 pualj joined #salt
16:00 dxiri joined #salt
16:07 shred joined #salt
16:09 numkem joined #salt
16:17 johnj_ joined #salt
16:23 mxork joined #salt
16:26 fritz09 joined #salt
16:26 shred joined #salt
16:29 jas02 joined #salt
16:29 mxork joined #salt
16:33 edrocks joined #salt
16:36 heaje joined #salt
16:39 shred joined #salt
16:39 whytewolf noobiedubie: minion_sign_messages is on the minions right? and you restarted the minion daemon after setting it?
16:40 whytewolf what version on the master and minion on?
16:41 GMAzrael joined #salt
16:42 shred joined #salt
16:43 shred joined #salt
16:44 shred joined #salt
16:45 shred joined #salt
16:46 shred joined #salt
16:47 shred joined #salt
16:52 nixjdm joined #salt
16:54 noobiedubie yes i did and both are running latest 2017.7.1
16:55 pipps joined #salt
16:56 whytewolf what os? and what python crypt lib?
16:56 edrocks joined #salt
16:58 noobiedubie centos 7 pycryptdome = 3.4.3 and pycrypto = 2.6.1
16:59 noobiedubie nacl better?
17:01 whytewolf nacl has a different purpase
17:01 pipps joined #salt
17:01 whytewolf i don't get this. i have the exact same versions of everything as you. and i can not replicate the issue
17:02 noobiedubie huh weird
17:02 noobiedubie master_sign should be the pki/minion dir right
17:02 noobiedubie should anything be in the pki/master dir on the minion
17:02 pipps joined #salt
17:02 noobiedubie ?
17:03 noobiedubie just to be sure i understand how this works all i need on the minion is the master_sign.pub and master.pub
17:03 whytewolf no, it signs with it's own key
17:04 Cottser joined #salt
17:04 noobiedubie so i don't need anything extra on the minion just minion sign messages in the config and it uses the minion generated keys
17:04 whytewolf right.
17:05 noobiedubie huh ok let me try that real quick one sec
17:12 astronouth7303 [salt-api] is there a difference between POST /minions and POST / with client set to local_async?
17:14 pipps joined #salt
17:14 whytewolf none that i know of
17:18 johnj_ joined #salt
17:18 _JZ_ joined #salt
17:20 sh123124213 joined #salt
17:21 noobiedubie yea it's still not signing any messages or i should say it is saying that signature verifaction failed
17:21 Trauma joined #salt
17:21 noobiedubie is there a way to reset keys or regenerate keys?
17:21 noobiedubie can i delete them and restart the minion?
17:22 whytewolf yes, delete the key from salt-key. and delete the keys in /etc/salt/pki/minion
17:22 whytewolf then restart the salt minion
17:22 ProT-0-TypE joined #salt
17:22 noobiedubie thanks
17:26 mikea joined #salt
17:30 ProT-0-TypE joined #salt
17:35 ProT-0-TypE joined #salt
17:37 dxiri joined #salt
17:41 Angleton joined #salt
17:42 ProT-0-TypE joined #salt
17:44 pipps joined #salt
17:45 ivanjaros joined #salt
17:49 jas02 joined #salt
17:51 pipps joined #salt
17:53 jas02 joined #salt
17:57 aleph- joined #salt
17:59 schemanic joined #salt
17:59 schemanic Hello, can I get recommendations for good saltstack books?
18:00 noraatepernos joined #salt
18:00 Angleton joined #salt
18:03 Church-1 joined #salt
18:03 GMAzrael joined #salt
18:04 btorch schemanic: I liked the "Mastering Saltstack" By Joseph Hall
18:05 btorch schemanic: I got this one recently but haven't started reading it yet though  https://leanpub.com/saltstackfordevops
18:05 high_fiver joined #salt
18:06 noobiedubie is there a way to have the bootstrap script automatically place the master_sign.pub in a newly launch instance
18:07 nixjdm joined #salt
18:09 aleph- joined #salt
18:09 nielsk joined #salt
18:11 fritz09 joined #salt
18:11 noobiedubie i see there is a function for it in the bootstrap script but when i launch a new instance it is not copied over
18:15 aleph- joined #salt
18:15 nielsk joined #salt
18:19 johnj_ joined #salt
18:20 pipps joined #salt
18:21 noobiedubie so tried resetting all keys from master to minions and still can't get minion to sign responses
18:23 pipps joined #salt
18:24 whytewolf i literall just put minion_sign_messages: true
18:24 noobiedubie master has no problems signing and minion verifies the signature from master but not the other way around
18:24 whytewolf in the minion and it worked
18:25 noobiedubie i have True does that work?
18:25 noobiedubie or does it matter
18:26 whytewolf as long as they are not in quotes
18:26 whytewolf it should be fine
18:26 noobiedubie whytewolf do you also have require_minion_sign_messages and drop_messages_signature_fail to true on master?
18:26 whytewolf yes
18:27 noobiedubie do you have your master signing it's public key as well?
18:27 whytewolf no
18:27 whytewolf [i don't have multi-master]
18:27 edrocks joined #salt
18:32 noobiedubie is there a specific library or anythin extra i need
18:32 noobiedubie ssl cert of anything?
18:33 whytewolf no. you already have the libs for it
18:35 whytewolf just to be sure the error you are seeing in the logs is [salt.master      ][CRITICAL][31536] _return: Master is requiring minions to sign their messages, but there is no signature in this payload from <minion id>.
18:37 dxiri joined #salt
18:37 dxiri joined #salt
18:37 whytewolf on the minion try salt-call config.get minion_sign_messages
18:38 Trauma joined #salt
18:38 _KaszpiR_ joined #salt
18:43 pipps joined #salt
18:45 noobiedubie no its Drop_messages_signature_fail is enabled, dropping message from *minion_id*
18:45 noobiedubie trying now
18:45 stewgoin joined #salt
18:46 lkolstad joined #salt
18:49 noobiedubie so it returns something about the master public key did not authenticate and that i need to delete the minion_master.pub that gets generated.
18:49 noobiedubie i do that then restart the minion the salt-call command returns true but the then the master tells me the error you posted about no signature in the payload
18:50 noobiedubie so is it somehow generating a bad minion_master.pub?
18:52 aldevar joined #salt
18:52 whytewolf you should be getting both the drop_messages_signature_fail is enabled, dropping message, and the one about no signature on the payload. but it might be possable.
18:52 aldevar left #salt
18:52 noobiedubie as restarting the minion after auto-generates that minion_master.pub file and the missing sig error disappears but i get the sig verification fail on master
18:53 justanotheruser joined #salt
18:54 noobiedubie does the master have to sign anything no the minion or does it need a public key from the minion to verify its sig?
18:54 noobiedubie on*
18:54 noobiedubie or is the minion_master.pub generated from minion.pub and minion.pem?
18:56 noobiedubie or maybe a missing pip library? although im sure it would tell me that
18:56 whytewolf NO
18:57 whytewolf you are not missing a library.
18:57 whytewolf does it work if you disable the drop_messages_signature_fail?
18:58 noobiedubie yes
18:58 noobiedubie i don
18:58 whytewolf then you have no problem with your keys
18:58 noobiedubie i don't get how my sig is bad though
18:59 whytewolf disable the master signing
18:59 noobiedubie i have
18:59 whytewolf then try the salt-call command i gave
18:59 noobiedubie jsut minion sign enabled right now
19:00 noobiedubie it says error master key has changed
19:01 whytewolf do you have multi-master?
19:01 noobiedubie though i didn't change anything then it tells me to delete minion_master.pub in minion pki and restart
19:01 noobiedubie no
19:01 noobiedubie but then i get the missing sig error instead of the drop because of failed sig error
19:02 noobiedubie right now i jsut have minion sign enabled and the two options on master to require sig and drop invalid sig
19:03 noobiedubie can i reset master keys?
19:04 whytewolf okay, rekey the minion. compleatly. nuke the pki files[all of them], and delete from salt-key. then restart the minion and readd the minion
19:04 whytewolf you don't want to do that
19:04 LostSoul joined #salt
19:04 noobiedubie ok will try that
19:06 nixjdm joined #salt
19:06 noobiedubie ok wipes everything pki/minion delete current key in salt-key and restart minion then accepted new key
19:06 noobiedubie still same error about dropping invalid sig
19:07 noobiedubie same error when i run salt-call command
19:07 noobiedubie tells me delete minion_master.pub and restart
19:08 whytewolf okay. what does your minion config look like?
19:08 noobiedubie then it gives me true but tells me their is no sig in my responses and if i restart minion again it regenerates minion_master.pub
19:08 noobiedubie one sec will post
19:09 whytewolf also, WHY are you trying to enable this at all?
19:09 whytewolf [the minion signing makes a little sense, but the master signing is only meant for multi-master]
19:09 preludedrew joined #salt
19:11 noobiedubie https://paste.debian.net/hidden/f97180ce
19:11 whytewolf why are you defining hash_type? that should default to sha512 anyway
19:11 noobiedubie only wanted minion signing
19:12 noobiedubie because i want to use sha512
19:12 whytewolf master_sign.pub has nothing to do with minion signing
19:12 whytewolf yes but the default is sha512
19:12 noobiedubie no that was when master signing was enabled
19:12 noobiedubie o i though it was sha256
19:12 noobiedubie according to docs?
19:12 whytewolf oh you are right.
19:13 whytewolf thought it was 512.
19:14 Pulp joined #salt
19:14 whytewolf you have that set on both minion and master right?
19:14 GMAzrael joined #salt
19:14 noobiedubie yup about to post my master config too one sec
19:15 whytewolf also, key_size as an option doens't exist
19:16 whytewolf nevermind. I'm seeing underscores when they arn't there
19:16 noobiedubie lol np
19:16 noobiedubie https://paste.debian.net/hidden/d57e8d36/
19:19 pualj joined #salt
19:19 whytewolf okay, you might need to file a bug report. something funky is going on.
19:20 johnj_ joined #salt
19:21 whytewolf i have a feeling the minion is signing the messages. but i don't think the master can verify the code.
19:21 noobiedubie yea i figured something like that was going on
19:22 mchlumsky joined #salt
19:24 Akkarin joined #salt
19:24 noobiedubie sad panda well i guess bug report it is
19:26 LostSoul joined #salt
19:31 pualj_ joined #salt
19:34 coredumb joined #salt
19:34 coredumb joined #salt
19:39 LostSoul joined #salt
19:47 jas02 joined #salt
19:52 pipps joined #salt
19:57 Guest73 joined #salt
20:06 mikecmpbll joined #salt
20:07 nixjdm joined #salt
20:07 ProT-0-TypE joined #salt
20:09 pipps joined #salt
20:09 justanotheruser joined #salt
20:10 Trauma joined #salt
20:21 johnj_ joined #salt
20:33 vexati0n is there a working bootstrap script for Mac OS ?
20:34 A_Person so if you use the salt.minion formula and it updates the minion or minion configuration it restarts the minion which seems to cause it to not return a response to the master ?
20:34 A_Person is there a way to work around this ?
20:34 vexati0n I found a pull request from a few weeks ago which will probably work but it is from before 2017.7
20:34 bowhunter joined #salt
20:34 vexati0n A_Person: In my experience there is no dependable way to get a response from a restarted minion.
20:35 vexati0n it's just a deal-with-it situation, afaik
20:35 A_Person so, exclude minion config push / update from topfile and just run manually?
20:35 A_Person or what's the best practice there
20:36 vexati0n I just assume it's not going to reply, and then i check to see if it's still online with other checks farther along in the process
20:36 vexati0n depending on what it is i'm doing
20:36 whytewolf https://docs.saltstack.com/en/latest/faq.html#restart-using-states
20:41 wavded joined #salt
20:44 Trauma joined #salt
20:48 hemebond viq: "Assuming the minion does eventually return the highstate result" though I suspect it doesn't based on my previous experience.
20:49 pipps joined #salt
20:51 omie888777 joined #salt
20:51 pipps joined #salt
20:54 pipps99 joined #salt
20:56 vexati0n i really wish the salt-master came with a simple command for deploying minions to whatever devices happen to be on my network at any given moment regardless of OS or firewall status :/
20:58 ProT-0-TypE joined #salt
20:58 astronouth7303 vexati0n: i mean, there's salt-boostrap and saltify
20:58 astronouth7303 but that sounds a lot like "just punch random holes in things, i don't care, just make it work"
20:59 pipps joined #salt
20:59 jas02 joined #salt
21:00 pipps joined #salt
21:00 vexati0n yes option #2
21:01 vexati0n salt-bootstrap doesn't work on Mac OS until the guy with the pull request refactors his function to obey the salt version respected by the rest of the script, and anyway they all expect users to know how to run a script.
21:02 vexati0n and Saltify does not seem to give any craps about windows
21:04 vexati0n my fault for not just using salt in the datacenter i guess but still.
21:04 hemebond If you're using Windows you probably want to use their tools and ... stuff.
21:04 astronouth7303 well, how do you execute commands on remote machines in windows?
21:07 XenophonF I use Salt to run PowerShell commands remotely.
21:07 nixjdm joined #salt
21:07 whytewolf astronouth7303: generally? winexe or winrm
21:08 astronouth7303 i would assume that saltify is built on ssh
21:08 whytewolf saltify is yes
21:09 XenophonF i did a bunch of minion deployments using psexec
21:09 miruoy joined #salt
21:11 tacoboy joined #salt
21:12 GMAzrael joined #salt
21:13 pualj joined #salt
21:13 hemebond Ah yes, the ps suite.
21:13 hemebond Good stuff in there.
21:14 _pualj_ joined #salt
21:15 pipps joined #salt
21:17 pualj_ joined #salt
21:22 aldevar joined #salt
21:22 johnj_ joined #salt
21:25 vexati0n does winexe work with windows 10 ?
21:25 vexati0n the problem honestly is we have a ton of unmanaged windows laptops and desktops running around that have never even been joined to the domain
21:25 vexati0n because pre-existing reasons
21:26 hemebond Format :-)
21:26 vexati0n and we're supposed to manage them with salt, which is cool except for the part where we have to get salt installed on them
21:26 whytewolf looks like win 10 has issues with winexe. but only some not all
21:27 vexati0n probably will just use psexec. sadly that means touching a keyboard connected to a windows computer, and i will likely die of exposure.
21:30 Hybrid joined #salt
21:30 Sammichmaker joined #salt
21:34 jas02 joined #salt
21:40 pipps joined #salt
21:44 noobiedubie joined #salt
21:45 noobiedubie hey whytewolf do you have M2crypto installed?
21:46 whytewolf M2Crypto: Not Installed
21:51 Trauma joined #salt
21:59 debian112 joined #salt
22:03 lkolstad joined #salt
22:06 nixjdm joined #salt
22:16 pipps joined #salt
22:23 johnj_ joined #salt
22:26 ssplatt joined #salt
22:29 rpb joined #salt
22:34 rpb joined #salt
22:37 rpb joined #salt
22:40 jas02 joined #salt
22:40 LostSoul joined #salt
22:41 rpb joined #salt
22:41 GMAzrael joined #salt
22:47 pipps joined #salt
22:53 dol-sen joined #salt
22:56 shanth_ joined #salt
22:57 shanth_ i cant find the post but i was reading somehwere that {{grains['id']}} is not the most reliable way to generate the minions id. was there a better method that anyone was aware of?
22:58 dol-sen I have a question about salt-cp.  the -C, --chunked option
22:59 hemebond shanth_: I've not heard that.
22:59 hemebond Would be interested to know if that is the case.
22:59 dol-sen is it being cancelled/deprecated or just made an optional arg... https://docs.saltstack.com/en/latest/ref/cli/salt-cp.html it isn't very clear about it
22:59 shanth_ i can't find it but it believe it was a dev post on github hemebond
23:00 hemebond shanth_: Did it have something to do with the grain being secure?
23:00 hemebond "Minion IDs are safe because if they try to change their ID they'll either be rejected or show up in new unaccepted keys."
23:00 shanth_ i think i found it
23:00 shanth_ {{opts.id}}
23:00 hemebond Uh... what's opts.id?
23:00 shanth_ https://devops.stackexchange.com/questions/1279/securely-grab-minion-id-in-pillar-top-file-template
23:01 shanth_ the guy answered his own question so i dont know how accurate it is
23:02 hemebond Ah, interesting.
23:02 hemebond Looks like it's not an issue anymore.
23:02 hemebond grains.id is now special-cased.
23:03 shanth_ nice
23:03 gmoro_ joined #salt
23:03 ssplatt joined #salt
23:03 whytewolf will have to see if i can break it.
23:04 hemebond Using {{ opts.id }} is possibly still the most explicit and safest.
23:04 whytewolf grains['id'] was way easy to break
23:07 omie888777 joined #salt
23:07 debian1121 joined #salt
23:09 mikecmpbll joined #salt
23:11 GMAzrael joined #salt
23:12 shoemonkey joined #salt
23:13 whytewolf humm. need to update. but already had minor success beating grains.id
23:13 whytewolf [test was on 2017.7.0, updating to .1]
23:15 shanth_ stop breaking stuff
23:17 whytewolf but but but, ...
23:18 whytewolf humm, interesting.
23:22 whytewolf okay, in pillar it is safe to use grains.id [or any other grains['id'] var.]. but in states it will give the "hacked" version
23:23 hemebond Oh dear.
23:23 hemebond In states can you use opts.id?
23:23 johnj_ joined #salt
23:24 whytewolf yeap
23:26 mikecmpbll joined #salt
23:30 bcat joined #salt
23:33 sh123124213 joined #salt
23:36 shoemonkey joined #salt
23:38 turambar joined #salt
23:38 LostSoul joined #salt
23:43 pipps joined #salt
23:46 Trauma joined #salt
23:48 pipps joined #salt
23:50 noraatepernos joined #salt
23:57 zerocool_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary