Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-10-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 skg-net joined #salt
00:14 ponyofdeath joined #salt
00:19 johnj_ joined #salt
00:39 dxiri joined #salt
01:06 XenophonF I wrote a script for bootstrapping my Salt master in AWS, from Pillar and States data in GitHub.
01:07 XenophonF https://gist.github.com/xenophonf/d8da7f47ea29d9ad46e7
01:09 XenophonF fill in the blanks on the script, and it lays down just enough of a master config to get gitfs working
01:09 XenophonF and from there, it uses salt-formula to finish setting the master up
01:10 XenophonF you could adapt that into a deploy script, perhaps
01:10 marcux joined #salt
01:11 XenophonF or use a reactor script to watch for a minion key acceptance event (once salt-coud finishes deploying it), and run state.apply when you see it
01:11 XenophonF there are probably other answers to your question, brianthelion
01:18 zerocoolback joined #salt
01:20 johnj_ joined #salt
01:22 evle joined #salt
01:27 tiwula joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:21 johnj_ joined #salt
02:22 petems joined #salt
02:27 ramteid joined #salt
02:30 ozux__ joined #salt
02:30 wavded joined #salt
02:31 MTecknology __number5__: because cloud-init is really super bloaty with lots of cruft that you don't typically need? :)
02:32 gnomethrower joined #salt
02:35 icebal joined #salt
02:42 squishypebble joined #salt
02:45 rideh joined #salt
02:46 qman__ joined #salt
02:46 basepi joined #salt
02:48 dwfreed joined #salt
02:50 irated joined #salt
02:50 MajObviousman joined #salt
02:55 XenophonF __number5__: I don't understand the question.
02:55 __number5__ but it's installed with OS, and doing its jobs nice and clean...
02:55 icebal joined #salt
02:57 dxiri joined #salt
03:12 onlyanegg joined #salt
03:22 johnj_ joined #salt
03:25 onlyanegg joined #salt
03:37 relidy joined #salt
03:43 JPaul joined #salt
03:52 shanth joined #salt
03:53 JPaul joined #salt
04:17 sh123124213 joined #salt
04:23 johnj_ joined #salt
04:36 XenophonF Oh
04:37 XenophonF IIRC I would have to send the script via userdata, which could be accessed by unprivileged processes on the master.
04:37 XenophonF So I didn't use that b/c I was perhaps unreasonably paranoid.
04:37 XenophonF I didn't want to push the necessary private keys via that route.
04:51 ramteid joined #salt
05:15 Bock joined #salt
05:16 gladia2r joined #salt
05:17 omie888777 joined #salt
05:18 __number5__ XenophonF: it doesn't make sense since AWS set the default keypair using cloud-init
05:24 johnj_ joined #salt
05:28 zulutango joined #salt
05:44 schasi joined #salt
05:49 Tenyun joined #salt
06:05 DarkKnightCZ joined #salt
06:25 johnj joined #salt
06:29 ws2k3 joined #salt
06:30 ws2k3 joined #salt
06:30 ws2k3 joined #salt
06:30 hoonetorg joined #salt
06:31 ws2k3 joined #salt
06:31 ws2k3 joined #salt
06:32 ws2k3 joined #salt
06:45 felskrone joined #salt
06:50 Hybrid joined #salt
07:06 usernkey joined #salt
07:10 Hybrid joined #salt
07:12 Neighbour Can someone push the v2017.7.2 tag to the salt repo? It seems to have been forgotten
07:16 mbologna joined #salt
07:16 whytewolf um, which repo.
07:19 Neighbour the saltstack github repo
07:19 whytewolf you mean https://github.com/saltstack/salt/tree/v2017.7.2
07:20 aldevar joined #salt
07:20 Neighbour hmm yes...that's odd, it's not showing on my `git tag -l`...what am I doing wrong? :)
07:21 whytewolf i, don't know. humm it isn't showing up for me either. but it shows up through the interface.
07:22 pbandark joined #salt
07:23 gnomethrower joined #salt
07:23 Neighbour I can't do a checkout on it either from the cli
07:23 whytewolf humm try git fetch --tags
07:23 whytewolf it showed up for me after that
07:24 Neighbour ahh, indeed..thanks! :)
07:24 Neighbour (still weird imo)
07:24 av__ joined #salt
07:24 Neighbour but i suppose i'll create an alias to always include --tags :)
07:25 whytewolf apperently default behavour is too only fetch tags that are only reachable by current references. git fetch --tags just says get them all
07:26 johnj joined #salt
07:26 whytewolf or something like that
07:27 Neighbour The day's young, and I've already learned things...this is very promising :)
07:28 Ricardo1000 joined #salt
07:31 toanju joined #salt
07:41 zer0def joined #salt
07:43 babilen whytewolf: I had that issue before and it was diagnosed to be due to SaltStack "internal" branches that never see the light of day
07:43 babilen (the ones the cabal use)
07:45 whytewolf Well that would be a reference that is unreachable ;)
07:45 Rumbles joined #salt
07:46 whytewolf Anyway. It is way past my bed time.
07:47 whytewolf Night
07:53 DanyC joined #salt
08:01 ozux joined #salt
08:02 ozux joined #salt
08:09 RandyT_ joined #salt
08:15 toanju joined #salt
08:16 impi joined #salt
08:27 johnj joined #salt
08:28 Mattch joined #salt
08:40 toanju joined #salt
09:01 bdrung_work joined #salt
09:11 schasi joined #salt
09:12 Trauma joined #salt
09:28 johnj joined #salt
09:31 _KaszpiR_ joined #salt
09:50 ruxi joined #salt
09:54 c06 joined #salt
09:55 c06 hi all
09:56 c06 i have small query regarding reclass and salt
10:01 ruxi I'm starting to try out salt for our environment, and there is one thing I'm not able to figure out:
10:01 ruxi We have some additional data per managed machine in a small file based database next to the salt server. How can I get additional grains into salt from the server side? Everything I found in the docs expects grains only be set on the minion ...
10:01 ruxi Except maybe here https://docs.saltstack.com/en/getstarted/fundamentals/targeting.html where it says: "You can add your own grains to a Salt minion by placing them in the /etc/salt/grains file on the Salt master, [...]".
10:01 ruxi But this may be a documentation flaw, too. At least I did not find out how to do it.
10:02 felskrone joined #salt
10:05 babilen ruxi: grains are entirely minion local .. You'd use pillars for centrally managed minion specific data
10:06 babilen You could, naturally, set grains (locally) on the minion, but then you'd have to manage *that* from a central location which brings you back to square one
10:09 zerocoolback joined #salt
10:09 ruxi babilen pillars would maybe be an option, it's only that I want to be able to target hosts based on that data. Is that possible through pillar data?
10:10 babilen ruxi: The general approach to that is to use pillarstack, enable external pillar evaluation first and take it from there
10:11 babilen And what do you mean by "target hosts" in this context?
10:11 babilen Target them whatfor and with what?
10:12 ruxi babilen I mean like: The data I'd like to add to every minion from this central DB is e. g. "roles = webserver,syslog-client"
10:12 ruxi And I'd like to do
10:12 ruxi 'salt "roles:webserver" cmd ...'
10:12 ruxi or something like that
10:12 babilen That's absolutely possible
10:13 babilen https://docs.saltstack.com/en/latest/topics/targeting/compound.html → I@ and J@
10:13 babilen https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
10:13 babilen My comment above pertained to the "target pillar data based on pillar data" problem
10:13 ruxi great :)
10:13 ruxi So, I just didn't get it at first. I'll make it so! ;)
10:14 babilen What kind of DB are you using? There are extensive external pillar modules already: https://docs.saltstack.com/en/latest/ref/pillar/all/index.html
10:18 ruxi babilon thanks for the hint, I'll have a look at it. However, we are using some kind of customized (maybe an over-engineered word for this case) CSV format. Should not be a problem to convert.
10:26 c06 is it possible to write or call states in multilevel like. preconfig, install, verify.?
10:27 c06 i have set of nodes i am wrting state to do the configuartion management; but i want to segregate the states to preconfig, install, verify. any way to do this one.?
10:29 babilen What does it mean for states to be segregated?
10:29 johnj joined #salt
10:33 djinni` joined #salt
10:33 ws2k3 joined #salt
10:34 ws2k3 joined #salt
10:34 c06 babilen: i am just want to seperate the preconfig, installing packages and verfify process ( salt-states)
10:34 ws2k3 joined #salt
10:34 c06 after grouping i ll call those states
10:34 ws2k3 joined #salt
10:35 ws2k3 joined #salt
10:35 babilen c06: You might be looking for orchestration
10:35 ws2k3 joined #salt
10:36 babilen You can group states into SLS files in whatever way you like
10:42 c06 babilen: actually i am also using reclass
10:42 c06 babilen: i ll check abput orrchestration also
10:43 babilen No idea about reclass
10:44 c06 ok just check that one that is also cool. ty babilen i ll check about orchestration
11:05 masuberu joined #salt
11:05 supermike___ joined #salt
11:06 Awesomecase joined #salt
11:07 Trauma joined #salt
11:08 whytewolf joined #salt
11:11 gmoro joined #salt
11:20 W4RL0RD joined #salt
11:20 darioleidi_ joined #salt
11:26 kjsaihs joined #salt
11:27 Tucky joined #salt
11:30 aldevar joined #salt
11:30 johnj joined #salt
11:34 hoonetorg joined #salt
11:49 sh123124213 joined #salt
11:57 m4rk0 Hello again :)
11:57 m4rk0 babilen, i hope you are alive :D
11:58 ws2k3 joined #salt
12:02 m4rk0 In salt mine i have defined custom mine_function internal_ip: network_ip_addrs ... when I specify cidr it returns 0, without cidr everything is okay... what I'm doing wrong here? https://gist.github.com/mdzidic/41297c3aeae388f7cd5f97ab3405553a
12:04 scarcry joined #salt
12:05 babilen m4rk0: Try quoting the cidr .. please also note that network.ip_addrs takes "type=private" and "type=public"
12:06 babilen Oh, and .. should those be lists?
12:07 m4rk0 nope just 1 ip...
12:07 babilen (and if so: Isn't indentation off?
12:11 babilen m4rk0: Try this: http://paste.debian.net/990183/
12:11 XenophonF __number5__: AWS pushes a public key via instance metadata, not a private key
12:11 m4rk0 alright ;)
12:11 XenophonF __number5__: but my Salt config requires various private keys (SSH, GPG) in order to access Pillar and State data
12:12 Number6 joined #salt
12:12 XenophonF I don't know if it's possible to remove userdata post launch without stopping the instance, converting it to an AMI, and re-launching it.
12:12 XenophonF hence, that salt-master bootstrap script
12:12 Number6 Is there a known issue with CentOS? I am getting a "Transaction Check Error" on the salt packages when I run a yum update
12:13 Number6 Occured yesterday
12:13 m4rk0 babilen, it works well !!! FINALLY! :) Thanx!
12:13 babilen m4rk0: http://paste.debian.net/990184/ is what I'm using ..
12:13 babilen hoo-ray
12:15 babilen m4rk0: On top of that we automatically include mine functions for "smaller" cidr ranges (i.e. private networks) so that we have "foo_private_network_addrs: ..." also
12:16 Nahual joined #salt
12:16 babilen (they should be in one of the three private cidr ranges already (cf. https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces → 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16)
12:18 gmoro joined #salt
12:26 Hybrid joined #salt
12:30 obitech joined #salt
12:31 johnj joined #salt
12:44 edrocks joined #salt
12:45 evle joined #salt
12:53 numkem joined #salt
12:57 darioleidi joined #salt
13:00 gareth__ joined #salt
13:12 zerocoolback joined #salt
13:13 zerocoolback joined #salt
13:16 noobiedubie joined #salt
13:17 gh34 joined #salt
13:23 mchlumsky joined #salt
13:23 johnkeates joined #salt
13:31 mchlumsky joined #salt
13:31 xet7 joined #salt
13:31 ouemt joined #salt
13:32 johnj joined #salt
13:34 squishypebble joined #salt
13:45 cro joined #salt
14:01 XenophonF so here's one for the future
14:01 XenophonF looking up AMIs in a Jinja template
14:02 XenophonF Windows AMIs change monthly in order to incorporate patches released by Microsoft, so I periodically have to update my Salt Cloud configs with the new AMI IDs
14:02 XenophonF this is a pain
14:03 XenophonF first one has to find the right AMIs out of this list: aws ec2 describe-images --owners amazon --filters "Name=platform,Values=windows" --query 'Images[*].{ImageId:ImageId,Description:Description,CreationDate:CreationDate}' --output json
14:03 XenophonF which is huge
14:04 XenophonF you can cut that down by filtering on the AMI description, e.g., adding a filter like this to the above command - "Name=description,Values=Microsoft Windows Server 2012 R2 RTM 64-bit Locale English AMI provided by Amazon"
14:04 XenophonF still a pain
14:04 XenophonF note the creation dates
14:04 _KaszpiR_ joined #salt
14:05 XenophonF wouldn't it be nice if Salt did that for you when rendering your cloud.profiles.d template?
14:09 DammitJim joined #salt
14:10 XenophonF I think the answer is boto_ec2.find_images.
14:11 XenophonF Unfortunately, it doesn't take a "filters" argument.
14:13 XenophonF and it just returns a list of AMI IDs, which doesn't let you post-process the output.
14:16 XenophonF so I think I have to write my own function
14:16 XenophonF with blackjack
14:16 XenophonF brb
14:17 cgiroua joined #salt
14:20 XenophonF oh, return_objs gives you more data, which is nice
14:20 rnicksic joined #salt
14:24 rnicksic I’m attempting to shard my state file trees into separate git repos, one for systems (users, security, common configurations, etc) and two others for separate developer groups.
14:25 rnicksic Salt master doesn’t appear to be merging top.sls from the different repos
14:25 rnicksic Am I going about this in the wrong way?
14:25 JawnAuz joined #salt
14:33 johnj joined #salt
14:35 XenophonF rnicksic: you might need to change the top file mergeing strategy
14:35 XenophonF cf. https://docs.saltstack.com/en/latest/ref/states/top.html
14:36 _JZ_ joined #salt
14:36 marcux joined #salt
14:37 XenophonF maybe you want to change it to "merge_all"? but RTFM first
14:37 ws2k3 joined #salt
14:37 ws2k3 joined #salt
14:38 smartalek joined #salt
14:38 ws2k3 joined #salt
14:38 ws2k3 joined #salt
14:39 ws2k3 joined #salt
14:39 _KaszpiR_ joined #salt
14:39 ws2k3 joined #salt
14:43 rnicksic XenophonF: is there a way to specify file_roots for gitfs_remotes?
14:43 rnicksic e.g. one is base, the other dev, etc?
14:44 JawnAuz joined #salt
14:46 oeuftete joined #salt
14:52 gh34 joined #salt
14:53 Brew joined #salt
14:53 Naresh joined #salt
14:58 sarcasticadmin joined #salt
15:00 XenophonF yes, I think so
15:00 XenophonF IIRC you can change that per repository.
15:01 edrocks joined #salt
15:01 XenophonF yes, it's the gitfs_base parameter, which you can configure on a per-remote basis
15:01 XenophonF cf. https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
15:01 JawnAuz joined #salt
15:09 XenophonF Success? https://github.com/irtnog/salt-states/tree/development/_modules/irtnog_ec2.py
15:12 rnicksic on a concall atm, will try after
15:13 lordcirth_work joined #salt
15:17 lordcirth_work joined #salt
15:26 Ricardo1000 joined #salt
15:27 usernkey1 joined #salt
15:34 johnj joined #salt
15:37 ozux__ joined #salt
15:43 oida joined #salt
15:47 nixjdm joined #salt
15:52 brd joined #salt
15:55 Trauma joined #salt
15:58 fatal_exception joined #salt
15:59 DanyC joined #salt
16:01 snarked joined #salt
16:04 noobiedubie joined #salt
16:07 DanyC joined #salt
16:09 impi joined #salt
16:09 brd I can't seem to figure out if I can use this module in a state template: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.zpool.html#salt.modules.zpool.exists
16:09 sh123124213 joined #salt
16:09 brd I thought I could just do something like: {$ if zpool.exists['poolname'] == True %}
16:11 whytewolf brd: {% if salt.zpool.exists('poolname') %}
16:12 beardedeagle joined #salt
16:13 DanyC_ joined #salt
16:14 johnj joined #salt
16:14 edrocks joined #salt
16:14 brd whytewolf: ahh, so all the modules are under salt. ?
16:16 whytewolf yes
16:16 brd thanks
16:19 major supporting migration via salt-proxy is not looking exciting
16:19 major or while using salt-proxy I should say
16:20 tiwula joined #salt
16:22 EvaSDK joined #salt
16:22 racooper joined #salt
16:31 dxiri joined #salt
16:39 chadhs joined #salt
16:40 EvaSDK joined #salt
16:42 major joined #salt
16:43 major also .. would be nice if the proxyminion examples included a multiproxy example
16:47 edrocks joined #salt
16:47 XenophonF hm, now why does setting return_objs=True break my function?
16:51 XenophonF and i wonder if the DescribeImages API sorts the return value by creation date
16:57 cyteen joined #salt
16:58 aldevar left #salt
17:00 toastedpenguin joined #salt
17:01 major joined #salt
17:05 nixjdm joined #salt
17:15 johnj joined #salt
17:26 Number6 left #salt
17:28 sh123124213 joined #salt
17:30 zerocoolback joined #salt
17:40 khaije1 joined #salt
17:44 major damn .. no salt.proxy.netgear or salt.proxy.openwrt?
17:44 * major gets to writing.
17:46 obitech joined #salt
17:47 khaije1 is there a way to append content to a line in a file using a state?
17:56 W4RL0RD joined #salt
17:57 lordcirth_work khaije1, append to a line?  Is the existing line content completely known?
17:57 lordcirth_work If so you can replace the line
17:59 ECDHE_RSA_AES256 joined #salt
18:01 ozux joined #salt
18:02 khaije1 I follow what you're saying. In this case the line content is known, but I'm also wondering how to handle the case where it isn't known.
18:03 nixjdm joined #salt
18:03 Oida joined #salt
18:04 lordcirth_work khaije1, do you want to do it by line number or what?
18:05 major how do you reach out and poke a proxy via salt-ssh?
18:06 khaije1 lordcirth_work: the logic I'm sort of hoping for is (1) for lines matching regex, (2) insert new content between two regexes
18:06 major like, in the p8000 example from the proxy docs .. there doesn't seem to be a clear way to send a command to a device controlled via a proxy at that point
18:08 lordcirth_work khaije1, with a good enough regex, you might get file.replace to do that
18:13 viq khaije1: file.replace ?
18:14 Oida joined #salt
18:15 tom[] in jinja i can get basename with path.split('/')[-1]. how to get dirname?
18:15 gh34 joined #salt
18:16 johnj_ joined #salt
18:17 viq tom[]: maybe [:-1] ?
18:17 tom[] that looks like a smiley ;)
18:17 tom[] i'll try it
18:20 khaije1 lordcirth_work: I can sort of imagine that. Reading ...
18:20 khaije1 mah dudes, file.replace with an unless/onlyif clause will fit this bill nicely!
18:21 StolenToast I need to make a local copy of the repository for CentOS but the only rsync link listed is for the full everything repo: rsync://repo.saltstack.com/saltstack_pkgrepo_full
18:21 Oida joined #salt
18:21 StolenToast can I rsync only the one I want?
18:21 viq StolenToast: for one, rsync has pretty good excludes and includes ;)
18:22 StolenToast I'll look at it
18:22 viq StolenToast: also, try first "rsync rsync://repo.saltstack.com/"
18:23 StolenToast oh nice
18:24 StolenToast thanks
18:25 khaije1 I'm trying to get a support quote from saltstack corporate and having a hard time getting a response. Any chance someone in chan can help out?
18:26 khaije1 I've emailed, left messages, etc over the last couple weeks.
18:26 smartalek joined #salt
18:27 tom[] viq: {{ '/a/b/c'.split('/')[:-1] | join('/') }}  yields '/a/b' as required. thanks
18:29 viq \o/
18:33 lordcirth_work Ansible has jinja filters for this: https://stackoverflow.com/questions/22562969/jinja2-basename-or-dirname-from-builtin-filters#40710177  We should steal them
18:33 JAuz joined #salt
18:34 teratoma when will salt and ansible just merge
18:35 lordcirth_work teratoma, seeing as they are architected as complete opposites, never
18:35 tom[] as in git merge ?
18:38 edrocks joined #salt
18:38 teratoma salt could probably fire off ansible tasks ?
18:39 tom[] it surely could. and visa versa
18:39 tom[] but who wants that complexity?
18:40 ws2k3 joined #salt
18:40 teratoma i used to use salt to install ansible, dunno if that was a good idea
18:40 ws2k3 joined #salt
18:41 ws2k3 joined #salt
18:41 iggy khaije1: I'd hit up one of the chan ops, and good luck
18:42 major teratoma, I vote no :P
18:43 tom[] teratoma: perhaps it was appropriate for your situation. but in general, imo: Bartleby, the Scrivener
18:44 DammitJim what is the best way to install mysql-server and allowing salt to manage creation of users?
18:44 DammitJim I think before, we had to use mysql-server/root_password ?
18:44 DammitJim is that still the case?
18:45 tom[] DammitJim: i don't know about "best" but i used mysql_user.present to set root password
18:47 viq teratoma: ....why would you do that to yourself?
18:47 tom[] (after installing the pkg and starting the service, ofc)
18:47 viq DammitJim: debian by any chance?
18:47 DammitJim viq, yeah, I have been using debconf.set
18:47 DammitJim but was wondering if things have changed
18:48 viq DammitJim: then give me a sec, there's a neat trick, but I need to find specifics
18:48 DammitJim I need to update my state to use credentials from pillar
18:48 DammitJim oh yeah?
18:49 tom[] DammitJim: in ubuntu 14.04 i used debconf.set. but with debian 9 the mariadb installer seems to be much more reasonable
18:49 tom[] it seems not needed
18:49 DammitJim oh man, no mariadb :(
18:50 ChubYann joined #salt
18:50 viq DammitJim: cat pillars/mysql_connection.sls
18:50 viq mysql.default_file: '/etc/mysql/debian.cnf'
18:50 DammitJim oh wow... took a snapshot of my vm
18:50 whytewolf viq refereing to useing the debian maint config file?
18:50 viq whytewolf: yeah
18:50 DammitJim and just ran my states from before w/o using debconf and I was able to set the new users, passwords, and grants!
18:51 DammitJim I think I have that set somewhere
18:52 DammitJim the use of debian.cnf
18:53 khaije1 aye aye will do, thanks iggy
18:55 DammitJim not sure if this is related to salt at all, but... should I not be changing the root password for localhost since that is now an auth_socket?
19:03 nixjdm joined #salt
19:04 major I have to say .. I sort of dislike the default /srv/{salt,pillar,...} usage .. why can't the default be /srv/salt/{states,pillar,...} ?
19:04 lordcirth_work major, I agree.  I would guess that /srv/salt was picked when they only needed one dir.
19:04 major it makes me twitchy...
19:04 lordcirth_work We use /srv/saltstack/{states,pillar} to avoid confusion with /srv/salt
19:05 viq I use git :P
19:05 lordcirth_work I do too, but not remotes
19:06 lordcirth_work git remotes require you to commit, push, and pull every typo fix and test
19:07 viq That's why I've wrapped my repo in vagrant, so I can test changes locally before pushing
19:07 major honestly I am fine w/ all that .. but bringing up a local git instance to manage my private data is not entirely something I want to deal with either
19:07 major and I am not about to push my pillars to github
19:08 lordcirth_work Yeah, we already have a local gitlab
19:08 viq gitolite makes it trivial. As for pillars, gpg encrypt those you don't want others to see
19:08 major any effort over zero effort is infinitely more effort
19:08 lordcirth_work There is no such thing as zero effort
19:09 major viq, that would be generally all ofit
19:09 lordcirth_work Interesting.  There are plenty of secrets in my pillar but it's mostly config
19:09 major lordcirth_work, well .. it depends if you can leverage existing work (thus the effort was already made for some other purpose)
19:10 major it isn't so much about the secrets really .. its just not something that would remotely benefit others and gains me very little.  it certainly wouldn't add anything in the way of redundancy for me
19:13 sh123124213 joined #salt
19:14 lordcirth_work git isn't for redundancy, it's for version control
19:15 major didn't say I wasn't using git, said I wasn't using github for pillar data
19:17 johnj_ joined #salt
19:17 major and gitolite/gitosis are, IMHO .. hugely overkill for something as simple as a git push endpoint
19:17 major they are more a key management system for ssh+git then a repo management system
19:23 viq *shrug* it made sense to me. You are not me ;)
19:24 viq But I do prefer to have key and access management system, where some keys can push, and some can only read
19:25 major agreed, I just feel it makes more sense if you are dealing with multiple keys that need git access.  Ultimately gitosis/gitlite are just forcing the command= option in the ssh_config to limit specific keys to specific commands, the rest of the system is stacks of wrapper scripts.  For a simple system you can jut make a 'git' user and add your authorized keys and just push to the user directly if you are so
19:25 major inclined
19:25 bryguy joined #salt
19:26 major or command= in the authorized_keys rather, still
19:26 major its a good system, but more than I need to worry about
19:32 sh123124213 joined #salt
19:41 toofer joined #salt
19:42 athaller joined #salt
19:46 Oida joined #salt
19:49 shalkie joined #salt
19:50 aneeshusa joined #salt
19:51 crevetor joined #salt
19:51 viq Yeah, I have separate key for salt master, that can only read
19:52 crevetor Hi, I'm trying to use salt-cloud to deploy VMs to digitalocean but salt-cloud doesn't handle my ssh keyphrase well. Do you guys have a workaround other than removing the passphrase from my ssh key ?
19:52 viq Same as I keep my passwords in git using pass, and my laptop can write, but my phone can only read
19:52 viq crevetor: ssh-agent?
19:52 Hybrid joined #salt
19:52 crevetor viq: tried it, didn't work either for some reason.
19:52 crevetor viq: maybe I need to try harder.
19:53 lordcirth_work Considering that root on  the salt-master is root on all minions, I'm not sure why an ssh keyphrase for a key stored root-only on the minion helps much
19:54 XenophonF haHA - success!!!  My Salt master now looks up AMI IDs when rendering the cloud.profiles template!
19:54 lordcirth_work Though in general it's a good idea, it's not like your salt-master is going to be physically stolen? (I hope)
19:54 XenophonF https://github.com/irtnog/salt-states/blob/development/salt/files/cloud.profiles.d/irtnog.conf
19:54 XenophonF I keep meaning to wire my Salt master up to Vault or SDB.
19:54 lordcirth_work XenophonF, so it always uses the latest image?
19:55 toronotyes joined #salt
19:55 lordcirth_work Hashicorp Vault as external pillar?  Could be cool, yeah
19:55 viq crevetor: maybe have a passwordless ssh key that's used only for provisioning nodes, and removed/replaced afterwards?
19:56 crevetor viq: I think I might be able to get ssh-agent to work. It's just that since I'm sudoing I need to have it setup for root.
19:56 crevetor viq: yeah it works.
19:57 toronotyes when I try to bootstrap a minion install, I get the following https://gist.github.com/anonymous/489c2531d8140cf01f12cfc85628986d.js
19:58 XenophonF lordcirth_work: yes, so it always uses the latest image
19:58 lordcirth_work toronotyes, I don't think you wanted the .js on that
19:59 XenophonF when I get some time, I'm going to try to fix up boto_ec2.find_images to where it will let you use more filters
19:59 toronotyes lordcirth_work: https://gist.github.com/anonymous/489c2531d8140cf01f12cfc85628986d
19:59 XenophonF and yes, I want to use Vault with Salt Pillar
20:00 XenophonF Unfortunately,I lost track of some integration work someone was doing eariler this year.
20:00 XenophonF I need to dive back into that b/c I want to use it with certbot.
20:00 XenophonF and the gpg renderer
20:02 nixjdm joined #salt
20:05 XenophonF crevetor: my Salt master has its own passwordless SSH keys
20:06 XenophonF so do some of my minions (e.g., deploy keys)
20:06 XenophonF I don't know how else you'd do it outside of an HSM or smartcard.
20:07 toronotyes lordcirth_work: here is the state file and command https://pastebin.com/fHy1f9SH
20:07 toronotyes do you see anything wrong with what I'm doing?
20:11 _KaszpiR_ joined #salt
20:13 onlyanegg I'm having trouble with merging some objects in jinja. https://gist.github.com/onlyanegg/bb758a63f9ce232911b422801e10628e
20:13 lordcirth_work toronotyes, I don't use salt-ssh or the bootstrap script, sorry
20:14 toronotyes lordcirth_work: if you have different versions of ubuntu 12, 14, 16 is it ok to simply use apt-get install for minions?
20:14 onlyanegg even though I'm updating the 'config' object with 'slsutil.update', the cie.config object gets updated in each loop.
20:14 lordcirth_work toronotyes, I add the saltstack repo and then install
20:14 lordcirth_work Which I think is what the bootstrap does if it detects ubuntu?
20:15 toronotyes lordcirth_work: that's what I thought.  using bootstrap because I have ubuntu, redhat, in environment.
20:15 toronotyes ok.. will try it out.
20:15 lordcirth_work My minions get preseeded with the stock 16.04 minion, then the first state adds the repo and updates.  Although now updating salt-minion through salt breaks it and I have to use atd...
20:16 Edgan toronotyes: I know salt-ssh fairly well. What version of salt-ssh?
20:16 toronotyes salt 0.17.5
20:17 Edgan toronotyes: update to 2017.7.2 and we can talk. 0.17.5 is YEARS old.
20:17 toronotyes salt --version
20:17 Edgan toronotyes: salt-ssh is salt's red headed step child, and I wouldn't trust that old of a version to do anything right.
20:18 crevetor is there a simple way to do masterless salt on the machines created by salt-cloud ?
20:18 johnj_ joined #salt
20:19 _KaszpiR_ joined #salt
20:19 Edgan toronotyes: 0.17.5 dates from March of 2014
20:19 toronotyes yeah.. my first time using Salt.
20:20 toronotyes just inherited this system.
20:20 toronotyes lol
20:20 Edgan toronotyes: Ubuntu 14.04?
20:21 onlyanegg it seems like {% set x = y %} just creates a new reference x which points at y. Is that true? Can I create a new object somehow?
20:22 toronotyes yes
20:22 toronotyes Edgan: 14.04
20:23 Edgan https://repo.saltstack.com/#ubuntu
20:23 Edgan toronotyes: Saltstack has their own apt repositories with the latest versions
20:24 Edgan toronotyes: I would expect some code will break with that big of a jump in versions
20:24 Hybrid joined #salt
20:24 toronotyes yeah.. don't need that right now.
20:25 Oida joined #salt
20:25 Edgan toronotyes: but if you want salt-ssh that works, I think it is your only choice
20:26 toronotyes I feel like building out a new Salt master
20:26 Edgan toronotyes: good plan
20:26 toronotyes funny thing is.. this was supposed to be the new SaltMaster..lol
20:27 Edgan toronotyes: I do all merges in a central place, the map.jinja. https://storage.cygnusx-1.org/formula.txt
20:27 Edgan toronotyes: I use salt-ssh to provision salt masters
20:28 toronotyes oh nice
20:28 Edgan toronotyes: I also merge defaults.yml into the map.jinja, because then I can do jinja in the yaml. Where as with defaults.yaml it has to be literal yaml.
20:31 toronotyes Edgan: reading
20:38 Edgan toronotyes: I also break users, pkgs, files, and services into different sls files, because 99% of the time you do each time in the same order.
20:39 toronotyes hmm.
20:40 aldevar joined #salt
20:42 toronotyes Edgan: so.. to install minions, i siply add the repo to the respective servers ubuntu 12, 14 16 and then I can use apt-get install ?
20:42 Edgan toronotyes: pillars at the beginning to do pillar checks
20:42 toofer joined #salt
20:42 Edgan toronotyes: yes
20:44 socket- joined #salt
20:45 edrocks joined #salt
20:45 toronotyes Edgan: I had an issue with https as well, I switched to http for the repo.. then bootstrap worked
20:45 socket- Hey all, I am trying to make sure a line exists in a file, and also the file is created if it doesn't exist. I was attempting to do this with one state but having trouble with the syntax. https://apaste.info/c7fM  Im not sure how to pass Parameters: create
20:45 socket- any hints?
20:46 Edgan socket-: My policy is salt touches a file, it owns it. I don't play games with adding or deleting individual lines.
20:46 toronotyes Edgan: on that note, I shouldn't have any issue with apt-get and https
20:47 toofer joined #salt
20:48 Edgan toronotyes: I am confused. The link I gave you is https, but it is a webpage that mentions, "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main"  which is http
20:50 toronotyes Edgan: Im saying.. my repo's were https://repo.salt etc
20:50 toronotyes I had issues bootstrapping when the repo was https..and I changed that.  but now I will be reverting to apt-get to do the rest of minions
20:52 socket- Edgan: your suguesting that I do file.managed and store the source instead of suing file.line?
20:53 DanyC joined #salt
20:53 Edgan socket-: yes, in general, but you can also use a jinja template to construct it, if needed
20:54 DanyC joined #salt
20:54 socket- I might do that. i am still interested however how to call the documented parameters: section in the state. Anyone have any ideas?
20:55 socket- if i do Paramaters: create , it says paramaters is an invalid keyword argument for file.line
20:56 Edgan socket-: salt.states.file.line(name, content=None, match=None, mode=None, location=None, before=None, after=None, show_changes=True, backup=False, quiet=False, indent=True, create=False, user=None, group=None, file_mode=None)
20:56 Edgan socket-: -create: True
20:57 Edgan I meant
20:57 Edgan socket-: - create: True
20:57 socket- Oh, i didnt see the booleans mentioned under parameters, but i see now that its in the headers and should be assumed based on the default values.  Ill try that, thanks!
21:01 xet7 joined #salt
21:02 Edgan ccccccegjilnndntdtvvcglnbrlddjftejrhtvrhvcbd
21:03 socket- thanks, its one step closer now. The last error is saying that when i use - mode: Ensure that I must use a before or after.  How do I use a before or after with a empty file?
21:03 nixjdm joined #salt
21:10 Edgan socket-: I don't see a clear answer, but there are other functions that can do like things, https://stackoverflow.com/questions/43694032/multiple-file-line-in-single-state-in-salt
21:13 Edgan socket-: Part of the reason I don't play the line game is you have no guarantee that the contents of the file will start as you expect.
21:13 socket- thanks, im using https://apaste.info/v9By and it seems to be working. using the file.append
21:14 relidy joined #salt
21:14 Edgan socket-: note, file.managed as - contents: 'foo'. So if you are trying to make new files without a template, it is easy.
21:14 Edgan has
21:15 socket- yeah, i considered that, but I don't know enough about how are users are using xsession, they might have custom values in there, i just want to make sure the mate-desktop is being used amd allow any other X custimization to be defined by the user
21:22 Edgan socket-: They wouldn't write to skel
21:22 Edgan socket-: you are changing the defaults
21:22 Edgan socket-: not what is in their home directory
21:22 socket- oh yeah, your right.
21:22 socket- thanks, i see that now
21:27 omie888777 joined #salt
21:30 toronotyes Edgan: does it matter that some of the servers are quite old, like 12.04.2 ?
21:31 Edgan toronotyes: for salt-ssh, hopefully not, for salt-minions, looks like the latest official build is 2016.11.3 not 2017.7.2.
21:31 Edgan toronotyes: So I would define that is a problem in my book
21:32 toronotyes Edgan: suggestions?
21:32 toofer joined #salt
21:32 Edgan toronotyes: upgraded, search github issues, or make a new github issue asking why not 2017.7.2 for 12.04
21:33 toronotyes hmm.
21:33 toronotyes flipmode..
21:33 toronotyes :(
21:33 toronotyes So.. 'i'm going to have to upgrade all that are 14.04 and up
21:33 toronotyes and leave the rest
21:34 Edgan toronotyes: how many?
21:34 toronotyes 120
21:34 Edgan that is a lot
21:35 toronotyes lol
21:35 toronotyes I mean.. that's how many are 14.04 and up
21:35 omie888777 joined #salt
21:35 Edgan gtmanfred: any idea why no latest 12.04 packages?
21:35 Edgan toronotyes: I meant how many 12.04?
21:35 toronotyes ohh
21:36 onlyanegg I fixed my thing - needed to use slsutil.merge instead of slsutil.update - merge returns a new object which is the result of a merge of the two arguments, whereas update modifies the object in the first argument
21:36 toronotyes 14
21:36 Edgan toronotyes: 14 sounds much simpler, though it also depends on what they are
21:37 toronotyes I even have 10.04
21:37 gtmanfred Edgan: because it was end of lifed in april?
21:37 toronotyes but onl1 1 10.04
21:37 whytewolf 10.04 has been eol for a few years
21:37 toronotyes yeah.. I know.. i need to ask them about t hat.
21:37 toronotyes *that
21:38 Edgan toronotyes: lts server is only five years
21:38 Edgan toronotyes: so what gtmanfred says makes sense
21:38 gtmanfred toronotyes: here is the link where we notified that it would be the last version of 2016.3 for ubuntu 12.04 https://groups.google.com/d/msg/salt-announce/QBQjWeBF_3g/mIQOxjZ6AgAJ
21:38 Edgan toronotyes: I was thinking it was seven for some reason
21:38 gtmanfred and 2016.11 https://groups.google.com/d/msg/salt-announce/kB0BPVRv_Sk/hsdGtE-LAwAJ
21:38 Edgan gtmanfred: thanks
21:38 DanyC joined #salt
21:38 toronotyes gtmanfred: it's all good.
21:38 gtmanfred redhat/centos is 10
21:38 gtmanfred we don't support end of lifed distros
21:39 Edgan gtmanfred: reasonable
21:39 toronotyes gtmanfred: these boxes are used to buiild source. that's why we have these boxes
21:39 Edgan toronotyes: Oh, you are still supporting EoL distros with your own product?
21:39 toronotyes Edgan: that's the question going to ask..LOL
21:40 toronotyes maybe we don't need them
21:40 Edgan toronotyes: hopefully
21:40 toronotyes 30 days on the job.. woo hoo
21:40 Edgan toronotyes: know that feeling
21:44 athaller_ joined #salt
21:48 athaller joined #salt
21:57 aldevar left #salt
22:03 nixjdm joined #salt
22:15 toofer joined #salt
22:21 athaller joined #salt
22:44 sh123124213 joined #salt
22:54 athaller joined #salt
22:56 tiwula joined #salt
22:57 athaller joined #salt
22:58 toronotyes Edgan: you around?
22:58 toronotyes have any idea what this means:
22:58 toronotyes [ERROR   ] An un-handled exception was caught by salt's global exception handler:
22:58 toronotyes SaltRenderError: Conflicting ID "user"
23:00 toronotyes in fact.. anyone can chime in
23:03 toronotyes is this related to rsa key at all?
23:06 whytewolf toronotyes: Conflicting ID means you have two states with an ID of user.
23:08 toronotyes whytewolf: I don't get it.
23:09 toronotyes whytewolf: I only have 1 state file
23:09 toronotyes and everything was working...now not working..lol
23:09 toronotyes could it be that I have 2 users logged into the same box with same user?
23:10 whytewolf no
23:10 toronotyes my roster rile?
23:11 whytewolf do you have a loop in that state file?
23:11 toronotyes you have to understand.. everything was working, and then doesn't matter what I do.. nothing works.. wondering if its my roster rile
23:11 toronotyes as thats the last thing i edited.
23:11 toronotyes whytewolf: even when I do cmd.run and don't use a state file
23:11 toronotyes I get the issue
23:12 toronotyes which makes me wonder if I messed up my roster file.
23:12 whytewolf okay, then it is possable you created two different systems in the roster file with the ID of user
23:13 whytewolf [most likely if there wasn't enough spaces
23:13 whytewolf ]
23:14 masber joined #salt
23:14 major is there some way to pass the desired state information on the CLI to the target?
23:14 toronotyes flip.. this roster file is huge.. 130 servers...lol
23:21 dober joined #salt
23:21 dober joined #salt
23:22 toronotyes sweet.. its my roster file,...lol
23:22 toronotyes how do I like check that my roster file is correct
23:22 toronotyes is there a format I need to check for?
23:22 toronotyes as my roster file is rather large
23:23 toronotyes 478 lines
23:24 toronotyes wow..I found it
23:25 toronotyes In the roster..I had user: and sudo listed twice for a server
23:26 noobiedubie joined #salt
23:50 ahrs joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary