Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-12-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 saltslackbridge joined #salt
00:00 alexlist joined #salt
00:13 zerocoolback joined #salt
00:19 rem5 joined #salt
00:22 onlyanegg joined #salt
00:25 hammer065 joined #salt
00:28 mikecmpbll joined #salt
00:30 tiwula joined #salt
00:49 kettlewell joined #salt
01:23 onlyanegg joined #salt
01:50 onlyanegg joined #salt
02:04 Armageddon left #salt
02:13 om2 joined #salt
02:17 vexati0n on a scale of 1 to 10, how ... maintained.. are the Windows functions?
02:38 rem5 joined #salt
02:45 nomeed joined #salt
02:55 JawnAuz vexati0n, I use exclusively Windows minions and I don't have issues, really. Some stuff broke with Chocolatey recently if you're using that, but fixed in the next release.
02:56 ilbot3 joined #salt
02:56 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:59 om2 joined #salt
03:00 om2 joined #salt
03:44 mavhq joined #salt
04:18 shiranaihito joined #salt
04:23 justanotheruser joined #salt
04:38 MTecknology vexati0n: probably about a 3 or 5
04:39 MTecknology I know windows support has gotten a whole lot better since I last abandonded it, but I never got the impression anyone was really actively maintaining things.
04:54 nielsk joined #salt
05:11 SMuZZ joined #salt
05:17 tiwula joined #salt
05:34 rem5 joined #salt
05:40 DanyC joined #salt
05:44 AvengerMoJo joined #salt
06:03 justanotheruser joined #salt
06:31 LocaMocha joined #salt
06:40 justanotheruser joined #salt
07:14 zerocoolback joined #salt
07:15 justanotheruser joined #salt
07:19 aldevar joined #salt
08:22 pseudonymous joined #salt
08:26 cyteen__ joined #salt
09:08 aldevar joined #salt
09:50 cyteen joined #salt
10:08 aldevar joined #salt
10:26 pseudonymous joined #salt
11:11 zerocoolback joined #salt
11:14 cyteen joined #salt
11:27 lompik joined #salt
11:34 DanyC joined #salt
11:36 DanyC joined #salt
11:50 miruoy joined #salt
11:58 evle joined #salt
11:59 sh123124213 joined #salt
12:28 netcho_ joined #salt
12:42 fl3sh joined #salt
12:47 DanyC joined #salt
12:56 aldevar joined #salt
12:57 mikecmpbll joined #salt
12:57 DanyC joined #salt
13:05 rem5 joined #salt
13:17 Diaoul joined #salt
14:04 bluenemo joined #salt
14:31 snc joined #salt
14:32 major joined #salt
14:56 mikecmpbll joined #salt
15:02 zer0def um, is there a way of reading a master setting in an orchestration or reactor sls?
15:02 zer0def specifically i'm looking to fetch file_roots path on master
15:05 XenophonF zer0def: maybe https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.fileserver.html
15:07 XenophonF maybe that isn't right, but it's the only thing I found :(
15:07 XenophonF there might be a dunder dictionary with the config options
15:07 XenophonF __opts__ maybe?
15:07 XenophonF dunno about the master side
15:13 Neighbour config.get
15:13 XenophonF ah
15:32 zer0def looks like something i'll be interested in
15:33 Neighbour zer0def: You can also use test.get_opts for a dump of almost everything :)
15:44 zer0def i think config.get ought to be enough, thanks
15:45 om2 joined #salt
16:04 yidhra joined #salt
16:38 aldevar joined #salt
16:50 tiwula joined #salt
16:57 cyteen joined #salt
17:25 cyteen_ joined #salt
17:42 mritchie joined #salt
18:00 nomeed joined #salt
18:06 mritchie joined #salt
18:08 om2 joined #salt
18:08 sh123124213 I don't get why does salt use tcp to send commands
18:12 om joined #salt
18:17 Guest78418 joined #salt
18:19 zerocoolback joined #salt
18:31 Neighbour sh123124213: What alternative do you propose?
18:31 sh123124213 Neighbour: running commands from the master I suppose it could use unix sockets ?
18:33 Neighbour that is only local to the master itself. I'm not sure whether the IPC (between the various processes of the salt master) uses tcp sockets, or is already using unix-sockets
18:34 sh123124213 salt -L minion test.ping -> uses a tcp connection to 127.0.0.1:4506
18:34 sh123124213 I suppose somebody could try to use a remote client to connect to master's ip:port and send the same command
18:35 Neighbour but that is not local to the master, but communication between master and minion
18:35 sh123124213 no, its local to the master
18:35 Neighbour it's local to the *machine* the master runs on
18:35 Neighbour but not local to the *processes* of the salt-master
18:36 Neighbour also, communication between master and minions is authenticated and encrypted (for almost all possible commands, there are some exceptions), so you can't just connect and send commands
18:38 sh123124213 so how do you explain that commands running from the master with salt connect to 127.0.0.1:4506 ?
18:38 sh123124213 I understand the minions have to communicate and return results there but the same port is used to publish commands
18:39 Neighbour communication between master and minion is standardised (as in, it does not matter where the minion is, communication between master and minion will happen on TCP/IP basis)
18:39 sh123124213 that is understood and normal
18:39 Neighbour it would not make sense to create two methods of communication depending on whether a minion happens to run on the same machine as the master
18:39 sh123124213 I'm talking about commands running from the master
18:40 Neighbour all minions create a connection to the master on startup
18:40 Neighbour it is over this connection that commands are sent from the master to the minions
18:40 Neighbour but the connection is already there, it is not created because there's a command to be sent
18:41 Neighbour (not only are commands sent, pillar data and sls files and other files referenced with salt:// in sls files are also sent using this connection)
18:41 sh123124213 ok, so you are saying that the commands send from the master are emulating a minion connection ?
18:41 Neighbour also events, mine updates, grain requests (insofar not already cached), etc
18:42 Neighbour uh, when you said `salt -L minion test.ping`, you explicitly stated that the master should send the command 'test.ping' to the minion targeted with -L minion
18:42 sh123124213 don't go too far please, what I would want to see is that commands sent from the master (salt minion test.ping) would go through a socket and not try to connect to a tcp localhost
18:43 Neighbour and then we're back at you wanting to have two methods of communication between master and minion, depending on whether the minion happens to run on the same machine as the master
18:44 sh123124213 gimme some time to grasp on the concept
18:45 Neighbour sure :)
18:46 sh123124213 so, the minion does not send command to the master but does requests, I suppose a command running from the master is the same as a minion request.
18:48 Neighbour the master instructs the minions what to do, the minion reports on what the result of the command was
18:49 Neighbour the master also acts as a fileserver on which the various states (amongst other files) are stored, and sent to the minion to be compiled and executed
18:51 Neighbour when you have a 'install_required_packages.sls' state-file, and you call `salt minion state.apply install_required_packages`, the salt-master sends the sls-file to the minion, which compiles it and executes the statements inside, then reports back on the result to the master
18:51 Neighbour (should the sls-file contain references to salt://some-file, the minion will download some-file from the master)
18:54 Neighbour the minion does not do 'requests' in such that unless you use `salt-call` locally on the minion, and instruct it to execute some state file which it does not have, that it will try to fetch it from the master
18:54 Neighbour (except in masterless setups, where it simply fails if the file is not found)
18:57 Neighbour (afk)
19:11 sh123124213 not that I understand but you seem confident about the decision so I'll go for it. isn't it possible though that somebody knowing the key be able to send a command from master-ip:4506 ?
19:12 sh123124213 assuming there is no limit or blocking somebody could perform a brute-force attack
19:28 sh123124213 I would propose that if communication is initiated from the master salt would use unix sockets to publish the command and the minions would get the command if its meant for them or reject it.
19:28 heewa joined #salt
19:29 sh123124213 I suppose this happens the same way but from the master command is sent directly to the tcp socket. to my understanding this means that anybody that has the key file of the master be able to execute the command
19:30 sh123124213 key I'm talking about is :
19:30 sh123124213 keyfile = os.path.join(self.opts[u'cachedir'],
19:30 sh123124213 u'.{0}_key'.format(key_user))
19:45 justanotheruser joined #salt
19:53 mritchie joined #salt
19:55 Neighbour minions connect to the master upon startup, so without impersonating the salt-master and waiting for minions to connect to you (a process that you control and listens on port 4505-4506), it would not be possible for you to send commands to minions
19:56 Neighbour but if you're in a position where you can run processes on the salt-master machine (and turn off the salt-master so you can bind to those ports instead), then the machine is already to be considered compromised
19:57 Neighbour a master cannot send commands to not-connected minions (since the minions initiate the connection, not the master)
19:57 Neighbour (unless you also include salt-ssh, but we'll leave that out of the scope for now)
20:23 Hybrid1 joined #salt
20:29 cyteen__ joined #salt
20:32 Puckel_ joined #salt
20:49 cyteen_ joined #salt
21:01 cyteen__ joined #salt
21:06 rem5 joined #salt
21:11 fl3sh joined #salt
21:16 cyteen__ joined #salt
21:20 cyteen__ joined #salt
21:25 cyteen_ joined #salt
21:31 sjorge joined #salt
21:34 cyteen_ joined #salt
21:45 cyteen__ joined #salt
21:59 mikecmpbll joined #salt
22:00 DanyC joined #salt
22:19 mritchie joined #salt
22:20 cyteen__ joined #salt
22:29 justanotheruser joined #salt
22:39 ymasson joined #salt
22:44 jeblair joined #salt
22:56 cyteen__ joined #salt
23:01 sjorge joined #salt
23:06 rem5 joined #salt
23:50 cyteen__ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary