Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-01-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 saltslackbridge joined #salt
00:01 alexlist joined #salt
00:06 aCodinMa_ joined #salt
00:08 aCodinMan joined #salt
00:10 aCodinMa_ joined #salt
00:13 cro joined #salt
00:18 ponyofdeath joined #salt
00:22 tracphil joined #salt
00:22 pipps joined #salt
00:28 ymasson joined #salt
00:30 XenophonF I'm running the 0MQ and TCP transports simultaneously, and after about 24-36 hours of uptime, salt-master starts throwing this error: [salt.transport.ipc] [ERROR] Exception occurred while handling stream: 'int' object has no attribute '__getitem__'
00:30 hoonetorg joined #salt
00:32 XenophonF any ideas what might be causing this... or how to debug it?
00:33 XenophonF I'm looking through this ATM: https://groups.google.com/forum/#!topic/salt-users/w4jw4X4fY90
00:33 XenophonF There's also this PR: https://github.com/saltstack/salt/issues/33524
00:37 stanchan joined #salt
00:39 threwahway_ joined #salt
00:42 tracphil joined #salt
00:55 pipps joined #salt
00:56 pipps joined #salt
01:09 aCodinMan joined #salt
01:13 aCodinMa_ joined #salt
01:19 aCodinMan joined #salt
01:21 hoonetorg joined #salt
01:28 vexati0n is there a compelling reason to use the TCP transport?
01:28 XenophonF I'm having problems with 0MQ.
01:28 vexati0n like does it work better with large deployments? if so, at what size does it have an appreciable advantage?
01:29 XenophonF babilen suggested it last week
01:29 XenophonF I have a master in eu-west-1 that can't talk to minions in Mali, Uganda, and India.
01:29 XenophonF I'm pretty sure it isn't the network.
01:30 XenophonF not 100%
01:30 vexati0n i used to run a deployment with ~1500 minions across the internet and it was... frustrating.
01:31 XenophonF yeah
01:31 XenophonF If I can't get the TCP transport stable, then I'm going to try syndic.
01:31 XenophonF or multimaster
01:31 XenophonF I'm not sure how they're different, to be perfectly honest.  I need to read up on it.
01:31 vexati0n yeah, those introduce their own frustrations, but it helps with large deployments
01:32 XenophonF I probably need to do that anyway, since I want to be able to use salt-cloud in the African and Indian data centers.
01:32 vexati0n i'm waiting for upstream to fix a bug before i can start using syndic
01:33 XenophonF it's super frustrating b/c my data centers in Uganda and India have really good connectivity
01:33 vexati0n you're sure it isn't a national firewall or something?
01:33 XenophonF the one in Uganda is on Internet2
01:33 XenophonF and the one in India is on the NKN (India's Internet2)
01:33 XenophonF no - it's wide open
01:34 XenophonF from the packet captures I've done, everything from the TCP layer on down looks clean
01:34 vexati0n that's similar to the issues i had. half of my minions just... never connected.
01:35 vexati0n or they'd connect sporadically
01:35 pipps joined #salt
01:35 XenophonF what's really frustrating is that sometimes they work and sometimes I get SaltReqMessageTimeoutException errors
01:35 XenophonF I can call cmd.run all day long and it works.
01:35 XenophonF (from the master)
01:35 Shirkdog joined #salt
01:35 XenophonF but I can't call state.apply ever from the master
01:35 vexati0n so only some functions fail to return?
01:36 XenophonF and if I run it from the minion, I have to run it multiple times to get it to work
01:36 XenophonF yeah
01:36 vexati0n i get that on the local network, but i blame the solaris minions
01:36 XenophonF solaris? you poor bastard
01:36 vexati0n yeah :|
01:36 ponyofdeath joined #salt
01:37 vexati0n installing the minions was bad enough, but even with that done... it's still solaris, so nothing works.
01:37 XenophonF I bet.
01:37 vexati0n i mean i'm sure any 25-year-old neckbeard UNIX stuff works fine
01:37 XenophonF I was playing with OpenIndiana a while back and ran into similar issues with Salt.
01:38 XenophonF If I was more into Illumos hacking, I'd be down for porting Salt properly.
01:38 XenophonF But FreeBSD kind of occupies that niche in my life right now.
01:38 vexati0n luckily i don't really have to do too much with the solaris boxes other than make sure they're still alive
01:39 vexati0n at least until they decide to make me port our entire release cycle to salt
01:39 nethershaw joined #salt
01:41 XenophonF so I think for now I'm going to switch TCP transport off
01:41 aCodinMan joined #salt
01:42 XenophonF it was a fun experiment but I'm not going to restart my master every day
01:42 nethershaw left #salt
01:42 XenophonF it feels like a memory leak so maybe I'll put it on my to-debug-later list
01:42 XenophonF and in the meantime I'm going to start reading up on syndic/multimaster
01:43 XenophonF and just limp on with the current setup
02:02 xet7 joined #salt
02:12 nomeed joined #salt
02:14 aCodinMa_ joined #salt
02:19 aCodinMan joined #salt
02:20 aCodinM__ joined #salt
02:23 aCodinMan joined #salt
02:27 threwahway joined #salt
02:32 threwahway_ joined #salt
02:55 ilbot3 joined #salt
02:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:56 AssPirate The minion that returns the interface is the same host as the master if that makes any difference.
02:57 whytewolf kdoes that file exist on all the minions?
02:58 AssPirate Oh. Lol. Ok.
02:58 whytewolf slsutil.renderer only works on the local filesystem
02:59 AssPirate Ah. Thanks. Is there a better way to test jinja templates on all minions?
03:02 whytewolf actually slsutil.renderer is pretty good. just need to cp.get_file first to get the file in a place. normally something like salt '*' cp.get_file salt://test.sls /tmp/test.sls && salt '*' saltutil.renderer /tmp/test.sls jinja
03:02 onlyanegg joined #salt
03:03 Larri joined #salt
03:03 whytewolf there is an old module i wrote that does a simalar thing. i want to update it to use saltutil.renderer but have been way to busy. https://github.com/whytewolf/salt-debug
03:08 AssPirate Cool. Thanks whytewolf
03:12 ahrs joined #salt
03:13 lkthomas https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/server/dynamic.sls, line 58 define service, if I want to add additional contents such as "servicegorups", do I need to hack this file or I could define on pillar data ?
03:21 bigjazzsound joined #salt
03:23 lkthomas how do you guys use Salt? do you abstract out the actual application configuration by using formula or you stick with basic and just copy the configuration file to minion ?
03:36 saltslackbridge <scub> You would want to add another conditional to the service stanza, much as its done here: https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/server/dynamic.sls#L63-L65
03:37 saltslackbridge <scub> Then you would can provide it through pillar
03:38 aCodinMan joined #salt
03:39 saltslackbridge <scub> People run the full spectrum, in some places it could very well make sense to do some both
03:44 lkthomas scub, I see, well on Puppet people don't hard code those condition into module (formula), they will let user define whatever they want
03:51 pipps joined #salt
03:54 gnomethrower joined #salt
03:59 zerocoolback joined #salt
04:07 onlyanegg joined #salt
04:08 lkthomas does pkg.installed will auto resolve dependency on yum ?
04:10 MTecknology whytewolf: heh, neat. I've never run across slsutil before. Neat. :)
04:14 MTecknology lkthomas: You might learn a lot more a lot faster if you try not using formulas... then you can learn what's going on and how things fit together, and it'll probably make things make much more sense.
04:18 zerocoolback joined #salt
04:21 MTecknology also- yes, you can safely assume dependencies are handled, but only because you can assume yum handles them correctly.
04:34 LocaMocha joined #salt
04:37 aCodinMan joined #salt
04:44 threwahway joined #salt
04:47 onlyanegg joined #salt
04:50 threwahway_ joined #salt
05:26 onlyanegg joined #salt
05:31 lkthomas MTecknology, yes I agree
05:31 lkthomas for yum, I still don't understand why it's failed on pkg.installed but working on manual yum install
05:31 aviau joined #salt
05:35 pipps joined #salt
05:39 lkthomas https://gist.github.com/lkthomas/01c47f7a59e7a6862b294f5400e24f97
05:39 lkthomas anyone know why this pkg.installed break ?
05:40 lkthomas if I do it manually it works
05:44 indistylo joined #salt
05:44 MTecknology use -l debug
05:46 MTecknology My guess is you're not using just pkg.installed but rather a piece from a formula that does lots of extra magic.
05:50 lkthomas hmm, in fact I removed all formulas crap
05:50 lkthomas interesting, if I remove fromrepo: epel, it seems work fine
05:50 lkthomas let me try again
05:51 robin_ joined #salt
05:53 robinonline joined #salt
06:02 lompik joined #salt
06:10 evle1 joined #salt
06:18 mechleg lkthomas: looking at the source, when you use the fromrepo option it adds this to the yum commnad:  ['--disablerepo=*', '--enablerepo=' + fromrepo]  so your install of nagios fails to find the required dependencies in the epel repo as they come from base most likely
06:21 indistylo joined #salt
06:22 pipps joined #salt
06:26 indistylo joined #salt
06:41 Deliant joined #salt
06:52 indistylo joined #salt
06:55 indistylo joined #salt
06:55 aCodinMan joined #salt
07:05 threwahway joined #salt
07:11 onlyanegg joined #salt
07:11 threwahway_ joined #salt
07:12 Ricardo1000 joined #salt
07:28 hoonetorg joined #salt
07:29 aruns joined #salt
07:30 DanyC joined #salt
07:30 aldevar joined #salt
07:30 Elsmorian joined #salt
07:31 AssPirate Does file.append and file.managed conflict with each other?
07:31 Elsmoria_ joined #salt
07:32 threwahway joined #salt
07:32 yuhl joined #salt
07:32 MTecknology kinda
07:34 MTecknology I try to avoid states that manipulate portions of files. Either manage the file, or don't.
07:34 indistylo joined #salt
07:38 Elsmorian joined #salt
07:38 CrummyGummy joined #salt
07:39 AssPirate I've got a default set of rules for the firewall, and then I want to append rules as needed.
07:40 AssPirate I just tested it. file.managed returned true even after file.append so that seems fine.
07:40 pipps joined #salt
07:40 MTecknology in that case, you should definitely just use file.managed
07:41 AssPirate Why is that?
07:42 MTecknology because you're inventing magic when you could just be explicit
07:42 AssPirate I'm using shorewall, so the rules file itself just looks like : ACCEPT          net             $FW             tcp     22      #       SSH
07:50 cyteen joined #salt
07:50 threwahway_ joined #salt
07:57 hammer065 joined #salt
07:58 Elsmorian joined #salt
08:17 Tucky joined #salt
08:17 Hybrid joined #salt
08:24 AssPirate Hm. Yeah that only works if it's in the same state file. Running firewall.sls again clobbers changes made from the others.
08:27 lkthomas mechleg, thanks
08:29 AssPirate Is there a way to have firewall.sls track changes from other state files? Or am I way just off on implementing it like this?
08:29 MTecknology way off..
08:31 MTecknology AssPirate: stop trying to come up with your own magic and do your logic making in pillar.
08:35 mbologna joined #salt
08:40 MTecknology There's a hidden bonus when you learn how data structures get merged. :)
08:41 datamaan joined #salt
08:41 lkthomas MTecknology, that's called "headache"
08:42 MTecknology learning?
08:42 jrenner joined #salt
08:42 dodge-lint joined #salt
08:49 dodge-lint joined #salt
08:50 DanyC joined #salt
08:51 DanyC_ joined #salt
08:52 ikarpov joined #salt
08:53 DanyC_ joined #salt
08:55 aCodinMan joined #salt
08:56 pbandark joined #salt
08:57 gnomethrower joined #salt
08:57 saltslackbridge joined #salt
09:00 jhauser joined #salt
09:11 aCodinMa_ joined #salt
09:12 mattfoxxx joined #salt
09:17 pualj_ joined #salt
09:19 darioleidi joined #salt
09:29 stanchan joined #salt
09:37 Deliant joined #salt
09:42 Elsmorian joined #salt
09:52 Mattch joined #salt
10:02 yuhl joined #salt
10:05 baffle joined #salt
10:05 benner joined #salt
10:12 msn joined #salt
10:12 mpas joined #salt
10:15 oida joined #salt
10:18 nocturn joined #salt
10:19 nocturn Is there a way to have salt trigger an action on another host?  I recently wrote an ansible handler that restarts varnish on another group of servers when apache configs change, I'd like to do similar things in salt
10:21 MTecknology you could have a minion send an event up to the master and then have a reactor on the master that fires an orchestration.
10:22 hoonetorg joined #salt
10:23 nocturn MTecknology: thanks, googleing it now... Doesn't seem so straightforward though...
10:24 MTecknology I think you can do something where minions can interact with each other, but it's a security no-no
10:26 pipps joined #salt
10:27 saltslackbridge <mts-salt> i beieve using the event to trigger orchestration is the preferred method
10:28 MTecknology yup..
10:28 babilen nocturn: It is quite straightforward .. you just have to fire a custom event and can react to that. You could even react to the service restart itself, rather than the state that triggers it.
10:28 MTecknology you could do it without orch, but that leaves you doing things in a blocking system which is never a good thing
10:29 ThomasJ|d joined #salt
10:29 Mogget joined #salt
10:31 nocturn babilen: Ok, maybe the articles I found are overly complex...
10:33 MTecknology event.fire_master, /etc/salt/master/reactor.conf   reactor: <tag>: - foo.sls,  $ROOT/_{reactor,orchestrate}/foo.sls
10:34 babilen Pretty much ^
10:35 MTecknology https://github.com/MTecknology/saltstack-demo/tree/master/states  /_{reactor,orch}/...
10:36 nocturn Thanks MTecknology, whill check that out
10:36 MTecknology (among other relevant file paths in there..)
10:37 babilen It's obviously a bit complex to learn about the event bus, reactors, thorium, orchestration and all that for the first time around
10:37 babilen Which reminds me that I should really play a bit with Thorium .. so powerful :)
10:37 MTecknology I've yet to touch it or even understand what it is
10:38 MTecknology https://newatlas.com/thorium-salt-reactor-experiment/51051/
10:38 babilen It is essentially a reactor with a "cache" for last events and the ability to define constraints such as "If we saw foo-event in the last 10 minutes and we now see bar-event, run quux orchestration"
10:39 cyteen joined #salt
10:40 MTecknology oh, shiny...
10:40 MTecknology I implemented that sort of logic using sdb.
10:40 babilen So .. you could define actions to be taken if, say, more than one minion has gone offline in the last 5 minutes that also had errors in its logs (and whatnow)
10:41 MTecknology that's really interesting and something I now want to take a look at.
10:41 MTecknology not something I have a use for, but interesting.
10:41 MTecknology 04:40 already, eh?
10:42 MTecknology two hours ago I was convincing myself to go to sleep instead of waiting until 04:30 to see if my internet would do it's routine crash-o-clock on me, but it seems we finally fixed the problem. :D
10:43 saltslackbridge <mts-salt> that's devotion that is....
10:43 MTecknology obsession... really
10:44 babilen MTecknology: It is always a bad sign when you are active here *after* I had my first coffee in the morning :)
10:44 MTecknology lol
10:44 * MTecknology will someday harpoon his white whale.
10:48 MTecknology aight, g'night ya salty salts! don't blow up that reactor while yer workin' them mines.  :D
10:50 Pomidora joined #salt
10:52 babilen MTecknology: g'night .. sleep well
10:52 nocturn MTecknology: Good night and thanks for the pointers
10:56 threwahway joined #salt
10:58 major joined #salt
10:58 indistylo joined #salt
10:59 aarontc joined #salt
11:00 Deliant joined #salt
11:01 cyteen joined #salt
11:01 aruns joined #salt
11:03 XenophonF hey babilen I had to turn off TCP last night
11:04 babilen Oh, pity .. what happened?
11:04 XenophonF my salt-master kept crashing with salt.transport.ipc errors that seem an awful lot like a memory leak
11:04 major joined #salt
11:06 XenophonF so I'm going back to the original plan of setting up syndics or multimaster or whatever it is called, and putting master replicas at each of my African/Indian data centers
11:07 DanyC joined #salt
11:07 babilen Fair enough
11:08 esai joined #salt
11:10 DanyC joined #salt
11:12 cyteen joined #salt
11:13 esai Hi, I have a problem I don't know what to do with. The same commands work for every other minion, but this one seems to be special. https://gist.github.com/e-s-a-i/8f0aa8b2773abb82a870730e680ee532
11:13 esai Does any of you have any insight into this error?
11:15 saltslackbridge <mts-salt> do you see any more helpful errors if if you run state.apply locally on the minion?
11:15 zerocoolback joined #salt
11:15 saltslackbridge <mts-salt> perhaps with '-l debug' ?
11:16 esai No Top file or master_tops data matches found.
11:16 esai Seems to run successfully
11:17 saltslackbridge <mts-salt> so the minion doesn't apply?
11:18 esai My wild guess is that master can't send the files to this minion.
11:18 saltslackbridge <mts-salt> silly question, test.ping succeeds, right?
11:18 saltslackbridge <mts-salt> in both diretions
11:19 esai how do I ping from minion to master?
11:19 esai I can ping from master and I can ping locally
11:20 saltslackbridge <mts-salt> on the minion you can run: salt-call test.ping
11:20 esai That returns local: True
11:21 saltslackbridge <mts-salt> ok, so master can contact the running minion, and the minion can contact the master
11:21 Creme joined #salt
11:21 esai I have more than 10 minions configured and these exact commands work fine on others.
11:22 saltslackbridge <mts-salt> how about: salt-call state.show_top
11:24 esai same error on this minion, works on master and other minions.
11:25 saltslackbridge <mts-salt> so the minion isn't downloading files. is the minion config valid and is it running as root?
11:26 saltslackbridge <mts-salt> by valid i mean that the folders point to the right places. a quick comparison with another minion would be best
11:26 esai only config change is the master address, and the salt-minion process is root.
11:27 esai version difference seems minor, 2017.7.0+ds-1 on minion and 2017.7.2+ds-1 on the master
11:28 saltslackbridge <mts-salt> what versions are the other minions running?
11:29 esai 2016.11.0, 2016.11.6, 2017.7.1, 2017.7.2
11:29 saltslackbridge <mts-salt> so this is the only one running 2017.7.0?
11:30 esai yes, looks that way.
11:30 saltslackbridge <mts-salt> might be worth upgrading it to 2017.7.2 and see if that resolve this
11:30 esai I'll give it a go
11:32 esai wow, that seems to have fixed the issue.
11:32 esai Amazing, minor changes also break stuff.
11:32 tpaul joined #salt
11:32 esai Thank you very much!
11:33 babilen fsvo "amazing"
11:33 saltslackbridge <mts-salt> no problem, i wasn't expecting that to be the resolution but perhaps the upgrade fixed something for you
11:33 tpaul left #salt
11:33 dodge-lint joined #salt
11:34 esai I upgraded only the salt-minion and salt-common packages.
11:41 GrisKo joined #salt
11:47 indistylo joined #salt
11:57 gmoro joined #salt
11:58 mbologna joined #salt
12:08 Deliant joined #salt
12:10 pualj joined #salt
12:14 yidhra joined #salt
12:15 GrisKo joined #salt
12:36 GrisKo joined #salt
12:37 aCodinMan joined #salt
12:50 Deliant joined #salt
12:54 oida joined #salt
13:12 tapoxi joined #salt
13:21 pipps joined #salt
13:26 numkem joined #salt
13:28 Nahual joined #salt
13:31 aruns__ joined #salt
13:31 mage_ what's the best manner to check if "a" is a set ? isinstance(a, set) ?
13:47 saltslackbridge <ryan.walder> `{% if a %}` i believe
13:52 XenophonF How do I tell my Salt Master to stop trying to download EC2 instance metadata because it isn't an EC2 instance?
13:52 XenophonF My master log file is full of "Connection to 169.254.169.254 timed out"
13:55 yujunz joined #salt
13:57 bluenemo joined #salt
13:58 babilen mage_: "... is defined"
14:02 evle1 joined #salt
14:03 saltslackbridge <mts-salt> that ip is the dhcp link local address, do you have an interface that's not properly configured?
14:07 XenophonF LOLWUT? https://gist.github.com/xenophonf/96cf6095709f1a8f3fb0b1c0923c6a0b
14:07 XenophonF Does salt-ssh not define the 'salt' convenience variable?
14:07 pualj joined #salt
14:08 XenophonF I'm definitely calling grains.get() right: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.get
14:09 tracphil joined #salt
14:09 saltslackbridge <mts-salt> doesn't get take a default?
14:09 evle2 joined #salt
14:10 saltslackbridge <mts-salt> that's a state not a module
14:10 gh34 joined #salt
14:10 capnhex joined #salt
14:12 saltslackbridge <mts-salt> given that the error says not enough arguments, i'd be tempted to try it with a default anyway
14:14 evle1 joined #salt
14:15 pualj_ joined #salt
14:16 saltslackbridge <ryan.walder> `.get()` doesn't need a default, it's better with one of course but doesn't need one
14:16 babilen XenophonF: salt.goo doesn't work with salt-ssh, you need salt['goo']
14:17 babilen (which is why we don't use salt.foo anywhere
14:17 babilen )
14:17 saltslackbridge <mts-salt> aha, missed that. d'oh!
14:18 capnhex Hi - Is there any 'yum-shell' functionality within salt? I 'm running on RHEL may need to replace 'rsyslog' with 'rsyslog7'
14:18 capnhex I would normally do 'yum shell' and then 'erase rsyslog' ,'install rsyslog7' ,'ts run' from the command line so that there's an 'atomic' transaction withing yum. Was wondering if there's a method to do this within salt?
14:18 babilen Not sure if that's still an issue, but it definitely was in the past
14:19 XenophonF god dammit I've been using salt.whatever for the last 6 months everywhere
14:20 XenophonF time to refactor a bunch of code, just freaking fantastic
14:21 babilen sry
14:21 babilen Just salt-ssh things
14:21 saltslackbridge <ryan.walder> salt-ssh, the redheaded stepchild
14:21 babilen Should be a relatively easy "projectile-replace" in Emacs though ;)
14:23 XenophonF I'm concocting an unholy amalgam of shell commands to do the work for me
14:23 saltslackbridge <mts-salt> or a single (perhaps somewhat evil) regex replace... ?
14:24 rh10 joined #salt
14:26 XenophonF yeah find plus sed ftw
14:26 babilen sed and backreferences ftw!
14:26 saltslackbridge <mts-salt> untested but perhaps s/salt\.([^)]*)(/salt['\1'](/g
14:26 babilen Looks about right
14:26 babilen + escaping hell
14:26 saltslackbridge <mts-salt> indeed :slightly_smiling_face:
14:27 XenophonF oh that will work nicely
14:27 XenophonF thanks!
14:29 XenophonF going to test this: find . -type f -name '*.sls' -exec echo sed -i '' -e "s/salt\.([^)]*)(/salt['\1'](/g" '{}' \;
14:29 tiwula joined #salt
14:29 saltslackbridge <mts-salt> no .jinja or .yaml or other extensions in your config then? :slightly_smiling_face:
14:29 babilen Should that be ( in lieu of ) ?
14:30 saltslackbridge <mts-salt> there's an escape missing in mine, *)(/salt should be *)\(/salt
14:30 XenophonF find . -type f -name '*.sls' -exec sed -i '' -e "s/salt\.\([^)]*\)(/salt['\1'](/g" '{}' \;
14:30 saltslackbridge <mts-salt> or that
14:31 XenophonF oh yeah jinja files - thanks for the reminder mts-salt!
14:31 saltslackbridge <mts-salt> :slightly_smiling_face:
14:35 edrocks joined #salt
14:37 acantha joined #salt
14:37 cgiroua joined #salt
14:38 nixjdm joined #salt
14:39 XenophonF https://github.com/irtnog/salt-states/commit/97f461bb905b735e1bcfee1ae27283d17a819b1b
14:39 XenophonF now to change my formulas
14:43 racooper joined #salt
14:49 aCodinMan joined #salt
14:56 XenophonF that regex is a little too greedy
14:57 XenophonF then again, windows environment variables with parens in them _are_ insane so...
14:57 XenophonF https://github.com/irtnog/salt-states/commit/97f461bb905b735e1bcfee1ae27283d17a819b1b#diff-7acb2d87ed805753c172f8c5d20b11e0L29
14:57 saltslackbridge <mts-salt> well, yes. that's what diff is for :slightly_smiling_face:
14:59 saltslackbridge <mts-salt> i don't see the reference in that diff
15:03 XenophonF yeah I just realized it wasn't a problem there
15:04 XenophonF it was here though - https://github.com/irtnog/salt-winrepo-private/blob/master/cheat-engine.sls#L13
15:04 XenophonF I caught it in the diff before committing it
15:04 babilen That's an ugly envvar
15:05 XenophonF Windows, man, not even once
15:05 babilen Sometimes you have to wonder what Microsoft are thinking
15:05 XenophonF I mean, I get it, I remember the mess various executable format and endianness and bit-length changes made to linkers/loaders over the years.
15:06 XenophonF on windows that ended up with C:\Program Files (x86) and C:\WINDOWS\SysWOW64
15:07 XenophonF on Linux there's the insanity under /lib
15:07 XenophonF etc.
15:07 ouemt joined #salt
15:07 XenophonF I wish Dave Cutler had brought VMS logicals to NT.
15:08 XenophonF That would have hidden some (most?) of the mess.
15:08 XenophonF anyway, I'm off topic
15:08 XenophonF sorry
15:11 XenophonF oh re: me whining earlier about salt/util/aws.py, I think I can set `location` in the master config to stop those lookups.
15:14 ahrs joined #salt
15:18 XenophonF Is there a FAQ for Salt SSH that documents gotchas list this?  and the one I apparently just hit that involves GPG-encrypted Pillar data?
15:19 XenophonF I'm pretty sure we've discussed some of these issues on IRC already.
15:19 saltslackbridge <mts-salt> you could cheat and use salt-ssh to install a salt minion ;)
15:27 anonlizard joined #salt
15:28 XenophonF I'm using salt-ssh because my poor little Raspberry Pi doesn't have enough RAM to host salt-minion.  :(
15:29 saltslackbridge <mts-salt> ah, fair point
15:37 stanchan joined #salt
15:38 kiorky joined #salt
15:41 nkuttler i thought salt-ssh bootstraps a minion on the fly?
15:41 saltslackbridge <mts-salt> it's the ssh minion, a lightweight version
15:42 nkuttler i see
15:49 tapoxi joined #salt
15:50 _JZ_ joined #salt
15:53 yuhl left #salt
15:54 yuhl joined #salt
15:54 stanchan joined #salt
15:59 pualj_ joined #salt
15:59 aldevar left #salt
16:05 pppingme joined #salt
16:14 Creme joined #salt
16:16 CmndrSp0ck joined #salt
16:18 nixjdm joined #salt
16:24 stanchan joined #salt
16:32 CmndrSp0ck left #salt
16:34 stanchan joined #salt
16:38 DanyC joined #salt
16:40 Heartsbane joined #salt
16:44 dograt joined #salt
16:46 XenophonF So running state.show_top via salt-ssh results in errors like this: gpg: keyblock resource '/var/tmp/.pi_c99d3f_salt/gpgkeys/pubring.kbx': No such file or directory
16:46 XenophonF which means it renders Pillar data on the minion :(
16:47 XenophonF I think that I'm going to give up at this point.
16:47 XenophonF I'd have to completely restructure my Pillar data to facilitate that.
16:49 saltslackbridge <mts-salt> what did you expect the source to be for that file?
16:49 saltslackbridge <mts-salt> was it salt://gpgkeys/pubring.kbx ?
16:51 XenophonF no?
16:51 XenophonF I've encrypted some of my Pillar data using GPG.
16:52 XenophonF salt-ssh appears to try decrypting it on the client side.
16:52 XenophonF My security model for encrypted Pillar data doesn't trust the minion to do that.
16:54 saltslackbridge <mts-salt> ah ok, that's not something i've encountered yet
16:55 XenophonF It looks like minion_opts needs to include the GPG key directory.
17:01 XenophonF It isn't clear how to get salt-ssh to copy the keyring over to the minion either.
17:21 systemdave joined #salt
17:21 jbailey joined #salt
17:29 DammitJim joined #salt
17:30 rawzone joined #salt
17:32 stanchan joined #salt
17:32 wwalker Can I set the SALT_CRON_IDENTIFIER to something other than the cron command to be run?
17:33 pipps joined #salt
17:33 wwalker I see it now.
17:34 pipps joined #salt
17:34 ecdhe joined #salt
17:35 systemdave joined #salt
17:44 ponyofdeath joined #salt
17:47 mk-fg joined #salt
17:47 mk-fg joined #salt
18:03 CampusD joined #salt
18:04 DanyC joined #salt
18:05 mk-fg joined #salt
18:05 mk-fg joined #salt
18:05 DanyC_ joined #salt
18:06 Trauma joined #salt
18:09 xet7 joined #salt
18:49 cro joined #salt
19:02 stanchan joined #salt
19:05 pipps joined #salt
19:14 capnhex left #salt
19:18 shiin left #salt
19:21 aCodinMan joined #salt
19:24 aldevar joined #salt
19:26 Creme left #salt
19:29 pipps joined #salt
19:32 Aleks3Y joined #salt
19:33 ymasson joined #salt
19:33 alexlist joined #salt
19:41 stanchan joined #salt
19:46 evle1 joined #salt
19:47 pipps joined #salt
19:58 onovy joined #salt
20:14 BitBandit joined #salt
20:14 hoonetorg joined #salt
20:16 xet7 joined #salt
20:18 pipps joined #salt
20:26 stanchan joined #salt
20:31 Hybrid joined #salt
20:34 evle1 joined #salt
20:40 tracphil joined #salt
20:42 inad922 joined #salt
20:46 pualj_ joined #salt
20:49 Hybrid joined #salt
20:52 pipps joined #salt
20:52 K0HAX joined #salt
20:57 yuhl joined #salt
21:06 pipps joined #salt
21:10 wangofett joined #salt
21:20 pipps joined #salt
21:25 viq joined #salt
21:34 pipps joined #salt
21:38 cgiroua joined #salt
21:40 yuhl joined #salt
21:42 pipps joined #salt
21:44 pipps joined #salt
21:58 LocaMocha joined #salt
21:59 pipps joined #salt
22:02 Edgan Anyone know of a way to encrypt by sls file instead of pillar key?
22:02 stanchan joined #salt
22:08 saltslackbridge <gtmanfred> you could just encrypt the entire dictionary like is specified here, and then use gpg and json once it is decrytped? https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html#encrypting-the-entire-cli-pillar-dictionary
22:08 saltslackbridge <gtmanfred> that should work
22:10 Edgan gtmanfred: thanks
22:18 Edgan gtmanfred: why json and not yaml?
22:21 saltslackbridge <gtmanfred> You could do either, technically json is syntactically correct yaml
22:22 Edgan gtmanfred: I am thinking, https://paste.fedoraproject.org/paste/oiCnS~emckw3OBIVgiJayw
22:22 saltslackbridge <gtmanfred> But if you put a dictionary in the gpg instead of yaml, the file will load faster using the json renderer
22:22 saltslackbridge <gtmanfred> I think that will work, but json will be faster was why I said json
22:23 saltslackbridge <gtmanfred> And since you aren't going for readability, why bother with yaml
22:23 Edgan gtmanfred: I am going to try yaml, and if still slow, I will try json. We are currently using pkcs7 per key, it is decrypting everything, and it is killing the master.
22:24 Edgan gtmanfred: More user friendly when writing the file to encrypt
22:24 saltslackbridge <gtmanfred> Fair
22:24 ingy :)
22:25 saltslackbridge <gtmanfred> potentially though, you could just write it and then run it through a yaml renderer to turn to json
22:40 stanchan joined #salt
22:40 ingy I wrote this silly little jyj program https://www.npmjs.com/package/jyj that turns yaml into json or json into yaml
22:41 ingy cat foo.yaml | jyj | jyj | jyj > foo.json
22:54 pipps joined #salt
22:57 pipps joined #salt
22:57 wangofett joined #salt
22:58 iggy yq is like jq for yaml
23:10 hemebond joined #salt
23:20 stanchan joined #salt
23:22 RandyT joined #salt
23:22 RandyT joined #salt
23:44 aCodinMan joined #salt
23:50 aCodinMan joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary