Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-02-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 brokensyntax joined #salt
00:07 exarkun joined #salt
00:39 lkthomas does Salt capable to manage SSL certificate ?
00:42 XenophonF lkthomas: yes
00:42 XenophonF The Devil is in the details, though.
00:43 lkthomas XenophonF, may I know what state should I search for ?
00:43 XenophonF Those are the details I warned you about.
00:43 lkthomas SSL cert always evils, no ?
00:44 XenophonF no I mean there isn't just one way
00:44 XenophonF it's really fact specific
00:44 XenophonF You could use file.managed to push keymat to your minion.
00:44 lkthomas I understand, is there have a way to check root CA contain our cert ?
00:45 XenophonF The key-pair could be stored in the salt:// file system (insecure) or in Pillar data or in some other backend like SDB.
00:45 lkthomas we are using some crazy "unless" statement to check at this moment, which I don't think is the best way
00:45 * XenophonF reaches out with the Force...
00:46 XenophonF nope, mind-reading didn't work - you'll have to be explicit
00:46 XenophonF ;)
00:46 gmoro_ joined #salt
00:46 lkthomas let me dig it up our current setting, wait
00:46 XenophonF there's also the acme module
00:46 XenophonF and letsencrypt-formula
00:47 XenophonF and a bunch of states for working with the windows certificate store
00:49 lkthomas both aren't useful
00:49 lkthomas my coworker haven't push out changes, so I can't see it now
00:51 Ivoz joined #salt
00:53 whytewolf humm. there is always the x509 state ... if you are dareing.
00:53 lkthomas whytewolf, why would you say so ?
00:54 lkthomas it doesn't say anything about root CA
00:57 whytewolf x509 is meant for cert signing in house. again that might not be what you are looking for
01:21 lkthomas okay, thanks anyway
01:21 alfie joined #salt
01:42 shortdudey123 joined #salt
01:43 exarkun joined #salt
02:05 fxhp joined #salt
02:09 shortdudey123 joined #salt
02:24 shortdudey123 joined #salt
02:24 fxhp joined #salt
02:29 cyborg-one joined #salt
02:31 cyborg-one left #salt
02:36 XenophonF lkthomas: there's easy-rsa if you want a quick-and-dirty in-house CA
02:37 XenophonF I wouldn't use that for anything real, thoug.
02:37 XenophonF s/thoug/though
02:38 XenophonF if you want a proper in-house CA, you need a HSM
02:38 XenophonF I know the guys building this one, which is open source - https://cryptech.is/
02:57 ilbot3 joined #salt
02:57 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.9, 2017.7.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
03:11 Eugene file.managed and a copy of your ca.crt is probably the best bet for that scenario.
03:11 Eugene Unless you're doing something crazy with provisioning client certificates?
03:23 exarkun joined #salt
03:28 lkthomas Eugene, that's what we are doing I think
03:28 lkthomas very low tech solution, LOL
03:41 evle joined #salt
04:44 fxhp joined #salt
05:03 exarkun joined #salt
05:34 indistylo joined #salt
05:41 wongster80 joined #salt
06:02 zerocoolback joined #salt
06:04 J0hnSteel joined #salt
06:21 aruns joined #salt
06:50 Hybrid1 joined #salt
06:52 LocaMocha joined #salt
07:06 AvengerMoJo joined #salt
07:18 Hybrid1 joined #salt
07:24 jhauser joined #salt
07:49 pualj joined #salt
07:57 wryfi joined #salt
07:58 SMuZZ joined #salt
07:59 Hazelesque joined #salt
07:59 heyimawesome joined #salt
07:59 hoonetorg joined #salt
08:02 Tucky joined #salt
08:02 shortdudey123 joined #salt
08:04 aldevar joined #salt
08:23 exarkun joined #salt
08:29 cewood joined #salt
08:30 indistylo joined #salt
08:39 darioleidi joined #salt
08:39 Ricardo1000 joined #salt
08:46 lkthomas does salt command being able to do filter ?
08:46 lkthomas seems I am doing the ugly way which is salt '*' something | grep something_else
08:48 MTecknology what?
08:49 lkthomas MTecknology, when I do salt 'device' net.facts, it shows a full dicts, how exactly can I just display a specific result such as interface_list ?
08:53 lkthomas https://russell.ballestrini.net/filter-salt-stack-return-data-output/
08:53 lkthomas I see people do that via python
08:59 darioleidi joined #salt
08:59 do3meli joined #salt
09:01 do3meli hi there - anyone already having experience with parallel true in salt > 2017.7.0 ? https://docs.saltstack.com/en/latest/ref/states/parallel.html the example here is a bit confusing for me. particularly the part "To run the above state much faster make sure that the sleep 5 is evaluated before the nginx state". what is meant by "evaluated" exactly? does this mean the order of states in the .sls is important too ?
09:02 mikecmpbll joined #salt
09:16 inad922 joined #salt
09:16 tobiasvdk joined #salt
09:17 pbandark joined #salt
09:21 taylorbyte joined #salt
09:24 Mattch joined #salt
09:29 mikecmpbll joined #salt
09:32 hojgaard joined #salt
09:35 jhauser joined #salt
09:38 aruns joined #salt
09:42 aruns__ joined #salt
09:48 aruns joined #salt
09:51 kiorky_ joined #salt
09:53 wonko21 joined #salt
10:03 exarkun joined #salt
10:04 Rubin joined #salt
10:06 zerocoolback joined #salt
10:23 onslack <mts-salt> please don't use threads in irc, at this time - they don't appear there
10:28 aruns__ joined #salt
10:34 colegatron joined #salt
10:34 colegatron left #salt
10:35 mbologna joined #salt
10:37 Church- Heh was about to say, what thread? :P
11:00 MTecknology do3meli: 'evaluated before', in this case, is referring to sls ordering.
11:01 MTecknology that's definitely not the best section of docs salt has
11:05 Boulet Hi, I don't understand this error: `[salt.utils.gitfs :265 ][CRITICAL][29710] Invalid git_pillar configuration parameter 'mountpoint' in remote 'master git+ssh://git@gitlab.infra.online.net/jalbinet/salt-pillars.git'. Valid parameters are: env, root, ssl_verify, refspecs, name`. Doc: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.git_pillar.html#mountpoints  Any hint on this please ?
11:06 Boulet Sorry long paste ..
11:07 oida_ joined #salt
11:08 Boulet My ext_pillar config: https://0bin.net/paste/SWK-64rqTurCnRYA#7tIejcSoRqqNHvt9s0Phh36cTmYYNZ+JBPQTGkz21ac
11:11 onslack <mts-salt> the error message says that mountpoint is not a valid parameter
11:12 onslack <mts-salt> the doc you links is for git_pillar, rather than ext_pillar
11:12 onslack <mts-salt> having said that, i see the example
11:12 onslack <mts-salt> which version is your master?
11:13 Boulet Commit for mountpoint in git_pillar: https://github.com/saltstack/salt/pull/39629/commits
11:13 Boulet My master version is  `salt-master 2017.7.3 (Nitrogen)`
11:15 Rubin joined #salt
11:26 onslack <mts-salt> it looks like it /should/ be working to me, but i haven't used that in my config - yet. good to know it exists tho, that may well solve one of our deployment concerns :)
11:27 do3meli MTecknology: thanks for clarification
11:43 exarkun joined #salt
11:46 Boulet This line https://github.com/saltstack/salt/blob/2017.7/salt/pillar/git_pillar.py#L499 erase `PER_REMOTE_ONLY` with `(name,)` so `mountpoint` isn't allowed, no ?
11:48 onslack <mts-salt> l493 includes mountpoint for me
11:49 Boulet l499 erase `PER_REMOTE_ONLY` with `salt.utils.gitfs.PER_REMOTE_ONLY`
11:49 onslack <mts-salt> .. which doesn't. i see
11:51 Boulet It seems to be beetween 5f90812b122bf8b78ddbf94e99cccdbd4cc19203 and 120f49f2c4ec0bb2f36e94d294cd4c15a878b350
11:51 onslack <mts-salt> i suggest you either append to the (closed) issue or open a new one and reference the pr
11:52 onslack <mts-salt> the author of that feature is probably asleep right now and will get to it later :)
11:55 Boulet I will, thx
11:56 onslack <mts-salt> spot on, commit 5f90812b122bf8b78ddbf94e99cccdbd4cc19203 (by the same author) broke it
11:58 onslack <mts-salt> although the merge order may be different, commit e2bd8a809ca2d017d5e762c04c6ade695d31fab2 was older but perhaps merged afterwards
11:58 Boulet I'm not so sure, there is just only one `PER_REMOTE_ONLY` :)
11:58 Boulet Yes, maybe
11:59 onslack <mts-salt> throw all this in the issue, every bit helps :)
12:03 onslack <mts-salt> looks like this may be related to issue 42506
12:05 onslack <mts-salt> but not fixed by it
12:09 evle joined #salt
12:10 aruns joined #salt
12:28 Boulet Issue: https://github.com/saltstack/salt/issues/46128
12:34 darix joined #salt
12:39 McNinja joined #salt
12:41 rkhadgar joined #salt
12:47 GrisKo joined #salt
12:56 rkhadgar joined #salt
13:03 Ricardo1000 joined #salt
13:08 Alekhya joined #salt
13:18 Hybrid joined #salt
13:20 Cluepon 4
13:20 Nahual joined #salt
13:28 exarkun joined #salt
13:36 Hybrid joined #salt
13:43 edrocks joined #salt
13:57 inad922 joined #salt
14:06 cgiroua joined #salt
14:06 aruns joined #salt
14:30 spiette joined #salt
14:30 tom[] joined #salt
14:31 gh34 joined #salt
14:35 edrocks joined #salt
14:38 pualj joined #salt
14:40 racooper joined #salt
14:47 JohnnyRun joined #salt
15:40 inad922 joined #salt
15:40 XenophonF are the |yaml and |yaml_encode filters equivalent for scalar data (especially strings)?
15:45 sh123124213 joined #salt
15:47 daks hello
15:47 dRiN joined #salt
15:47 daks I wonder if pillars are stored somewhere on the salt minion
15:48 daks and if saltutil.refresh_pillar refresh pillars on the minion or on the master ?
15:48 daks i searched and only find in /var/cache/salt pillars on the master
15:48 daks *found
15:48 onslack <mts-salt> i believe pillars are held in memory only
15:50 NightMonkey joined #salt
15:51 viq And refresh_pillar refreshes them on the minion
16:13 tiwula joined #salt
16:14 daks okay, thanks
16:21 XenophonF I'm getting a really weird render error - https://gist.github.com/xenophonf/def3beeb9739c1c89d3ce2c7bd738cb8
16:22 XenophonF sorry for the censoring but it's from my Pillar data
16:22 XenophonF I have an SSH key-pair in Pillar.
16:23 XenophonF and what's happening is that the comment field from the public key gets rendered on its own line and indented two spaces, so it looks to the YAML parser like it ought to be a dictionary key
16:23 XenophonF hence the error about a missing colon
16:23 onslack <mts-salt> should line 8 end with pipe?
16:24 XenophonF no because if you look at the SLS, I'm using the |yaml renderer to serialize the string
16:25 onslack <mts-salt> sure, but the jinja rendered content is still then parsed as yaml after that. try adding the pipe
16:25 XenophonF maybe I'm not making sense - the pipe isn't necessary because the filter renders it as a properly escaped multi-line YAML string
16:25 onslack <mts-salt> if in doubt, use cp.get_file_str to eyeball the rendered content, and maybe even throw the result through a yaml linter
16:26 kukacz_ joined #salt
16:27 onslack <mts-salt> i think i saw someone with a similar issue. i can't remember the details, but using the pipe was definitely the solution there
16:28 XenophonF my point is that the multi-line string isn't the error here
16:28 onslack <mts-salt> the rendered content looks like it is. perhaps try ruling that out using cp.get_file_str first
16:28 XenophonF the error is because the previous string is somehow getting deserialized incorrectly
16:29 XenophonF the entirety of line 10 in the log file should be on line 9
16:31 onslack <mts-salt> given that the offending line is a public key, you could pastebin the real content. however, i maintain that looking at the output from jinja before it gets parsed as yaml remains your best option for diagnosing where exactly the problem lies
16:33 viq XenophonF: seems like you missed : on line 10 ?
16:34 beardedeagle joined #salt
16:35 _JZ_ joined #salt
16:41 rkhadgar joined #salt
16:41 rkhadgar joined #salt
16:54 rivyn joined #salt
17:06 aldevar left #salt
17:08 XenophonF again that's my point - line 10 shouldn't exist
17:09 XenophonF if you look at pillar.sls in the linked gist, you'll see that the value of pubkey is a string - and a single-line string at that
17:09 XenophonF somehow the |yaml filter outputs pubkey on two lines
17:13 XenophonF I can't seem to reproduce it using file.managed.
17:15 XenophonF strike that
17:15 XenophonF I was able to reproduce it
17:17 XenophonF looks like a bug in the |yaml filter
17:17 Edgan XenophonF: Can you give the file.managed example? My impression is you are doing this the hard way.
17:17 XenophonF its output of string values should be identical to |yaml_encode
17:18 onslack <mts-salt> i can't say i'm surprised, this is the same outcome as last time
17:18 Edgan XenophonF: I think we have had this conversation before about why use |yaml at all.
17:21 Edgan XenophonF: This is my one use case for |yaml, https://paste.fedoraproject.org/paste/ONVxg1JlDpKh2n5l0fM0nw
17:23 XenophonF this is a bug in the |yaml serializer
17:24 XenophonF it should output the same thing as |yaml_encode when given a string value
17:24 Edgan XenophonF: I understand there is a bug, but why make life hard on yourself and require |yaml in the first place? Couldn't you format your pubkeys as properly formatted yaml instead of a single line?
17:25 XenophonF I'm using import_text to store things like SSH keypairs in their native format.
17:27 XenophonF It used to be that the |yaml filter didn't handle scalar values, so I've got a lot of templates where I have to detect scalars+strings vs sequences+mappings
17:27 XenophonF I was hoping to simplify them all down to just calls to |yaml.
17:30 raddessi joined #salt
17:32 onslack <mts-salt> is there a reason you're not able to use the literal format, using pipe?
17:32 Edgan mts-salt: exactly
17:32 Edgan XenophonF: https://paste.fedoraproject.org/paste/wSeLpc6uuA12JgvDHb30Kg
17:32 Edgan XenophonF: that is how I do it
17:33 Edgan XenophonF: format it in pillars, not through |yaml
17:34 onslack <mts-salt> i do like contents_pillar, but sometimes you do just want it in a single state rather than held in pillar where it could theoretically be queried from anywhere
17:34 XenophonF I don't know how to make myself understood.  I'm sorry.
17:35 Edgan XenophonF: Are you trying to talk about a unified way of doing many things alike, not just this ssh example?
17:35 XenophonF yes
17:35 Edgan XenophonF: Then give better examples :)
17:36 Edgan XenophonF: Because for ssh keys, |yaml is the hard way
17:36 XenophonF I don't use inline YAML because I've got (among other things) GPG-encrypted data that's a PITA to manipulate when inline.
17:36 Edgan XenophonF: I do gpg encrypted data too in pillars now
17:37 raddessi is there any way to have salt fail a state if it refernces encrypted data where the gpg decryption fails? currently it will just pass and use the encrypted data which is not good
17:37 XenophonF import_text makes it really easy to load PEM-encoded or ASCII-armored files, which my text editor will transparently encrypt/decrypt
17:37 XenophonF same goes for data stored in XML or JSON
17:38 onslack <mts-salt> so keep using import_text, but render it without |yaml using literal | instead
17:38 XenophonF mts-salt: that doesn't guarantee proper escaping of the resulting YAML string literal
17:38 XenophonF |yaml and |yaml_encode do
17:38 onslack <mts-salt> literal is designed not to require escaping
17:38 Edgan XenophonF: Are you only putting the encrypted data in pillars?
17:40 Trauma joined #salt
17:41 Edgan raddessi: Which style of encrypt are you suing?
17:41 Edgan using
17:42 raddessi gpg, are there multiple styles of that?
17:42 pualj joined #salt
17:42 XenophonF Edgan, mts-salt: this is how I use import_text and |yaml_encode - https://github.com/irtnog/salt-pillar-example/tree/master/login/example/com
17:43 XenophonF in Emacs I have epa-file enabled, which allows me to edit the .gpg files transparently.
17:43 XenophonF much easier than cutting/pasting/re-indenting encrypted blobs all the time
17:44 Edgan XenophonF: Why not encrypt use this style for each encrypted file instead of making it raw, https://paste.fedoraproject.org/paste/ONVxg1JlDpKh2n5l0fM0nw
17:44 Edgan Encryption: cat ~/pillar.yml | gpg --armor --batch --trust-model always --encrypt -r Saltstack | sed '1i #!gpg|yaml' > settings.sls
17:44 Edgan Decryption: cat settings.sls | gpg --armor --batch --trust-model always --decrypt -r Saltstack -q
17:46 Edgan Then your formula doesn't have to know anything about encryption, it just consumes decrypted pillars
17:46 Edgan raddessi: yes
17:47 ingy hi. I'm one of the inventors of yaml. I don't know too much about salt, but I have an idea...
17:47 XenophonF Edgan: your paste is taking forever to load :(
17:48 XenophonF let me look up the salt-users post I made to describe this better
17:48 ingy it seems that you are templating in multiline strings into yaml values. if you quote them like '{{ ... }}' yaml won't worry about the indentation
17:49 ingy as long as the values don't contain a '
17:49 XenophonF therein lies the rub
17:49 onslack <mts-salt> literal doesn't have that problem
17:49 raddessi Edgan: I'm not encrypting entire pillars but instead putting inline PGP blocks as values
17:49 XenophonF the YAML serialization filters guarantee proper escaping for any string value
17:50 ingy which you could easily escape to ''
17:50 Edgan XenophonF: https://pastebin.com/2PfSLqSb
17:50 XenophonF I don't want to have to serialize stuff myself.
17:50 XenophonF That's why I'm using the |yaml and |yaml_encode filters
17:50 ingy mts-salt: yaml block literals, you mean?
17:51 XenophonF https://groups.google.com/forum/#!searchin/salt-users/epa-file%7Csort:date/salt-users/hXmrcq32MkY/1pywfOk_AQAJ
17:51 GrisKo joined #salt
17:52 XenophonF having stuff live outside of the SLS file also makes editing it easier
17:52 XenophonF to give another example, I templated the configuration of my Shibboleth IdPs and SPs
17:52 Edgan XenophonF: Since it is still encrypted, and I still have to decrypt, I don't see it changes much.
17:53 Edgan XenophonF: It really just seems to be format the yaml myself vs use |yaml
17:53 onslack <mts-salt> XenophonF: that's precisely the format, but you're missing my point. you can have jinja output the multi-line data for you, having read it in using import_text as you already are, and use literal format to render it as per that link. the resulting text output by jinja will then be parsed as the original multi-line data when salt runs it through yaml
17:54 Edgan XenophonF: This is where a good editor like Atom comes in handy. Select block, hold shift, hit tab, watch the whole block indent. Or I think it is ctrl-tab unindents.
17:54 onslack <mts-salt> bluntly: key: |\n  {{ content }}
17:54 ingy mts-salt: content needs proper indentation then
17:55 XenophonF and escaping
17:55 XenophonF which you have to do yourself
17:55 ingy no
17:55 ingy literals have no escaping
17:55 onslack <mts-salt> jinja does indentation, yes. escaping IS NOT REQUIRED for literal
17:55 onslack <mts-salt> if you want to force the indent then you can do it trivially with {{ content|indent(4) }}
17:55 onslack <mts-salt> but i believe it does it for you automatically otherwise
17:56 onslack <mts-salt> <http://www.yaml.org/spec/1.2/spec.html#id2795688>
17:56 ingy mts-salt: how does it know the indentation?
17:56 XenophonF ah got it
17:56 onslack <mts-salt> the jinja renderer expands it during evaluation of {{ }} blocks
17:57 onslack <mts-salt> single line content wants |yaml_encode
17:57 onslack <mts-salt> multi-line wants literal. it really is that easy
17:57 onslack <mts-salt> s/expands it/matches indentation of multi-line data/
17:58 ingy literal scalars were my idea, btw :)
17:58 ingy mts-salt: I see
17:58 onslack <mts-salt> clever people have already done the hard work :)
17:59 * Miuku finds whoever came up with yaml and breaks their neck.
18:00 XenophonF note that |yaml_encode is generic and doesn't require I know anything about the input string
18:00 XenophonF thank you all for the help :)
18:00 XenophonF sorry I'm being dense
18:00 onslack <mts-salt> looking at the top of that spec, ingy is indeed to blame :D
18:00 * ingy hugs everyone
18:01 XenophonF I'm still going to file a bug on the |yaml filter b/c I think that "string"|yaml === "string"|yaml_encode, and I have a case here where it doesn't.
18:01 MTecknology Miuku: Whats the issue with yaml?
18:01 onslack <mts-salt> i wonder why they're different filters if they're expected to always have identical output
18:01 XenophonF |yaml used to not handle scalars if I recall correctly
18:02 XenophonF but that might have been a few major versions of Salt ago
18:02 onslack <mts-salt> i wonder if one of them is from jinja and the other is from salt
18:02 ingy MTecknology: I think it was a troll. Always hug trolls...
18:02 * MTecknology hugs XenophonF
18:02 MTecknology :D
18:02 ingy lol
18:03 Edgan mts-salt: Time to look at the code. :)
18:03 XenophonF i love you all
18:03 XenophonF :)
18:03 onslack <mts-salt> interesting. yaml_encode is an inline filter, yaml is a file filter
18:04 ingy mts-salt: how do the filters distinguish between the 3 single line quoting styles?
18:04 onslack <mts-salt> the latter is basically trying to _read_ content and output yaml variables. if used in jinja then you're relying on jinja's default serialiser to output content
18:05 onslack <mts-salt> so |yaml should never be used inside {{ }} blocsk
18:06 onslack <mts-salt> the correct filter for inline escaping is yaml_encode, as per <https://docs.saltstack.com/en/latest/topics/jinja/index.html#yaml-encode>
18:06 onslack <mts-salt> i still prefer literals for multi-line data, simply because it's easier to glance at the template and see that it's going to be multi-line
18:06 ingy seems ansible does jinja expansion *after* yaml load, which is more limiting, but much simpler
18:07 onslack <mts-salt> and on that note, i'm off home. enjoy
18:07 ingy yaml 1.3 is considering adding an annotation syntax, through which you can do all these kinds of things
18:07 rome_390 joined #salt
18:20 armyriad joined #salt
18:31 mikecmpbll joined #salt
18:33 MTecknology joined #salt
18:35 edrocks joined #salt
18:41 swa_work joined #salt
18:44 Arabus joined #salt
18:47 jasonrm joined #salt
18:55 XenophonF I don't understand mts-salt's comment about the |yaml filter.
18:55 XenophonF https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#salt.utils.jinja.SerializerExtension
18:56 XenophonF the docs there say, that's how you use it
18:57 zerocoolback joined #salt
18:58 major joined #salt
19:08 gmoro joined #salt
19:13 gtmanfred joined #salt
19:13 whiteinge joined #salt
19:13 whiteinge joined #salt
19:15 gmoro_ joined #salt
19:18 inad922 joined #salt
19:19 lordcirth_work I'm trying to test changes to file.check_file_meta, but running it on the command line keeps returning: "Passed invalid arguments to file.check_file_meta: unified_diff() argument after * must be an iterable, not NoneType"
19:20 lordcirth_work salt '*' file.check_file_meta name=/root/sshd_config sfn=/root/sshd_config_2 source=/root/sshd_config_2 source_sum='{hash_type: 'sha256', 'hsum': 739cf2eec1baad12cbd0d722b6941f01100e3a7e8a0dbbb66d7caea08911fd05}' user=root, group=root, mode='755' attrs=None saltenv=base contents=None
19:30 swa_work joined #salt
19:31 df3nse joined #salt
19:37 XenophonF shouldn't source_some be quoted as follows?  '{"hash_type": "sha256", "hsum": "739cf2eec1baad12cbd0d722b6941f01100e3a7e8a0dbbb66d7caea08911fd05"}'
19:38 XenophonF omg source_sum I mean sorry got a lose connection between the keyboard and chair
19:38 XenophonF loose
19:38 * XenophonF head-desks
19:39 inad922 joined #salt
19:41 lordcirth_work XenophonF, same error
19:42 ymasson joined #salt
19:42 XenophonF can you run that locally via salt-call, tack on -l debug, and post the output?
19:42 lordcirth_work The example actually says: '{hash_type: 'md5', 'hsum': <md5sum>}'  with hash_type unquoted and hsum quoted.  odd.
19:43 lordcirth_work XenophonF, http://paste.ubuntu.com/p/vxrCcVjVjN/
19:48 aldevar joined #salt
20:00 CeBe hi, I am getting "No matching sls found for 'neo4j' in env 'base'" when I try to run salt-ssh to apply states, files are in a none default location, so I use --config-dir= option
20:01 CeBe is there a way to list all states to get an idea how salt sees my state files?
20:02 CeBe I have   file_roots:  base:   - states   in my master config, and states are in "states" directory. Had this working in a different environment without issues already.
20:03 lordcirth_work CeBe, 'states' relative to what?
20:04 swa_work joined #salt
20:04 CeBe relative to the config-dir I assume
20:05 CeBe but "relative" is a good point need to check that
20:06 CheckYourSix joined #salt
20:07 CeBe aha, I assumed that root_dir would be prepended to relative paths in file_roots too. that does not seem to be the case, thanks lordcirth_work!
20:07 lordcirth_work np.  When in doubt, use absolute paths :P
20:21 inad922 joined #salt
20:49 CeBe lordcirth_work: that was the problem, everything is working now :)
20:52 XenophonF lordcirth_work: that's a super weird error in the traceback
20:52 XenophonF backtrace
20:52 XenophonF it looks like the second argument to file.check_file_meta is a salt:// URL
20:52 XenophonF is that how you're calling it?
20:54 XenophonF I could be wrong.  The docs on that function are confusing, and I didn't RTFS.
21:02 lordcirth_work XenophonF, I wrote my arguments above in this channel^
21:03 lordcirth_work To try to eliminate confusion, I used keywords for all
21:33 systemexit joined #salt
21:40 fxhp joined #salt
21:40 aldevar left #salt
21:44 onlyanegg joined #salt
21:44 aldevar joined #salt
21:47 onlyanegg Hi, all. Is there an execution module (or something) to help a minion decide whether it matches a target and target type? For docker swarm, I'd like my minions to be able to run state.apply docker.swarm and be able to choose whether to join the swarm as a manager or as a worker based on a target and target type. For example, all minion ids that start with dckmgr should join as a manager.
21:48 whytewolf you mean like a match module? that might go by salt.modules.match?
21:52 onlyanegg that seems right. Thanks, whytewolf!
22:01 gmoro joined #salt
22:04 gmoro joined #salt
22:17 aldevar left #salt
22:37 ponyofdeath joined #salt
22:44 JohnnyRun joined #salt
22:57 jhauser joined #salt
23:31 zulutango joined #salt
23:55 zambz joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary