Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-04-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 whytewolf as for a catch all that is why i wrote this orchestration https://github.com/whytewolf/salt-phase0-orch/blob/master/orch/sys/salt/update.sls
00:00 onslack joined #salt
00:03 Edgan whytewolf: Seems like there is, but I can't find the right name, fileserver.ls  ?
00:04 whytewolf fileserver.dir_list or fileserver.file_list?
00:05 Edgan salt-run fileserver.dir_list  not salt
00:06 whytewolf yes
00:06 whytewolf it is a runner
00:06 whytewolf for salt you would use cp.list_master
00:07 whytewolf which will show how the minion sees the fileserver
00:08 Edgan Hmm, seems to work, but worried it is a cache. fileserver.file_list isn't showing a _grains/map.jinja via the mount
00:09 whytewolf if it is a cache it is master side so fileserver.clear_cache
00:09 Edgan Oh, the mount works backwards :\
00:10 Edgan whytewolf: oh, and my pillars are encrypted
00:10 Edgan whytewolf: It mounts the repo as the path you say, not the path from the git repo
00:10 Edgan Which explains why it probably didn't work for pillars
00:11 whytewolf ohhhhh, you were thinking of root
00:11 seffyroff hmm, skimming the docs - it looks like gitfs config goes on the master - can I use GitFS with masterless?
00:11 Edgan whytewolf: another option that is sane?
00:12 whytewolf sane? what is sane anymore
00:12 whytewolf seffyroff: yes you can use gitfs with masterless. most configs that work for master work for the minion in masterless mode
00:12 Edgan seffyroff: Probably will work if you use a Saltfile and define a master file. That is what I do for salt-ssh. Though gitfs and salt-ssh is even more complicated
00:13 Edgan whytewolf: the way you said root sounded like it was another option
00:13 whytewolf root is another option sorry
00:13 seffyroff well, I'm provisioning via Terraform, which ssh's in to the target and bootstraps salt-minion as far as I can tell
00:13 dendazen joined #salt
00:14 whytewolf Edgan: https://docs.saltstack.com/en/latest/ref/configuration/master.html#git-pillar-root
00:16 Edgan whytewolf: I would have to make _grains/map.jinja instead foo/_grains/map.jinja and then mount foo, which would still cause problems
00:16 xet7 joined #salt
00:17 whytewolf - root: foo
00:17 Edgan whytewolf: yes, but that would be for pillars, but then would break the existing path in formulas
00:18 Edgan whytewolf: I need a include this path from this git repo, but nothing else
00:18 Edgan and without having to restructure the git repo
00:18 cgiroua joined #salt
00:20 whytewolf okay... i don't think an option like that exists
00:20 Edgan whytewolf: probably my best bet would be a third get repo
00:20 Edgan git repo
00:20 Edgan whytewolf: It would only be the _grains/map.jinja
00:20 Edgan whytewolf: Then I don't accidentally get more stuff
00:21 Edgan and I don't even have to use the mount option
00:21 whytewolf that might be a better option anyway. I've been toying with the idea of subdividing my repos more anyway. so that i can have one where i just file.recurse: /
00:21 Edgan I know people who make a git repo per formula, but that would drive me crazy
00:22 whytewolf I don't go by formula i go by function.
00:22 cliluw joined #salt
00:22 whytewolf orchs, files, pillar, states, modules, and top
00:22 Edgan You make the formulas top.sls it's own git repo?
00:23 whytewolf yeah.
00:23 Edgan whytewolf: pillar top.sls another git repo?
00:23 whytewolf no, it also isn't a project
00:23 whytewolf https://github.com/whytewolf/dyn_salt_top
00:24 Edgan Oh, fun
00:24 whytewolf I put the fun in dysfunctional
00:25 Edgan whytewolf: I am already doing a jinja based pillar top.sls, I want to make it a first class matcher like grains
00:25 Edgan whytewolf: Would make my pillar top.sls much cleaner
00:27 whytewolf I might explore something like that down the road. but till then a static top.sls for pillar works for my needs.
00:28 Edgan whytewolf: So much better than hostname matching with regex, https://pastebin.com/HenE0kvt
00:30 whytewolf humm, I worry about anything that says grain.* being used to target anything .secrets
00:30 whytewolf but that is just my paranoia
00:31 Edgan whytewolf: this is jinja, and grain could be renamed anything, it is just a jinja variable name. You could call it naming.
00:32 whytewolf i know. like i said just my pranoia. so used to having to slap hands for people using grains other than id for targetting.
00:32 whytewolf in pillar
00:32 Edgan yeah
00:32 Edgan whytewolf: we have far worse right now
00:33 Edgan whytewolf: We are using salt hiera and everything in the env can see all the secrets
00:33 whytewolf yuk
00:33 Edgan I need to convert hiera to pillars and fix that
00:33 Edgan But I have to do it clean, so it doesn't break everything and there are years worth of hiera
01:36 xet7 joined #salt
01:37 colegatron joined #salt
01:38 exarkun joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2017.7.5, 2018.3.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
01:56 xet7 joined #salt
01:56 shiranaihito joined #salt
02:14 xet7 joined #salt
02:16 zerocoolback joined #salt
02:27 masuberu joined #salt
02:30 stooj joined #salt
02:40 Larri joined #salt
02:41 shred joined #salt
02:49 Larri joined #salt
03:05 shred joined #salt
03:15 VR-Jack2-H joined #salt
03:16 evle joined #salt
03:25 xet7 joined #salt
03:33 masuberu joined #salt
03:35 masber joined #salt
03:39 shred joined #salt
04:16 tzero hmm, using match:grain for pillar is considered harmful?
04:20 tiwula joined #salt
04:28 MTecknology for anything but id to distribute private data, yes
04:31 dxiri joined #salt
04:33 tzero what about custom grains? i.e. what's the harm?
04:36 MTecknology how are you configuring those custom grains?
04:36 MTecknology I mean... the answer doesn't really matter, but I'm wondering if I can use your answer to answer that. (being lazy)
04:37 tzero I seed the environment name (part of the id, e.g. app1.${env}) with Terraform
04:38 tzero technically I guess it's the same as match *.${env} instead of match: grain, so I was curious if there was a problem I was creating by doing that
04:38 Bochi joined #salt
04:39 MTecknology so you're using a tool that writes the grains into the minion config..
04:39 tzero right, the minion is configured with the env and server's role, both as grains
04:39 MTecknology so what happens if an attacker arbitrarily changes those values after a successful compromise?
04:40 lompik joined #salt
04:40 hoonetorg joined #salt
04:40 tzero they're not public-internet facing, but that is a good point.. id is tied to the key accepted by the master, right?
04:41 tzero then again, I have autosign = True on the master too
04:41 tzero err, autosign_file with '*'
04:41 MTecknology who cares if it's public facing?
04:42 MTecknology internal only is no excuse for a lack of security
04:45 tzero sure, it's a step up from the previous situation though, got relatively bigger fish to fry on that front first, so it's still a worthy stopgap if nothing else
04:47 tzero is there an complete example salt configuration set that is recommended as a starting point, e.g. more complex than the getting started examples, but not completely crazy
04:47 xet7 joined #salt
04:56 JawnAuz tzero, something like this, maybe? https://muchbits.com/saltstack-by-example1.html
04:58 exarkun joined #salt
05:07 MTecknology tzero: I have a demo setup on github. I've been re-engineering that during a complete client rework, but it's proven relatively solid up until these weird fellers.
05:12 lompik joined #salt
05:13 tzero JawnAuz: that's well-written, but not nearly in-depth enough; I'm looking more for best practices, and potential pitfalls. the docs are great, and provide bits and pieces for doing nearly anything, but it's not clear which of those pieces and combinations thereof are encouraged over others
05:14 tzero that's probably something that just comes with experience, but I'm lazy and impatient ;)
05:16 MTecknology That's exactly why I created the demo..
05:16 tzero ah, nice.. your github username is very logical
05:19 tzero oo this is nice, thanks!
05:25 sauvin joined #salt
05:31 dxiri joined #salt
05:34 Bochi joined #salt
05:36 xet7 joined #salt
05:48 colegatron joined #salt
06:21 nku joined #salt
06:21 tobias joined #salt
06:27 briner joined #salt
06:28 Guest73736 left #salt
06:33 tobias_ joined #salt
06:34 briner_ joined #salt
06:43 stooj joined #salt
06:48 briner_ joined #salt
06:53 Bochi_ joined #salt
06:55 awerner joined #salt
06:57 JawnAuz joined #salt
06:59 JawnAuz Anyone here refresh my memory on a good way to rename a minion via the Master? Trying to insert a new ~/minion.d/*.conf file with an "id: [new_id_here]" line and restarting the salt-minion on the machine doesn't seem to cut it without doing something with the currently accepted key/re-accepting. I have an auth trigger for accepting new keys, but not sure how to cleanly rename and trigger a new auth... Assuming I need to also delete the key
06:59 JawnAuz somewhere along the process.
07:03 jrenner joined #salt
07:05 Bochi_ joined #salt
07:06 mbologna joined #salt
07:17 evle joined #salt
07:19 Hybrid joined #salt
07:30 q1x joined #salt
07:32 darioleidi joined #salt
07:32 nku joined #salt
07:33 Pjusur joined #salt
07:37 zerocoolback joined #salt
07:39 xet7 joined #salt
07:44 tyx joined #salt
07:46 rollniak joined #salt
07:52 lompik joined #salt
07:59 Bochi_ joined #salt
08:00 DanyC joined #salt
08:03 bdrung_work joined #salt
08:08 Ricardo1000 joined #salt
08:09 mikecmpbll joined #salt
08:10 Cadmus If you change the minion id don't you need to wipe out the keys so they get regenerated?
08:14 eMBee Cadmus: it gets regenerated when you restart the minion
08:17 zerocoolback joined #salt
08:25 xet7 joined #salt
08:29 DanyC joined #salt
08:35 nku joined #salt
08:49 cbosdonnat joined #salt
08:53 xet7 joined #salt
09:00 Elsmorian joined #salt
09:01 Naresh joined #salt
09:22 briner_ joined #salt
09:36 zulutango joined #salt
09:41 nku joined #salt
09:58 exarkun joined #salt
10:03 CrummyGummy joined #salt
10:18 ciastek joined #salt
10:21 J0hnSteel joined #salt
10:27 Bochi_ joined #salt
10:38 Hybrid joined #salt
10:38 dxiri joined #salt
10:39 johno_ joined #salt
10:41 johno_ joined #salt
10:42 johno_ left #salt
10:46 K0HAX joined #salt
10:48 nku joined #salt
10:49 Pjana joined #salt
10:52 rollniak joined #salt
10:56 stooj joined #salt
11:05 Hybrid joined #salt
11:12 Bochi_ joined #salt
11:30 darioleidi joined #salt
11:43 nku joined #salt
11:54 dendazen joined #salt
11:55 briner_ joined #salt
12:03 briner_ joined #salt
12:07 jerematic joined #salt
12:19 Nahual joined #salt
12:47 ecdhe joined #salt
12:58 Hybrid joined #salt
12:58 mchlumsky joined #salt
13:01 xet7 joined #salt
13:03 tyx joined #salt
13:12 briner_ joined #salt
13:18 racooper joined #salt
13:20 stewgoin joined #salt
13:32 Elsmoria_ joined #salt
13:36 DammitJim joined #salt
13:39 AngryJohnnie joined #salt
13:41 Elsmorian joined #salt
13:49 tyx joined #salt
13:50 briner_ joined #salt
13:50 dxiri joined #salt
13:59 englishm_work joined #salt
14:03 xet7 joined #salt
14:15 mavhq joined #salt
14:19 AngryJohnnie joined #salt
14:24 Hybrid joined #salt
14:26 cgiroua joined #salt
14:35 JAuz joined #salt
14:37 nixjdm joined #salt
14:37 blu_ joined #salt
14:38 v12aml joined #salt
14:38 JawnAuz__ joined #salt
14:39 JawnAuz__ joined #salt
14:40 Elsmoria_ joined #salt
14:44 evle2 joined #salt
14:49 nixjdm_ joined #salt
14:52 megamaced joined #salt
14:55 ecdhe joined #salt
14:58 JawnAuz joined #salt
15:10 jeremati_ joined #salt
15:11 jeremati_ joined #salt
15:12 DanyC joined #salt
15:13 v12aml joined #salt
15:13 senfgurke joined #salt
15:18 Larri joined #salt
15:21 crux-capacitor joined #salt
15:23 briner_ joined #salt
15:24 crux-capacitor joined #salt
15:27 crux-capacitor joined #salt
15:30 crux-capacitor joined #salt
15:32 xet7 joined #salt
15:35 AngryJohnnie joined #salt
15:38 PsionTheory joined #salt
15:39 Elsmorian joined #salt
15:40 dxiri joined #salt
15:47 sjorge joined #salt
15:49 cliluw joined #salt
15:56 pcdummy_ joined #salt
15:58 jerematic joined #salt
15:59 crux-capacitor has anyone used the options for retrying states? https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
15:59 crux-capacitor I'm wondering if there's a way to use them to retry one command in a state (if it fails) after another command has been run
16:03 pcdummy joined #salt
16:04 briner_ joined #salt
16:05 JacobsLadd3r joined #salt
16:06 briner_ joined #salt
16:07 briner_ joined #salt
16:09 rivyn joined #salt
16:17 briner_ joined #salt
16:23 Mousey joined #salt
16:25 briner joined #salt
16:28 AngryJohnnie joined #salt
16:37 Elsmorian joined #salt
16:44 sjorge joined #salt
16:51 pf_moore joined #salt
17:00 crux-capacitor joined #salt
17:00 xet7 joined #salt
17:03 Bochi_ joined #salt
17:10 rollniak joined #salt
17:13 stooj joined #salt
17:41 xet7 joined #salt
17:47 Rr4sT joined #salt
17:50 demize joined #salt
17:53 bdrung_work joined #salt
17:55 mikecmpbll joined #salt
18:00 ymasson joined #salt
18:04 xet7 joined #salt
18:10 orichards joined #salt
18:13 bdrung_work joined #salt
18:14 AngryJohnnie joined #salt
18:15 jeremati_ joined #salt
18:21 fl3sh joined #salt
18:27 gh34 joined #salt
18:28 BitBandit joined #salt
18:31 orichards joined #salt
18:35 orichards1 joined #salt
18:38 gh34 joined #salt
18:42 briner joined #salt
18:46 Hybrid joined #salt
18:55 orichards joined #salt
18:58 orichards1 joined #salt
19:00 DanyC joined #salt
19:02 mauli_ joined #salt
19:11 ThomasJ joined #salt
19:12 UForgotten_ joined #salt
19:24 tiwula joined #salt
19:24 nixjdm joined #salt
19:27 AngryJohnnie joined #salt
19:29 blu_ joined #salt
19:32 JacobsLadd3r joined #salt
19:48 spacefrog joined #salt
19:51 Deliant joined #salt
19:53 spacefrog is there a reason why salt win-host pkg.install does not update the existing packages i tell it to install?
19:53 spacefrog apparently salt -G 'os:windows' pkg.upgrade doesn't work either
19:54 spacefrog said packages have upgrades pending
19:56 djinni` joined #salt
19:57 briner joined #salt
19:59 Neighbour spacefrog: isn't that pkg.latest?
20:01 MTecknology spacefrog: because... read the documentation for pkg.installed and pkg.latest.
20:09 Hybrid joined #salt
20:17 breshead joined #salt
20:24 mianosm spacefrog: why you so salty with trevorh ?
20:25 whyzgeek joined #salt
20:32 nixjdm joined #salt
20:35 spacefrog mianosm, lol. he's a douche
20:36 spacefrog i used to have another nickname which he banned in centos cause apparently that's a family channel or something
20:36 spacefrog his claim was that underage users can be in that channel at any time
20:37 spacefrog like anybody under the age of 18 gives 2 shits about CentOS
20:37 mianosm interesting, I never had too much issue in centos, but #fedora was really strict.
20:37 spacefrog the world's most boring OS
20:37 mianosm boring is good sometimes, everything has its place.
20:37 spacefrog i've got nothing against the OS, in fact it's my server OS of choice
20:39 spacefrog MTecknology, i was reading the docs: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_pkg.html#salt.modules.win_pkg.install
20:40 spacefrog anyhoo, i'll give that a try
20:42 MTecknology In what way was "trevorh" ever remotely on topic?
20:42 spacefrog sorry
20:42 spacefrog i'm gonna throw mianosm under the bus
20:42 spacefrog anyway, i was trying pkg.upgrade
20:43 spacefrog but it doesn't seem to work
20:43 spacefrog hence why i tried to fall back on pkg.install
20:43 Church- So I must leave my lovely salt stack soon. :/
20:43 MTecknology "doesn't work" is a pretty useless statement if you're trying to get any help at all
20:43 Church- Pretty decent chance I'm taking a second gig using Ansible. Ugh.
20:44 whytewolf that sucks. but at least it isn't puppet
20:44 spacefrog MTecknology, it doesn't seem to do anything when i target hosts with grains using the os as the grain identifier
20:44 whytewolf or chef
20:44 spacefrog in mean in windows
20:44 spacefrog it works fine in linux
20:44 whytewolf spacefrog: have you updated the winrepo?
20:44 spacefrog whytewolf, yes
20:45 Church- Yeah, course I should be making a nice $80K. Which will be very nice comparative to what I make now.
20:45 Church- So meh, I can be fungible. A tools a tool.
20:46 spacefrog whytewolf, i run the pkg.list_upgrades command
20:46 whytewolf 80K? Please tell me you don't live in california or new york city
20:46 spacefrog which tells me which windows packages have upgrades available
20:47 whytewolf spacefrog: log into the system and run the command through c:\salt\salt-call with -l debug
20:47 zer0def a tool's a tool, yet you wouldn't perform surgery with a butcher's knife
20:47 * zer0def smirks
20:48 whytewolf humm pkg.upgrade in win_pkg says "Currently not implemented"
20:48 zer0def something something, appropriate initial tool choice, something
20:48 DanyC joined #salt
20:50 DanyC_ joined #salt
20:53 Hybrid joined #salt
20:55 agustafson joined #salt
21:02 briner joined #salt
21:04 Durkee joined #salt
21:05 Church- whytewolf: 50mi from NYC
21:06 zulutango joined #salt
21:06 whytewolf well, the cost drop off from NYC is sharp enough that should be fine.
21:07 Church- Yep.
21:08 Church- Commuting into NYC though.
21:08 Church- So 100mi a day. About... 2 - 2 1/2 hrs of commuting five days a week.
21:09 xet7 joined #salt
21:09 whytewolf I communt something like 500 miles a day ... through the power of the internet :P
21:10 Church- lolololol
21:10 Church- Yeah no remote sadly.
21:14 Durkee .
21:15 Durkee Hi, from the master, I get command not found when I type salt-call.  Is it part of standard installation or does it have to be installed separately?  If separately, how would I install it?  Thanks for any help.
21:16 whytewolf salt-call is part of the minion install
21:16 MTecknology zer0def: I feel like most IT folks would definitely try.
21:16 MTecknology especially golang and js "devs"
21:17 zer0def well, ordinary IT folks aren't hypothetically bound by Hippocratic oath
21:17 whytewolf not sure what you are talking about. i have used a blender and a chainsaw to perform surgery before
21:18 Church- Try what?
21:20 Durkee @whytewolf  Ok, thanks.  I'm watching a Salt tutorial by Thomas Hatch and he just executed it on the master, so does that mean his master is also a minion?
21:20 whytewolf yes
21:21 whytewolf https://docs.saltstack.com/en/latest/faq.html#salting-the-salt-master
21:21 whytewolf should be a common practice
21:22 MTecknology the master /can/ (and should be) a minion, yes.
21:33 Durkee @whytewolf  The doc says once installed, the minion configuration file must be pointed to the local Salt master".  Do I then unregister the master from itself?  I originally didn't want the master to receive wildcard commands (using cmd.run) since it's running a higher version of RHEL and some commands changed.
21:47 cliluw joined #salt
21:50 Durkee Anyone - If my master is also a minion, would I unregister the master from itself so it doesn't receive commands when use salt '*' cmd.run "whatever"?  The master is a newer version of RHEL and I don't want it affected by whatever I'm doing to all the minions.
21:52 whytewolf or ... don't start the daemon
21:53 whytewolf honestly I tend to not use * as much anymore anyway.
21:54 whytewolf it can be considered a 'bad habbit'
21:57 Durkee Ok, I'll skip installing the minion on the master then if I'm not starting the daemon.  I have to use cmd.run because I'm still watching tutorials trying to understand how the rest of it works.  Thanks for info.
21:58 whytewolf build a play ground for yourself.
21:58 Durkee left #salt
22:01 * whytewolf shrugs
22:10 xet7 joined #salt
22:36 dendazen joined #salt
22:41 blu_ joined #salt
22:41 wongster80 joined #salt
22:49 briner joined #salt
23:15 joshin joined #salt
23:15 joshin joined #salt
23:25 joshin joined #salt
23:25 joshin joined #salt
23:27 kulty joined #salt
23:27 copec If I call a state with this in it: https://unaen.org/pb/8jk
23:28 copec should it add it to - in this case - /etc/salt/grains?
23:29 copec or show up if I salt-call grains.item blah
23:30 jerematic joined #salt
23:30 jamtoast joined #salt
23:37 whytewolf copec: depends did you add grains to your minion config?
23:38 copec Yeah, there are grains already in there
23:39 whytewolf not in /etc/salt/grains but in /et/salt/minion or in /etc/salt/minion.d/* if so. you are sol for using the state grain.
23:40 copec I only have "test: true" in /etc/salt/grains
23:40 copec nothing in the minion or minion.d
23:41 whytewolf okay you should be okay for using grains.present
23:42 whytewolf your example should add balh: bleh to /etc/salt/grains AND make it avalible in the grains memory
23:43 copec hrmm, I rm'd /etc/salt/grains and now it works
23:43 whytewolf is the salt minion running as root?
23:45 copec yeah
23:45 whytewolf strange... should have the the state with -l debug to find out why it didn't edit the file
23:48 jerematic joined #salt
23:51 copec so interestingly enough, it seems to work with anything except "test: true" in the /etc/salt/grains file

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary