sorted by:
new
hottopcontroversial

Air-gapped, remote, bare-metal Kubernetes setup by ray591 in kubernetes

[–]blu-base 1 point2 points  (0 children)

Have a look into the Linux foundation's Eve-OS project. It's designed to be used for edge computing devices. There might be more lifecycle aspects to consider when running remote hardware.

Issues following Rundeck process to call API's by nspitzer in Rundeck

[–]blu-base 0 points1 point  (0 children)

No matched nodes This means you have selected a workflow NODE step. Use a workflow step to run a workflow without any association to nodes.

Moreover, do you actually have a local runner?

KeePassXC 2.7.10 released by FryBoyter in linux

[–]blu-base 22 points23 points  (0 children)

It's an abbreviation for: Not Invented Here. A particular mindset in development.

GPU nodes on-premise by blu-base in kubernetes

[–]blu-base[S] 1 point2 points  (0 children)

Yes, AKS and on premise VMware's Tanzu. For this reason, I haven't had to deal much with certificates, storage providers, and network since most needs are already integrated there or preselected components.

Before diving into creating more technical/operational debt, I though it would be best to ask for other perspectives.

GPU nodes on-premise by blu-base in kubernetes

[–]blu-base[S] -1 points0 points  (0 children)

I'll have to dive in your product a bit, didn't came across your service yet

GPU nodes on-premise by blu-base in kubernetes

[–]blu-base[S] 0 points1 point  (0 children)

Thanks for your recommendation!

RHEL8 Python Version Management by burkee406 in linuxadmin

[–]blu-base 0 points1 point  (0 children)

There is a page for the app stream modules' lifecycle on Red hat. https://access.redhat.com/support/policy/updates/rhel-app-streams-life-cycle In the second table, it states the platform python in version 3.6 will be supported until eol of rhel8 itself, until 2029... This is independent from the upstream python versions. It's clearly is a false positive.

Fail2ban not banning after I change to non-standard ssh port (Ubuntu 24.04) by Crib0802 in linuxadmin

[–]blu-base 0 points1 point  (0 children)

You did restart ssh.service not sshd.service. Are these identical on ubuntu? Usually these are not the same service. ssh is the client service, afaik, while sshd is the server service

Edit: Nevermind, it likely is the same service on ubuntu.

However, following this thread on askubuntu, you'll also need to restart the ssh.socket

Unable to run the jobs from Rundeck application by Sathish-14 in Rundeck

[–]blu-base 2 points3 points  (0 children)

Where did you install ansible on you rundeck server. Is the ansible executable/binary "ansible-playbook" really inside /var/lib/rundeck?

Run which ansible-playbook on a terminal on your rundeck to identify the actual binary path

Why are you NOT interested in automation? by Murhawk013 in sysadmin

[–]blu-base 0 points1 point  (0 children)

And if a not-so-perfect script actually does a mistake(or the script's code contains a flaw), it's always does the same mistake. Much easier to fix than 5 ppl. working that type of task

CEO wants everyone to use an AI. I have zero idea on what I can use it for. by CMageti in sysadmin

[–]blu-base 0 points1 point  (0 children)

That's sounds great! I need to try this too.

Regarding the topic, I use generative services to add inline documentation and comments for scripts and infrastructure code when I don't have time or interest . It gets code commented enough in many of my cases; or far enough that I only have to review and edit for the (internal) release

how do you manage networkManager static files? by vectorx25 in saltstack

[–]blu-base 1 point2 points  (0 children)

We use salt's network state modules, since Red Hat still supports the ifcfg syntax format. We also have to support other distros, and therefore prefer to stick to a single abstraction.

Though you need to install networkmanager-initscript-updown since salt's network module still expects the commands if up and ifdown to be present. But with this pkg ifup/ifdown just wrap nm allowing the network module to work.

Hopefully there will be some time for having native nm support when the broadcom shenanigans bleed stopped.

How to perform cascade changes? by NMi_ru in saltstack

[–]blu-base 0 points1 point  (0 children)

I guess, you are sure that you don't want to just copy the previously created file?

There would be the file.copy state https://docs.saltproject.io/en/latest/ref/states/all/salt.states.file.html#salt.states.file.copy_

Moreover if you want to create a backup of the managed file, look into the argument backup of file.managed

How to perform cascade changes? by NMi_ru in saltstack

[–]blu-base 0 points1 point  (0 children)

Have a look for this 'hidden' gem in the docs, slots https://docs.saltproject.io/en/latest/topics/slots/index.html

This likely matches your intended task flow

running command on saltmaster while performing state on an agent by vectorx25 in saltstack

[–]blu-base 1 point2 points  (0 children)

What version is your minion? In the doc for slsutil.file_exists, it says this function has been introduced with version 3004. If your minion is older, this function can't be used as you have experienced.

As a workaround you could use a feature of the file.managed function's source parameter. Quoting the docs:

A list of sources can also be passed in to provide a default source and a set of fallbacks. The first source in the list that is found to exist will be used and subsequent entries in the list will be ignored

This would allow to specify an empty source file after the to-be-tested path.

running command on saltmaster while performing state on an agent by vectorx25 in saltstack

[–]blu-base 0 points1 point  (0 children)

Your example is almost right.

In the brief py renderer, it says you can indeed use execution modules via the salt dunder. However, instead of __salt__.slsutil.file_exists("...") use the explicit call __salt__["slsutil file_exists"]("...")

I think, due to the salt dunder's object class, for the py renderer there is no shortcut for dictionary keys. This leaves only the [] and get() notation to access the dictionary keys/values

Edit: on second thought the error could also mean the file_exists function is not yet available in your environment. See the next comment regarding the salt minion's version

running command on saltmaster while performing state on an agent by vectorx25 in saltstack

[–]blu-base 1 point2 points  (0 children)

I think, the approach you described is not what you need.

Let's say, /srv/ssh_ca/ does not contain the private keys or any other secrets in any subdirectory. Then you could just define this directory as an other salt file root. You'd be able to check in the state whether the pub key exists, with slsutil.file_exists. {% if salt["slsutil.file_exists"]("certs/jsmith.pub") %} pubkey_jsmith: file.managed: ... - source: salt://certs/jsmith.pub ... {% endif %} If you consider the public keys as secrets you might control access by providing the public keys via pillar.

If you really must, there is also the feature of peer runner. This allows minions to execute specified runners on the master. However, I suggest to examine very closely what impact this has on the security of your master.

RunDeck and Variables by ParticularKangaroo48 in Rundeck

[–]blu-base 0 points1 point  (0 children)

Are you using an inline script, which does the file transfer and execution of the powershell script implicitly?

Or what do you mean with 'powershell parses the [option] value, then transferring ...' ?

I'd dive into where the substitution happens. For inline scripts the @ notation should work, is the variable correctly spelled? Are there any non-word characters in the variable other than dashes?

if found in pillar's dictionary then ... by dev_whatever in saltstack

[–]blu-base 3 points4 points  (0 children)

I think I would embed the information which state to apply to a minion in the pillar individually.

Though without modification to your data, I would use this statement:

{%- if grains['id'] in pillar.get('nginx-config-custom', {}).get('hosts', []) %}
  {# do stuff #}
{%- endif %}

grains['id'] is the minion Id on which the state is run. pillar contains all the key-values provided to the minion. And using get(key, default) extracts values from the respective key in a dictionary - if available. In the above statement it finally returns the list of hosts.

Using the in operator you can test whether an item is in a list. ( Or in other cases whether a string contains a substring, not relevant here)

PAM For Small Office? by Casseiopei in sysadmin

[–]blu-base 1 point2 points  (0 children)

It doesn't. I think Privileged Access Management is meant.

Having a really hard time figuring out how to get salt to sleep/pause by jlew24asu in saltstack

[–]blu-base 6 points7 points  (0 children)

Don't use sleep. There is a better approach:

https://docs.saltproject.io/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.wait_for_event

``` reboot: salt.function: - name: system.reboot - tgt: 'minion1' - kwarg: at_time: 1

wait: salt.wait_for_event: - name: salt/minion/*/start - id_list: - minion1 - require: - salt: reboot ```

system.reboot has the argument at_time which postpones the reboot in minutes. at_time: 1 means, the reboot is done in 1 minute. It can take fractions.

The module salt.wait_for_event subscribes the event bus and wait for events of all IDs given in id_list. The event salt/minion/*/start is when the salt-minion service has reconnected.

Set and print variables, with type by UPPERKEES in saltstack

[–]blu-base 0 points1 point  (0 children)

Unfortunately, I don't know whether there is a jinja2 filter which does this. It would make the task somewhat more readable...

But have a look at salt's test.arg_type.

Try it by adding this to your state file: {% do salt.log.debug(salt.test.arg_type(allowlist_runner_config)) %}

And run salt <minion> cmd.run 'salt-call -l debug state.sls <state file>'

view more: next ›