On 12/16/20 9:41 AM, Vasilis wrote:
When using the Salt user configuration located in '/srv/user_salt' what is the best way to use the Qubes specific pillars located (for this example) in '/srv/salt/_pillar'?
The below script should give you the idea how to do it: #!/bin/bash # # Run the salt configuration of _this_ folder in dom0. # # Assumes that you have `user_[formulas|pillar|salt]` directories in _this_ folder. # # NOTE: If even `sudo qubesctl top.enabled` failed for you, you can try re-installing `qubes-mgmt-salt-* salt salt-minion` # (first via `sudo qubes-dom0-update`, then via `sudo dnf reinstall`. # # Useful info: # - initially sync all modules etc: sudo qubesctl saltutil.sync_all saltenv=user # - to enable a state (only needed for everything not in top.sls): sudo qubesctl top.enable tripleh.vms saltenv=user # - to apply a state (set test=true for testing): sudo qubesctl --show-output state.apply saltenv=user # - list enabled states: sudo qubesctl top.enabled saltenv=user # - local salt doc: qubesctl sys.doc | less (details for e.g. archive: qubesctl sys.doc archive) # - all available grains: sudo qubesctl --targets dom0 grains.items # - show sls output after jinja: sudo qubesctl --show-output state.show_sls vm-install.vim saltenv=user # - Logs: /var/log/qubes/mgmt-[target-vm].log # - Further doc: # - https://github.com/unman/notes/tree/master/salt (also locally saved here; he always refers to the examples/ dir) # - https://www.qubes-os.org/doc/salt/ # - The qvm.[module] doc can be found in dom0 inside `/srv/salt/_modules/ext_module_qvm.py`. # (_Warning_: The `README.rst` appears outdated. --> Only the code has current information.) set -e -o pipefail #error [msg] function error { local msg="$1" >&2 echo "ERROR: $msg" exit 1 } [[ "$(whoami)" != "root" ]] && error "This script must be run as root." #path of this directory (hopefully...) SCRIPT_DIR="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" #saltModSymlink [target] function saltModSymlink { local target="$1" local tpath="/srv/user_salt/$target" rm -f "$tpath" ln -s "/srv/salt/$target" "$tpath" } #create user_ symlinks @/srv/ for the saltenv=user (explicitly configured by Qubes OS) echo "Creating user_ symlinks in /srv/..." for file in "$SCRIPT_DIR"/* ; do if [ -d "$file" ] && [[ "$file" == *"user_"* ]] ; then target="/srv/${file##*/}" #remove previous instances & update new rm -f "$target" ln -s "$file" "$target" fi done #create module symlinks echo "Creating Qubes module symlinks..." saltModSymlink "_grains" saltModSymlink "_modules" saltModSymlink "_pillar" saltModSymlink "_states" saltModSymlink "_utils" #sync modules (we just added some via the symlinks above) #echo "Syncing modules..." #qubesctl saltutil.sync_all saltenv=user #call ret=0 if [ $# -gt 0 ] ; then echo "Calling qubesctl saltenv=user with your arguments..."$'\n' #e.g. state.show_top is quite useful to see what state is applied where (doesn't seem to work for anything != dom0) qubesctl --show-output "$@" saltenv=user || ret=$? else echo "Using qubesctl to apply the top.sls state..."$'\n' #state.highstate respects the top file, state.sls ignores it (just targets anything mentioned as target) qubesctl --show-output --all state.highstate saltenv=user || ret=$? fi echo "" echo "All done." exit $ret -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae2e7903-1219-4dfb-335c-bd59c14c010a%40hackingthe.net.
smime.p7s
Description: S/MIME Cryptographic Signature
