The qubes related salt docs don’t seem to have anything special for adding firewall rules, so i was going to use cmd.run to run “qvm-firewall {vmname} add {address}”.
However, while a qvm.present earlier in the file worked, this cmd.run produced a error. I simplified the command to “touch /tmp/test2”, and still get a error. This is my simplified version (Note: I have tried various syntax, as examples from different sources have different syntax):
touch /tmp/test2:
cmd.run:
- creates: /tmp/test2
and when i “sudo qubesctl state.highstate”, I get:
ID: dom0
Function: cmd.run
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/salt/state.py", line 1837, in call
**cdata['kwargs'])
File "/usr/lib/python2.7/site-packages/salt/loader.py", line 1794, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/salt/states/cmd.py", line 862, in run
name, timeout=timeout, python_shell=True, **cmd_kwargs
TypeError: run_all() got multiple values for keyword argument 'cmd'
Started: 11:13:41.862245
Duration: 3.24 ms
Changes:
{% for name in [
‘vm1’,
‘vm2’,
] %}
copy-firewall-rules-{{ name }}:
file.managed:
- name: /tmp/salt_qvm-firewall/{{ name }}.txt
- source: salt://files/dom0/firewall/{{ name }}.txt
- mode: 644
- makedirs: true
execute-firewall-rules-{{ name }}:
cmd.run:
- name: |
source blib
b_import os/qubes4/dom0
set -e -o pipefail
cd /tmp/salt_qvm-firewall/
rules="$(< {{ name }}.txt)"
b_dom0_clearFirewall “{{ name }}”
b_dom0_applyFirewall “{{ name }}” “$rules”
- shell: /bin/bash
- runas: root
require:
- sls:
- vm-install.blib
{% endfor %}
Is there a way to view the source of what tripleh said? Due to the combined magic of “indentation based/whitespace sensitive syntax” and auto-formatting, what shows is not valid salt.
The qubes related salt docs don’t seem to have anything special for adding firewall rules, so i was going to use cmd.run to run “qvm-firewall {vmname} add {address}”.
However, while a qvm.present earlier in the file worked, this cmd.run produced a error. I simplified the command to “touch /tmp/test2”, and still get a error. This is my simplified version (Note: I have tried various syntax, as examples from different sources have different syntax):
touch /tmp/test2:
cmd.run:
- creates: /tmp/test2
and when i “sudo qubesctl state.highstate”, I get:
ID: dom0
Function: cmd.run
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/salt/state.py", line 1837, in call
**cdata['kwargs'])
File "/usr/lib/python2.7/site-packages/salt/loader.py", line 1794, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/salt/states/cmd.py", line 862, in run
name, timeout=timeout, python_shell=True, **cmd_kwargs
TypeError: run_all() got multiple values for keyword argument 'cmd'
Started: 11:13:41.862245
Duration: 3.24 ms
Changes:
That works for me, as it should.
What happens if you call it with qubesctl state.apply thingy ?