Messing around with Salt Pillars

qubes_user_95639 · March 15, 2025, 11:54am

Hello !

I’m trying to use Salt to configure my system, and I’m trying to use Pillar to have some modularity by allowing to create several qubes based on one Salt formula.

Unfortunately, I can’t manage to create any datastructure in my pillar, for now I only succeeded making tuple:

top-level:
  item: value
  item: value

When I try to add some real dictionary looking something like this:

top-level:
  item:
    key: value
    key: value
  item:
    key: value
    key: value

qubesctl throw me an error Rendering SLS failed : mapping values are not allowed in this context

Is there something specific of QubesOS enforcing this ? Or am I missing something?

Thank you for your help

parulin · March 15, 2025, 7:34pm

There must be an error in the resulting YAML… Are you using any character that could be interpreted by YAML as something else? Can you try to double-quote the values?

qubes_user_95639 · March 15, 2025, 8:24pm

I checked against a yaml linter, says it’s okay…
I tried double-quoting the values.

Tabs throw a longer error than double space.

I also tried putting dash in front of the item or key…

quber · March 15, 2025, 8:28pm

Your items have the same name? or you call them item_1 and item_2 ?

qubes_user_95639 · March 15, 2025, 8:34pm

They have different name, and I tried with same or different keys too.

quber · March 15, 2025, 8:37pm

I have sometimes this error message, if I mix the code with jinja. If I add a minus sign in the jinja, sometimes it is gone. Like this:

{%- endif -%}

whitespace problems

the pillar should work, mine is also like yours.

qubes_user_95639 · March 15, 2025, 8:40pm

welp, it didn’t do the trick either…
I thinking about opening a bug report…

quber · March 15, 2025, 8:49pm

Do you use user_salt and user_pillar or where is your pillar located? Do you have a real code example what I can copy paste and try?

qubes_user_95639 · March 15, 2025, 8:57pm

{% for region_name, region_data in pillar.get('regions', {}).items() %}
echo_{{ region_name }}:
  cmd.run:
    - name: echo "{{ region_data }}"
{% endfor %}

regions:
  test1:
    tunnel: template-kicksecure
    admin: template-kicksecure
  test2:
    tunnel: template-kicksecure
    admin: template-kicksecure

Here what I got…

quber · March 15, 2025, 9:31pm

same error message, I try to debug

quber · March 15, 2025, 9:42pm

I have to go, I’ll try it tomorrow

unman · March 16, 2025, 1:13am

Here’s how I use dictionaries in pillars - it may help. This is a
fragment of my system pillar.

configs:
  test0: 
    template: debian-12-xfce
    label: blue
    memory: 200
    maxmem: 2000
  test1: 
    template: fedora-41-kde
    label: gray
    memory: 800
    maxmem: 8000

Then in the state:

{% for qube,args in pillar.get('configs', {}).items() %}
create_{{ qube }}:
  qvm.present:
    - name: {{ qube }}
    - template: {{ args.template }}
    - label: {{ args.label }}

prefs_{{ qube }}:
  qvm.prefs:
    - name: {{ qube }}
    - memory: {{ args.memory }}
    - maxmem: {{ args.maxmem }}
  
{% endfor %}

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

quber · March 16, 2025, 9:16am

@unman got it right, your region_data is a dictonary.
I debug like this:

{% test = pillar.get('regions', {}).items() %}

{%- do salt.log.critical( 'test_data: %s'|format( test )) -%}

{% for region_name, region_data in test %}
{%- do salt.log.critical( 'region_name: %s'|format( region_name )) -%}
{%- do salt.log.critical( 'region_data: %s'|format( region_data )) -%}
{% endfor %}

qubes_user_95639 · March 16, 2025, 7:15pm

Okay, you must specify direct data and not a dictionary when using {{ args.label } seems that {{ args }} is not possible.

Thanks for your help !

parulin · March 17, 2025, 6:37am

Yes, {{args}} will be rendered as a python dict otherwise, like this:

{'template': 'debian-12-xfce', 'label': 'blue',...}

That’s not a valid qube name