Saltstack configuration organization

jonjitsu · September 30, 2024, 10:53pm

I have work experience with chef and ansible and played around with saltstack about 10 years ago. I’ve looked through some repos of qubes salt code such as shaker, qusal, salt-n-pepper and have learned quite a bit.

From looking at those repos and various docs I get the sense that even though the code is nicely broken up into components, people still run a set of commands similar to this for each component:

qubesctl top.enabled component1
qubesctl some apply command

I don’t want to have to remember what components I enabled and applied over time so instead was trying to centralize it in /srv/user_salt/top.sls (I enabled user-dirs). /srv/user_salt/* is synced from a vm where I keep all code in a git repo.

This doesn’t seem to be working as expected.

I still don’t know how to make qubesctl just apply everything to ensure all states are applied. When I’ve tried state.apply or state.highstate without any targets it does not apply everything. I’m not even sure of the rules being used to run some states and not others.
Even when I target specific VMs I’m not sure it’s doing anything, I find salt or at least qubesctl version so opaque compared to chef/ansible where you get immediate feedback.
How do you enable some kind of verbose mode where you can see what the cause of errors are.

With the following code:
/srv/user_salt/top.sls

user:
  dom0:
  - templates
  tpl-f40-prop:
  - vscode

where templates.sls is:

# A fedora template that includes proprietary repositories
{% if grains['id'] == 'dom0' %}

template-fedora-40-proprietary:
  qvm.clone:
  - name: tpl-f40-prop
  - source: fedora-40-xfce

{% endif %}

and vscode.sls

test-salt-install:
  pkg.installed:
  - pkgs:
    - zip  # a pkg that is already installed everywhere
  - refresh: True

both these run the qvm.clone in templates.sls but don’t run the vscode state for tpl-f40-prop

qubesctl state.apply
qubesctl state.highstate

Doing a targeted apply:

qubesctl --targets=tpl-f40-prop --skip-dom0 state.apply  # with/without saltenv=user

results in an exit code 20 error. How would I find out what the underlying issue is?

Thanks,

parulin · October 1, 2024, 7:19am

I always use qubesctl with the --show-output option. If you need more details you can try -l debug.

absent · October 1, 2024, 8:07pm

Hi, in case you are still interested here is a possible configuration for my standalone (vscodium). Vscode should work too. Just copy the file vscodium.sls with following content:

{% if grains[‘id’]==‘dom0’ %}

vm-depends:
qvm.template_installed:
- name: debian-12-xfce

vscode-present-id:
qvm.present:
- name: vscodium
- template: debian-12-xfce
- label: orange
- class: StandaloneVM

vscode-prefs-id:
qvm.prefs:
- name: vscodium
- netvm: sys-firewall
- memory: 800
- maxmem: 4000
- autostart: False

{% elif grains[‘id’]== ‘vscodium’ %}

vscode-install-deps:
pkg.installed:
- pkgs:
- wget
- pkgs.uptodate:
- refresh: True

vscode-install:
cmd.run:
- name: |
apt install -y snapd
snap install codium --classic

{% endif %}

into /srv/user_salt and then run from dom0: sudo qubesctl --targets=vscodium --show-output state.sls vscodium saltenv=user