Saltstack. Qubes not targetable. No multi target

User Support
1

Hi,

i am trying to automate my setup but i am having a really bad time with saltstack.

First of all: I am new to salt. I took a look at the examples and read through parts of the original documentary.

I tried around a bit, just to get an echo from an new qube, pretty much like the example. This wont work, as the targeting fails.

test.top

base:
  dom0:
    - createecho
  testqube:
    - echostuff

createecho.sls is working, as it creates the qube, it is basically identical to the example.

echostuff.sls

doecho:
  cmd.run:
    - name: echo "hello world"

I can enable it like described in the example, but when running it, only the dom0 part is executed. The part in testqube does not show up anywhere or is counted as a failed state. No error messages either.

After hours of trying different things, i found this workaround:
qubesctl --all --show-output state.highstate does the trick, tho it goes through all existent qubes one by one, trying to match, taking around 1-2 second per qube to recognize, that it does not need to use it. Usually i have many qubes. This might be acceptable for initial setup but certainly not for other tasks What am i doing wrong?

I was a bit discouraged for me to take 5 hours to get to a “hello world”…

With the workaround i thought i should try something productive:

Here is what i want to do, and what parts fail. Hopefully somebody can help, or hint me in the right direction.

My usual template is a debian with zsh, oh-my-zsh and some other stuff. This means: I have to install zsh in the template, and oh-my-zsh in the appvm (it lives in the home directory).

I try to achieve the initial setup of the template and one appvm in salt:

  1. Copy debian template
  2. Install dependencies like zsh and python in the template
  3. Create AppVM
  4. Install oh-my-zsh in the AppVM

my .top file looks like this:

base:
  dom0:
    - createtemplate

  debian-11-custom:
    - installtemplate

  dom0:
    - createappvm

  testvm:
    - installappvm

This errors with:

conflicting ID 'dom0'

So my question is: Is there any way to select the same target multiple times in a top file? There are numerous use cases for me, where i want to create a qube, do stuff in it and delete it afterwards. Is this not (easily) possible in saltstack?

Another thing:
What i recognized is, that salt does not give feedback until all states of one sls have been executed. Is there a better solution then to create one sls per command, as i really would like to see what is going on.

Honestly: I don’t know why i am torturing myself with this anyway. Where is the benefit of saltstack instead of using some scripts? (Serious question)

I hope maybe somebody can help me with that, as i feel truly lost.

2

Somebody over at the matrix chat helped me and cleared some things up.

  1. The problem of targeting is weird. Certainly not how it should be.
  2. The problem of targeting the same machine multiple times in tops is a limitation of salt. There are other solutions, like using orch’s. He build a qubes specific workaround.

I have decided, that the hassle of using salt is not worth the gain for my use case. The overhead for seemingly simple tasks is too much. I think i will go the python way.

3

Targeting is relatively straightforward, if you take account of the
fact that Qubes is running Salt without a master.
If you had searched the forum you would have found some pointers to
basic introductions,
and threads that cover exactly these issues.

I always advocate modularising states as much as possible. You can then
call them together in a single top file, with a single call to qubesctl.
This approach would have resolved some of your problems.

4

Hello unman, thank you for your response.

Unfortunately i am not sure what you mean by that.

I took a look at your notes, the documentation and searched the forum, did however not find anything that helped.
I was under the impression that you define the states in .sls files that you then target with .top files. You then enable all .tops you want to be executed and set highstate.

However, the targeting in your examples just seam to work for you, while mine does not. I really wonder why because you target

base:
  tbb:
    - stuff

and i do

base:
  qubename:
    - otherstuff

Also i was not able to find any information how to do this process in one top file:

  1. Create qube in dom0
  2. Do stuff in new qube
  3. Remove network of qube in dom0

For the time being i started automating my system with shel scripts in dom0.