qubes-issues icon indicating copy to clipboard operation
qubes-issues copied to clipboard
verified publisher icon QubesOS

`top` file in `user_salt` isn't working with explicit `saltenv=user` in dom0

Open marlox-ouda opened this issue 1 year ago • 1 comments

Qubes OS release

Qubes release 4.2.3 (R4.2)

with the following packages version in dom0:

  • qubes-mgmt-salt: 4.2.2-1.fc37
  • qubes-mgmt-salt-admin-tools: 4.2.2-1.fc37
  • qubes-mgmt-base: 4.1.7-1.fc37
  • qubes-mgmt-base-config: 4.1.2-1.fc37
  • qubes-mgmt-base-topd: 4.2.1-1.fc37
  • qubes-mgmt-config: 4.2.2-1.fc37
  • qubes-mgmt-dom0: 4.2.2-1.fc37
  • qubes-mgmt-dom0-qvm: 4.2.1-1.fc37
  • qubes-mgmt-dom0-update: 4.1.14-1.fc37
  • qubes-mgmt-dom0-virtual-machines: 4.2.17-1.fc37
  • salt: 3006.5-1.fc37
  • salt-minion: 3006.5-1.fc37

Brief summary

Unable to run enabled .top file in user_salt directory via qubesctl state.apply saltenv=user in dom0.

Steps to reproduce

Note: even if the case is named test-template, the test focus only on dom0. I was testing something else before making this issue.

First I clean my setup on dom0:

qubes-dom0-update --action=reinstall $(dnf  list --installed | grep salt | cut -d. -f1)
reboot

qubesctl top.enable qubes.user-dirs
qubesctl state.apply

I set up the following files:

  • /srv/user_salt/top.sls:
user:
  'inexistant': []
  • /srv/user_salt/test-template.top:
user:
  '*':
    - test-template
  • /srv/user_salt/test-template.sls:
{% do salt.log.error('current grain id:' + grains['id']) %}

print-id:
  test.nop:
    - grain_id: 'id'

and run

qubesctl top.enable test-template
qubesctl saltutil.sync

The command qubesctl top.enabled produces:

local:
    ----------
    user:
        - /srv/salt/_tops/user/test-template.top
    base:
        - /srv/salt/_tops/base/topd.top
        - /srv/salt/_tops/base/qubes.users-dirs.top

Results

The task test-template is executed in the following cases:

  • qubesctl --show-result state.apply
  • qubesctl --show-result state.apply test-template

In this case, the output contains the following:

[ERROR    ] current: dom0
local:
----------
          ID: print-id
    Function: test.nop
      Result: True
     Comment: Success!
     Started: HH:MM:SS.μμμμμμ
    Duration: #.## ms
     Changes:

The task is not executed in the following cases:

  • qubesctl --show-result state.apply saltenv=user
  • qubesctl --show-result state.apply saltenv=base

Expected behavior

I expect the command qubesctl --show-result state.apply saltenv=user to also execute the state test-template.

Actual behavior

The task is not executed with saltenv=user If I try to replace user by base in the test-template.sls file, Salt complains No matching sls found for 'test-template' in env 'base'

Solution

I can fix it if I copy /srv/salt/top.sls to /srv/user_salt/top.sls and replace base by user line inside without topd:

{%- set default = {'user': {'*': []}}|yaml %}

marlox-ouda avatar Sep 22 '24 21:09 marlox-ouda

This sounds familiar https://github.com/QubesOS/qubes-issues/issues/8491

Can you try qubesctl saltutil.sync_all ?

rapenne-s avatar Sep 26 '24 15:09 rapenne-s