Workaround for salt issue 31531
39 views
Skip to first unread message
Emma Borhanian
Jun 11, 2020, 12:44:02 AM6/11/20
to qubes...@googlegroups.com
So I seem to be running into this issue with salt+qubes:
https://github.com/saltstack/salt/issues/31531
I want to run use a managed file jinja template in a non-dom0 domain.
Does anyone have a workaround?
I think maybe not many people use the salt integration given the amount
of troubles I've had and inability to find documentation. e.g. in an
unrelated issue I spend hours debugging before I realized I just wasn't
getting an error message because Qubes is throwing away stderr here:
https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubessalt/__init__.py#L166
https://github.com/saltstack/salt/issues/31531
I want to run use a managed file jinja template in a non-dom0 domain.
Does anyone have a workaround?
I think maybe not many people use the salt integration given the amount
of troubles I've had and inability to find documentation. e.g. in an
unrelated issue I spend hours debugging before I realized I just wasn't
getting an error message because Qubes is throwing away stderr here:
https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubessalt/__init__.py#L166
Emma Borhanian
Jun 11, 2020, 3:24:56 PM6/11/20
to qubes...@googlegroups.com
Workaround is to patch
https://github.com/saltstack/salt/issues/31531#issuecomment-615253644
In the template vm from which salt-ssh will be called from via qubes-rpc
from dom0.
https://github.com/saltstack/salt/issues/31531#issuecomment-615253644
In the template vm from which salt-ssh will be called from via qubes-rpc
from dom0.
Emma Borhanian
Jun 11, 2020, 4:47:02 PM6/11/20
to qubes...@googlegroups.com
Here's my sls code for patching these issues run against dom0 if anyone
wants it:
# WORKAROUND: https://github.com/saltstack/salt/issues/31531
'patch salt issue 31531':
cmd.run:
- name: |
if [[ ! -f /root/.config/patched-salt-31531 ]]; then
cat <<CMD | xargs -0 -- qvm-run --pass-io fedora-30
sudo sed -i'' "s#if fn_.strip() and fn_.startswith(path):#if
fn_.strip() and (fn_.startswith(path) or path == '/'):#"
/usr/lib/python2.7/site-packages/salt/fileclient.py && \
if ! grep extra-filerefs /etc/qubes-rpc/qubes.SaltLinuxVM
>/dev/null; then sudo sed -i'' "s#salt-ssh#salt-ssh --extra-filerefs
salt:///#" /etc/qubes-rpc/qubes.SaltLinuxVM; fi
CMD
fi
sudo mkdir -p /root/.config
sudo touch /root/.config/patched-salt-31531
# Fix for no error message except "Execute a packaged state run, the
packaged state run will exist in..."
qubessalt-errors-fix1:
file.replace:
- name: /usr/lib/python2.7/site-packages/qubessalt/__init__.py
- pattern: {{ "(untrusted_stdout, _) = p.communicate" | regex_escape }}
- repl: '(untrusted_stdout, untrusted_stderr) = p.communicate'
qubessalt-errors-fix2:
file.replace:
- name: /usr/lib/python2.7/site-packages/qubessalt/__init__.py
- pattern: {{ "untrusted_stdout = untrusted_stdout.decode('ascii',
errors='ignore')" | regex_escape }}$
- repl: "untrusted_stdout = untrusted_stdout.decode('ascii',
errors='ignore') + untrusted_stderr.decode('ascii', errors='ignore')"
wants it:
# WORKAROUND: https://github.com/saltstack/salt/issues/31531
'patch salt issue 31531':
cmd.run:
- name: |
if [[ ! -f /root/.config/patched-salt-31531 ]]; then
cat <<CMD | xargs -0 -- qvm-run --pass-io fedora-30
sudo sed -i'' "s#if fn_.strip() and fn_.startswith(path):#if
fn_.strip() and (fn_.startswith(path) or path == '/'):#"
/usr/lib/python2.7/site-packages/salt/fileclient.py && \
if ! grep extra-filerefs /etc/qubes-rpc/qubes.SaltLinuxVM
>/dev/null; then sudo sed -i'' "s#salt-ssh#salt-ssh --extra-filerefs
salt:///#" /etc/qubes-rpc/qubes.SaltLinuxVM; fi
CMD
fi
sudo mkdir -p /root/.config
sudo touch /root/.config/patched-salt-31531
# Fix for no error message except "Execute a packaged state run, the
packaged state run will exist in..."
qubessalt-errors-fix1:
file.replace:
- name: /usr/lib/python2.7/site-packages/qubessalt/__init__.py
- pattern: {{ "(untrusted_stdout, _) = p.communicate" | regex_escape }}
- repl: '(untrusted_stdout, untrusted_stderr) = p.communicate'
qubessalt-errors-fix2:
file.replace:
- name: /usr/lib/python2.7/site-packages/qubessalt/__init__.py
- pattern: {{ "untrusted_stdout = untrusted_stdout.decode('ascii',
errors='ignore')" | regex_escape }}$
- repl: "untrusted_stdout = untrusted_stdout.decode('ascii',
errors='ignore') + untrusted_stderr.decode('ascii', errors='ignore')"
Reply all
Reply to author
Forward
0 new messages