Skip to content

Instantly share code, notes, and snippets.

@xbc5

xbc5/qubes-salt-pillar-tags.md

Forked from bcduggan/qubes-salt-pillar-tags.md
Created October 23, 2023 06:42
Show Gist options
  • Save xbc5/56d3bae7239b226e735add87096b4c61 to your computer and use it in GitHub Desktop.
Save xbc5/56d3bae7239b226e735add87096b4c61 to your computer and use it in GitHub Desktop.
Download ZIP
Target Qubes VMs with tags in Salt Pillar data
Raw
qubes-salt-pillar-tags.md

Target Qubes VMs with tags in Salt Pillar data

Qubes allows users to target VMs in top files using pillar data:

base:
  qubes:type:app:
    - match: pillar
    - a_state

But does not currently provide tags or features in pillar data.

To add tags to pillar data, copy /srv/salt/_pillar/qvm_prefs.py to /srv/salt/_pillar/qvm_tags.py. Then edit the ext_pillar function in qvm_tags.py to add a tags key to the qubes pillar dictionary and populate it with VM tags:

def ext_pillar(minion_id, pillar, *args, **kwargs):
  app = qubesadmin.Qubes()
  try:
    vm = app.domains[minion_id]
  except KeyError:
    return {}
  
  return { 'qubes': { 'tags': list(vm.tags) } }

Add the ext_pillar data source to the Salt minion configuration, /etc/salt/minion.d/qubes_ext_pillar.conf:

ext_pillar:
  ...
  - qvm_tags: []

Sync Salt modules to the Qubes Salt minion cache:

qubesctl saltutil.sync_all

Test by getting pillar items for a VM:

qubesctl --show-output --skip-dom0 --target=debian-9 pillar.items

Which should return:

debian-9:
      ----------
      ...
      qubes:
          ----------
          ...
          tags:
              - created-by-dom0
              - my-custom-tag

Target VMs with tags in top files:

base:
  qubes:tags:my-custom-tag:
    - match: pillar
    - my_custom_state
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment