This is a report for the Configuration Management Systems course taught by Tero Karvinen

Date: 23-11-2020

To start off this weeks homework the goal was to create a state that installs 10 programs using a packet manager. I already had a state that i created for previous homework that i used to install a few thing so ill just use it as a base for this. I moved the state to my repository and renamed it there. I added a bunch of things i often install like this.

    - pkgs:
      - curl
      - vim
      - xclip
      - bsdgames
      - nmap
      - gobuster
      - tmux
      - proxychains4
      - python3
      - python3-pip
      - python3-venv

I tried applying the state with sudo salt-call --local state.apply installs -l debug saltenv=dev but i quickly realized that my dev environment that i created last time doesnt work with salt-call --local. The error i got:

    Data failed to compile:      
    No matching salt environment for environment 'dev' found         
    No matching sls found for 'installs' in env 'dev'

Oddly enough applying the state with sudo salt slave-1 state.apply installs saltenv=dev worked just fine. Ill have to look into this behaviour more later but for now ill move on to the next part. For this part the goal was to add microsofts pgp key to apt and download visual studio code. I decided to rather download Sublime Text because thats what i use and the steps ill have to take are virtually the same as with VSCode. I started with the manual process so my first step was to locate the pgp key. I looked at this documentation and found a link and downloaded the key.

wget https://download.sublimetext.com/sublimehq-pub.gpg

I moved the gpg file to trusted.gpg.d directory as we had done during the lesson.

sudo mv sublimehq-pub.gpg /etc/apt/trusted.gpg.d/

I tried to see if the key was actually working by running sudo apt-key list but got the following error at the end of the output.

W: The key(s) in the keyring /etc/apt/trusted.gpg.d/sublimehq-pub.gpg are ignored as the file has an unsupported filetype.

I noticed that the documentation wanted me to ensure apt is set up to work with https sources so i ran the following command but that didnt fix the issue.

sudo apt-get install apt-transport-https

Reading the gpg file showed that if was not a binary file so at this point my assumption is that it is actually just in the wrong format as the error suggested. While looking into it i found this post on stackoverflow where i found a handy command to translate the pgp key into the correct format.

gpg --dearmor sublimehq-pub.gpg

I got a new file that seemed to be in the correct format which i verified by running file sublimehq-pub.gpg

/etc/apt/trusted.gpg.d/sublimehq-pub.gpg: PGP/GPG key public ring (v4) created Mon May  8 21:14:49 2017 RSA (Encrypt or Sign) 4096 bits MPI=0xca6ce7fae9d1a798...

I moved this new file to the trusted.gpg.d directory again and this time sudo apt-key list show that this new key was added to the list.

pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

As instructed in the documentation i ran the following command. Note that the output of echo is piped to sudo tee and i assume that this is because echo is a built-in command in bash and cannot be ran with sudo.

echo 'deb https://download.sublimetext.com/ apt/stable/' |sudo tee /etc/apt/sources.list.d/sublime-text.list

Finally i ran sudo apt update and sudo apt install sublime-text to download Sublime Text. I also verified that this worked by running the subl command to open the editor. Now to automate things i created a new state in my repository. First i added the gpg file and ran the following commad.

echo 'deb https://download.sublimetext.com/ apt/stable/' |tee sublime-text.list

I created a simple state to add the gpg file to /etc/apt/trusted.gpg.d/ like this.

    - source: salt://sublime/sublimehq-pub.gpg

Applying the succeeded when i ran the following command. Note that i am using my master as a slave for testing purposes.

sudo salt slave1 state.apply sublime saltenv=dev

Next i did the same thing for the other file and that ran without issues as well. Now to install sublime with salt ill have to first update so i took a look at the documentation for pkg.installed with the following command.

salt-call --local sys.state_doc service.running |less

There i found the following example.

    - fromrepo: mycustomrepo
    - skip_verify: True
    - skip_suggestions: True
    - version: 2.0.6~ubuntu3
    - refresh: True
    - allow_updates: True
    - hold: False

As seen in the example there is a refresh option which i assume runs the updates before installing the packages. I added the following state to my init.sls.

    - name: sublime-text
    - refresh: True

Applying the state again was successful but because i already had sublime installed on this machine this could be a false positive so now i want to completely purge sublime from my machine and apply the state again. I started by useing apt to purge sublime and verifying that it was removed by trying to run the subl command.

sudo apt purge sublime-text

Next i wanted to remove the pgp key so i used sudo salt-key list to get the id of the key and ran the following command to delete it.

sudo apt-key del '1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A'

Note that somekind of backup file remained in /etc/apt/trusted.gpg.d/ so i removed it and i removed the .list file in /etc/apt/sources.list.d/ as well. Finally i ran the updates just in case and ran a few commands to verify there was no signs of sublime ever existing on this machine.

sudo apt-key list
sudo apt install sublime-text

Applying the state ran successfully and running the subl command opened up the editor and as i mentioned earlier installing VSCode would have been virtually the same process so changing to the microsoft key and changing a couple of names should work the same way. As another note here if i had to install VSCode i would rather get vscodium which is VSCode built from the source code but without the tracking/telemetry features. https://vscodium.com/

Ill also leave the full init.sls here.

    - source: salt://sublime/sublimehq-pub.gpg

    - source: salt://sublime/sublime-text.list

    - name: sublime-text
    - refresh: True

CSI Pasila

The goal for this part was to get a "timeline" with the find command. Ill start by running the following command.

sudo find /etc -printf '%T+ %p\n'|sort|tail

This command finds everything in /etc and formats the output with -printf to show files last modification date and time separated by a + with the %T+ part. Next the %p\n is replaced with the filename and a newline then everything is piped to sort and to tail to get the end of a list that is sorted by modification date and time. Here is the output that i got.

2020-11-21+09:45:52.7002542620 /etc/cups/subscriptions.conf.O
2020-11-21+10:16:11.3921621280 /etc/salt/pki/master/minions_denied
2020-11-21+10:17:04.9492114360 /etc/salt/pki/master/minions/slave-1
2020-11-21+10:17:11.9013003390 /etc/salt/pki/master/minions/slave-2
2020-11-21+10:17:18.8373791260 /etc/salt/pki/master/minions/slave-3
2020-11-21+10:17:25.7974484860 /etc/salt/pki/master/minions/slave-4
2020-11-21+10:23:28.2444134760 /etc/salt/pki/master/minions
2020-11-21+10:23:28.2444134760 /etc/salt/pki/master/minions_pre
2020-11-21+10:44:13.3252816510 /etc/cups/subscriptions.conf
2020-11-21+10:44:13.3372805870 /etc/cups

Now it was time to change some settings and see what changes. I was curious if something like power settings would change some configuration files so i navigated to the ubuntu power settings. I already had it set to never sleep so i made the screen go dark after 15 minutes.

ubuntu settings

After changing the settings i ran the find command again but the results were the same. It seems like it doesnt change any files in /etc so i had to get a bit more creative.

sudo find / -printf '%T+ %p\n' 2>/dev/null| grep -v '/sys'|grep -v '/proc'|sort|tail -n100|less

This does essentially the same thing but on the root of the filesystem, ignores errors, ignores everything in /sys and /proc and gets 100 lines.

2020-11-21+11:19:53.2700805290 /home/niko/.local/share/gnome-shell
2020-11-21+11:19:53.2700805290 /home/niko/.local/share/gnome-shell/application_state
2020-11-21+11:19:58.4113540120 /home/niko/.config/dconf
2020-11-21+11:19:58.4113540120 /home/niko/.config/dconf/user
2020-11-21+11:19:58.4153550010 /run/user/1000/dconf
2020-11-21+11:20:01.0640087710 /run/user/1000/dconf/user
2020-11-21+11:20:01.3960000080 /dev/ptmx
2020-11-21+11:20:01.4656540070 /dev/pts/0
2020-11-21+11:20:01.5694768720 /dev/pts/2
2020-11-21+11:20:03.8206875690 /run/sudo/ts/niko
2020-11-21+11:20:03.8206875690 /var/log/auth.log

The most interesting line seems to be /home/niko/.config/dconf/user. Running the file command on it tells be that it is a GVariant Database file. I looked into it and found this post showing how to get the settings out of the database in a readable format. As instructed in the post i made a copy of the user file in the /tmp/dconf directory (that i made) then exported some environment variable and ran dconf dump on it.

mkdir /tmp/dconf
cp .config/dconf/user /tmp/dconf/
XDG_CONFIG_HOME=/tmp dconf dump / > old-gsettings-data.txt

Doing this resulted in a human readable file containing the settings for my user. The problem i had here was that i had trouble verifying that the settings i changed were actually here so i took this a step further by changing the settings again, then repeating the previous steps to get another file with the new settings and ran diff old-gsettings-data.txt old-gsettings-data2.txt on it to see the diffrence between the files.

< idle-delay=uint32 0
> idle-delay=uint32 900

As seen in the output the idle-delay was changed from 0 to 900 so it is safe to assume that this is the amount of seconds that you can remain idle before the screen goes idle and this is the file that determines it. I wanted to try copying my settings to /etc/skel so that the configuration file would be copied over to any new user when created. I created the nessesary directories in /etc/skel then moved the file and added a new user.

sudo mkdir -p /etc/skel/.config/dconf
sudo cp .config/dconf/user /etc/skel/.config/dconf/
sudo adduser test

I logged into the new user and looked at the settings. The screen was set to never turn off so this was a success. To continue this theme i wanted to try installing the kite plugin for sublime. To install kite i followed these instructions. Seems like to install it i just have to run the following command.

bash -c "$(wget -q -O - https://linux.kite.com/dls/linux/current)"

Runnin the command installed kite and gave me loads of usefull information. Either way i ran the previous find command and stored the output to a file so i can look at it later.

Downloading /home/niko/kite-installer binary using wget...
Running /home/niko/kite-installer install 
[installer] no previous kite installation found
[installer] latest version is 2.20201113.0, downloading now...
[installer] Downloading Kite:   99.9% of 481MiB
[installer] verifying checksum
[installer] validating signature
[installer] installing version 2.20201113.0
[installer] installed ~/.config/autostart/kite-autostart.desktop
[installer] installed ~/.config/systemd/user/kite-autostart.service
[installer] installed ~/.config/systemd/user/kite-updater.service
[installer] installed ~/.config/systemd/user/kite-updater.timer
[installer] installed ~/.local/share/applications/kite-copilot.desktop
[installer] installed ~/.local/share/applications/kite.desktop
[installer] installed ~/.local/share/icons/hicolor/128x128/apps/kite.png
[installer] installed ~/.local/share/kite/kited
[installer] installed ~/.local/share/kite/login-user
[installer] installed ~/.local/share/kite/logout-user
[installer] installed ~/.local/share/kite/uninstall
[installer] installed ~/.local/share/kite/update
[installer] activating kite-updater systemd service
[installer] activating kite-autostart systemd service
[installer] registering kite:// protocol handler
[installer] kite is installed! launching now! happy coding! :)
[installer] with systemd, run systemctl --user start kite-autostart
[installer] without systemd, run /home/niko/.local/share/kite/kited
[installer]     or launch it using the Applications Menu
Removing kite-installer

To get it up and working i searched ubuntu for kite and opened the app. There i chose to continue without an email then only chose sublime in the next screen.

kite installer

Oddly it didnt install the sublime plugin so i had to go to plugins and install it there. After that i ran the find command again and saved the output to another file. At this point this seems a bit complicated to get up and running with salt but ill start by trying to make sure it is installed for new users. I started by making a temporary folder to put all the files in first. I created the nessesary sub-directories and moved all the files the installer created there.

mkdir -p .local/share
mkdir -p .local/share/applications
mkdir -p .local/share/icons/hicolor/128x128/apps/
mkdir -p .config/systemd/user
mkdir -p .config/autostart
cp -R .local/share/kite kite_test/.local/share/
cp .local/share/applications/kite* kite_test/.local/share/applications/
cp .local/share/icons/hicolor/128x128/apps/kite.png kite_test/.local/share/icons/hicolor/128x128/apps/
cp .config/systemd/user/kite-* kite_test/.config/systemd/user/
cp .config/autostart/kite-autostart.desktop kite_test/.config/autostart/

Now with all the the files in the correct folders i wanted to first verify how it is behaving right now. I created a new user and tried to search for kite but got no results as expected. With that out of the way i copied all the files over to /etc/skel and created a new user.

sudo cp -R kite_test/.local /etc/skel/
sudo cp -R kite_test/.config /etc/skel/
sudo adduser test

Now when i log in to the new user and search for kite it actually finds it and im able to use it. At this point it is installed for any new user and somehow it is configured as well.

kite search

I tried using sublime and it seems like i spoke too soon. It shows that the sublime plugin is installed but it seems like it is installed for the original user. Looking at the output of the file command that i ran after installing the plugin i saw what it did.

2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/docs/assets
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/assets
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/darwin
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/linux
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/unsupported
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/win32
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/setup
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/setup/assets
2020-11-21+15:29:51.1277501540 /home/niko/.config/sublime-text-3/Packages/KiteSublime
2020-11-21+15:29:52.7357450460 /home/niko/.kite/settings.json

There was many more files that were created but most of them were in ~/.config/sublime-text-3 so i copied that over to /etc/skel same way as before. There was also a .kite directory that seemed to be populated and contains the trial license so this seems not to be the most optimal way to go about it but i ignored this directory for now. I also created a new user to try this on.

cp -R ~/.config/sublime-text-3 kite_test/.config
sudo cp -R kite_test/.config /etc/skel/
sudo adduser test2

I logged into this new user and this time the kite plugin was present in sublime even though some features didnt seem to work. I wanted to make a quick proof of concept salt state that would put all these files in /etc/skel so i made this.

    - source: salt://kite/skel
    - include_empty: True

Applying this state with sudo salt slave1 state.apply kite saltenv=dev was successful so for now ill leave it that. Ill leave this as a separate state because it still seems a bit imperfect and i havent decided if i like kite yet.