This is a report for the Configuration Management Systems course taught by Tero Karvinen
To start off this weeks homework the goal was to create a state that installs 10 programs using a packet manager. I already had a state that i created for previous homework that i used to install a few thing so ill just use it as a base for this. I moved the state to my repository and renamed it there. I added a bunch of things i often install like this.
install_stuff: pkg.installed: - pkgs: - curl - vim - xclip - bsdgames - nmap - gobuster - tmux - proxychains4 - python3 - python3-pip - python3-venv
I tried applying the state with
sudo salt-call --local state.apply installs -l debug saltenv=dev but i quickly realized that my
dev environment that i created last time doesnt work with
salt-call --local. The error i got:
local: Data failed to compile: ---------- No matching salt environment for environment 'dev' found ---------- No matching sls found for 'installs' in env 'dev'
Oddly enough applying the state with
sudo salt slave-1 state.apply installs saltenv=dev worked just fine. Ill have to look into this behaviour more later but for now ill move on to the next part. For this part the goal was to add microsofts pgp key to apt and download visual studio code. I decided to rather download
Sublime Text because thats what i use and the steps ill have to take are virtually the same as with VSCode. I started with the manual process so my first step was to locate the pgp key. I looked at this documentation and found a link and downloaded the key.
I moved the gpg file to
trusted.gpg.d directory as we had done during the lesson.
sudo mv sublimehq-pub.gpg /etc/apt/trusted.gpg.d/
I tried to see if the key was actually working by running
sudo apt-key list but got the following error at the end of the output.
W: The key(s) in the keyring /etc/apt/trusted.gpg.d/sublimehq-pub.gpg are ignored as the file has an unsupported filetype.
I noticed that the documentation wanted me to ensure apt is set up to work with https sources so i ran the following command but that didnt fix the issue.
sudo apt-get install apt-transport-https
Reading the gpg file showed that if was not a binary file so at this point my assumption is that it is actually just in the wrong format as the error suggested. While looking into it i found this post on stackoverflow where i found a handy command to translate the pgp key into the correct format.
gpg --dearmor sublimehq-pub.gpg
I got a new file that seemed to be in the correct format which i verified by running
/etc/apt/trusted.gpg.d/sublimehq-pub.gpg: PGP/GPG key public ring (v4) created Mon May 8 21:14:49 2017 RSA (Encrypt or Sign) 4096 bits MPI=0xca6ce7fae9d1a798...
I moved this new file to the
trusted.gpg.d directory again and this time
sudo apt-key list show that this new key was added to the list.
/etc/apt/trusted.gpg.d/sublimehq-pub.gpg ---------------------------------------- pub rsa4096 2017-05-08 [SCEA] 1EDD E2CD FC02 5D17 F6DA 9EC0 ADAE 6AD2 8A8F 901A uid [ unknown] Sublime HQ Pty Ltd <email@example.com> sub rsa4096 2017-05-08 [S]
As instructed in the documentation i ran the following command. Note that the output of echo is piped to
sudo tee and i assume that this is because
echo is a built-in command in bash and cannot be ran with sudo.
echo 'deb https://download.sublimetext.com/ apt/stable/' |sudo tee /etc/apt/sources.list.d/sublime-text.list
Finally i ran
sudo apt update and
sudo apt install sublime-text to download
Sublime Text. I also verified that this worked by running the
subl command to open the editor. Now to automate things i created a new state in my repository. First i added the gpg file and ran the following commad.
echo 'deb https://download.sublimetext.com/ apt/stable/' |tee sublime-text.list
I created a simple state to add the gpg file to
/etc/apt/trusted.gpg.d/ like this.
/etc/apt/trusted.gpg.d/sublimehq-pub.gpg: file.managed: - source: salt://sublime/sublimehq-pub.gpg
Applying the succeeded when i ran the following command. Note that i am using my master as a slave for testing purposes.
sudo salt slave1 state.apply sublime saltenv=dev
Next i did the same thing for the other file and that ran without issues as well. Now to install sublime with salt ill have to first update so i took a look at the documentation for
pkg.installed with the following command.
salt-call --local sys.state_doc service.running |less
There i found the following example.
httpd: pkg.installed: - fromrepo: mycustomrepo - skip_verify: True - skip_suggestions: True - version: 2.0.6~ubuntu3 - refresh: True - allow_updates: True - hold: False
As seen in the example there is a
refresh option which i assume runs the updates before installing the packages. I added the following state to my
install_sublime: pkg.installed: - name: sublime-text - refresh: True
Applying the state again was successful but because i already had sublime installed on this machine this could be a false positive so now i want to completely purge sublime from my machine and apply the state again. I started by useing apt to purge sublime and verifying that it was removed by trying to run the
sudo apt purge sublime-text
Next i wanted to remove the pgp key so i used
sudo salt-key list to get the id of the key and ran the following command to delete it.
sudo apt-key del '1EDD E2CD FC02 5D17 F6DA 9EC0 ADAE 6AD2 8A8F 901A'
Note that somekind of backup file remained in
/etc/apt/trusted.gpg.d/ so i removed it and i removed the
.list file in
/etc/apt/sources.list.d/ as well. Finally i ran the updates just in case and ran a few commands to verify there was no signs of sublime ever existing on this machine.
sudo apt-key list sudo apt install sublime-text subl
Applying the state ran successfully and running the
subl command opened up the editor and as i mentioned earlier installing VSCode would have been virtually the same process so changing to the microsoft key and changing a couple of names should work the same way. As another note here if i had to install VSCode i would rather get
vscodium which is VSCode built from the source code but without the tracking/telemetry features.
Ill also leave the full
/etc/apt/trusted.gpg.d/sublimehq-pub.gpg: file.managed: - source: salt://sublime/sublimehq-pub.gpg /etc/apt/sources.list.d/sublime-text.list: file.managed: - source: salt://sublime/sublime-text.list install_sublime: pkg.installed: - name: sublime-text - refresh: True
The goal for this part was to get a "timeline" with the
find command. Ill start by running the following command.
sudo find /etc -printf '%T+ %p\n'|sort|tail
This command finds everything in
/etc and formats the output with
-printf to show files last modification date and time separated by a
+ with the
%T+ part. Next the
%p\n is replaced with the filename and a newline then everything is piped to
sort and to
tail to get the end of a list that is sorted by modification date and time. Here is the output that i got.
2020-11-21+09:45:52.7002542620 /etc/cups/subscriptions.conf.O 2020-11-21+10:16:11.3921621280 /etc/salt/pki/master/minions_denied 2020-11-21+10:17:04.9492114360 /etc/salt/pki/master/minions/slave-1 2020-11-21+10:17:11.9013003390 /etc/salt/pki/master/minions/slave-2 2020-11-21+10:17:18.8373791260 /etc/salt/pki/master/minions/slave-3 2020-11-21+10:17:25.7974484860 /etc/salt/pki/master/minions/slave-4 2020-11-21+10:23:28.2444134760 /etc/salt/pki/master/minions 2020-11-21+10:23:28.2444134760 /etc/salt/pki/master/minions_pre 2020-11-21+10:44:13.3252816510 /etc/cups/subscriptions.conf 2020-11-21+10:44:13.3372805870 /etc/cups
Now it was time to change some settings and see what changes. I was curious if something like power settings would change some configuration files so i navigated to the ubuntu power settings. I already had it set to never sleep so i made the screen go dark after 15 minutes.
After changing the settings i ran the
find command again but the results were the same. It seems like it doesnt change any files in
/etc so i had to get a bit more creative.
sudo find / -printf '%T+ %p\n' 2>/dev/null| grep -v '/sys'|grep -v '/proc'|sort|tail -n100|less
This does essentially the same thing but on the root of the filesystem, ignores errors, ignores everything in
/proc and gets 100 lines.
2020-11-21+11:19:53.2700805290 /home/niko/.local/share/gnome-shell 2020-11-21+11:19:53.2700805290 /home/niko/.local/share/gnome-shell/application_state 2020-11-21+11:19:58.4113540120 /home/niko/.config/dconf 2020-11-21+11:19:58.4113540120 /home/niko/.config/dconf/user 2020-11-21+11:19:58.4153550010 /run/user/1000/dconf 2020-11-21+11:20:01.0640087710 /run/user/1000/dconf/user 2020-11-21+11:20:01.3960000080 /dev/ptmx 2020-11-21+11:20:01.4656540070 /dev/pts/0 2020-11-21+11:20:01.5694768720 /dev/pts/2 2020-11-21+11:20:03.8206875690 /run/sudo/ts/niko 2020-11-21+11:20:03.8206875690 /var/log/auth.log
The most interesting line seems to be
/home/niko/.config/dconf/user. Running the
file command on it tells be that it is a GVariant Database file. I looked into it and found this post showing how to get the settings out of the database in a readable format. As instructed in the post i made a copy of the user file in the
/tmp/dconf directory (that i made) then exported some environment variable and ran
dconf dump on it.
mkdir /tmp/dconf cp .config/dconf/user /tmp/dconf/ XDG_CONFIG_HOME=/tmp dconf dump / > old-gsettings-data.txt
Doing this resulted in a human readable file containing the settings for my user. The problem i had here was that i had trouble verifying that the settings i changed were actually here so i took this a step further by changing the settings again, then repeating the previous steps to get another file with the new settings and ran
diff old-gsettings-data.txt old-gsettings-data2.txt on it to see the diffrence between the files.
69c69 < idle-delay=uint32 0 --- > idle-delay=uint32 900
As seen in the output the
idle-delay was changed from 0 to 900 so it is safe to assume that this is the amount of seconds that you can remain idle before the screen goes idle and this is the file that determines it. I wanted to try copying my settings to
/etc/skel so that the configuration file would be copied over to any new user when created. I created the nessesary directories in
/etc/skel then moved the file and added a new user.
sudo mkdir -p /etc/skel/.config/dconf sudo cp .config/dconf/user /etc/skel/.config/dconf/ sudo adduser test
I logged into the new user and looked at the settings. The screen was set to never turn off so this was a success. To continue this theme i wanted to try installing the
kite plugin for sublime. To install
kite i followed these instructions. Seems like to install it i just have to run the following command.
bash -c "$(wget -q -O - https://linux.kite.com/dls/linux/current)"
Runnin the command installed kite and gave me loads of usefull information. Either way i ran the previous
find command and stored the output to a file so i can look at it later.
Downloading /home/niko/kite-installer binary using wget... Running /home/niko/kite-installer install [installer] no previous kite installation found [installer] latest version is 2.20201113.0, downloading now... [installer] Downloading Kite: 99.9% of 481MiB [installer] verifying checksum [installer] validating signature [installer] installing version 2.20201113.0 [installer] installed ~/.config/autostart/kite-autostart.desktop [installer] installed ~/.config/systemd/user/kite-autostart.service [installer] installed ~/.config/systemd/user/kite-updater.service [installer] installed ~/.config/systemd/user/kite-updater.timer [installer] installed ~/.local/share/applications/kite-copilot.desktop [installer] installed ~/.local/share/applications/kite.desktop [installer] installed ~/.local/share/icons/hicolor/128x128/apps/kite.png [installer] installed ~/.local/share/kite/kited [installer] installed ~/.local/share/kite/login-user [installer] installed ~/.local/share/kite/logout-user [installer] installed ~/.local/share/kite/uninstall [installer] installed ~/.local/share/kite/update [installer] activating kite-updater systemd service [installer] activating kite-autostart systemd service [installer] registering kite:// protocol handler [installer] kite is installed! launching now! happy coding! :) [installer] with systemd, run systemctl --user start kite-autostart [installer] without systemd, run /home/niko/.local/share/kite/kited [installer] or launch it using the Applications Menu Removing kite-installer
To get it up and working i searched ubuntu for
kite and opened the app. There i chose to continue without an email then only chose sublime in the next screen.
Oddly it didnt install the sublime plugin so i had to go to plugins and install it there. After that i ran the find command again and saved the output to another file. At this point this seems a bit complicated to get up and running with salt but ill start by trying to make sure it is installed for new users. I started by making a temporary folder to put all the files in first. I created the nessesary sub-directories and moved all the files the installer created there.
mkdir -p .local/share mkdir -p .local/share/applications mkdir -p .local/share/icons/hicolor/128x128/apps/ mkdir -p .config/systemd/user mkdir -p .config/autostart cp -R .local/share/kite kite_test/.local/share/ cp .local/share/applications/kite* kite_test/.local/share/applications/ cp .local/share/icons/hicolor/128x128/apps/kite.png kite_test/.local/share/icons/hicolor/128x128/apps/ cp .config/systemd/user/kite-* kite_test/.config/systemd/user/ cp .config/autostart/kite-autostart.desktop kite_test/.config/autostart/
Now with all the the files in the correct folders i wanted to first verify how it is behaving right now. I created a new user and tried to search for
kite but got no results as expected. With that out of the way i copied all the files over to
/etc/skel and created a new user.
sudo cp -R kite_test/.local /etc/skel/ sudo cp -R kite_test/.config /etc/skel/ sudo adduser test
Now when i log in to the new user and search for
kite it actually finds it and im able to use it. At this point it is installed for any new user and somehow it is configured as well.
I tried using sublime and it seems like i spoke too soon. It shows that the sublime plugin is installed but it seems like it is installed for the original user. Looking at the output of the
file command that i ran after installing the plugin i saw what it did.
2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/docs/assets 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/assets 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/darwin 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/linux 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/unsupported 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/lib/platform/win32 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/setup 2020-11-21+15:29:51.1237501670 /home/niko/.config/sublime-text-3/Packages/KiteSublime/setup/assets 2020-11-21+15:29:51.1277501540 /home/niko/.config/sublime-text-3/Packages/KiteSublime 2020-11-21+15:29:52.7357450460 /home/niko/.kite/settings.json
There was many more files that were created but most of them were in
~/.config/sublime-text-3 so i copied that over to
/etc/skel same way as before. There was also a
.kite directory that seemed to be populated and contains the trial license so this seems not to be the most optimal way to go about it but i ignored this directory for now. I also created a new user to try this on.
cp -R ~/.config/sublime-text-3 kite_test/.config sudo cp -R kite_test/.config /etc/skel/ sudo adduser test2
I logged into this new user and this time the
kite plugin was present in sublime even though some features didnt seem to work. I wanted to make a quick proof of concept salt state that would put all these files in
/etc/skel so i made this.
/etc/skel/: file.recurse: - source: salt://kite/skel - include_empty: True
Applying this state with
sudo salt slave1 state.apply kite saltenv=dev was successful so for now ill leave it that. Ill leave this as a separate state because it still seems a bit imperfect and i havent decided if i like kite yet.