Skip to content

Commit

Permalink
implement a detect_virt grain
Browse files Browse the repository at this point in the history 
This is useful for things we may not want or be able to run when operating in a docker container.

Specific example is systemd-timesyncd, which refuses to start in a container:

```
[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
...
```

Note the `ConditionVirtualization` blocking.

Useful state might be something like:

```
systemd-timesyncd:
  pkg:
    - installed
  service:
    - enable: True
    {% if grains["detect_virt"] not in ["docker"] %}
    - running
    {% endif %}
```

Which would _enable_ the service but not fail when it fails to start.
  • Loading branch information
@ewdurbin
ewdurbin committed Jul 17, 2024
1 parent f7803fd commit 23cc831
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions salt/_grains/detect_virt.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/usr/bin/env python

import subprocess


def main():
try:
result = subprocess.run(
["/usr/bin/systemd-detect-virt"], stdout=subprocess.PIPE, check=True
).stdout.rstrip()
except FileNotFoundError:
result = "unknown"
return {"detect_virt": result}

0 comments on commit 23cc831

Please sign in to comment.