From 23cc831d048306f3c346c32294c0231e6f6cc531 Mon Sep 17 00:00:00 2001
From: Ee Durbin <ewdurbin@gmail.com>
Date: Tue, 16 Jul 2024 21:26:30 -0400
Subject: [PATCH] implement a `detect_virt` grain

This is useful for things we may not want or be able to run when operating in a docker container.

Specific example is systemd-timesyncd, which refuses to start in a container:

```
[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
...
```

Note the `ConditionVirtualization` blocking.

Useful state might be something like:

```
systemd-timesyncd:
  pkg:
    - installed
  service:
    - enable: True
    {% if grains["detect_virt"] not in ["docker"] %}
    - running
    {% endif %}
```

Which would _enable_ the service but not fail when it fails to start.
---
 salt/_grains/detect_virt.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 salt/_grains/detect_virt.py

diff --git a/salt/_grains/detect_virt.py b/salt/_grains/detect_virt.py
new file mode 100644
index 00000000..094510ba
--- /dev/null
+++ b/salt/_grains/detect_virt.py
@@ -0,0 +1,13 @@
+#!/usr/bin/env python
+
+import subprocess
+
+
+def main():
+    try:
+        result = subprocess.run(
+            ["/usr/bin/systemd-detect-virt"], stdout=subprocess.PIPE, check=True
+        ).stdout.rstrip()
+    except FileNotFoundError:
+        result = "unknown"
+    return {"detect_virt": result}