-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I really like what has been done with Salt to extend configuration management to each Qube, however, I prefer Ansible RedHat to Salt and use it to manage every other machine in my fleet. It seems would be more efficient in the long run for me to utilize Ansible instead of Salt, to cut down on duplication of tasks. I was hoping to get some feedback on the following model before I started working, as to cut down on any mistakes.
Ansible would run in dom0 or a trusted management Qube. Dom0 would be preferable, as it could then create and destroy VMs, however this could likely be done through a custom Qubes RPC within the management Qube. Ansible supports a variety of "connection" types and I was considering writing a connection type utilizing qrexec. In this model, configuration commands would be pushed to each Qube from dom0 (or the trusted management VM) using qrexec, and Ansible would function more or less unaware of the change. My primary question is how Qubes Salt avoids any possible attack back from each individual Qube while still relaying state information. - -- kulinacs <[email protected]> -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhXJjMACgkQuXLc0JPg MlbmBA//V4eYuQQ3mDxo4cUFFMWYAmjZWNppsrNkRjlzTEsLmstWc/mzdWJRjj5+ /FOTT18elcVcH48W5T9fLRTQLP/marQuXgYS2VK1JQY4VY0C4p4TlzW+OUHM5ygf RhSXSjcM70yP1IktjduzkUfxz1utjIHVwckN3mYQ9QQd6kxvD1XDG2eTvcnNlvoe 2C0wqqcJdRQmvqpZ48F/6JiKGVmgOq+8ksYoj/PhhA+t7llOJRttCZK++O2p0yRU VlJZahyulIlJfTf+TjuMez2npwAwYid4dlWilMNSLnAehPIGsCcObFwwR5nMZSJ5 7jPyViltmJp+7XOApHhkDlxXJxySM6ceHwLPQHrBbhWppM+GCKZxfSObhvsU+V8F CJzdAFOjvhKtlj55k9yAV+t1GKkR6ItsaWA5Y55ONZDu9AX4R6TWHEZrue6jM82b ZhGM79SUpuCDQ6SjpHbCxHhbP8rZthtj2822vYhCZHeMT4nd4fbpymH8mUd2Jrrc 1ycyQIEs1FFZte3EtEYrfGb0LU2kD4+jGQTZLNTkLnfESG6blWmIXehI0ibgwIbN 6gXsLl5/9LSHfeZvz2eBBI5mN177KuZMZizmJZD275+IVaxIK9B6BbuloPJ++/vF RDFeISLLNX/tOVrXOndubSrU438xiGVlIYNcqMpA86DrX001jD0= =BghQ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/63036e8a-b80c-4fdb-263d-28b298423422%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
