On Wed, Dec 21, 2016 at 05:35:37PM +0000, john.david.r.smith wrote: > hi. > currently i am configuring salt to create and configure all my vms. > my target is to have only a minimal set of vms i need to backup (vault, > config, data, custom systemd based services for my vms) and a set of salt > files to create my whole setup. > > creating vms and installing software works. > but for some vms i need additional config data (ssh-keys, openvpn-config > file, etc). > I want to store this data in the config vm. > > now i need to get the config data for each vm from my config-vm. > i have multiple ideas, but i am not satisfied with any: > 1) run `qvm-copy-to-vm` in config-vm + run some copy commands in the > target-vm > 2) get the file to dom0 via `qvm-run --pass-io "cat ...." > file_in_dom_0` + > transfer the file to the targetvm > 3) use managed file from salt > > why i don't like the solutions: > 1) needs user interaction to allow the transaction or i need to allow all > file transfers from my config-vm. > i like neither of these options. > additionally i need to to issue two commands. > 2) i don't like the part about transferring anything to dom0. > also it would be difficult to handle directories. > 3) i would transfer the files to dom0 (i don't want to do this) > > I am currently searching for a nice way to solve all of this. > > I have an idea but it would require some new functionality (at leas i think > so). > > in my config-vm i have multiple config folders for each target property > (e.g. autoshutdown, QubesOutgoing for my own services). > each folder contains files to copy to /rw) > in dom0 i would run something like this > `qvm-inter-vm-copy config-vm:~/autoshutdown/* some-template:/rw/` > this command would copy all files/directories from ~/autoshutdown/ in > config-vm to /rw in some-template. > the command qvm-inter-vm-copy would only be available in dom0, so it would > not need additional user interaction. > > what do you think about adding such a `qvm-inter-vm-copy`-command to dom0? > (the functionality (intervm copy) should mostly already be there). > > Or is there some other/better way? > > -john >
It's not better but you could do it right now. A short script that writes to the policy file allowing FileCopy from config-vm to targets. qvm-run config-vm 'qvm-copy-to-vm target Dir' Remove permissive rule from policy file qvm-run target 'mv .....' salt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161221234602.GD19689%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
