On Sun, Jul 21, 2019 at 03:56:31PM -0500, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 16/07/2019 9.35 AM, unman wrote: > > On Sun, Jul 14, 2019 at 09:13:16PM -0500, Andrew David Wong wrote: > >> On 14/07/2019 9.08 PM, Andrew David Wong wrote: > >>> On 14/07/2019 8.19 AM, unman wrote: > >>>> On Sat, Jul 13, 2019 at 06:40:00PM -0500, Andrew David Wong > >>>> wrote: > >>>>> > >>>>> 1. When using the Qubes Update widget, a mgmt DisposableVM is > >>>>> started. Why is that? Is it just for executing Salt commands so > >>>>> that they're not executed in dom0? > >>> > >>>> Yes, this is standard in Qubes. > >>> > >>>>> > >>>>> 2. How can one update a TemplateVM the way the Qubes Update > >>>>> widget does? For example, when I update a Fedora TemplateVM > >>>>> myself, I just execute `dnf update` in the template. I don't > >>>>> start any DisposableVMs, so clearly my method of updating is > >>>>> different from what the Qubes Update widget does. Is there some > >>>>> kind of scriptable qubesctl command I can issue from dom0 that > >>>>> does the same thing as the Qubes Update widget? > >>>>> > >>> > >>>> The update widget calls qubesctl and runs the state file in > >>>> /srv/formuals/base/update-formula/update/qubes-vm.sls > >>> > >>>> You can run this yourself by: qubesctl --skip-dom0 > >>>> --targets=<targets> --show-output state.sls update.qubes-vm > >>> > >>>> Skip the "show-output" option if you want to script. > >>> > >>>> It's a wrapper to salts pkg.uptodate call, so you could put that > >>>> in a state file yourself. > >>> > >>> > >>> Thanks, unman. I'm not quite sure what the last sentence means. > >>> Why would one want to put that in a state file oneself? > >>> > >> > >> Could you explain what these options mean? > >> > >> --skip-dom0 -- The documentation doesn't really explain this. > >> --targets -- Is this the qube to be updated in this case? > >> > > --skip-dom0 -- Doesnt try to action state in dom0. > > > > --targets -- You can give list of qubes to use as targets, (comma > > delimited) or use keywords. 'qubesctl --templates'. > > > > Thanks, unman. This is helpful, but I'm still unclear on --skip-dom0. > > Looking at the command you provided: > > qubesctl --skip-dom0 --targets=<targets> --show-output state.sls > update.qubes-vm > > What is the difference between including --skip-dom0 and excluding that > option? > > It's counterintuitive to me that, if I *specify* a target to be acted > upon using --targets, I *also* have to specify *not* to take action on a > *different* target (namely dom0). >
Depending on how you structure your states, and interdependencies, this is actually quite useful. For example, you can create a qube, configured as you wish, and then manipulate the files on that qube. Including dom0 allows you to do equivalent of qvm-create and qvm-prefs. If you subsequently change the preferences, you don't want to run the same state against dom0, because that would revert the changes you have made, so you can specify --skip-dom0 but apply the same state in the qube filesystem. For quick and dirty work that's fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190722160522.wkjxau7s724x463g%40thirdeyesecurity.org.
