On Wed, Oct 09, 2019 at 02:43:56PM -0400, Brian C. Duggan wrote: > On 10/8/19 6:45 AM, Johannes Graumann wrote: > > 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs > > require additional packages to be managed through salt. > > https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so: > >> Also, there are packages to provide additional services: > >> ... > >> qubes-mgmt-\*: If you want to use salt management on the template and > >> qubes. > > > > If that's indeed the case, it's actually not possible to manage minimal > > template installation/customization entirely through salt, which I > > consider suboptimal. > > > > Qubes does not require that these packages be installed on target VMs to > manage them. > > The disposable management VM applies states through salt-ssh over > qrexec. So target VMs only need the qrexec agent installed: > > https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0 > > I believe qubes-mgmt-salt packages will let a user-controlled management > VM use the AdminAPI through Salt. But I'm not sure whether the AdminAPI > is mature enough for that to work fully, yet. Folks on this list have > only talked about using Salt from dom0. > > > 3) I so far have managed to setup `*.sls` files for updating all > > templates as well as dom0 (THANKS unman for the example repo posted a > > while ago). Now I'm trying to get a defined package installed in a > > minimal template and fail: > > > > flatpak.sls: > > install_flatpak: > > pkg.installed: > > - pkgs: > > - flatpak > > > > I was able to apply this state to a clone of fedora-30-minimal like this: > > # qubesctl --show-output --skip-dom0 \ > # --target=fedora-30-minimal-flatpak state.sls flatpak > > Try getting the state to work by itself before using it in a top file. > What do you get when you try that command? > > Brian > > -- > Brian C. Duggan > he/him/his >
Brian is right - the minimal templates can be configured as they are. You can use a managementVM to control with salt and I am transitioning to this. On your specific problem, check the log in /var/log/qubes - it wil be mgmt-<qube>.log - there should be a pointer to what has gone wrong. One possibility if this is a debian template - you need to enable the *testing* repository. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191011153403.GC32237%40thirdeyesecurity.org.
