-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Mar 17, 2020 at 11:46:51AM +0000, Michał "rysiek" Woźniak wrote: > Hey hey,
Hej, rysiek! > I started diving more deeply into Salt on QubesOS, since now I have two > laptops > with very similar config. One thing I'd like to use is Salt Orchestrate > runner: > https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html > > My use-case is: I need to enable networking on some templates (`dom0: > qvm.prefs`) to pull code on them (`I:qubes:type:template: git`), and then > disable networking on those templates. > > So basically, I need Salt's `require`, but working *across* minions. I don't think that's possible. In principle Qubes' salt integration is salt-ssh on steroids. Relevant qrexec: https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubes.SaltLinuxVM Launched from: https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubesctl https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubessalt/__init__.py > Seems like it's available on R4.0. Before I dive deep into trying to get it > into > a functioning state (ha!), has anyone played with it? And most importantly: > how > bad of an idea is it? It is bad. There are multiple ways for this to fail for some very unrelated reasons. My most-often encountered problem with salt is it sometimes fails to start the mgmt dispvm for memory fragmentation reasons. So if this was supported, the failure mode would be: enable network, do something, fail to disable network. Also remember that the error reporting is not that good, esp. for this case. > Yes, I know enabling networking in templates is a Bad Idea, that's why I only > want to do it temporarily and in a well-managed way. But yes, other ideas on > how > to get this code into the templates are obviously welcome too -- I considered > just putting it directly in my salt configs repo (that I then manually copy to > dom0:/srv/salt/), but why would I want code that is supposed to be only > running > on TemplateVMs in dom0 at all, right? If you need *code*, you could either just push it from dom0 (since that is where you have salt in the first place). Or, with git, you can try this: https://github.com/woju/qubes-app-split-git. - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers, | '-.-' | I fear lack of them. '-._ : ,-' -- Isaac Asimov `^-^-_> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAl5w8+4ACgkQv2vZMhA6 I1GtWg/8Ce1soJZVyuqkIamiCrb/VE1YcOLNolsHsKvyxervrFVkQ0Zo1KokI03h qTgJ0l4D6YGaSVBxJhEcPNN1lONkJ1vQkQmxWPtXMGLEpHPJYuBjDkKxHINjSRc6 mcga0xx/EqhECUgL8+Qkij6zcAyMxwiA4KxQzYetBZlPxDqjt9J9fD98sKIPFduA tkdM38zcSv/Y1XxkGzWbW34nn5FYjJsZF0Ki/68bjiAfcBFfWa43P1YxuebLAR/7 taEWgKolole96XSD2knegOEgLxJz4JudIiYh27kYjFt2gn5GGcsPE/kzJCwDKTXi RCzQ/r7IXNhLMVqfQVnSYIHM8vpHWt12cc8qy7BmZHgouV/Vftvw3aXj6IJEZK8v jgIU9mAuWhpue4tsLzHwDx/aHoHft56EkgSiqxCbPN6TuH+r0+/RbDLEdhLBglZj DI+OSgOdpeR177e+CjI6wrPEFGnsEFu6STirXb8WOIMKglbnokT2QIVr1089whIw mkFirRLB+3dKCTMenslFDJrpg2w2RLlcwo4k44TO3wEMh9OXhfoueOHiUDAg64KF dinXJjW5dbrZ1i8pSoCGJrSc1jisC4I3/D7a+n1wLdPvAmbO8Qcdki81vuEE6YrI 1IsxIz9k7yR9b7g/8zhiK/vkvl6xV/w3yhmMCDMczZ3RFymdiRs= =AWuf -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200317155943.GA1254%40invisiblethingslab.com.
