On Tue, Mar 17, 2020 at 11:46:51AM +0000, Micha?? "rysiek" Wo??niak wrote: > Hey hey, > > I started diving more deeply into Salt on QubesOS, since now I have two > laptops > with very similar config. One thing I'd like to use is Salt Orchestrate > runner: > https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html > > My use-case is: I need to enable networking on some templates (`dom0: > qvm.prefs`) to pull code on them (`I:qubes:type:template: git`), and then > disable networking on those templates. > > So basically, I need Salt's `require`, but working *across* minions. > > Seems like it's available on R4.0. Before I dive deep into trying to get it > into > a functioning state (ha!), has anyone played with it? And most importantly: > how > bad of an idea is it? > > > Yes, I know enabling networking in templates is a Bad Idea, that's why I only > want to do it temporarily and in a well-managed way. But yes, other ideas on > how > to get this code into the templates are obviously welcome too -- I considered > just putting it directly in my salt configs repo (that I then manually copy to > dom0:/srv/salt/), but why would I want code that is supposed to be only > running > on TemplateVMs in dom0 at all, right? > > -- > rysiek >
It's relatively easy to use requires in salt calls - not really working across minions, because there's only one minion in Qubes implementation. In your case, I'd propose an alternative. Provision a "git" qube to do the pull, and then copy the repo in to template where you will. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200317161520.GD29569%40thirdeyesecurity.org.
