Re: [qubes-users] Re: What's your flow for new templateVM?
On Thu, May 14, 2020 at 07:21:52AM +0100, lik...@gmx.de wrote: > > > > > > > From another post: > > I ran some training a few years back, and the notes are here: > > https://github.com/unman/notes/tree/master/salt > > > > They start with the simplest use of `qubesctl`, and work up to quite > > complex configurations, but should be easy to understand. > > There are examples in (naturally) "examples". > > > > Let's assume I'm managing all my configuration in /srv/salt/myConfig > > From this post, it seems that these directories are not backuped by default > by the qubes-backup: > https://groups.google.com/forum/#!searchin/qubes-users/doesn$27t$20fully$20restore%7Csort:date/qubes-users/FiGImnZ87sY/yK5h7gcsAgAJ > > How do you backup them? By linking from /home? Copying all to /home before a > backup? What's the best practice? > My practice is to maintain an encrypted tar archive - I can pull that down, copy it to offline disposableVM, decrypt there, and copy in to dom0. For general system configuration, I load the directories from an encrypted USB drive. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200514125416.GB15104%40thirdeyesecurity.org.
[qubes-users] Re: What's your flow for new templateVM?
From another post: I ran some training a few years back, and the notes are here: https://github.com/unman/notes/tree/master/salt They start with the simplest use of `qubesctl`, and work up to quite complex configurations, but should be easy to understand. There are examples in (naturally) "examples". Let's assume I'm managing all my configuration in /srv/salt/myConfig From this post, it seems that these directories are not backuped by default by the qubes-backup: https://groups.google.com/forum/#!searchin/qubes-users/doesn$27t$20fully$20restore%7Csort:date/qubes-users/FiGImnZ87sY/yK5h7gcsAgAJ How do you backup them? By linking from /home? Copying all to /home before a backup? What's the best practice? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e8abd43-619b-d688-8339-bdb3c6268e25%40gmx.de.
Re: [qubes-users] Re: What's your flow for new templateVM?
I had a try with salt today and made a VM from a template. If like to go further with this. I found that the /svr/salt directory was owned by root so I had to use sudo to copy anything to it. Is that normal? I also had to use sudo on the qubesctl commands. One of the things I need to go is install a printer driver for a network printer. Is this sort of thing easy to do with salt? I normally download the driver from the brother website and follow the instructions for a fedora install. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b256d224-d651-4de0-b5b1-16f484c1914a%40googlegroups.com.
Re: [qubes-users] Re: What's your flow for new templateVM?
On Tue, May 12, 2020 at 05:01:33PM +0100, lik...@gmx.de wrote: > On 2020-05-11 16:11, unman wrote: > > On Mon, May 11, 2020 at 10:52:32AM -0400, Stumpy wrote: > > > On 2020-05-11 10:26, 'Ryan Tate' via qubes-users wrote: > > > > Saw the new f31 templateVM (thanks for that) and just curious how folks > > > > generally migrate to a new templateVM. > > > > > > > > I manually maintain this big text list of packages and just use that to > > > > manually update the fresh templateVM to what I need. There's typically > > > > also some non package installs, which I include basic pointers for > > > > (think downloaded rpms and so forth), as well as some outside repos to > > > > add (e.g. keybase). There's also typically some packages I forgot to put > > > > on the list, which I can usually suss out by going through the bash > > > > history for the old template, although often there's one or two that > > > > slip through the cracks, which I find out about eventually and it's not > > > > a huge deal. > > > > > > > > I'm particularly curious if anyone does anything more sophisticated than > > > > that, using salt or some other automated deploy system to prep new > > > > template images. > > > > > > > > Thanks for any tips! > > > > > > > > > > Ditto, would really be interested as well, I have a similar system but i > > > am > > > sure there are better ways to do it. > > > > > > > Salt it - if you get used to using salt, it's simple to use. > > If you want to install a package, don't open the template and install it > > there, edit the install.sls file to include the package, and run > > `qubesctl --skip-dom0 --targets= state.apply install` > > > > What's the advantage of using Salt in comparison to 'qvm-run ...' commands > bundled to a script to manage template modifications? In this case you've > also a executable documentation. > What's I'm missing? > You're missing the range and flexibility of salt. As soon as you move beyond the most basic provisioning of a system, the scripting approach starts to become a messy bundle. I used to use bash scripts, qvm-tools, sed, and STILL I'd have to go in and finish off by hand. With Salt, I build and configure templates, individual qubes. It's simple to restore a subset of my system for when I'm travelling, or rebuild complete configurations. I wouldn't go back. Of course you *can* do everything using qvm-tools in scripts, but the salt tools are cleaner and more flexible. . unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200513100514.GA8893%40thirdeyesecurity.org.
[qubes-users] Re: What's your flow for new templateVM?
On 2020-05-11 16:11, unman wrote: On Mon, May 11, 2020 at 10:52:32AM -0400, Stumpy wrote: On 2020-05-11 10:26, 'Ryan Tate' via qubes-users wrote: Saw the new f31 templateVM (thanks for that) and just curious how folks generally migrate to a new templateVM. I manually maintain this big text list of packages and just use that to manually update the fresh templateVM to what I need. There's typically also some non package installs, which I include basic pointers for (think downloaded rpms and so forth), as well as some outside repos to add (e.g. keybase). There's also typically some packages I forgot to put on the list, which I can usually suss out by going through the bash history for the old template, although often there's one or two that slip through the cracks, which I find out about eventually and it's not a huge deal. I'm particularly curious if anyone does anything more sophisticated than that, using salt or some other automated deploy system to prep new template images. Thanks for any tips! Ditto, would really be interested as well, I have a similar system but i am sure there are better ways to do it. Salt it - if you get used to using salt, it's simple to use. If you want to install a package, don't open the template and install it there, edit the install.sls file to include the package, and run `qubesctl --skip-dom0 --targets= state.apply install` What's the advantage of using Salt in comparison to 'qvm-run ...' commands bundled to a script to manage template modifications? In this case you've also a executable documentation. What's I'm missing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16761577-022f-c5fd-20de-69f3d4c6ef7e%40gmx.de.
