How to use salt as noob?
349 views
Skip to first unread message
J. Eppler
May 11, 2016, 1:40:02 AM5/11/16
to qubes-users
Hello,
Qubes 3.1 comes with salt, a management engine. This is nice, but what is the
advantage for a user. How can I use salt in Qubes if I don't want to start writing
my own moduls, grains etc.? Where is the advantage as Qubes user without
learning salt first? What commands can I use as salt noob?
Is there any advantage in using salt over using the command line?
Best regards
J. Eppler
Qubes 3.1 comes with salt, a management engine. This is nice, but what is the
advantage for a user. How can I use salt in Qubes if I don't want to start writing
my own moduls, grains etc.? Where is the advantage as Qubes user without
learning salt first? What commands can I use as salt noob?
Is there any advantage in using salt over using the command line?
Best regards
J. Eppler
Andrew David Wong
May 11, 2016, 3:04:51 AM5/11/16
to J. Eppler, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Good questions. Tracking this documentation issue here:
https://github.com/QubesOS/qubes-issues/issues/1983
For reference, here's the current Salt documentation:
https://www.qubes-os.org/doc/salt/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXMtmMAAoJENtN07w5UDAwblQP/07xD6jK0lrAyv/YCy60rwLP
3ATA8Cj8z1gPMGLhwJ/qQ0gp6gFHbDEk6Mok3MKsux8qbqb1eKx83uEvhvo41G9c
xNJRwF3cWesc84wl3pBcajSSwYh9mv8t+Wh4LbCx432SA4iWjDklEKTfLAzMCLl0
HutH8DpJqcKT+iR+uHCJED/wzp15JA3lWhRN2QXFgvPhsBMq4pBl5RMRcymCNIiD
hwFWR6ddZg0mqf+uCxeNAw83FolpDBIgFZfwwDm6JEAZQkG8LSDa3UnEw6dZ7avp
sv/tBSpHbUoxVSZN1iZbobU57ftCkZ0jhXV8OzBer1S4lHQZZlXSey+K3lCTGrC2
ZCtGUuMXPwphFQ2L0x1c4t0aPLtt7uI+z63Ro15e78aFyz9BtuhwzpNdeYEM3+8t
wdQOpk5Np8zjY9AqHMLZPVLmtsTs4AszLLqla5ynM74dKsZitu3UVu8fyO+iPzgq
kCE94Lh1J2KWCyUnIfKLig49d3hfLC39tGMdQhKYTUhwDnD6DOtUmOfTC+ftoY+1
hTfISPmbz4nH1q07ixZlj3Y+N85BOpHEtsSJi+8hJjUterTMC9+lYKQeucIuJMvG
AC4zq0gqOCyvp8kpZzW6uT2VP+MtZuyjoUyvD5kuHebeIeMGw6RKgzMG9BUe9Rmp
4uMcJyIwZHKfIudgCt0c
=z2zT
-----END PGP SIGNATURE-----
Hash: SHA512
https://github.com/QubesOS/qubes-issues/issues/1983
For reference, here's the current Salt documentation:
https://www.qubes-os.org/doc/salt/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXMtmMAAoJENtN07w5UDAwblQP/07xD6jK0lrAyv/YCy60rwLP
3ATA8Cj8z1gPMGLhwJ/qQ0gp6gFHbDEk6Mok3MKsux8qbqb1eKx83uEvhvo41G9c
xNJRwF3cWesc84wl3pBcajSSwYh9mv8t+Wh4LbCx432SA4iWjDklEKTfLAzMCLl0
HutH8DpJqcKT+iR+uHCJED/wzp15JA3lWhRN2QXFgvPhsBMq4pBl5RMRcymCNIiD
hwFWR6ddZg0mqf+uCxeNAw83FolpDBIgFZfwwDm6JEAZQkG8LSDa3UnEw6dZ7avp
sv/tBSpHbUoxVSZN1iZbobU57ftCkZ0jhXV8OzBer1S4lHQZZlXSey+K3lCTGrC2
ZCtGUuMXPwphFQ2L0x1c4t0aPLtt7uI+z63Ro15e78aFyz9BtuhwzpNdeYEM3+8t
wdQOpk5Np8zjY9AqHMLZPVLmtsTs4AszLLqla5ynM74dKsZitu3UVu8fyO+iPzgq
kCE94Lh1J2KWCyUnIfKLig49d3hfLC39tGMdQhKYTUhwDnD6DOtUmOfTC+ftoY+1
hTfISPmbz4nH1q07ixZlj3Y+N85BOpHEtsSJi+8hJjUterTMC9+lYKQeucIuJMvG
AC4zq0gqOCyvp8kpZzW6uT2VP+MtZuyjoUyvD5kuHebeIeMGw6RKgzMG9BUe9Rmp
4uMcJyIwZHKfIudgCt0c
=z2zT
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
May 11, 2016, 6:08:56 AM5/11/16
to J. Eppler, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
For your own, single machine and configurations designed yourself - not
much. All that is possible using command line tools and GUI tools.
The main use case is to easily *replicate* configuration - prepare
salt formula once and apply it easily in many places. Creating salt
formulas requires some understanding of salt. But applying it - not.
Example use cases:
1. Whonix:
There is quite lengthy installation instruction:
https://www.whonix.org/wiki/Qubes/Install
When turned into salt formulas[1][2], it can be applied with a single
checkbox during installation, or later with simply enabling those
formulas (we're working on GUI for this):
sudo qubesctl top.enable qvm.anon-whonix
sudo qubesctl state.highstate
2. Martus:
Michael researched and prepared installation instruction:
https://github.com/QubesOS/qubes-issues/issues/1836#issuecomment-213575740
Much simpler than Whonix installation, but still requires some manual
steps. Converted to salt formula here:
https://gist.github.com/marmarek/29f9a4a1f3a7a457cf2b449ab0b0e2f4
Will be possible to apply it much easier.
[1] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/sys-whonix.sls
[2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/anon-whonix.sls
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXMwSuAAoJENuP0xzK19csrXAH/2Kp3PL17AUQlaWDAfxS9vr9
BhKhs/x96YhvG+CbqH+n9xyq6yVYGC/QTmrVmvQClaN06zw6RQWbmOZeiBnuvFGA
AbH0DECl0hlfZSwxgF1nzGuo3uGUOCIsy1sfmj1S8rjJVugUKSdrYG5uwxp7/WxP
5klsiGACbHRz3uCiNNHid/jQspkSDPA3CZuXXkRy8eMcTByEbE0XdoAKMFb5vZbs
XWzoBZEXLJXhtEPFbCF+6Kh1WIL5s0dg6zQJ0bKQnN4gF+ayXY6bmth7z4y4pXDR
YEzcm4rCxfhKUZSO9/JfdBP/8fBr0B/eMe91X4YNf4JzHJxVxCVimx83CQwiEWE=
=Z85x
-----END PGP SIGNATURE-----
Hash: SHA256
much. All that is possible using command line tools and GUI tools.
The main use case is to easily *replicate* configuration - prepare
salt formula once and apply it easily in many places. Creating salt
formulas requires some understanding of salt. But applying it - not.
Example use cases:
1. Whonix:
There is quite lengthy installation instruction:
https://www.whonix.org/wiki/Qubes/Install
When turned into salt formulas[1][2], it can be applied with a single
checkbox during installation, or later with simply enabling those
formulas (we're working on GUI for this):
sudo qubesctl top.enable qvm.anon-whonix
sudo qubesctl state.highstate
2. Martus:
Michael researched and prepared installation instruction:
https://github.com/QubesOS/qubes-issues/issues/1836#issuecomment-213575740
Much simpler than Whonix installation, but still requires some manual
steps. Converted to salt formula here:
https://gist.github.com/marmarek/29f9a4a1f3a7a457cf2b449ab0b0e2f4
Will be possible to apply it much easier.
[1] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/sys-whonix.sls
[2] https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines/blob/master/qvm/anon-whonix.sls
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXMwSuAAoJENuP0xzK19csrXAH/2Kp3PL17AUQlaWDAfxS9vr9
BhKhs/x96YhvG+CbqH+n9xyq6yVYGC/QTmrVmvQClaN06zw6RQWbmOZeiBnuvFGA
AbH0DECl0hlfZSwxgF1nzGuo3uGUOCIsy1sfmj1S8rjJVugUKSdrYG5uwxp7/WxP
5klsiGACbHRz3uCiNNHid/jQspkSDPA3CZuXXkRy8eMcTByEbE0XdoAKMFb5vZbs
XWzoBZEXLJXhtEPFbCF+6Kh1WIL5s0dg6zQJ0bKQnN4gF+ayXY6bmth7z4y4pXDR
YEzcm4rCxfhKUZSO9/JfdBP/8fBr0B/eMe91X4YNf4JzHJxVxCVimx83CQwiEWE=
=Z85x
-----END PGP SIGNATURE-----
Andrew David Wong
May 11, 2016, 4:36:19 PM5/11/16
to Marek Marczykowski-Górecki, J. Eppler, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thank you, Marek. This explanation and these examples are exactly the
sort of thing we need to add to the Salt documentation to make it
comprehensible to users:
https://github.com/QubesOS/qubes-issues/issues/1983
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXM5e1AAoJENtN07w5UDAwf30P/jroszDFWnA8MVA4HUIhOcCm
wwgOpPxgOuDLqUktJ2Fo7/xsYcDwcfdQI4winmMWkh9dHY4Amvh0u0BHjR9oXetm
UPPDIJ/63yd0IzN0M/R/RMcrUyNnonIc+FJxIioOGcJkKsp2kJWJUel0n4kR/G7g
SfQdqLBwWyBEN2xHrgm1uxSJ8ye//ueSWFfuwzhFV2izYyQu1m8hWXPDPFwdhxvj
/Pi0z1zaZyP56YlP1MOHa51cSRmVUjSE8+M1ZoHj0AKZ1bEYwd7x0RAf2+6lzJES
Kybw0PMj4dPkq+DAg0yhQBEZKF55znN7C86JugCN1vhOgVyj8t06+GeWKz7gucZ/
BFnMaq4Yoj+MxXKjO5iazBx6+OqSJHInuopG7/ok/LvUd/ifC/4iMrTo50wJyZZ8
kqeuEuYZsu3TelM40q1aHcqHebrZGV1Qt8xZou4d8FTeAlZ4TzUdin5fQoxS6gBD
xoAAXukKlflKaBiEMUGFBSFobmLAAV8HdLWvH7wER//M9rsm3tSDp7eAGHYM7+ad
Rv5g2I+rzIUkXfrlgYBK1IXDopglJq9eS/huS5GVGBNGccvSg2ixh0KYT3/yp7Tq
7wBfSjcNmxpCPP7Ezc/zEfy5hfSN6HE7ZE1Oe6LXblq5Wtkncj1q21Lba2PhGJks
+XHw3YrclVkZAqr9bBr8
=ZKrz
-----END PGP SIGNATURE-----
Hash: SHA512
sort of thing we need to add to the Salt documentation to make it
comprehensible to users:
https://github.com/QubesOS/qubes-issues/issues/1983
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
wwgOpPxgOuDLqUktJ2Fo7/xsYcDwcfdQI4winmMWkh9dHY4Amvh0u0BHjR9oXetm
UPPDIJ/63yd0IzN0M/R/RMcrUyNnonIc+FJxIioOGcJkKsp2kJWJUel0n4kR/G7g
SfQdqLBwWyBEN2xHrgm1uxSJ8ye//ueSWFfuwzhFV2izYyQu1m8hWXPDPFwdhxvj
/Pi0z1zaZyP56YlP1MOHa51cSRmVUjSE8+M1ZoHj0AKZ1bEYwd7x0RAf2+6lzJES
Kybw0PMj4dPkq+DAg0yhQBEZKF55znN7C86JugCN1vhOgVyj8t06+GeWKz7gucZ/
BFnMaq4Yoj+MxXKjO5iazBx6+OqSJHInuopG7/ok/LvUd/ifC/4iMrTo50wJyZZ8
kqeuEuYZsu3TelM40q1aHcqHebrZGV1Qt8xZou4d8FTeAlZ4TzUdin5fQoxS6gBD
xoAAXukKlflKaBiEMUGFBSFobmLAAV8HdLWvH7wER//M9rsm3tSDp7eAGHYM7+ad
Rv5g2I+rzIUkXfrlgYBK1IXDopglJq9eS/huS5GVGBNGccvSg2ixh0KYT3/yp7Tq
7wBfSjcNmxpCPP7Ezc/zEfy5hfSN6HE7ZE1Oe6LXblq5Wtkncj1q21Lba2PhGJks
+XHw3YrclVkZAqr9bBr8
=ZKrz
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages