Salt Questions
110 views
Skip to first unread message
Johannes Graumann
Oct 8, 2019, 6:45:17 AM10/8/19
to qubes...@googlegroups.com
Gentlepeople,
I'm finally biting the bullet and setting out to salt my Qubes.
1) DARN is it complicated in comparison to Ansible - not least because
of the ... interesting ... obsession with the physical characteristics
of salty minerals (grain, pillar, ...) - just call it what if
functionally is, for chrissakes ... <end_of_desperation/>
2) I'm unclear about whether the fedora-/debian-X-minimal template VMs
require additional packages to be managed through salt.
https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so:
> Also, there are packages to provide additional services:
> ...
> qubes-mgmt-\*: If you want to use salt management on the template and
> qubes.
If that's indeed the case, it's actually not possible to manage minimal
template installation/customization entirely through salt, which I
consider suboptimal.
3) I so far have managed to setup `*.sls` files for updating all
templates as well as dom0 (THANKS unman for the example repo posted a
while ago). Now I'm trying to get a defined package installed in a
minimal template and fail:
flatpak.sls:
install_flatpak:
pkg.installed:
- pkgs:
- flatpak
*.top:
base:
^(.*)-flatpak$:
- match: pcre
- flatpak
when applying this to --all, everything appears to run fine, but at the
end, the present fedora-30-minimal-flatpak template does NOT have
flatpak installed ...
Where am I erring?
Thank you for any insight you may be able to give.
Sincerely, Joh
I'm finally biting the bullet and setting out to salt my Qubes.
1) DARN is it complicated in comparison to Ansible - not least because
of the ... interesting ... obsession with the physical characteristics
of salty minerals (grain, pillar, ...) - just call it what if
functionally is, for chrissakes ... <end_of_desperation/>
2) I'm unclear about whether the fedora-/debian-X-minimal template VMs
require additional packages to be managed through salt.
https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so:
> Also, there are packages to provide additional services:
> ...
> qubes-mgmt-\*: If you want to use salt management on the template and
> qubes.
If that's indeed the case, it's actually not possible to manage minimal
template installation/customization entirely through salt, which I
consider suboptimal.
3) I so far have managed to setup `*.sls` files for updating all
templates as well as dom0 (THANKS unman for the example repo posted a
while ago). Now I'm trying to get a defined package installed in a
minimal template and fail:
flatpak.sls:
install_flatpak:
pkg.installed:
- pkgs:
- flatpak
*.top:
base:
^(.*)-flatpak$:
- match: pcre
- flatpak
when applying this to --all, everything appears to run fine, but at the
end, the present fedora-30-minimal-flatpak template does NOT have
flatpak installed ...
Where am I erring?
Thank you for any insight you may be able to give.
Sincerely, Joh
Brian C. Duggan
Oct 9, 2019, 2:44:08 PM10/9/19
to qubes...@googlegroups.com
On 10/8/19 6:45 AM, Johannes Graumann wrote:
> 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs
> require additional packages to be managed through salt.
> https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so:
>> Also, there are packages to provide additional services:
>> ...
>> qubes-mgmt-\*: If you want to use salt management on the template and
>> qubes.
>
> If that's indeed the case, it's actually not possible to manage minimal
> template installation/customization entirely through salt, which I
> consider suboptimal.
>
Qubes does not require that these packages be installed on target VMs to
> 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs
> require additional packages to be managed through salt.
> https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so:
>> Also, there are packages to provide additional services:
>> ...
>> qubes-mgmt-\*: If you want to use salt management on the template and
>> qubes.
>
> If that's indeed the case, it's actually not possible to manage minimal
> template installation/customization entirely through salt, which I
> consider suboptimal.
>
manage them.
The disposable management VM applies states through salt-ssh over
qrexec. So target VMs only need the qrexec agent installed:
https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0
I believe qubes-mgmt-salt packages will let a user-controlled management
VM use the AdminAPI through Salt. But I'm not sure whether the AdminAPI
is mature enough for that to work fully, yet. Folks on this list have
only talked about using Salt from dom0.
> 3) I so far have managed to setup `*.sls` files for updating all
> templates as well as dom0 (THANKS unman for the example repo posted a
> while ago). Now I'm trying to get a defined package installed in a
> minimal template and fail:
>
> flatpak.sls:
> install_flatpak:
> pkg.installed:
> - pkgs:
> - flatpak
>
# qubesctl --show-output --skip-dom0 \
# --target=fedora-30-minimal-flatpak state.sls flatpak
Try getting the state to work by itself before using it in a top file.
What do you get when you try that command?
Brian
--
Brian C. Duggan
he/him/his
unman
Oct 11, 2019, 11:34:05 AM10/11/19
to qubes...@googlegroups.com
You can use a managementVM to control with salt and I am transitioning
to this.
On your specific problem, check the log in /var/log/qubes - it wil be
mgmt-<qube>.log - there should be a pointer to what has gone wrong.
One possibility if this is a debian template - you need to enable the
*testing* repository.
unman
Johannes Graumann
Oct 18, 2019, 6:54:22 AM10/18/19
to Brian C. Duggan, qubes...@googlegroups.com
Thank you for chiming in - I can indeed configure all official templates (minimal or not) using salt without installing anything special.
Sincerely, Joh
Reply all
Reply to author
Forward
0 new messages