Hi Marek, Thanks for the response and my apologies on the late follow up.
> Hmm, that's strange. I use salt regularly to update all the templates at > once and haven't noticed anything like this. > Do you see any not cleaned up VMs after that? Like > `disp-mgmt-something`. There where no left behind disp VM's and this persisted across boots. I have yet to retry this git repo fully enabled as I have needed a stable system for work recently but will return to this soon. > The output is logged to /var/log/qubes/mgmt-*.log. Also take a look at > --show-output option. Thanks! that is perfect. The help message lead me to believe it was to show the command line runs that where executed by salt or something other than the report so I did not try it admittedly. > > There are also a handful of other problems smaller problems I have > > encountered while trying to configure everything I need with salt. For > > example the fedora-23-minimal templates are unmanageable via salt, all of > > the internal > > VM salt configuration just doesn't work on on them from my > > experiments. > > It may be that salt requires some additional packages to preform its > actions. Minimal template have really minimal package set installed. > But you probably can install additional stuff using pkg.installed. > Yes, it may require calling `qubesctl --all state.highstate` twice. I believe it says in the docs that the only requirements in the target VM for salt inter-vm management to work is scp because ssh looks of it or something. Turns out scp is not installed in the fedora-23-minimal template by default, however, even after installing it the installation of a package does not work for the minimal template. Using the revelation that is the --show-output switch I can see this happening. Its quite long so here is a paste of the section of output pertaining to fedora-23-minimal template http://pastebin.com/kCe29p9L but the tail of it is: stderr: ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: File exists WARNING: Unable to locate current thin version: /tmp/.root_d510cd__salt/version. stdout: ERROR: Failure deploying thin: /usr/bin/scp _edbc7885e4f9aac9b83b35999b68d015148caf467b78fa39c05f669c0ff89878 deploy ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: File exists WARNING: Unable to locate current thin version: /tmp/.root_d510cd__salt/version. > In any case, if you put Fedora-based VM behind sys-whonix, and set it as > UpdateVM, it should work. That does indeed seem to fix the problem. Is there a reason why the whonix setup choice that uses whonix for dom0 updates not also build an update vm that uses sys-whonix and is based off of fedora? > > There are some aspects of configuring the dom0 experience in Qubes that > > does not seem to be possible from salt. For example there is no way to > > specify which applications are available in the menu for an appVM, > > Indeed there is no module for this, but you can simply edit > `whitelisted-appmenus.list` file in the VM directory with file.managed. > Then appmenus regeneration will be triggered at nearest template > upgrade, which will probably happen a moment later anyway (as dom0 is > configured before all the VMs). I have tried this and found it not to work. I have not been able to get the application to appear in the application menu in xfce, nor is it enabled when I view the VM's apps list in the qubes-manager. I can confirm the line is in the right place from the state and matches the .desktop file in /usr/share/applications which should be where it looks. I have not rebooted yet but I have done multiple full highstate reruns on all vms after applying this state. It wasn't until I booted up the template the appVM was based on and ran qvm-sync-appmenus that it started to appear. I am still trying to find a way to emulate this is a sane but simple way with salt. > Its "meminfo-writer" service (qvm.service). Brilliant. Poor assumption on my part that because there was a tickbox it wouldn't match one to one for a service but I guess the tickbox is just a redirect to the service for convenience from the memory tab. > BTW do you know a salt module for editing XML files - just like > file.line or so? It would be really useful for configuring some desktop > environment settings - almost all Xfce configuration is in XML files... The best would be augeas.change state which uses augeas which can make modifying structured data type files a one line thing. It would be perfect for this but has some dependencies (python-augeas) but I am not sure if templates would need that installed or just dom0. Thank you for your time, Taylor Lawson -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a609e539-da06-4c32-9ea9-ef7d7ecb2723%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
