On Mon, 2018-02-12 at 17:04 +0100, Johannes Graumann wrote: > On Wed, 2018-02-07 at 15:27 +0100, Johannes Graumann wrote: > > Gentlepeople, > > > > For a while I have been managing a qubes setup using a dedicated > > management VM and ansible via https://github.com/Rudd-O/ansible-qub > > es > > . > > As auditing that code is beyond me and as salt is integral to > > qubes, > > I > > was wondering whether that layout is currently possible using the > > salt > > management stack, in other words: can the management stack > > (currently) > > be used with a vm as the master to the entire system including > > dom0? > > > > Sincerely, Joh > > > > I understand this may be IT-people-level stuff ..., but can anyone > hint > at whether this is already possible and or where to look? > > Joh >
Here https://www.qubes-os.org/news/2015/12/14/mgmt-stack/, Marek Marczykowski-Górecki sais (referring to the core rewrite back then ongoing for 4.)): + Then, based on this functionality, we will be able to create a + Management VM, which will allow secure, centralized management of + Qubes OS installations in an organization or company. But to do it + securely, we need to first finish some major rework of Qubes core + management code (“core3”), which is planned for Qubes 4.0. Then it + will be possible to implement Management VM in a way so that it will + have no access to user data, only ability to manage configuration of + (selected) VMs. This is exactly what I want - plus limited tor/net connectivity to track/backup my salt infrastructure in a gpg-encrypted git repo ... Are we there yet? Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1518641808.1064.495.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
