In order to utilize the Qubes Management features (qubes-mgmt) two packages first need to be installed in either Dom0 and/or the AppVM. Install salt version 2015.5.0 or greater, then for dom0 qubes-salt-mgmt-dom0 or qubes-mgmt-salt-vm for an AppVM, or have them built into the template by including the +salt template flavor when building.
qubesctl is inter-changeable and an alias for salt-call --local and contains additional code to apply any required patches.
- Initial Setup: sync any modules, etc
qubesctl saltutil.sync_all
- Highstate will execute all states
qubesctl state.highstate
Highstate test mode only. Note note all states seem to conform to test mode and may apply state anyway. Needs more testing to confirm or not!
qubesctl state.highstate test=True
All the qubes based configuration files are located in /srv/* directories. The salt minion configuration files are located in `/etc/salt'.
/srv/salt/_tops/** contain all the states that will execute when running a highstate.
qubesctl saltutil.sync_all:
Sync all modules. If a problem exists, one may remove the salt cache directory (rm -r /var/cache/salt) and re-sync the modules
qubesctl top.enable <topname> [saltevn=(base)]:
- Enable / disable states to run with highstate. Example:
- qubesctl top.enable privacy saltenv=all qubesctl top.disable vim.salt saltenv=all qubesctl top.disable gnupg (no need to enter saltenv for base modules) qubesctl top.disable gnupg pillar=true (disable pillar)
qubesctl top.enabled:
List enabled state files (located within /srv/salt/_tops** and /srv/pillar/_tops**). top.disabled to list disabled, not activated states
qubesctl state.sls config:
Re-run configuration (updates /etc/salt/minion.d/f_defaults.conf)
qubesctl state.sls policy-qubesbuilder qubesctl state.sls policy-qubesbuilder.absent