Ansible installation - noob question

QubesAnsibleNoobs · July 16, 2025, 5:30pm

Brand new Qubes R4.2 Installation.
Following https://github.com/QubesOS/qubes-ansible to try to install Ansible.

Step 1 of the procedure:

Ensure that the template used for mgmtvm has the qubes-core-admin-client and qubes-ansible packages installed.

I have:

cloned fedora-41-xfce → fedora-41-mgmt
successfully updated fedora-41-mgmt:
```
sudo dnf update
```
successfully installed qubes-core-admin-client in fedora-41-mgmt:
```
sudo dnf install qubes-core-admin-client
```
failed to install qubes-ansible in fedora-41-mgmt:
```
sudo dnf install qubes-ansible
```
Error message contains:

No match for argument: qubes-ansible

I feel I’m missing something obvious.
Help welcome!

KitsuneNoBaka · July 16, 2025, 5:54pm

There is source code for qubes-ansible package that you need to build yourself.
Or install from COPR

QubesAnsibleNoobs · July 16, 2025, 6:27pm

I thought your reference (dated 6th April) was the very first announcement of a testing phase.
Fepitre wrote later (28th April) in the same post:

Do you mean: that

I should not follow the official procedure under https://github.com/QubesOS/qubes-ansible and that
I should instead follow the procedure of the announcement that Fepitre qualified as “for testing”?

KitsuneNoBaka · July 17, 2025, 4:20am

Did dnf found compiled package of qubes-ansible?

Autor moved github repository from personal github to qubesos github. But it sesms that it wasn’t compiled and packaged.
Ask autor about it, not me.

fepitre · July 17, 2025, 8:14am

We have some version in unstable repo for dom0. This is absolutely not a secure version to be used in untrusted environment. The reason is that, similar to Salt, we need to isolate each connection from dom0/mgmtvm to a qube with a disposable qube in between. A compromised qube could attempt to execute code into Ansible facts rendering. See Isolate dom0 from untrusted ansible data · Issue #10030 · QubesOS/qubes-issues · GitHub. It is in unstable for anyone wanting to test or use Ansible at its own awareness of security risks it implies. It is also used in CI for helping the development process.

QubesAnsibleNoobs · July 24, 2025, 7:41pm

In dom0:

sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-ansible

gives:

…
Failed to resolve the transaction
No match for argument: qubes-ansible
…

Would it be possible to have:

a list of commands
the qubes where they each of them should be typed (dom0 / fedora-41-mgmt template / mgmtvm Qube / Other?)

Thanks!

fepitre · July 25, 2025, 8:09am

This is only for 4.3 (development).