What if I remove default-mgmt-dvm?

qubist · December 23, 2023, 3:59pm

Hi,

Is it possible to use Qubes OS without default-mgmt-dvm?
What will be the effects of that?
How to restore that special DVM from scratch (if necessary)?

DVM · December 23, 2023, 4:32pm

From what I understand, this management qube is used with qubectl (salt), specifically to update templates/standalone qubes without any interaction with dom0. I don’t think it will do anything wrong to the system if it is not present.
To recreate it, you can use this salt formula:

qubesctl --show-output state.sls qvm.default-mgmt-dvm

qubist · December 23, 2023, 4:59pm

To recreate it, you can use this salt formula:

Doesn’t that (using Salt) itself require default-mgmt-dvm to exist? I mean, is that not a Catch 22?

DVM · December 23, 2023, 5:20pm

This management qube is a middleman between dom0 and qubes as I understand it. If you start a formula where the target is dom0, like creating a new qube, then it won’t be used.

qubist · December 23, 2023, 5:31pm

Have you tried that?

DVM · December 23, 2023, 5:42pm

For example, if you run this in dom0:

sudo qubesctl --show-output state.sls qvm.work

It will create a new qube “work” without starting any new qube.

If you use the following formula from dom0:

sudo qubesctl --show-output --skip-dom0 --targets fedora-38-minimal state.sls update.qubes-vm

It will start a new DispVM based on the management qube named “disp-mgmt-fedora-38-minimal”. This qube will update the target and then stop when it’s finished.

qubist · December 23, 2023, 6:44pm

I have zero experience with Salt but I suppose you are right.

Looking at the file default-mgmt-dvm.sls, I just wonder how the actual template for it is selected. I suppose it uses the default one (no idea what would happen if it is set to “none” though).

gonzalo-bulnes · December 23, 2023, 9:49pm

qvm.present relies on qvm-create when the qube/domain doesn’t exist.

That tools accepts an optional --template argument. When not specified, it seems safe to assume the default template you chose is used.

qubist · December 24, 2023, 11:05am

Thanks for explaining.

Then I guess it is safe to delete that qube and recover it this way.

What about using Qubes OS without it at all? - OK, one can update templates manually. What else?

DVM · December 24, 2023, 1:24pm

On 4.1 this would have been a problem because the updater used salt to update all qubes, but since 4.2 it uses a different way. I don’t think there is any other use for this mgmt qube than to use it to apply formulas to qubes now.

unman · December 24, 2023, 1:37pm

You are free to do what you want.
You wont be able to use salt or any other mechanism mediating between
dom0 and qubes.
You will not be able to use the mgmt qube as you have removed it, and
you will have to work around this. If you want this pain for no gain
(that I can see) feel free.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

unman · December 24, 2023, 1:39pm

Yes. If you set the default template to none then this, and all other
attempts to create qubes without explicitly specifying a template, will
fail

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

qubist · December 24, 2023, 2:33pm

Thank you.