New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce dom0 salt state as part of preflight updates #427
Comments
See previous discussion in #412 (comment). Specifically, it's |
Noting for the implementer that the order of operations is important: we should apply the dom0 configuration before rebooting the AppVMs, to ensure changes to the templates are applied, in the event a reboot is not required. In #432 , we introduced a securedrop-admin command. We should call it with |
Some urgent security updates on deployed workstations (e.g., RPC policy changes) may need to be applied via provisioning logic that is managed via Salt. As an interim solution, we've agreed that it makes sense to enforce the dom0 salt state as part of the preflight updater merged in #396. This will add some time to the preflight update process; as before/after comparison, it would be good to stopwatch this added time as part of the review process.
The text was updated successfully, but these errors were encountered: