Instead of cloning the templates and then using salt, why not just reuse the existing anon-whonix and sys-whonix, by changing their templateVM?
So the full procedure is like this:
- Download new templates whonix-ws-14 and whonix-gw-14:
sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable qubes-template-whonix-{ws,gw}-14
(note this won’t overwrite the existing whonix-ws and whonix-gw). - shutdown anon-whonix and change its template from whonix-ws to whonix-ws-14.
- shutdown sys-whonix and change its template from whonix-gw to whonix-gw-14.
To get tor to connect, I also had to fix permissions in sys-whonix’s /var/lib/tor: chown -R debian-tor:debian-tor /var/lib/tor
A procedure similar to the above gives me a working set of whonix-14 based VMs, and leaves my existing whonix-13 templates available in case I need to revert or do regression testing.