-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Jan 22, 2017 at 12:52:08AM +0100, john.david.r.smith wrote: > > > > > i am currently looking whether i can do the same in a top file (but i > > > > > doubt > > > > > it, since there is no templating in top files) > > > > > > > > And the last sentence is exactly the reason why it's tricky to have it > > > > in one place. > > well it seems we were totally wrong. > you can put jinja code in your top file.
Ah, I totally forgot that. In fact we use that, for generating top file based on qubesctl top.enable/top.disable (which just create symlinks in _tops directory). > i already wrote some python module to be able to manage everything from my > top file. > after i tested it some more, i will post it here. > (if i ever manage to fix all my salt issues i will probably extend the salt > section in the documentation, put that module there and document everything i > learned about salt and jinja templates.) That would be awesome! :) > > > > 8) > > > > > is there some way to execute some dom0 scripts after configuration of > > > > > domu? > > > > > (e.g. trim-template) > > > > > > > > Currently no. > > > > > > do you plan to add something like this? > > > > We don't have such plans, but will accept a patch for this ;) > > > > how are the minions run? > via a salt statement in dom0? > if not it should be possible to do this (just run the current script via > cmd.run). > if a state dispatches all minions we could use requires to order states after > domu salt configuration. qubesctl tool itself is responsible for calling each minion one by one (or actually - at most 4 of them simultaneously). Here: https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubessalt/__init__.py and here: https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubesctl#L71-L81 > > The actual error is in the middle of this stack trace: > > > > log.error('ERROR: Failure deploying thin, retrying: > > > > (there is unrelated salt bug in logging code here...) > > > > And some more helpful message will be also in journalctl of target VM > > (tmp-base-f24). This is where I've found missing file and sudo. > > ok, i tried around some more. > it seems i was missing tinyproxy as well. Did you really need tinyproxy in the target template? It should be needed only in your netvm... Or are you saying that tinyproxy was missing in your netvm? > now it still does not work... > the journalctl contains no really useful information (at least noting i can > understand as something useful > > the only thing looking like some kind of error was (the test template is a > clone of minimal and is called a): > > Jan 22 00:25:20 a qubes.VMShell-disp-mgmt-a[1192]: WARNING: Unable to locate > current thin version: /var/tmp/.root_62a99a_salt/version. > Jan 22 00:25:22 a qubes.VMShell-disp-mgmt-a[1324]: WARNING: Unable to locate > current thin version: /var/tmp/.root_62a99a_salt/version. > the folder '/var/tmp/.root_62a99a_salt' does exist, but it is empty Have you cleaned QubesIncoming directory after failed attempt? This suggests you have not: > Jan 22 00:25:21 a qrexec-agent[465]: executed root:QUBESRPC > qubes.Filecopy disp-mgmt-a pid 1254 (...) > Jan 22 00:25:21 a qrexec-agent[465]: pid 1254 exited with 17 17 is EEXIST (File exists). Looking at all the troubles this caused, we should fix it somehow - either automatically remove before uploading the file (as in case of failure, it isn't removed after that attempt), or upload a file with a unique name. The later will be safer (do not remove any file without explicit user consent). > the journalctl log is attached. (maybe someone with more knowledge can make > sense of it) > > does the salt-ssh command run some script on the minion i can execute > manually line for line so i can (maybe) find the source of the error? (i > could try to manually execute all this python code, but this would be very > cumbersome and hard to understand) Yes, it run some script on the minion, but it isn't very helpful. It's a bash script calling basically one line: python -c 'eval(base64.b64decode(BASE64_ENCODED_SCRIPT))' And the BASE64_ENCODED_SCRIPT is /usr/lib/python2.7/site-packages/salt/client/ssh/ssh_py_shim.py, with some options (including salt-call cmdline) injected - encoded with base64. > how much of this execution differs from the default salt? (if nothing really > differs i will ask on the salt ml) After unpacking salt minion into /var/tmp/.root_62a99a_salt, it calls salt-call there. But in your case it fails before this happens. > @Marek: > were you able to configure a fresh fedora-24-minimal template at the end of > your debugging? Yes, at least pkg.install worked. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYg/pzAAoJENuP0xzK19csKy4H+wTUyny5rZ7rMlA+oS6oy651 rbMBfvsTLMwML268LqD/oQCm7MxjLzrS57OtLItjke2jbgdXsea3hr94Z1A325ZP H+r9KQDT6EIA4Ur8eX2GaI2xmeBMP9CFo7rLRaROwMUZPMvrSiAD5WM1hwBrg0X1 qxBT5GioG0HvtLOLbBJT8TyGHNFJQtIj1/04tiYzPl6KBnJGsplqH6riup8MXsX7 eu4wfOTvKymmdmx0QkwlBB//rNBkMeSnRFrXCPDtNjLHUSIBTObTlS/GIUxtSCjU J6mAoCeja8eK/7cpfydNM547qEhfcUR82vb61Zh4B3Nb2wjjdNLeXrMdjzkFLN8= =9i7Y -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170122001858.GY1341%40mail-itl. For more options, visit https://groups.google.com/d/optout.
