-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Oct 16, 2024 at 03:03:23PM +0000, Rusty Bird wrote: > Boryeu Mao: > > On Tue, Oct 15, 2024 at 3:59 AM Rusty Bird <rustyb...@net-c.com> wrote: > > > Boryeu Mao: > > > > For the template install command on Qubes release 4.2.3 > > > > > > > > sudo qubes-dom0-update qubes-template-fedora-40-minimal > > > > > > > > I received a message that > > > > > > > > fstrim: /var/tmp/tmpsd1ns61v/var/lib/qubes/vm-template: the discard > > > > operation is not supported > > > > > > Did you maybe mount a tmpfs at /var/tmp? > > > [...] no manual tmpfs mount. > > I assume you're seeing the same "not supported" message if you run: > > $ sudo fstrim /var/tmp/ > > The only thing I can think of is that you have custom partitioning, > and the storage layer immediately underneath the filesystem hosting > /var/tmp/ is dm-crypt (unusual for an LVM Thin installation), and > dm-crypt has been mapped with discard disabled. > > Your storage tree (showing discard support) can be printed with: > > $ lsblk --output +DISC-MAX > > > > https://github.com/QubesOS/qubes-core-admin-client/commit/4a9b57f91fdf3a2b35a5cf707970d05bf9cadba7 > > > In the qvm_template_postprocess.py (which the above link points to), fstrim > > is called only if the root user does the template install. > > To me this looks like something that was missed in the move to > qvm-template: > > Previously, qubes-dom0-update (which had to be run as root) would > install templates as normal RPM packages. I guess the logic to skip > fstrim for non-root users might have been put there to ease testing > the qvm-template-postprocess tool? CCing Marek
Maybe? You do need root for calling fstrim. And not calling it isn't really huge deal, as you explain below. And it failing shouldn't interrupt install anyway (subprocess.call, not subprocess.check_call). But the error message indeed may be confusing. Theoretically, sudo could be used for this call and that would be fine in dom0, but possibly less so in a qube (yes, you can install templates via Admin API from a qube), especially is passwordless-root package is not installed... > Then qvm-template was created (which like other qvm- tools usually > runs as a regular user) and now fstrim is skipped unless someone > happens to invoke qvm-template as root. Skipping seems like a bug, but > on R4.2 systems it's mitigated by the installer adding the 'discard' > mount option for the dom0 root filesystem, making fstrim redundant. > Except for people who installed via qubes-dist-upgrade or removed the > mount option. For those, there's still the systemd fstrim.timer that > should release the space to LVM, hopefully soon enough (weekly). > > Finally, you've used qubes-dom0-update, which nowadays calls > qvm-template for template related stuff. For this, qubes-dom0-update > can actually be run as non-root, but you ran it with sudo, so fstrim > was *not* skipped. (Which then failed on on your system.) > > > Thank you very much for helping. > > Happy to. It's interesting :) > > Rusty > > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmcP3XgACgkQ24/THMrX 1yx0oAf8CmXQL/mm/vsPN57Xi8ySBEYFlu83001Nb+A0h/kMj049C7zjHD2NfHED 8m6X4Pe6klhcxobcfNBEH9bixRYiuFr4OugFm8CCuuxr/un5q2z7ms90ocUNPPc7 +mF6saxkQ/3u8mPDS9950waw+tqd7HiYIh2PNm0V7J3miZKJeEH4ctyP7eowhl5t RxcaxINAL/Vq8kDj+EqJefxmSOYukdaPUNoh0KTh2/hJPTFZbv37zIbUBcBiJ4p7 /qlFP23/oz9fa0LcFl01qrmVxlAASq1tWsa1vcSgaZlwPw8MG8+1zL/XohR5nqis /HSUFF870coKPhJrMV4iDm6tgqiK8g== =cj8g -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Zw_deGpJqqBoXRtM%40mail-itl.
