-
-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create salt-troubleshooting.md #1428
base: main
Are you sure you want to change the base?
Conversation
Focus on the debugging inside the ephemeral disposable management vm.
Don't mind to rephrase my words, I am not english native. |
See QubesOS/qubes-doc#1428 for page creation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, thanks for your contribution.
I didn't try your method of debugging, why is it useful? Can you document about its intended use case, why it is better than logging for example?
I think this document is missing the logging of -l debug
for example, which is documented in the Salt troubleshooting guide.
Your item's description format are inconsistent, see these two lines:
- Call from
dom0
,qubesctl
with requested command likequbesctl --show-output --targets minion-vm --skip-dom0 state.apply
,- Get the console on the disposable management vm with
qvm-console-dispvm disp-mgmt-minion-vm
on the dom0
Contributor
- action verb, location/qube, command.
- action verbs, command, location/qube
This happens on other occasions throughout the text, please maintain consistency. I personally prefer the location/qube being the first as it is clear from the beginning where the command should be run.
1. From dom0
, call qubesctl
with requested command like qubesctl --show-output --targets minion-vm --skip-dom0 state.apply
3. From dom0
, get the console on the disposable management vm with qvm-console-dispvm disp-mgmt-minion-vm
.
title: Salt troubleshooting | ||
--- | ||
|
||
For ease of Qubes Os managament and reproductible deployment, [Salt](/doc/salt/) allows to control states on `dom0` and other vms from the `dom0`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Os/OS/
s/vms/qubes/
allows to control states on
dom0
and other vms from thedom0
.
allows applying a state to all qubes, including dom0
.
Behind the scenes | ||
----------------- | ||
|
||
Except for `dom0` where the host is controlled locally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be stated after the next paragraph to give some context of what is being excepted.
----------------- | ||
|
||
Except for `dom0` where the host is controlled locally. | ||
Each vm (named `minion-vm` for instance) is controlled by a disposable master vm based on `disposable-mgmt-vm`, named `disp-mgmt-minion-vm` and created only for the duration of `qubesctl` execution. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/vm/qube/
controlled by a disposable master vm
There is no master
, see the Qubes Salt documentation.
based on
disposable-mgmt-vm
There is no such qube, please don't mention.
created only for the duration of
qubesctl
execution.
created only for the duration of the Salt execution.
I believe this is better than specifying the tool name, focusing on the method being used, Salt.
Except for `dom0` where the host is controlled locally. | ||
Each vm (named `minion-vm` for instance) is controlled by a disposable master vm based on `disposable-mgmt-vm`, named `disp-mgmt-minion-vm` and created only for the duration of `qubesctl` execution. | ||
|
||
The required files are copied from `dom0` to `disp-mgmt-minion-vm` via `qubes.Filecopy`, then `qubes.SaltLinuxVM` and expect two lines on stdin : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove space after stdin. Also please use the non-abbreviated version standard output, although it is pretty well know that the two related.
salt-command | ||
``` | ||
|
||
Usually `salt-command` is `state.apply` with the provided arguments like `test=True`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The is no salt-command
, it is not an executable or an argument to salt-call. What you meant is the Salt execution module is state.apply
.
Second, a debugable disposable management vm is setup. To do so, it is suggested to: | ||
1. Call from `dom0`, `qubesctl` with requested command like `qubesctl --show-output --targets minion-vm --skip-dom0 state.apply`, | ||
2. Freeze the previous command with `Ctrl+Z` as soon as you see `minion-vm is starting`. | ||
3. Copy the retrieved content from `side-vm` to the disposable management vm `disp-mgmt-minion-vm` (with `qvm-copy`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/vm/qube/
1. Call from `dom0`, `qubesctl` with requested command like `qubesctl --show-output --targets minion-vm --skip-dom0 state.apply`, | ||
2. Freeze the previous command with `Ctrl+Z` as soon as you see `minion-vm is starting`. | ||
3. Copy the retrieved content from `side-vm` to the disposable management vm `disp-mgmt-minion-vm` (with `qvm-copy`) | ||
4. Get the console on the disposable management vm with `qvm-console-dispvm disp-mgmt-minion-vm` on the dom0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/vm/qube/
5. Type `root` to log as root on the console. All following commands are done inside the console. | ||
6. Move the copied content to emulate a content coming from `dom0`: `cd /home/user/QubesIncoming; mv * dom0`. `dom0` directory should contain a directory `srv`. | ||
7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the salt command
the salt module
6. Move the copied content to emulate a content coming from `dom0`: `cd /home/user/QubesIncoming; mv * dom0`. `dom0` directory should contain a directory `srv`. | ||
7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. | ||
9. A first execution is launched |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/A first/The first/
7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. | ||
9. A first execution is launched | ||
10. Get wrappers in the `PATH` with `export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH" (the line is available in `/etc/qubes-rpc/qubes.SaltLinuxVM` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing the ending apostrpohe
`export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH"
export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH"
Proposal to detail more about the debugging inside the ephemeral disposable management vm.
Because, it was painful to get it.