Create salt-troubleshooting.md #1428
Conversation
Focus on the debugging inside the ephemeral disposable management vm.
|
Don't mind to rephrase my words, I am not english native. |
See QubesOS/qubes-doc#1428 for page creation
There was a problem hiding this comment.
Hello, thanks for your contribution.
I didn't try your method of debugging, why is it useful? Can you document about its intended use case, why it is better than logging for example?
I think this document is missing the logging of -l debug for example, which is documented in the Salt troubleshooting guide.
Your item's description format are inconsistent, see these two lines:
- Call from
dom0,qubesctlwith requested command likequbesctl --show-output --targets minion-vm --skip-dom0 state.apply,- Get the console on the disposable management vm with
qvm-console-dispvm disp-mgmt-minion-vmon the dom0
Contributor
- action verb, location/qube, command.
- action verbs, command, location/qube
This happens on other occasions throughout the text, please maintain consistency. I personally prefer the location/qube being the first as it is clear from the beginning where the command should be run.
1. From dom0, call qubesctl with requested command like qubesctl --show-output --targets minion-vm --skip-dom0 state.apply
3. From dom0, get the console on the disposable management vm with qvm-console-dispvm disp-mgmt-minion-vm.
| title: Salt troubleshooting | ||
| --- | ||
|
|
||
| For ease of Qubes Os managament and reproductible deployment, [Salt](/doc/salt/) allows to control states on `dom0` and other vms from the `dom0`. |
There was a problem hiding this comment.
s/Os/OS/
s/vms/qubes/
allows to control states on
dom0and other vms from thedom0.
allows applying a state to all qubes, including dom0.
| Behind the scenes | ||
| ----------------- | ||
|
|
||
| Except for `dom0` where the host is controlled locally. |
There was a problem hiding this comment.
This should be stated after the next paragraph to give some context of what is being excepted.
| ----------------- | ||
|
|
||
| Except for `dom0` where the host is controlled locally. | ||
| Each vm (named `minion-vm` for instance) is controlled by a disposable master vm based on `disposable-mgmt-vm`, named `disp-mgmt-minion-vm` and created only for the duration of `qubesctl` execution. |
There was a problem hiding this comment.
s/vm/qube/
controlled by a disposable master vm
There is no master, see the Qubes Salt documentation.
based on
disposable-mgmt-vm
There is no such qube, please don't mention.
created only for the duration of
qubesctlexecution.
created only for the duration of the Salt execution.
I believe this is better than specifying the tool name, focusing on the method being used, Salt.
| Except for `dom0` where the host is controlled locally. | ||
| Each vm (named `minion-vm` for instance) is controlled by a disposable master vm based on `disposable-mgmt-vm`, named `disp-mgmt-minion-vm` and created only for the duration of `qubesctl` execution. | ||
|
|
||
| The required files are copied from `dom0` to `disp-mgmt-minion-vm` via `qubes.Filecopy`, then `qubes.SaltLinuxVM` and expect two lines on stdin : |
There was a problem hiding this comment.
Remove space after stdin. Also please use the non-abbreviated version standard output, although it is pretty well know that the two related.
| salt-command | ||
| ``` | ||
|
|
||
| Usually `salt-command` is `state.apply` with the provided arguments like `test=True`. |
There was a problem hiding this comment.
The is no salt-command, it is not an executable or an argument to salt-call. What you meant is the Salt execution module is state.apply.
| Second, a debugable disposable management vm is setup. To do so, it is suggested to: | ||
| 1. Call from `dom0`, `qubesctl` with requested command like `qubesctl --show-output --targets minion-vm --skip-dom0 state.apply`, | ||
| 2. Freeze the previous command with `Ctrl+Z` as soon as you see `minion-vm is starting`. | ||
| 3. Copy the retrieved content from `side-vm` to the disposable management vm `disp-mgmt-minion-vm` (with `qvm-copy`) |
| 1. Call from `dom0`, `qubesctl` with requested command like `qubesctl --show-output --targets minion-vm --skip-dom0 state.apply`, | ||
| 2. Freeze the previous command with `Ctrl+Z` as soon as you see `minion-vm is starting`. | ||
| 3. Copy the retrieved content from `side-vm` to the disposable management vm `disp-mgmt-minion-vm` (with `qvm-copy`) | ||
| 4. Get the console on the disposable management vm with `qvm-console-dispvm disp-mgmt-minion-vm` on the dom0 |
| 5. Type `root` to log as root on the console. All following commands are done inside the console. | ||
| 6. Move the copied content to emulate a content coming from `dom0`: `cd /home/user/QubesIncoming; mv * dom0`. `dom0` directory should contain a directory `srv`. | ||
| 7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
| 8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. |
There was a problem hiding this comment.
the salt command
the salt module
| 6. Move the copied content to emulate a content coming from `dom0`: `cd /home/user/QubesIncoming; mv * dom0`. `dom0` directory should contain a directory `srv`. | ||
| 7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
| 8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. | ||
| 9. A first execution is launched |
| 7. Emulate a call to `qubes.SaltLinuxVM` with `bash /etc/qubes-rpc/qubes.SaltLinuxVM` | ||
| 8. Emulate stdin. Type the destination vm on the first line (`minion-vm`), the salt command on the second line (`state.apply` for instance) then `Ctrl+D`. | ||
| 9. A first execution is launched | ||
| 10. Get wrappers in the `PATH` with `export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH" (the line is available in `/etc/qubes-rpc/qubes.SaltLinuxVM` |
There was a problem hiding this comment.
Missing the ending apostrpohe
`export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH"
export PATH="/usr/lib/qubes-vm/connector/ssh-wrapper:$PATH"
Proposal to detail more about the debugging inside the ephemeral disposable management vm.
Because, it was painful to get it.