/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't require scp installed in the VM to be manageable through salt #2059

Closed
marmarek opened this Issue Jun 10, 2016 · 15 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2
2 participants
@marmarek @woju
@marmarek
Member

marmarek commented Jun 10, 2016

Currently when managing VM through qubesctl (so, wrapped salt-ssh), it checks for scp binary presence in the target VM. In our case it doesn't make sense, since our wrapper uses qubes.Filecopy qrexec service instead - so scp isn't required at all.

This check is hardcoded in salt thin minion wrapper, so probably not easy to disable. But maybe it is possible to somehow simulate scp binary presence, for example by adding additional directory to PATH with a dummy scp file.

Related code files:
https://github.com/QubesOS/qubes-mgmt-salt/blob/master/qubes.SaltLinuxVM
https://github.com/QubesOS/qubes-mgmt-salt/blob/master/ssh-wrapper

@marmarek marmarek added enhancement P: minor C: mgmt labels Jun 10, 2016

@marmarek marmarek added this to the Release 3.2 milestone Jun 10, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 18, 2016

Member

Related check in salt shim is here:
https://github.com/saltstack/salt/blob/develop/salt/client/ssh/ssh_py_shim.py#L142-L144
Member

marmarek commented Jun 18, 2016

Related check in salt shim is here:
https://github.com/saltstack/salt/blob/develop/salt/client/ssh/ssh_py_shim.py#L142-L144

marmarek added a commit to marmarek/qubes-mgmt-salt that referenced this issue Jun 18, 2016

@marmarek
vm-connector: run salt shim in environment with dummy scp 
Salt shim checks if scp binary is present, because normally it's used
for deploying salt minion. In Qubes we simulate scp with qvm-copy-to-vm,
so it isn't needed. To not require additional package installed (for
example in minimal template), launch salt shim in environment with dummy
scp present.

Fixes QubesOS/qubes-issues#2059
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
35328a5
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 18, 2016

Member

@woju take a look at linked patch here. Do you think the hack is too ugly (and instead require scp being installed in every template, even minimal), or is it acceptable?
Member

marmarek commented Jun 18, 2016

@woju take a look at linked patch here. Do you think the hack is too ugly (and instead require scp being installed in every template, even minimal), or is it acceptable?
@woju

This comment has been minimized.

Show comment
Hide comment
@woju

woju Jun 20, 2016

Member

Another alternative would be to prepare proper package with this dummy binary. If you think it would be worth it (and to include it conditionally in the template builder), I would go this way. But if not, I would definitely use this hack as the only another option is to require all the template developers to include scp binary for no apparent reason.

And:

  • put some explanation in comment (copy-paste this issue?)
  • put quotes around $PATH.
Member

woju commented Jun 20, 2016

Another alternative would be to prepare proper package with this dummy binary. If you think it would be worth it (and to include it conditionally in the template builder), I would go this way. But if not, I would definitely use this hack as the only another option is to require all the template developers to include scp binary for no apparent reason.

And:

  • put some explanation in comment (copy-paste this issue?)
  • put quotes around $PATH.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 20, 2016

Member

(and to include it conditionally in the template builder)

How to do that?

And generally I'd like to modify target template as little as possible. Currently (besides this issue), it is enough to have just qrexec + qubes.VMShell service there. Thanks to salt-ssh nothing else is needed to manage any template.
Member

marmarek commented Jun 20, 2016

(and to include it conditionally in the template builder)

How to do that?

And generally I'd like to modify target template as little as possible. Currently (besides this issue), it is enough to have just qrexec + qubes.VMShell service there. Thanks to salt-ssh nothing else is needed to manage any template.
@woju

This comment has been minimized.

Show comment
Hide comment
@woju

woju Jun 20, 2016

Member

(and to include it conditionally in the template builder)

How to do that?

I dunno, you know how templates are built.

Anyway, if you don't want to modify templates, that's fine. Just comment that hack and be done.

Maybe let know the salt people we had to hack around their tool, but since we are repurposing it in some creative ways, I don't think they'll care.
Member

woju commented Jun 20, 2016
edited
Edited 1 time
  • @woju woju edited Jun 20, 2016 (most recent)

(and to include it conditionally in the template builder)

How to do that?

I dunno, you know how templates are built.

Anyway, if you don't want to modify templates, that's fine. Just comment that hack and be done.

Maybe let know the salt people we had to hack around their tool, but since we are repurposing it in some creative ways, I don't think they'll care.

@marmarek marmarek closed this in marmarek/qubes-mgmt-salt@9261658 Jul 1, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added the r3.2-jessie-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added the r3.2-stretch-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb7u1 has been pushed to the r3.2 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.2-1+deb7u1 has been pushed to the r3.2 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added the r3.2-wheezy-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@marmarek marmarek added the r3.2-fc23-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@marmarek marmarek added the r3.2-fc24-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 3, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc23 has been pushed to the r3.2 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update
Member

marmarek commented Jul 3, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.2-1.fc23 has been pushed to the r3.2 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@marmarek marmarek added the r3.2-dom0-cur-test label Jul 3, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 28, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update
Member

marmarek commented Jul 28, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek marmarek added r3.2-fc23-stable and removed r3.2-fc23-cur-test labels Jul 28, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 28, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update
Member

marmarek commented Jul 28, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek marmarek added r3.2-fc24-stable and removed r3.2-fc24-cur-test labels Jul 28, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 28, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc23 has been pushed to the r3.2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update
Member

marmarek commented Jul 28, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt-3.2.3-1.fc23 has been pushed to the r3.2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@marmarek marmarek added r3.2-dom0-stable and removed r3.2-dom0-cur-test labels Jul 28, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 31, 2016

Member

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.4-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update
Member

marmarek commented Aug 31, 2016

Automated announcement from builder-github

The package qubes-mgmt-salt_3.2.4-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@marmarek marmarek added r3.2-jessie-stable and removed r3.2-jessie-cur-test labels Aug 31, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment