/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Salt - Qubes R4 RC1 - fails to set sys-whonix's NetVM to default (sys-firewall) #3189

Closed
adrelanos opened this Issue Oct 19, 2017 · 13 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
4 participants
@adrelanos @marmarek @qubesos-bot @andrewdavidwong
@adrelanos
Member

adrelanos commented Oct 19, 2017

Salt - Qubes R4 RC1 - fails to set sys-whonix's NetVM to default (sys-firewall)

Qubes OS version:

Qubes R4 with all Qubes testing repositories

Affected TemplateVMs:

Dom0

Steps to reproduce the behavior:

Install Qubes R4 with all Qubes testing repositories.

Enable Qubes community templates repository in /etc/yum.repos.d/qubes-templates.repo.

sudo qubes-dom0-update qubes-template-whonix-gw qubes-template-whonix-ws

(Did last command because of #3188.)

sudo qubesctl state.sls qvm.sys-whonix

Expected behavior:

sys-whonix's NetVM set to default (sys-firewall).

Actual behavior:

sys-whonix's NetVM set to none.

General notes:

While running sudo qubesctl state.sls qvm.sys-whonix it is showing

===== [prefs] =====
[Skipped] netvm: sys-firewall

Related issues:

#2157
#2954

@adrelanos adrelanos referenced this issue Oct 19, 2017

Closed

default_fw_netvm - wrong default value (set to None) (should be set to sys-net) (was: qubes-vm-settings settings bug - failed to change NetVM of sys-whonix) #3190

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 19, 2017

Member

Does it also happen when you remove sys-whonix and create it from scratch using salt?
Member

marmarek commented Oct 19, 2017

Does it also happen when you remove sys-whonix and create it from scratch using salt?
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member

It was created from scratch using salt as far as I understand.
Member

adrelanos commented Oct 19, 2017

It was created from scratch using salt as far as I understand.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 19, 2017

Member

But #3188 should not apply if you have template already installed.
Member

marmarek commented Oct 19, 2017

But #3188 should not apply if you have template already installed.
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member

Is this a duplicate / follow-up issue of #3190?
Member

adrelanos commented Oct 19, 2017

Is this a duplicate / follow-up issue of #3190?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 19, 2017

Member

While running sudo qubesctl state.sls qvm.sys-whonix it is showing

===== [prefs] =====
[Skipped] netvm: sys-firewall

I assume it was [SKIP] netvm: sys-firewall. That means netvm was already set to sys-firewall (the default value). But later changing provides_network to True made it changed to None as in #3190.

Is this a duplicate / follow-up issue of #3190?

Depends on what we want here. If sys-whonix following default_fw_netvm is ok, then it's dupplicate of #3190. If should be set statically to sys-firewall, regardless of default_*, then it's independent bug.
Member

marmarek commented Oct 19, 2017

While running sudo qubesctl state.sls qvm.sys-whonix it is showing

===== [prefs] =====
[Skipped] netvm: sys-firewall

I assume it was [SKIP] netvm: sys-firewall. That means netvm was already set to sys-firewall (the default value). But later changing provides_network to True made it changed to None as in #3190.

Is this a duplicate / follow-up issue of #3190?

Depends on what we want here. If sys-whonix following default_fw_netvm is ok, then it's dupplicate of #3190. If should be set statically to sys-firewall, regardless of default_*, then it's independent bug.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 19, 2017

Member

BTW default_fw_netvm should be set to sys-net, not sys-firewall. It is a default netvm for "ProxyVMs", which include sys-firewall.
Member

marmarek commented Oct 19, 2017

BTW default_fw_netvm should be set to sys-net, not sys-firewall. It is a default netvm for "ProxyVMs", which include sys-firewall.
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member
Member

adrelanos commented Oct 19, 2017

@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member

To provide the requested debug output...

qvm-kill sys-whonix
qvm-remove sys-whonix
sudo qubesctl state.sls qvm.sys-whonix

(If that is what you wanted me to test...?)

Currently cannot test this. Blocked by qvm-remove sys-whonix broken for me as per #3193.
Member

adrelanos commented Oct 19, 2017

To provide the requested debug output...

qvm-kill sys-whonix
qvm-remove sys-whonix
sudo qubesctl state.sls qvm.sys-whonix

(If that is what you wanted me to test...?)

Currently cannot test this. Blocked by qvm-remove sys-whonix broken for me as per #3193.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 19, 2017

Member

Let's keep sys-whonix default NetVM set to sys-firewall. This is what we decided for R3.2. (Reasoning was iirr: let's see what awesome features sys-firewall might get in future.)

I'm not sure what sys-firewall could do with tor traffic, but lets not change this last minute.
Member

marmarek commented Oct 19, 2017

Let's keep sys-whonix default NetVM set to sys-firewall. This is what we decided for R3.2. (Reasoning was iirr: let's see what awesome features sys-firewall might get in future.)

I'm not sure what sys-firewall could do with tor traffic, but lets not change this last minute.
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member
Member

adrelanos commented Oct 19, 2017

@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 19, 2017

Member

To provide the debug output...

qvm-remove sys-whonix
sudo qubesctl state.sls qvm.sys-whonix

Same is happening.

===== [prefs] =====
[Skipped] netvm: sys-firewall
Member

adrelanos commented Oct 19, 2017

To provide the debug output...

qvm-remove sys-whonix
sudo qubesctl state.sls qvm.sys-whonix

Same is happening.

===== [prefs] =====
[Skipped] netvm: sys-firewall

@andrewdavidwong andrewdavidwong added bug C: mgmt labels Oct 19, 2017

@andrewdavidwong andrewdavidwong added this to the Release 4.0 milestone Oct 19, 2017

@andrewdavidwong andrewdavidwong added the C: Whonix label Oct 19, 2017

@marmarek marmarek closed this in marmarek/qubes-mgmt-salt-dom0-qvm@6a948c8 Oct 20, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 20, 2017

Automated announcement from builder-github

The package qubes-mgmt-salt-dom0-qvm-4.0.5-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Oct 20, 2017

Automated announcement from builder-github

The package qubes-mgmt-salt-dom0-qvm-4.0.5-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Oct 20, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Oct 20, 2017

Closed

mgmt-salt-dom0-qvm v4.0.5 (r4.0) #278

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 30, 2017

Automated announcement from builder-github

The package qubes-mgmt-salt-dom0-qvm-4.0.5-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

qubesos-bot commented Oct 30, 2017

Automated announcement from builder-github

The package qubes-mgmt-salt-dom0-qvm-4.0.5-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@qubesos-bot qubesos-bot added r4.0-dom0-stable and removed r4.0-dom0-cur-test labels Oct 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment