Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qubes-staging molecule scenario fails at create step #3936

Open
emkll opened this issue Nov 20, 2018 · 3 comments

Comments

Projects
None yet
4 participants
@emkll
Copy link
Contributor

commented Nov 20, 2018

Description

qubes-staging molecule action fails to create (clone sd-$ROLE-base) in the adminvm:

"stderr": "app: Failed to clone appmenus, qvm-appmenus missing\nqvm-clone: error: Failed to clone appmenus", "stderr_lines": ["app: Failed to clone appmenus, qvm-appmenus missing", "qvm-clone: error: Failed to clone appmenus"], "stdout": "", "stdout_lines": []}

manually running qvm-clone results in the same error (and the VMs are not cloned):

app: Failed to clone appmenus, qvm-appmenus missing
qvm-clone: error: Failed to clone appmenus

Steps to Reproduce

  1. Install staging environment in qubes (using https://docs.securedrop.org/en/release-0.10.0/development/qubes_staging.html)
  2. molecule converge -s qubes-staging
  3. observe error described above

Expected Behavior

molecule scenario should succeed and a SecureDrop staging environment should be created

Actual Behavior

Molecule scenario fails at the Create step

Comments

qvm-clone automatically uses the class of the source of the copy (--class StandaloneVM), and passing --class StandaloneVM does not address the issue.

Workaround is to qvm-clone the base VMs in dom0, and then run the molecule converge step in the adminVM. In dom0:

qvm-clone sd-app-base sd-app
qvm-tags sd-app add created-by-sd-dev
@deeplow

This comment has been minimized.

Copy link
Contributor

commented Feb 10, 2019

Came across this issue the other day. And it quite obnoxious. After a little digging, it seems that the problem is with qubes, particularly some part that does not seem to be yet implemented. They even have a FIXME in the code (line 407 to line 427 of the file /usr/lib/python3/dist-packages/qubesadmin/app.py).

A quick temporary fix to comment out all those lines like so:

            """
            try:
                # FIXME: convert to qrexec calls to dom0/GUI VM
                appmenus_cmd = \
                    ['qvm-appmenus', '--init', '--update',
                        '--source', src_vm.name, dst_vm.name]
                subprocess.check_output(appmenus_cmd, stderr=subprocess.STDOUT)
            except OSError:
                # this file needs to be python 2.7 compatible,so no FileNotFoundError
                self.log.error('Failed to clone appmenus, qvm-appmenus missing')
                if not ignore_errors:
                     raise qubesadmin.exc.QubesException(
                        'Failed to clone appmenus')
            except subprocess.CalledProcessError as e:
                self.log.error('Failed to clone appmenus: %s',
                    e.output.decode())
                if not ignore_errors:
                    raise qubesadmin.exc.QubesException(
                        'Failed to clone appmenus')
            """

Maybe this problem should be mentioned in the docs so people at least know it's not only happening to them.

@deeplow

This comment has been minimized.

Copy link
Contributor

commented Feb 11, 2019

Opened an issue detailing the problem on qubes-issues as this seems to be a problem with qubes rather than this project

@conorsch

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2019

I use this script locally to work around the problem in the meantime:

#!/bin/bash
# Helper script to manage VM lifecycle for SecureDrop staging VMs.
# Necessary as a workaround, pending resolution of upstream admin API bug.
set -e
set -x

for vm in sd-app sd-mon; do
    qvm-kill --quiet "$vm" || true
    qvm-remove --force "$vm" || true
    qvm-clone "${vm}-base" "$vm"
    qvm-tags "$vm" add created-by-sd-dev
    qvm-start "$vm"
done

Run that in dom0, then molecule converge -s qubes-staging will work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.