From adc6dd4b62ae89b7db7fd77b41a4c9cd431d711d Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Mon, 9 Mar 2020 18:55:38 -0700 Subject: [PATCH] Reboots logging VMs during install A side-effect of consolidating the log collection logic is that all VMs, even the TemplateVM for sd-log, begins shipping logs immediately upon configuration. That's a problem for sd-log AppVM & TemplateVM because the RPC calls to send logs will cause the AppVM to boot. If the AppVM doesn't have the final config from the TemplateVM, because of an early boot, log aggregation won't work. Let's configure both the TemplateVM & AppVM, then shut down the TemplateVM (automatic as part of salt disp mgmt vm logic), then reboot the AppVM. All tests passing on a clean install. --- scripts/provision-all | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/provision-all b/scripts/provision-all index 2955af37..cb595c09 100755 --- a/scripts/provision-all +++ b/scripts/provision-all @@ -17,11 +17,12 @@ sudo qubesctl --show-output --skip-dom0 --targets sys-firewall state.sls sd-sys- echo "Set up dom0 config files, including RPC policies, and create VMs" sudo qubesctl --show-output state.highstate -echo "Setup sd-log-buster-template vm first" -sudo qubesctl --show-output --skip-dom0 --targets sd-log-buster-template state.highstate +echo "Set up logging VMs early" +sudo qubesctl --show-output --skip-dom0 --targets sd-log,sd-log-buster-template state.highstate +# Reboot sd-log so it's ready to receive logs from other VMs about to be configured +qvm-shutdown --wait sd-log && qvm-start sd-log # Provision whonix-gw-15 with log additions because it isn't tagged with sd-workstation (we don't want it removed after a make clean) sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.highstate -#sudo qubesctl --show-output --skip-dom0 --targets whonix-gw-15 state.sls sd-whonix-template-files qvm-shutdown --wait whonix-gw-15 # Format list of all VMs comma-separated, for use as qubesctl target