Rudd-O / ansible-qubes

Qubes OS DevOps automation
56 stars 12 forks source link

Problems accessing templates #5

Closed r-cheologist closed 7 years ago

r-cheologist commented 7 years ago

Following the documentation, I have successfully setup a management vm and can use it to access dom0, where I am running an update play and proceed to read out what vms are present, which are templates and running, firing them up as appropriate. I proceed with dynamically adding the detected vms to the inventory

- add_host:
  name:                       "{{ item }}"
  groups:                     template_vms
  ansible_connection: qubes
  with_items:
     "{{ template_vms_present.stdout_lines }}"

When I now try to proceed with updating the templates, it becomes apparent, that I cannot access them. An exemplary error looks like

fatal: [fedora-23]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission 
failure. In some cases, you may have been able to authenticate and did not have permissions on the 
remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". 
Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp/ansible-
tmp-1490762777.82-167116017398295 `\" && echo ansible-
tmp-1490762777.82-167116017398295=\"` echo ~/.ansible/tmp/ansible-
tmp-1490762777.82-167116017398295 `\" ), exited with result 125", "unreachable": true}

Following ansible's proposal from the error message and switching the remote_tmp variable in ansible.cfg to something like /tmp/.ansible/tmp does not remedy the situation.

Any hints on how to achieve this? Is my budding understanding of Qubes OS to blame?

Sincerely, Joh

Rudd-O commented 7 years ago

Check the "sudo journalctl -f" logs on:

And try to see if there is anything about bombshell-client there.

Also, does it work when you add them to your hosts file?

On March 29, 2017 6:57:58 AM GMT+02:00, r-cheologist notifications@github.com wrote:

Following the documentation, I have successfully setup a management vm and can use it to access dom0, where I am running an update play and proceed to read out what vms are present, which are templates and running, firing them up as appropriate. I proceed with dynamically adding the detected vms to the inventory

  • add_host: name: "{{ item }}" groups: template_vms ansible_connection: qubes with_items: "{{ template_vms_present.stdout_lines }}"

When I now try to proceed with updating the templates, it becomes apparent, that I cannot access them. An exemplary error looks like

fatal: [fedora-23]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"echo ~/.ansible/tmp/ansible- tmp-1490762777.82-167116017398295\" && echo ansible- tmp-1490762777.82-167116017398295=\"echo ~/.ansible/tmp/ansible- tmp-1490762777.82-167116017398295\" ), exited with result 125", "unreachable": true}

Following ansible's proposal from the error message and switching the remote_tmp variable in ansible.cfg to something like /tmp/.ansible/tmp does not remedy the situation.

Any hints on how to achieve this? Is my budding understanding of Qubes OS to blame?

Sincerely, Joh

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/Rudd-O/ansible-qubes/issues/5

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

r-cheologist commented 7 years ago

Found my issue: fixed $annyvm to $anyvm in the policy ...

Joh