rudd-o / ansible-qubes Goto Github PK

See subject line?
In dom0 I have a line in /etc/qubes-rpc/policy/qubes.VMChell I have a line that reads

managevm    dom0    allow

but running ./bombshell-client dom0 hostname gives nothing - just a new line on the CLI ...

Hello, your ansible-qubes idea sounds great

Considering #7 and the commits I wonder if this project can be safely and easily used in R4. I'd like to try it but I don't have much time for troubleshooting

Hi,

With the appropriate configuration in both dom0 and the management VM , ./bombshell-client dom0 hostname works just fine on my QubesOS 4.0-rc2 system.

Executing a playbook that used to work just fine, however, I now get during TASK [Gathering Facts] the following error:

TypeError: set_host_overrides() takes exactly 3 arguments (4 given)

Any clue what might be wrong?

[user@controller ansible-qubes]$ qrun dom0 shell
2022-04-22 17:04:22.094 qrexec-client-vm[2278]: process_io.c:36:handle_vchan_error: Error while vchan send(handle_input stdout), exiting

journalctl -b -a
Apr 22 17:31:19 dom0 qrexec-policy-daemon[2158]: qrexec: qubes.VMShell+: controller -> @adminvm: allowed to dom0 Apr 22 17:31:19 dom0 qrexec-policy-daemon[37787]: 2022-04-22 17:31:19.827 qrexec-client[37787]: exec.c:511:execute_parsed_qubes_rpc_command: Unknown service > Apr 22 17:31:19 dom0 qrexec-policy-daemon[37787]: 2022-04-22 17:31:19.847 qrexec-client[37787]: qrexec-client.c:278:handle_failed_exec: failed to spawn proce> Apr 22 17:31:19 dom0 qrexec-policy-daemon[2158]: qrexec: qubes.VMShell: controller -> dom0: error while executing: qrexec-client failed: ['/usr/lib/qubes/qre> lines 10121-10161/10161 (END)

To solve this problem, you need to make the file /etc/qubes-rpc/qubes.VMShell executable

In Dom0:

sudo chmod +x /etc/qubes-rpc/qubes.VMShell

Hey, I'm trying to run the qubesformation plugin but I'm getting the following error:

TASK [Configure Qubes Salt formula and the top file] ***************************
task path: /etc/ansible/qubes.yml:32
Sunday 11 September 2022  00:09:03 -0400 (0:00:03.668)       0:00:04.172 ****** 
The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 147, in run
    res = self._execute()
  File "/usr/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 665, in _execute
    result = self._handler.run(task_vars=variables)
  File "/usr/share/ansible/plugins/action/qubesformation.py", line 102, in run
    x.write(contents)
  File "/usr/lib64/python3.8/tempfile.py", line 473, in func_wrapper
    return func(*args, **kwargs)
TypeError: a bytes-like object is required, not 'str'
fatal: [dom0]: FAILED! => {
    "msg": "Unexpected failure during module execution.",
    "stdout": ""
}

When I do print(contents) on line 102 I get something like {{ vms | print_yml }}.

Any idea on what is not working?

I'm using the following config: https://gitlab.com/megabyte-labs/gas-station/-/blob/master/ansible.cfg

All the plugins etc. are placed in the recommended Ansible locations using this script: https://gitlab.com/megabyte-labs/gas-station/-/blob/master/scripts/qubes.sh

When I try to run the first example, I get the following error which is similar:

TASK [Configure Qubes Salt formula and the top file] ***************************
task path: /etc/ansible/qubes.yml:32
Sunday 11 September 2022  00:09:03 -0400 (0:00:03.668)       0:00:04.172 ****** 
The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 147, in run
    res = self._execute()
  File "/usr/lib/python3.8/site-packages/ansible/executor/task_executor.py", line 665, in _execute
    result = self._handler.run(task_vars=variables)
  File "/usr/share/ansible/plugins/action/qubesformation.py", line 102, in run
    x.write(contents)
  File "/usr/lib64/python3.8/tempfile.py", line 473, in func_wrapper
    return func(*args, **kwargs)
TypeError: a bytes-like object is required, not 'str'
fatal: [dom0]: FAILED! => {
    "msg": "Unexpected failure during module execution.",
    "stdout": ""
}

Any idea on what I'm doing wrong?

Hey, I'm trying to clean up the logging that this project outputs. I'm getting the following error but I'm unsure of how to fix it:

TypeError: a bytes-like object is required, not 'str'

This error comes from tasks that use copy with inline data. Here's an example:

- name: Save meta information about the version of AriaNG that was installed
  copy:
    dest: ~/.config/megabytelabs/ariang
    mode: 0600
    content: |
      {{ ariang_latest_release_tag.json.tag_name }}
  when: install_ariang

Any idea on how to fix this?

how can I change the screen background of the official Qubes OS 4.? Please help me, I am new to the IT world. maybe someone knows how to copy in Qubes 4 directly to Dom0 or connect the USB stick directly to Dom0? ask for instructions with a detailed explanation. Thank you in advance !;)

_{Sent with GitHawk}

Hello!

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: FileNotFoundError: [Errno 2] No such file or directory: b'qvm-run'
work | FAILED | rc=-1 >>
Unexpected failure during module execution.\

Did it step by step. run from directory
/home/user/ansible-qubes/examples/ansible

ansible log https://pastebin.com/mQ1X3jer

ansible work -m shell -a whoami
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not
match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: work

ansible work -m shell -a whoami -i hosts -vvv
full error -vvv : https://pastebin.com/LDk3nfqV

Thank you in advance for your help!

Following the example, the ansible work -m shell -a whoami command fails to run with the following error:

The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", line 140, in run
    res = self._execute()
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", line 559, in _execute
    self._set_connection_options(variables, templar)
  File "/usr/lib/python3/dist-packages/ansible/executor/task_executor.py", line 896, in _set_connection_options
    self._connection.set_options(var_options=options)
  File "/home/user/ansible-qubes/connection_plugins/qubes.py", line 255, in set_options
    if task_keys['delegate_to'] and 'management_proxy' in self._options:
TypeError: 'NoneType' object is not subscriptable

work | FAILED | rc=-1 >>
Unexpected failure during module execution.

This is caused by this line

Changing the line to the following solves the issue.

if task_keys is not None and task_keys['delegate_to'] and 'management_proxy' in self._options

This issue will be closed when this program has been tested successfully working in Qubes 4.1, and best practices from said release have been adopted.

Minor issue but would love it if you knew how to fix it:

Whenever command/shell are invoked (perhaps in some other cases too), a line return is added to the Ansible output. This can cause issues for parsing the output and it doesn't look as good.

user@controller bin]$ ansible dom0 -m ping
dom0 | FAILED! => {
"msg": "qrun command not found in PATH"
}

To make qubes.py work and find qrun

You need to comment out this line.

in qubes.py
if 'transport_cmd' in kwargs: self.transport_cmd = kwargs['transport_cmd'] return self.transport_cmd = distutils.spawn.find_executable('qrun') self.transport_cmd = None if not self.transport_cmd: self.transport_cmd = os.path.join( os.path.dirname(__file__), os.path.pardir, "bin",

#self.transport_cmd = None

Following the documentation, I have successfully setup a management vm and can use it to access dom0, where I am running an update play and proceed to read out what vms are present, which are templates and running, firing them up as appropriate. I proceed with dynamically adding the detected vms to the inventory

- add_host:
  name:                       "{{ item }}"
  groups:                     template_vms
  ansible_connection: qubes
  with_items:
     "{{ template_vms_present.stdout_lines }}"

When I now try to proceed with updating the templates, it becomes apparent, that I cannot access them. An exemplary error looks like

fatal: [fedora-23]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission 
failure. In some cases, you may have been able to authenticate and did not have permissions on the 
remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". 
Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp/ansible-
tmp-1490762777.82-167116017398295 `\" && echo ansible-
tmp-1490762777.82-167116017398295=\"` echo ~/.ansible/tmp/ansible-
tmp-1490762777.82-167116017398295 `\" ), exited with result 125", "unreachable": true}

Following ansible's proposal from the error message and switching the remote_tmp variable in ansible.cfg to something like /tmp/.ansible/tmp does not remedy the situation.

Any hints on how to achieve this? Is my budding understanding of Qubes OS to blame?

Sincerely, Joh

[user@controller ~]$ ansible dom0 -m ping [WARNING]: Unhandled error in Python interpreter discovery for host dom0: the remote end of the Qubes connection was not ready: /home/user/autoqubes/ansible- qubes/bin/qrun dom0 python -u -i -c ' from future import print_function import sys, os, subprocess [sys.ps](http://sys.ps/)1 = '"'"''"'"' [sys.ps](http://sys.ps/)2 = '"'"''"'"' sys.stdin = os.fdopen(sys.stdin.fileno(), '"'"'rb'"'"', 0) if hasattr(sys.stdin, '"'"'buffer'"'"') else sys.stdin sys.stdout = sys.stdout.buffer if hasattr(sys.stdout, '"'"'buffer'"'"') else sys.stdout ' yielded b'' dom0 | FAILED! => { "msg": "the remote end of the Qubes connection was not ready: /home/user/autoqubes/ansible-qubes/bin/qrun dom0 python -u -i -c '\nfrom future import print_function\nimport sys, os, subprocess\[nsys.ps](http://nsys.ps/)1 = '"'"''"'"'\[nsys.ps](http://nsys.ps/)2 = '"'"''"'"'\nsys.stdin = os.fdopen(sys.stdin.fileno(), '"'"'rb'"'"', 0) if hasattr(sys.stdin, '"'"'buffer'"'"') else sys.stdin\nsys.stdout = sys.stdout.buffer if hasattr(sys.stdout, '"'"'buffer'"'"') else sys.stdout\n' yielded b''"

qrun and bombshell clients work it

[user@controller ~]$ qrun dom0 whoami
root
[user@controller ~]$ bombshell-client dom0 whoami
root