auto-update all template VMs?
213 views
Skip to first unread message
Oleg Artemiev
Jan 27, 2015, 4:48:58 PM1/27/15
to qubes-users
Having a lot of template VMs makes updating annoying - a few times do
the same tapping mouse..
Has anyone already made a script for subj? If yes - please share.
Idea is simple - execute from Dom0, take all template VMs one by one,
update with auto-accepting packages (leaving log), if possible - show
a popup in Dom0 when depending VMs should be rebooted. I'd even run
this from dom0 cron..
--
Bye.Olli.
gpg --search-keys grey_olli
Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E
Blog keys (mostly in russian): http://grey-olli.livejournal.com/tag/
the same tapping mouse..
Has anyone already made a script for subj? If yes - please share.
Idea is simple - execute from Dom0, take all template VMs one by one,
update with auto-accepting packages (leaving log), if possible - show
a popup in Dom0 when depending VMs should be rebooted. I'd even run
this from dom0 cron..
--
Bye.Olli.
gpg --search-keys grey_olli
Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E
Blog keys (mostly in russian): http://grey-olli.livejournal.com/tag/
Fabian Wloch
Jan 27, 2015, 4:58:06 PM1/27/15
to qubes...@googlegroups.com
Since now i used to do this the same way as u do - clicking the same stuff a few times in a row.
But i like the idea, and if nobody posts a script for this till tomorrow, i´ll take some time and try to write one.
I think just through a shellscript its not possible to create notifications on the desktop, but updating + creating a log shouldnt be that difficult.
Definitly a good idea i havent even thought about till yet.
-Fabian
But i like the idea, and if nobody posts a script for this till tomorrow, i´ll take some time and try to write one.
I think just through a shellscript its not possible to create notifications on the desktop, but updating + creating a log shouldnt be that difficult.
Definitly a good idea i havent even thought about till yet.
-Fabian
Joonas Lehtonen
Jan 27, 2015, 5:18:28 PM1/27/15
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Oleg Artemiev:
feature out of the box.
./update-script templ1 templ2 ..
(depending on the template this is more or less frequent, script is
run with different intervals depending on the template)
If you want to loop over all of them automatically you could use the
output of
qvm-ls |grep ']'|cut -d"[" -f2|cut -d"]" -f1
(quite ugly but qvm-ls has no --template switch ;)
update-script:
#!/bin/bash
for vm in $*
do
qvm-run -a -p -u root $vm 'yum -y update && sleep 3 && halt '
done
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUyA6tAAoJENGIB/ssoMC2A9QQALAWPFaI+wffwxCvgxjULgFj
KNfs0jDw9ZqDwakC/pTFqt6KH5bwm7L30jcKcSd3bUKAHFrX+3J4MBekzM/m7x1c
Z/bMcK/ZIxvKvsD+o1RO0tPP7mA/PZdHTpZf28Mmx+pmId6AY4EJNwViURsQKjpA
5C2DYu10R1fVEgFIrA9SPZMuDbZYvjpg1zNhNvTv5ewVTLT9W+fw0VNoaT8y1kHb
J0Qad4+F6qnyDLP68OlIp0KtDxCrwKwj6du57GNz09VLHbRN+n4Mnu6ymeImtner
RDQ3j0Xqw5sr+faT1it5q+5xCJbvReOYquTOnN4ugkVErQW2RwQyuunPgiYd8bS6
H7c5BapKTjhXp16nbx1cTknvok9ya9weLau5Zxkosn9pxTjSyJCCpXdWGFiY/g9C
fIjyABiRLZsnn3NGNOVSPWcdqDuhRz1+JjX2SVEDLUBaO1JknHPtAw/oZ3LJv9ra
o1dPOy9wHDcw3n/jChW9wYSfQFBnWGfH6agVbsQohxAgAqHrfspfRDupB2fZRMQn
E+HalW4IqakewmjmSXV477+b8nuzXpzRu1Q+26qAS/w/2rEP3/l1qqGpbxWZsV48
X/Q4mtrQwUv01mQek6X5OWStbgabqpAJ0OBKWfLEP+uYmKuGWL7zU4sRoR+m1gaZ
U/gCe7c5lLWJM4nn/Q5+
=LeuC
-----END PGP SIGNATURE-----
Hash: SHA512
Oleg Artemiev:
> Having a lot of template VMs makes updating annoying - a few times
> do the same tapping mouse..
>
> Has anyone already made a script for subj? If yes - please share.
>
> Idea is simple - execute from Dom0, take all template VMs one by
> one, update with auto-accepting packages (leaving log), if possible
> - show a popup in Dom0 when depending VMs should be rebooted. I'd
> even run this from dom0 cron..
I also do auto updates and think that every OS should come with such a
> do the same tapping mouse..
>
> Has anyone already made a script for subj? If yes - please share.
>
> Idea is simple - execute from Dom0, take all template VMs one by
> one, update with auto-accepting packages (leaving log), if possible
> - show a popup in Dom0 when depending VMs should be rebooted. I'd
> even run this from dom0 cron..
feature out of the box.
./update-script templ1 templ2 ..
(depending on the template this is more or less frequent, script is
run with different intervals depending on the template)
If you want to loop over all of them automatically you could use the
output of
qvm-ls |grep ']'|cut -d"[" -f2|cut -d"]" -f1
(quite ugly but qvm-ls has no --template switch ;)
update-script:
#!/bin/bash
for vm in $*
do
qvm-run -a -p -u root $vm 'yum -y update && sleep 3 && halt '
done
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUyA6tAAoJENGIB/ssoMC2A9QQALAWPFaI+wffwxCvgxjULgFj
KNfs0jDw9ZqDwakC/pTFqt6KH5bwm7L30jcKcSd3bUKAHFrX+3J4MBekzM/m7x1c
Z/bMcK/ZIxvKvsD+o1RO0tPP7mA/PZdHTpZf28Mmx+pmId6AY4EJNwViURsQKjpA
5C2DYu10R1fVEgFIrA9SPZMuDbZYvjpg1zNhNvTv5ewVTLT9W+fw0VNoaT8y1kHb
J0Qad4+F6qnyDLP68OlIp0KtDxCrwKwj6du57GNz09VLHbRN+n4Mnu6ymeImtner
RDQ3j0Xqw5sr+faT1it5q+5xCJbvReOYquTOnN4ugkVErQW2RwQyuunPgiYd8bS6
H7c5BapKTjhXp16nbx1cTknvok9ya9weLau5Zxkosn9pxTjSyJCCpXdWGFiY/g9C
fIjyABiRLZsnn3NGNOVSPWcdqDuhRz1+JjX2SVEDLUBaO1JknHPtAw/oZ3LJv9ra
o1dPOy9wHDcw3n/jChW9wYSfQFBnWGfH6agVbsQohxAgAqHrfspfRDupB2fZRMQn
E+HalW4IqakewmjmSXV477+b8nuzXpzRu1Q+26qAS/w/2rEP3/l1qqGpbxWZsV48
X/Q4mtrQwUv01mQek6X5OWStbgabqpAJ0OBKWfLEP+uYmKuGWL7zU4sRoR+m1gaZ
U/gCe7c5lLWJM4nn/Q5+
=LeuC
-----END PGP SIGNATURE-----
Oleg Artemiev
Jan 27, 2015, 5:37:19 PM1/27/15
to Fabian Wloch, qubes...@googlegroups.com
On Wed, Jan 28, 2015 at 12:58 AM, Fabian Wloch <fabian...@gmail.com> wrote:
> Since now i used to do this the same way as u do - clicking the same stuff a
> few times in a row.
> But i like the idea, and if nobody posts a script for this till tomorrow,
> i´ll take some time and try to write one.
> I think just through a shellscript its not possible to create notifications
> on the desktop, but updating + creating a log shouldnt be that difficult.
>
> Definitly a good idea i havent even thought about till yet.
>
> -Fabian
>
> Am Dienstag, 27. Januar 2015 22:48:58 UTC+1 schrieb Oleg Artemiev:
>>
>> Having a lot of template VMs makes updating annoying - a few times do
>> the same tapping mouse..
>>
>> Has anyone already made a script for subj? If yes - please share.
>>
>> Idea is simple - execute from Dom0, take all template VMs one by one,
>> update with auto-accepting packages (leaving log), if possible - show
>> a popup in Dom0 when depending VMs should be rebooted. I'd even run
>> this from dom0 cron..
Thank you, it would be nice. I've a few feature requests for such a script:
> Since now i used to do this the same way as u do - clicking the same stuff a
> few times in a row.
> But i like the idea, and if nobody posts a script for this till tomorrow,
> i´ll take some time and try to write one.
> I think just through a shellscript its not possible to create notifications
> on the desktop, but updating + creating a log shouldnt be that difficult.
>
> Definitly a good idea i havent even thought about till yet.
>
> -Fabian
>
> Am Dienstag, 27. Januar 2015 22:48:58 UTC+1 schrieb Oleg Artemiev:
>>
>> Having a lot of template VMs makes updating annoying - a few times do
>> the same tapping mouse..
>>
>> Has anyone already made a script for subj? If yes - please share.
>>
>> Idea is simple - execute from Dom0, take all template VMs one by one,
>> update with auto-accepting packages (leaving log), if possible - show
>> a popup in Dom0 when depending VMs should be rebooted. I'd even run
>> this from dom0 cron..
*) a free memory margin that will loop waiting till enough is free
(update require starting a template VM, if a lot is already started
this could be a problem)
*) an option to allow forced reboot/shutdown of an already running
template VMs (i.e. user forgot to shutdown template VM and it eats
memory for nothing)
*) an option to force restart of VMs based on updated Template VMs
though I'd be glad to see a simplest script. :)
Steve Coleman
Jan 28, 2015, 10:40:24 AM1/28/15
to qubes-users
Olli,
Here is my qvm-update hack (attached).
dom0$ sudo qvm-update [--shutdown]
It updates dom0 first, and then each template VM. It will list what
output was generated by each command to the console after stripping out
any unimportant or expected messages. It also groks the status code from
the yum command from the template VM's subshell. It logs all output to
"/var/log/qvm-update.*", rolling the logs as necessary, and has an
optional shutdown argument used to turn off the machine when complete.
A word of caution, if the template VM is already open when this is run
that vm will shutdown after its update.
I also tried to kick/force the DVM regeneration so you won't need to
wait 120 sec for your next Disposable VM, but I don't think that part is
working just yet. I'm sure there is a better way to do this, but I have
not had the time to look into it.
Patrick Schleizer
Sep 12, 2015, 4:18:36 PM9/12/15
to qubes...@googlegroups.com
This is a huge issue.
See the following ticket, where it has been discussed at length, why an
automated, one or zero click update utility cannot be securely and
easily implemented by "just writing some utility".
(Not Whonix specific, even though discussed at Whonix tracker...!)
Qubes templates: graphical updater (Apper) broken
https://phabricator.whonix.org/T373#5867
Sure, a script can be written to aid this process, automate it more.
Have the update commands run one by one. But looking what's actually
happening and intervening when necessary will still be required. Nice to
have. But just a workaround. Not the solution to this issue.
Cheers,
Patrick
See the following ticket, where it has been discussed at length, why an
automated, one or zero click update utility cannot be securely and
easily implemented by "just writing some utility".
(Not Whonix specific, even though discussed at Whonix tracker...!)
Qubes templates: graphical updater (Apper) broken
https://phabricator.whonix.org/T373#5867
Sure, a script can be written to aid this process, automate it more.
Have the update commands run one by one. But looking what's actually
happening and intervening when necessary will still be required. Nice to
have. But just a workaround. Not the solution to this issue.
Cheers,
Patrick
Connor Page
Sep 12, 2015, 8:41:51 PM9/12/15
to qubes-users
there is a script written by mig5 at https://gist.github.com/mig5/e6fcd033df11b0800bbd
Marek Marczykowski-Górecki
Sep 13, 2015, 6:13:52 AM9/13/15
to Connor Page, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, Sep 12, 2015 at 05:41:50PM -0700, Connor Page wrote:
> there is a script written by mig5 at https://gist.github.com/mig5/e6fcd033df11b0800bbd
It has exactly the problems Patrick is talking about. For example not
checking for `apt-get update` warnings may cause not installing security
updates without any error at the end.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV9UxWAAoJENuP0xzK19csP2cH/i0UntaQ9QSwMeuvsGA3XxpD
vZPYzEfuSEroPo8k0qn8+ADsbrdbul3QArRiqVkAS6Be7fqgTADJQZeGyzKEQQr4
B7bedmiBguJ38kerB3/vL5Pt4UgfX87MFnMBAPkOzeMTWiNkSqFThxNWAxMBFwM8
0zQckO19Ie+tTWWJbxjUPMLJ4dfXkb3HU7fZcfRW9CgmlnE5wg4ytcKGLz3goJvM
YedRLgxZz0LEA5P1x0FEMG5w5XBLvUyyFITUjDhmNvzXdOhHM6kV+vkoOhcZQZHP
bLWODbNkY7mgtF2/57ggTT52waR0o6HVI7XRUXpE5liwPMdOaVKgK9CbC5KKlfQ=
=rdOY
-----END PGP SIGNATURE-----
Hash: SHA256
On Sat, Sep 12, 2015 at 05:41:50PM -0700, Connor Page wrote:
> there is a script written by mig5 at https://gist.github.com/mig5/e6fcd033df11b0800bbd
checking for `apt-get update` warnings may cause not installing security
updates without any error at the end.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV9UxWAAoJENuP0xzK19csP2cH/i0UntaQ9QSwMeuvsGA3XxpD
vZPYzEfuSEroPo8k0qn8+ADsbrdbul3QArRiqVkAS6Be7fqgTADJQZeGyzKEQQr4
B7bedmiBguJ38kerB3/vL5Pt4UgfX87MFnMBAPkOzeMTWiNkSqFThxNWAxMBFwM8
0zQckO19Ie+tTWWJbxjUPMLJ4dfXkb3HU7fZcfRW9CgmlnE5wg4ytcKGLz3goJvM
YedRLgxZz0LEA5P1x0FEMG5w5XBLvUyyFITUjDhmNvzXdOhHM6kV+vkoOhcZQZHP
bLWODbNkY7mgtF2/57ggTT52waR0o6HVI7XRUXpE5liwPMdOaVKgK9CbC5KKlfQ=
=rdOY
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages