Hi Andrew,
Le 2016-12-11 21:45, Andrew David Wong a écrit :
>> - Usually I update all the templates and Dom0 simultaneously: I right
>> click on the AppVM template and click `Update VM', I do this for each
>> AppVM in a row (without waiting for the update of the previous AppVM
>> to
>> terminate) and finally for Dom0 (since it locks access to the Qubes VM
>> Manager during the while Dom0 update process, which is the longest,
>> see
>> below).
>
> When you say "AppVM," do you actually mean TemplateVM? There should
> normally be no reason to update AppVMs.
>
Yes sorry, that's indeed what I mean, I do this for each TemplateVM and
not AppVM (usually when I update most AppVM are shut down).
>> - I have the impression that Dom0 updates are downloaded twice, most
>> probably an issue around the proxy feature (there is no such issue
>> with
>> the templates, updating Dom0 takes twice as much time as updating the
>> templates).
>>
>
> Hm, that would be odd. The normal dom0 update process is for the
> updates
> to b downloaded by the UpdateVM (default sys-firewall), then
> transferred
> to dom0, where the signatures are checked, and the updates are
> installed.
> This might have the appearance of the updates being downloaded twice,
> but they're really only downloaded once.
Well, this morning again there was a new ghost update : I launched Dom0
update, it was processing for 14 minutes and downloading about half of
the time, before finally concluding that there is actually no update
available. Odd and suboptimal indeed...
While trying to investigate a bit further, I stumbled on this
interesting "property" of Fedora which randomly selects a "nearby"
source to download the update. There was indeed updates currently
available for both my Debian and Fedora packages:
- Debian update took less than a minute,
- Fedora is still ongoing, with a download speed hardly reaching 80
KB/s.
I think I know understand why updating Dom0 seems so slow, thank you
Fedora for allowing even the crappiest server to act as an update source
as long as it is among the closest ones geographically speaking :( ...
I already stumbled on this before and had to cancel an update and try
later in order to update my Fedora template due to such poor performance
and an estimated time of completion counted in hours. A few time later,
a decent server offering a download speed counted in MB instead of KB
and the update was done in less than a minute too.
If I have some time, maybe I should try to find the culprit(s) and
blacklist it/them somehow. By the way I'm a bit surprised to see the
/var/log/tinyproxy to remain empty even after all those tests.
And to end-up on a more positive note I find it great that the template
VM now shut down themselves automatically once the update is done :) !
Have a nice day,
Simon.