Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically remove old, unneeded update files from TemplateVMs to save disk space #6676

Closed
ninavizz opened this issue Jun 8, 2021 · 21 comments · Fixed by QubesOS/qubes-core-admin-linux#165
Assignees
Labels
C: Debian/Ubuntu C: Fedora C: updates P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. ux User experience

Comments

@ninavizz
Copy link
Member

ninavizz commented Jun 8, 2021

The problem you're addressing (if any)
Diskspace inflation in templates from old installer files, has been an ongoing problem in the SecureDrop Workstation. While Marek has been lovely and attentive as always in commenting on our issues, and we're likely to implement our own workaround shortly, this issue is to implement a fix for Qubes users not using our specific deployment of it—who may likely encounter the same problem.

Describe the solution you'd like
From @marmarek in SDW #653

I think it should be easy enough to add autoremove call to update.qubes-vm salt file. I don't see proper abstraction for it in the pkg state, so it will likely need cmd.run state.

See also #6676 (comment)

Where is the value to a user, and who might that user be?
Savvy users know to check for bloat from accumulated installer files that a young product (Qubes) may not yet have an automation in place to clean-up. Less savvy users (me!), not so much. Always cheering for the less savvy users, I am.

Describe alternatives you've considered

Related, non-duplicate issues
Maybe #1639?

@ninavizz ninavizz added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Jun 8, 2021
@andrewdavidwong andrewdavidwong changed the title Purge old installer files at end or beginning of installation processes Automatically purge old update files from TemplateVMs to save disk space Jun 8, 2021
@andrewdavidwong
Copy link
Member

(@ninavizz, the original title made it sound like this was about the Qubes OS installer, but reading the description made it clear that it's about disk usage from performing routine updates inside of TemplateVMs, so I've updated the title in a way that hopefully makes it more intuitive to those who are familiar with this topic.)

@andrewdavidwong andrewdavidwong added this to the TBD milestone Jun 8, 2021
@andrewdavidwong andrewdavidwong changed the title Automatically purge old update files from TemplateVMs to save disk space Automatically remove old update files from TemplateVMs to save disk space Jun 8, 2021
@andrewdavidwong
Copy link
Member

andrewdavidwong commented Jun 8, 2021

I'm guessing this would only be implemented for officially-supported templates, so I've added the Debian and Fedora labels, rather than just C: templates.

Come to think of it, I'm not sure if anything special needs to be done for Fedora templates, unlike Debian, which requires something like autoremove, as already noted in freedomofpress/securedrop-workstation#653. The funny thing is, dnf also has dnf autoremove, but I never remember using it or hearing anyone talk about it, whereas people seem to use and talk about apt[-get] autoremove all the time.

@andrewdavidwong andrewdavidwong changed the title Automatically remove old update files from TemplateVMs to save disk space Automatically remove unneeded update files from TemplateVMs to save disk space Jun 8, 2021
@andrewdavidwong andrewdavidwong changed the title Automatically remove unneeded update files from TemplateVMs to save disk space Automatically remove old, unneeded update files from TemplateVMs to save disk space Jun 8, 2021
@unman
Copy link
Member

unman commented Jun 8, 2021 via email

@andrewdavidwong
Copy link
Member

This appears to be a duplicate of an existing issue. If so, please comment on the appropriate existing issue instead. If you believe this is not really a duplicate, please leave a comment briefly explaining why. We'll be happy to take another look and, if appropriate, reopen this issue. Thank you.

@andrewdavidwong andrewdavidwong added the R: duplicate Resolution: Another issue exists that is very similar to or subsumes this one. label Jun 8, 2021
@andrewdavidwong
Copy link
Member

Closed as duplicate on the assumption that the Debian fix is all that's desired. If there's demand for more, please comment.

@eloquence
Copy link

eloquence commented Jul 22, 2021

@unman @andrewdavidwong

In our experience, hitting diskspace limits is the most common cause of update breakage among the ~10 users we are currently supporting.

It looks like QubesOS/qubes-core-agent-linux#218 will make it unnecessary to run sudo apt clean in Debian templates, but is that change fully sufficient to autoremove packages that are no longer needed as part of an update run? As an example, in a template I just cleaned up, 200 MB were cleaned up via sudo apt clean (which I understand will no longer be needed), and 800 MB were cleaned up via sudo apt autoremove.

@andrewdavidwong
Copy link
Member

@eloquence:

It looks like QubesOS/qubes-core-agent-linux#218 will make it unnecessary to run sudo apt clean in Debian templates, but is that change fully sufficient to autoremove packages that are no longer needed as part of an update run? As an example, in a template I just cleaned up, 200 MB were cleaned up via sudo apt clean (which I understand will no longer be needed), and 800 MB were cleaned up via sudo apt autoremove.

I had the same thought earlier, which is why I specifically mentioned autoremove in #6676 (comment). Since @unman specifically quoted that message when saying that it's already been resolved (and since he has probably forgotten more about Debian than I'll ever know 🙂), I figured that this base was covered. However, it's worth waiting to see what @unman says to get explicit confirmation on this point.

@unman
Copy link
Member

unman commented Jul 27, 2021 via email

@marmarek
Copy link
Member

marmarek commented Jul 27, 2021 via email

@andrewdavidwong
Copy link
Member

The problem is that automatic clean only saves a fraction of the disk space compared to autoremove, and it's unrealistic to expect most users to manually monitor and micromanage autoremoving for every Debian template. Out of curiosity, why isn't this a problem on Fedora, and why can't core packages be protected from automatic autoremoving?

@DemiMarie
Copy link

The problem is that automatic clean only saves a fraction of the disk space compared to autoremove, and it's unrealistic to expect most users to manually monitor and micromanage autoremoving for every Debian template. Out of curiosity, why isn't this a problem on Fedora, and why can't core packages be protected from automatic autoremoving?

On Fedora, automatic removal is the default, so presumably bugs caused by it are found and fixed.

@DemiMarie DemiMarie reopened this Jul 28, 2021
@andrewdavidwong andrewdavidwong added ux User experience and removed R: duplicate Resolution: Another issue exists that is very similar to or subsumes this one. labels Jul 28, 2021
@eloquence
Copy link

eloquence commented Jul 28, 2021

For the SecureDrop Workstation right now, the problem is pretty major - I just freed up 1.1GB in a template with another autoremove run. With the default template size it's easy to see how you can quickly run out of space, breaking updates. I don't think it's reasonable to ask ordinary end users to handle such template diskspace cleanup tasks.

In this case I just observed, it was mostly due to Linux kernel packages that are no longer needed; since we ship our own grsec kernel, it's possible that we can do more on our end to enforce removal of older packages.

Alternatively, could it make sense to expose this as an option at the template level, so that e.g. the Salt update logic can query that property, and run autoremove after each update iff it's set? Basically, a way for users and Qubes implementers to say to the updater, "when updating this template, also try to remove unneeded packages automatically".

@andrewdavidwong
Copy link
Member

On the one hand, I can understand how this is a Debian problem and not a Qubes-specific problem. We're a tiny project compared to Debian, so it wouldn't be realistic for us to try to fix their problems on top of all of our own. On the other hand, it's clearly a Qubes-specific problem if Debian template updates are breaking while baremetal Debian updates (presumably) aren't. So, why do Qubes Debian template updates break when baremetal Debian updates don't? Is it simply a matter of disk space? If so, can we at least increase the default Debian template disk space enough to make update breakage a non-issue? If forced to choose between wasting disk space and updates breaking, I'd choose the former.

@DemiMarie
Copy link

On the one hand, I can understand how this is a Debian problem and not a Qubes-specific problem. We're a tiny project compared to Debian, so it wouldn't be realistic for us to try to fix their problems on top of all of our own. On the other hand, it's clearly a Qubes-specific problem if Debian template updates are breaking while baremetal Debian updates (presumably) aren't. So, why do Qubes Debian template updates break when baremetal Debian updates don't? Is it simply a matter of disk space? If so, can we at least increase the default Debian template disk space enough to make update breakage a non-issue? If forced to choose between wasting disk space and updates breaking, I'd choose the former.

Increasing disk space will help, and thanks to thin provisioning it won’t be used unless it is actually needed. That said, we should make sure we have the correct dependencies to keep autoremove from breaking a template completely ― even if, per Debian policy, those dependencies should not be needed.

@marmarek
Copy link
Member

Removing core packages should not be a problem, dependencies are correctly set (otherwise they wouldn't be installed in the first place). I'm more afraid of removing packages that the user uses but were installed only as a side effect initially and not needed this way anymore. This happened to me more than once.

Maybe we can do something about kernel packages specifically? Fedora has a feature specifically to avoid piling up kernel packages (there is a limit of 3 of them at once). Any idea how? The naive apt-get autoremove "linux-image-*" tried to remove all of them, not only unused ones...

@DemiMarie
Copy link

Maybe we can do something about kernel packages specifically? Fedora has a feature specifically to avoid piling up kernel packages (there is a limit of 3 of them at once). Any idea how? The naive apt-get autoremove "linux-image-*" tried to remove all of them, not only unused ones...

That isn’t as bad as it could be, since a user can use a dom0-provided kernel to recover.

In this case I just observed, it was mostly due to Linux kernel packages that are no longer needed; since we ship our own grsec kernel, it's possible that we can do more on our end to enforce removal of older packages.

How do you manage to do this? I thought Open Source Security banned public distribution of its patched kernels (by refusing to provide future updates to anyone who distributes the source).

@marmarek
Copy link
Member

That isn’t as bad as it could be, since a user can use a dom0-provided kernel to recover.

Yes, but also, if you want to use in-vm kernel, removing it at every single update is definitely bad.

@unman
Copy link
Member

unman commented Jul 28, 2021 via email

@marmarek
Copy link
Member

marmarek commented Aug 1, 2021

As an example, in a template I just cleaned up, 200 MB were cleaned up via sudo apt clean (which I understand will no longer be needed), and 800 MB were cleaned up via sudo apt autoremove.

How much of that were kernel packages, and more interestingly - how many of them you had? @eloquence

@mkow
Copy link
Member

mkow commented Jun 13, 2022

One more data point: For me this is also a very annoying problem, it causes update failures with obscure error messages (in Qubes 4.0; I get errors like "error 100" or "PGP signature verification failed"), and it happens rarely enough for me to forget what it was about between occurrences :) Also, when I hit this today, it was bad enough to prevent even xterm from starting in the template VM.
I don't imagine how non-power-users could resolve this issue by themselves :/

How much of that were kernel packages, and more interestingly - how many of them you had?

For me it was ~2 GB and ~5 kernel packages (disclaimer: writing from memory).

@andrewdavidwong andrewdavidwong removed this from the Release TBD milestone Aug 13, 2023
@marmarek
Copy link
Member

It looks like apt dist-upgrade in bookworm does remove unused kernels automatically, but it isn't full autoremove so the remark in #6676 (comment) doesn't apply. On the other hand, apt-get dist-upgrade doesn't do that. May be worth looking how apt does that, and do similar thing in qubes-vm-update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C: Debian/Ubuntu C: Fedora C: updates P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. ux User experience
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

8 participants