Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
On Mon, Oct 29, 2018 at 10:29:30AM +, Fidel Ramos wrote: > ‐‐‐ Original Message ‐‐‐ > On Monday, October 29, 2018 9:55 AM, Keld Norman > wrote: > > > I am scripting the creation of a new standalone VM based on a template. > > > > I want to automate the creation of a Qube that I normally do in the Qubes > > Manager GUI: > > select Qubes -> Create New Qube > > TYPE: Standalone Qube based on template. > > TEMPLATE: bionic > > > > I have made this script and it works fine when adding a Qube as an AppVM > > instead of a StandaloneVM > > > > # > > > > SCRIPT: > > > > > > > > # > > > > #!/bin/bash > > clear > > echo "" > > SHUTDOWN_TIMEOUT=30 > > VM_NAME="Ubuntu18" > > > > if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then > > #echo " The VM called ${VM_NAME} exist - do you want to delete it and > > re-create it?" > > > > ask here.. to do scripting > > > > === > > > > #echo "" > > > > exit 1 > > > > === > > > > echo " Deleting VM: ${VM_NAME}" > > echo " ---" > > echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})" > > /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME} > > echo " - Deleting VM named ${VM_NAME}" > > /usr/bin/qvm-remove --force ${VM_NAME} > > fi > > > > CREATE NEW VM > > > > == > > > > echo "" > > echo " Creating VM: ${VM_NAME}" > > echo " ---" > > echo " Class AppVM" > > echo " VirtMode hvm" > > echo " Template bionic" > > echo " Label orange" > > echo " NetVM sys-net" > > echo " Kernel ''" > > echo " VCPU(s) 8" > > echo " Memory 4096" > > > > /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange > > --property vcpus=8 --property memory=4096 --property maxmem=4096 --property > > netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME} > > exit > > echo "" > > echo " - Disabling Memory info writer service" > > /usr/bin/qvm-service ${VM_NAME} meminfo-writer off > > /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer > > etc etc ... > > > > --- > > > > > > > > Here is the isolated command that fails: > > > > = > > > > [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic > > --label orange --property vcpus=8 --property memory=4096 --property > > maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property > > kernel='' Ubuntu18 > > > > And here the output from journalctl -xe > > > > > > > > [user@dom0 bin]$ journalctl -xe > > -- Unit user-0.slice has finished shutting down. > > Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 > > ses=4294967295 msg='unit=user@0 comm="systemd" > > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > > Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226): > > pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" > > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: > > balance_when_enough_memory(xen_free_memory=70634428, > > total_mem_pref=3319025152.0, total_available_memory=28691692055.0) > > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208 > > acceptors_count=2 > > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460 > > acceptors_count=1 > > Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for > > user root > > Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2 > > msg='op=PAM:session_close > > grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix > > acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de > > Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2 > > msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" > > exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/5 res=success' > > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: > > balance_when_enough_memory(xen_free_memory=70634428, > > total_mem_pref=3254653644.8, total_available_memory=28756063562.17) > > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351 > > acceptors_count=2 > > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825 > > acceptors_count=1 > > Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling > > src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic' > > len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE > > PROBLEM ? > > Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last): > > Oct 29 10:27:46 dom0 qubesd[2612]: File > > "/usr/lib/python3.5/site-packages/qubes/api/init.py", lin
Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
‐‐‐ Original Message ‐‐‐ On Monday, October 29, 2018 9:55 AM, Keld Norman wrote: > I am scripting the creation of a new standalone VM based on a template. > > I want to automate the creation of a Qube that I normally do in the Qubes > Manager GUI: > select Qubes -> Create New Qube > TYPE: Standalone Qube based on template. > TEMPLATE: bionic > > I have made this script and it works fine when adding a Qube as an AppVM > instead of a StandaloneVM > > # > > SCRIPT: > > > > # > > #!/bin/bash > clear > echo "" > SHUTDOWN_TIMEOUT=30 > VM_NAME="Ubuntu18" > > if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then > #echo " The VM called ${VM_NAME} exist - do you want to delete it and > re-create it?" > > ask here.. to do scripting > > === > > #echo "" > > exit 1 > > === > > echo " Deleting VM: ${VM_NAME}" > echo " ---" > echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})" > /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME} > echo " - Deleting VM named ${VM_NAME}" > /usr/bin/qvm-remove --force ${VM_NAME} > fi > > CREATE NEW VM > > == > > echo "" > echo " Creating VM: ${VM_NAME}" > echo " ---" > echo " Class AppVM" > echo " VirtMode hvm" > echo " Template bionic" > echo " Label orange" > echo " NetVM sys-net" > echo " Kernel ''" > echo " VCPU(s) 8" > echo " Memory 4096" > > /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange > --property vcpus=8 --property memory=4096 --property maxmem=4096 --property > netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME} > exit > echo "" > echo " - Disabling Memory info writer service" > /usr/bin/qvm-service ${VM_NAME} meminfo-writer off > /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer > etc etc ... > > --- > > > > Here is the isolated command that fails: > > = > > [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic > --label orange --property vcpus=8 --property memory=4096 --property > maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property > kernel='' Ubuntu18 > > And here the output from journalctl -xe > > > > [user@dom0 bin]$ journalctl -xe > -- Unit user-0.slice has finished shutting down. > Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 > ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" > hostname=? addr=? terminal=? res=success' > Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226): > pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: > balance_when_enough_memory(xen_free_memory=70634428, > total_mem_pref=3319025152.0, total_available_memory=28691692055.0) > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208 > acceptors_count=2 > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460 > acceptors_count=1 > Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for > user root > Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2 > msg='op=PAM:session_close > grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix > acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de > Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2 > msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" > hostname=? addr=? terminal=/dev/pts/5 res=success' > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: > balance_when_enough_memory(xen_free_memory=70634428, > total_mem_pref=3254653644.8, total_available_memory=28756063562.17) > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351 > acceptors_count=2 > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825 > acceptors_count=1 > Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling > src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic' > len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE > PROBLEM ? > Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last): > Oct 29 10:27:46 dom0 qubesd[2612]: File > "/usr/lib/python3.5/site-packages/qubes/api/init.py", line 262, in respond > Oct 29 10:27:46 dom0 qubesd[2612]: untrusted_payload=untrusted_payload) > Oct 29 10:27:46 dom0 qubesd[2612]: File > "/usr/lib64/python3.5/asyncio/futures.py", line 381, in iter > Oct 29 10:27:46 dom0 qubesd[2612]: yield self # This tells Task to wait for > completion. > Oct 29 10:27:46 dom0 qubesd[2612]