Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
On Mon, Oct 29, 2018 at 10:29:30AM +, Fidel Ramos wrote:
> ‐‐‐ Original Message ‐‐‐
> On Monday, October 29, 2018 9:55 AM, Keld Norman
> wrote:
>
> > I am scripting the creation of a new standalone VM based on a template.
> >
> > I want to automate the creation of a Qube that I normally do in the Qubes
> > Manager GUI:
> > select Qubes -> Create New Qube
> > TYPE: Standalone Qube based on template.
> > TEMPLATE: bionic
> >
> > I have made this script and it works fine when adding a Qube as an AppVM
> > instead of a StandaloneVM
> >
> > #
> >
> > SCRIPT:
> >
> >
> >
> > #
> >
> > #!/bin/bash
> > clear
> > echo ""
> > SHUTDOWN_TIMEOUT=30
> > VM_NAME="Ubuntu18"
> >
> > if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
> > #echo " The VM called ${VM_NAME} exist - do you want to delete it and
> > re-create it?"
> >
> > ask here.. to do scripting
> >
> > ===
> >
> > #echo ""
> >
> > exit 1
> >
> > ===
> >
> > echo " Deleting VM: ${VM_NAME}"
> > echo " ---"
> > echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
> > /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
> > echo " - Deleting VM named ${VM_NAME}"
> > /usr/bin/qvm-remove --force ${VM_NAME}
> > fi
> >
> > CREATE NEW VM
> >
> > ==
> >
> > echo ""
> > echo " Creating VM: ${VM_NAME}"
> > echo " ---"
> > echo " Class AppVM"
> > echo " VirtMode hvm"
> > echo " Template bionic"
> > echo " Label orange"
> > echo " NetVM sys-net"
> > echo " Kernel ''"
> > echo " VCPU(s) 8"
> > echo " Memory 4096"
> >
> > /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange
> > --property vcpus=8 --property memory=4096 --property maxmem=4096 --property
> > netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
> > exit
> > echo ""
> > echo " - Disabling Memory info writer service"
> > /usr/bin/qvm-service ${VM_NAME} meminfo-writer off
> > /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
> > etc etc ...
> >
> > ---
> >
> >
> >
> > Here is the isolated command that fails:
> >
> > =
> >
> > [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic
> > --label orange --property vcpus=8 --property memory=4096 --property
> > maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property
> > kernel='' Ubuntu18
> >
> > And here the output from journalctl -xe
> >
> >
> >
> > [user@dom0 bin]$ journalctl -xe
> > -- Unit user-0.slice has finished shutting down.
> > Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
> > ses=4294967295 msg='unit=user@0 comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> > Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226):
> > pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]:
> > balance_when_enough_memory(xen_free_memory=70634428,
> > total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208
> > acceptors_count=2
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460
> > acceptors_count=1
> > Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for
> > user root
> > Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2
> > msg='op=PAM:session_close
> > grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix
> > acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
> > Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2
> > msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root"
> > exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/5 res=success'
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]:
> > balance_when_enough_memory(xen_free_memory=70634428,
> > total_mem_pref=3254653644.8, total_available_memory=28756063562.17)
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351
> > acceptors_count=2
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825
> > acceptors_count=1
> > Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling
> > src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic'
> > len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE
> > PROBLEM ?
> > Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
> > Oct 29 10:27:46 dom0 qubesd[2612]: File
> > "/usr/lib/python3.5/site-packages/qubes/api/init.py",
Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
‐‐‐ Original Message ‐‐‐
On Monday, October 29, 2018 9:55 AM, Keld Norman wrote:
> I am scripting the creation of a new standalone VM based on a template.
>
> I want to automate the creation of a Qube that I normally do in the Qubes
> Manager GUI:
> select Qubes -> Create New Qube
> TYPE: Standalone Qube based on template.
> TEMPLATE: bionic
>
> I have made this script and it works fine when adding a Qube as an AppVM
> instead of a StandaloneVM
>
> #
>
> SCRIPT:
>
>
>
> #
>
> #!/bin/bash
> clear
> echo ""
> SHUTDOWN_TIMEOUT=30
> VM_NAME="Ubuntu18"
>
> if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
> #echo " The VM called ${VM_NAME} exist - do you want to delete it and
> re-create it?"
>
> ask here.. to do scripting
>
> ===
>
> #echo ""
>
> exit 1
>
> ===
>
> echo " Deleting VM: ${VM_NAME}"
> echo " ---"
> echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
> /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
> echo " - Deleting VM named ${VM_NAME}"
> /usr/bin/qvm-remove --force ${VM_NAME}
> fi
>
> CREATE NEW VM
>
> ==
>
> echo ""
> echo " Creating VM: ${VM_NAME}"
> echo " ---"
> echo " Class AppVM"
> echo " VirtMode hvm"
> echo " Template bionic"
> echo " Label orange"
> echo " NetVM sys-net"
> echo " Kernel ''"
> echo " VCPU(s) 8"
> echo " Memory 4096"
>
> /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange
> --property vcpus=8 --property memory=4096 --property maxmem=4096 --property
> netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
> exit
> echo ""
> echo " - Disabling Memory info writer service"
> /usr/bin/qvm-service ${VM_NAME} meminfo-writer off
> /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
> etc etc ...
>
> ---
>
>
>
> Here is the isolated command that fails:
>
> =
>
> [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic
> --label orange --property vcpus=8 --property memory=4096 --property
> maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property
> kernel='' Ubuntu18
>
> And here the output from journalctl -xe
>
>
>
> [user@dom0 bin]$ journalctl -xe
> -- Unit user-0.slice has finished shutting down.
> Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
> ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd"
> hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226):
> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd"
> exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]:
> balance_when_enough_memory(xen_free_memory=70634428,
> total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208
> acceptors_count=2
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460
> acceptors_count=1
> Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for
> user root
> Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2
> msg='op=PAM:session_close
> grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix
> acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
> Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2
> msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo"
> hostname=? addr=? terminal=/dev/pts/5 res=success'
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]:
> balance_when_enough_memory(xen_free_memory=70634428,
> total_mem_pref=3254653644.8, total_available_memory=28756063562.17)
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351
> acceptors_count=2
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825
> acceptors_count=1
> Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling
> src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic'
> len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE
> PROBLEM ?
> Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
> Oct 29 10:27:46 dom0 qubesd[2612]: File
> "/usr/lib/python3.5/site-packages/qubes/api/init.py", line 262, in respond
> Oct 29 10:27:46 dom0 qubesd[2612]: untrusted_payload=untrusted_payload)
> Oct 29 10:27:46 dom0 qubesd[2612]: File
> "/usr/lib64/python3.5/asyncio/futures.py", line 381, in iter
> Oct 29 10:27:46 dom0 qubesd[2612]: yield self # This tells Task to wait for
> completion.
> Oct 29 10:27:46 dom0
