Problem when creating a new standalone VM based on a template via the command line.
Keld Norman
I want to automate the creation of a Qube that I normally do in the Qubes Manager GUI:
select Qubes -> Create New Qube
TYPE: Standalone Qube based on template.
TEMPLATE: bionic
I have made this script and it works fine when adding a Qube as an AppVM instead of a StandaloneVM
#------------------------------------
# SCRIPT:
#------------------------------------
#!/bin/bash
clear
echo ""
SHUTDOWN_TIMEOUT=30
VM_NAME="Ubuntu18"
if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
#echo " The VM called ${VM_NAME} exist - do you want to delete it and re-create it?"
# ask here.. to do scripting
#echo ""
# exit 1
echo " Deleting VM: ${VM_NAME}"
echo " ---------------------------"
echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
/usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
echo " - Deleting VM named ${VM_NAME}"
/usr/bin/qvm-remove --force ${VM_NAME}
fi
# CREATE NEW VM
echo ""
echo " Creating VM: ${VM_NAME}"
echo " ---------------------------"
echo " Class AppVM"
echo " VirtMode hvm"
echo " Template bionic"
echo " Label orange"
echo " NetVM sys-net"
echo " Kernel ''"
echo " VCPU(s) 8"
echo " Memory 4096"
/usr/bin/qvm-create --class StandaloneVM --template bionic --label orange --property vcpus=8 --property memory=4096 --property maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
exit
echo ""
echo " - Disabling Memory info writer service"
/usr/bin/qvm-service ${VM_NAME} meminfo-writer off
/usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
etc etc ...
# -----------------------------------------------
# Here is the isolated command that fails:
[user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange --property vcpus=8 --property memory=4096 --property maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property kernel='' Ubuntu18
# And here the output from journalctl -xe
[user@dom0 bin]$ journalctl -xe
-- Unit user-0.slice has finished shutting down.
Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: balance_when_enough_memory(xen_free_memory=70634428, total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208 acceptors_count=2
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460 acceptors_count=1
Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for user root
Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/5 res=success'
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: balance_when_enough_memory(xen_free_memory=70634428, total_mem_pref=3254653644.8, total_available_memory=28756063562.199997)
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351 acceptors_count=2
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825 acceptors_count=1
Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic' len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE PROBLEM ?
Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 262, in respond
Oct 29 10:27:46 dom0 qubesd[2612]: untrusted_payload=untrusted_payload)
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/futures.py", line 381, in __iter__
Oct 29 10:27:46 dom0 qubesd[2612]: yield self # This tells Task to wait for completion.
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
Oct 29 10:27:46 dom0 qubesd[2612]: future.result()
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
Oct 29 10:27:46 dom0 qubesd[2612]: raise self._exception
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
Oct 29 10:27:46 dom0 qubesd[2612]: result = coro.send(None)
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/coroutines.py", line 213, in coro
Oct 29 10:27:46 dom0 qubesd[2612]: res = yield from res
Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib/python3.5/site-packages/qubes/api/admin.py", line 998, in _vm_create
Oct 29 10:27:46 dom0 qubesd[2612]: assert not self.arg
Oct 29 10:27:46 dom0 qubesd[2612]: AssertionError
Can anybody help me with what the problem could be ?
Best regards
Keld Norman
Fidel Ramos
> I am scripting the creation of a new standalone VM based on a template.
>
> I want to automate the creation of a Qube that I normally do in the Qubes Manager GUI:
> select Qubes -> Create New Qube
> TYPE: Standalone Qube based on template.
> TEMPLATE: bionic
>
> I have made this script and it works fine when adding a Qube as an AppVM instead of a StandaloneVM
>
> #------------------------------------
>
>
> ========
> #------------------------------------
>
> #!/bin/bash
> clear
> echo ""
> SHUTDOWN_TIMEOUT=30
> VM_NAME="Ubuntu18"
>
> if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
> #echo " The VM called ${VM_NAME} exist - do you want to delete it and re-create it?"
>
>
>
> #echo ""
>
> exit 1
>
> =======
> echo " Deleting VM: ${VM_NAME}"
> echo " ---------------------------"
> echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
> /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
> echo " - Deleting VM named ${VM_NAME}"
> /usr/bin/qvm-remove --force ${VM_NAME}
> fi
>
>
> ==============
> echo ""
> echo " Creating VM: ${VM_NAME}"
> echo " ---------------------------"
> echo " Class AppVM"
> echo " VirtMode hvm"
> echo " Template bionic"
> echo " Label orange"
> echo " NetVM sys-net"
> echo " Kernel ''"
> echo " VCPU(s) 8"
> echo " Memory 4096"
>
> /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange --property vcpus=8 --property memory=4096 --property maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
> exit
> echo ""
> echo " - Disabling Memory info writer service"
> /usr/bin/qvm-service ${VM_NAME} meminfo-writer off
> /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
> etc etc ...
>
>
> ================================================
> Here is the isolated command that fails:
>
> [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange --property vcpus=8 --property memory=4096 --property maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property kernel='' Ubuntu18
>
>
> [user@dom0 bin]$ journalctl -xe
> -- Unit user-0.slice has finished shutting down.
> Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: balance_when_enough_memory(xen_free_memory=70634428, total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208 acceptors_count=2
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460 acceptors_count=1
> Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for user root
> Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
> Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/5 res=success'
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: balance_when_enough_memory(xen_free_memory=70634428, total_mem_pref=3254653644.8, total_available_memory=28756063562.199997)
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351 acceptors_count=2
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825 acceptors_count=1
> Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic' len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE PROBLEM ?
> Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
> Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
> Oct 29 10:27:46 dom0 qubesd[2612]: future.result()
> Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
> Oct 29 10:27:46 dom0 qubesd[2612]: raise self._exception
> Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
> Oct 29 10:27:46 dom0 qubesd[2612]: result = coro.send(None)
> Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib64/python3.5/asyncio/coroutines.py", line 213, in coro
> Oct 29 10:27:46 dom0 qubesd[2612]: res = yield from res
> Oct 29 10:27:46 dom0 qubesd[2612]: File "/usr/lib/python3.5/site-packages/qubes/api/admin.py", line 998, in _vm_create
> Oct 29 10:27:46 dom0 qubesd[2612]: assert not self.arg
> Oct 29 10:27:46 dom0 qubesd[2612]: AssertionError
https://github.com/QubesOS/qubes-core-admin/blob/master/qubes/api/admin.py#L998
I think it's because of the argument "bionic". I'm still familiarizing myself with Qubes' CLI tools, but I think you might need to use "qvm-create --hvm-template". Reading https://www.qubes-os.org/doc/windows-tools/ it looks like "--hvm" and "--template" are to be used to create an AppVM based off a Standalone HVM.
If this doesn't work you could edit /usr/lib/python3.5/site-packages/qubes/api/admin.py and add a "print self.arg" right before the assert, that way you should see what is the argument that is not expected by the code.
Fidel Ramos
PGP 7F07 1B7C 479F EDD1 - https://keybase.io/fidel
unman
(which doesnt have a template) by specifying a template.
Try 'qvm-clone --class StandaloneVM bionic Ubuntu18'
and then adjust the prefs as you will using 'qvm-prefs Ubuntu18'
unman