Bash Scripting VM operations in dom0

[0pcom]

Qubes OS version:

4.0

Affected component(s):

qvm-run

---

Steps to reproduce the behavior:

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
Here is a basic outline:

read -p "qvm-create new VMs? (y/n)" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
    qvm-create new-qube-1 --label blue --property netvm=sys-net --property memory=4000 --template=debian-9
fi
echo
read -p "execute configuration on new-qube-1? (y/n)" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
   qvm-copy-to-vm new-qube-1 config
   qvm-run new-qube-1 '~/QubesIncoming/dom0/config' --pass-io

qvm-run my-new-qube '~/QubesIncoming/dom0/config' --pass-io
the output of this command executes in the dom0 terminal, but is unsuccessful

qvm-run my-new-qube 'xterm ~/QubesIncoming/dom0/config' --pass-io
this outputs in xterm, and also does not succeed

qvm-run my-new-qube 'gnome-terminal -e ~/QubesIncoming/dom0/config' --pass-io
this launches gnome-terminal, runs the script, but does not succeed.

qvm-run my-new-qube 'xfce4-terminal -e ~/QubesIncoming/dom0/config' --pass-io
this launches xfce4-terminal, runs the script, but does not succeed.

failed to connect to session manager: failed to connect to session manager:
`SESSION_MANAGER environment variable not defined'

However, when I otherwise launch the VM terminal and run the script, it works

Expected behavior:

https://github.com/0pcom/qubes-skywire/blob/master/skydom0

Actual behavior:

It seems the issue is special characters
avoiding special characters is why I tried passed files containing scripts to the VMs
after sending individual commands failed because of nested commands like echo echo, etc.

General notes:

If there is a better way to do this I'd like to know.

---

Related issues:

/usr/lib/qubes/qubes-rpc-multiplexer: 36: /usr/lib/qubes/qubes-rpc-multiplexer:
/home/user/.bahrc: not found

This error occurs frequently but doesn't appear to affect anything.
.bahrc is not a valid name in any case

[andrewdavidwong]

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
[...]
If there is a better way to do this I'd like to know.

I think this is intended to be the better way:

https://www.qubes-os.org/doc/salt/

[andrewdavidwong]

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
[...]
If there is a better way to do this I'd like to know.

I think this is intended to be the better way:

https://www.qubes-os.org/doc/salt/

[0pcom]

Thank you Andrew.

However, as stated in the doc, it is not easy to understand at first introduction.
I have struggled to make it even as far as I have
in an area where I have little previous experience and am barely competent.

The bash script I have will work with minimal alteration if I simply require users to start the per VM configuration scripts manually- requiring ~40 keystrokes on the part of the user to complete the configuration. This will have to do for now.

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible. The script was only intended to save the time of setting up this configuration per every VM instance. So far it's taken more time to do this than it has saved.

I will study salting, per your recommendation.

Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Perhaps something like what andrewclausen suggested at the end of: #2581

[0pcom]

Thank you Andrew.

However, as stated in the doc, it is not easy to understand at first introduction.
I have struggled to make it even as far as I have
in an area where I have little previous experience and am barely competent.

The bash script I have will work with minimal alteration if I simply require users to start the per VM configuration scripts manually- requiring ~40 keystrokes on the part of the user to complete the configuration. This will have to do for now.

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible. The script was only intended to save the time of setting up this configuration per every VM instance. So far it's taken more time to do this than it has saved.

I will study salting, per your recommendation.

Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Perhaps something like what andrewclausen suggested at the end of: #2581

[andrewdavidwong]

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible.
[...]
Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Have you tried the qvm-run --no-filter-escape-chars option? (This option is a security risk, but given what you've said, it sounds like this might be an acceptable risk for your experimental system.)

[andrewdavidwong]

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible.
[...]
Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Have you tried the qvm-run --no-filter-escape-chars option? (This option is a security risk, but given what you've said, it sounds like this might be an acceptable risk for your experimental system.)