New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bash Scripting VM operations in dom0 #3913

Open
0pcom opened this Issue May 20, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@0pcom

0pcom commented May 20, 2018

Qubes OS version:

4.0

Affected component(s):

qvm-run


Steps to reproduce the behavior:

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
Here is a basic outline:

read -p "qvm-create new VMs? (y/n)" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
    qvm-create new-qube-1 --label blue --property netvm=sys-net --property memory=4000 --template=debian-9
fi
echo
read -p "execute configuration on new-qube-1? (y/n)" -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
   qvm-copy-to-vm new-qube-1 config
   qvm-run new-qube-1 '~/QubesIncoming/dom0/config' --pass-io

qvm-run my-new-qube '~/QubesIncoming/dom0/config' --pass-io
the output of this command executes in the dom0 terminal, but is unsuccessful

qvm-run my-new-qube 'xterm ~/QubesIncoming/dom0/config' --pass-io
this outputs in xterm, and also does not succeed

qvm-run my-new-qube 'gnome-terminal -e ~/QubesIncoming/dom0/config' --pass-io
this launches gnome-terminal, runs the script, but does not succeed.

qvm-run my-new-qube 'xfce4-terminal -e ~/QubesIncoming/dom0/config' --pass-io
this launches xfce4-terminal, runs the script, but does not succeed.

failed to connect to session manager: failed to connect to session manager:
`SESSION_MANAGER environment variable not defined'

However, when I otherwise launch the VM terminal and run the script, it works

Expected behavior:

https://github.com/0pcom/qubes-skywire/blob/master/skydom0

Actual behavior:

It seems the issue is special characters
avoiding special characters is why I tried passed files containing scripts to the VMs
after sending individual commands failed because of nested commands like echo echo, etc.

General notes:

If there is a better way to do this I'd like to know.


Related issues:

/usr/lib/qubes/qubes-rpc-multiplexer: 36: /usr/lib/qubes/qubes-rpc-multiplexer:
/home/user/.bahrc: not found

This error occurs frequently but doesn't appear to affect anything.
.bahrc is not a valid name in any case

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong May 20, 2018

Member

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
[...]
If there is a better way to do this I'd like to know.

I think this is intended to be the better way:

https://www.qubes-os.org/doc/salt/

Member

andrewdavidwong commented May 20, 2018

I've written a Bash script which runs from dom0 to automate creation and configuration of VMs
[...]
If there is a better way to do this I'd like to know.

I think this is intended to be the better way:

https://www.qubes-os.org/doc/salt/

@0pcom

This comment has been minimized.

Show comment
Hide comment
@0pcom

0pcom May 20, 2018

Thank you Andrew.

However, as stated in the doc, it is not easy to understand at first introduction.
I have struggled to make it even as far as I have
in an area where I have little previous experience and am barely competent.

The bash script I have will work with minimal alteration if I simply require users to start the per VM configuration scripts manually- requiring ~40 keystrokes on the part of the user to complete the configuration. This will have to do for now.

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible. The script was only intended to save the time of setting up this configuration per every VM instance. So far it's taken more time to do this than it has saved.

I will study salting, per your recommendation.

Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Perhaps something like what andrewclausen suggested at the end of: #2581

0pcom commented May 20, 2018

Thank you Andrew.

However, as stated in the doc, it is not easy to understand at first introduction.
I have struggled to make it even as far as I have
in an area where I have little previous experience and am barely competent.

The bash script I have will work with minimal alteration if I simply require users to start the per VM configuration scripts manually- requiring ~40 keystrokes on the part of the user to complete the configuration. This will have to do for now.

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible. The script was only intended to save the time of setting up this configuration per every VM instance. So far it's taken more time to do this than it has saved.

I will study salting, per your recommendation.

Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Perhaps something like what andrewclausen suggested at the end of: #2581

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong May 21, 2018

Member

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible.
[...]
Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Have you tried the qvm-run --no-filter-escape-chars option? (This option is a security risk, but given what you've said, it sounds like this might be an acceptable risk for your experimental system.)

Member

andrewdavidwong commented May 21, 2018

This is currently intended as an experimental system which holds no sensitive data and need not be as secured as absolutely possible.
[...]
Though, I would like to know if there is a solution that will allow the existing VM scripts to succeed in their configuration when they are called from dom0; without requiring the user to start them manually?

Have you tried the qvm-run --no-filter-escape-chars option? (This option is a security risk, but given what you've said, it sounds like this might be an acceptable risk for your experimental system.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment