Re: [qubes-users] qvm-create-windows-qube Automatically creates
Well, once we have Chocolatey provisioned we can easily specify for Sysinternals to be pre-insatlled. As for the zeroing, there is an option in the windows-7.xml answer file that provides an option to zero the disk before installation but I disabled it because I though it would slow down the installation. Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐ Original Message ‐‐‐ On Thursday, August 29, 2019 1:52 PM, Brendan Hoar wrote: > Couple more: > > - As windows 7 does not support SCSI unmap, and C and E are on virtual SCSI > devices: install sdelete by default and schedule sdelete.exe -z C:\ and > sdelete -z E:\ ... largish zero writes are caught at the lvm later and > unallocated from storage - plus passed on as discards to physical storage if > you’ve enabled this in Qubes (as per testing). > > - Possibly work an initial defrag run into the deployment but before sdelete > as it saved about 1GB of LVM storage per VM (prob related to lvm chunk size). > > B > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > [https://groups.google.com/d/msgid/qubes-users/CAOajFeeBikBT%2B5HJfts5wGrNvYtpZqdy2beDSBCV6s3K%3Dqq%3DqA%40mail.gmail.com](https://groups.google.com/d/msgid/qubes-users/CAOajFeeBikBT%2B5HJfts5wGrNvYtpZqdy2beDSBCV6s3K%3Dqq%3DqA%40mail.gmail.com?utm_medium=email&utm_source=footer). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/EfKh_Gn32gc00AdKvO3AzBJ-GkI5MmE6skB6E_niQCit-EW_4aXUbgJi3oNHcaSK_vRDKTR5k_umOWv0bGQIdr5je6LDDSuI2psNzV7Gz1c%3D%40protonmail.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
Hi Brendan, I'm not sure why you're getting only 50/50 success rate on the installations. For me it's been perfect every time. This will need to be investigated. Some of that stuff about increasing I/O throughput and stub priority stuff sounds great as I was unaware of it. Right now when QWT is installed the automatic installation leaves a checkbox related to increasing I/O performance with an extra Xen driver unchecked. I believe I tested it before and as long as you have decent amount of updates installed it appears to work fine. Maybe we can fine a command-line switch to install that extra driver too? As for the Windows updates do be informed that we must install a minimum of them or QWT will fail to install causing the system to go into recovery mode on next boot. Just having Service Pack 1 (SP1) isn't enough. Hence why I had to at least use wusa.exe to install those to WSU update packages out of the box. (The Servicing Stack and Convenience Rollup which is a bunch of updates in two update packages) I don't see why restarting windows-mgmt would be necessary. If you look at the create-media.sh script I've tried to make it as safe as possible by setting a TRAP on exit, ^C, etc so if the process is interrupted in anyway it will do it's best to clean up. However, all this may be fixed by packer (package on Debian) which I'm looking into and could completely streamline this process. Right now I have updates set to download and install automatically but turned off automatic reboots. I didn't want to turn off updates out of the box because as provided the machine is missing many important security updates. For example, it's vulnerable to MS17-010. However, this technically shouldn't matter as long as port 445 it's port forwarded to the LAN or another qube. I also never had an issue with the qrexec_timeout but perhaps that's because I have a fast SSD. I've been working on this lately as it would be able to easily specify programs to pre-install: https://github.com/crazyqube/qvm-create-windows-qube/tree/chocolatey (Read the todo in the README for more info about research and future changes) It's mostly done although it requires testing. Also, this: https://github.com/chocolatey/chocolatey.org/issues/687 is currently a big issue as I don't want people who want their Windows VM behind Tor to be treated like second-class citizens. Lastly, this project is in the process of being put into official documentation! https://github.com/QubesOS/qubes-doc/pull/854 Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐ Original Message ‐‐‐ On Thursday, August 29, 2019 1:27 PM, wrote: > Hi crazyqube, > > I've used this to generate 20-30 VMs. > > I've noticed some incomplete installs (50/50). There do seem to be come > timing dependencies that sometimes cause failures. I'll be investigating > these further next week. > > I have some thoughts on changes I'll work on, if you're not planning to work > on them, that might address some of these: > > - Defaulting to debug=true so that boot problems can be easily diagnosed, > with instructions on how the user should manually disable it when finished. > - Increasing the device-stub VM priority from 256 to 1000 during install > utilizing xl sched-credit. This dramatically increases the IO throughput for > the installation. > - Defaulting to no-network. For the most qubes usage, I think many of us > won't plan to connect Windows to the internet. > - If network is explicitly set, only set it to the given option before/after > the final boot cycle, to minimize interference. > - Increasing the run-time of the final boot cycle, and possibly overlapping > that shutdown with the next creation. Utilize qvm-run shutdown.exe or qvm-run > a script instead of qvm-shutdown. > - Refactor repeated code into bash functions. > - Ensure loop devices in windows-mgmt are removed when finished (keep the > qui-devices menu uncluttered) > - Perhaps restart windows-mgmt between VM creations. > - Automate installation of xenvbd 8.2.2 or 8.2.1 after appropriate Windows 7 > updates are installed. > - Document that xenvbd is needed for attaching block devices from qui-devices. > - Utilize double digit counter instead of single digit. > - Option to disable windows update permanantly. > - Option to initiate windows update on last reboot (after QWT is installed). > - Increase qrexec_timeout to 600 by default. > > Brendan > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > [https://groups.google.com/d/msgid/qubes-users/aa0b38ae-ec25-40cb-a0c4-0c92b3cd2be7%40googlegroups.com](https://groups.google.com/d/msgid/qubes-users/aa0b38ae-ec25-40cb-a0c4-0c92b3cd2be7%40googlegroups.com?utm_medium=email&utm_source=footer). -- You rece
Re: [qubes-users] qvm-create-windows-qube Automatically creates
On Fri, Aug 30, 2019 at 2:14 AM 799 wrote: > Hello Brendan, > > Thanks for the improvement list. Some questions: > > schrieb am Do., 29. Aug. 2019, 15:27: > >> - Increasing the device-stub VM priority from 256 to 1000 during install >> utilizing xl sched-credit. This dramatically increases the IO throughput >> for the installation. >> > > How can this be done? what is the device-stub VM priority? Can this be set > via qvm-prefs? > xl sched-credit -d ${current_name}-dm -w 1000 # execute after sleep nn seconds after each VM startup. -dm is the stub device VM for HVMs. It is temporary until next restart. - Increasing the run-time of the final boot cycle, and possibly overlapping >> that shutdown with the next creation. Utilize qvm-run shutdown.exe or >> qvm-run a script instead of qvm-shutdown. >> > > How can this be done? > $( sleep 360; qvm-run “${current_name}” “shutdown.exe /s /t 0” )& # I think - Automate installation of xenvbd 8.2.2 or 8.2.1 after appropriate Windows >> 7 updates are installed. >> > > xenvbd = Qubes Tools ? > It’s in Xen tools, installed by Qubes tools but that module is not installed by default by Qubes tools as it is buggy with unpatched win 7. Since the script patches Win 7 it should be ok. I downloaded the 8.2.2 version of the xenvbd driver (don’t use unsigned daily build) from the xen site and installed that manually. Then you can use qui-devices widget to attach devices. It’d be nice to add automating that to the winmgmt VM downloads, iso mounting and installing steps. B > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOajFecXBxgPN1CEUEQXvn_80rthbd83e9z84r9wj0dWWruobg%40mail.gmail.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
Hello Brendan, Thanks for the improvement list. Some questions: schrieb am Do., 29. Aug. 2019, 15:27: > - Increasing the device-stub VM priority from 256 to 1000 during install > utilizing xl sched-credit. This dramatically increases the IO throughput > for the installation. > How can this be done? what is the device-stub VM priority? Can this be set via qvm-prefs? - Increasing the run-time of the final boot cycle, and possibly overlapping > that shutdown with the next creation. Utilize qvm-run shutdown.exe or > qvm-run a script instead of qvm-shutdown. > How can this be done? - Automate installation of xenvbd 8.2.2 or 8.2.1 after appropriate Windows > 7 updates are installed. > xenvbd = Qubes Tools ? [799] > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vG0KE214X86OzSN1pME%3DNRtsJ85zo9m_9Axva45beHWQ%40mail.gmail.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
Couple more: - As windows 7 does not support SCSI unmap, and C and E are on virtual SCSI devices: install sdelete by default and schedule sdelete.exe -z C:\ and sdelete -z E:\ ... largish zero writes are caught at the lvm later and unallocated from storage - plus passed on as discards to physical storage if you’ve enabled this in Qubes (as per testing). - Possibly work an initial defrag run into the deployment but before sdelete as it saved about 1GB of LVM storage per VM (prob related to lvm chunk size). B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOajFeeBikBT%2B5HJfts5wGrNvYtpZqdy2beDSBCV6s3K%3Dqq%3DqA%40mail.gmail.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
Hi crazyqube, I've used this to generate 20-30 VMs. I've noticed some incomplete installs (50/50). There do seem to be come timing dependencies that sometimes cause failures. I'll be investigating these further next week. I have some thoughts on changes I'll work on, if you're not planning to work on them, that might address some of these: - Defaulting to debug=true so that boot problems can be easily diagnosed, with instructions on how the user should manually disable it when finished. - Increasing the device-stub VM priority from 256 to 1000 during install utilizing xl sched-credit. This dramatically increases the IO throughput for the installation. - Defaulting to no-network. For the most qubes usage, I think many of us won't plan to connect Windows to the internet. - If network is explicitly set, only set it to the given option before/after the final boot cycle, to minimize interference. - Increasing the run-time of the final boot cycle, and possibly overlapping that shutdown with the next creation. Utilize qvm-run shutdown.exe or qvm-run a script instead of qvm-shutdown. - Refactor repeated code into bash functions. - Ensure loop devices in windows-mgmt are removed when finished (keep the qui-devices menu uncluttered) - Perhaps restart windows-mgmt between VM creations. - Automate installation of xenvbd 8.2.2 or 8.2.1 after appropriate Windows 7 updates are installed. - Document that xenvbd is needed for attaching block devices from qui-devices. - Utilize double digit counter instead of single digit. - Option to disable windows update permanantly. - Option to initiate windows update on last reboot (after QWT is installed). - Increase qrexec_timeout to 600 by default. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa0b38ae-ec25-40cb-a0c4-0c92b3cd2be7%40googlegroups.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
On Tuesday, August 20, 2019 at 6:54:02 PM UTC-4, 799 wrote: > > Hello, > On Tue, 20 Aug 2019 at 21:34, 'awokd' via qubes-users < > qubes...@googlegroups.com > wrote: > >> 'crazyqube' via qubes-users: >> > I just made my solution for fully automatically creating and installing >> new Windows qubes from scratch public! It pre-installs Qubes Windows Tools >> and Firefox so now you don't even have to open Internet Explorer to >> download a good browser! (lol) >> > >> > If you have any issues or suggestions then by all means create an issue >> and I'll look into it. >> > > > I am trying to run through the process but want to do it by CLI from dom0 > only. > This would even allow more automation as we can write a script which will > do the last manuell steps like creating the windows-mgmt qube etc. > cq appears to have added your dom0 initiation steps, so kudos to both of you. I opened an issue with dom0's $HOME value being passed to windows-mgmt, which fails to find the iso (admin vs user account name), but with a quick edit it's running now. Will report back. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a480c627-179b-4dfb-899f-5b12b411cf3c%40googlegroups.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
Hello, On Tue, 20 Aug 2019 at 21:34, 'awokd' via qubes-users < qubes-users@googlegroups.com> wrote: > 'crazyqube' via qubes-users: > > I just made my solution for fully automatically creating and installing > new Windows qubes from scratch public! It pre-installs Qubes Windows Tools > and Firefox so now you don't even have to open Internet Explorer to > download a good browser! (lol) > > > > It's currently ready for use at: > > https://github.com/crazyqube/qvm-create-windows-qube > > > > If you have any issues or suggestions then by all means create an issue > and I'll look into it. > > > > -crazyqube > > > > P.S. If you use it and find it good then please give it a well-deserved > star! > if this works,it would be great. I am trying to run through the process but want to do it by CLI from dom0 only. This would even allow more automation as we can write a script which will do the last manuell steps like creating the windows-mgmt qube etc. You should be able to run all steps to setup, via dom0: # create a new AppVM qvm-create --class AppVM --template fedora-30 --label black windows-mgmt # Increase storage capacity qvm-volume extend windows-mgmt:private 20480M # Install Git in the AppVM (will be gone on next reboot) qvm-run --auto --pass-io --no-gui --user root windows-mgmt 'dnf install -y git' # Clone repository of qvm-create-windows-qube qvm-run --auto --pass-io --no-gui windows-mgmt 'cd Documents && git clone https://github.com/crazyqube/qvm-create-windows-qube' # Run the script to download all files qvm-run --auto --pass-io --no-gui windows-mgmt 'cd Documents/qvm-create-windows-qube && ./download-windows.sh' # install windows tools sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools # copy script to dom0 qvm-run --pass-io windows-mgmt 'cat $HOME/Documents/qvm-create-windows-qube/qvm-create-windows-qube.sh' > qvm-create-windows-qube.sh Feel free to add this to your script/repo. [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2v8ukZ%2BGud0B3yfDd%3DyEDbrwUs1A7W%2Bd3WNUYdcXkbJtQ%40mail.gmail.com.
Re: [qubes-users] qvm-create-windows-qube Automatically creates
'crazyqube' via qubes-users: > I just made my solution for fully automatically creating and installing new > Windows qubes from scratch public! It pre-installs Qubes Windows Tools and > Firefox so now you don't even have to open Internet Explorer to download a > good browser! (lol) > > It's currently ready for use at: > https://github.com/crazyqube/qvm-create-windows-qube > > If you have any issues or suggestions then by all means create an issue and > I'll look into it. > > -crazyqube > > P.S. If you use it and find it good then please give it a well-deserved star! > Nice script. What is auto-tools or where does it come from? Also, would it be possible to make available a deterministic/reproducible slipstreamed ISO with the Windows updates and QWT drivers integrated? With a SHA256 sum, it could save some steps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0582133-ed54-fd4b-4cef-776562d67a57%40danwin1210.me.
[qubes-users] qvm-create-windows-qube Automatically creates
I just made my solution for fully automatically creating and installing new Windows qubes from scratch public! It pre-installs Qubes Windows Tools and Firefox so now you don't even have to open Internet Explorer to download a good browser! (lol) It's currently ready for use at: https://github.com/crazyqube/qvm-create-windows-qube If you have any issues or suggestions then by all means create an issue and I'll look into it. -crazyqube P.S. If you use it and find it good then please give it a well-deserved star! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bpwyxERHZ4SBLZrCqVsTsdGRUA1RpDZInKemp-8J5BpMkHj3JxzYSveq5RaLKppkOjTgbpy1zoe73EuOo5xl63ROS4yJF7L-42KwjzX2Q0s%3D%40protonmail.com.