Commit Graph

355 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7b9ee45c07
Choose QubesLocal or QubesRemote based on /etc/qubes-release presence
Do not check for qubesd socket (at module import time), because if not
running at this precise time, it will lead to wrong choice. And a weird
error message in consequence (looking for qrexec-client-vm in dom0).

Fixes QubesOS/qubes-issues#2917
2017-07-18 01:58:33 +02:00
Marek Marczykowski-Górecki
0c0b625a70
Merge branch 'devel-backup' 2017-07-18 01:49:37 +02:00
Marek Marczykowski-Górecki
f058c48c92
Merge branch 'devel-2-qvm-run-1'
* devel-2-qvm-run-1:
  Make pylint happy
  tools/qvm-run: fix handling EOF
  tests: mark qvm-run tests with "expected failure"
  tools/qvm-run: fix handling copying stdin to the process
2017-07-18 01:49:16 +02:00
Marek Marczykowski-Górecki
5178029a3c
Make pylint happy 2017-07-18 01:32:06 +02:00
Marek Marczykowski-Górecki
706cecd60d
tools/qvm-run: fix handling EOF 2017-07-18 01:12:43 +02:00
Marek Marczykowski-Górecki
40a1769806
tests: mark qvm-run tests with "expected failure"
since qvm-run use multiprocessing.Process now, stdin sent to it is
processed in separate process and doesn't come back to
TestApp.actual_calls (self.app). Annotate tests for now, to be fixed
later.
2017-07-18 01:03:57 +02:00
Marek Marczykowski-Górecki
e7ee06936a
tools/qvm-backup-restore: handle VMs selection, not only exclusion
QubesOS/qubes-issues#1214
2017-07-17 23:34:03 +02:00
Marek Marczykowski-Górecki
ce2215c603
backup: improve error logging
Include VM and volume name in data-related error mesages.

QubesOS/qubes-issues#1214
2017-07-17 23:32:31 +02:00
Marek Marczykowski-Górecki
f2fa613dce
backup: use 'cat' instead of read-write loop in python
The most important part is fixing resize handling - call size_func
before data_func, but after tar gets initial data (and output file
size).
But other than that, it makes the process a little faster.

QubesOS/qubes-issues#1214
2017-07-17 23:30:37 +02:00
Marek Marczykowski-Górecki
96d4a2f066
backup: change 'hvm' property to 'virt_mode'
QubesOS/qubes-issues#2912
2017-07-17 20:40:08 +02:00
Marek Marczykowski-Górecki
ced735b476
backup: do not show full stacktrace to the user
Opt for a simple one-liner error messages, instead of meaningless stack
trace (it's most of the time about qubesd responding with error, so the
stack trace of actual problem is elsewhere).
2017-07-17 20:28:23 +02:00
Marek Marczykowski-Górecki
ca399c1a5a
app: call admin.vm.volume.Import as root
This is needed to write LVM data.
2017-07-17 20:28:23 +02:00
Marek Marczykowski-Górecki
f0151d73b3
tools: add qvm-backup-restore
Frontend tool for backup restore code.

Fixes QubesOS/qubes-issues#1214
2017-07-17 20:28:22 +02:00
Marek Marczykowski-Górecki
137e1ed877
tests: backup: add firewall.xml and appmenus checking 2017-07-17 20:28:22 +02:00
Marek Marczykowski-Górecki
51f77d5834
firewall: fix handling DstHost.prefixlen=0
Do not silently convert it into 32 or 128 netmask. And also do not
include it actual rule (it's no-op check).
2017-07-17 20:28:22 +02:00
Marek Marczykowski-Górecki
f1036c27a7
backup: add firewall and appmenus list handling 2017-07-17 20:28:21 +02:00
Marek Marczykowski-Górecki
04ad224a9d
tests: add v4 (Qubes 4.0) backup format tests, move qubes.xml
Move qubes.xml to be tested into separate files. The backup tests script
is long enouch already.
2017-07-17 20:28:21 +02:00
Marek Marczykowski-Górecki
525f8dc7f3
tests/backup: use smaller images
This will be less realistic (private.img of 2MB?!), but makes tests much
quicker. And since tar is used to make files sparse, we don't really
test multi-part archives anyway.
2017-07-17 20:28:20 +02:00
Marek Marczykowski-Górecki
a91372a919
devices,features: fix bool values handling
API define False value serialized as '' and True as 'True'. Do not
serialize 0 as '' (features) or True as 'yes' (devices).
2017-07-17 20:27:35 +02:00
Marek Marczykowski-Górecki
e6d3425047
tests/backup: tests for backup-restore code
Based on "backup compatibility" tests, which manually assemble the
backup. This is because we don't have access to actual backup creation
code here.

QubesOS/qubes-issues#1214
2017-07-17 20:27:32 +02:00
Marek Marczykowski-Górecki
268a3453a9
backup: initial support for backup restore over Admin API
The code is mostly copied from core-admin.

QubesOS/qubes-issues#1214
2017-07-17 20:24:34 +02:00
Marek Marczykowski-Górecki
66f2e9c889
Merge remote-tracking branch 'qubesos/pr/11'
* qubesos/pr/11:
  added helper function updates_vms_status
2017-07-15 22:01:04 +02:00
Marek Marczykowski-Górecki
68ed06a200
Don't try to set 'created-by-' tag when cloning VM
This tag can't be set from outside of qubesd.
2017-07-14 04:14:46 +02:00
Marek Marczykowski-Górecki
941b553b81
tools/qvm-run: fix handling copying stdin to the process
Launch stdin copy loop in a separate process (multiprocessing.Process)
and terminate it when target process is terminated.
Another idea here was threads, but there is no API to kill a thread
waiting on read().
2017-07-08 00:11:15 +02:00
Marek Marczykowski-Górecki
a3e3dac6dc
tests: improve test failure message
When multiple Admin API calls are expected, but not all were made, show
which were missing.
2017-07-08 00:08:20 +02:00
Marek Marczykowski-Górecki
b35303ff62
events: fix cleanup function in qrexec case
qrexec-client-vm process may be already dead, don't treat this as an
error.
2017-07-08 00:08:20 +02:00
Marek Marczykowski-Górecki
e6149b09ce
Fix VM creation with default template
Fixes QubesOS/qubes-issues#2866
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
9036103102
tests: qvm-shutdown --wait tests 2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
6b1c6141f6
tests/tools: add MockEventsReader
Make it easy to test things listening for events
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
389252f386
tools: handle shutdown order in qvm-shutdown
VMs can have runtime dependencies - for example it isn't possible to
shutdown netvm used by some other running VM(s). Since client-side tools
may not have full knowledge about rules enforcing those dependencies
(for example may not have access to 'netvm' property), implement
best-effort approach:
1. Try to shutdown all requested VMs
2. For those where shutdown request succeed, wait for actual shutdown
3. For others - go back to step 1

And loop until all VMs are shutdown, or all shutdown requests fails.
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
2052b32202
events: simplify wait_for_domain_shutdown coroutine
1. Handle timeout externally - using asyncio.wait_for.
2. Add support for waiting for multiple VMs.
2017-07-06 22:01:17 +02:00
Marek Marczykowski-Górecki
43ef244eaa
vm: make QubesVM objects hashable 2017-07-06 22:01:16 +02:00
Marek Marczykowski-Górecki
a2d9303ea9
app: fix policy deny reporting when running in VM
qrexec-client-vm non-zero exit code means policy have denied the call.
Treat this exactly the same as empty response (in dom0 case).
2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
d8f018eb95
tools: clarify help in qvm-template-postprocess 2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
7c9699cd87
tools: split calling qubes.PostInstall service to a separate function
The code is long enough to warrant separate function (suggested by
pylint).
2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
627aebf2cd
tools: remove policy handling from qvm-firewall tool
Follow the API removal

QubesOS/qubes-issues#2869
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
942e122d27
firewall: drop GetPolicy/SetPolicy calls
Firewall policy is now hardcoded to 'drop'. Keep the property, so anyone
trying to assign it will get an exception

QubesOS/qubes-issues#2869
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
ade5083e5e
app: do not clone 'uuid' property
Cloned VM have new UUID
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
c6eb4c49a3
storage: rework clone as two-stage operation
Split clone to two Admin API calls - one to the source volume, then
other to destination.
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
88de4f77a5
tests: handle returning different response for the same request
Allow programming different responses for the same request when called
multiple times. This is useful for example for shutdown tests - first
domain is running, but after issuing shutdown request is is not.
2017-07-05 14:16:29 +02:00
Marta Marczykowska-Górecka
9174d8c378
added helper function updates_vms_status 2017-06-25 22:09:34 +02:00
Marek Marczykowski-Górecki
5430e04e1c
tools: move event loop creation/closing to main function
Do not close event loop in utility function - handle it only in main().
For this reason, change appropriate functions to coroutines.

Fixes QubesOS/qubes-issues#2865
2017-06-25 20:09:10 +02:00
Marek Marczykowski-Górecki
0012eb3ac6
tools/qvm-template-postprocess: improve error handling
Don't fail the whole process when "just" appmenus import fails.
But if data import fails, remove the VM

Also update for vm.run_service_for_stdio raising CalledProcessError.
2017-06-25 18:22:06 +02:00
Marek Marczykowski-Górecki
ce7d4865b6
events: fix calling mgmt.Events from VM
asyncio.create_subprocess_exec expects program and arguments directly,
not as a list.
2017-06-25 14:01:14 +02:00
Marek Marczykowski-Górecki
c545c95660
tests: fix qvm-run test on travis
stdout there is not a tty, which change default value of filter_esc.
2017-06-25 13:44:17 +02:00
Marek Marczykowski-Górecki
3cf5840d7a
Merge branch 'devel-4'
* devel-4:
  tools/qvm-start-gui: multiple fixes
  vm: raise CalledProcessError instead of QubesVMError on failed service call
  events: improve handling qubesd restart
2017-06-25 13:16:50 +02:00
Marek Marczykowski-Górecki
cef80a76e4
Merge branch 'devel-3'
* devel-3:
  Implement VM clone as create + copy data+metadata
  storage: make Volumes sortable
  base: add PropertyHolder.clone_properties
  doc: minor fixes to man pages
  storage: add volume clone method
  doc: fix skel-manpage tool
  tools: add qvm-tags tool
  tags support
2017-06-25 13:16:22 +02:00
Marek Marczykowski-Górecki
64377207a8
tools/qvm-start-gui: multiple fixes
Don't start GUI daemon for given VM twice when qvm-start-gui was started
during VM startup (while waiting for qrexec startup). This is especially
common while running tests.

Report failed qubes.SetMonitorLayout as warning (instead of unhandled
exception).

Clear VM cache on qubesd reconnect.

Fix logging.
2017-06-21 06:01:53 +02:00
Marek Marczykowski-Górecki
5ac7632dd0
vm: raise CalledProcessError instead of QubesVMError on failed service call
follow core-admin change.
2017-06-21 06:01:53 +02:00
Marek Marczykowski-Górecki
ba2057a2c6
events: improve handling qubesd restart
qubesd may be restarted during different stages of connection - either
while attempting to connect, or while already listening on events.
Adjust exception list accordingly.

This is especially important for qvm-start-gui - otherwise it crashes on
qubesd restart.
2017-06-21 05:03:04 +02:00
Marek Marczykowski-Górecki
bcd026d141
Implement VM clone as create + copy data+metadata
This way we don't need separate admin.vm.Clone call, which is tricky to
handler properly with policy.
A VM may not have access to all the properties and other metadata, so
add ignore_errors argument, for best-effort approach (copy what is
possible). In any case, failure of cloning VM data fails the whole
operation.
When operation fails, VM is removed.

While at it, allow to specify alternative VM class - this allows
morphing one VM into another (for example AppVM -> StandaloneVM).

Adjust qvm-clone tool and tests accordingly.

QubesOS/qubes-issues#2622
2017-06-20 01:34:18 +02:00
Marek Marczykowski-Górecki
a5a459840a
storage: make Volumes sortable
But do not fetch any additional info just for this purpose.
2017-06-20 01:34:18 +02:00
Marek Marczykowski-Górecki
e94bdca206
base: add PropertyHolder.clone_properties
Be compatible with core-admin
2017-06-20 01:34:17 +02:00
Marek Marczykowski-Górecki
998a42703f
storage: add volume clone method
Clone volume without retrieving all the data.

QubesOS/qubes-issues#2622
2017-06-20 01:34:17 +02:00
Marek Marczykowski-Górecki
8e5f90c273
tools: add qvm-tags tool
QubesOS/qubes-issues#2388
2017-06-20 01:34:17 +02:00
Marek Marczykowski-Górecki
31988a9bd8
tags support
QubesOS/qubes-issues#2622
2017-06-20 01:34:16 +02:00
Marek Marczykowski-Górecki
d1b67daa63
tests: basic tests for vm.features 2017-06-14 10:43:52 +02:00
Marek Marczykowski-Górecki
9dd659d60f
tools/qvm_template_postprocess: set vm.features['qrexec']
Enable 'qrexec' VM feature to wait for qrexec initialization - it is
required to call qubes.PostInstall service. If VM start fails, assume
there is no qrexec and drop that feature.
2017-06-14 10:43:52 +02:00
Marek Marczykowski-Górecki
64f7eecf58
features: implement get() method 2017-06-14 10:43:51 +02:00
Marek Marczykowski-Górecki
c07c57bfef
Merge remote-tracking branch 'qubesos/pr/7'
* qubesos/pr/7:
  qvm-ls: hide flags (aka status), get more descriptive
  qvm-ls: fix -O with uppercase names
  vm: fix get_power_state() for dom0
2017-06-08 22:20:31 +02:00
Marek Marczykowski-Górecki
a42dffcb89
Merge branch 'devel-1'
* devel-1:
  toos: fix handling default command (qvm-device, qvm-volume, ...)
  events: fix parsing events with empty parameters
  tools: ignore qvm-template-postprocess calls in chroot
  app: close payload_stream in qubesd_call
2017-06-08 22:18:47 +02:00
Wojtek Porczyk
59eda63923 qvm-ls: hide flags (aka status), get more descriptive
Enterprise™ continues.
2017-06-08 15:03:00 +02:00
Wojtek Porczyk
23fe5e431c qvm-ls: fix -O with uppercase names 2017-06-08 14:27:53 +02:00
Wojtek Porczyk
934f8fcdd9 vm: fix get_power_state() for dom0 2017-06-08 14:27:53 +02:00
Wojtek Porczyk
033125932c qubesadmin/spinner: fix licence 2017-06-08 08:12:58 +02:00
Wojtek Porczyk
57cabc395b qvm-ls: run a spinner while waiting
Since Admin API, qvm-ls takes a long time to complete. Therefore,
Corporate Headquarters commanded that a Enterprise Spinner is to be
implemented and mandated it's use unto us.

We take amusement from its endless gyrations.
2017-06-07 20:59:01 +02:00
Marek Marczykowski-Górecki
a184e35a03
toos: fix handling default command (qvm-device, qvm-volume, ...)
When command isn't specified, command variable is set to None. Lets
handle this situation gracefuly.
2017-05-30 01:41:51 +02:00
Marek Marczykowski-Górecki
065eb036df
events: fix parsing events with empty parameters
Empty parameter value is encoded as b'parameter\0\0', so we can't simply
read the data until b'\0\0', because it isn't necessary event end.
Instead, read event parts separately, according to specification.
2017-05-30 01:31:13 +02:00
Marek Marczykowski-Górecki
96b27fdf14
tools: ignore qvm-template-postprocess calls in chroot
It require qubesd running. Firstboot will take care of it.
2017-05-29 15:20:13 +02:00
Wojtek Porczyk
0a556fad8c app: close payload_stream in qubesd_call
This is to prevent leaking file descriptors.

QubesOS/qubes-issues#2622
2017-05-26 19:09:29 +02:00
Marek Marczykowski-Górecki
2675d63579
tools: add qvm-template-postprocess
Tool to be called from template's rpm post-installation script.
2017-05-26 01:33:43 +02:00
Marek Marczykowski-Górecki
93d7249ef0
Make VMCollection return sorted VM list on iteration
This makes it much easier to write tests...
2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
9cdf9a0e60
tests: fix file descriptor leak 2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
c435de06a1
tests: fix handling TestProcess.communicate(None) 2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
fe51e8862a
Fix qubesadmin/tests/tools/qvm_firewall.py license header 2017-05-26 00:42:48 +02:00
Marek Marczykowski-Górecki
b35588368f
events: add helper for waiting for just VM shutdown
Wrap setting events handling machinery for just this purpose in a single
function, to not duplicate it all over the code.
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
50237d4953
storage: implement admin.vm.volume.Import as volume.import_data
Use newly introduced payload_stream= argument to qubesd_call to pass
data directly from some file-like object - without loading it all into
memory.

QubesOS/qubes-issues#853
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
6f99e871cf
Clear VM cache after adding new VM
If cache was already populated, trying to reference newly created VM
would fail as it isn't the cache.
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
c988ef41a3
Fix setting VM property to None
None value should be encoded as empty string.
2017-05-26 00:42:47 +02:00
Marek Marczykowski-Górecki
1aab64d5b0
tests: add more test cases for qvm-start-gui 2017-05-26 00:42:46 +02:00
Marek Marczykowski-Górecki
0b2f7ac958
Add efficient method to handle large payloads for Admin API methods
Add qubesd_call(..., payload_stream=...) argument to allow streaming
payload directly from some file/process stdout. This is mainly (only?)
useful for admin.vm.volume.Import, where disk volume raw data is passed
to the service.
2017-05-26 00:42:46 +02:00
Marek Marczykowski-Górecki
f3f85214fc
tools: make qvm-ls --fields accept property names
Since migration to Admin API, qvm-ls no longer have list of all VM
properties in advance, so can't really validate fields list. Simply
assume that unknown columns are properties.
2017-05-23 13:33:55 +02:00
Marek Marczykowski-Górecki
de2f23b9fe
Add QubesNoSuchPropertyError exception, expect it on invalid property
It inherits from AttributeError, so standard handling should just work.
2017-05-23 04:31:41 +02:00
Marek Marczykowski-Górecki
54d5ec79b5
qvm-run: fix race condition in SIGCHLD handling
Don't terminate qvm-run on any SIGCHLD, check if the process we're
waiting for have finished.

Currently the only situation when it's broken is a test (which starts
additional process, whose SIGCHLD may be caught here), but lets do not
assume that much (starting only one process) about environment.
2017-05-22 10:54:51 +02:00
Marek Marczykowski-Górecki
17ca883c7c
features: add vm.features.items() function
Make it behave more like a dict.
2017-05-22 03:20:33 +02:00
Marek Marczykowski-Górecki
c826378579
devices: adjust API for 'devices: add assignment.device property' change
Make it easy to retrieve DeviceInfo object out of DeviceAssignment
object. The only missing piece of information for that is device class,
so add it. Make it optional, as it can be filled on demand when passing
the object through DeviceCollection (either by listing devices, or
attaching/detaching).

This also makes DeviceCollection._device method not needed anymore.
2017-05-22 01:18:02 +02:00
Marek Marczykowski-Górecki
3edbc85282
Add DeviceAlreadyAttached exception 2017-05-20 16:40:33 +02:00
Marek Marczykowski-Górecki
38abd81ea8
tools: add qvm-run --service
Make it convenient wrapper around qrexec-client{-vm}, which would start
a VM, wait for user session etc.
2017-05-20 03:15:23 +02:00
Marek Marczykowski-Górecki
f5e102177c
Add vm.is_networked() 2017-05-19 18:41:08 +02:00
Marek Marczykowski-Górecki
938fc9348f
Add 'wait' argument to vm.run_service()
It is supported only from dom0, but it's still useful to have, to save
on simultaneous vchan connections (only waiting for MSG_DATA_EXIT_CODE).
This is especially important for Windows VMs, as qrexec-agent there have
pretty low limit on simultaneous connections (about 20).

Make qvm-run use it.
2017-05-19 18:41:07 +02:00
Marek Marczykowski-Górecki
8686ef423a
tools/qvm-run: exit the shell after executing requested command
Since we use qubes.VMShell service now and send requested command on its
stdin, we need to terminate that shell after requested command -
otherwise the service will not terminate automatically waiting for
further input (next commands).
2017-05-18 09:54:26 +02:00
Marek Marczykowski-Górecki
d0bcd3ead2
vm: add TemplateVM.appvms property - list of VMs based on it 2017-05-18 09:51:58 +02:00
Marek Marczykowski-Górecki
024ac6a810
tools/qvm-run: fix waiting for session
Register SIGCHLD signal handler later - do not stop data processing when
qubes.WaitForSession service exits.
2017-05-18 09:50:50 +02:00
Marek Marczykowski-Górecki
7f5fc6ac3d
tools: fix handling single optional VM name 2017-05-18 09:50:25 +02:00
Marek Marczykowski-Górecki
ee81902979
features: fix serialization
qubesd_call expect "bytes" type. Additionally serialize false value as
empty string (which is treated by python as false value), because
otherwise would be serialized to (non-empty) string, which is true value
in python.
2017-05-18 09:48:18 +02:00
Marek Marczykowski-Górecki
116c45071f
Make pylint happy 2017-05-17 13:20:59 +02:00
Marek Marczykowski-Górecki
45cbbf5e1d
tools/qvm-run: use print instead of logging
Do not color qvm-run diagnostic messages, but also avoid ANSI control
sequences in logs. While at it, do not print 'Running ...' message when
--pass-io is used.
2017-05-17 11:14:00 +02:00
Marek Marczykowski-Górecki
2d7ca9f95e
tools/qvm-run: wait for user session unless qvm-run --no-gui is used
Avoid race condition with X server startup, especially important for
qvm-run --autostart.
2017-05-17 11:07:48 +02:00
Marek Marczykowski-Górecki
210876bd8f
tools/qvm-run: use subproces.DEVNULL instead of manually opened /dev/null 2017-05-17 11:06:56 +02:00
Marek Marczykowski-Górecki
f386d45695
vm: fix run_service error reporting
qubesadmin.exc.QubesVMError (in contrast to qubesa.exc.QubesVMError)
does not take VM instance as first argument.
2017-05-17 01:32:27 +02:00
Marek Marczykowski-Górecki
88b559d985
Invalidate domains cache when received an event affecting it
When events handling is enabled, use it for cache invalidation too.
2017-05-13 14:55:26 +02:00
Marek Marczykowski-Górecki
57b87da9d1
tools/qvm-start-gui: fix cat-induced typo
<^-^>
2017-05-12 19:43:59 +02:00
Marek Marczykowski-Górecki
cfc9ff2ce5
Rename Mgmt API to Admin API: methods names
QubesOS/qubes-issues#853
2017-05-12 19:36:03 +02:00
Marek Marczykowski-Górecki
f4d6ac2880
Include tools also on python 3.4
This result only in small limitation in qvm-start-gui tool, but allow
to use the tools from Debian jessie based VM (python 3.4.2).
2017-05-11 23:57:48 +02:00
Marek Marczykowski-Górecki
4ceff0f8c0
Rename qubesmgmt to qubesadmin module
QubesOS/qubes-issues#853
2017-05-11 23:40:03 +02:00