Commit Graph

368 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
533fccfc10
Merge remote-tracking branch 'qubesos/pr/24'
* qubesos/pr/24:
  Fixed https://github.com/QubesOS/qubes-issues/issues/2983
2017-09-04 03:02:49 +02:00
Marek Marczykowski-Górecki
0fa374264f
tools: add qvm-create --help-classes
List available VM classes

QubesOS/qubes-issues#3017
2017-08-30 16:54:24 +02:00
Marek Marczykowski-Górecki
0464a3ebfc
tools: implement qvm-create --root-move-from/--root-copy-from 2017-08-30 16:54:23 +02:00
Marek Marczykowski-Górecki
a260685bd1
tools: drop --delete and --unset aliases for --default option
This may be confiusing, for example one may think that
`qvm-prefs --unset vmname netvm` will make vmname network-disconnected.
This type of mistakes may have severe security consequence, so better
drop those option names.

QubesOS/qubes-issues#3002

cc @rootkovska
2017-08-12 22:33:36 +02:00
Marek Marczykowski-Górecki
596eb3d96c
tools/qvm-run: ignore --filter-esc/--no-filter-esc unless --pass-io is given
If no VM output is printed on terminal, those options doesn't make sense
anyway.

Fixes QubesOS/qubes-issues#3013
2017-08-12 14:19:41 +02:00
blackpit
6534f8c191 Fixed https://github.com/QubesOS/qubes-issues/issues/2983
qvm-create -l yellow backuptest-1-vm
qvm-create -l yellow backuptest-2-vm
echo -n passphrase >test.passphrase

qvm-backup --passphrase-file test.passphrase --yes `pwd` backuptest-1-vm backuptest-2-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-1-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-2-vm
2017-08-09 19:43:53 +02:00
Marek Marczykowski-Górecki
414be0945d
tools/qvm-device: list attach options 2017-08-09 04:04:27 +02:00
Marek Marczykowski-Górecki
430ff342d4
tools/qvm-run: do not use os.set_blocking
It's available only in python >= 3.5, but we do support tools on python
3.4 (Debian jessie).
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
37ae76823b
tools: add qvm-run --dispvm option
Add option to uniformly start new DispVM from either VM or Dom0. This
use DispVMWrapper, which translate it to either qrexec call to $dispvm,
or (in dom0) to appropriate Admin API call to create fresh DispVM
first.
This require abandoning registering --all and --exclude by
QubesArgumentParser, because we need to add --dispvm mutually exclusive
with those two. But actually handling those two options is still done by
QubesArgumentParser.

This also updates man page and tests.

Fixes QubesOS/qubes-issues#2974
2017-08-06 20:44:55 +02:00
Marek Marczykowski-Górecki
50bd9f5fab
tools/qvm-run: fix handling small data blocks
When data block is smaller than 4096 (and no EOF is reached), python's
io.read() will call read(2) again to get more data. This may deadlock if
the other end of connection will write anything only after receiveing
data (which is the case for qubes.Filecopy).
Disable this buffering by using syscall wrappers directly. To not affect
performance that much, increase buffer size to 64k.

Fixes QubesOS/qubes-issues#2948
2017-08-02 02:43:03 +02:00
Marek Marczykowski-Górecki
c4460751a9
tools/qvm-start-gui: do not start stubdomain GUI for VMs with gui-agent 2017-07-30 18:54:08 +02:00
Marek Marczykowski-Górecki
f48321dd98
Merge branch 'devel-6'
* devel-6:
  qvm-ls: fix total VM size reporting
  doc: update manpage of qvm-service
  tools: qvm-service tool
  tests: too much copy&paste
  features: serialize True as '1'
  tools/qvm-start-gui: add --force-stubdomain options
  tools/qvm-shutdown: fix help message
  tools/qvm-shutdown: drop --force option, it isn't supported anymore
2017-07-29 05:28:57 +02:00
Marek Marczykowski-Górecki
9210048673
backup/restore: add option to ignore size limit
Allow to restore backup which have miscalculated VMs size, but otherwise
is good.
2017-07-29 05:13:46 +02:00
Marek Marczykowski-Górecki
7db2ed82ea
qvm-ls: fix total VM size reporting
There is no vm.storage object in qubesadmin module.
2017-07-29 04:56:20 +02:00
Marek Marczykowski-Górecki
18153652f3
tools: qvm-service tool
This really use features, but keep compatibility with Qubes 3.x

Fixes QubesOS/qubes-issues#1227
2017-07-28 14:24:04 +02:00
Marek Marczykowski-Górecki
416ee0bd22
tools/qvm-start-gui: add --force-stubdomain options
Sometimes it's useful to access emulated VGA, without rebooting the VM
in debug mode
2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
5b0c8e84d8
tools/qvm-shutdown: fix help message 2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
5d0bd4f6dc
tools/qvm-shutdown: drop --force option, it isn't supported anymore
Admin API does not allow this action.
2017-07-27 19:17:47 +02:00
Marek Marczykowski-Górecki
2d5d9d6d7d
tools: add qvm-backup tool
New qvm-backup tool can either use pre-existing backup profile
(--profile), or - when running in dom0 - can create new one based on
used options (--save-profile).

This commit add a tool itself, update its man page, and add tests for
it.

Fixes QubesOS/qubes-issues#2931
2017-07-21 03:58:18 +02:00
Marek Marczykowski-Górecki
d8af76ed60
backup: move BackupRestore class and helpers to 'restore' submodule
This breaks cyclic imports and also allow cleaner separation between
backup make and restore code.

No functional change.
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
ea47701fe6
tools/qvm-backup-restore: fix restoring only specific VMs
Related to QubesOS/qubes-issues#2924
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
c50fc21e44
tests: qvm-backup-restore tool tests
Very simple one, but also fix reporting errors detected by tests.
2017-07-21 03:54:04 +02:00
Marek Marczykowski-Górecki
3c9fb8dbac
tools/qvm-volume: fix default action handling 2017-07-21 03:10:02 +02:00
Marek Marczykowski-Górecki
ae0729fb53
storage: drop 'internal' volume property
Since external block devices use Devices API now, it isn't useful
anymore.

QubesOS/qubes-issues#2256
2017-07-21 03:10:01 +02:00
Marek Marczykowski-Górecki
c736395432
tools/qvm-backup-restore: fix default list of VMs to restore
By default restore all of them, not only the ones named "[" or "]"
(which are invalid name).

Fixes QubesOS/qubes-issues#2924
2017-07-19 23:52:11 +02:00
Marek Marczykowski-Górecki
756235d4f3
Change 'hvm' property to 'virt_mode'
QubesOS/qubes-issues#2912
2017-07-18 04:22:34 +02:00
Marek Marczykowski-Górecki
0c0b625a70
Merge branch 'devel-backup' 2017-07-18 01:49:37 +02:00
Marek Marczykowski-Górecki
f058c48c92
Merge branch 'devel-2-qvm-run-1'
* devel-2-qvm-run-1:
  Make pylint happy
  tools/qvm-run: fix handling EOF
  tests: mark qvm-run tests with "expected failure"
  tools/qvm-run: fix handling copying stdin to the process
2017-07-18 01:49:16 +02:00
Marek Marczykowski-Górecki
5178029a3c
Make pylint happy 2017-07-18 01:32:06 +02:00
Marek Marczykowski-Górecki
706cecd60d
tools/qvm-run: fix handling EOF 2017-07-18 01:12:43 +02:00
Marek Marczykowski-Górecki
e7ee06936a
tools/qvm-backup-restore: handle VMs selection, not only exclusion
QubesOS/qubes-issues#1214
2017-07-17 23:34:03 +02:00
Marek Marczykowski-Górecki
f0151d73b3
tools: add qvm-backup-restore
Frontend tool for backup restore code.

Fixes QubesOS/qubes-issues#1214
2017-07-17 20:28:22 +02:00
Marek Marczykowski-Górecki
941b553b81
tools/qvm-run: fix handling copying stdin to the process
Launch stdin copy loop in a separate process (multiprocessing.Process)
and terminate it when target process is terminated.
Another idea here was threads, but there is no API to kill a thread
waiting on read().
2017-07-08 00:11:15 +02:00
Marek Marczykowski-Górecki
389252f386
tools: handle shutdown order in qvm-shutdown
VMs can have runtime dependencies - for example it isn't possible to
shutdown netvm used by some other running VM(s). Since client-side tools
may not have full knowledge about rules enforcing those dependencies
(for example may not have access to 'netvm' property), implement
best-effort approach:
1. Try to shutdown all requested VMs
2. For those where shutdown request succeed, wait for actual shutdown
3. For others - go back to step 1

And loop until all VMs are shutdown, or all shutdown requests fails.
2017-07-08 00:08:19 +02:00
Marek Marczykowski-Górecki
2052b32202
events: simplify wait_for_domain_shutdown coroutine
1. Handle timeout externally - using asyncio.wait_for.
2. Add support for waiting for multiple VMs.
2017-07-06 22:01:17 +02:00
Marek Marczykowski-Górecki
d8f018eb95
tools: clarify help in qvm-template-postprocess 2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
7c9699cd87
tools: split calling qubes.PostInstall service to a separate function
The code is long enough to warrant separate function (suggested by
pylint).
2017-07-05 14:16:31 +02:00
Marek Marczykowski-Górecki
627aebf2cd
tools: remove policy handling from qvm-firewall tool
Follow the API removal

QubesOS/qubes-issues#2869
2017-07-05 14:16:30 +02:00
Marek Marczykowski-Górecki
5430e04e1c
tools: move event loop creation/closing to main function
Do not close event loop in utility function - handle it only in main().
For this reason, change appropriate functions to coroutines.

Fixes QubesOS/qubes-issues#2865
2017-06-25 20:09:10 +02:00
Marek Marczykowski-Górecki
0012eb3ac6
tools/qvm-template-postprocess: improve error handling
Don't fail the whole process when "just" appmenus import fails.
But if data import fails, remove the VM

Also update for vm.run_service_for_stdio raising CalledProcessError.
2017-06-25 18:22:06 +02:00
Marek Marczykowski-Górecki
3cf5840d7a
Merge branch 'devel-4'
* devel-4:
  tools/qvm-start-gui: multiple fixes
  vm: raise CalledProcessError instead of QubesVMError on failed service call
  events: improve handling qubesd restart
2017-06-25 13:16:50 +02:00
Marek Marczykowski-Górecki
cef80a76e4
Merge branch 'devel-3'
* devel-3:
  Implement VM clone as create + copy data+metadata
  storage: make Volumes sortable
  base: add PropertyHolder.clone_properties
  doc: minor fixes to man pages
  storage: add volume clone method
  doc: fix skel-manpage tool
  tools: add qvm-tags tool
  tags support
2017-06-25 13:16:22 +02:00
Marek Marczykowski-Górecki
64377207a8
tools/qvm-start-gui: multiple fixes
Don't start GUI daemon for given VM twice when qvm-start-gui was started
during VM startup (while waiting for qrexec startup). This is especially
common while running tests.

Report failed qubes.SetMonitorLayout as warning (instead of unhandled
exception).

Clear VM cache on qubesd reconnect.

Fix logging.
2017-06-21 06:01:53 +02:00
Marek Marczykowski-Górecki
bcd026d141
Implement VM clone as create + copy data+metadata
This way we don't need separate admin.vm.Clone call, which is tricky to
handler properly with policy.
A VM may not have access to all the properties and other metadata, so
add ignore_errors argument, for best-effort approach (copy what is
possible). In any case, failure of cloning VM data fails the whole
operation.
When operation fails, VM is removed.

While at it, allow to specify alternative VM class - this allows
morphing one VM into another (for example AppVM -> StandaloneVM).

Adjust qvm-clone tool and tests accordingly.

QubesOS/qubes-issues#2622
2017-06-20 01:34:18 +02:00
Marek Marczykowski-Górecki
8e5f90c273
tools: add qvm-tags tool
QubesOS/qubes-issues#2388
2017-06-20 01:34:17 +02:00
Marek Marczykowski-Górecki
9dd659d60f
tools/qvm_template_postprocess: set vm.features['qrexec']
Enable 'qrexec' VM feature to wait for qrexec initialization - it is
required to call qubes.PostInstall service. If VM start fails, assume
there is no qrexec and drop that feature.
2017-06-14 10:43:52 +02:00
Marek Marczykowski-Górecki
c07c57bfef
Merge remote-tracking branch 'qubesos/pr/7'
* qubesos/pr/7:
  qvm-ls: hide flags (aka status), get more descriptive
  qvm-ls: fix -O with uppercase names
  vm: fix get_power_state() for dom0
2017-06-08 22:20:31 +02:00
Marek Marczykowski-Górecki
a42dffcb89
Merge branch 'devel-1'
* devel-1:
  toos: fix handling default command (qvm-device, qvm-volume, ...)
  events: fix parsing events with empty parameters
  tools: ignore qvm-template-postprocess calls in chroot
  app: close payload_stream in qubesd_call
2017-06-08 22:18:47 +02:00
Wojtek Porczyk
59eda63923 qvm-ls: hide flags (aka status), get more descriptive
Enterprise™ continues.
2017-06-08 15:03:00 +02:00
Wojtek Porczyk
23fe5e431c qvm-ls: fix -O with uppercase names 2017-06-08 14:27:53 +02:00
Wojtek Porczyk
57cabc395b qvm-ls: run a spinner while waiting
Since Admin API, qvm-ls takes a long time to complete. Therefore,
Corporate Headquarters commanded that a Enterprise Spinner is to be
implemented and mandated it's use unto us.

We take amusement from its endless gyrations.
2017-06-07 20:59:01 +02:00
Marek Marczykowski-Górecki
a184e35a03
toos: fix handling default command (qvm-device, qvm-volume, ...)
When command isn't specified, command variable is set to None. Lets
handle this situation gracefuly.
2017-05-30 01:41:51 +02:00
Marek Marczykowski-Górecki
96b27fdf14
tools: ignore qvm-template-postprocess calls in chroot
It require qubesd running. Firstboot will take care of it.
2017-05-29 15:20:13 +02:00
Wojtek Porczyk
0a556fad8c app: close payload_stream in qubesd_call
This is to prevent leaking file descriptors.

QubesOS/qubes-issues#2622
2017-05-26 19:09:29 +02:00
Marek Marczykowski-Górecki
2675d63579
tools: add qvm-template-postprocess
Tool to be called from template's rpm post-installation script.
2017-05-26 01:33:43 +02:00
Marek Marczykowski-Górecki
f3f85214fc
tools: make qvm-ls --fields accept property names
Since migration to Admin API, qvm-ls no longer have list of all VM
properties in advance, so can't really validate fields list. Simply
assume that unknown columns are properties.
2017-05-23 13:33:55 +02:00
Marek Marczykowski-Górecki
54d5ec79b5
qvm-run: fix race condition in SIGCHLD handling
Don't terminate qvm-run on any SIGCHLD, check if the process we're
waiting for have finished.

Currently the only situation when it's broken is a test (which starts
additional process, whose SIGCHLD may be caught here), but lets do not
assume that much (starting only one process) about environment.
2017-05-22 10:54:51 +02:00
Marek Marczykowski-Górecki
38abd81ea8
tools: add qvm-run --service
Make it convenient wrapper around qrexec-client{-vm}, which would start
a VM, wait for user session etc.
2017-05-20 03:15:23 +02:00
Marek Marczykowski-Górecki
938fc9348f
Add 'wait' argument to vm.run_service()
It is supported only from dom0, but it's still useful to have, to save
on simultaneous vchan connections (only waiting for MSG_DATA_EXIT_CODE).
This is especially important for Windows VMs, as qrexec-agent there have
pretty low limit on simultaneous connections (about 20).

Make qvm-run use it.
2017-05-19 18:41:07 +02:00
Marek Marczykowski-Górecki
024ac6a810
tools/qvm-run: fix waiting for session
Register SIGCHLD signal handler later - do not stop data processing when
qubes.WaitForSession service exits.
2017-05-18 09:50:50 +02:00
Marek Marczykowski-Górecki
7f5fc6ac3d
tools: fix handling single optional VM name 2017-05-18 09:50:25 +02:00
Marek Marczykowski-Górecki
116c45071f
Make pylint happy 2017-05-17 13:20:59 +02:00
Marek Marczykowski-Górecki
45cbbf5e1d
tools/qvm-run: use print instead of logging
Do not color qvm-run diagnostic messages, but also avoid ANSI control
sequences in logs. While at it, do not print 'Running ...' message when
--pass-io is used.
2017-05-17 11:14:00 +02:00
Marek Marczykowski-Górecki
2d7ca9f95e
tools/qvm-run: wait for user session unless qvm-run --no-gui is used
Avoid race condition with X server startup, especially important for
qvm-run --autostart.
2017-05-17 11:07:48 +02:00
Marek Marczykowski-Górecki
210876bd8f
tools/qvm-run: use subproces.DEVNULL instead of manually opened /dev/null 2017-05-17 11:06:56 +02:00
Marek Marczykowski-Górecki
57b87da9d1
tools/qvm-start-gui: fix cat-induced typo
<^-^>
2017-05-12 19:43:59 +02:00
Marek Marczykowski-Górecki
f4d6ac2880
Include tools also on python 3.4
This result only in small limitation in qvm-start-gui tool, but allow
to use the tools from Debian jessie based VM (python 3.4.2).
2017-05-11 23:57:48 +02:00
Marek Marczykowski-Górecki
4ceff0f8c0
Rename qubesmgmt to qubesadmin module
QubesOS/qubes-issues#853
2017-05-11 23:40:03 +02:00