2013-01-20 21:44:13 +01:00
|
|
|
#!/usr/bin/python2
|
2010-04-05 20:58:57 +02:00
|
|
|
#
|
|
|
|
# The Qubes OS Project, http://www.qubes-os.org
|
|
|
|
#
|
|
|
|
# Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
import sys
|
|
|
|
import os
|
|
|
|
import os.path
|
2012-10-17 21:26:13 +02:00
|
|
|
import lxml.etree
|
2010-04-05 20:58:57 +02:00
|
|
|
import xml.parsers.expat
|
|
|
|
import fcntl
|
2011-06-01 23:44:06 +02:00
|
|
|
import time
|
2013-01-17 01:29:32 +01:00
|
|
|
import warnings
|
2010-04-05 20:58:57 +02:00
|
|
|
|
|
|
|
# Do not use XenAPI or create/read any VM files
|
|
|
|
# This is for testing only!
|
|
|
|
dry_run = False
|
|
|
|
#dry_run = True
|
|
|
|
|
|
|
|
|
|
|
|
if not dry_run:
|
2011-06-01 23:44:06 +02:00
|
|
|
import xen.lowlevel.xc
|
|
|
|
import xen.lowlevel.xl
|
|
|
|
import xen.lowlevel.xs
|
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2010-06-26 15:02:58 +02:00
|
|
|
qubes_base_dir = "/var/lib/qubes"
|
2013-03-15 18:43:09 +01:00
|
|
|
system_path = {
|
|
|
|
'qubes_guid_path': '/usr/bin/qubes-guid',
|
|
|
|
'qrexec_daemon_path': '/usr/lib/qubes/qrexec-daemon',
|
|
|
|
'qrexec_client_path': '/usr/lib/qubes/qrexec-client',
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'qubes_base_dir': qubes_base_dir,
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'qubes_appvms_dir': qubes_base_dir + '/appvms',
|
|
|
|
'qubes_templates_dir': qubes_base_dir + '/vm-templates',
|
|
|
|
'qubes_servicevms_dir': qubes_base_dir + '/servicevms',
|
|
|
|
'qubes_store_filename': qubes_base_dir + '/qubes.xml',
|
|
|
|
'qubes_kernels_base_dir': qubes_base_dir + '/vm-kernels',
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'qubes_icon_dir': '/usr/share/qubes/icons',
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'config_template_pv': '/usr/share/qubes/vm-template.conf',
|
2012-02-24 04:23:27 +01:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'qubes_pciback_cmd': '/usr/lib/qubes/unbind-pci-device.sh',
|
|
|
|
'prepare_volatile_img_cmd': '/usr/lib/qubes/prepare-volatile-img.sh',
|
2013-08-11 04:08:54 +02:00
|
|
|
'monitor_layout_notify_cmd': '/usr/bin/qubes-monitor-layout-notify',
|
2013-03-15 18:43:09 +01:00
|
|
|
}
|
2012-03-02 01:46:10 +01:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
vm_files = {
|
|
|
|
'root_img': 'root.img',
|
|
|
|
'rootcow_img': 'root-cow.img',
|
|
|
|
'volatile_img': 'volatile.img',
|
|
|
|
'clean_volatile_img': 'clean-volatile.img.tar',
|
|
|
|
'private_img': 'private.img',
|
|
|
|
'kernels_subdir': 'kernels',
|
|
|
|
'firewall_conf': 'firewall.xml',
|
|
|
|
'whitelisted_appmenus': 'whitelisted-appmenus.list',
|
|
|
|
'updates_stat_file': 'updates.stat',
|
|
|
|
}
|
2011-07-05 21:20:43 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
defaults = {
|
|
|
|
'memory': 400,
|
|
|
|
'kernelopts': "",
|
|
|
|
'kernelopts_pcidevs': "iommu=soft swiotlb=4096",
|
2011-06-22 00:44:48 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'dom0_update_check_interval': 6*3600,
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
# how long (in sec) to wait for VMs to shutdown,
|
|
|
|
# before killing them (when used qvm-run with --wait option),
|
|
|
|
'shutdown_counter_max': 60,
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
'vm_default_netmask': "255.255.255.0",
|
|
|
|
|
|
|
|
# Set later
|
|
|
|
'appvm_label': None,
|
|
|
|
'template_label': None,
|
|
|
|
'servicevm_label': None,
|
|
|
|
}
|
|
|
|
|
|
|
|
qubes_max_qid = 254
|
|
|
|
qubes_max_netid = 254
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-16 14:19:03 +01:00
|
|
|
class QubesException (Exception):
|
|
|
|
pass
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2011-06-01 23:44:06 +02:00
|
|
|
if not dry_run:
|
|
|
|
xc = xen.lowlevel.xc.xc()
|
|
|
|
xs = xen.lowlevel.xs.xs()
|
|
|
|
xl_ctx = xen.lowlevel.xl.ctx()
|
2010-09-16 17:52:52 +02:00
|
|
|
|
|
|
|
class QubesHost(object):
|
|
|
|
def __init__(self):
|
2011-06-01 23:44:06 +02:00
|
|
|
self.physinfo = xc.physinfo()
|
2010-09-16 17:52:52 +02:00
|
|
|
|
2011-06-01 23:44:06 +02:00
|
|
|
self.xen_total_mem = long(self.physinfo['total_memory'])
|
|
|
|
self.xen_no_cpus = self.physinfo['nr_cpus']
|
2010-09-16 17:52:52 +02:00
|
|
|
|
|
|
|
# print "QubesHost: total_mem = {0}B".format (self.xen_total_mem)
|
|
|
|
# print "QubesHost: free_mem = {0}".format (self.get_free_xen_memory())
|
|
|
|
# print "QubesHost: total_cpus = {0}".format (self.xen_no_cpus)
|
|
|
|
|
|
|
|
@property
|
|
|
|
def memory_total(self):
|
|
|
|
return self.xen_total_mem
|
|
|
|
|
|
|
|
@property
|
|
|
|
def no_cpus(self):
|
|
|
|
return self.xen_no_cpus
|
|
|
|
|
|
|
|
def get_free_xen_memory(self):
|
2011-06-01 23:44:06 +02:00
|
|
|
ret = self.physinfo['free_memory']
|
2010-09-16 17:52:52 +02:00
|
|
|
return long(ret)
|
|
|
|
|
2013-03-16 14:19:03 +01:00
|
|
|
def measure_cpu_usage(self, previous=None, previous_time = None,
|
|
|
|
wait_time=1):
|
|
|
|
"""measure cpu usage for all domains at once"""
|
2011-06-01 23:44:06 +02:00
|
|
|
if previous is None:
|
|
|
|
previous_time = time.time()
|
|
|
|
previous = {}
|
2012-04-28 02:17:04 +02:00
|
|
|
info = xc.domain_getinfo(0, qubes_max_qid)
|
2011-06-01 23:44:06 +02:00
|
|
|
for vm in info:
|
|
|
|
previous[vm['domid']] = {}
|
2013-03-16 14:19:03 +01:00
|
|
|
previous[vm['domid']]['cpu_time'] = (
|
|
|
|
vm['cpu_time'] / vm['online_vcpus'])
|
2011-06-01 23:44:06 +02:00
|
|
|
previous[vm['domid']]['cpu_usage'] = 0
|
|
|
|
time.sleep(wait_time)
|
|
|
|
|
|
|
|
current_time = time.time()
|
|
|
|
current = {}
|
2012-04-28 02:17:04 +02:00
|
|
|
info = xc.domain_getinfo(0, qubes_max_qid)
|
2011-06-01 23:44:06 +02:00
|
|
|
for vm in info:
|
|
|
|
current[vm['domid']] = {}
|
2013-03-16 14:19:03 +01:00
|
|
|
current[vm['domid']]['cpu_time'] = (
|
|
|
|
vm['cpu_time'] / max(vm['online_vcpus'], 1))
|
2011-06-01 23:44:06 +02:00
|
|
|
if vm['domid'] in previous.keys():
|
2013-03-16 14:19:03 +01:00
|
|
|
current[vm['domid']]['cpu_usage'] = (
|
|
|
|
float(current[vm['domid']]['cpu_time'] -
|
|
|
|
previous[vm['domid']]['cpu_time']) /
|
|
|
|
long(1000**3) / (current_time-previous_time) * 100)
|
2011-06-11 20:44:26 +02:00
|
|
|
if current[vm['domid']]['cpu_usage'] < 0:
|
|
|
|
# VM has been rebooted
|
|
|
|
current[vm['domid']]['cpu_usage'] = 0
|
2011-06-01 23:44:06 +02:00
|
|
|
else:
|
|
|
|
current[vm['domid']]['cpu_usage'] = 0
|
|
|
|
|
|
|
|
return (current_time, current)
|
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
class QubesVmLabel(object):
|
2010-05-10 15:01:47 +02:00
|
|
|
def __init__(self, name, index, color = None, icon = None):
|
2010-04-05 20:58:57 +02:00
|
|
|
self.name = name
|
2010-05-10 15:01:47 +02:00
|
|
|
self.index = index
|
2010-04-05 20:58:57 +02:00
|
|
|
self.color = color if color is not None else name
|
|
|
|
self.icon = icon if icon is not None else name
|
2013-03-16 14:19:03 +01:00
|
|
|
self.icon_path = os.path.join(
|
|
|
|
system_path['qubes_icon_dir'], self.icon) + ".png"
|
2010-04-05 20:58:57 +02:00
|
|
|
|
|
|
|
# Globally defined lables
|
|
|
|
QubesVmLabels = {
|
2010-06-03 23:04:06 +02:00
|
|
|
"red" : QubesVmLabel ("red", 1),
|
|
|
|
"orange" : QubesVmLabel ("orange", 2),
|
|
|
|
"yellow" : QubesVmLabel ("yellow", 3),
|
|
|
|
"green" : QubesVmLabel ("green", 4, color="0x5fa05e"),
|
|
|
|
"gray" : QubesVmLabel ("gray", 5),
|
|
|
|
"blue" : QubesVmLabel ("blue", 6),
|
|
|
|
"purple" : QubesVmLabel ("purple", 7, color="0xb83374"),
|
|
|
|
"black" : QubesVmLabel ("black", 8),
|
2010-04-05 20:58:57 +02:00
|
|
|
}
|
|
|
|
|
2012-03-07 18:50:56 +01:00
|
|
|
QubesDispVmLabels = {
|
|
|
|
"red" : QubesVmLabel ("red", 1, icon="dispvm-red"),
|
|
|
|
"orange" : QubesVmLabel ("orange", 2, icon="dispvm-orange"),
|
|
|
|
"yellow" : QubesVmLabel ("yellow", 3, icon="dispvm-yellow"),
|
|
|
|
"green" : QubesVmLabel ("green", 4, color="0x5fa05e", icon="dispvm-green"),
|
|
|
|
"gray" : QubesVmLabel ("gray", 5, icon="dispvm-gray"),
|
|
|
|
"blue" : QubesVmLabel ("blue", 6, icon="dispvm-blue"),
|
|
|
|
"purple" : QubesVmLabel ("purple", 7, color="0xb83374", icon="dispvm-purple"),
|
|
|
|
"black" : QubesVmLabel ("black", 8, icon="dispvm-black"),
|
|
|
|
}
|
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
defaults["appvm_label"] = QubesVmLabels["red"]
|
|
|
|
defaults["template_label"] = QubesVmLabels["black"]
|
|
|
|
defaults["servicevm_label"] = QubesVmLabels["red"]
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-01-17 01:18:42 +01:00
|
|
|
QubesVmClasses = {}
|
2013-03-16 02:39:30 +01:00
|
|
|
def register_qubes_vm_class(vm_class):
|
|
|
|
QubesVmClasses[vm_class.__name__] = vm_class
|
|
|
|
# register class as local for this module - to make it easy to import from
|
|
|
|
# other modules
|
|
|
|
setattr(sys.modules[__name__], vm_class.__name__, vm_class)
|
2013-01-17 01:18:42 +01:00
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
class QubesVmCollection(dict):
|
|
|
|
"""
|
|
|
|
A collection of Qubes VMs indexed by Qubes id (qid)
|
|
|
|
"""
|
|
|
|
|
2013-03-15 18:43:09 +01:00
|
|
|
def __init__(self, store_filename=system_path["qubes_store_filename"]):
|
2010-04-05 20:58:57 +02:00
|
|
|
super(QubesVmCollection, self).__init__()
|
|
|
|
self.default_netvm_qid = None
|
2011-02-09 21:21:14 +01:00
|
|
|
self.default_fw_netvm_qid = None
|
2010-04-05 20:58:57 +02:00
|
|
|
self.default_template_qid = None
|
2011-07-15 12:24:27 +02:00
|
|
|
self.default_kernel = None
|
2011-06-22 00:44:48 +02:00
|
|
|
self.updatevm_qid = None
|
2010-06-26 15:00:19 +02:00
|
|
|
self.qubes_store_filename = store_filename
|
2011-10-01 02:52:56 +02:00
|
|
|
self.clockvm_qid = None
|
2013-03-16 14:19:03 +01:00
|
|
|
self.qubes_store_file = None
|
2010-04-05 20:58:57 +02:00
|
|
|
|
|
|
|
def values(self):
|
|
|
|
for qid in self.keys():
|
|
|
|
yield self[qid]
|
|
|
|
|
|
|
|
def items(self):
|
|
|
|
for qid in self.keys():
|
|
|
|
yield (qid, self[qid])
|
|
|
|
|
|
|
|
def __iter__(self):
|
|
|
|
for qid in sorted(super(QubesVmCollection, self).keys()):
|
|
|
|
yield qid
|
|
|
|
|
|
|
|
keys = __iter__
|
|
|
|
|
|
|
|
def __setitem__(self, key, value):
|
|
|
|
if key not in self:
|
|
|
|
return super(QubesVmCollection, self).__setitem__(key, value)
|
|
|
|
else:
|
|
|
|
assert False, "Attempt to add VM with qid that already exists in the collection!"
|
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
def add_new_vm(self, vm_type, **kwargs):
|
|
|
|
if vm_type not in QubesVmClasses.keys():
|
|
|
|
raise ValueError("Unknown VM type: %s" % vm_type)
|
|
|
|
|
|
|
|
qid = self.get_new_unused_qid()
|
|
|
|
vm = QubesVmClasses[vm_type](qid=qid, collection=self, **kwargs)
|
|
|
|
if not self.verify_new_vm(vm):
|
|
|
|
raise QubesException("Wrong VM description!")
|
2013-03-16 14:19:03 +01:00
|
|
|
self[vm.qid] = vm
|
2013-01-17 01:29:32 +01:00
|
|
|
|
|
|
|
# make first created NetVM the default one
|
|
|
|
if self.default_fw_netvm_qid is None and vm.is_netvm():
|
|
|
|
self.set_default_fw_netvm(vm)
|
|
|
|
|
|
|
|
if self.default_netvm_qid is None and vm.is_proxyvm():
|
|
|
|
self.set_default_netvm(vm)
|
|
|
|
|
|
|
|
# make first created TemplateVM the default one
|
|
|
|
if self.default_template_qid is None and vm.is_template():
|
|
|
|
self.set_default_template(vm)
|
|
|
|
|
|
|
|
# make first created ProxyVM the UpdateVM
|
|
|
|
if self.updatevm_qid is None and vm.is_proxyvm():
|
|
|
|
self.set_updatevm_vm(vm)
|
|
|
|
|
|
|
|
# by default ClockVM is the first NetVM
|
|
|
|
if self.clockvm_qid is None and vm.is_netvm():
|
|
|
|
self.set_clockvm_vm(vm)
|
|
|
|
|
|
|
|
return vm
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def add_new_appvm(self, name, template,
|
2010-04-05 20:58:57 +02:00
|
|
|
dir_path = None, conf_file = None,
|
|
|
|
private_img = None,
|
|
|
|
label = None):
|
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesAppVm", name=name, template=template,
|
2010-04-05 20:58:57 +02:00
|
|
|
dir_path=dir_path, conf_file=conf_file,
|
|
|
|
private_img=private_img,
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = self.get_default_netvm(),
|
2011-07-02 18:48:17 +02:00
|
|
|
kernel = self.get_default_kernel(),
|
|
|
|
uses_default_kernel = True,
|
2010-04-05 20:58:57 +02:00
|
|
|
label=label)
|
|
|
|
|
2012-02-24 04:23:27 +01:00
|
|
|
def add_new_hvm(self, name, label = None):
|
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesHVm", name=name, label=label)
|
2012-02-24 04:23:27 +01:00
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def add_new_disposablevm(self, name, template, dispid,
|
2013-01-16 23:49:24 +01:00
|
|
|
label = None, netvm = None):
|
2010-09-21 15:59:22 +02:00
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesDisposableVm", name=name, template=template,
|
2013-01-16 23:49:24 +01:00
|
|
|
netvm = netvm,
|
2011-07-09 17:52:47 +02:00
|
|
|
label=label, dispid=dispid)
|
2010-09-21 15:59:22 +02:00
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
def add_new_templatevm(self, name,
|
|
|
|
dir_path = None, conf_file = None,
|
|
|
|
root_img = None, private_img = None,
|
|
|
|
installed_by_rpm = True):
|
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesTemplateVm", name=name,
|
2010-04-05 20:58:57 +02:00
|
|
|
dir_path=dir_path, conf_file=conf_file,
|
|
|
|
root_img=root_img, private_img=private_img,
|
|
|
|
installed_by_rpm=installed_by_rpm,
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = self.get_default_netvm(),
|
2011-07-02 18:48:17 +02:00
|
|
|
kernel = self.get_default_kernel(),
|
|
|
|
uses_default_kernel = True)
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def add_new_netvm(self, name, template,
|
2010-04-05 20:58:57 +02:00
|
|
|
dir_path = None, conf_file = None,
|
2011-03-16 11:28:16 +01:00
|
|
|
private_img = None, installed_by_rpm = False,
|
2012-03-09 11:28:06 +01:00
|
|
|
label = None):
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesNetVm", name=name, template=template,
|
|
|
|
label=label,
|
2011-03-16 11:28:16 +01:00
|
|
|
private_img=private_img, installed_by_rpm=installed_by_rpm,
|
2011-07-02 18:48:17 +02:00
|
|
|
uses_default_kernel = True,
|
2011-03-11 01:59:56 +01:00
|
|
|
dir_path=dir_path, conf_file=conf_file)
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def add_new_proxyvm(self, name, template,
|
2011-02-09 21:21:14 +01:00
|
|
|
dir_path = None, conf_file = None,
|
2011-03-16 11:28:16 +01:00
|
|
|
private_img = None, installed_by_rpm = False,
|
2012-03-09 11:28:06 +01:00
|
|
|
label = None):
|
2011-02-09 21:21:14 +01:00
|
|
|
|
2013-01-17 01:29:32 +01:00
|
|
|
warnings.warn("Call to deprecated function, use add_new_vm instead",
|
|
|
|
DeprecationWarning, stacklevel=2)
|
|
|
|
return self.add_new_vm("QubesProxyVm", name=name, template=template,
|
|
|
|
label=label,
|
2011-03-16 11:28:16 +01:00
|
|
|
private_img=private_img, installed_by_rpm=installed_by_rpm,
|
2011-02-09 21:21:14 +01:00
|
|
|
dir_path=dir_path, conf_file=conf_file,
|
2011-07-02 18:48:17 +02:00
|
|
|
uses_default_kernel = True,
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = self.get_default_fw_netvm())
|
2011-02-09 21:21:14 +01:00
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def set_default_template(self, vm):
|
2011-03-11 01:52:09 +01:00
|
|
|
assert vm.is_template(), "VM {0} is not a TemplateVM!".format(vm.name)
|
2010-04-05 20:58:57 +02:00
|
|
|
self.default_template_qid = vm.qid
|
|
|
|
|
2012-03-09 11:01:20 +01:00
|
|
|
def get_default_template(self):
|
2010-04-05 20:58:57 +02:00
|
|
|
if self.default_template_qid is None:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
return self[self.default_template_qid]
|
|
|
|
|
2012-03-04 21:59:02 +01:00
|
|
|
def set_default_netvm(self, vm):
|
2011-03-06 17:06:45 +01:00
|
|
|
assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name)
|
2010-04-05 20:58:57 +02:00
|
|
|
self.default_netvm_qid = vm.qid
|
|
|
|
|
2012-03-04 21:59:02 +01:00
|
|
|
def get_default_netvm(self):
|
2010-04-05 20:58:57 +02:00
|
|
|
if self.default_netvm_qid is None:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
return self[self.default_netvm_qid]
|
|
|
|
|
2011-06-30 01:07:47 +02:00
|
|
|
def set_default_kernel(self, kernel):
|
2013-03-16 14:19:03 +01:00
|
|
|
assert os.path.exists(
|
|
|
|
os.path.join(system_path["qubes_kernels_base_dir"], kernel)), \
|
|
|
|
"Kerel {0} not installed!".format(kernel)
|
2011-06-30 01:07:47 +02:00
|
|
|
self.default_kernel = kernel
|
|
|
|
|
|
|
|
def get_default_kernel(self):
|
|
|
|
return self.default_kernel
|
|
|
|
|
2012-03-04 21:59:02 +01:00
|
|
|
def set_default_fw_netvm(self, vm):
|
2011-03-06 17:06:45 +01:00
|
|
|
assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name)
|
2011-02-09 21:21:14 +01:00
|
|
|
self.default_fw_netvm_qid = vm.qid
|
|
|
|
|
2012-03-04 21:59:02 +01:00
|
|
|
def get_default_fw_netvm(self):
|
2011-02-09 21:21:14 +01:00
|
|
|
if self.default_fw_netvm_qid is None:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
return self[self.default_fw_netvm_qid]
|
|
|
|
|
2011-06-22 00:44:48 +02:00
|
|
|
def set_updatevm_vm(self, vm):
|
|
|
|
self.updatevm_qid = vm.qid
|
|
|
|
|
|
|
|
def get_updatevm_vm(self):
|
|
|
|
if self.updatevm_qid is None:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
return self[self.updatevm_qid]
|
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
def set_clockvm_vm(self, vm):
|
|
|
|
self.clockvm_qid = vm.qid
|
|
|
|
|
|
|
|
def get_clockvm_vm(self):
|
|
|
|
if self.clockvm_qid is None:
|
|
|
|
return None
|
|
|
|
else:
|
|
|
|
return self[self.clockvm_qid]
|
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
def get_vm_by_name(self, name):
|
|
|
|
for vm in self.values():
|
|
|
|
if (vm.name == name):
|
|
|
|
return vm
|
|
|
|
return None
|
|
|
|
|
|
|
|
def get_qid_by_name(self, name):
|
|
|
|
vm = self.get_vm_by_name(name)
|
|
|
|
return vm.qid if vm is not None else None
|
|
|
|
|
|
|
|
def get_vms_based_on(self, template_qid):
|
|
|
|
vms = set([vm for vm in self.values()
|
2012-03-09 11:01:20 +01:00
|
|
|
if (vm.template and vm.template.qid == template_qid)])
|
2010-04-05 20:58:57 +02:00
|
|
|
return vms
|
2011-03-02 15:00:19 +01:00
|
|
|
|
2011-03-31 01:58:45 +02:00
|
|
|
def get_vms_connected_to(self, netvm_qid):
|
|
|
|
new_vms = [ netvm_qid ]
|
|
|
|
dependend_vms_qid = []
|
|
|
|
|
|
|
|
# Dependency resolving only makes sense on NetVM (or derivative)
|
|
|
|
if not self[netvm_qid].is_netvm():
|
|
|
|
return set([])
|
|
|
|
|
|
|
|
while len(new_vms) > 0:
|
|
|
|
cur_vm = new_vms.pop()
|
2011-04-07 10:42:24 +02:00
|
|
|
for vm in self[cur_vm].connected_vms.values():
|
2011-04-04 19:08:40 +02:00
|
|
|
if vm.qid not in dependend_vms_qid:
|
2011-03-31 01:58:45 +02:00
|
|
|
dependend_vms_qid.append(vm.qid)
|
|
|
|
if vm.is_netvm():
|
|
|
|
new_vms.append(vm.qid)
|
|
|
|
|
|
|
|
vms = [vm for vm in self.values() if vm.qid in dependend_vms_qid]
|
|
|
|
return vms
|
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
def verify_new_vm(self, new_vm):
|
|
|
|
|
|
|
|
# Verify that qid is unique
|
|
|
|
for vm in self.values():
|
|
|
|
if vm.qid == new_vm.qid:
|
2011-10-07 21:40:29 +02:00
|
|
|
print >> sys.stderr, "ERROR: The qid={0} is already used by VM '{1}'!".\
|
2010-04-05 20:58:57 +02:00
|
|
|
format(vm.qid, vm.name)
|
|
|
|
return False
|
|
|
|
|
|
|
|
# Verify that name is unique
|
|
|
|
for vm in self.values():
|
|
|
|
if vm.name == new_vm.name:
|
2013-03-16 14:19:03 +01:00
|
|
|
print >> sys.stderr, \
|
|
|
|
"ERROR: The name={0} is already used by other VM with qid='{1}'!".\
|
2010-04-05 20:58:57 +02:00
|
|
|
format(vm.name, vm.qid)
|
|
|
|
return False
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
def get_new_unused_qid(self):
|
|
|
|
used_ids = set([vm.qid for vm in self.values()])
|
|
|
|
for id in range (1, qubes_max_qid):
|
|
|
|
if id not in used_ids:
|
|
|
|
return id
|
|
|
|
raise LookupError ("Cannot find unused qid!")
|
|
|
|
|
|
|
|
def get_new_unused_netid(self):
|
|
|
|
used_ids = set([vm.netid for vm in self.values() if vm.is_netvm()])
|
|
|
|
for id in range (1, qubes_max_netid):
|
|
|
|
if id not in used_ids:
|
|
|
|
return id
|
|
|
|
raise LookupError ("Cannot find unused netid!")
|
|
|
|
|
|
|
|
|
|
|
|
def check_if_storage_exists(self):
|
|
|
|
try:
|
2010-06-26 15:00:19 +02:00
|
|
|
f = open (self.qubes_store_filename, 'r')
|
2010-04-05 20:58:57 +02:00
|
|
|
except IOError:
|
|
|
|
return False
|
|
|
|
f.close()
|
|
|
|
return True
|
|
|
|
|
|
|
|
def create_empty_storage(self):
|
2010-06-26 15:00:19 +02:00
|
|
|
self.qubes_store_file = open (self.qubes_store_filename, 'w')
|
2010-04-05 20:58:57 +02:00
|
|
|
self.clear()
|
|
|
|
self.save()
|
|
|
|
|
|
|
|
def lock_db_for_reading(self):
|
2010-06-26 15:00:19 +02:00
|
|
|
self.qubes_store_file = open (self.qubes_store_filename, 'r')
|
2010-04-05 20:58:57 +02:00
|
|
|
fcntl.lockf (self.qubes_store_file, fcntl.LOCK_SH)
|
|
|
|
|
|
|
|
def lock_db_for_writing(self):
|
2010-06-26 15:00:19 +02:00
|
|
|
self.qubes_store_file = open (self.qubes_store_filename, 'r+')
|
2010-04-05 20:58:57 +02:00
|
|
|
fcntl.lockf (self.qubes_store_file, fcntl.LOCK_EX)
|
|
|
|
|
|
|
|
def unlock_db(self):
|
2013-10-02 04:52:18 +02:00
|
|
|
# intentionally do not call explicit unlock to not unlock the file
|
|
|
|
# before all buffers are flushed
|
2010-04-05 20:58:57 +02:00
|
|
|
self.qubes_store_file.close()
|
|
|
|
|
|
|
|
def save(self):
|
2012-10-17 21:26:13 +02:00
|
|
|
root = lxml.etree.Element(
|
2010-04-05 20:58:57 +02:00
|
|
|
"QubesVmCollection",
|
|
|
|
|
|
|
|
default_template=str(self.default_template_qid) \
|
|
|
|
if self.default_template_qid is not None else "None",
|
|
|
|
|
|
|
|
default_netvm=str(self.default_netvm_qid) \
|
2011-03-11 02:12:23 +01:00
|
|
|
if self.default_netvm_qid is not None else "None",
|
2011-03-11 02:09:32 +01:00
|
|
|
|
|
|
|
default_fw_netvm=str(self.default_fw_netvm_qid) \
|
2011-06-22 00:44:48 +02:00
|
|
|
if self.default_fw_netvm_qid is not None else "None",
|
|
|
|
|
|
|
|
updatevm=str(self.updatevm_qid) \
|
2011-06-30 01:07:47 +02:00
|
|
|
if self.updatevm_qid is not None else "None",
|
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
clockvm=str(self.clockvm_qid) \
|
|
|
|
if self.clockvm_qid is not None else "None",
|
|
|
|
|
2011-06-30 01:07:47 +02:00
|
|
|
default_kernel=str(self.default_kernel) \
|
|
|
|
if self.default_kernel is not None else "None",
|
2010-04-05 20:58:57 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
for vm in self.values():
|
|
|
|
element = vm.create_xml_element()
|
|
|
|
if element is not None:
|
|
|
|
root.append(element)
|
2012-10-17 21:26:13 +02:00
|
|
|
tree = lxml.etree.ElementTree(root)
|
2010-04-05 20:58:57 +02:00
|
|
|
|
|
|
|
try:
|
2011-03-02 15:00:19 +01:00
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
# We need to manually truncate the file, as we open the
|
|
|
|
# file as "r+" in the lock_db_for_writing() function
|
|
|
|
self.qubes_store_file.seek (0, os.SEEK_SET)
|
|
|
|
self.qubes_store_file.truncate()
|
2012-10-17 21:26:13 +02:00
|
|
|
tree.write(self.qubes_store_file, encoding="UTF-8", pretty_print=True)
|
2010-04-05 20:58:57 +02:00
|
|
|
except EnvironmentError as err:
|
2011-02-21 18:13:27 +01:00
|
|
|
print("{0}: export error: {1}".format(
|
2010-04-05 20:58:57 +02:00
|
|
|
os.path.basename(sys.argv[0]), err))
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
2011-03-17 01:40:15 +01:00
|
|
|
def set_netvm_dependency(self, element):
|
|
|
|
kwargs = {}
|
|
|
|
attr_list = ("qid", "uses_default_netvm", "netvm_qid")
|
|
|
|
|
|
|
|
for attribute in attr_list:
|
|
|
|
kwargs[attribute] = element.get(attribute)
|
|
|
|
|
|
|
|
vm = self[int(kwargs["qid"])]
|
|
|
|
|
|
|
|
if "uses_default_netvm" not in kwargs:
|
|
|
|
vm.uses_default_netvm = True
|
|
|
|
else:
|
2013-03-16 14:19:03 +01:00
|
|
|
vm.uses_default_netvm = (
|
|
|
|
True if kwargs["uses_default_netvm"] == "True" else False)
|
2011-03-17 01:40:15 +01:00
|
|
|
if vm.uses_default_netvm is True:
|
2013-01-27 00:01:23 +01:00
|
|
|
if vm.is_proxyvm():
|
|
|
|
netvm = self.get_default_fw_netvm()
|
|
|
|
else:
|
|
|
|
netvm = self.get_default_netvm()
|
2011-03-17 01:40:15 +01:00
|
|
|
kwargs.pop("netvm_qid")
|
|
|
|
else:
|
|
|
|
if kwargs["netvm_qid"] == "none" or kwargs["netvm_qid"] is None:
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = None
|
2011-03-17 01:40:15 +01:00
|
|
|
kwargs.pop("netvm_qid")
|
|
|
|
else:
|
|
|
|
netvm_qid = int(kwargs.pop("netvm_qid"))
|
|
|
|
if netvm_qid not in self:
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = None
|
2011-03-17 01:40:15 +01:00
|
|
|
else:
|
2012-03-04 21:59:02 +01:00
|
|
|
netvm = self[netvm_qid]
|
2011-03-17 01:40:15 +01:00
|
|
|
|
2012-03-09 01:52:28 +01:00
|
|
|
# directly set internal attr to not call setters...
|
|
|
|
vm._netvm = netvm
|
2012-03-04 21:59:02 +01:00
|
|
|
if netvm:
|
|
|
|
netvm.connected_vms[vm.qid] = vm
|
2011-03-17 01:40:15 +01:00
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-01-17 01:18:42 +01:00
|
|
|
def load_globals(self, element):
|
2011-03-02 15:00:19 +01:00
|
|
|
default_template = element.get("default_template")
|
2010-04-05 20:58:57 +02:00
|
|
|
self.default_template_qid = int(default_template) \
|
2013-01-17 01:18:42 +01:00
|
|
|
if default_template.lower() != "none" else None
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2011-03-02 15:00:19 +01:00
|
|
|
default_netvm = element.get("default_netvm")
|
2010-04-05 20:58:57 +02:00
|
|
|
if default_netvm is not None:
|
|
|
|
self.default_netvm_qid = int(default_netvm) \
|
|
|
|
if default_netvm != "None" else None
|
2011-03-11 02:09:32 +01:00
|
|
|
#assert self.default_netvm_qid is not None
|
|
|
|
|
2011-10-01 02:55:22 +02:00
|
|
|
default_fw_netvm = element.get("default_fw_netvm")
|
2011-03-11 02:09:32 +01:00
|
|
|
if default_fw_netvm is not None:
|
|
|
|
self.default_fw_netvm_qid = int(default_fw_netvm) \
|
|
|
|
if default_fw_netvm != "None" else None
|
2010-04-05 20:58:57 +02:00
|
|
|
#assert self.default_netvm_qid is not None
|
|
|
|
|
2011-06-22 00:44:48 +02:00
|
|
|
updatevm = element.get("updatevm")
|
|
|
|
if updatevm is not None:
|
|
|
|
self.updatevm_qid = int(updatevm) \
|
|
|
|
if updatevm != "None" else None
|
|
|
|
#assert self.default_netvm_qid is not None
|
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
clockvm = element.get("clockvm")
|
|
|
|
if clockvm is not None:
|
|
|
|
self.clockvm_qid = int(clockvm) \
|
|
|
|
if clockvm != "None" else None
|
|
|
|
|
2011-06-30 01:07:47 +02:00
|
|
|
self.default_kernel = element.get("default_kernel")
|
2011-06-22 00:44:48 +02:00
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-01-17 01:18:42 +01:00
|
|
|
def load(self):
|
|
|
|
self.clear()
|
2010-09-21 15:59:22 +02:00
|
|
|
|
2013-01-17 01:18:42 +01:00
|
|
|
try:
|
|
|
|
tree = lxml.etree.parse(self.qubes_store_file)
|
|
|
|
except (EnvironmentError,
|
|
|
|
xml.parsers.expat.ExpatError) as err:
|
|
|
|
print("{0}: import error: {1}".format(
|
|
|
|
os.path.basename(sys.argv[0]), err))
|
|
|
|
return False
|
2010-09-21 15:59:22 +02:00
|
|
|
|
2013-01-17 01:18:42 +01:00
|
|
|
self.load_globals(tree.getroot())
|
|
|
|
|
|
|
|
for (vm_class_name, vm_class) in sorted(QubesVmClasses.items(),
|
|
|
|
key=lambda _x: _x[1].load_order):
|
2013-11-19 18:42:59 +01:00
|
|
|
vms_of_class = tree.findall(vm_class_name)
|
|
|
|
# first non-template based, then template based
|
|
|
|
sorted_vms_of_class = sorted(vms_of_class, key= \
|
|
|
|
lambda x: str(x.get('template_qid')).lower() != "none")
|
|
|
|
for element in sorted_vms_of_class:
|
2013-01-17 01:18:42 +01:00
|
|
|
try:
|
|
|
|
vm = vm_class(xml_element=element, collection=self)
|
|
|
|
self[vm.qid] = vm
|
|
|
|
except (ValueError, LookupError) as err:
|
|
|
|
print("{0}: import error ({1}): {2}".format(
|
|
|
|
os.path.basename(sys.argv[0]), vm_class_name, err))
|
|
|
|
raise
|
|
|
|
return False
|
|
|
|
|
|
|
|
# After importing all VMs, set netvm references, in the same order
|
|
|
|
for (vm_class_name, vm_class) in sorted(QubesVmClasses.items(),
|
|
|
|
key=lambda _x: _x[1].load_order):
|
|
|
|
for element in tree.findall(vm_class_name):
|
|
|
|
try:
|
|
|
|
self.set_netvm_dependency(element)
|
|
|
|
except (ValueError, LookupError) as err:
|
|
|
|
print("{0}: import error2 ({}): {}".format(
|
|
|
|
os.path.basename(sys.argv[0]), vm_class_name, err))
|
|
|
|
return False
|
2010-09-21 15:59:22 +02:00
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
# if there was no clockvm entry in qubes.xml, try to determine default:
|
|
|
|
# root of default NetVM chain
|
2013-01-23 02:04:34 +01:00
|
|
|
if tree.getroot().get("clockvm") is None:
|
2011-10-01 02:52:56 +02:00
|
|
|
if self.default_netvm_qid is not None:
|
|
|
|
clockvm = self[self.default_netvm_qid]
|
|
|
|
# Find root of netvm chain
|
2012-03-04 21:59:02 +01:00
|
|
|
while clockvm.netvm is not None:
|
|
|
|
clockvm = clockvm.netvm
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
self.clockvm_qid = clockvm.qid
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-16 14:19:03 +01:00
|
|
|
# Disable ntpd in ClockVM - to not conflict with ntpdate (both are
|
|
|
|
# using 123/udp port)
|
2011-10-01 02:52:56 +02:00
|
|
|
if self.clockvm_qid is not None:
|
2012-02-01 17:51:04 +01:00
|
|
|
self[self.clockvm_qid].services['ntpd'] = False
|
2013-11-24 23:50:39 +01:00
|
|
|
|
|
|
|
# Add dom0 if wasn't present in qubes.xml
|
|
|
|
if not 0 in self.keys():
|
2013-11-29 03:42:56 +01:00
|
|
|
dom0vm = QubesAdminVm (collection=self)
|
2013-11-24 23:50:39 +01:00
|
|
|
self[dom0vm.qid] = dom0vm
|
|
|
|
|
2011-10-01 02:52:56 +02:00
|
|
|
return True
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2011-12-23 17:08:14 +01:00
|
|
|
def pop(self, qid):
|
|
|
|
if self.default_netvm_qid == qid:
|
|
|
|
self.default_netvm_qid = None
|
|
|
|
if self.default_fw_netvm_qid == qid:
|
|
|
|
self.default_fw_netvm_qid = None
|
|
|
|
if self.clockvm_qid == qid:
|
|
|
|
self.clockvm_qid = None
|
|
|
|
if self.updatevm_qid == qid:
|
|
|
|
self.updatevm_qid = None
|
|
|
|
if self.default_template_qid == qid:
|
|
|
|
self.default_template_qid = None
|
|
|
|
|
|
|
|
return super(QubesVmCollection, self).pop(qid)
|
|
|
|
|
2010-04-05 20:58:57 +02:00
|
|
|
class QubesDaemonPidfile(object):
|
|
|
|
def __init__(self, name):
|
|
|
|
self.name = name
|
|
|
|
self.path = "/var/run/qubes/" + name + ".pid"
|
|
|
|
|
|
|
|
def create_pidfile(self):
|
|
|
|
f = open (self.path, 'w')
|
|
|
|
f.write(str(os.getpid()))
|
|
|
|
f.close()
|
|
|
|
|
|
|
|
def pidfile_exists(self):
|
|
|
|
return os.path.exists(self.path)
|
|
|
|
|
|
|
|
def read_pid(self):
|
|
|
|
f = open (self.path)
|
|
|
|
pid = f.read ().strip()
|
|
|
|
f.close()
|
|
|
|
return int(pid)
|
|
|
|
|
|
|
|
def pidfile_is_stale(self):
|
|
|
|
if not self.pidfile_exists():
|
|
|
|
return False
|
|
|
|
|
|
|
|
# check if the pid file is valid...
|
|
|
|
proc_path = "/proc/" + str(self.read_pid()) + "/cmdline"
|
|
|
|
if not os.path.exists (proc_path):
|
2013-03-16 14:19:03 +01:00
|
|
|
print >> sys.stderr, \
|
|
|
|
"Path {0} doesn't exist, assuming stale pidfile.".\
|
|
|
|
format(proc_path)
|
2010-04-05 20:58:57 +02:00
|
|
|
return True
|
|
|
|
|
|
|
|
return False # It's a good pidfile
|
|
|
|
|
|
|
|
def remove_pidfile(self):
|
|
|
|
os.remove (self.path)
|
|
|
|
|
|
|
|
def __enter__ (self):
|
|
|
|
# assumes the pidfile doesn't exist -- you should ensure it before opening the context
|
|
|
|
self.create_pidfile()
|
2013-02-14 19:04:05 +01:00
|
|
|
|
|
|
|
def __exit__ (self, exc_type, exc_val, exc_tb):
|
2010-04-05 20:58:57 +02:00
|
|
|
self.remove_pidfile()
|
2013-02-14 19:04:05 +01:00
|
|
|
return False
|
2010-04-05 20:58:57 +02:00
|
|
|
|
2013-03-16 02:39:30 +01:00
|
|
|
modules_dir = os.path.join(os.path.dirname(__file__), 'modules')
|
|
|
|
for module_file in sorted(os.listdir(modules_dir)):
|
|
|
|
if not module_file.endswith(".py") or module_file == "__init__.py":
|
|
|
|
continue
|
|
|
|
__import__('qubes.modules.%s' % module_file[:-3])
|
|
|
|
|
2011-02-27 00:06:46 +01:00
|
|
|
# vim:sw=4:et:
|