Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,773 Commits 1 Branch 0 Tags 15 MiB
26a9974432
Commit Graph

4773 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
26a9974432
api/admin: split vm.volume.Clone to CloneFrom and CloneTo 
The first operation returns a token, which can be passed to the second
one to actually perform clone operation. This way the caller needs have
power over both source and destination VMs (or at least appropriate
volumes), so it's easier to enforce appropriate qrexec policy.

The pending tokens are stored on Qubes() instance (as QubesAdminAPI is
not persistent). It is design choice to keep them in RAM only - those
are one time use and this way restarting qubesd is a simple way to
invalidate all of them. Otherwise we'd need some additional calls like
CloneCancel or such.

QubesOS/qubes-issues#2622
 2017-06-26 13:27:48 +02:00
Marek Marczykowski-Górecki
3dcd29afea
api/admin: remove admin.vm.Clone operation 
The same can be achieved with Create+volume.Clone

QubesOS/qubes-issues#2622
 2017-06-26 13:10:00 +02:00
Marek Marczykowski-Górecki
fabd8119b4
storage: volume.import_volume now expect create()d volume 
This is much more logical for *import*_volume function.

QubesOS/qubes-issues#2256
 2017-06-26 13:09:26 +02:00
Marek Marczykowski-Górecki
28f78ed3b8
storage/lvm: minor fixes 
QubesOS/qubes-issues#2256
 2017-06-26 13:09:26 +02:00
Marek Marczykowski-Górecki
a748b393f4
storage: move remove() to Volume 
This is continuation of 0f12870 "storage: use direct object references,
not only identifiers".

QubesOS/qubes-issues#2256
 2017-06-26 13:09:26 +02:00
Marek Marczykowski-Górecki
ae600e24bf
storage: simplify pool.volumes usage 
Add convenient collection wrapper for easier getting selected volume.
Storage pool implementation may still provide only volume listing
function (pool.list_volumes), or, additionally, optimized
pool.get_volume.

This means it is both possible to iterate over volumes:
```python
for volume in pool.volumes:
    ...

```

And get a single volume:
```python
volume = pool.volumes[vid]
```

QubesOS/qubes-issues#2256
 2017-06-26 13:09:26 +02:00
Marek Marczykowski-Górecki
65d15e6040
api/admin: skip firewall in vm.Clone 
This operation is going to be removed, so apply a quick fix for tests.

QubesOS/qubes-issues#2622
 2017-06-26 13:07:19 +02:00
Marek Marczykowski-Górecki
26013122a0
Merge remote-tracking branch 'woju/devel-adminext' into core3-devel 2017-06-23 10:34:11 +02:00
Wojtek Porczyk
9f57db8749 rpm_spec: fix 2017-06-23 10:26:04 +02:00
Marek Marczykowski-Górecki
4208a98bd7
Merge branch 'core3-devel-20170619' 2017-06-23 02:53:17 +02:00
Marek Marczykowski-Górecki
f976f7ec6c
storage: simplify coroutine handling 
Suggested by @woju
 2017-06-23 02:35:49 +02:00
Marek Marczykowski-Górecki
57e293eb54
Merge branch 'core3-qmemman-fix' 2017-06-22 23:16:35 +02:00
Wojtek Porczyk
8c9ce0587b ext/admin: add explanation to PermissionDenied 2017-06-22 13:21:37 +02:00
Wojtek Porczyk
2942f8bcac qubes: admin extension 
for managing tags
 2017-06-21 23:12:54 +02:00
Marek Marczykowski-Górecki
c1f4c219f9
tests: adjust TC_00_QubesDaemonProtocol for reorganized api module 2017-06-21 06:59:58 +02:00
Marek Marczykowski-Górecki
588ff04f0d
qmemman: fix units on meminfo parsing 
meminfo (written by VM) is expected report KiB, but qmemman internally
use bytes. Convert units.
And also move obscure unit conversion in is_meminfo_suspicious to more
logical place in sanitize_and_parse_meminfo.
 2017-06-21 06:34:00 +02:00
Marek Marczykowski-Górecki
ea0cbe3a56
tests: improve tests for qrexe exit code handling 
Check if exit code retrieved from dom0 is really the one expected.

Fix typo in test_065_qrexec_exit_code_vm (testvm1/testvm2), adjust for
reporing remote exit code and remove expectedFailure.

QubesOS/qubes-issues#2861
 2017-06-21 05:23:35 +02:00
Marek Marczykowski-Górecki
a73dcf6016
tests: wait for session in tests requiring running GUI 
Since tests expose qubesd socket, qvm-start-gui should handle starting
GUI daemons (so, GUI session inside VM). Add synchronization with it
using qubes.WaitForSession service.
 2017-06-21 04:45:46 +02:00
Marek Marczykowski-Górecki
376ac4b32d
tests: fix vm.run_for_stdio in some more places 
When test expect to wait for remote process, use vm.run_for_stdio.
Additionally, when the call fail, (stdout, stderr) is not assigned - use
the one attached to exception object instead.
 2017-06-21 04:33:10 +02:00
Marek Marczykowski-Górecki
a0f616f14e
tests: fix checking exit code 
Since run_for_stdio raise an exception for non-zero exit code, it isn't
ignored anymore. So, check if qrexec-client-vm return expected value,
instead of keep ignoring it.

QubesOS/qubes-issues#2861
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
72240c13b6
tests: fix vm_qrexec_gui/TC_10_Generic/test_000_anyvm_deny_dom0 
When method (as expected) raise an exception, service output would not be
assigned. Extract it from exception object.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
a469c565f4
tests: fix QrexecPolicyContext 
Flush new policy file to the disk, otherwise it will stay only in write
buffer.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
3ddc052af3
vm: move kernel presence validation to event handler 
Setter is called also on qubes.xml load, so missing kernel breaks
qubes.xml parsing - for example qubesd startup to fix that property.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
4241b39b94
tests: fix tests cleanup 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
60443259d0
vm: raise CalledProcessError on failed service/command call 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
51a17ba749
tests: do not reload qubes.xml 
In core3 this isn't needed anymore (and unit tests already check if
that's really true).
 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
ea5ca79133
tests: fix removing test VMs 
Do it before shutting down qubesd socket - some things may require it
for VM removal/shutdown.
 2017-06-21 00:17:41 +02:00
Marek Marczykowski-Górecki
eee6ab0c01
tests: use copy of qubes.xml, instead of empty one 2017-06-21 00:17:41 +02:00
Marek Marczykowski-Górecki
984a070f3e
tests: move create_*_file to SystemTestsMixin 2017-06-21 00:17:40 +02:00
Wojtek Porczyk
f56f7d13fb
tests/integ/vm_qrexec_gui: skip test_051_qrexec_simple_eof_reverse 
QubesOS/qubes-issues#2851
 2017-06-21 00:17:39 +02:00
Wojtek Porczyk
139f18fa1d
qubes/tests/integ/vm_qrexec_gui: some fixes 2017-06-21 00:17:39 +02:00
Wojtek Porczyk
0c0b0ea6ef
qubes/tests/integ/vm_qrexec_gui: change time.sleep to asyncio.sleep 2017-06-21 00:17:38 +02:00
Wojtek Porczyk
96a66ac6bd
qubes/api: refactor creating multiple qubesd sockets 
Now there is a single function to do this, shared with tests.
 2017-06-21 00:17:37 +02:00
Wojtek Porczyk
bec58fc861
qubes/tests: start qrexec policy responder for system tests 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
71a4390fdb
qubes/tools/qubesd: properly unlink UNIX sockets at shutdown 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
4b8e5c3704
qubes/tests/run: refuse to run tests if qubesd is running 
Test suite creates some VMs and needs to pass the knowledge about them
to qrexec policy checker. This is done using Admin API, so we need to
substitute qubesd with our own API server.
 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
858e547525
qubes: reorganise API protocols 
Now instantiating API servers is handled by common function. This is,
among other reasons, for creating ad-hoc sockets for tests.
 2017-06-20 13:00:20 +02:00
Marek Marczykowski-Górecki
8196b2d5bf
admin.vm.Create: add commend about 'created-by-' tag 2017-06-20 12:47:01 +02:00
Marek Marczykowski-Górecki
c13cf44e5e
admin.vm.Create: add 'created-by-' tag 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
5f187bd2bf
Force maxmem=memory for HVM with PCI devices 
Xen do not support other cases at all ("PCI device assignment for HVM
guest failed due to PoD enabled", PoD means "populate on demand").
 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
083108e995
app: fix registering libvirt event handler 
register_event_handlers is called early, when libvirt connection may not
be yet established - especially on empty qubes.xml. Do not skip
automatic connection logic.
 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
e4d285d479
vm/adminvm: make AdminVM sortable 
One more thing gone during changing AdminVM base class.
 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
9242202db2
admin: implement admin.vm.tag.* 
QubesOS/qubes-issues#2622
 2017-06-20 00:54:16 +02:00
Marek Marczykowski-Górecki
4a1a5fc24b
exc: fix QubesNoTemplateError 2017-06-20 00:54:16 +02:00
Marek Marczykowski-Górecki
aadbe223c3
admin: add admin.vm.volume.Clone 
QubesOS/qubes-issues#2622
 2017-06-20 00:54:15 +02:00
Marek Marczykowski-Górecki
f48b1be669
storage: extract single volume clone into clone_volume 
This will be useful for admin.vm.volume.Clone implementation.

QubesOS/qubes-issues#2256
 2017-06-20 00:54:15 +02:00
Marek Marczykowski-Górecki
86a935e779
qubes.NotifyTools: ignore '/qubes-tools/version' completely 
It isn't used for anything, so simply ignore it for good.

https://github.com/QubesOS/qubes-core-admin/pull/109#discussion_r121421409
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
55669c350c
api/misc: fix retrieving requested features from QubesDB 
qdb.list return list of bytes().
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
5209bc370d
vm: init vm.storage and vm.volumes in BaseVM 
This way also AdminVM will have (empty) properties there. It is much
cleaner than adding `if hasattr` or catching AttributeError everywhere.
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
160ab964bc
vm: improve sending events for tags and features 
1. Send the event after setting tag/feature
2. Provide old value for feature
3. Rename 'key' kwarg to 'feature'
 2017-06-14 10:44:23 +02:00