Commit Graph

1970 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
8965e9a8e4
tests/network: let xl devd bring the interfaces up
xl devd doesn't use startup notify, so when the service is started
(according to systemd) it may still be initializing interfaces. Add a
little sleep for that.
2019-12-05 23:31:15 +01:00
Marek Marczykowski-Górecki
ffa1a40e6e
tests/network: improve error reporting
Include stdout/stderr of failed command during netvm setup.
2019-12-05 23:31:15 +01:00
Marek Marczykowski-Górecki
10f99e5c4a
api/admin: implement *.property.GetAll methods
Allow getting all the VM properties with one call. This greatly improve
performance of an applications retrieving many/all of them (qvm-ls,
qubes manager etc)

QubesOS/qubes-issues#5415
Fixes QubesOS/qubes-issues#3293
2019-12-05 23:31:14 +01:00
Rusty Bird
87081d6ee3
storage/reflink: _cleanup() -> _remove_incomplete_files()
"cleanup" sounds related to the concept of a volume being "dirty" - but
it's unrelated. Rename it for clarity.
2019-12-03 18:21:55 +00:00
Rusty Bird
d7478d128b
storage/reflink: document hardcoded sizeof(int) for FICLONE
One alternative would look like

    import ctypes
    sizeof_int = ctypes.sizeof(ctypes.c_int)
    FICLONE = (1073741824 % 256**sizeof_int) | 37897 | (sizeof_int << 16)

but, even if the above really(?) is a 100% correct Python port of

    $ echo FICLONE | cpp -include linux/fs.h | tail -n 1

it still seems more likely that the ctypes package is somehow buggy
somewhere than for Qubes storage to run on an exotic architecture with
non 32 bit ints (in the foreseeable future).

So just document the baked in assumption.
2019-12-03 18:21:54 +00:00
Rusty Bird
3f0286220c
storage/reflink: simplify _replace_file() comment 2019-12-03 18:21:52 +00:00
Rusty Bird
9d5deffb13
storage/reflink: open in binary mode for loopdev resize ioctl
The default (= text) mode for a loop device which contains a VM image
looked weird, even though it didn't make a difference here because the
dev_io object was never actually read from.
2019-12-03 18:21:51 +00:00
Rusty Bird
4cd9e42416
storage/reflink: use a conditional expression 2019-12-03 18:21:50 +00:00
Marek Marczykowski-Górecki
5d77cf2298
Avoid resetting clocksync service of just enabled clockvm
When setting global clockvm property, 'clocksync' service is
automatically added to the new value and then removed from the old one.
But if the new value is the same as the old one, the service gets
removed from the just set new value.
Check for this case explicitly.

Fixes QubesOS/qubes-issues#4939
2019-11-30 05:20:08 +01:00
Marek Marczykowski-Górecki
7c18b187de
tests: add include and exclude lists for extra tests loader
'extra' tests run is getting ridiculously long. Allow splitting it into
several jobs. Since this appears as just one class from the test loader
perspective, implement it as environment variables:
 - QUBES_TEST_EXTRA_INCLUDE - load just selected tests
 - QUBES_TEST_EXTRA_EXCLUDE - skip selected tests (to select "the rest"
   tests)
2019-11-30 04:35:18 +01:00
Marek Marczykowski-Górecki
fd8e89c546
Merge remote-tracking branch 'origin/pr/297'
* origin/pr/297:
  doc: remove useless _static generated by sphinx
  cleanup-dispvms: fix python shebang
  spec: fix missing dependency
  Fix Sphinx 2 new API for Fedora 31+
  doc: Make PEP8 happier
  qmemmand: separate SystemState init xc and xs to a 'init' method
  doc: drop moved elsewhere components
2019-11-27 02:12:37 +01:00
Frédéric Pierret (fepitre)
be1c193e3c
Fix Sphinx 2 new API for Fedora 31+ 2019-11-22 21:39:31 +01:00
Frédéric Pierret (fepitre)
b4177cf7d2
doc: Make PEP8 happier 2019-11-22 21:39:30 +01:00
Frédéric Pierret (fepitre)
0d20639cc1
qmemmand: separate SystemState init xc and xs to a 'init' method
It prevents any connection to xen when initiallizing the class
notably in doc build generation.
2019-11-22 21:38:27 +01:00
Marek Marczykowski-Górecki
6c7af109e5
ext/block: prefer connecting cdrom as xvdd
Only first 4 disks can be emulated as IDE disks by QEMU. Specifically,
CDROM must be one of those first 4 disks, otherwise it will be
ignored. This is especially important if one wants to boot the VM from
that CDROM.
Since xvdd normally is a kernel-related volume (boot image, modules) it
makes perfect sense to re-use it for CDROM. It is either set for kernel
volume (in which case, VM should boot from it and not the CDROM), or
(possibly bootable) CDROM.

This needs to be done in two places:
 - BlockExtension for dynamic attach
 - libvirt xen.xml - for before-boot attach

In theory the latter would be enough, but it would be quite confusing
that device will get different options depending on when it's attached
(in addition to whether the kernel is set - introduced here).

This all also means, xvdd not always is a "system disk". Adjust listing
connected disks accordingly.
2019-11-19 14:03:21 +01:00
Marek Marczykowski-Górecki
9bf0cce11e
tests: extend mock objects in QubesVM tests
- allow TestQubesDB to be populated with initial data
- support list() method
- allow to register pre-created VM instance (useful for AdminVM, which
        don't accept setting qid)
2019-11-18 23:45:02 +01:00
Frédéric Pierret (fepitre)
e092b40350
tests: make PEP8 happier 2019-11-17 01:54:27 +01:00
Frédéric Pierret (fepitre)
3a6ed2d0cd
tests: fix test with not None default_guivm 2019-11-17 01:48:20 +01:00
Frédéric Pierret (fepitre)
85edf511cb
default_guivm: set to dom0 due to migration R4.0->R4.1 problems 2019-11-16 13:04:42 +01:00
Marta Marczykowska-Górecka
783832adde
Correct inconsistent behavior on unavailable usage data
fixes QubesOS/qubes-issues#5463
2019-11-15 20:01:43 +01:00
Marek Marczykowski-Górecki
ba105e89c6
Merge branch 'devel20191029' 2019-11-12 23:11:30 +01:00
Marek Marczykowski-Górecki
7de9f3e078
tests: is_iommu_supported function
QubesOS/qubes-issues#4689
2019-11-12 22:45:30 +01:00
Marek Marczykowski-Górecki
c79e91d59d
Merge remote-tracking branch 'origin/pr/292'
* origin/pr/292:
  Throw BackupAlreadyRunningError when backup is already running
2019-11-12 22:26:53 +01:00
Marta Marczykowska-Górecka
7a4455bbfa
Throw BackupAlreadyRunningError when backup is already running
Instead of generic PermissionDenied.

requires https://github.com/QubesOS/qubes-core-admin-client/pull/115
references QubesOS/qubes-issues#5432
2019-11-11 19:16:03 +01:00
Frédéric Pierret (fepitre)
2ccdd4ee8e
gui: make pylint happy 2019-11-11 11:27:40 +01:00
Marek Marczykowski-Górecki
77cf310c47
storage/kernels: fix listing volumes
Pool.volumes property is implemented in a base class, individual drivers
should provide list_volumes() method as a backend for that property.
Fix this in a LinuxKernel pool.
2019-11-10 01:14:34 +01:00
Marek Marczykowski-Górecki
263f218d40
api/admin: implement admin.pool.volume.List method
Similar to admin.vm.volume.List. There are still other
admin.pool.volume.* methods missing, but lets start with just this one.
Those with both pool name and volume id arguments may need some more
thoughts.
2019-11-09 18:38:56 +01:00
Frédéric Pierret (fepitre)
5f934b43ab
tests: add app guivm tests 2019-11-09 17:06:46 +01:00
Frédéric Pierret (fepitre)
728766d191
default_guivm: fire property-set on default_guivm 2019-11-09 16:10:16 +01:00
Frédéric Pierret (fepitre)
78d0d2cabb
gui: set guivm windows prefix 2019-11-07 18:11:32 +01:00
Marek Marczykowski-Górecki
dd037f4663
storage/file: get volume size from the actual image file size
Don't realy on a volume configuration only, it's easy to miss updating
it. Specifically, import_volume() function didn't updated the size based
on the source volume.
The size that the actual VM sees is based on the
file size, and so is the filesystem inside. Outdated size property can
lead to a data loss if the user perform an action based on a incorrect
assumption - like extending size, which actually will shrink the volume.

Fixes QubesOS/qubes-issues#4821
2019-10-31 21:53:35 +01:00
Marek Marczykowski-Górecki
598d059c57
tests: check if storage driver adjust the size on import_volume/clone
Regression test for QubesOS/qubes-issues#4821
2019-10-31 01:17:26 +01:00
Marek Marczykowski-Górecki
5908ab1568
app: fix get_free_xen_memory function
It's app.vmm.xc, not app.xc. Since nobody have noticed it, this function
might be unused...
2019-10-30 15:46:11 +01:00
Marek Marczykowski-Górecki
361550c621
vm: improve error message about missing IOMMU
Handle this case specifically, as way too many users ignore the message
during installation and complain it doesn't work later.

Name the problem explicitly, instead of pointing at libvirt error log.

Fixes QubesOS/qubes-issues#4689
2019-10-30 15:45:52 +01:00
Marek Marczykowski-Górecki
8603571cbc
tests: skip networking tests for minimal templates
Minimal templates don't have networking packages installed by default.
2019-10-28 03:30:49 +01:00
Marek Marczykowski-Górecki
4dac995089
Merge branch 'start-logging'
* start-logging:
  vm: log startup errors in every case
2019-10-23 13:50:25 +02:00
Marek Marczykowski-Górecki
cc56c6f96a
Merge remote-tracking branch 'origin/pr/278'
* origin/pr/278:
  Added admin.pool.UsageDetails API method
  Add metadata info to LVM AdminAPI
2019-10-23 04:36:49 +02:00
Marta Marczykowska-Górecka
2f6497e48d
Added admin.pool.UsageDetails API method
admin.pool.UsageDetails reports the usage data, unlike
admin.pool.Info, which should report the config/unchangeable data.
At the moment admin.Pool.Info still reports usage, to maintain
compatibility, but once all relevant tools are updated,
it should just return configuration data.
2019-10-23 03:04:30 +02:00
Marta Marczykowska-Górecka
04a215fb83
Add metadata info to LVM AdminAPI
Added usage_details method to Pool class
(returns a dictionary with detailed information
on pool usage) and LVM implementation that returns
metadata info.
Needed for QubesOS/qubes-issues#5053
2019-10-22 17:29:01 +02:00
Marek Marczykowski-Górecki
5cc453f097
vm: remove dead (commented out) code
default_user property was re-implemented, remove dead version.
2019-10-22 16:44:02 +02:00
Marek Marczykowski-Górecki
656e36f1ee
Merge remote-tracking branch 'origin/pr/287'
* origin/pr/287:
  app: fix docstrings PEP8 refactor
  tests: remove iptables_header content in test_622_qdb_keyboard_layout
  tests: add test for guivm and keyboard_layout
  gui: simplify setting guivm xid and keyboard layout
  Make pylint happier
  gui: set keyboard layout from feature
  Handle GuiVM properties
  Make PEP8 happier
2019-10-22 14:10:56 +02:00
Frédéric Pierret (fepitre)
7c8556891c
app: fix docstrings PEP8 refactor 2019-10-22 09:26:25 +02:00
Frédéric Pierret (fepitre)
5ee97f4eeb
tests: remove iptables_header content in test_622_qdb_keyboard_layout 2019-10-22 09:26:03 +02:00
Frédéric Pierret (fepitre)
e667639914
tests: add test for guivm and keyboard_layout 2019-10-20 17:36:06 +02:00
Frédéric Pierret (fepitre)
5ee2f5d889
gui: simplify setting guivm xid and keyboard layout 2019-10-20 17:35:43 +02:00
Frédéric Pierret (fepitre)
d2d1ffb806
Make pylint happier 2019-10-20 16:40:40 +02:00
Frédéric Pierret (fepitre)
9734921d9c
gui: set keyboard layout from feature 2019-10-20 13:22:31 +02:00
Frédéric Pierret (fepitre)
27aad9bd38
Handle GuiVM properties 2019-10-20 13:22:31 +02:00
Frédéric Pierret (fepitre)
a52cb6bb91
Make PEP8 happier 2019-10-20 13:22:29 +02:00
Marek Marczykowski-Górecki
a1dabfefa0
tests: fix network re-attach tests
On slow systems (OpenQA), 5s isn't enough. Instead of hardcoding some
timeout, simply wait for the full VM startup.
2019-10-13 05:58:50 +02:00
Marek Marczykowski-Górecki
f0ae8c0454
tests: fix a fix for too short delay in 201_shutdown_event_race test
It's _domain_stopped_lock, not startup_lock.
2019-10-13 05:58:19 +02:00
Marek Marczykowski-Górecki
d5b0a6e5b6
vm: log startup errors in every case 2019-10-10 19:41:02 +02:00
Marek Marczykowski-Górecki
51af2ed27c
vm: add domain-shutdown-failed event
Similar to domain-start-failed, add an event fired when
domain-pre-shutdown was fired but the actual operation failed.
Note it might not catch all the cases, as shutdown() may be called with
wait=False, which means it won't wait fot the actual shutdown. In that
case, timeout won't result in domain-shutdown-failed event.

QubesOS/qubes-issues#5380
2019-10-08 23:35:24 +02:00
Marek Marczykowski-Górecki
0300e895f2
Fix domain-start-failed event documentation. 2019-10-08 23:35:18 +02:00
Marek Marczykowski-Górecki
cc1ac0b859
tests: log stderr of paplay command 2019-09-29 06:43:34 +02:00
Marek Marczykowski-Górecki
7def96c248
tests: register syslog logger, log test start
Move this functionality from our custom runner (qubes.tests.run),
into base test class. This is very useful for correlating logs, so lets
have it with nose2 runner too.
2019-09-29 06:43:34 +02:00
Marek Marczykowski-Górecki
e0e0c7eaf9
tests: remove VM under startup_lock
Prevent starting a VM while it's being removed. Something could try to
start a VM just after it's being killer but before removing it (Whonix
example from previous commit is real-life case). The window specifically
is between kill() call and removing it from collection
(`del app.domains[vm.qid]`). Grab a startup_lock for the whole operation
to prevent it.
2019-09-29 06:14:21 +02:00
Marek Marczykowski-Górecki
732231efb0
vm: refuse to start a VM not present in a collection
Check early (but after grabbing a startup_lock) if VM isn't just
removed. This could happen if someone grabs its reference from other
places (netvm of something else?) or just before removing it.
This commit makes the simple removal from the collection (done as the
first step in admin.vm.Remove implementation) efficient way to block
further VM startups, without introducing extra properties.

For this to be effective, removing from the collection, needs to happen
with the startup_lock held. Modify admin.vm.Remove accordingly.
2019-09-29 06:14:21 +02:00
Marek Marczykowski-Górecki
6cfda328bf
tests: add workaround for Whonix re-starting VMs
Workaround for https://phabricator.whonix.org/T930
For now, unregister all the VMs to be killed manually.
2019-09-29 06:14:21 +02:00
Marek Marczykowski-Górecki
34e2f3a322
tests: fix sorting kernel version
Debian now has 4.9 and 4.19 kernels installed, so `sort -n` sorts them
wrong.
2019-09-27 16:29:21 +02:00
Marek Marczykowski-Górecki
5fa75d73be
Make pylint happy 2019-09-27 16:29:20 +02:00
Marek Marczykowski-Górecki
eb39f69882
api: improve handling destination removed just before the call
There are cases when destination domain doesn't exist when the call gets
to qubesd. Namely:
 1. The call comes from dom0, which bypasses qrexec policy
 2. Domain was removed between checking the policy and here
Handle the the same way as if the domain wouldn't exist at policy
evaluation stage either - i.e. refuse the call.

On the client side it doesn't change much, but on the server call it
avoids ugly, useless tracebacks in system journal.

Fixes QubesOS/qubes-issues#5105
2019-09-27 16:29:20 +02:00
Marek Marczykowski-Górecki
8ecf00bd0e
tests: add helpful decorator to wait before test cleanup
Allow to manual inspect test environment after test fails. This is
similar to --do-not-clean option we had in R3.2.

The decorator should be used only while debugging and should never be
applied to the code committed into repository.
2019-09-27 16:29:19 +02:00
Marek Marczykowski-Górecki
4fa45dbc91
tests: fix (hopefully) too short delay in 201_shutdown_event_race test
Domain shutdown handling may take extended amount of time, especially on
slow machine (all the LVM teardown etc). Take care of it by
synchronizing using vm.startup_lock, instead of increasing constant
delay. This way, the shutdown event handler needs to be started within
3s, not finish in this time.
2019-09-27 16:29:19 +02:00
Marek Marczykowski-Górecki
dfa0626cea
tests: check event handler re-registration after libvirt restart
QubesOS/qubes-issues#5303
2019-09-27 16:29:19 +02:00
Marek Marczykowski-Górecki
8e36a2ac61
app: re-register event handler after libvirt daemon restart
When libvirt daemon is restarted, qubesd attempt to re-connect to the
new instance transparently (through virConnect object wrapper). But the
code lacked re-registering event handlers.
Fix this by adding reconnect callback argument to virConnectWrappper, to
be called after new connection is established. This callback will
additionally get old connection as an argument, if any cleanup is
needed. The old connection is closed just after callback returns.

Use this to re-register event handler, but also unregister old handler
first. While full unregister wont work on since old libvirt daemon
instance is dead already, it will still cleanup client structures.

Since the old libvirt connection is closed now, adjust also domain
reconnection logic, to handle stale connection object. In that case
isAlive() call throws an exception.

Fixes QubesOS/qubes-issues#5303
2019-09-26 01:57:59 +02:00
Marek Marczykowski-Górecki
273238bd2a
tests: fix qrexec abort test
Exit code depends on when exactly the other end was terminated.
2019-09-22 23:30:38 +02:00
Marek Marczykowski-Górecki
784fd966a2
Merge branch 'devel20190819'
* devel20190819:
  tests: make libvirt mockup more robust
  tests: update for not needing custom kernel modules anymore
2019-09-21 02:20:00 +02:00
Marta Marczykowska-Górecka
9d20877a43
Fixed unexpected error on empty default template and incorrect error handling
Qubesd wrongly required default_template global property to be not None.
Furthermore, even without hard failure set, require_property method
raised an exception in case of a property having incorrect None value.
It now logs an error message instead, as designed.

fixes QubesOS/qubes-issues#5326
2019-09-19 20:20:36 +02:00
Marek Marczykowski-Górecki
c5aaf3abd9
tests: make libvirt mockup more robust
If not in offline_mode, return actual mock for libvirt connection object
instead of always raising exception.
2019-09-10 03:34:11 +02:00
Marek Marczykowski-Górecki
05e48748d2
tests: update for not needing custom kernel modules anymore
kernel-devel package isn't needed in VMs anymore.
2019-09-10 03:33:42 +02:00
Marek Marczykowski-Górecki
5d5f102378
Merge remote-tracking branch 'origin/pr/277'
* origin/pr/277:
  admin: add admin.deviceclass.List
  admin: replace single quote to double for docstring
2019-08-08 14:05:00 +02:00
Marek Marczykowski-Górecki
32b0d7df43
Merge remote-tracking branch 'origin/pr/275'
* origin/pr/275:
  api/stats: improve cpu_usage normalization, add cpu_usage_raw
  Use 128k blocks when importing volume data
2019-08-08 14:04:27 +02:00
ejose19
2602df5e19 Fix invalid timezone
This fixes an invalid response generated by get_timezone when the time zones are composed by 3 parts, for example:

America/Argentina/Buenos_Aires
America/Indiana/Indianapolis

Update utils.py
2019-08-06 18:23:00 -03:00
Frédéric Pierret (fepitre)
7ff01b631d
admin: add admin.deviceclass.List
QubesOS/qubes-issues#5213
2019-08-06 11:01:02 +02:00
Frédéric Pierret (fepitre)
7f670614c8
admin: replace single quote to double for docstring 2019-08-06 10:04:30 +02:00
Marek Marczykowski-Górecki
39d64eabc8
api/stats: improve cpu_usage normalization, add cpu_usage_raw
Give raw cpu_time value, instead of normalized one (to number of vcpus),
as documented.
Move the normalization to cpu_usage calculation. At the same time, add
cpu_usage_raw without it, if anyone needs it.

QubesOS/qubes-issues#4531
2019-08-01 04:51:05 +02:00
Brendan Hoar
a5378b5958
Update lvm.py 2019-07-31 19:40:33 -04:00
Marek Marczykowski-Górecki
205f6215b2
Merge remote-tracking branch 'origin/pr/271'
* origin/pr/271:
  Fix too long line
  Prevent 'qubesd' for crashing if any device backend is not available
2019-07-31 17:23:20 +02:00
Marek Marczykowski-Górecki
9e226ab5cf
Merge remote-tracking branch 'origin/pr/273'
* origin/pr/273:
  tests: check importing empty data into ReflinkVolume
  tests: check importing empty data into ThinVolume
  tests: check importing empty data into FileVolume
  tests: improve cleanup after LVM tests
2019-07-31 15:37:13 +02:00
Marek Marczykowski-Górecki
6c8bdfaa4b
Fix too long line 2019-07-31 15:36:03 +02:00
Marek Marczykowski-Górecki
afb0de43d4
tests: check importing empty data into ReflinkVolume
Verify if it really discards old content.

QubesOS/qubes-issues#5192
2019-07-28 22:08:52 +02:00
Marek Marczykowski-Górecki
19186f7840
tests: check importing empty data into ThinVolume
Verify if it really discards old content.

QubesOS/qubes-issues#5192
2019-07-28 22:08:37 +02:00
Marek Marczykowski-Górecki
790c2ad8cb
tests: check importing empty data into FileVolume
Verify if it really discards old content.

QubesOS/qubes-issues#5192
2019-07-28 22:06:30 +02:00
Marek Marczykowski-Górecki
8414d0153f
tests: improve cleanup after LVM tests
Remove test volumes - this way if a test fails, subsequent tests have a
chance to succeed.
2019-07-28 21:41:04 +02:00
Frédéric Pierret (fepitre)
74f8d4531e
Prevent 'qubesd' for crashing if any device backend is not available 2019-07-20 15:27:09 +02:00
Rusty Bird
aa931fdbf7
vm/qubesvm: call storage.remove() *before* removing dir_path
Give the varlibqubes storage pool, which places volume images inside the
VM directory, a chance to remove them (and e.g. to log that).
2019-06-28 10:29:34 +00:00
Rusty Bird
cfa1c7171e
storage: fix typo 2019-06-28 10:29:32 +00:00
Rusty Bird
6e592a56d7
storage/reflink: update comment and whitespace 2019-06-28 10:29:31 +00:00
Rusty Bird
1fe2aff643
storage/reflink: _fsync_path(path_from) in _commit()
During regular VM shutdown, the VM should sync() anyway. (And
admin.vm.volume.Import does fdatasync(), which is also fine.) But let's
be extra careful.
2019-06-28 10:29:30 +00:00
Rusty Bird
df23720e4e
storage/reflink: _fsync_dir() -> _fsync_path()
Make it work when passed a file, too.
2019-06-28 10:29:29 +00:00
Rusty Bird
35b4b915e7
storage/reflink: coroutinize pool setup() 2019-06-28 10:29:27 +00:00
Rusty Bird
1d89acf698
app: setup_pools() must be a coroutine
This is needed as a consequence of d8b6d3ef ("Make add_pool/remove_pool
coroutines, allow Pool.{setup,destroy} as coroutines"), but there hasn't
been any problem so far because no storage driver implemented pool
setup() as a coroutine.
2019-06-28 10:29:26 +00:00
Rusty Bird
5b52d23478
factor out utils.void_coros_maybe() 2019-06-28 10:29:25 +00:00
Rusty Bird
fe97a15d11
factor out utils.coro_maybe() 2019-06-28 10:29:24 +00:00
Marek Marczykowski-Górecki
883d324b6c
Revert "tests: do not use lazy unmount"
Revert to use umount -l in storage tests cleanup. With fixed permissions
in 4234fe51 "tests: fix cleanup after reflink tests", it shouldn't cause
issues anymore, but apparently on some systems test cleanup fails
otherwise.

Reported by @rustybird
This reverts commit b6f77ebfa1.
2019-06-25 05:51:33 +02:00
Rusty Bird
66e44e67de
api/admin: always save after self.dest.storage.resize() 2019-06-23 12:48:01 +00:00
Rusty Bird
2b4b45ead8
storage/reflink: preferably get volume size from image size
There were (at least) five ways for the volume's nominal size and the
volume image file's actual size to desynchronize:

- loading a stale qubes.xml if a crash happened right after resizing the
  image but before saving the updated qubes.xml (-> previously fixed)
- restarting a snap_on_start volume after resizing the volume or its
  source volume (-> previously fixed)
- reverting to a differently sized revision
- importing a volume
- user tinkering with image files

Rather than trying to fix these one by one and hoping that there aren't
any others, override the volume size getter itself to always update from
the image file size. (If the getter is called though the storage API, it
takes the volume lock to avoid clobbering the nominal size when resize()
is running concurrently.)
2019-06-23 12:48:00 +00:00
Rusty Bird
de159a1e1e
storage/reflink: don't run verify() under volume lock 2019-06-23 12:47:59 +00:00
Rusty Bird
4c9c0a88d5
storage/reflink: split @_unblock into @_coroutinized @_locked
And change the volume lock from an asyncio.Lock to a threading.Lock -
locking is now handled before coroutinization.

This will allow the coroutinized resize() and a new *not* coroutinized
size() getter from one of the next commits ("storage/reflink: preferably
get volume size from image size") to both run under the volume lock.
2019-06-23 12:47:58 +00:00
Rusty Bird
ab929baa38
Revert "storage/reflink: update volume size in __init__()"
Fixed more generally in one of the next commits ("storage/reflink:
preferably get volume size from image size").

This reverts commit 9f5d05bfde.
2019-06-23 12:47:57 +00:00
Rusty Bird
58a7e0f158
Revert "storage/reflink: update snap_on_start volume size in start()"
Fixed more generally in one of the next commits ("storage/reflink:
preferably get volume size from image size").

This reverts commit c43df968d5.
2019-06-23 12:47:56 +00:00
Marek Marczykowski-Górecki
fa0ae0c921
Merge remote-tracking branch 'origin/pr/257'
* origin/pr/257:
  tests: AdminVM.run_service*()
  tests: QubesVM.run_service function
  vm/adminvm: add run_service* functions
2019-06-23 03:43:35 +02:00
Marek Marczykowski-Górecki
d5bdb5d5e0
Merge remote-tracking branch 'origin/pr/267'
* origin/pr/267:
  lvm: run blkdiscard before remove
2019-06-23 03:26:30 +02:00
Christopher Laprise
62e3d57120
lvm: run blkdiscard before remove
issue #5077
2019-06-21 18:40:03 -04:00
Marek Marczykowski-Górecki
c468b29490
tests: AdminVM.run_service*() 2019-06-21 20:45:38 +02:00
Marek Marczykowski-Górecki
e352fc25d7
tests: QubesVM.run_service function 2019-06-21 20:45:38 +02:00
Rusty Bird
ef128156a3
storage/reflink: volume.resize(): succeed without image
Successfully resize volumes without any currently existing image file,
e.g. cleanly stopped volatile volumes: Just update the nominal size in
this case.
2019-06-15 16:03:46 +00:00
Rusty Bird
25e92bd19b
storage/reflink: volume.resize(): remove safety check
It is handled by 'qvm-volume resize', which has a '--force' option that
can't work if the check is duplicated in the storage driver.
2019-06-15 16:03:45 +00:00
Rusty Bird
30b92f8845
storage/reflink: simplify volume.usage() 2019-06-15 16:03:43 +00:00
Rusty Bird
9f5d05bfde
storage/reflink: update volume size in __init__() 2019-06-15 16:03:42 +00:00
Rusty Bird
c43df968d5
storage/reflink: update snap_on_start volume size in start() 2019-06-15 16:03:41 +00:00
Marek Marczykowski-Górecki
50adc60882
vm/adminvm: add run_service* functions
Calling qrexec service dom0->dom0 can be useful when handling things
that can run in dom0 or other domain. This makes the interface uniform.
Example use cases include GUI VM and Audio VM.
2019-06-09 21:00:02 +02:00
Marek Marczykowski-Górecki
b6c4f8456f
api/admin: make admin.vm.Console call go through qubesd
Ask qubesd for admin.vm.Console call. This allows to intercept it with
admin-permission event. While at it, extract tty path extraction to
python, where libvirt domain object is already available.

Fixes QubesOS/qubes-issues#5030
2019-06-09 18:03:18 +02:00
Marek Marczykowski-Górecki
c5aaf8cdd7
Merge branch 'remove-qrexec' 2019-06-07 05:10:54 +02:00
Malte Leip
94c675f7bb
DispVM: Do not overwrite properties set explicitly
The initializer of the class DispVM first calls the initializer of the
QubesVM class, which among other things sets properties as specified in
kwargs, and then copies over the properties of the template. This can
lead to properties passed explicitly by the caller through kwargs being
overwritten.

Hence only clone properties of the template that are still set to
default in the DispVM.

Fixes QubesOS/qubes-issues#4556
2019-06-02 17:58:19 +02:00
Marek Marczykowski-Górecki
7cc5c66f93
Merge remote-tracking branch 'origin/pr/260'
* origin/pr/260:
  tests: handle /qubes-mac
  mac address: lowercase of default value as in _setter_mac
  qubesdb: add qubes-mac path entry
2019-05-28 23:34:44 +02:00
Frédéric Pierret (fepitre)
1e3e579938
tests: handle /qubes-mac 2019-05-23 11:30:12 +02:00
Frédéric Pierret (fepitre)
9472e73465
mac address: lowercase of default value as in _setter_mac 2019-05-23 11:30:12 +02:00
Frédéric Pierret (fepitre)
06ec862be4
qubesdb: add qubes-mac path entry 2019-05-23 11:30:08 +02:00
Frédéric Pierret (fepitre)
eaba6e54ba
Fix tests for hvm with console 2019-05-06 18:56:31 +02:00
Wojtek Porczyk
4002249583
qubes/config: change qrexec binaries' paths 2019-04-13 21:53:44 +02:00
Marek Marczykowski-Górecki
33bf3d4506
tests/salt: log more details about failures
Log command output on failure. By default CalledProcessError
presentation do not include it.
2019-04-13 21:51:42 +02:00
Marek Marczykowski-Górecki
5d0f8f8efa
tests/mime: confirm closing Firefox
If Firefox is started for the first time, it will open both requested
page and its welcome page. This means closing the window will trigger a
confirmation about closing multiple tabs. Handle this.
2019-04-13 21:50:34 +02:00
Marek Marczykowski-Górecki
66de41ac26
tests: use pkill instead of killall
killall isn't installed by default
2019-04-13 16:42:37 +02:00
Marek Marczykowski-Górecki
76b807a94b
tests: call qrexec tests
Now they live in separate package, but include them in default tests set
anyway.

QubesOS/qubes-issues#4955
2019-04-11 04:29:17 +02:00
Marek Marczykowski-Górecki
1949b0c777
Remove qrexec related files - moved to core-qrexec repository
QubesOS/qubes-issues#4955
2019-04-11 04:29:04 +02:00
Marek Marczykowski-Górecki
75916dca5d
tests: fix waiting for audio recording to end 2019-04-05 03:16:55 +02:00
Marek Marczykowski-Górecki
fc154fbbad
tests: fix resource leaks - process not waited for 2019-04-02 18:48:43 +02:00
Marek Marczykowski-Górecki
6b93aea5bd
tests: remove unused imports 2019-04-02 18:48:35 +02:00
Marek Marczykowski-Górecki
4f71e9775f
vm/adminvm: mark AdminVM as updateable 2019-03-26 01:19:34 +01:00
Marek Marczykowski-Górecki
4234fe5112
tests: fix cleanup after reflink tests
First make the directory accessible again, otherwise os.path.ismount may
not detect it (so umount would not be called) and then rmdir will fail.
2019-03-18 02:21:38 +01:00
Marek Marczykowski-Górecki
aa7c0b71a7
storage/lvm: refresh size cache if it's older than 30sec
Disk usage may change dynamically not only at VM start/stop. Refresh the
size cache before checking usage property, but no more than once every
30sec (refresh interval of disk space widget)

Fixes QubesOS/qubes-issues#4888
2019-03-17 20:45:46 +01:00
Marek Marczykowski-Górecki
b6f77ebfa1
tests: do not use lazy unmount
If unmount is going to fail, let it do so explicitly, instead of hiding
the failure now, and observing it later at rmdir.
And if it fails, lets report what process is using that mount point.
2019-03-16 03:06:24 +01:00
Marek Marczykowski-Górecki
65bdff1fdf
tests: re-enable policy prompt tests in travis
Xenial environment has much newer GTK/Glib. For those test to run, few
more changes are needed:
 - relevant GTK packages installed
 - X server running (otherwise GTK terminate the process on module
   import...)
 - enable system side packages in virtualenv set by travis
2019-03-16 03:03:49 +01:00
Marek Marczykowski-Górecki
aa798bf943
app: add missing load_stage=3 to global properties
Global properties should be loaded in stage 3, mark them as such.
Otherwise they are not loaded at all.
This applies to stats_interval and check_updates_vm. Others were
correct.

Fixes QubesOS/qubes-issues#4856
2019-03-14 14:56:01 +01:00
Marek Marczykowski-Górecki
60bbbdd702
Merge branch 'kernelopts-files'
* kernelopts-files:
  vm: allow files in kernels_dir override built-in default kernelopts
2019-03-08 18:08:12 +01:00
Marek Marczykowski-Górecki
c093e14077
Merge branch 'libvirt-template-r41'
* libvirt-template-r41:
  libvirt: adjust domain xml template for upstream PVH format
2019-03-08 18:07:07 +01:00
Marek Marczykowski-Górecki
1ba8d7971f
tests: unit tests for internal.SuspendPre and internal.SuspendPost API 2019-02-28 00:43:33 +01:00
Marek Marczykowski-Górecki
092fb9659d
Make pylint happy
Fix multiple instances of 'no-else-raise' warning.
2019-02-27 18:40:18 +01:00
Marek Marczykowski-Górecki
933882ee9b
tests: fix race condition in firewall formatting test
Use fixed timestamp.
2019-02-27 15:38:22 +01:00
Marek Marczykowski-Górecki
2de5a8e894
vm,templates: allow to obtain common kernelopts from a kernel package
If kernel package ships default-kernelopts-common.txt file, use that
instead of hardcoded Linux-specific options.
For Linux kernel it may include xen_scrub_pages=0 option, but only if
initrd shipped with this kernel re-enable this option later.

QubesOS/qubes-issues#4839
QubesOS/qubes-issues#4736
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
e110cbecb3
storage: fallback kernels_dir path if there is no 'kernel' volume
Return meaningful value for kernels_dir if VM has no 'kernel' volume.
Right now it's mostly useful for tests, but could be also used for new
VM classes which doesn't have modules.img, but still use dom0-provided
kernel.
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
723b33a2f6
vm: move comment about memory overhead constants near their definition 2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
9257a6d14f
Do not abort suspend hooks if any qubes.Suspend* service fails to run
First of all, do not try to call those services in VMs not having qrexec
installed - for example Windows VMs without qubes tools.
Then, even if service call fails for any other reason, only log it but
do not prevent other services from being called. A single uncooperative
VM should generally be able only to hurt itself, not break other VMs
during suspend.

Fixes QubesOS/qubes-issues#3489
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
202e3df6b6
vm/mixin/net: disconnect network interface on backend shutdown/crash
Since we have more reliable domain-shutdown event delivery (it si
guaranteed to be delivered before subsequent domain start, even if
libvirt fails to report it), it's better to move detach_network call to
domain-shutdown handler. This way, frontend domain will see immediately
that the backend is gone. Technically it already know that, but at least
Linux do not propagate that anywhere, keeping the interface up,
seemingly operational, leading to various timeouts.
Additionally, by avoiding attach_network call _just_ after
detach_network call, it avoids various race conditions (like calling
cleanup scripts after new device got already connected).

While libvirt itself still doesn't cleanup devices when the backend
domain is gone, this will emulate it within qubesd.

Fixes QubesOS/qubes-issues#3642
Fixes QubesOS/qubes-issues#1426
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
357231ca8f
tests: network reconnect after network provider shutdown/crash
QubesOS/qubes-issues#3642
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
e69bd3c572
tests: fix race condition between mkfs and udev
Just after LVM volume is created, udev tries to analyze it. This
prevents mkfs from creating filesystem there.
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
50a89aac3f
tests: check if page scrubbing is still enabled when switching kernel
QubesOS/qubes-issues#4736
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
5222650868
vm/adminvm: add stubs for kill/shutdown functions
Report proper error message, instead of throwing AttributeError on such
calls.

Fixes QubesOS/qubes-issues#4645
2019-02-27 06:03:57 +01:00