Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,627 Commits 1 Branch 0 Tags 15 MiB
d57aef96e5
Commit Graph

200 Commits

Author SHA1 Message Date
Wojtek Porczyk
3553b2e1d4 Make pylint happy 2016-10-25 17:27:02 +02:00
Wojtek Porczyk
8edbf0e406 qubes: Document all the events 
fixes QubesOS/qubes-issues#1811
 2016-10-25 17:11:38 +02:00
Marek Marczykowski-Górecki
9395e8fc33
storage: set only 'default' pool when creating VM on custom one 
Do not replace 'linux-kernel' pool for example.
 2016-09-29 01:59:54 +02:00
Marek Marczykowski-Górecki
e01f7b97d9
qubes/vm: plug in new firewall code, create QubesDB entries 
QubesOS/qubes-issues#1815
 2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
8b408a7a70
qubes/vm: minor formating 2016-09-13 02:15:25 +02:00
Marek Marczykowski-Górecki
a2d9b15413
qmemman: support simple VM meminfo format 
Instead of excerpt from /proc/meminfo, use just one integer. This make
qmemman handling much easier and ease implementation for non-Linux OSes
(where /proc/meminfo doesn't exist).

For now keep also support for old format.

Fixes QubesOS/qubes-issues#1312
 2016-09-08 04:17:48 +02:00
Marek Marczykowski-Górecki
aa0674e8bb
qubes/vm: make VM QubesDB interface as much compatible as possible 
All the base keys can be kept easily the same, so do it.

QubesOS/qubes-issues#1812
 2016-09-08 04:17:48 +02:00
Marek Marczykowski-Górecki
d5a41e838f
Revert "qubes/vm/qubesvm: remove prefixes from qubesdb keys" 
There is no point in changing *public API* for just a change without any
better reason. It turned out most of those settings will be the same in
Qubes 4.0, so keep names the same.

This reverts commit 2d6ad3b60c.

QubesOS/qubes-issues#1812
 2016-09-08 04:17:48 +02:00
Marek Marczykowski-Górecki
c534b68665
qubes/vm: start VM daemons as normal user 
This is migration of core2 commits:

commit d0ba43f253
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:21:08 2016 +0200

    core: start guid as normal user even when VM started by root

    Another attempt to avoid permissions-related problems...

    QubesOS/qubes-issues#1768

commit 89d002a031
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:19:51 2016 +0200

    core: use runuser instead of sudo for switching root->user

    There are problems with using sudo in early system startup
    (systemd-logind not running yet, pam_systemd timeouts). Since we don't
    need full session here, runuser is good enough (even better: faster).

commit 2265fd3d52
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Sat Jun 4 17:42:24 2016 +0200

    core: start qubesdb as normal user, even when VM is started by root

    On VM start, old qubesdb-daemon is terminated (if still running). In
    practice it happen only at VM startart (shutdown and quickly start
    again). But in that case, if the VM was started by root, such operation
    would fail.
    So when VM is started by root, make sure that qubesdb-daemon will be
    running as normal user (the first user in group 'qubes' - there should
    be only one).

    Fixes QubesOS/qubes-issues#1745
 2016-09-08 04:17:47 +02:00
Marek Marczykowski-Górecki
aa67a4512e
qubes/ext/pci: move PCI devices handling to an extension 
Implement required event handlers according to documentation in
qubes.devices.

A modification of qubes.devices.DeviceInfo is needed to allow dynamic,
read-only properties.

QubesOS/qubes-issues#2257
 2016-09-03 20:41:03 +02:00
Marek Marczykowski-Górecki
d7a3c0d319
qubes: new devices API 
Allow device plugin to list attached and available devices. Enforce
at API level every device being exposed by some domain.

This commit only changes devices API, but not update existing users
(pci) yet.

QubesOS/qubes-issues#2257
 2016-09-03 20:40:39 +02:00
Marek Marczykowski-Górecki
3e30dc17cb
qubes/vm: remove special case for 'meminfo-writer' feature 
It should be either in a plugin, or handled entirely from inside of VM.
But surely not in main QubesVM class.

Fixes QubesOS/qubes-issues#2101
 2016-08-18 11:59:45 +02:00
Marek Marczykowski-Górecki
5d8ecd60de
qubes: minor fixes in handling defaults 
- fix assigning 'template' property - do not do it if VM already have it
set
- cap default maxmem at 4000, as we clamp it to 10*memory anyway (and
  default memory is 400)
 2016-08-17 00:50:38 +02:00
Marek Marczykowski-Górecki
1a215e47ab
qubes: add 'default_dispvm' property - both Qubes and QubesVM 
QubesOS/qubes-issues#2253
 2016-08-17 00:46:43 +02:00
Marek Marczykowski-Górecki
d4e534bc05
qubes/vm: fix pause handling 
1. There is no such thing as libvirt_domain.pause().
2. libvirt_domain.state() returns [state, reason]
 2016-08-09 05:14:12 +02:00
Marek Marczykowski-Górecki
3f6c96ee39
qubes/vm: fix handling autostart set/reset 
1. Service symlink must have ".service" extension
2. Disable service on property reset to default
 2016-08-09 05:14:09 +02:00
Marek Marczykowski-Górecki
5b4e30524a
qubes/vm: remove duplicated check for duplicate name on rename 2016-08-09 03:02:04 +02:00
Marek Marczykowski-Górecki
4e022382a5
Merge remote-tracking branch 'origin/master' into core3-devel 2016-08-08 00:11:46 +02:00
Bahtiar `kalkin-` Gadimov
0dd1875fb6
Add vm.shutdown(wait) 2016-08-01 15:09:28 +02:00
Wojtek Porczyk
ecb626d64b qubes/vm/qubesvm: Simplify error message 2016-07-21 19:40:45 +02:00
Wojtek Porczyk
f915115cfb Merge remote-tracking branch 'woju/pull/25/head' into core3-devel 2016-07-21 19:38:58 +02:00
Bahtiar `kalkin-` Gadimov
bcf1cfcb1f
Add qvm-clone(1) 2016-07-13 22:35:58 +02:00
Bahtiar `kalkin-` Gadimov
1cbabc79ff
qubes.vm.QubesVM use new storage api 2016-07-13 22:34:32 +02:00
Bahtiar `kalkin-` Gadimov
3952cef556
QubesVM serialize bool values from XML 2016-07-13 22:21:32 +02:00
Bahtiar `kalkin-` Gadimov
bba9b38e8e
Avoid libvirt access in qubes.vm.qubesvm.QubesVM 2016-07-13 22:21:30 +02:00
Bahtiar `kalkin-` Gadimov
de5487bf14
Dumb down qvm-remove 
- Move `vm.is_halted()` check in to VMCollection.__delitem__()
- `vm.remove_from_disk()` will raise exception if is called on a running vm
 2016-07-13 18:24:29 +02:00
Wojtek Porczyk
c9accc258c Merge remote-tracking branch 'woju/pull/15/head' into core3-devel 
Conflicts:
	qubes/storage/__init__.py
	qubes/storage/file.py
	qubes/vm/qubesvm.py
 2016-06-28 15:15:00 +02:00
Bahtiar `kalkin-` Gadimov
0ab27d7426
qubes.vm.__init__ Remove unneeded time import 2016-06-23 14:23:33 +02:00
Bahtiar `kalkin-` Gadimov
b584d1a4bb
Remove QubesVM.is_netvm() and is_disposablevm() 2016-06-23 14:23:33 +02:00
Bahtiar `kalkin-` Gadimov
4a0b7585d1
Remove QubesVM.is_proxyvm() 2016-06-23 14:23:32 +02:00
Bahtiar `kalkin-` Gadimov
b0a7d0c283
Remove QubesVM.is_appvm() 2016-06-23 14:23:32 +02:00
Bahtiar `kalkin-` Gadimov
e08ca1ff57
Remove QubesVM.is_template() 2016-06-23 14:23:31 +02:00
Bahtiar `kalkin-` Gadimov
ba3b191702
QubesVM add docstrings & fix pylint errors 2016-06-23 14:23:31 +02:00
Bahtiar `kalkin-` Gadimov
a2668d81e3
QubesVM remove resize functions 2016-06-23 14:23:30 +02:00
Bahtiar `kalkin-` Gadimov
9132690eef
Add QubesVM.is_halted() 2016-06-23 14:23:24 +02:00
Bahtiar `kalkin-` Gadimov
bb2e6a2ad3
Add QubesVM.attached_volumes() 2016-06-23 13:16:09 +02:00
Bahtiar `kalkin-` Gadimov
d56f02598a
Replace QubesVM.verify_files() with Storage.verify_files() 2016-06-21 14:58:12 +02:00
Bahtiar `kalkin-` Gadimov
296fa17322
QubesVM remove obsolete *_img methods 2016-06-21 14:58:12 +02:00
Bahtiar `kalkin-` Gadimov
a4577c0dce Rename Storage.create_on_disk to Storage.create 2016-06-16 16:59:27 +02:00
Bahtiar `kalkin-` Gadimov
930fe417a8 Remove storage size and usage methods from QubesVM 2016-06-16 16:59:26 +02:00
Wojtek Porczyk
e47043ebd7 More pylint fixes 2016-06-16 13:29:16 +02:00
Wojtek Porczyk
3cb5f031a9 Fix storage initialisation 2016-06-16 13:29:15 +02:00
Wojtek Porczyk
1f302fb776 Fix "pylint fixes" wrt dir_path 2016-06-16 13:29:15 +02:00
Wojtek Porczyk
ba20254888 Rewrite PCI attaching/detaching from xl to libvirt 
The only remaining part is querying vm-side BDF. That can't be done
in libvirt.
 2016-06-16 13:29:15 +02:00
Wojtek Porczyk
6ade5736d7 pylint fixes 2016-06-10 21:27:29 +02:00
Wojtek Porczyk
6895f34a7f qubes/vm/qubesvm: change type of exception 2016-06-10 21:27:29 +02:00
Wojtek Porczyk
476b681749 qubes/vm/qubesvm: return self from methods modifying state 
This is helpful when writing oneliners.

QubesOS/qubes-issues#866
 2016-06-02 17:17:05 +02:00
Wojtek Porczyk
a615a45ecd Merge remote-tracking branch 'woju/pull/13/head' into core3-devel 2016-06-02 13:24:15 +02:00
Marek Marczykowski-Górecki
7e0af81ecc qubes/vm: fix PCI device detach 2016-06-02 13:22:48 +02:00
Marek Marczykowski-Górecki
bb2e1f2870 qubes/vm: handle VM toplevel directory in QubesVM object not Storage 
This directory is not only for disk images (in fact disk images may be
elsewhere depending on choosen volume pool), so it would be cleaner to
handle (create/remove) it directly in QubesVM class.
 2016-06-02 13:22:07 +02:00
Marek Marczykowski-Górecki
ed6e69b77e qubes/vm: minor 2016-06-02 13:14:19 +02:00
Marek Marczykowski-Górecki
5b5f290c23 qubes/vm: fix setting autostart property 
This is actually workaround for systemd bug reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1181922

qubesos/qubes-issues#925

This is migration of 9bfcb72722 commit to
core3.
 2016-06-02 13:13:21 +02:00
Marek Marczykowski-Górecki
b37bf55f5e qubes/vm: fix handling rename 
Libvirt VM config is no longer named after VM.
 2016-06-02 13:10:56 +02:00
Marek Marczykowski-Górecki
5e2b617c6f qubes/vm: fix parameters for some even handlers 2016-06-02 13:10:43 +02:00
Marek Marczykowski-Górecki
2bb73ab0a1 qubes/vm: add validators for many properties 2016-06-02 13:10:28 +02:00
Marek Marczykowski-Górecki
36644f3710 qubes/vm: initialize vm.volumes in one place 
Move it to QubesVM, instead of each class separately.
 2016-06-02 13:10:02 +02:00
Marek Marczykowski-Górecki
ff78b26f66 qubes: implement offline mode 
Apparently the most important (the only?) property required in offline
mode is "is_running". So let's patch it to return False and make sure
any other libvirt usage would result in failure.

Or maybe better simply returh False in vm.is_running, when libvirt
connection fails? But then it would not be possible to use offline mode
and have (some, probably unrelated) libvirtd running at the same time.

Fixes QubesOS/qubes-issues#2008
 2016-06-02 12:41:26 +02:00
Bahtiar `kalkin-` Gadimov
3f5a92772a
A QubesVM always has an empty DomainPool 
- A DomainPool is initialized by QubesVM after Storage initialization on a
  `domain-load` event
 2016-05-22 22:09:56 +02:00
Bahtiar `kalkin-` Gadimov
8959e5a77e
Implement qvm-remove 
- Remove old qvm-remove
- Remove a log line from Storage, because it prints confusing lines, like:
    Removing volume kernel: /var/lib/qubes/vm-kernels/4.1.13-6/modules.img
 2016-05-21 01:35:30 +02:00
Bahtiar `kalkin-` Gadimov
29f4be0f10 If vm doesnt support volume_config raise TypeError 2016-04-25 07:17:21 +02:00
Bahtiar `kalkin-` Gadimov
d7ff4b9057 Move volume xml config from QubesVM to Volume 2016-04-25 07:17:20 +02:00
Bahtiar `kalkin-` Gadimov
49b4951389 Storage move rename() logic to XenPool 
- Fix config renaming
 2016-04-25 07:17:20 +02:00
Bahtiar `kalkin-` Gadimov
2c2a778a1d Serialize volume_config from qubes.xml 2016-04-25 07:17:19 +02:00
Bahtiar `kalkin-` Gadimov
fe6a35155e Move kernel file checks to LinuxKernel pool 2016-04-25 07:17:19 +02:00
Bahtiar `kalkin-` Gadimov
5f7cb41a21 Move Storage.clone_disk_files logic to XenPool 
- Add XenVolume to identify volumes which can be cloned even if they are not in
the same pool
 2016-04-25 07:17:17 +02:00
Bahtiar `kalkin-` Gadimov
973c83cedd Move most resize logic to XenPool 2016-04-25 07:17:17 +02:00
Bahtiar `kalkin-` Gadimov
bdfb85ac19 Refactor Storage, Pool and XenPool 
- Remove all *_dev_config methods
 - Checks if a storage image exists moved to XenPool
 - Storage.remove wraps Pool.remove()
 - Stop volumes on domain sutdown/kill
 - Warn when using deprecated methods
 2016-04-25 07:17:17 +02:00
Bahtiar `kalkin-` Gadimov
32255a7916 Reverted Storage ←→ Pool dependency 
- Storage() operates on a pool and in future on multiple pools
 2016-04-25 07:17:16 +02:00
Bahtiar `kalkin-` Gadimov
9d646aabd3 Add volume_config to AppVM and TemplateVM 2016-04-25 07:17:13 +02:00
Bahtiar `kalkin-` Gadimov
428dd5bc1b QubesVM.dir_path is set independent of storage 2016-04-25 07:16:37 +02:00
Bahtiar `kalkin-` Gadimov
cc7dd625d9 Loop over QubesVM.block_devices in libvirt xml 2016-04-25 07:16:36 +02:00
Bahtiar `kalkin-` Gadimov
ebb79e9c4f Fix TC_01_Properties/test_030_rename_conflict_app 2016-04-20 14:02:04 +02:00
Bahtiar `kalkin-` Gadimov
6aac0a5732 On startup-failure only force_shutdown if running 
This avoids losing the exception if an exception is raised in
self.force_shutdown(), because the vm is not running or paused
 2016-04-20 13:59:17 +02:00
Wojtek Porczyk
fe8fdb264b qubes/vm/qubesvm: move is_guid_running to GUI extension 2016-04-20 13:54:56 +02:00
Marek Marczykowski-Górecki
8c6fe7ed90
Merge remote-tracking branch 'origin/master' into core3-devel-mm 2016-04-11 13:03:12 +02:00
Marek Marczykowski-Górecki
424d3054f3 backup: use vm.features to store backup-specific metadata 
Do not keep them in system qubes.xml.
 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
e8f21929ad backup: by default include all the VMs with vm.include_in_backups 
If there is a need for more robust default, it should be handled at that
property.
 2016-04-07 13:21:00 +02:00
Marek Marczykowski-Górecki
45d6ab3862 qubes/vm: store libvirt config in libvirt.xml, fix rename handling 2016-04-07 13:03:46 +02:00
Marek Marczykowski-Górecki
7cbe2dbd38 qubes/vm: add passio_stderr argument to vm.run_service 
This allows getting error messages from service call, to provide more
meaningful error messages.
 2016-04-07 12:58:05 +02:00
Marek Marczykowski-Górecki
15e032cddb qubes/vm: fix handling "None" kernel 
The "None" value still makes sense for HVM domains.
 2016-03-21 11:44:59 +01:00
Wojtek Porczyk
04cc2099f7 HVM part 2 2016-03-21 11:44:54 +01:00
Marek Marczykowski-Górecki
8da7416f30 vm: Remove reference to old libvirt config template 
This file isn't installed anymore
 2016-03-21 11:44:54 +01:00
Wojtek Porczyk
5eaf03c4a2 HVM part 1 2016-03-21 11:44:46 +01:00
Wojtek Porczyk
d766b8e110 qubes: Fix "unify event names" 2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
736773dbec vm: remove obsolete firewall handling code 
There is no vm.write_iptables_xenstore_entry().

QubesOS/qubes-issues#1815
 2016-03-21 11:43:33 +01:00
Wojtek Porczyk
0f9ca47d90 qubes/ext/guid: Move gui-related code to extension 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
75dd882b83 qubes: Unify event names 
Events will be named <object>-[pre-]-<verb>, where verb is in infinitive
form.
 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
d09bd5ab6a qubes: Convert QubesVM and Extension discovery to pkg_resources 
QubesOS/qubes-issues#1238
 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
93686eae06 qubes/vm: change services to features 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
bf78e662f6 Import qubesdb from the new module 
fixes QubesOS/qubes-issues#1252
 2016-03-03 01:18:17 +01:00
Marek Marczykowski-Górecki
5375dce90d Prefer human readable output in qvm-prefs and qubes-prefs tools 2016-03-03 01:18:17 +01:00
Marek Marczykowski-Górecki
e3c94f3949 core: fix handling numeric label value set 
Not sure if it should be supported this way, but surely it shouldn't
throw AttributeError.
 2016-03-03 01:18:17 +01:00
Marek Marczykowski-Górecki
9633573408 core: adjust units comment for host.memory_total, and fix related places 
QubesOS/qubes-issues#1737
 2016-03-03 01:18:16 +01:00
Wojtek Porczyk
88a63cbe3a qubes/vm/qubesvm: do not clone VM-specific properties 
This is reworked
    core: do not clone VM-unique identifiers in clone_properties
by Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-03-03 01:18:16 +01:00
Marek Marczykowski-Górecki
2cbbe0bdb6 core: abandon 'kernels' in VM directory 
Since we have PV Grub now (which is much more convenient), it is useless
now.
 2016-03-03 01:18:16 +01:00
Marek Marczykowski-Górecki
9428c70d31 core: fix vm.create_on_disk 
QubesOS/qubes-issues#
 2016-03-03 01:18:16 +01:00
Marek Marczykowski-Górecki
62759fb1f6 core: move maxmem default initialization to property itself 
Also fix (for now?) units - memory_total is int bytes while maxmem in
megabytes.

QubesOS/qubes-issues#1737
 2016-03-03 01:18:16 +01:00
Marek Marczykowski-Górecki
2f3762ee68 core: minor fixes in handling properties 
Conflicts:
	qubes/vm/qubesvm.py
 2016-03-03 01:18:16 +01:00
Marek Marczykowski-Górecki
ab469e4473 vm: fix calling monitor layout notifier 2016-03-03 01:18:15 +01:00
Marek Marczykowski-Górecki
926596cba7 Initialize vm.storage after loading all the properties 
It needs at least vm.name to be set.
 2016-03-03 01:18:15 +01:00