Commit Graph

4267 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d999d91049
tests: few more tests for fake/custom IP
QubesOS/qubes-issues#1143
QubesOS/qubes-issues#1477
2016-10-31 03:39:46 +01:00
Marek Marczykowski-Górecki
ea33fef9cc
tests: drop dispvm_netvm tests
This property no longer exists in core3.
2016-10-31 03:10:12 +01:00
Marek Marczykowski-Górecki
5072acc8f2
tests: custom VM IP
QubesOS/qubes-issues#1477
2016-10-31 03:09:45 +01:00
Marek Marczykowski-Górecki
b8145595a9
qubes/vm/net: allow setting custom IP
Fixes QubesOS/qubes-issues#1477
2016-10-31 03:04:13 +01:00
Marek Marczykowski-Górecki
4585f2b503
tests: add tests for fake IP feature
QubesOS/qubes-issues#1143
2016-10-31 02:17:21 +01:00
Marek Marczykowski-Górecki
2c6c476410
qubes/vm/net: add feature of hiding real IP from the VM
This helps hiding VM IP for anonymous VMs (Whonix) even when some
application leak it. VM will know only some fake IP, which should be set
to something as common as possible.
The feature is mostly implemented at (Proxy)VM side using NAT in
separate network namespace. Core here is only passing arguments to it.
It is designed the way that multiple VMs can use the same IP and still
do not interfere with each other. Even more: it is possible to address
each of them (using their "native" IP), even when multiple of them share
the same "fake" IP.

Original approach (marmarek/old-qubes-core-admin#2) used network script
arguments by appending them to script name, but libxl in Xen >= 4.6
fixed that side effect and it isn't possible anymore. So use QubesDB
instead.

From user POV, this adds 3 "features":
 - net/fake-ip - IP address visible in the VM
 - net/fake-gateway - default gateway in the VM
 - net/fake-netmask - network mask
The feature is enabled if net/fake-ip is set (to some IP address) and is
different than VM native IP. All of those "features" can be set on
template, to affect all of VMs.
Firewall rules etc in (Proxy)VM should still be applied to VM "native"
IP.

Fixes QubesOS/qubes-issues#1143
2016-10-31 02:06:01 +01:00
Marek Marczykowski-Górecki
b91714b204
qubes/features: handle recursive templates
Have features.check_with_template() check the template recursively.
The longest path (currently) is: DispVM -> AppVM -> TemplateVM.
2016-10-31 02:04:27 +01:00
Wojtek Porczyk
8097da7cab Paint the project green for testbench launch 2016-10-18 19:07:20 +02:00
Wojtek Porczyk
c81346ba51 qubes/test/run: Print tracebacks of expected fails
fixes QubesOS/qubes-issues#2376
2016-10-14 17:20:14 +02:00
Wojtek Porczyk
526f2c3751 Merge remote-tracking branch 'marmarek/core3-backup' into core3-devel 2016-10-14 15:29:37 +02:00
Wojtek Porczyk
e06829ab2c Make pylint happy 2016-10-11 13:42:37 +02:00
Wojtek Porczyk
c6c0a545e6 Merge remote-tracking branch 'origin/pull/58/head' into core3-devel 2016-10-11 11:37:15 +02:00
Marek Marczykowski-Górecki
33fecd90c1
qubes/backup: misc fixes
Fix restoring ProxyVM and NetVM from core2. Use correct VM class.
2016-10-05 01:58:11 +02:00
Marek Marczykowski-Górecki
339c47480e
qubes/backup: include LVM volumes content in backup
Use just introduced tar writer to archive content of LVM volumes (or
more generally: block devices). Place them as 'private.img' and
'root.img' files in the backup - just like in old format. This require
support for replacing file name in tar header - another thing trivially
supported with tar writer.
2016-10-05 01:55:30 +02:00
Marek Marczykowski-Górecki
36eb7f923f
qubes/tarwriter: add simple sparse-tar writer module
tar can't write archive with _contents_ of block device. We need this to
backup LVM-based disk images. To avoid dumping image to a file first,
create a simple tar archiver just for this purpose.

Python is not the fastest possible technology, it's 3 times slower than
equivalent written in C. But it's much easier to read, much less
error-prone, and still process 1GB image under 1s (CPU time, leaving
along actual disk reads). So, it's acceptable.
2016-10-05 01:54:41 +02:00
Marek Marczykowski-Górecki
278a5340dc
qubes/backup: fix relative path calculation
os.path.relpath strip trailing '/.' from the path, but it is important
to distinguish whole-directory archive (which is tar of '.').
2016-10-04 21:38:59 +02:00
Wojtek Porczyk
72bc0506b9 Code documentation: fix 🎫 reference to query github
Previously it queried long obsolete Trac at wiki.qubes-os.org.
2016-10-04 15:31:06 +02:00
Wojtek Porczyk
d7d926edaa Fix manpage generation 2016-10-04 11:32:04 +02:00
Wojtek Porczyk
9dc37c1ee7 Add possibility to override libvirt config
This is the equivalent of "custom config" from R3.x.

fixes QubesOS/qubes-issues#1798
2016-10-04 11:31:31 +02:00
Marek Marczykowski-Górecki
ab69fdd7f4
qubes/backup: reduce code duplication
Move inner tar process cleanup to a separate function
2016-10-03 13:43:36 +02:00
WetwareLabs
cedd822735 Fix sending monitor layout info when xrandr has one output disconnected
Signed-off-by: WetwareLabs <marcus@wetwa.re>
2016-09-29 14:13:38 +02:00
Marek Marczykowski-Górecki
c4632d6be8
tests/backup: test idea 2016-09-29 02:08:30 +02:00
Marek Marczykowski-Górecki
f2d79b9379
tests/backup: use round volume size
When handling LVM volumes, size must be multiply of 4MB.
2016-09-29 02:08:30 +02:00
Marek Marczykowski-Górecki
e938aa61ab
tests: cleanup test LVM volumes
Handle the case when vm.remove_from_disk does not cleanup all the
things.
2016-09-29 02:08:30 +02:00
Marek Marczykowski-Górecki
20590bff57
backup: adjust LVM volume size when restoring its content.
Old backup metadata (old qubes.xml) does not contain info about
individual volume sizes. So, extract it from tar header (using verbose
output during restore) and resize volume accordingly.
Without this, restoring volumes larger than default would be impossible.
2016-09-29 02:08:29 +02:00
Marek Marczykowski-Górecki
0a35bd06aa
backup: support relocating files to different storage pool
To ease all this, rework restore workflow: first create QubesVM objects,
and all their files (as for fresh VM), then override them with data
from backup - possibly redirecting some files to new location. This
allows generic code to create LVM volumes and then only restore its
content.
2016-09-29 02:08:29 +02:00
Marek Marczykowski-Górecki
4d45dd5549
tests/backup: check backup+restore of LVM based VM
The test fails for now...
2016-09-29 01:59:55 +02:00
Marek Marczykowski-Górecki
226695534b
tests/backup: handle non-default pool in BackupTestsMixin 2016-09-29 01:59:54 +02:00
Marek Marczykowski-Górecki
ae42308f5f
storage: improve handling volume export
1. Add a helper function on vm.storage. This is equivalent of:

    vm.storage.get_pool(vm.volumes[name]).export(vm.volumes[name])

2. Make sure the path returned by `export` on LVM volume is accessible.
2016-09-29 01:59:54 +02:00
Marek Marczykowski-Górecki
9395e8fc33
storage: set only 'default' pool when creating VM on custom one
Do not replace 'linux-kernel' pool for example.
2016-09-29 01:59:54 +02:00
Marek Marczykowski-Górecki
e1d9de1cc2
tests/backup: minor fix for python3 2016-09-29 01:59:54 +02:00
Marek Marczykowski-Górecki
6d5959b31d
tests/backup: use proper logging instead of print 2016-09-29 01:59:53 +02:00
Marek Marczykowski-Górecki
016c3d8e88
tests/backup: check restored disk images 2016-09-29 01:59:53 +02:00
Bahtiar `kalkin-` Gadimov
8d9b6f19fd
Add catch-all '*' to event handlers 2016-09-28 21:28:43 +02:00
Bahtiar `kalkin-` Gadimov
ef56620b6e
Make pylint happy ♥ qubes/core2migration.py 2016-09-28 21:28:33 +02:00
Marek Marczykowski-Górecki
e499b529ad
tests: move BackupTestMixin to qubes.tests.int.backup
This is much more logical place, don't pollute main qubes.tests module.
2016-09-25 16:31:31 +02:00
Marek Marczykowski-Górecki
533804ebdc
Make pylint happy ♥ 2016-09-21 16:39:06 +02:00
Marek Marczykowski-Górecki
96a4bb650b
qubes/tools: qvm-backup and qvm-backup-restore tools
Fixes QubesOS/qubes-issues#1213
Fixes QubesOS/qubes-issues#1214
2016-09-21 16:02:50 +02:00
Marek Marczykowski-Górecki
7af3f4b19a
Make pylint happy 2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
d4f29bb8b7
qubes: add qvm-firewall tool
Fixes QubesOS/qubes-issues#1815
2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
f8dd7e6cb7
qubes/firewall: make xml parameter to Rule optional
QubesOS/qubes-issues#1815
2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
cdc97730cd
qubes/firewall: apply only IPv4 rules
Currently dom0 do not assign IPv6 addresses for VMs, so there is no
sense in IPv6 firewall yet.

QubesOS/qubes-issues#1815
2016-09-19 20:36:32 +02:00
Marek Marczykowski-Górecki
202042bd8d
tests: update for new firewall API
QubesOS/qubes-issues#1815
2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
d5b3d971ee
qubes/ext/r3compat: update firewall handling for new API
QubesOS/qubes-issues#1815
2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
5123f466eb
qubes/firewall: allow listing only IPv4/IPv6 rules
This will allow setting only IPv4-related rules to IPv4 address, and the
same for IPv6

QubesOS/qubes-issues#1815
2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
e01f7b97d9
qubes/vm: plug in new firewall code, create QubesDB entries
QubesOS/qubes-issues#1815
2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
1da75a676f
qubes/firewall: new firewall interface
First part - handling firewall.xml and rules formatting.
Specification on https://qubes-os.org/doc/vm-interface/

TODO (for dom0):
 - plug into QubesVM object
 - expose rules in QubesDB (including reloading)
 - drop old functions (vm.get_firewall_conf etc)

QubesOS/qubes-issues#1815
2016-09-19 20:36:30 +02:00
Marek Marczykowski-Górecki
1af1784c69
Merge remote-tracking branch 'qubesos/pr/54' into core3-devel
* qubesos/pr/54:
  Fix file storage resize
  Fix lvm reset_cache size cache
2016-09-19 20:36:20 +02:00
Marek Marczykowski-Górecki
0ea7afd245
tests: adjust LVM tests for non-default VG name 2016-09-19 20:35:25 +02:00
Marek Marczykowski-Górecki
8b408a7a70
qubes/vm: minor formating 2016-09-13 02:15:25 +02:00