#!/usr/bin/python2 # -*- encoding: utf8 -*- # # The Qubes OS Project, http://www.qubes-os.org # # Copyright (C) 2010 Joanna Rutkowska # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # from qubes.qubes import QubesVmCollection from qubes.qubes import QubesVmLabels from qubes.qubes import QubesHost from qubes.qubes import system_path from optparse import OptionParser import subprocess import os import sys import re from qubes.qubes import vmm def do_list(vm): label_width = 19 fmt="{{0:<{0}}}: {{1}}".format(label_width) print fmt.format ("name", vm.name) print fmt.format ("label", vm.label.name) print fmt.format ("type", vm.type) if vm.template is not None: print fmt.format ("template", vm.template.name) if vm.netvm is not None: print fmt.format ("netvm", vm.netvm.name) if vm.qid != 0: print fmt.format("dispvm_netvm", "%s%s" % ( vm.dispvm_netvm.name if vm.dispvm_netvm else "none", " (default)" if vm.uses_default_dispvm_netvm else "")) print fmt.format ("updateable", vm.updateable) print fmt.format ("autostart", vm.autostart) print fmt.format ("installed_by_rpm", vm.installed_by_rpm) print fmt.format ("include_in_backups", vm.include_in_backups) print fmt.format ("last_backup", vm.backup_timestamp) print fmt.format ("dir", vm.dir_path) print fmt.format ("config", vm.conf_file) print fmt.format ("pcidevs", vm.pcidevs) print fmt.format ("pci_strictreset", vm.pci_strictreset) print fmt.format ("pci_e820_host", vm.pci_e820_host) if vm.template is None: print fmt.format ("root_img", vm.root_img) if hasattr(vm, "rootcow_img") and vm.rootcow_img is not None: print fmt.format ("root_cow_img", vm.rootcow_img) if vm.template is not None: print fmt.format ("root_img", vm.template.root_img) if hasattr(vm, 'volatile_img') and vm.volatile_img is not None: print fmt.format ("root_volatile_img", vm.volatile_img) if hasattr(vm, 'private_img') and vm.private_img is not None: print fmt.format ("private_img", vm.private_img) print fmt.format ("vcpus", str(vm.vcpus)) print fmt.format ("memory", vm.memory) if hasattr(vm, 'maxmem'): print fmt.format ("maxmem", vm.maxmem) print fmt.format ("MAC", "%s%s" % (vm.mac, " (auto)" if vm._mac is None else "")) if hasattr(vm, 'kernel'): if vm.uses_default_kernel: print fmt.format ("kernel", "%s (default)" % vm.kernel) else: print fmt.format ("kernel", vm.kernel) if hasattr(vm, 'kernelopts'): if vm.uses_default_kernelopts: print fmt.format ("kernelopts", "%s (default)" % vm.kernelopts) else: print fmt.format ("kernelopts", vm.kernelopts) if hasattr(vm, 'debug'): print fmt.format("debug", "on" if vm.debug else "off") if hasattr(vm, 'default_user'): print fmt.format("default_user", str(vm.default_user)) if hasattr(vm, 'qrexec_installed'): print fmt.format("qrexec_installed", str(vm.qrexec_installed)) if hasattr(vm, 'qrexec_timeout'): print fmt.format("qrexec_timeout", str(vm.qrexec_timeout)) if hasattr(vm, 'guiagent_installed'): print fmt.format("guiagent_installed", str(vm.guiagent_installed)) if hasattr(vm, 'seamless_gui_mode'): print fmt.format("seamless_gui_mode", str(vm.seamless_gui_mode)) if hasattr(vm, 'drive'): print fmt.format("drive", str(vm.drive)) if hasattr(vm, 'timezone'): print fmt.format("timezone", str(vm.timezone)) print fmt.format ("internal", vm.internal) def do_get(vms, vm, prop): if prop == 'config': prop = 'conf_file' elif prop == 'dir': prop = 'dir_path' elif prop == 'last_backup': prop = 'backup_timestamp' elif prop == 'MAC': prop = 'mac' elif prop == 'root_cow_img': prop = 'rootcow_img' elif prop == 'root_volatile_img': prop = 'volatile_img' if not hasattr(vm, prop): print >>sys.stderr, "VM '{}' has no attribute '{}'".format(vm.name, prop) return if getattr(vm, prop, None) is None: # not set or set to None return if prop in ['template', 'netvm', 'dispvm_netvm', 'label']: print getattr(vm, prop).name else: print str(getattr(vm, prop)) def set_label(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing label name argument!" return False label = args[0] if label not in QubesVmLabels: print >> sys.stderr, "Wrong label name, supported values are the following:" for l in QubesVmLabels.values(): print >> sys.stderr, "* {0}".format(l.name) return False vm.label = QubesVmLabels[label] return True def set_memory(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing memory argument!" return False new_memory = int(args[0]) if new_memory <= 0: print >>sys.stderr, "Memory size must be positive" return False qubes_host = QubesHost() if new_memory > qubes_host.memory_total/1024: print >> sys.stderr, "This host has only {0} MB of RAM".format(qubes_host.memory_total/1024) return False vm.memory = new_memory return True def set_maxmem(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing maxmem argument!" exit (1) new_maxmem = int(args[0]) if new_maxmem <= 0: print >>sys.stderr, "Memory size must be positive" return False qubes_host = QubesHost() if new_maxmem > qubes_host.memory_total/1024: print >> sys.stderr, "This host has only {0} MB of RAM".format(qubes_host.memory_total/1024) return False if new_maxmem < vm.memory: print >> sys.stderr, "WARNING: new maxmem smaller than memory property - VM will be able to use only 'maxmem' memory amount" vm.maxmem = new_maxmem return True def set_mac(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing MAC argument!" return False if not re.match("[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$|auto$", args[0]): print >> sys.stderr, "Invalid MAC argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) auto" print >> sys.stderr, "2) MAC in format: XX:XX:XX:XX:XX:XX" return False mac = args[0] if mac == "auto": mac = None vm.mac = mac return True def set_pcidevs(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing pcidevs argument!" return False if vm.is_running(): print >>sys.stderr, "Cannot modify PCI devices of running VM, " \ "use qvm-pci instead" return False vm.pcidevs = list(eval(args[0])) return True def set_pci_strictreset(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.pci_strictreset = bool(eval(args[0].capitalize())) return True def set_pci_e820_host(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.pci_e820_host = bool(eval(args[0].capitalize())) return True def set_netvm(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing netvm name argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) default" print >> sys.stderr, "2) none" print >> sys.stderr, "3) " return netvm = args[0] if netvm == "none": netvm = None vm.uses_default_netvm = False elif netvm == "default": netvm = vms.get_default_netvm() vm.uses_default_netvm = True else: netvm = vms.get_vm_by_name (netvm) if netvm is None: print >> sys.stderr, "A VM with the name '{0}' does not exist in the system.".format(netvm) return False if not netvm.is_netvm(): print >> sys.stderr, "VM '{0}' is not a NetVM".format(netvm) return False vm.uses_default_netvm = False vm.netvm = netvm return True def set_dispvm_netvm(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing netvm name argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) default (the same as VM own netvm)" print >> sys.stderr, "2) none" print >> sys.stderr, "3) " return netvm = args[0] if netvm == "none": vm.dispvm_netvm = None vm.uses_default_dispvm_netvm = False elif netvm == "default": vm.uses_default_dispvm_netvm = True else: netvm = vms.get_vm_by_name (netvm) if netvm is None: print >> sys.stderr, "A VM with the name '{0}' does not exist in the system.".format(netvm) return False if not netvm.is_netvm(): print >> sys.stderr, "VM '{0}' is not a NetVM".format(netvm) return False vm.dispvm_netvm = netvm vm.uses_default_dispvm_netvm = False return True def set_kernel(vms, vm, args): if len(args) != 1: print >> sys.stderr, "Missing kernel version argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) default" print >> sys.stderr, "2) none (kernels subdir in VM)" print >> sys.stderr, "3) , one of:" for k in os.listdir(system_path["qubes_kernels_base_dir"]): print >> sys.stderr, " -", k return False kernel = args[0] if kernel == "default": vm.kernel = vms.get_default_kernel() vm.uses_default_kernel = True elif kernel == "none": vm.kernel = None else: if not os.path.exists(os.path.join(system_path["qubes_kernels_base_dir"], kernel)): print >> sys.stderr, "Kernel version {0} not installed.".format(kernel) return False vm.kernel = kernel return True def set_template(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing template name argument!" return False template_name = args[0]; template = vms.get_vm_by_name(template_name) if template is None or template.qid not in vms: print >> sys.stderr, "A VM with the name '{0}' does not exist in the system.".format(template_name) return False if not template.is_template(): print >> sys.stderr, "VM '{0}' is not a TemplateVM".format(template_name) return False print >> sys.stderr, "Setting template for VM '{0}' to '{1}'...".format (vm.name, template_name) vm.template = template return True def set_vcpus(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing vcpus count argument!" return False vcpus = int(args[0]) if vcpus <= 0: print >> sys.stderr, "A vcpus count must be positive." return False qubes_host = QubesHost() if vcpus > qubes_host.no_cpus: print >> sys.stderr, "This host has only {0} cpus".format( qubes_host.no_cpus) return False print >> sys.stderr, "Setting vcpus count for VM '{0}' to '{1}'...".format (vm.name, vcpus) vm.vcpus = vcpus return True def set_kernelopts(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing kernel opts argument!" print >> sys.stderr, "Possible values:" print >> sys.stderr, "1) default" print >> sys.stderr, "2) " return False if args[0] == 'default': vm.uses_default_kernelopts = True else: vm.uses_default_kernelopts = False vm.kernelopts = args[0] return True def set_name(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing new name!" return False if args[0] == vm.name: return False vm.set_name(args[0]) return True def set_drive(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing new drive content (file/device)!" return False if args[0] == '' or args[0].lower() == 'none': vm.drive = None else: vm.drive = args[0] return True def set_debug(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False or on/off)!" return False if args[0].lower() == "on": vm.debug = True elif args[0].lower() == "off": vm.debug = False else: vm.debug = bool(eval(args[0].capitalize())) return True def set_default_user(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing user name!" return False vm.default_user = args[0] return True def set_include_in_backups(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.include_in_backups = bool(eval(args[0].capitalize())) return True def set_qrexec_installed(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.qrexec_installed = bool(eval(args[0].capitalize())) return True def set_internal(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.internal = bool(eval(args[0].capitalize())) return True def set_guiagent_installed(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.guiagent_installed = bool(eval(args[0].capitalize())) return True def set_seamless_gui_mode(vms, vm, args): if len(args) != 1: print >> sys.stderr, "Missing value (true/false)!" return False vm.seamless_gui_mode = bool(eval(args[0].capitalize())) return True def set_autostart(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value (True/False)!" return False vm.autostart = bool(eval(args[0].capitalize())) return True def set_qrexec_timeout(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing timeout value (seconds)!" return False if int(args[0]) < 0: print >> sys.stderr, "Negative timeout value not allowed!" return False vm.qrexec_timeout = int(args[0]) return True def set_timezone(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing value ('localtime' or timeoffset in seconds)!" return False try: int(args[0]) except ValueError: if args[0].lower() != 'localtime': print >> sys.stderr, "Invalid timezone value!" return False vm.timezone = args[0] return True properties = { "include_in_backups": set_include_in_backups, "pcidevs": set_pcidevs, "pci_strictreset": set_pci_strictreset, "pci_e820_host": set_pci_e820_host, "label" : set_label, "netvm" : set_netvm, "dispvm_netvm" : set_dispvm_netvm, "maxmem" : set_maxmem, "memory" : set_memory, "kernel" : set_kernel, "template" : set_template, "vcpus" : set_vcpus, "kernelopts": set_kernelopts, "name": set_name, "drive": set_drive, "mac": set_mac, "debug": set_debug, "default_user": set_default_user, "qrexec_installed": set_qrexec_installed, "guiagent_installed": set_guiagent_installed, "seamless_gui_mode": set_seamless_gui_mode, "qrexec_timeout": set_qrexec_timeout, "timezone": set_timezone, "internal": set_internal, "autostart": set_autostart, } def do_set(vms, vm, property, args): if property not in properties.keys(): print >> sys.stderr, "ERROR: Cannot set property : '{0}'".format(property) return False if not hasattr(vm, property): print >> sys.stderr, "ERROR: Property '{0}' not available for this VM".format(property) return False try: return properties[property](vms, vm, args) except Exception as err: print >> sys.stderr, "ERROR: %s" % str(err) return False def main(): usage = "usage: %prog -l [options] \n"\ "usage: %prog -g [options] \n"\ "usage: %prog -s [options] [...]\n"\ "List/set various per-VM properties." parser = OptionParser (usage) parser.add_option("-l", "--list", action="store_true", dest="do_list", default=False) parser.add_option("-s", "--set", action="store_true", dest="do_set", default=False) parser.add_option ("-g", "--get", action="store_true", dest="do_get", default=False) parser.add_option("--force-root", action="store_true", dest="force_root", default=False, help="Force to run, even with root privileges") parser.add_option ("--offline-mode", dest="offline_mode", action="store_true", default=False, help="Offline mode") (options, args) = parser.parse_args () if (len (args) < 1): parser.error ("You must provide at least the vmname!") vmname = args[0] if hasattr(os, "geteuid") and os.geteuid() == 0: if not options.force_root: print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems." print >> sys.stderr, "Retry as unprivileged user." print >> sys.stderr, "... or use --force-root to continue anyway." exit(1) if options.do_list + options.do_set + options.do_get > 1: print >> sys.stderr, "You can provide at most one of -l, -g and -s at " \ "the same time!" exit(1) if options.offline_mode: vmm.offline_mode = True if options.do_set: qvm_collection = QubesVmCollection() qvm_collection.lock_db_for_writing() qvm_collection.load() else: qvm_collection = QubesVmCollection() qvm_collection.lock_db_for_reading() qvm_collection.load() qvm_collection.unlock_db() vm = qvm_collection.get_vm_by_name(vmname) if vm is None or vm.qid not in qvm_collection: print >> sys.stderr, "A VM with the name '{0}' does not exist in the system.".format(vmname) exit(1) if options.do_set: if len (args) < 2: print >> sys.stderr, "You must specify the property you wish to set..." print >> sys.stderr, "Available properties:" for p in properties.keys(): if hasattr(vm, p): print >> sys.stderr, "--> '{0}'".format(p) exit (1) property = args[1] if property == 'MAC': property = 'mac' if do_set(qvm_collection, vm, property, args[2:]): qvm_collection.save() qvm_collection.unlock_db() else: qvm_collection.unlock_db() exit(1) elif options.do_get or len(args) == 2: do_get(qvm_collection, vm, args[1]) else: # do_list do_list(vm) main()