Qubes Admin API #853
Comments
marmarek
added
T: enhancement
andrewdavidwong
added
the
help wanted
|
Just pushed a draft of the API, to the qubes-doc, since the table is messy and won't be readable in the issue. https://www.qubes-os.org/doc/mgmt1/ Didn't link anywhere yet. @andrewdavidwong could you look on the page? It breaks the layout horribly and I don't know how to make this neither pretty nor readable. I took a shortcut and embedded a |
|
@woju: No problem; I'll work on this soon. |
|
@woju: How does it look now? (Note: You might need to clear your cache to get the new CSS.) |
* Use backticks to wrap literal text * Replace HTML entities with ASCII characters * Make column spacing uniform QubesOS/qubes-issues#853
|
Thanks. It is prettier, though it's less readable, since it gets scrolled independent of page, and wraps the cells. I disabled it on purpose, because if there is |
The only way to avoid that is to use a different layout for the page. It sounds like maybe you don't want it to have the
Ok. |
|
Scrolling horizontally IMO isn't a problem - vertically is. |
|
If the table doesn't get clipped vertically, it'll be larger than the height of most viewports. My impression is that this is bad practice in web design, but I don't have any source to back that up. |
|
What if we create a Alternatively, we could convert the entire page into the |
|
I don't mind the side bar disappearing at all. And, as Marek said, table shouldn't be vertically scrollable independent of the page, because it makes it very annoying on touchscreen. You may be right in the sense that nowadays it is fashionable to design custom scrolling, those designers do it and people get used to that, but IMHO this is not usable. It may be valuable to devise some CSS class for the tables in documentation, since I will have at least two more such tables, for VM "events" and "features" (new functionality in R4.0 core). But we are getting sidetracked. |
|
Great! Thank you. |
|
@woju What should |
|
@kalkin some identifier about the volume and possibly very basic info, but I'm not sure what exactly. The idea is that there are two set of calls, |
qvm-ls tool (as all other tools) will be accessing properties through API, so no need (nor sense) for this tool-specific attributes in qubes.property. The only somehow used was ls_width, and in fact it made the output unnecessary wide. The tool itself is already moved to core-mgmt-client repository. QubesOS/qubes-issues#853
Device ident may contain only characters allowed in qrexec argument. This will allow using it directly in qrexec argument in Attach/Detach methods. This also means PCI extension will need to be updated (it uses ':' in ident). QubesOS/qubes-issues#853
Install files in /etc/qubes-rpc for all methods defined in API documentation, even if not yet implemented (qubesd will handle it raising appropriate exception). Use minimal program written in C (qubesd-query-fast), instead of qubesd-query in python for performance reasons: - a single qubesd-query run: ~300ms - equivalent in shell (echo | nc -U): ~40ms - qubesd-query-fast: ~20ms Many tools makes multiple API calls, so performance here do matter. For example qvm-ls (from VM) currently takes about 60s on a system with 24 VMs. Also make use of `$include:` directive in policy file, to make it easier defining a VM with full Admin API access. QubesOS/qubes-issues#853
Accessing non-existing property is a common action (for example hasattr() do try to access the property). So, introduce specific exception, inheriting from AttributeError. It will behave very similar to standard (non-Admin-API) property access. This exception is reported to the Admin API user, so it will be possible to distinguish between non-existing property and access denied. But it isn't any significant information leak, as list of valid properties is publicly available in the source code. QubesOS/qubes-issues#853
Remove debug prints, log full traceback (of handled exception) only when debug mode enabled (--debug, introduce in this commit too). --debug option also enables sending tracebacks to the API clients. QubesOS/qubes-issues#853
Use newly introduced payload_stream= argument to qubesd_call to pass data directly from some file-like object - without loading it all into memory. QubesOS/qubes-issues#853
Use newly introduced payload_stream= argument to qubesd_call to pass data directly from some file-like object - without loading it all into memory. QubesOS/qubes-issues#853
Use newly introduced payload_stream= argument to qubesd_call to pass data directly from some file-like object - without loading it all into memory. QubesOS/qubes-issues#853
Get a VM statistics once. If previous measurements are provided, calculate difference too. This is backend part of upcoming admin.vm.Stats service. QubesOS/qubes-issues#853
Reported by joanna on 10 May 2014 12:56 UTC
https://groups.google.com/d/msg/qubes-devel/f2gDpXE3NJ8/_kH7LUrzJ80J
Migrated-From: https://wiki.qubes-os.org/ticket/853
TODO list, aggregated from commits below:
mgmt.property.prefix with exactly the same set of actions as formgmt.vm.property.. Or maybemgmt.global.property.?mgmt.vm.property.Listandmgmt.vm.property.Helpare bound to VM instance at API level, while in practice those are bound to VM class. Generally I'm ok with that, but I face a practical issue: don't know how to properly handle docstrings for client-side wrappers. Our API havevm.property_list, so this part is not a problem (IMOdir(vm)not working is not a problem), but no idea how to handlehelp(VMClass.property). Maybe shouldn't? And handle only docstring on the object(s) returned byvm.property_list?mgmt.vm.Clone), or individual elements (mgmt.vm.property.Clone,mgmt.vm.volume.Cloneetc). I'm in favor of the first option (full VM clone with just new name+qid).OK/FAILon the first line and only then with actual data - this could be translated byqubesd-queryto exit code.mgmt.vm.Listto a specific VM, not only to dom0.vm.netvm.ipwill not work). Maybe we need explicit type declaration in result of*.Getmethods - instead ofdefault=yes|no value, it would bedefault=yes|no type=... value?:- we need a better idea for passing volume identifier (pool:vidcurrently). Or allow:in qrexec.vid) may contains chars not allowed in qrexec argument - for example/; we need to encode it somehow, or think of some other way (keep only pool name in argument and movevidto data stream?)add_new_vmandclone_disk_fileswas used for that),mgmt.vm.Cloneoperation may be used to bypass some policy - for example user is not allowed to change netvm property of some VM (like force using some application through Tor), but can clone VM under another name and then change it.admin.vm.Shutdownshould shutdown netvm even if is has vms connected to itvm.kill()called from except: clauseThe text was updated successfully, but these errors were encountered: