cc71dd5876
Having Admin API, it is possible to do this properly now: - create DisposableVM - assign it proper permissions to create VMs and control those created VMs - run restore process inside - cleanup DisposableVM afterwards Since the RestoreInDisposableVM class contains de facto reverse parser for qvm-backup-restore command line, add a test that will spot when it gets out of sync. This feature depends on modifications in various other components, including: - linux-utils and core-agent-linux for update qfile-unpacker - core-admin for qrexec policy modification QubesOS/qubes-issues#5310
109 lines
2.9 KiB
ReStructuredText
109 lines
2.9 KiB
ReStructuredText
.. program:: qvm-backup-restore
|
|
|
|
===============================================================
|
|
:program:`qvm-backup-restore` -- Restores Qubes VMs from backup
|
|
===============================================================
|
|
|
|
.. warning::
|
|
|
|
This page was autogenerated from command-line parser. It shouldn't be 1:1
|
|
conversion, because it would add little value. Please revise it and add
|
|
more descriptive help, which normally won't fit in standard ``--help``
|
|
option.
|
|
|
|
After rewrite, please remove this admonition.
|
|
|
|
Synopsis
|
|
========
|
|
:command:`qvm-backup-restore` [*options*] <*backup-dir*>
|
|
|
|
Options
|
|
=======
|
|
|
|
.. option:: --help, -h
|
|
|
|
Show this help message and exit
|
|
|
|
.. option:: --verbose, -v
|
|
|
|
Increase verbosity
|
|
|
|
.. option:: --quiet, -q
|
|
|
|
Decrease verbosity
|
|
|
|
|
|
.. option:: --verify-only
|
|
|
|
Do not restore the data, only verify backup integrity
|
|
|
|
.. option:: --skip-broken
|
|
|
|
Do not restore VMs that have missing templates or netvms
|
|
|
|
.. option:: --ignore-missing
|
|
|
|
Ignore missing templates or netvms, restore VMs anyway
|
|
|
|
.. option:: --skip-conflicting
|
|
|
|
Do not restore VMs that are already present on the host
|
|
|
|
.. option:: --rename-conflicting
|
|
|
|
Restore VMs that are already present on the host under different names
|
|
|
|
.. option:: --exclude=EXCLUDE, -x EXCLUDE
|
|
|
|
Skip restore of specified VM (might be repeated)
|
|
|
|
.. option:: --skip-dom0-home
|
|
|
|
Do not restore dom0 user home dir
|
|
|
|
.. option:: --ignore-username-mismatch
|
|
|
|
Ignore dom0 username mismatch while restoring homedir
|
|
|
|
.. option:: --ignore-size-limit
|
|
|
|
Backup metadata contains expected size of each VM. By default if backup
|
|
contains more data than expected, it is rejected. Use this option to ignore
|
|
this limit and restore such (broken, or potentially malicious) backup
|
|
anyway.
|
|
|
|
.. option:: --compression-filter, -Z
|
|
|
|
Force specific compression filter, instead of the one named in the backup
|
|
header. The compression filter is a command that accepts ``-d`` option to
|
|
decompress data on stdin and output it to stdout. This can be used to
|
|
override built-in protection against uncommon compression.
|
|
|
|
.. option:: --dest-vm=APPVM, -d APPVM
|
|
|
|
Restore from a backup located in a specific AppVM
|
|
|
|
.. option:: --passphrase-file, -p
|
|
|
|
Read passphrase from file, or use '-' to read from stdin
|
|
|
|
.. option:: --location-is-service
|
|
|
|
Provided backup location is a qrexec service name (optionally with an
|
|
argument, separated by ``+``), instead of file path or a command.
|
|
|
|
.. option:: --paranoid-mode, --plan-b
|
|
|
|
Isolate restore process in a DisposableVM, defend against potentially
|
|
compromised backup. In this mode some parts of the backup are skipped,
|
|
specifically:
|
|
|
|
- dom0 home directory (desktop environment settings)
|
|
- PCI devices assignments
|
|
|
|
Authors
|
|
=======
|
|
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
|
|
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
|
|
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
|