Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,158 Commits 1 Branch 0 Tags 15 MiB
1a35b98e16
Commit Graph

248 Commits

Author SHA1 Message Date
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118) 
And do not call it twice...
 2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118) 
"tar x" is much faster than cp on sparse file
 2011-03-19 17:05:00 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118) 
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
 2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load 
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
 2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98) 
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
 2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template 
Missing netvms_conf_file parameter in template
 2011-03-16 13:38:16 -04:00
Marek Marczykowski
5acc4610b4 Allow installed_by_rpm=False in NetVM and ProxyVM 2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731 Create NetVM xen config from separate template (netvm-template.conf) 2011-03-16 11:41:18 +01:00
Marek Marczykowski
14c48f5253 Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08' 2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5 Allow labels for NetVM/ProxyVM. Require it in qvm-create. 2011-03-15 18:28:28 +01:00
Marek Marczykowski
588f4b91c8 Fix Firewall -> Proxy... 2011-03-15 17:40:23 +01:00
Tomasz Sterna
d82001819d Properly call QubesProxyVm superclass 2011-03-14 20:57:08 +01:00
Tomasz Sterna
c92a2bf25f Properly create default firewall configuration 2011-03-14 20:43:56 +01:00
Marek Marczykowski
d6181d21cf Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a' 
Conflicts:
	dom0/qvm-core/qubes.py
	fwvm/init.d/qubes_firewall
 2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e Revert "Requiest external_ip permission at start, not create" 
This reverts commit 53b8e5aacf.
 2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564 Use DNS IPs in firewall rules 2011-03-11 19:39:26 +01:00
Marek Marczykowski
53b8e5aacf Requiest external_ip permission at start, not create 2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87 Missing coma 2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911 Check if netvm is set for ProxyVM before using it... 2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879 Store default_fw_netvm in qubes.xml 2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1 Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM 2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841 arameters for add_new_*, variables loaded from qubes.xml 
Cow based VMs doesn't have root_img param, but private_img.
 2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215 Swap COW for all CowVMs, not only AppVM 2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0 'templete' typo again 2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed qvm-create: support for netvm and proxyvm 
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
 2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side 
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
 2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
 2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-prefs
	dom0/qvm-tools/qvm-template-commit
 2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35 Fix AppVm constructior 2011-03-09 15:24:54 +01:00
Marek Marczykowski
c1bd86142c NetVM and ProxyVM based on template: part 1 (core) 2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755 Fix typo 'templete' 2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f Update firewall iptables file during VM start 2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372 Implemented iptables rules file generator 2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0 Store firewal rules in Python data structure 2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda Properly set FwVM xenstore files 2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53 Removed trailing whitespace 2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5 Implemented firewall_conf storage 2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f Fixed setting netvm of FWVM 2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f Refactored QubesVm.is_*vm() methods 2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea Implemented QubesFirewallVm subclass of QubesNetVm 2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f Update TemplateVM with running AppVM: part 2 
- support for template modify in qvm-core
- tool for commit changes to template
 2011-03-06 14:06:15 +01:00
Tomasz Sterna
a8cef51b67 Use new, simplified firewall rules data scheme 2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f Update firewall iptables file during VM start 2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713 Implemented iptables rules file generator 2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d Store firewal rules in Python data structure 2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186 Properly set FwVM xenstore files 2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258 Removed trailing whitespace 2011-03-02 15:00:19 +01:00
Marek Marczykowski
6db640dbfe Update TemplateVM with running AppVM: part 2 
- support for template modify in qvm-core
- tool for commit changes to template
 2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126 Implemented firewall_conf storage 2011-02-21 18:13:27 +01:00
Tomasz Sterna
a088e14244 Fixed setting netvm of FWVM 2011-02-11 00:34:46 +01:00
Tomasz Sterna
053ca36ca8 Refactored QubesVm.is_*vm() methods 2011-02-11 00:34:46 +01:00
Tomasz Sterna
8c82361f5e Implemented QubesFirewallVm subclass of QubesNetVm 2011-02-09 21:21:14 +01:00
Rafal Wojtczuk
2244ea95bf Separate create_config_file() function in qubes.py 2010-09-27 16:53:17 +02:00
Joanna Rutkowska
ba59ac733e Merge branch 'qmemman' of git://qubes-os.org/rafal/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2010-09-23 12:31:25 +02:00
Rafal Wojtczuk
ca1122cd6a Add QubesDisposableVm and use class 2010-09-21 15:59:22 +02:00
Rafal Wojtczuk
885d747272 qmmemman: force static_memory_max to be as much as total RAM 
Not including netvm, it causes some issues with it.
 2010-09-20 11:24:56 +02:00
Joanna Rutkowska
4e7ce5f90c qubes.py: another small fix to QubesHost :) 2010-09-16 20:11:35 +02:00
Joanna Rutkowska
157a18c244 qubes.py: a small fix to QubesHost 2010-09-16 18:47:05 +02:00
Joanna Rutkowska
268789fc4c dom0/qvm-core/qubes.py: added QubesHost class 2010-09-16 17:52:52 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
6472e8c926 DVM: fix savefile to contain ip address 
needed for routed networking
 2010-09-07 17:36:28 +02:00
Rafal Wojtczuk
2dd9bab23a DVM: add --dvm option to qvm-start 
Currently it only forces to use a fake IP address, which can be
replaced during restore time.
 2010-09-07 16:15:24 +02:00
Rafal Wojtczuk
a013973806 Use vif-route-qubes. 2010-09-06 17:24:12 +02:00
Rafal Wojtczuk
62487c0f1e Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Joanna Rutkowska
c8ef500588 Pause/Unpause all running VMs on system suspend/resume 
This is to fix the VM lockup problem on HT processors that
occured after S3 resume (see ticket #52).

The qvm-run command now takes additional two switches:
--pause
--unpause
 2010-07-08 12:41:29 +02:00
Joanna Rutkowska
6ac6fe397a qubes.py: Always reset/create swap COW on VM start 2010-06-29 17:04:24 +02:00
Joanna Rutkowska
74e820a4e5 In dry_run also use /var/lib/qubes/ for base dir 2010-06-26 15:02:58 +02:00
Joanna Rutkowska
16f3b20a31 qubes.py: Correct retcode checking logic on clone_template() 2010-06-26 15:02:18 +02:00
Joanna Rutkowska
1b1d0b9f93 Added qvm-backup and qvm-backup-restore tools 2010-06-26 15:00:19 +02:00
Joanna Rutkowska
bcae9f9e36 added .gitignore for *.pyo files in qvm-core 2010-06-14 23:53:54 +02:00
Joanna Rutkowska
297d1d65d0 qubes.py: use label indexes starting from 1, not from 0 
This is to unify with the convention used by Window Manager, where index == 0 is reserved for Dom0
 2010-06-03 23:04:06 +02:00
Rafal Wojtczuk
8da2dd6957 Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Joanna Rutkowska
7d4be47df0 qubes.py: fixed an ident bug causing an icon for appvm to be created only if verbose was True 2010-05-11 16:00:50 +02:00
Joanna Rutkowska
301fbec19c qubes.py: added qubes_guid_path global variable 2010-05-11 14:48:54 +02:00
Joanna Rutkowska
da41cd2a4a QubesVmLabels(): introduce 'index' field, useful for sorting 2010-05-10 15:03:50 +02:00
Joanna Rutkowska
cd20eeb8a4 Reload Xend session params when we got an XenAPI.Failure exception 
Because we're caching e.g. uuid and metrics objects for the Xend session, we can get an exception
when the VM changed the power state between since we cached the object. We now catch this exception
and reload uuid and metrics object in the handler.
 2010-05-10 15:03:50 +02:00
Joanna Rutkowska
df82fa8282 Optimize Xend acesseses 
Open Xend session only once, cache various intermediary Xen API
objects for faster access. This all is important for Qubes Manager, so that it
doesn'tintroduce too much load on Dom0's CPU when displaying the load chart.
 2010-05-07 16:06:38 +02:00
Joanna Rutkowska
d7011a6ddb Fix the purple frame's color :) 2010-05-07 16:06:16 +02:00
Rafal Wojtczuk
e9586a8128 qubes.py: correctly calculate Xen free memory 2010-04-10 13:56:43 +02:00
Joanna Rutkowska
a17989470a Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00