Commit Graph

3744 Commits

Author SHA1 Message Date
Marek Marczykowski
b8c62c0279 Wrap all VMM connection related object into QubesVMMConnection class
This makes easier to import right objects in submodules (only one
object). This also implement lazy connection - at first access, not at
module import, which speeds up tools, which doesn't need runtime
information (like qvm-prefs or qvm-service). In the future this will
ease migration from xenstore to QubesDB.

Also implement "offline mode" - operate on qubes.xml without connecting
to VMM - raise exception at such try.
This is needed to run tools during installation, where only minimal
set of services are started, especially no libvirt.
2014-11-19 12:48:26 +01:00
Marek Marczykowski
9f90106db4 rpm: Add libvirt to dependencies 2014-11-19 12:48:26 +01:00
Marek Marczykowski
0f6b878664 rpm: update build dependencies 2014-11-19 12:48:26 +01:00
Marek Marczykowski
201cd509e1 QubesDom0NetVm: provide get_mem*
As libvirt doesn't keep dom0 domain object, so add special cases to get
memory information.
2014-11-19 12:48:26 +01:00
Marek Marczykowski
550d8cac68 Create permanent libvirt domain objects
Do not recreate them at each startup. This will save some time and also
solve some problems from invalidated libvirt handles after domain
shutdown (e.g. causes qubes-manager crashes).
This requires storing uuid in qubes.xml.
2014-11-19 12:48:26 +01:00
Marek Marczykowski
1fda0502ab Check for invalid XID 2014-11-19 12:48:26 +01:00
Marek Marczykowski
895ca0633d Fix current memory reporting 2014-11-19 12:48:26 +01:00
Marek Marczykowski
4f090cdb5e pass VM name to guid via cmdline 2014-11-19 12:48:26 +01:00
Marek Marczykowski
3b5c89d9ce makefile: change build order
Move docs to the end of list - build errors in core code can be spotted
earlier.
2014-11-19 12:48:26 +01:00
Marek Marczykowski
107ebad9d5 Migration to libvirt - DispVM
Move DispVM creation to qfile-daemon-dvm/QubesDisposableVm from
qubes-restore. As actual restore is handled by libvirt, we don't get
much from separate qubes-restore process.
This code still needs some improvements, especially on performance.
2014-11-19 12:48:26 +01:00
Marek Marczykowski
f44dc40858 Migration to libvirt - HVM 2014-11-19 12:47:00 +01:00
Marek Marczykowski
f3a7d5f6e6 Remove debug_console QubesVm.start() argument
It isn't working for a long time, so remove it to not confuse reader.
2014-11-19 12:47:00 +01:00
Marek Marczykowski
a880483092 Migration to libvirt - core part
Still not all code migrated, added appropriate TODO/FIXME comments.
2014-11-19 12:47:00 +01:00
Marek Marczykowski
4a4fb5e243 qmemman: change process model from forking to single process + sd_notify
Forking daemon after initializing hypervisor connection can cause
problems (and actually does in case of libvirt).
To notify systemd when daemon is ready use notify socket (previously it
was termination of parent process).
2014-11-19 12:47:00 +01:00
Marek Marczykowski
b242680cc1 spec: fix typi in %post 2014-11-19 12:46:59 +01:00
Marek Marczykowski-Górecki
7fbbcd58bf dispvm: print diagnostics to stderr 2014-11-10 11:42:47 +01:00
Marek Marczykowski-Górecki
49ca49017e tests: DispVM tests 2014-11-10 11:42:30 +01:00
Marek Marczykowski-Górecki
256e35a62c tests: annotate qrexec EOF tests with expected failure
EOF transmission actually doesn't work in some cases in R2. It is rather
hard to change without introducing big changes (which we don't want to
do in R2). It should be fixed in R3.

BTW The said changes are in my qrexec-sockets branch in core-agent-linux
and linux-utils (then application should use shutdown(2) instead of
close). Alternatively qrexec-agent can use PAM directly (instead of
calling "su"). This is also implemented (pam branch in
core-agent-linux), but IMO it isn't the way to go (reimplementing "su"
in qrexec-agent code).
2014-11-10 02:28:18 +01:00
Marek Marczykowski-Górecki
19d064ca66 qvm-tools/qvm-run: do not echo empty line, remove unneeded imports 2014-11-10 02:25:27 +01:00
Marek Marczykowski-Górecki
ac155705d1 qvm-tools/qvm-run: remove --shutdown option
There is separate tool for this operation (qvm-shutdown). qvm-run
options related to shutdown (--wait, --force) can be confusing to the
user.
2014-11-10 02:24:43 +01:00
Marek Marczykowski-Górecki
1b99011bbb dispvm: use getopt to parse qubes-restore cmdline
It will ease further enhancements, especially adding additional options.
2014-11-04 02:55:35 +01:00
Marek Marczykowski-Górecki
fa6e6da211 tests: qrexec VM-VM EOF transmission tests
Similar to previous commit - test_053_qrexec_vm_service_eof_reverse
fails for now.
2014-10-30 06:37:41 +01:00
Marek Marczykowski-Górecki
d202ec7bc4 tests: qrexec EOF transmission tests
Currently EOF VM->dom0 test fails...
2014-10-29 22:00:20 +01:00
Marek Marczykowski-Górecki
c3b0b4f75f tests: separate test for qrexec "loopback" call 2014-10-29 21:38:54 +01:00
Marek Marczykowski-Górecki
91425d2e0b version 2.1.64 2014-10-25 01:46:58 +02:00
Marek Marczykowski-Górecki
9e62b77ecd rpm: require qubes-core-dom0-linux >= 2.0.24 for qrexec '-q' option 2014-10-25 01:46:26 +02:00
Marek Marczykowski-Górecki
aa958eeff6 core: really quiet mode if vm.start()
Pass '-q' option to gui-daemon and qrexec-daemon.
2014-10-25 01:45:01 +02:00
Marek Marczykowski-Górecki
247cff335f core: fix race condition in qubes.xml locking (#906)
QubesVmCollection.save() overrides qubes.xml by creating new file, then
renaming it over the old one. If any process has that (old) file open
at the same time - especially while waiting on lock_db_for_writing() -
it will end up in accessing old, already unlinked file.

The exact calls would look like:
P1                                      P2
lock_db_for_writing
  fd = open('qubes.xml')
  fcntl(fd, F_SETLK, ...)

                                      lock_db_for_writing
                                          fd = open('qubes.xml')
                                          fcntl(fd, F_SETLK, ...)
...
save():
    open(temp-file)
    write(temp-file, ...)
    ...
    flush(temp-file)
    rename(temp-file, 'qubes.xml')
    close(fd) // close old file

                                      lock_db_for_writing succeed
                                      *** fd points at already unlinked
                                          file
unlock_db
    close(qubes.xml)

To fix that problem, added a check if (already locked) file is still the
same as qubes.xml.
2014-10-22 03:53:30 +02:00
Marek Marczykowski-Górecki
9324cdb175 tests: add test for race condition during VM creation (#906) 2014-10-22 03:52:43 +02:00
Marek Marczykowski-Górecki
d5817eb6c5 tests: add some basic tests for running VM, qrexec, GUI 2014-10-22 02:14:25 +02:00
Victor Lopez
bf2173073b Linux VM specific: maxmem limited by init mem
Check maxmem taking into account the minimum init memory that allows
that requested maximum memory.

Explanation:
Linux kernel needs space for memory-related structures created at boot.
If init_mem is just 400MB, then max_mem can't balloon above 4.3GB (at
which poing it yields "add_memory() failed: -17" messages and apps
crash), regardless of the max_mem_size value.

Based on Marek's findings and my tests on a 16GB PC, using several
processes like:
   stress -m 1 --vm-bytes 1g --vm-hang 100

result in the following points:
init_mem  ==> actual max memory
400             4300
700             7554
800             8635
1024            11051
1200            12954
1300            14038
1500            14045 <== probably capped on my 16GB system

The actual ratio of max_mem_size/init_mem is surprisingly constant at
10.79

If less init memory is set than that ratio allows, then the set
maxmem is unreachable and the VM becomes unstable (app crashes)

Based on qubes-devel discussion titled "Qubes Dom0 init memory against
Xen best practices?" at:
https://groups.google.com/d/msg/qubes-devel/VRqkFj1IOtA/UgMgnwfxVSIJ
2014-10-06 04:02:07 +02:00
Marek Marczykowski-Górecki
a457a3e5ca tests: initial VM mgmt tests 2014-10-02 10:56:04 +02:00
Marek Marczykowski-Górecki
c58fc767a3 tests: fix test_r1 backup test 2014-10-02 02:38:51 +02:00
Marek Marczykowski-Górecki
8193d3dd61 tests: add test restore of R1 backup 2014-10-01 05:42:33 +02:00
Marek Marczykowski-Górecki
bd4cd9baa2 tests: minor improvements to backupcompatibility/test_r2b2 2014-10-01 05:36:47 +02:00
Marek Marczykowski-Górecki
58586a0e38 tests: add test for restoring R2B2 backup
One of "format 1" backup.
2014-10-01 03:50:56 +02:00
Marek Marczykowski-Górecki
19d4bc300e tests: add test for sending a backup to VM 2014-10-01 03:50:55 +02:00
Marek Marczykowski-Górecki
ed15e15f50 core: make create_on_disk verbose parameter optional 2014-10-01 03:50:55 +02:00
Marek Marczykowski-Górecki
ed0eabb482 backups: use default kernel if saved one is not installed 2014-10-01 03:50:50 +02:00
Marek Marczykowski-Górecki
55d89698a3 backups: minor fixes 2014-09-28 03:20:47 +02:00
Marek Marczykowski-Górecki
77da00e3ca backups: fix handling incomplete restore
We do not cancel the whole restore at first error.
2014-09-28 03:20:40 +02:00
Marek Marczykowski-Górecki
b6e60f9aa4 tests: no longer mark "encrypted and compressed backup" test as expected failure 2014-09-26 14:42:58 +02:00
Marek Marczykowski-Górecki
3f66d99f7f tests: silence unneeded messages (requires qubes-core-dom0-linux-2.0.24) 2014-09-26 14:42:26 +02:00
Marek Marczykowski-Górecki
d5c63786d9 tests: improve error reporting in backup tests 2014-09-26 14:42:26 +02:00
Marek Marczykowski-Górecki
6d3ff57466 tests: add more tests for backups system 2014-09-26 14:42:26 +02:00
Marek Marczykowski-Górecki
96d5b47cce qvm-tools/qvm-backup: add --debug option 2014-09-26 14:42:25 +02:00
Marek Marczykowski-Górecki
0cd8281ac1 backups: implement compression in backup format 3 (#775)
Since tar multi-archive no longer used, we can simply instruct tar to
pipe output through gzip (or whatever compressor we want). Include used
compressor command in backup header.
2014-09-26 14:42:07 +02:00
Marek Marczykowski-Górecki
fc0c0adff8 backups: do not use tar multi-volume feature, backup format 3 (#902)
Tar multi-volume support is broken when used with sparse files[1], so do
not use it. Instead simply cut the archive manually and concatenate at
restore time. This change require a little modification in restore
process, so make this new backup format ("3"). Also add backup format
version to the header, instead of some guessing code.
For now only cleartext and encrypted backups implemented, compression
will come as a separate commit.
2014-09-26 14:29:20 +02:00
Marek Marczykowski-Górecki
2c3159c7f9 backups: remove trailing semicolon 2014-09-26 03:19:21 +02:00
Marek Marczykowski-Górecki
58128a574a backups: force ASCII when writing backup header 2014-09-26 02:18:47 +02:00