Commit Graph

326 Commits

Author SHA1 Message Date
Marek Marczykowski
7dca7a5a32 Support for backup standalone VMs (add root.img, apps/); add firewall.xml to backup 2011-03-24 21:37:30 -04:00
Marek Marczykowski
8bdbed7bb8 Fix error handling in qvm-backup-restore 2011-03-24 21:35:46 -04:00
Marek Marczykowski
4723b9e2ef Template name change option, reset config files, standalone vm restore (#103)
Recreate config file when requested but also when template name changed.
Restore full AppVM dir from backup - not only selected files.
2011-03-24 21:34:04 -04:00
Marek Marczykowski
d87265851c Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
57fd6c49bb Removed obsolete code, dom0 side
Just like the previous commit, it is related to switch to
qrexec-based file copy.
2011-03-24 17:18:10 +01:00
Rafal Wojtczuk
fcfc1c498d Change permissions on Dispvm template files only if we are root
Otherwise, it makes no sense, and thus we do not unnecessarily
warn.
2011-03-24 16:57:43 +01:00
Rafal Wojtczuk
4401c5a2cb Limit Dispvm to 1 vcpu
Because a restored domain with multiple cpus, ehrrm, hardly works,
at least with current Xen+kernel combination.
2011-03-24 16:53:40 +01:00
Marek Marczykowski
7f94cf2709 Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge 2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a Cmdline tool to grow private.img (#5) 2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6 qvm-create-default-dvm: fix permissions after creating savefile
So, savefile.img and netvm_id.txt are correctly owned as well.
2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath
QubesVm constructor does not like it.
2011-03-23 13:26:39 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9 Fix permissions on the dvm template directory.
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f block.qubes: pass arguments correctly to other scripts 2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118)
And do not call it twice...
2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118)
"tar x" is much faster than cp on sparse file
2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5 qvm-backup-{,restore} - support for standalone VMs
Backup root.img instead of (non-existing) root-cow.img
2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118)
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98)
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template
Missing netvms_conf_file parameter in template
2011-03-16 13:38:16 -04:00
Marek Marczykowski
2b78538376 Merge git://git.qubes-os.org/joanna/core 2011-03-16 11:29:55 -04:00
Marek Marczykowski
5e2dd1c6ce Revert "Do not add new vm to xen storage in qvm-create - it is done by core"
This reverts commit 72ddb5aae1.
2011-03-16 11:44:25 +01:00
Marek Marczykowski
72ddb5aae1 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-16 11:41:18 +01:00
Marek Marczykowski
5acc4610b4 Allow installed_by_rpm=False in NetVM and ProxyVM 2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731 Create NetVM xen config from separate template (netvm-template.conf) 2011-03-16 11:41:18 +01:00
Joanna Rutkowska
fa7e13c602 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 22:57:27 +01:00
Marek Marczykowski
63b06516b7 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-15 18:51:31 +01:00
Marek Marczykowski
14c48f5253 Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08' 2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5 Allow labels for NetVM/ProxyVM. Require it in qvm-create. 2011-03-15 18:28:28 +01:00
Joanna Rutkowska
5e1a808648 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 18:16:33 +01:00
Marek Marczykowski
588f4b91c8 Fix Firewall -> Proxy... 2011-03-15 17:40:23 +01:00
Rafal Wojtczuk
8ce0e0f39b Fixed permissions of qfile-daemon 2011-03-15 16:48:17 +01:00
Rafal Wojtczuk
84b1a186ff Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Joanna Rutkowska
f83daa49f9 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core 2011-03-14 22:44:04 +01:00
Tomasz Sterna
d82001819d Properly call QubesProxyVm superclass 2011-03-14 20:57:08 +01:00
Tomasz Sterna
00ba6dd5b7 Properly find root netvm in netvm chain 2011-03-14 20:44:17 +01:00
Tomasz Sterna
c92a2bf25f Properly create default firewall configuration 2011-03-14 20:43:56 +01:00
Joanna Rutkowska
b8d98403ff Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-14 13:15:48 +01:00
Rafal Wojtczuk
5d3c43e4fa created qfile-daemon-dvm
Mostly code from qfilexchgd; it will be removed soon.
2011-03-14 10:43:09 +01:00
Marek Marczykowski
d6181d21cf Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a'
Conflicts:
	dom0/qvm-core/qubes.py
	fwvm/init.d/qubes_firewall
2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e Revert "Requiest external_ip permission at start, not create"
This reverts commit 53b8e5aacf.
2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564 Use DNS IPs in firewall rules 2011-03-11 19:39:26 +01:00
Marek Marczykowski
2a72b293c4 ProxyVM type in qvm-ls 2011-03-11 02:44:11 +01:00
Marek Marczykowski
53b8e5aacf Requiest external_ip permission at start, not create 2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87 Missing coma 2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911 Check if netvm is set for ProxyVM before using it... 2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879 Store default_fw_netvm in qubes.xml 2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1 Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM 2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841 arameters for add_new_*, variables loaded from qubes.xml
Cow based VMs doesn't have root_img param, but private_img.
2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215 Swap COW for all CowVMs, not only AppVM 2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0 'templete' typo again 2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed qvm-create: support for netvm and proxyvm
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-prefs
	dom0/qvm-tools/qvm-template-commit
2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35 Fix AppVm constructior 2011-03-09 15:24:54 +01:00
Rafal Wojtczuk
a7cc09071f Make qubes_restore rexec-aware. 2011-03-08 13:03:55 +01:00
Rafal Wojtczuk
eb7821771e In qvm-start, check $DISPLAY existence, too. 2011-03-07 16:05:36 +01:00
Rafal Wojtczuk
62d0127647 Integrate qrexec with qvm-run. 2011-03-07 15:58:04 +01:00
Marek Marczykowski
c1bd86142c NetVM and ProxyVM based on template: part 1 (core) 2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755 Fix typo 'templete' 2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f Update firewall iptables file during VM start 2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372 Implemented iptables rules file generator 2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0 Store firewal rules in Python data structure 2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda Properly set FwVM xenstore files 2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53 Removed trailing whitespace 2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5 Implemented firewall_conf storage 2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f Fixed setting netvm of FWVM 2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f Refactored QubesVm.is_*vm() methods 2011-03-06 14:06:24 +01:00
Tomasz Sterna
cba89a8747 Show FirewallVMs in qvm-ls 2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea Implemented QubesFirewallVm subclass of QubesNetVm 2011-03-06 14:06:24 +01:00
Marek Marczykowski
24c0778154 gitignore files - add build products 2011-03-06 14:06:24 +01:00
Marek Marczykowski
b778fa3210 Add typo in qvm-template-commit
As in original classes...
2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-06 14:06:15 +01:00
Rafal Wojtczuk
d6f327492d Start qrexec daemon and agent 2011-03-04 17:19:51 +01:00
Tomasz Sterna
a8cef51b67 Use new, simplified firewall rules data scheme 2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f Update firewall iptables file during VM start 2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713 Implemented iptables rules file generator 2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d Store firewal rules in Python data structure 2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186 Properly set FwVM xenstore files 2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258 Removed trailing whitespace 2011-03-02 15:00:19 +01:00
Marek Marczykowski
c3bf11062f gitignore files - add build products 2011-03-02 11:58:22 +01:00
Marek Marczykowski
143f1519a8 Add typo in qvm-template-commit
As in original classes...
2011-03-02 11:52:19 +01:00
Marek Marczykowski
6db640dbfe Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126 Implemented firewall_conf storage 2011-02-21 18:13:27 +01:00
Tomasz Sterna
a088e14244 Fixed setting netvm of FWVM 2011-02-11 00:34:46 +01:00
Tomasz Sterna
053ca36ca8 Refactored QubesVm.is_*vm() methods 2011-02-11 00:34:46 +01:00
Tomasz Sterna
4297c1284a Show FirewallVMs in qvm-ls 2011-02-09 21:21:41 +01:00
Tomasz Sterna
8c82361f5e Implemented QubesFirewallVm subclass of QubesNetVm 2011-02-09 21:21:14 +01:00
Joanna Rutkowska
a5c4a1626e qvm-backup-restore: support for --skip-conflicting option 2010-12-18 07:25:47 +01:00
Joanna Rutkowska
751e0b380a qvm-backup: support --exclude option 2010-11-28 16:30:26 +01:00
Rafal Wojtczuk
1fccf9c309 Use delayed_transaction_seq from sender, not receiver.
Apparently, qvm-copy-to-vm when receiver already has an incoming pendrive
worked only by coincidence.
2010-10-28 12:39:03 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string.
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
18dc0b67c7 dom0: do not do mem-set for dom0 in init.d/qubes_core 2010-10-04 15:20:41 +02:00
Joanna Rutkowska
e91ee0acb3 dom0 init.d/qubes_core: kill some processes on stop() 2010-10-04 15:20:09 +02:00
Rafal Wojtczuk
862bd1f11c DVM: do not mem-set 400
qmemman will do the job automagically.
2010-09-30 18:26:35 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
ece96ba3fb Make qfilexchgd listen for change in /vm to detect vm start/stop
... instead of watching /local/domain, which changes whenever meminfo-wwriter
pushes data.
2010-09-27 17:42:34 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Rafal Wojtczuk
2244ea95bf Separate create_config_file() function in qubes.py 2010-09-27 16:53:17 +02:00
Joanna Rutkowska
ba59ac733e Merge branch 'qmemman' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/qvm-core/qubes.py
2010-09-23 12:31:25 +02:00
Rafal Wojtczuk
11eafede31 Make qubes_prepare_saved_domain.sh output less scary for [normal] users 2010-09-22 11:15:22 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
7aa55affcf renamed: qubes_dvm -> qubes_setupdvm 2010-09-22 10:22:45 +02:00
Rafal Wojtczuk
2a4abafd1b Removed empty function from qubes_dvm 2010-09-22 10:21:54 +02:00
Rafal Wojtczuk
4e067aa503 Slightly change the savefile update notification message. 2010-09-21 22:28:14 +02:00
Rafal Wojtczuk
c0656720ab DVM: if needed, qfileexchgd will recreate DVM savefile
It would be nice to have some progress notification, as dvm setup is
slow.
2010-09-21 22:23:38 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Rafal Wojtczuk
c22a6ebb84 DVM: make qvm-get-default-template use the default template, if asked
Via options --default-template and --default-script
2010-09-21 18:40:15 +02:00
Rafal Wojtczuk
c0cac005ec Tiny logging fix in qfileexchgd
...that is impossible to happen, naturally.
2010-09-21 16:00:40 +02:00
Rafal Wojtczuk
ca1122cd6a Add QubesDisposableVm and use class 2010-09-21 15:59:22 +02:00
Rafal Wojtczuk
6afdffa96f qvm-dom0-network-via-netvm script (ticket #20) 2010-09-21 13:36:46 +02:00
Rafal Wojtczuk
885d747272 qmmemman: force static_memory_max to be as much as total RAM
Not including netvm, it causes some issues with it.
2010-09-20 11:24:56 +02:00
Joanna Rutkowska
4e7ce5f90c qubes.py: another small fix to QubesHost :) 2010-09-16 20:11:35 +02:00
Joanna Rutkowska
8292c25713 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-16 20:01:40 +02:00
Joanna Rutkowska
157a18c244 qubes.py: a small fix to QubesHost 2010-09-16 18:47:05 +02:00
Joanna Rutkowska
268789fc4c dom0/qvm-core/qubes.py: added QubesHost class 2010-09-16 17:52:52 +02:00
Rafal Wojtczuk
c411519220 qmemman: do not trim the mem-set value too much
We used to mem-set the domain to 0.995*calculated_value; 5 promils of 4GB
is ca 19MB, and it is too visible. Use 0.999 instead of 0.995
2010-09-16 16:40:09 +02:00
Rafal Wojtczuk
eea01fba3b qmemman: in is_balance_req_significant(), account for Xen free memory 2010-09-16 16:00:07 +02:00
Rafal Wojtczuk
e476531b0e Leave XEN_FREE_MEM_LEFT of Xen free memory.
Needed for driver domain, to be able to get contiguous memory for
its drivers.
2010-09-16 15:57:11 +02:00
Joanna Rutkowska
0f1700ef3d Merge branch 'comment1' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/restore/qubes_restore.c
2010-09-16 15:55:35 +02:00
Joanna Rutkowska
70f8a7401c Make 'make clean' clean all the object files 2010-09-15 15:36:04 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
0c1f21a28e qmemman: when a AppVM is low on memory, allow small adjustments
A small AppVM (say, with 100MB total) can go below prefmem, and
still not be assigned memory, because of the MIN_TOTAL_MEMORY_TRANSFER
threshold.
So, if AppVM is below prefmem, allow for smaller mem-sets.
2010-09-10 11:35:30 +02:00
Rafal Wojtczuk
f6e3607d2d qmemman: offload some processing to meminfo-writer
Make meminfo-writer compute used memory, and report to qmemman only if
it has changed significantly enough. As it is written in C, its code is
much faster that qmemman-server; also in the idle case, it saves on xenstore
communication overhead. Allows to send updates up to 10 times per second,
with CPU load on the VM below 0.1%.
2010-09-09 17:51:53 +02:00
Rafal Wojtczuk
51e14fc8bb qmemman: trigger do_balance() on receiving /proc/meminfo data 2010-09-09 12:36:18 +02:00
Rafal Wojtczuk
f4e46b63a4 qmemman: in client code, set FD_CLOEXEC on qmmemman.socket 2010-09-09 12:33:48 +02:00
Rafal Wojtczuk
7545789a26 qmemman: now parse_meminfo takes a single argument 2010-09-09 11:30:02 +02:00
Rafal Wojtczuk
9c609a23bf qmemman: move /proc/meminfo parsing to qmemman_algo
Just cosmetics, to make code layout more coherent.
2010-09-09 11:24:04 +02:00
Rafal Wojtczuk
24b3baf063 qmemman: use 'Memtotal' from /proc/meminfo to calculate used memory
Previously, memory_actual (retrieved from xen) was used; it can be inconsistent.
'Memtotal' can be spoofed, but anyway we rely on other fields from /proc/meminfo.
2010-09-09 11:08:20 +02:00