Commit Graph

214 Commits

Author SHA1 Message Date
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-prefs
	dom0/qvm-tools/qvm-template-commit
2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35 Fix AppVm constructior 2011-03-09 15:24:54 +01:00
Rafal Wojtczuk
a7cc09071f Make qubes_restore rexec-aware. 2011-03-08 13:03:55 +01:00
Rafal Wojtczuk
eb7821771e In qvm-start, check $DISPLAY existence, too. 2011-03-07 16:05:36 +01:00
Rafal Wojtczuk
62d0127647 Integrate qrexec with qvm-run. 2011-03-07 15:58:04 +01:00
Marek Marczykowski
c1bd86142c NetVM and ProxyVM based on template: part 1 (core) 2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755 Fix typo 'templete' 2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f Update firewall iptables file during VM start 2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372 Implemented iptables rules file generator 2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0 Store firewal rules in Python data structure 2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda Properly set FwVM xenstore files 2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53 Removed trailing whitespace 2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5 Implemented firewall_conf storage 2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f Fixed setting netvm of FWVM 2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f Refactored QubesVm.is_*vm() methods 2011-03-06 14:06:24 +01:00
Tomasz Sterna
cba89a8747 Show FirewallVMs in qvm-ls 2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea Implemented QubesFirewallVm subclass of QubesNetVm 2011-03-06 14:06:24 +01:00
Marek Marczykowski
24c0778154 gitignore files - add build products 2011-03-06 14:06:24 +01:00
Marek Marczykowski
b778fa3210 Add typo in qvm-template-commit
As in original classes...
2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-06 14:06:15 +01:00
Rafal Wojtczuk
d6f327492d Start qrexec daemon and agent 2011-03-04 17:19:51 +01:00
Tomasz Sterna
a8cef51b67 Use new, simplified firewall rules data scheme 2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f Update firewall iptables file during VM start 2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713 Implemented iptables rules file generator 2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d Store firewal rules in Python data structure 2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186 Properly set FwVM xenstore files 2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258 Removed trailing whitespace 2011-03-02 15:00:19 +01:00
Marek Marczykowski
c3bf11062f gitignore files - add build products 2011-03-02 11:58:22 +01:00
Marek Marczykowski
143f1519a8 Add typo in qvm-template-commit
As in original classes...
2011-03-02 11:52:19 +01:00
Marek Marczykowski
6db640dbfe Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126 Implemented firewall_conf storage 2011-02-21 18:13:27 +01:00
Tomasz Sterna
a088e14244 Fixed setting netvm of FWVM 2011-02-11 00:34:46 +01:00
Tomasz Sterna
053ca36ca8 Refactored QubesVm.is_*vm() methods 2011-02-11 00:34:46 +01:00
Tomasz Sterna
4297c1284a Show FirewallVMs in qvm-ls 2011-02-09 21:21:41 +01:00
Tomasz Sterna
8c82361f5e Implemented QubesFirewallVm subclass of QubesNetVm 2011-02-09 21:21:14 +01:00
Joanna Rutkowska
a5c4a1626e qvm-backup-restore: support for --skip-conflicting option 2010-12-18 07:25:47 +01:00
Joanna Rutkowska
751e0b380a qvm-backup: support --exclude option 2010-11-28 16:30:26 +01:00
Rafal Wojtczuk
1fccf9c309 Use delayed_transaction_seq from sender, not receiver.
Apparently, qvm-copy-to-vm when receiver already has an incoming pendrive
worked only by coincidence.
2010-10-28 12:39:03 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string.
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
18dc0b67c7 dom0: do not do mem-set for dom0 in init.d/qubes_core 2010-10-04 15:20:41 +02:00
Joanna Rutkowska
e91ee0acb3 dom0 init.d/qubes_core: kill some processes on stop() 2010-10-04 15:20:09 +02:00
Rafal Wojtczuk
862bd1f11c DVM: do not mem-set 400
qmemman will do the job automagically.
2010-09-30 18:26:35 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
ece96ba3fb Make qfilexchgd listen for change in /vm to detect vm start/stop
... instead of watching /local/domain, which changes whenever meminfo-wwriter
pushes data.
2010-09-27 17:42:34 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Rafal Wojtczuk
2244ea95bf Separate create_config_file() function in qubes.py 2010-09-27 16:53:17 +02:00
Joanna Rutkowska
ba59ac733e Merge branch 'qmemman' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/qvm-core/qubes.py
2010-09-23 12:31:25 +02:00
Rafal Wojtczuk
11eafede31 Make qubes_prepare_saved_domain.sh output less scary for [normal] users 2010-09-22 11:15:22 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
7aa55affcf renamed: qubes_dvm -> qubes_setupdvm 2010-09-22 10:22:45 +02:00
Rafal Wojtczuk
2a4abafd1b Removed empty function from qubes_dvm 2010-09-22 10:21:54 +02:00
Rafal Wojtczuk
4e067aa503 Slightly change the savefile update notification message. 2010-09-21 22:28:14 +02:00
Rafal Wojtczuk
c0656720ab DVM: if needed, qfileexchgd will recreate DVM savefile
It would be nice to have some progress notification, as dvm setup is
slow.
2010-09-21 22:23:38 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Rafal Wojtczuk
c22a6ebb84 DVM: make qvm-get-default-template use the default template, if asked
Via options --default-template and --default-script
2010-09-21 18:40:15 +02:00
Rafal Wojtczuk
c0cac005ec Tiny logging fix in qfileexchgd
...that is impossible to happen, naturally.
2010-09-21 16:00:40 +02:00
Rafal Wojtczuk
ca1122cd6a Add QubesDisposableVm and use class 2010-09-21 15:59:22 +02:00
Rafal Wojtczuk
6afdffa96f qvm-dom0-network-via-netvm script (ticket #20) 2010-09-21 13:36:46 +02:00
Rafal Wojtczuk
885d747272 qmmemman: force static_memory_max to be as much as total RAM
Not including netvm, it causes some issues with it.
2010-09-20 11:24:56 +02:00
Joanna Rutkowska
4e7ce5f90c qubes.py: another small fix to QubesHost :) 2010-09-16 20:11:35 +02:00
Joanna Rutkowska
8292c25713 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-16 20:01:40 +02:00
Joanna Rutkowska
157a18c244 qubes.py: a small fix to QubesHost 2010-09-16 18:47:05 +02:00
Joanna Rutkowska
268789fc4c dom0/qvm-core/qubes.py: added QubesHost class 2010-09-16 17:52:52 +02:00
Rafal Wojtczuk
c411519220 qmemman: do not trim the mem-set value too much
We used to mem-set the domain to 0.995*calculated_value; 5 promils of 4GB
is ca 19MB, and it is too visible. Use 0.999 instead of 0.995
2010-09-16 16:40:09 +02:00
Rafal Wojtczuk
eea01fba3b qmemman: in is_balance_req_significant(), account for Xen free memory 2010-09-16 16:00:07 +02:00
Rafal Wojtczuk
e476531b0e Leave XEN_FREE_MEM_LEFT of Xen free memory.
Needed for driver domain, to be able to get contiguous memory for
its drivers.
2010-09-16 15:57:11 +02:00
Joanna Rutkowska
0f1700ef3d Merge branch 'comment1' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/restore/qubes_restore.c
2010-09-16 15:55:35 +02:00
Joanna Rutkowska
70f8a7401c Make 'make clean' clean all the object files 2010-09-15 15:36:04 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
0c1f21a28e qmemman: when a AppVM is low on memory, allow small adjustments
A small AppVM (say, with 100MB total) can go below prefmem, and
still not be assigned memory, because of the MIN_TOTAL_MEMORY_TRANSFER
threshold.
So, if AppVM is below prefmem, allow for smaller mem-sets.
2010-09-10 11:35:30 +02:00
Rafal Wojtczuk
f6e3607d2d qmemman: offload some processing to meminfo-writer
Make meminfo-writer compute used memory, and report to qmemman only if
it has changed significantly enough. As it is written in C, its code is
much faster that qmemman-server; also in the idle case, it saves on xenstore
communication overhead. Allows to send updates up to 10 times per second,
with CPU load on the VM below 0.1%.
2010-09-09 17:51:53 +02:00
Rafal Wojtczuk
51e14fc8bb qmemman: trigger do_balance() on receiving /proc/meminfo data 2010-09-09 12:36:18 +02:00
Rafal Wojtczuk
f4e46b63a4 qmemman: in client code, set FD_CLOEXEC on qmmemman.socket 2010-09-09 12:33:48 +02:00
Rafal Wojtczuk
7545789a26 qmemman: now parse_meminfo takes a single argument 2010-09-09 11:30:02 +02:00
Rafal Wojtczuk
9c609a23bf qmemman: move /proc/meminfo parsing to qmemman_algo
Just cosmetics, to make code layout more coherent.
2010-09-09 11:24:04 +02:00
Rafal Wojtczuk
24b3baf063 qmemman: use 'Memtotal' from /proc/meminfo to calculate used memory
Previously, memory_actual (retrieved from xen) was used; it can be inconsistent.
'Memtotal' can be spoofed, but anyway we rely on other fields from /proc/meminfo.
2010-09-09 11:08:20 +02:00
Rafal Wojtczuk
5a33ed71ce qmemman: use the fact that balloon driver retries
Apparently even if there is not enough xen memory to balloon up,
balloon driver will try to fulfill the request later, when
some memory is freed. Thus, in do_balloon, do not limit mem_set
to the available memory.
2010-09-09 10:36:13 +02:00
Rafal Wojtczuk
87d1e973c7 qmemman: print balance stats only when updating 2010-09-09 10:29:35 +02:00
Rafal Wojtczuk
8d377d19dc DVM: added missing fix_savefile_all 2010-09-07 17:45:52 +02:00
Rafal Wojtczuk
6472e8c926 DVM: fix savefile to contain ip address
needed for routed networking
2010-09-07 17:36:28 +02:00
Rafal Wojtczuk
2dd9bab23a DVM: add --dvm option to qvm-start
Currently it only forces to use a fake IP address, which can be
replaced during restore time.
2010-09-07 16:15:24 +02:00
Rafal Wojtczuk
5be12f8459 qmemman: switch off memory balancing when doing xm save
Apparently, it interferes:
INFO (XendCheckpoint:417) ERROR Internal error: Could not get vcpu context
INFO (XendCheckpoint:417) ERROR Internal error: Failed to map/save the p2m frame list
2010-09-07 16:00:14 +02:00
Rafal Wojtczuk
11abef3439 qmemman: xc.domain_set_target_mem can throw exceptions, too 2010-09-07 13:10:48 +02:00
Rafal Wojtczuk
a013973806 Use vif-route-qubes. 2010-09-06 17:24:12 +02:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging)
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
22df517425 qmemman: detect domain list change by watching /vm, not /local/domain
The latter triggers on every memory/meminfo key update, which needlessly
adds xenstore requests.
2010-09-06 10:46:36 +02:00
Rafal Wojtczuk
7dcb7cb196 qmemman: don't use xenapi, use hypercalls to do mem-set 2010-09-03 16:19:48 +02:00