Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,525 Commits 1 Branch 0 Tags 20 MiB
b87806db17
Commit Graph

403 Commits

Author SHA1 Message Date
Marek Marczykowski
1a33746ab4 dom0/qubesutils: move qvm-backup-restore code to qubesutils (#421) 2012-02-10 10:56:03 +01:00
Marek Marczykowski
19a0292897 dom0/qubesutils: move printing functions to the beggining 2012-02-10 10:54:18 +01:00
Marek Marczykowski
c766282d2d dom0: minor get_start_time fix 2012-02-07 23:17:53 +01:00
Marek Marczykowski
5dd17a7305 dom0/qubesutils: minor fixes 2012-02-07 16:51:10 +01:00
Marek Marczykowski
24173989b3 dom0/qvm-tools: move qvm-backup logic to qubesutils (#421) 2012-02-07 16:50:52 +01:00
Marek Marczykowski
3a71716db3 dom0/ClockVM: disable ntpd in ClockVM (#435) 
To not conflict with ntpdate (both are using 123/udp port).
 2012-02-01 17:51:41 +01:00
Marek Marczykowski
2aedf4567b dom0/qubesutils: additional types of run comand in vm (wait and popen) 2012-02-01 17:09:48 +01:00
Marek Marczykowski
2897a795c4 dom0/vm: set VM timezone same as in dom0 - on VM boot (#413) 2012-01-18 16:59:58 +01:00
Marek Marczykowski
bdfacf9d01 dom0: enable qubes-dvm service when preparing DispVM 2012-01-14 01:34:35 +01:00
Marek Marczykowski
b77e48f688 dom0: do not start gui daemon when preparing DispVM 2011-12-27 15:37:23 +01:00
Marek Marczykowski
4d128dd020 dom0: fix removing "special" VM (eg ClockVM) 
Unset collection pointer to some special VMs, when it is removed: ClockVM,
default NetVM, default TemplateVM, UpdateVM
 2011-12-23 17:10:32 +01:00
Marek Marczykowski
d84d64716b dom0: start guid only when shm.id present 
Eg. not during firstboot
 2011-12-11 14:09:46 +01:00
Marek Marczykowski
f03152053b dom0: check if X server is available before starting guid (#377) 2011-12-05 13:42:07 +01:00
Marek Marczykowski
99ffed089c dom0: start guid as soon as possible (#377) 2011-12-05 13:36:13 +01:00
Marek Marczykowski
4a6447f11b dom0/qvm-run: fix tray notify 2011-11-02 00:46:57 +01:00
Marek Marczykowski
c0c64ecdc5 dom0: add VM rename support (#371) 2011-11-02 00:39:23 +01:00
Marek Marczykowski
134af81b3b dom0: move remove_appmenus to separate subroutine 2011-11-01 23:42:13 +01:00
Marek Marczykowski
12b8ff7d17 dom0: store relative paths in qubes.xml when possible 2011-11-01 23:33:20 +01:00
Marek Marczykowski
47ad186926 dom0: set firewall to block-all when setting netvm to none (#370) 2011-11-01 15:50:03 +01:00
Marek Marczykowski
870dea1502 dom0/qvm-run: move run code to qubesutils 2011-10-31 13:31:54 +01:00
Marek Marczykowski
a4e11dedd9 dom0/DispVM: inherit firewall from calling VM (#370) 2011-10-31 01:29:46 +01:00
Marek Marczykowski
99c0356bf2 dom0: set first NetVM as ClockVM 2011-10-17 23:20:21 +02:00
Marek Marczykowski
db3ab9333a dom0/qvm-shutdown: increase timeout to 60s (#373) 2011-10-17 23:14:26 +02:00
Marek Marczykowski
c43a62e0bb dom0/qvm-shutdown: implement --wait in qvm-shutdown 2011-10-17 23:14:19 +02:00
Marek Marczykowski
3063ef35b7 dom0: move NetVM shutdown sanity check code to qvm-core 2011-10-17 22:45:04 +02:00
Marek Marczykowski
abcd6416fc dom0: move shutdown to qvm-core 2011-10-14 11:59:33 +02:00
Marek Marczykowski
ede96353af dom0/qrexec: Add always allow option in qrexec confirmation dialog (#278) 2011-10-12 00:08:28 +02:00
Marek Marczykowski
bc47334d21 dom0: fix cleanup_vif 2011-10-10 17:11:00 +02:00
Marek Marczykowski
e1ccda362c dom0/qvm-core: release lock in VM.start() right before starting qrexec (#344) 2011-10-10 11:23:14 +02:00
Marek Marczykowski
05605f1394 dom0/qvm-core: ignore template_vm=None when loading qubes.xml 
This should result in more elegant error message in case of error in qubes.xml.
 2011-10-07 21:46:27 +02:00
Marek Marczykowski
98827c7020 dom0/qvm-core: output messages to stderr (#276) 2011-10-07 21:40:29 +02:00
Marek Marczykowski
053944470c dom0: improve vif cleanup 
Just remove dead devices from xenstore, there is no point in waiting for its
shutdown (which 'xl' does) as backend domain is dead.
 2011-10-03 22:54:45 +02:00
Marek Marczykowski
600877b830 dom0: use default values for values not present in qubes.xml 
Do not set them to None. This should improve compatibility with older versions of qubes.xml
 2011-10-01 10:33:25 +02:00
Marek Marczykowski
f0038d2ec7 dom0: typo fix in default_fw_netvm saving 2011-10-01 02:55:22 +02:00
Marek Marczykowski
3c7f8b97cd dom0: return datatime value in get_start_time (#315) 2011-10-01 02:54:18 +02:00
Marek Marczykowski
7ae0c52e6d dom0: introduce ClockVM - timesource for dom0 (#361) 2011-10-01 02:54:00 +02:00
Marek Marczykowski
287da572e9 dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0 
This allows control which services are started in VM by dom0. For some
situation vm_type was used, but it isn't enough - i.e. ntpd should be started
in one, selected NetVM.
 2011-10-01 02:49:25 +02:00
Marek Marczykowski
aa08f555c3 dom0+vm: minor fixes in qvm-block scripts 2011-09-30 11:20:03 +02:00
Marek Marczykowski
5fc5301cee Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-09-30 10:46:04 +02:00
Marek Marczykowski
e3993ca5f9 dom0: qvm-block tool, new qubesutils python module (#226) 2011-09-29 13:56:22 +02:00
Marek Marczykowski
6b885bd361 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Joanna Rutkowska
59f71f634a dom0: Fix xenstore permissions qubes_netvm_external_ip 
We should ensure that the first expression in the permisions list
is nX, where X is the owning domain, and not rX or wX, as otherwise
we would be granting all other VMs read access to the key.

This is explained in more detail here:

http://wiki.xensource.com/xenwiki/XenBus

In practice the perms problem applied only to the qubes_netvm_external_ip key
that is exposed by each NetVM to corresponding Proxy VMs. Before this fix,
the key was readable by any VM in the system, which might not be desired in some
more advanced networking setups, such as with Tor Proxy VM.
 2011-09-26 17:24:11 +02:00
Marek Marczykowski
0ce7336cad dom0: Distinguish 'Halting','Crashed' state from simple 'Halted' (#314) 2011-09-13 18:39:09 +02:00
Joanna Rutkowska
f2770e2d03 dom0: Fix create_xenstore_entries in other classes to not require xid argument 2011-09-09 18:49:15 +02:00
Marek Marczykowski
2319083631 dom0: use default kernel opts when custom opts isn't set 
This can happen after rpm upgrade.
 2011-09-09 14:24:17 +02:00
Joanna Rutkowska
89d532ef11 dom0: qubes.py: do not use pci=nomsi as a default argument for passthrough VM kernels anymore 2011-09-08 14:09:03 +02:00
Marek Marczykowski
5e09af2b46 dom0: limit default swiotlb size for NetVM (#342) 2011-09-08 01:19:25 +02:00
Marek Marczykowski
320847de91 dom0: correctly remove appmenus for ServiceVM (if any) 2011-09-06 01:17:09 +02:00
Marek Marczykowski
77ec31d164 dom0: appmenus templates handling for StandaloneVM (#317) 
StandaloneVM also needs apps.templates dir in order to qubes-appmenu-select
works. Also can be helpful for backup/restore.
 2011-09-06 01:15:35 +02:00
Marek Marczykowski
c1f0296e66 dom0: automatically determine domain xid in create_xenstore_entries 2011-09-06 01:14:49 +02:00
Marek Marczykowski
f85fcc06aa dom0: replace obsolete swiotlb=force with iommu=soft 2011-09-03 16:15:02 +02:00
Marek Marczykowski
5cb6cd2aa7 dom0: fix uses_default_kernelopts typo 2011-09-03 16:14:51 +02:00
Marek Marczykowski
58985193e7 dom0: move network-attach logic to qubes.py 
Main reason is to remove code duplication.
Also fixes #260 and workaround (by sleep...) some race at NetVM restart
(fronted driver does not noticed vif-detach+vif-attach).
 2011-09-03 16:13:14 +02:00
Marek Marczykowski
5fe147729d dom0: copy only selected files for StandaloneVM kernel 
Especially ignore modules dir - already included in modules.img
 2011-09-03 16:04:25 +02:00
Marek Marczykowski
7f24727b2b dom0: fix waiting for vif detach 2011-09-03 16:01:22 +02:00
Marek Marczykowski
11da1633d3 dom0: Copy default template kernel to StandaloneVM dir (#333) 
Just prepare kernel for qvm-set -s <vmname> kernel none
 2011-09-01 15:01:37 +02:00
Marek Marczykowski
ac917ef1d8 dom0: Set modules.img device R/W for StandaloneVM (#333) 2011-09-01 14:56:23 +02:00
Marek Marczykowski
577dd2b076 dom0: when cleaning up network devices, wait for actual device destroy 
Otherwise subsequent network-attach will not be noticed by frontend driver.
 2011-09-01 00:01:53 +02:00
Marek Marczykowski
be5e5a98a1 dom0: use full patch for network script 
xl (apart from xm) doesn't prefix script with dir.
 2011-08-31 22:01:08 +02:00
Marek Marczykowski
3cf1af0321 dom0: implement custom kernelopts (#323) 2011-08-31 20:39:26 +02:00
Marek Marczykowski
fbce32ae1f dom0/qvm-prefs: info when kernel setting is from template 2011-08-31 18:32:37 +02:00
Rafal Wojtczuk
8ecd6134d9 firewall: call iptables-restore once per domain (#311) 
qubes.py now places rules for each domain in a separate key under
/local/domain/fw_XID/qubes_iptables_domainrules/
plus the header in /local/domain/fw_XID/qubes_iptables_header.
/local/domain/fw_XID/qubes_iptables is now just a trigger.
So, if iptables-restore fails dues to e.g. error resolving a domain name
in a rules for a domain, then only this domain will not get connectivity,
others will work fine.
 2011-07-29 16:50:12 +02:00
Rafal Wojtczuk
6fc358bd20 dispvm: honour current choice of template for dispvm 
... when auto-refreshing the dispvm savefile.
While at it, also copy dispvm-prerun.sh script in qvm-clone.
 2011-07-26 17:09:59 +02:00
Rafal Wojtczuk
7cfbe1c7d8 qubes.py: postpone qmmeman.close() 
There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
 2011-07-22 15:07:04 +02:00
Marek Marczykowski
342261ff10 dom0: Do not clone config file with template 
Not needed any more
 2011-07-21 00:49:03 +02:00
Marek Marczykowski
c9ad2314ea dom0: variable names conflict (#290) 
uuid is also name of (used here) python module...
 2011-07-20 16:12:28 +02:00
Marek Marczykowski
f1153a5413 dom0: initialize vmtype in create_appmenus (#212) 2011-07-20 16:06:22 +02:00
Marek Marczykowski
99dfdd70c3 dom0: Hide some messages from 'xl' tool (#265) 2011-07-17 01:54:27 +02:00
Marek Marczykowski
182e1ccf2b dom0: watch for updates from dom0 (#198) 
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
 2011-07-17 01:20:13 +02:00
Marek Marczykowski
a68faecc35 dom0: initialize default_kernel parameter 2011-07-15 12:24:27 +02:00
Marek Marczykowski
9f67e5de9d dom0: Regenerate appmenus also for TemplateVM in create_appmenus() 2011-07-10 23:39:48 +02:00
Marek Marczykowski
0813f49186 dom0: Clone whitelisted-apps.list with template clone 2011-07-10 23:37:35 +02:00
Marek Marczykowski
817735fc92 dom0: Do not copy obsolete apps-template.templates dir on template clone 2011-07-10 23:36:50 +02:00
Marek Marczykowski
f6609cb1c4 dom0: minor #252 fix 2011-07-09 20:43:57 +02:00
Marek Marczykowski
7e234a4a8d dom0: store dispid in QubesDisposableVm object and generate proper IP (#247) 2011-07-09 17:52:47 +02:00
Marek Marczykowski
202fb0c676 dom0: fix syntax 2011-07-09 00:36:00 +02:00
Marek Marczykowski
3e6bd65b73 Revert "[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition" 
This reverts commit 3bd1c700f6.

Conflicts:

	dom0/qvm-core/qubes.py
 2011-07-08 21:38:24 +02:00
Marek Marczykowski
3b3929b6a2 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-07-08 21:37:43 +02:00
Marek Marczykowski
0de378dafc dom0: automatically bind PCI devices to pciback at VM start (#252) 2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0 dom0: stores QubesVm.pcidevs as list (#252) 
To easier manage pci devices attached to VM
 2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b dom0: always set appmenus_templates_dir for QubesVm 
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
 2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189 dom0: Include default whitelisted-appmenus.list in template (#266) 2011-07-05 21:20:43 +02:00
Joanna Rutkowska
3bd1c700f6 [REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition 2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361 Dom0: Fix calling syntax for qrexec_client for updatevm 2011-07-02 22:12:43 +02:00
Marek Marczykowski
cd7024cad1 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1 dom0: use default kernel for new VMs 2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a Dom0: qubes.py: honor the verbose flag when printing debuging messages 2011-07-02 13:35:59 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242) 
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
 2011-06-30 01:07:47 +02:00
Marek Marczykowski
40c7e32fe9 dom0: Use first FirewallVM as UpdateVM 2011-06-27 21:14:34 +02:00
Marek Marczykowski
a0b60af3d6 dom0: Do not use transactions to access xenstore 
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
 2011-06-25 22:31:22 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198) 
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
 2011-06-22 00:44:48 +02:00
Marek Marczykowski
454b678284 dom0: cpu load calculation when VM rebooted fix 2011-06-11 20:44:26 +02:00
Marek Marczykowski
925647c7d7 dom0: run xl create through sudo 
This finally solve problem with RLIMIT_MEMLOCK (less important) and is required
to attach PCI devices (eg netvm restart) - more important.
 2011-06-10 18:19:19 +02:00
Marek Marczykowski
3571a34010 dom0: preserve old root-cow - for qvm-revert-template-changes 2011-06-09 14:22:22 +02:00
Marek Marczykowski
fcd4cd44eb dom0: create config template for DispVM 
Introduction for later patches.
 2011-06-08 03:30:42 +02:00
Marek Marczykowski
1647d03f74 dom0: use path given in argument to store VM configuration 2011-06-08 03:29:52 +02:00
Marek Marczykowski
f5e4cf58aa dom0: include vif in domain config (no need for network-attach) 2011-06-08 03:28:08 +02:00
Marek Marczykowski
429c685f1d dom0: write firewall rules only for running proxyvms 2011-06-07 15:58:55 +02:00
Marek Marczykowski
645132f043 dom0: Explicitly set maxmem=mem for NetVM 2011-06-07 15:58:54 +02:00
Marek Marczykowski
6dd0870ca6 dom0: Generate Xen VM config file from common template, on each VM start 
Do not use many different config templates for different types of VMs. Also
regenerate config on each VM start to keep in synchronized with qubes.xml
 2011-06-07 15:58:54 +02:00
Marek Marczykowski
5ebd163fd3 dom0: check RLIMIT_MEMLOCK before starting VM (and fix if possible) 2011-06-07 15:58:54 +02:00
Marek Marczykowski
d3e6e3dec0 dom0: use xen.lowlevel.xs instead of call xenstore-* 2011-06-05 23:35:53 +02:00
Marek Marczykowski
9ce2f440c3 dom0: remove import of old xend libraries 2011-06-05 22:58:20 +02:00
Marek Marczykowski
7b2ac4b279 dom0: catch error when no VM found by libxc (assume not running) 2011-06-04 02:46:12 +02:00
Marek Marczykowski
f5751bfea7 dom0: prevent division by zero on calculating cpu usage 
When VM is starting online_vcpus=0 for short time.
 2011-06-04 02:44:27 +02:00
Marek Marczykowski
cc4df5089d dom0: XC/XL infos for dom0 2011-06-02 01:20:23 +02:00
Marek Marczykowski
fac1f7f107 dom0: Set xid=0 for QubesDom0NetVm 2011-06-02 01:20:01 +02:00
Marek Marczykowski
cb1fbfc145 dom0: store xid in QubesVm on get_xid() 2011-06-02 00:07:22 +02:00
Marek Marczykowski
c789121f84 dom0: migrate from xend to libxl stack - qvm-core 
This is core part of migration. Things not migrated yet:
 - DispVM (qubes_restore needs to be almost rewritten)
 - VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)

Huge, slow xend not needed any more, now it conflicts with libxl
 2011-06-01 23:59:53 +02:00
Marek Marczykowski
4f33e17e69 Set appmenus_templates_dir also for StandaloneVM (#45) 
StandaloneVM also have appmenus templates - retrieved from VM. User can choose
some of them to real menu.
 2011-05-24 00:14:03 +02:00
Marek Marczykowski
e1cea1f50b dom0: tool for sync desktop file templates (#45) 2011-05-20 16:38:00 +02:00
Marek Marczykowski
ee87fff0d7 dom0: implement QubesVm.get_start_time() (#231) 
Needed to check if VM was just started again
 2011-05-12 18:15:09 +02:00
Marek Marczykowski
4a76bf2981 Call xm to set maxmem, instead of direct call to xend. 
Previous one hangs sometimes with 100% occupied by xend.
This will also be simpler to port to xl/libxl interface.
 2011-05-01 12:02:27 +02:00
Marek Marczykowski
aa7df98b7e Use half of host memory as maxmem by default. Allow to configure it per VM. 2011-04-29 01:43:41 +02:00
Marek Marczykowski
98f4028142 Connect vif's to already running VMs on NetVM/ProxyVM startup (#190) 
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
 2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00
Tomasz Sterna
5001b7c9d7 Save VM updatable state in qubes_vm_updateable 2011-04-20 01:01:38 +02:00
Marek Marczykowski
e7190d0239 Clean appmenus on template remove (#225) 2011-04-19 17:55:06 +02:00
Marek Marczykowski
6eb39106bb Include appmenus template for TemplateVM when clonning template files (#225) 2011-04-19 16:09:11 +02:00
Marek Marczykowski
067165e030 Link to icon on template clone (#225) 2011-04-19 15:56:00 +02:00
Marek Marczykowski
1e53115eab Create appmenus not only for AppVM (#225) 
Needed also by TemplateVM, and maybe others (service VMs)
For TemplateVM uses separate appmenus template (apps-template.templates).
 2011-04-19 15:54:36 +02:00
Joanna Rutkowska
304c27313a qubes.py: handle nicely situation when create_appmenus exits with error 2011-04-08 16:00:14 +02:00
Marek Marczykowski
e9c6dc387e Fixed getting VMs connected to NetVM (#172) 2011-04-07 10:42:24 +02:00
Marek Marczykowski
d1abb37a5f Do not fail if cannot remove VM from xen store just before adding it again (#204) 2011-04-06 23:30:14 +02:00
Joanna Rutkowska
d01489b486 Use 200MB by default for NetVM and ProxyVM 2011-04-06 13:34:03 +02:00
Marek Marczykowski
d4e80e7984 Deny inter-VM traffic in ProxyVM 2011-04-06 10:32:20 +02:00
Marek Marczykowski
c8acca0eb6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-04-05 14:39:40 +02:00
Marek Marczykowski
ffaa518c5a Fix checking if there is AppVMs based on template (#154) 2011-04-05 14:33:51 +02:00
Marek Marczykowski
2aec07dd60 Store VM collection connected to NetVM 2011-04-04 19:08:40 +02:00
Joanna Rutkowska
a88e104b6e Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 18:47:08 +02:00
Marek Marczykowski
a6d079594b Don't set template on StandaloneVM - only use it when copying template files (#189) 2011-04-04 18:41:02 +02:00
Rafal Wojtczuk
02514b1347 If the firewall rules file does not exist, assume ALLOW (#188) 
So that newly created appvms have net access.
 2011-04-04 17:07:46 +02:00
Joanna Rutkowska
3f31a5f3a7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 09:33:31 +02:00
Marek Marczykowski
c10f7ef70b Add missing coma (#155) 2011-04-04 00:08:24 +02:00
Marek Marczykowski
398734dad2 Internal VMs (hidden in qubes-manager, menus etc) - used for DispVM template (#155) 2011-04-03 17:47:20 +02:00
Marek Marczykowski
fa703c536f Generate firewall rules only for VMs connected to this firewall (#158) 2011-04-03 01:54:04 +02:00
Marek Marczykowski
ab244d803f Detect if VMs is outdated (#168) 
If so - VMs restart is required to see latest template changes.
 2011-04-02 02:11:41 +02:00
Marek Marczykowski
5e3b3fe922 Store and load from qubes.xml memory, vcpus and pcidevs 
Needed to recreate correct xen config files (ex after template package upgrade)
 2011-04-02 00:37:38 +02:00
Marek Marczykowski
156778fcd7 Set template field before check its correctness. 
Backup from Aplha3 with updateable VMs contains case, when updateable VM have template.
So set this template (to make qvm-backup-restore working), but give error message.

Also fix typo.
 2011-04-01 02:06:22 +02:00
Marek Marczykowski
f0716c2498 Setup firewall for every VM with FW configuration (no only AppVM) (#167) 2011-04-01 01:17:38 +02:00
Marek Marczykowski
97393c54a5 Really block 'updateable' flag change 2011-04-01 01:17:18 +02:00
Marek Marczykowski
1f5c03da3f Remove QubesCowVm class 
StandaloneVM isn't really CowVM; also most AppVM/CowVM features applies also to TemplateVM.
So CowVM class is meaningless.
 2011-04-01 01:14:18 +02:00
Rafal Wojtczuk
d6bdb85883 Start qrexec_daemon in vm.start() 
Instead of three separate places - qvm-start, qvm-run, manager.
 2011-03-31 11:11:39 +02:00
Rafal Wojtczuk
5978f7a724 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-31 09:44:30 +02:00
Marek Marczykowski
3a5cc0cc21 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-03-31 02:51:34 +02:00
Marek Marczykowski
6273c42faf Recursive stop VMs, when stopping NetVM (#172) 
Dependency resolving in qvm-core, recursive stopping only in qvm-run for now.
 2011-03-31 02:35:02 +02:00
Rafal Wojtczuk
df9549a7db Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-28 17:28:24 +02:00
Tomasz Sterna
04a6b01b1b Do not allow NEW connection to VM through ProxyVM. #136 2011-03-27 17:24:17 +02:00
Marek Marczykowski
0d52b037f1 Changed network addresses to 10.137.0.0/16 (#73) 
Also limit qid to 254 - should be enough and fits in one byte (in IP address)
 2011-03-27 12:58:38 +02:00
Marek Marczykowski
24b5c24c25 create_appmenus() on standalone VM -> only register existing apps in menu 
Needed for example on backup-restore
 2011-03-24 21:41:10 -04:00
Marek Marczykowski
9aa5638dcf Create template_vm property in every VM (defaults to None) 
Simplify template based VM detection.
 2011-03-24 21:39:13 -04:00
Marek Marczykowski
7f94cf2709 Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge 2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a Cmdline tool to grow private.img (#5) 2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath 
QubesVm constructor does not like it.
 2011-03-23 13:26:39 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118) 
And do not call it twice...
 2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118) 
"tar x" is much faster than cp on sparse file
 2011-03-19 17:05:00 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118) 
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
 2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load 
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
 2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98) 
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
 2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template 
Missing netvms_conf_file parameter in template
 2011-03-16 13:38:16 -04:00
Marek Marczykowski
5acc4610b4 Allow installed_by_rpm=False in NetVM and ProxyVM 2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731 Create NetVM xen config from separate template (netvm-template.conf) 2011-03-16 11:41:18 +01:00
Marek Marczykowski
14c48f5253 Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08' 2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5 Allow labels for NetVM/ProxyVM. Require it in qvm-create. 2011-03-15 18:28:28 +01:00
Marek Marczykowski
588f4b91c8 Fix Firewall -> Proxy... 2011-03-15 17:40:23 +01:00
Tomasz Sterna
d82001819d Properly call QubesProxyVm superclass 2011-03-14 20:57:08 +01:00
Tomasz Sterna
c92a2bf25f Properly create default firewall configuration 2011-03-14 20:43:56 +01:00
Marek Marczykowski
d6181d21cf Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a' 
Conflicts:
	dom0/qvm-core/qubes.py
	fwvm/init.d/qubes_firewall
 2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e Revert "Requiest external_ip permission at start, not create" 
This reverts commit 53b8e5aacf.
 2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564 Use DNS IPs in firewall rules 2011-03-11 19:39:26 +01:00
Marek Marczykowski
53b8e5aacf Requiest external_ip permission at start, not create 2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87 Missing coma 2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911 Check if netvm is set for ProxyVM before using it... 2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879 Store default_fw_netvm in qubes.xml 2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1 Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM 2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841 arameters for add_new_*, variables loaded from qubes.xml 
Cow based VMs doesn't have root_img param, but private_img.
 2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215 Swap COW for all CowVMs, not only AppVM 2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0 'templete' typo again 2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed qvm-create: support for netvm and proxyvm 
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
 2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side 
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
 2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
 2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00