Commit Graph

253 Commits

Author SHA1 Message Date
Marek Marczykowski
c1f0296e66 dom0: automatically determine domain xid in create_xenstore_entries 2011-09-06 01:14:49 +02:00
Marek Marczykowski
f85fcc06aa dom0: replace obsolete swiotlb=force with iommu=soft 2011-09-03 16:15:02 +02:00
Marek Marczykowski
5cb6cd2aa7 dom0: fix uses_default_kernelopts typo 2011-09-03 16:14:51 +02:00
Marek Marczykowski
58985193e7 dom0: move network-attach logic to qubes.py
Main reason is to remove code duplication.
Also fixes #260 and workaround (by sleep...) some race at NetVM restart
(fronted driver does not noticed vif-detach+vif-attach).
2011-09-03 16:13:14 +02:00
Marek Marczykowski
5fe147729d dom0: copy only selected files for StandaloneVM kernel
Especially ignore modules dir - already included in modules.img
2011-09-03 16:04:25 +02:00
Marek Marczykowski
7f24727b2b dom0: fix waiting for vif detach 2011-09-03 16:01:22 +02:00
Marek Marczykowski
11da1633d3 dom0: Copy default template kernel to StandaloneVM dir (#333)
Just prepare kernel for qvm-set -s <vmname> kernel none
2011-09-01 15:01:37 +02:00
Marek Marczykowski
ac917ef1d8 dom0: Set modules.img device R/W for StandaloneVM (#333) 2011-09-01 14:56:23 +02:00
Marek Marczykowski
577dd2b076 dom0: when cleaning up network devices, wait for actual device destroy
Otherwise subsequent network-attach will not be noticed by frontend driver.
2011-09-01 00:01:53 +02:00
Marek Marczykowski
be5e5a98a1 dom0: use full patch for network script
xl (apart from xm) doesn't prefix script with dir.
2011-08-31 22:01:08 +02:00
Marek Marczykowski
3cf1af0321 dom0: implement custom kernelopts (#323) 2011-08-31 20:39:26 +02:00
Marek Marczykowski
fbce32ae1f dom0/qvm-prefs: info when kernel setting is from template 2011-08-31 18:32:37 +02:00
Rafal Wojtczuk
8ecd6134d9 firewall: call iptables-restore once per domain (#311)
qubes.py now places rules for each domain in a separate key under
/local/domain/fw_XID/qubes_iptables_domainrules/
plus the header in /local/domain/fw_XID/qubes_iptables_header.
/local/domain/fw_XID/qubes_iptables is now just a trigger.
So, if iptables-restore fails dues to e.g. error resolving a domain name
in a rules for a domain, then only this domain will not get connectivity,
others will work fine.
2011-07-29 16:50:12 +02:00
Rafal Wojtczuk
6fc358bd20 dispvm: honour current choice of template for dispvm
... when auto-refreshing the dispvm savefile.
While at it, also copy dispvm-prerun.sh script in qvm-clone.
2011-07-26 17:09:59 +02:00
Rafal Wojtczuk
7cfbe1c7d8 qubes.py: postpone qmmeman.close()
There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
2011-07-22 15:07:04 +02:00
Marek Marczykowski
342261ff10 dom0: Do not clone config file with template
Not needed any more
2011-07-21 00:49:03 +02:00
Marek Marczykowski
c9ad2314ea dom0: variable names conflict (#290)
uuid is also name of (used here) python module...
2011-07-20 16:12:28 +02:00
Marek Marczykowski
f1153a5413 dom0: initialize vmtype in create_appmenus (#212) 2011-07-20 16:06:22 +02:00
Marek Marczykowski
99dfdd70c3 dom0: Hide some messages from 'xl' tool (#265) 2011-07-17 01:54:27 +02:00
Marek Marczykowski
182e1ccf2b dom0: watch for updates from dom0 (#198)
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
a68faecc35 dom0: initialize default_kernel parameter 2011-07-15 12:24:27 +02:00
Marek Marczykowski
9f67e5de9d dom0: Regenerate appmenus also for TemplateVM in create_appmenus() 2011-07-10 23:39:48 +02:00
Marek Marczykowski
0813f49186 dom0: Clone whitelisted-apps.list with template clone 2011-07-10 23:37:35 +02:00
Marek Marczykowski
817735fc92 dom0: Do not copy obsolete apps-template.templates dir on template clone 2011-07-10 23:36:50 +02:00
Marek Marczykowski
f6609cb1c4 dom0: minor #252 fix 2011-07-09 20:43:57 +02:00
Marek Marczykowski
7e234a4a8d dom0: store dispid in QubesDisposableVm object and generate proper IP (#247) 2011-07-09 17:52:47 +02:00
Marek Marczykowski
202fb0c676 dom0: fix syntax 2011-07-09 00:36:00 +02:00
Marek Marczykowski
3e6bd65b73 Revert "[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition"
This reverts commit 3bd1c700f6.

Conflicts:

	dom0/qvm-core/qubes.py
2011-07-08 21:38:24 +02:00
Marek Marczykowski
3b3929b6a2 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-07-08 21:37:43 +02:00
Marek Marczykowski
0de378dafc dom0: automatically bind PCI devices to pciback at VM start (#252) 2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0 dom0: stores QubesVm.pcidevs as list (#252)
To easier manage pci devices attached to VM
2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b dom0: always set appmenus_templates_dir for QubesVm
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189 dom0: Include default whitelisted-appmenus.list in template (#266) 2011-07-05 21:20:43 +02:00
Joanna Rutkowska
3bd1c700f6 [REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition 2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361 Dom0: Fix calling syntax for qrexec_client for updatevm 2011-07-02 22:12:43 +02:00
Marek Marczykowski
cd7024cad1 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1 dom0: use default kernel for new VMs 2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a Dom0: qubes.py: honor the verbose flag when printing debuging messages 2011-07-02 13:35:59 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
40c7e32fe9 dom0: Use first FirewallVM as UpdateVM 2011-06-27 21:14:34 +02:00
Marek Marczykowski
a0b60af3d6 dom0: Do not use transactions to access xenstore
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
2011-06-25 22:31:22 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
454b678284 dom0: cpu load calculation when VM rebooted fix 2011-06-11 20:44:26 +02:00
Marek Marczykowski
925647c7d7 dom0: run xl create through sudo
This finally solve problem with RLIMIT_MEMLOCK (less important) and is required
to attach PCI devices (eg netvm restart) - more important.
2011-06-10 18:19:19 +02:00
Marek Marczykowski
3571a34010 dom0: preserve old root-cow - for qvm-revert-template-changes 2011-06-09 14:22:22 +02:00
Marek Marczykowski
fcd4cd44eb dom0: create config template for DispVM
Introduction for later patches.
2011-06-08 03:30:42 +02:00
Marek Marczykowski
1647d03f74 dom0: use path given in argument to store VM configuration 2011-06-08 03:29:52 +02:00
Marek Marczykowski
f5e4cf58aa dom0: include vif in domain config (no need for network-attach) 2011-06-08 03:28:08 +02:00
Marek Marczykowski
429c685f1d dom0: write firewall rules only for running proxyvms 2011-06-07 15:58:55 +02:00
Marek Marczykowski
645132f043 dom0: Explicitly set maxmem=mem for NetVM 2011-06-07 15:58:54 +02:00
Marek Marczykowski
6dd0870ca6 dom0: Generate Xen VM config file from common template, on each VM start
Do not use many different config templates for different types of VMs. Also
regenerate config on each VM start to keep in synchronized with qubes.xml
2011-06-07 15:58:54 +02:00
Marek Marczykowski
5ebd163fd3 dom0: check RLIMIT_MEMLOCK before starting VM (and fix if possible) 2011-06-07 15:58:54 +02:00
Marek Marczykowski
d3e6e3dec0 dom0: use xen.lowlevel.xs instead of call xenstore-* 2011-06-05 23:35:53 +02:00
Marek Marczykowski
9ce2f440c3 dom0: remove import of old xend libraries 2011-06-05 22:58:20 +02:00
Marek Marczykowski
7b2ac4b279 dom0: catch error when no VM found by libxc (assume not running) 2011-06-04 02:46:12 +02:00
Marek Marczykowski
f5751bfea7 dom0: prevent division by zero on calculating cpu usage
When VM is starting online_vcpus=0 for short time.
2011-06-04 02:44:27 +02:00
Marek Marczykowski
cc4df5089d dom0: XC/XL infos for dom0 2011-06-02 01:20:23 +02:00
Marek Marczykowski
fac1f7f107 dom0: Set xid=0 for QubesDom0NetVm 2011-06-02 01:20:01 +02:00
Marek Marczykowski
cb1fbfc145 dom0: store xid in QubesVm on get_xid() 2011-06-02 00:07:22 +02:00
Marek Marczykowski
c789121f84 dom0: migrate from xend to libxl stack - qvm-core
This is core part of migration. Things not migrated yet:
 - DispVM (qubes_restore needs to be almost rewritten)
 - VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)

Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
4f33e17e69 Set appmenus_templates_dir also for StandaloneVM (#45)
StandaloneVM also have appmenus templates - retrieved from VM. User can choose
some of them to real menu.
2011-05-24 00:14:03 +02:00
Marek Marczykowski
e1cea1f50b dom0: tool for sync desktop file templates (#45) 2011-05-20 16:38:00 +02:00
Marek Marczykowski
ee87fff0d7 dom0: implement QubesVm.get_start_time() (#231)
Needed to check if VM was just started again
2011-05-12 18:15:09 +02:00
Marek Marczykowski
4a76bf2981 Call xm to set maxmem, instead of direct call to xend.
Previous one hangs sometimes with 100% occupied by xend.
This will also be simpler to port to xl/libxl interface.
2011-05-01 12:02:27 +02:00
Marek Marczykowski
aa7df98b7e Use half of host memory as maxmem by default. Allow to configure it per VM. 2011-04-29 01:43:41 +02:00
Marek Marczykowski
98f4028142 Connect vif's to already running VMs on NetVM/ProxyVM startup (#190)
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00
Tomasz Sterna
5001b7c9d7 Save VM updatable state in qubes_vm_updateable 2011-04-20 01:01:38 +02:00
Marek Marczykowski
e7190d0239 Clean appmenus on template remove (#225) 2011-04-19 17:55:06 +02:00
Marek Marczykowski
6eb39106bb Include appmenus template for TemplateVM when clonning template files (#225) 2011-04-19 16:09:11 +02:00
Marek Marczykowski
067165e030 Link to icon on template clone (#225) 2011-04-19 15:56:00 +02:00
Marek Marczykowski
1e53115eab Create appmenus not only for AppVM (#225)
Needed also by TemplateVM, and maybe others (service VMs)
For TemplateVM uses separate appmenus template (apps-template.templates).
2011-04-19 15:54:36 +02:00
Joanna Rutkowska
304c27313a qubes.py: handle nicely situation when create_appmenus exits with error 2011-04-08 16:00:14 +02:00
Marek Marczykowski
e9c6dc387e Fixed getting VMs connected to NetVM (#172) 2011-04-07 10:42:24 +02:00
Marek Marczykowski
d1abb37a5f Do not fail if cannot remove VM from xen store just before adding it again (#204) 2011-04-06 23:30:14 +02:00
Joanna Rutkowska
d01489b486 Use 200MB by default for NetVM and ProxyVM 2011-04-06 13:34:03 +02:00
Marek Marczykowski
d4e80e7984 Deny inter-VM traffic in ProxyVM 2011-04-06 10:32:20 +02:00
Marek Marczykowski
c8acca0eb6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-04-05 14:39:40 +02:00
Marek Marczykowski
ffaa518c5a Fix checking if there is AppVMs based on template (#154) 2011-04-05 14:33:51 +02:00
Marek Marczykowski
2aec07dd60 Store VM collection connected to NetVM 2011-04-04 19:08:40 +02:00
Joanna Rutkowska
a88e104b6e Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 18:47:08 +02:00
Marek Marczykowski
a6d079594b Don't set template on StandaloneVM - only use it when copying template files (#189) 2011-04-04 18:41:02 +02:00
Rafal Wojtczuk
02514b1347 If the firewall rules file does not exist, assume ALLOW (#188)
So that newly created appvms have net access.
2011-04-04 17:07:46 +02:00
Joanna Rutkowska
3f31a5f3a7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 09:33:31 +02:00
Marek Marczykowski
c10f7ef70b Add missing coma (#155) 2011-04-04 00:08:24 +02:00
Marek Marczykowski
398734dad2 Internal VMs (hidden in qubes-manager, menus etc) - used for DispVM template (#155) 2011-04-03 17:47:20 +02:00
Marek Marczykowski
fa703c536f Generate firewall rules only for VMs connected to this firewall (#158) 2011-04-03 01:54:04 +02:00
Marek Marczykowski
ab244d803f Detect if VMs is outdated (#168)
If so - VMs restart is required to see latest template changes.
2011-04-02 02:11:41 +02:00
Marek Marczykowski
5e3b3fe922 Store and load from qubes.xml memory, vcpus and pcidevs
Needed to recreate correct xen config files (ex after template package upgrade)
2011-04-02 00:37:38 +02:00
Marek Marczykowski
156778fcd7 Set template field before check its correctness.
Backup from Aplha3 with updateable VMs contains case, when updateable VM have template.
So set this template (to make qvm-backup-restore working), but give error message.

Also fix typo.
2011-04-01 02:06:22 +02:00
Marek Marczykowski
f0716c2498 Setup firewall for every VM with FW configuration (no only AppVM) (#167) 2011-04-01 01:17:38 +02:00
Marek Marczykowski
97393c54a5 Really block 'updateable' flag change 2011-04-01 01:17:18 +02:00
Marek Marczykowski
1f5c03da3f Remove QubesCowVm class
StandaloneVM isn't really CowVM; also most AppVM/CowVM features applies also to TemplateVM.
So CowVM class is meaningless.
2011-04-01 01:14:18 +02:00
Rafal Wojtczuk
d6bdb85883 Start qrexec_daemon in vm.start()
Instead of three separate places - qvm-start, qvm-run, manager.
2011-03-31 11:11:39 +02:00
Rafal Wojtczuk
5978f7a724 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-31 09:44:30 +02:00
Marek Marczykowski
3a5cc0cc21 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-03-31 02:51:34 +02:00
Marek Marczykowski
6273c42faf Recursive stop VMs, when stopping NetVM (#172)
Dependency resolving in qvm-core, recursive stopping only in qvm-run for now.
2011-03-31 02:35:02 +02:00
Rafal Wojtczuk
df9549a7db Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-28 17:28:24 +02:00
Tomasz Sterna
04a6b01b1b Do not allow NEW connection to VM through ProxyVM. #136 2011-03-27 17:24:17 +02:00
Marek Marczykowski
0d52b037f1 Changed network addresses to 10.137.0.0/16 (#73)
Also limit qid to 254 - should be enough and fits in one byte (in IP address)
2011-03-27 12:58:38 +02:00