Home Explore Help
Sign In
Qubes
/
core-admin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
core-admin
/
doc
/
qubes-storage.rst

qubes-storage.rst 8.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. :py:mod:`qubes.storage` -- Qubes data storage
    2. 

  2. =============================================
    3. 

  3. 

  4. Qubes provide extensible API for domains data storage. Each domain have
    5. 

  5. multiple storage volumes, for different purposes. Each volume is provided by
    6. 

  6. some storage pool. Qubes support different storage pool drivers, and it's
    7. 

  7. possible to register additional 3rd-party drivers.
    8. 

  8. 

  9. Domain's storage volumes:
    10. 

  10. 

  11.  - `root` - this is where operating system is installed. The volume is
    12. 

  12.    available read-write to all domain classes. It could be made read-only for
    13. 

  13.    :py:class:`~qubes.vm.appvm.AppVM` and :py:class:`~qubes.vm.dispvm.DispVM` to
    14. 

  14.    implement an untrusted storage domain in the future, but doing so will cause
    15. 

  15.    such VMs to set up a device-mapper based copy-on-write layer that redirects
    16. 

  16.    writes to the `volatile` volume. Whose storage driver may already do CoW,
    17. 

  17.    leading to an inefficient CoW-on-CoW setup. For this reason, `root` is
    18. 

  18.    currently read-write in all cases.
    19. 

  19.  - `private` - this is where domain's data live. The volume is available
    20. 

  20.    read-write to all domain classes (including :py:class:`~qubes.vm.dispvm.DispVM`,
    21. 

  21.    but data written there is discarded on domain shutdown).
    22. 

  22.  - `volatile` - this is used for any data that do not to persist. This include
    23. 

  23.    swap, copy-on-write layer for a future read-only `root` volume etc.
    24. 

  24.  - `kernel` - domain boot files - operating system kernel, initial ramdisk,
    25. 

  25.    kernel modules etc. This volume is provided read-only and should be provided by
    26. 

  26.    a storage pool respecting :py:attr:`qubes.vm.qubesvm.QubesVM.kernel` property.
    27. 

  27. 

  28. Storage pool concept
    29. 

  29. --------------------
    30. 

  30. 

  31. Storage pool is responsible for managing its volumes. Qubes have defined
    32. 

  32. storage pool driver API, allowing to put domains storage in various places. By
    33. 

  33. default three drivers are provided: :py:class:`qubes.storage.file.FilePool`
    34. 

  34. (named `file`), :py:class:`qubes.storage.reflink.ReflinkPool` (named
    35. 

  35. `file-reflink`), and :py:class:`qubes.storage.lvm.ThinPool` (named `lvm_thin`).
    36. 

  36. But the API allow to implement variety of other drivers (like additionally
    37. 

  37. encrypted storage, external disk, drivers using special features of some
    38. 

  38. filesystems, etc).
    39. 

  39. 

  40. Most of storage API focus on storage volumes. Each volume have at least those
    41. 

  41. properties:
    42. 

  42.  - :py:attr:`~qubes.storage.Volume.rw` - should the volume be available
    43. 

  43.    read-only or read-write to the domain
    44. 

  44.  - :py:attr:`~qubes.storage.Volume.snap_on_start` - should the domain start
    45. 

  45.    with its own state of the volume, or rather a snapshot of its template volume
    46. 

  46.    (pointed by a :py:attr:`~qubes.storage.Volume.source` property). This can be
    47. 

  47.    set to `True` only if a domain do have `template` property (AppVM and DispVM).
    48. 

  48.    If the domain's template is running already, the snapshot should be made out of
    49. 

  49.    the template's before its startup.
    50. 

  50.  - :py:attr:`~qubes.storage.Volume.save_on_stop` - should the volume state be
    51. 

  51.    saved or discarded on domain
    52. 

  52.    stop. In either case, while the domain is running, volume's current state
    53. 

  53.    should not be committed immediately. This is to allow creating snapshots of the
    54. 

  54.    volume's state from before domain start (see
    55. 

  55.    :py:attr:`~qubes.storage.Volume.snap_on_start`).
    56. 

  56.  - :py:attr:`~qubes.storage.Volume.revisions_to_keep` - number of volume
    57. 

  57.    revisions to keep. If greater than zero, at each domain stop (and if
    58. 

  58.    :py:attr:`~qubes.storage.Volume.save_on_stop` is `True`) new revision is saved
    59. 

  59.    and old ones exceeding :py:attr:`~qubes.storage.Volume.revisions_to_keep` limit
    60. 

  60.    are removed.
    61. 

  61.  - :py:attr:`~qubes.storage.Volume.source` - source volume for
    62. 

  62.    :py:attr:`~qubes.storage.Volume.snap_on_start` volumes
    63. 

  63.  - :py:attr:`~qubes.storage.Volume.vid` - pool specific volume identifier, must
    64. 

  64.    be unique inside given pool
    65. 

  65.  - :py:attr:`~qubes.storage.Volume.pool` - storage pool object owning this volume
    66. 

  66.  - :py:attr:`~qubes.storage.Volume.name` - name of the volume inside owning
    67. 

  67.    domain (like `root`, or `private`)
    68. 

  68.  - :py:attr:`~qubes.storage.Volume.size` - size of the volume, in bytes
    69. 

  69. 

  70. Storage pool driver may define additional properties.
    71. 

  71. 

  72. Storage pool driver API
    73. 

  73. -----------------------
    74. 

  74. 

  75. Storage pool driver need to implement two classes:
    76. 

  76.  - pool class - inheriting from :py:class:`qubes.storage.Pool`
    77. 

  77.  - volume class - inheriting from :py:class:`qubes.storage.Volume`
    78. 

  78. 

  79. Pool class should be registered with `qubes.storage` entry_point, under the
    80. 

  80. name of storage pool driver. Volume class instances should be returned by
    81. 

  81. :py:meth:`qubes.storage.Pool.init_volume` method of pool class instance.
    82. 

  82. 

  83. Methods required to be implemented by the pool class:
    84. 

  84.  - :py:meth:`~qubes.storage.Pool.init_volume` - return instance of appropriate
    85. 

  85.    volume class; this method should not alter any persistent disk state, it is
    86. 

  86.    used to instantiate both existing volumes and create new ones
    87. 

  87.  - :py:meth:`~qubes.storage.Pool.setup` - setup new storage pool
    88. 

  88.  - :py:meth:`~qubes.storage.Pool.destroy` - destroy storage pool
    89. 

  89. 

  90. Methods and properties required to be implemented by the volume class:
    91. 

  91.  - :py:meth:`~qubes.storage.Volume.create` - create volume on disk
    92. 

  92.  - :py:meth:`~qubes.storage.Volume.remove` - remove volume from disk
    93. 

  93.  - :py:meth:`~qubes.storage.Volume.start` - prepare the volume for domain start;
    94. 

  94.    this include making a snapshot if
    95. 

  95.    :py:attr:`~qubes.storage.Volume.snap_on_start` is `True`
    96. 

  96.  - :py:meth:`~qubes.storage.Volume.stop` - cleanup after domain shutdown; this
    97. 

  97.    include committing changes to the volume if
    98. 

  98.    :py:attr:`~qubes.storage.Volume.save_on_stop` is `True`
    99. 

  99.  - :py:meth:`~qubes.storage.Volume.export` - return a path to be read to extract
    100. 

  100.    volume data; for complex formats, this can be a pipe (connected to some
    101. 

  101.    data-extracting process)
    102. 

  102.  - :py:meth:`~qubes.storage.Volume.export_end` - cleanup after exporting the
    103. 

  103.    data; this function is called when the path returned by
    104. 

  104.    :py:meth:`~qubes.storage.Volume.export` is not used anymore. This method
    105. 

  105.    optional - some storage drivers may not implement it if not needed.
    106. 

  106.  - :py:meth:`~qubes.storage.Volume.import_data` - return a path the data should
    107. 

  107.    be written to, to import volume data; for complex formats, this can be pipe
    108. 

  108.    (connected to some data-importing process)
    109. 

  109.  - :py:meth:`~qubes.storage.Volume.import_data_end` - finish data import
    110. 

  110.    operation (cleanup temporary files etc); this methods is called always after
    111. 

  111.    :py:meth:`~qubes.storage.Volume.import_data` regardless if operation was
    112. 

  112.    successful or not
    113. 

  113.  - :py:meth:`~qubes.storage.Volume.import_volume` - import data from another volume
    114. 

  114.  - :py:meth:`~qubes.storage.Volume.resize` - resize volume
    115. 

  115.  - :py:meth:`~qubes.storage.Volume.revert` - revert volume state to a given revision
    116. 

  116.  - :py:attr:`~qubes.storage.Volume.revisions` - collection of volume revisions (to use
    117. 

  117.    with :py:meth:`qubes.storage.Volume.revert`)
    118. 

  118.  - :py:meth:`~qubes.storage.Volume.is_dirty` - is volume properly committed
    119. 

  119.    after domain shutdown? Applies only to volumes with
    120. 

  120.    :py:attr:`~qubes.storage.Volume.save_on_stop` set to `True`
    121. 

  121.  - :py:meth:`~qubes.storage.Volume.is_outdated` - have the source volume started
    122. 

  122.    since domain startup? applies only to volumes with
    123. 

  123.    :py:attr:`~qubes.storage.Volume.snap_on_start` set to `True`
    124. 

  124.  - :py:attr:`~qubes.storage.Volume.config` - volume configuration, this should
    125. 

  125.    be enough to later reinstantiate the same volume object
    126. 

  126.  - :py:meth:`~qubes.storage.Volume.block_device` - return
    127. 

  127.    :py:class:`qubes.storage.BlockDevice` instance required to configure volume in
    128. 

  128.    libvirt
    129. 

  129. 

  130. Some storage pool drivers can provide limited functionality only - for example
    131. 

  131. support only `volatile` volumes (those with
    132. 

  132. :py:attr:`~qubes.storage.Volume.snap_on_start` is `False`,
    133. 

  133. :py:attr:`~qubes.storage.Volume.save_on_stop` is `False`, and
    134. 

  134. :py:attr:`~qubes.storage.Volume.rw` is `True`). In that case, it should raise
    135. 

  135. :py:exc:`NotImplementedError` in :py:meth:`qubes.storage.Pool.init_volume` when
    136. 

  136. trying to instantiate unsupported volume.
    137. 

  137. 

  138. Note that pool driver should be prepared to recover from power loss before
    139. 

  139. stopping a domain - so, if volume have
    140. 

  140. :py:attr:`~qubes.storage.Volume.save_on_stop` is `True`, and
    141. 

  141. :py:meth:`qubes.storage.Volume.stop` wasn't called, next
    142. 

  142. :py:meth:`~qubes.storage.Volume.start` should pick up previous (not committed)
    143. 

  143. state.
    144. 

  144. 

  145. See specific methods documentation for details.
    146. 

  146. 

  147. Module contents
    148. 

  148. ---------------
    149. 

  149. 

  150. .. automodule:: qubes.storage
    151. 

  151.    :members:
    152. 

  152.    :show-inheritance:
    153. 

  153. 

  154. .. vim: ts=3 sw=3 et
    155.