reboot sys-net

[Bernhard]

Did by chance someone write a dom0-script that

a) fetches a list of all (running) appvm's that use sys-net.

b) setting their net-vm to "none"

c) reboot sys-net

d) undoes step (b)

That would allow to confortably reboot sys-net (same ideas apply to
sys-firewall & sys-whonix) and could help many people in many
situations. I am not a bash hero, and before losing half a day on this
useful script, I prefer asking if someone did it already :)  Thank you,
Bernhard

[Ilpo Järvinen]

I didn't have it already but it wasn't too difficult to do so I wrote one
as it seems somewhat useful.


--
i.

[Bernhard]

Awesome! Thank you very much. Bernhard

[awokd]

On Fri, February 2, 2018 11:05 am, Bernhard wrote:
> On 02/02/2018 11:58 AM, Ilpo Järvinen wrote:
>
>> On Fri, 2 Feb 2018, Bernhard wrote:

>>> That would allow to confortably reboot sys-net

For a bit more blunt force approach, you could qvm-kill sys-net then use
the procedure "Reconnecting VMs after a NetVM reboot" on
https://www.qubes-os.org/doc/firewall/ to reconnect it. Have not
thoroughly tested.

[Vít Šesták]

I remember some issues with reattaching in the past, but recently, the qvm-shutdown --wait --force sys-net && qvm-start sys-net seems to be working. It can fail in some cases like when you have a paused VM (a feature that seems to cause various issues in 3.2) and it does nto work id the sys-net is shut dows from the VM itself.

You can do the same for both sys-net and sys-firewall at once. The qvm-shutdown command accepts multiple VM names. For qvm-start, you can just request start of sys-firewall, because the sys-net VM is started automatically in such case.

Regards,
Vít Šesták 'v6ak'

[haaber]

> I remember some issues with reattaching in the past, but recently, the qvm-shutdown --wait --force sys-net && qvm-start sys-net seems to be working.

This sounded even more interesting than the script. But: It does not
work in my Q4rc4 install. last experience of this type was with
sys-whonix and anon-whonix. The latter running, the former did not power
off (even with --force); after some wait I kill it, but it won't reboot:
on boot it spills out "network device with MAC ... already exists"
before dying. I had to power off anon-whonix, then restart sys-whonix.

Same thing happen with the sys-net - sys-firewall - sys-whonix -
anon-whonix chain. I need to power off all of them to get sys-net to
rebbot, which is, frankly, annoying. So finally a script is a good idea,
even if Ilpo's did not work out of the box in my install (may be a Q3.2
- Q4 issue).

Best, Bernhard

[Ivan Mitev]

FWIW on R4.0rc4 I don't need to poweroff/boot any VM depending on
sys-net: 'qvm-kill sys-net' (or clean shutdown) followed by 'qvm-start
sys-net' works perfectly well, ie. network connectivity is automatically
restored in sys-firewall and other dependent VMs.

Note that I ran 'qvm-prefs sys-firewall netvm sys-net' (once after a
complete reboot) after reading Awokd's reply, where he pointed to the
doc explaining how to reconnect sys-firewall after a sys-net crash [1].
So maybe that step is required to get "automatic" re-connection.

[1] https://www.qubes-os.org/doc/firewall/