From 80a85f363c72a2a88eb06b9bd8ffc5b8a96d9c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 23 Apr 2015 06:27:10 +0200 Subject: [PATCH] R3.0rc1 installation guide --- InstallationGuideR3.0rc1.md | 93 +++++++++++++++++++++++++ UpgradeToR3.0rc1.md | 132 ++++++++++++++++++++++++++++++++++++ 2 files changed, 225 insertions(+) create mode 100644 InstallationGuideR3.0rc1.md create mode 100644 UpgradeToR3.0rc1.md diff --git a/InstallationGuideR3.0rc1.md b/InstallationGuideR3.0rc1.md new file mode 100644 index 00000000..820234a2 --- /dev/null +++ b/InstallationGuideR3.0rc1.md @@ -0,0 +1,93 @@ +--- +layout: doc +title: Installation Guide for Qubes 3.0 rc1 +permalink: /doc/InstallationGuideR3.0rc1/ +--- + +Installation Guide for Qubes Release 3.0 rc1 +============================================ + +1. [Hardware Requirements](#hardware-requirements) +2. [Download installer ISO](#download-installer-iso) +3. [Burning the ISO onto a DVD or USB stick](#burning-the-iso-onto-a-dvd-or-usb-stick) +4. [Upgrading](#upgrading) +5. [Troubleshooting problems with the installer](#Troubleshootingproblemswiththeinstaller) +6. [Known Issues](#KnownIssues) +7. [Getting Help](#GettingHelp) + +Hardware Requirements +--------------------- + +Please see the [Hardware Compatibility List](/hcl/) page for more information on required and recommended hardware. + +Note: We don't recommend installing Qubes in a virtual machine! It will likely not work. Don't send emails asking about it. However, you can install it on an external USB hard drive and run from it, at least for testing (normally such disks are *orders* of magnitude slower than even the slowest internal hard drives). + +Download installer ISO +---------------------- + +See [this page](/doc/QubesDownloads/) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/doc/VerifyingSignatures/) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO: + + gpg -v Qubes-R3.0-rc1-x86_64-DVD.iso.asc + +Burning the ISO onto a DVD or USB stick +--------------------------------------- + +Once you verify this is an authentic ISO, you should burn it on a DVD. + +If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd: + + dd if=Qubes-R3.0-rc1-x86_64-DVD.iso of=/dev/sdX + +On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator): + + dd if=Qubes-R3.0-rc1-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress + +**Be sure to use a correct device as the target in the dd command above (instead of sdX or Harddisk1)** + +Before proceeding with the installation, you are encouraged to first read all the information on this page, especially the *Known Issues* paragraph. + +Then, when finally ready, boot your system from the installer DVD and follow the instructions on screen. The installer is very simple and asks very few questions -- it's actually easier to install Qubes right now than most other Linux distributions! + +The installer loads Xen right at the beginning, so chances are high that if you can see the installer's graphical screen, Qubes will work on your system :) + +Upgrading +--------- + +The easiest and safest way to upgrade to Qubes R3.0rc1 is to install it from scratch and use [qubes backup and restore tools](/doc/BackupRestore/) for migrating of all of the user VMs. + +Users or Qubes R2 can upgrade using experimental procedure that has been described [here](/doc/UpgradeToR3.0rc1/). + +Troubleshooting problems with the installer +------------------------------------------- + +If the installer fails for some reason, typically because of the graphics card not being correctly supported, it is possible to try booting the installer with a different kernel -- to do that, choose Troubleshooting menu in the Installer Welcome screen, and later choose an option to proceed with one of the kernels provided. + +The installer ships with 4 different kernels (3.12, 3.11, 3.9 and 3.7) and all those kernel will be installed (regardless of which is selected to run the installer) so it is later always possible to boot the Qubes OS using any of those kernels. + +Known Issues +------------ + +- There is no Qubes Windows Tools for Qubes R3.0 yet. We are working on this + +- UEFI is not supported, you need to enable "legacy boot" in BIOS before installing Qubes OS + +- Some icons in the Qubes Manager application might not be drawn correctly when using the Xfce4 environment in Dom0. If this bothers you, please use the KDE environment instead. + +- If your GPU is not correctly supported by the Dom0 kernel (e.g. the 3D desktop effects do not run smoothly) then you might experience "heaviness" with Windows 7-based AppVMs. In that case, please solve the problem with your GPU support in Dom0 in the first place (by using a different kernel), or install Qubes OS on a different system. + +- For other known issues take a look at [​our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+3%22+label%3Abug) + +It is advised to install updates just after system installation to apply bug fixes for (some of) the above problems. + +Getting Help +------------ + +- **User manuals are [here](/doc/UserDoc/).** (Strongly recommended!) + +- Developers documentation (normally not needed by users) is [here](/doc/SystemDoc/) + +- If you don't find answer in the sources given above, write to the *qubes-users* mailing list (you don't need to be subscribed to the list, just send email to the address given below): + - [https://groups.google.com/group/qubes-users](https://groups.google.com/group/qubes-users) + - `qubes-users@googlegroups.com` + +- Please do not write email to individual developers (Marek, Joanna, etc) asking questions about installation or other problems. Please send all such questions to the mailing list. diff --git a/UpgradeToR3.0rc1.md b/UpgradeToR3.0rc1.md new file mode 100644 index 00000000..8b94c868 --- /dev/null +++ b/UpgradeToR3.0rc1.md @@ -0,0 +1,132 @@ +--- +layout: doc +title: Upgrade to R3.0 rc1 +permalink: /doc/UpgradeToR3.0rc1/ +--- + +Upgrading Qubes R2 to R3.0-rc1 +====================================== + +Current Qubes R3.0-rc1 (R3.0rc1) systems can be upgraded in-place to the latest R3.0 release candidate by following the procedure below. However, upgrading in-place is riskier than performing a clean installation, since there are more things which can go wrong. For this reason, **we strongly recommended that users perform a [clean installation](/doc/InstallationGuideR3.0rc1/) of Qubes R3.0 rc1**. + +**Before attempting either an in-place upgrade or a clean installation, we strongly recommend that users back up the system by using the built-in [backup tool](/doc/BackupRestore/).** + +Experienced users may be comfortable accepting the risks of upgrading in-place. Such users may wish to first attempt an in-place upgrade. If nothing goes wrong, then some time and effort will have been saved. If something does go wrong, then the user can simply perform a clean installation, and no significant loss will have occurred (as long as the user [backed up](/doc/BackupRestore/) correctly!). + +Upgrade all Template and Standalone VM(s) +----------------------------------------- + +By default, in Qubes R2, there is only one Template VM, however users are free to create more Template VMs for special purposes, as well as Standalone VMs. More information on using multiple Template VMs, as well as Standalone VMs, can be found [here](/doc/SoftwareUpdateVM/). The steps described in this section should be repeated in **all** user's Template and Standalone VMs. + +It is critical to complete this step **before** proceeding to dom0 upgrade. Otherwise you will most likely ends with unusable system. + +### Upgrade Fedora template: + +1. Open terminal in the template VM (or standalone VM). E.g. use the Qubes Manager's right-click menu and choose Run Command in VM and type `gnome-terminal` there. +2. Install `qubes-upgrade-vm` package: + + sudo yum install qubes-upgrade-vm + +3. Proceed with normal update in the template: + + sudo yum update + + You'll need to accept "Qubes Release 3 Signing Key" - it is delivered by signed qubes-upgrade-vm package (verify that the message is about local file), so you don't need to manually verify it. + +4. Shutdown the template VM. + +### Upgrade Debian template: + +1. Open terminal in the template VM (or standalone VM). E.g. use the Qubes Manager's right-click menu and choose Run Command in VM and type `gnome-terminal` there. +2. Update repository definition: + + sudo cp /etc/apt/sources.list.d/qubes-r2.list + /etc/apt/sources.list.d/qubes-r3-upgrade.list + sudo sed -i 's/r2/r3.0/' /etc/apt/sources.list.d/qubes-r3-upgrade.list + +3. Proceed with normal update in the template: + + sudo apt-get update + sudo apt-get dist-upgrade + + There will be some error messages during the process, but our tests + Update of `qubesdb-vm` package will lo (after 3min timeout), but you can ignore this problem for now. After completing + +4. Shutdown the template VM. + +Upgrading dom0 +-------------- + +Be sure to do steps described in this section after *all* your template and standalone VMs got updated as described in the section above. Also make sure you haven't shutdown any of: netvm, firewallvm, fedora-18-x64 (or to be more precise: template which your netvm and firewallvm is based on). + +1. Open terminal in Dom0. E.g. Start-\>System Settings-\>Konsole. +2. Upgrade the `qubes-release` package to the latest version which brings in new repo definitions and R2 signing keys: + + sudo qubes-dom0-update qubes-release + + This should install `qubes-release-2-12` in your Dom0. + +3. Upgrade dom0 to R3.0: + + sudo qubes-dom0-update --releasever=3.0 + + After this step, until you reboot the system, most of the qvm-* tools will not work. + +4. If above step completed successfully you should have `qubes-core-dom0` at least 3.0.8. If not, repeat above step with additional `--clean` option. + +5. Reboot the system. + + It may happen that the system hang during the reboot. Hard reset the system in such case, all the filesystems are unmounted at this stage. + +Please note that if you use Anti Evil Maid, then it won't be able to unseal the passphrase this time, because the Xen, kernel, and initramfs binaries have changed. Once the system boots up again, you could reseal your Anti Evil Maid's passphrase to the new configuration. Please consult Anti Evil Maid documentation for explanation on how to do that. + +Now, when you have dom0 upgraded, you can install new templates from Qubes R3.0 repositories. Especially Fedora 21 - default Qubes R3.0 template: + sudo qubes-dom0-update qubes-template-fedora-21 + +Upgrading template on already upgraded dom0 +------------------------------------------- + +When for some reason you did not upgraded all the templates and standalone VMs before upgrading dom0, you can still do this, but it will be somehow more complicated. This can be a case when you restore backup done on Qubes R2. + +When you start R2 template/standalone VM on R3.0, there will be some limitations: +1. qrexec will not connect (you will see an error message during VM startup) +2. GUI will not connect - you will not see any VM window +3. VM will not be configured - especially it will not have network access + +Because of above limitations, you will need to configure some of those manually. The instruction assumes the VM name is `custom-template`, but the same instructions can be applied to a standalone VM. + +1.Check the VM network parameters, you will need them later: +``` +[user@dom0 ~]$ qvm-ls -n custom-template +-------------------+----+--------+-------+------+-------------+-------+-------------+---------+-------------+ + name | on | state | updbl | type | netvm | label | ip | ip back | gateway/DNS | +-------------------+----+--------+-------+------+-------------+-------+-------------+---------+-------------+ + [custom-template] | | Halted | Yes | Tpl | *firewallvm | black | 10.137.1.53 | n/a | 10.137.1.1 | + +``` +2.Start the VM from command line: +``` +[user@dom0 ~]$ qvm-start custom-template +--> Loading the VM (type = TemplateVM)... +--> Starting Qubes DB... +--> Setting Qubes DB info for the VM... +--> Updating firewall rules... +--> Starting the VM... +--> Starting the qrexec daemon... +Waiting for VM's qrexec agent.............................................................Cannot connect to 'custom-template' qrexec agent for 60 seconds, giving up +ERROR: Cannot execute qrexec-daemon! +``` +You can interrupt with Ctrl-C that qrexec waiting process. + +3.Access VM console: + + [user@dom0 ~]$ virsh -c xen:/// console custom-template + +4.Configure network according to parameters retrieved in first step: + + ip addr add 10.137.1.53/32 dev eth0 + ip route add 10.137.1.1/32 dev eth0 + ip route add via 10.137.1.1 + echo nameserver 10.137.1.1 > /etc/resolv.conf + +5.Proceed with normal upgrade instruction described on this page.