On 03/27/2017 07:10 AM, Jane Jok wrote: > Okay, so here's the gist: > > I have a configured netvm and firewallvm > > I don't need to be able to properly run a terminal there most of the time > because everything I wanted to do, is already done there (scripts, firewall > rules, etc etc etc etc) > > I am running this qubes install on a laptop so RAM is like, in great demand. > > Wanted to trim off a few more MB RAM from each of my firewallvms and some > other servicevms I have (USB, etc). > > Seems like running VM at equivalent of init 3 should be possible, however, > trying to run init3 command or any flavor of systemctl isolate > multi-user.target does not produce desired result (Xorg still runs, it seems) > > So the questions are > > 1) is it possible to configure a VM to run a "minimum" set of services a-la > init 3 without all the fancy GUI stuff? > > 2) how to return it to "normal" operation (by using the "run a command in vm" > functionality perhaps) if I temporarily need the GUI again? > That is an interesting question. I don't know the answer myself (though I would like to know too, just for curiosity's sake), but here are some RAM saving tips instead:
- For your service VMs, make sure to limit the upper RAM amounts. For example, by default, sys-firewall's upper limit for RAM will be like 4GB; you can cut that down to 300-400 MB, and you might be able to bump down the lower limit to 250 MB (if it doesn't start up properly from cold boot, then bump that lower limit up until it does). - In fact, take a look at all of your Template and App VMs and adjust those upper RAM limits accordingly. For my Template VMs, I usually have their upper limits at 2GB or less, since they rarely need more than 1-1.5 GB when updating. - If you don't use the advanced features of the Qubes firewall (for example, to restrict an Email VM or Banking VM to only allow traffic to certain websites and not others using Qubes Manager to configure those rules), you can switch to using Qubes Mirage Firewall which uses a Mirage unikernel rather than a full-blown Linux distribution. I have mine running on 64MB of RAM, but you could probably go down to as low as 30 or 32MB and still have it be reliable. If you *do* use those advanced firewall features, you could still use Mirage Firewall for most VMs, and only turn on sys-firewall for those VMs that need it on demand, rather than having it run all the time: https://github.com/talex5/qubes-mirage-firewall/ - Finally, if for whatever reason you need a shell into a VM (for example, the machine is on but it has the yellow indicator in Qubes Manager and it won't launch any programs), you can use virsh in dom0: virsh -c xen:/// console <vm-name> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/obb5mo%24stu%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
