Sys-* VMs requirements

Hello!

I was informed in another thread, that for a update-cacher VM is enough only 200MB / 400MB memory, and probably 20GB / 30GB storage space. I checked the default created sys-net, sys-firewall qubes, and here is my question:
Am i able to lower down the default values of these qubes? If yes, how much? Can i add to them let’s say 1 vcpu instead of the default 2 vcpus? Or is it matter if the template is normal or minimal system?

And to ask a more general question about these qubes:
Does anyone have a working configuration for what are the minimum values that can still be safely set to the different sys-* VMs?

Thanks any help!

Hello!

I was informed in another thread, that for a update-cacher VM is enough only 200MB / 400MB memory, and probably 20GB / 30GB storage space. I checked the default created sys-net, sys-firewall qubes, and here is my question:
Am i able to lower down the default values of these qubes? If yes, how much? Can i add to them let’s say 1 vcpu instead of the default 2 vcpus? Or is it matter if the template is normal or minimal system?

Yes - as low as you can go without impacting performance.
Both memory and vcpu.

And to ask a more general question about these qubes:
Does anyone have a working configuration for what are the minimum values that can still be safely set to the different sys-* VMs?

This will depend on your use, and your hardware.
Certainly, sys+ can run below 400 - easily at 300 or less. But
there’s a minimum required for successful start. The lowest I’m running
qubes is 150, but my use case is likely different from yours.

But, changing these parameters takes you to intermediate level Qubes -
for most users the defaults and Qubes memory allocation are fine, and
need not be changed.

1 Like

Thanks!

I think i will be experiment than.


I’m still interested if anyone have any configuration just to see how others using their own.

I run close to 20 qubes in 16G and one does need to manage memory carefully - all sys- qubes are fixed memory, 1 vcpu and handles wire speed 100Mb/s from the internet fine (67% cpu on sys-net, 3G3 i7). vpn qubes are 120MB, sys-net 240MB, sys-firewall 250MB (needs bit extra for updates), sys-usb 200MB. I do use deb-10-min for all sys-* qubes. Running 1300MB dom0. Tips:

  1. “systemctl mask qubes-update-check” in rc.local as apt/yum will blow up and swap everything out (also packagekit)
  2. If less than 200MB use qrexec-client from dom0 for admin, above can use xterm. If you accidentally OOM X in a VM then dom0 gets unhappy running set-client-monitor in that VM using 12% of its CPU (bug)
  3. keep an eye on VBD_OO column in xentop, anything much there indicates excessive swapping
  4. Always fix memory for smaller VMs as the initial mem is not a minimum and can get wound back during startup causing swapping lock up
2 Likes

I running my sys-net (type) VM’s on 1 vCPU and 300Mb RAM without isues, but using minimal templates.

According to my experience: going lower that this may cause issues and/or needs more tweaks.

2 Likes