From: David Hildenbrand <david@redhat.com>
To: qemu-devel@nongnu.org
Cc: "David Hildenbrand" <david@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [GIT PULL 09/12] docs: Start documenting VM templating
Date: Tue, 19 Sep 2023 12:30:26 +0200 [thread overview]
Message-ID: <20230919103029.235736-10-david@redhat.com> (raw)
In-Reply-To: <20230919103029.235736-1-david@redhat.com>
Let's add some details about VM templating, focusing on the VM memory
configuration only.
There is much more to VM templating (VM state? block devices?), but I leave
that as future work.
Message-ID: <20230906120503.359863-10-david@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
---
MAINTAINERS | 1 +
docs/system/index.rst | 1 +
docs/system/vm-templating.rst | 125 ++++++++++++++++++++++++++++++++++
3 files changed, 127 insertions(+)
create mode 100644 docs/system/vm-templating.rst
diff --git a/MAINTAINERS b/MAINTAINERS
index 00562f924f..3cf53553fc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2963,6 +2963,7 @@ M: Igor Mammedov <imammedo@redhat.com>
S: Maintained
F: backends/hostmem*.c
F: include/sysemu/hostmem.h
+F: docs/system/vm-templating.rst
T: git https://gitlab.com/ehabkost/qemu.git machine-next
Cryptodev Backends
diff --git a/docs/system/index.rst b/docs/system/index.rst
index 45bf1f19e7..c21065e519 100644
--- a/docs/system/index.rst
+++ b/docs/system/index.rst
@@ -38,3 +38,4 @@ or Hypervisor.Framework.
security
multi-process
confidential-guest-support
+ vm-templating
diff --git a/docs/system/vm-templating.rst b/docs/system/vm-templating.rst
new file mode 100644
index 0000000000..28905a1eeb
--- /dev/null
+++ b/docs/system/vm-templating.rst
@@ -0,0 +1,125 @@
+QEMU VM templating
+==================
+
+This document explains how to use VM templating in QEMU.
+
+For now, the focus is on VM memory aspects, and not about how to save and
+restore other VM state (i.e., migrate-to-file with ``x-ignore-shared``).
+
+Overview
+--------
+
+With VM templating, a single template VM serves as the starting point for
+new VMs. This allows for fast and efficient replication of VMs, resulting
+in fast startup times and reduced memory consumption.
+
+Conceptually, the VM state is frozen, to then be used as a basis for new
+VMs. The Copy-On-Write mechanism in the operating systems makes sure that
+new VMs are able to read template VM memory; however, any modifications
+stay private and don't modify the original template VM or any other
+created VM.
+
+!!! Security Alert !!!
+----------------------
+
+When effectively cloning VMs by VM templating, hardware identifiers
+(such as UUIDs and NIC MAC addresses), and similar data in the guest OS
+(such as machine IDs, SSH keys, certificates) that are supposed to be
+*unique* are no longer unique, which can be a security concern.
+
+Please be aware of these implications and how to mitigate them for your
+use case, which might involve vmgenid, hot(un)plug of NIC, etc..
+
+Memory configuration
+--------------------
+
+In order to create the template VM, we have to make sure that VM memory
+ends up in a file, from where it can be reused for the new VMs:
+
+Supply VM RAM via memory-backend-file, with ``share=on`` (modifications go
+to the file) and ``readonly=off`` (open the file writable). Note that
+``readonly=off`` is implicit.
+
+In the following command-line example, a 2GB VM is created, whereby VM RAM
+is to be stored in the ``template`` file.
+
+.. parsed-literal::
+
+ |qemu_system| [...] -m 2g \\
+ -object memory-backend-file,id=pc.ram,mem-path=template,size=2g,share=on,... \\
+ -machine q35,memory-backend=pc.ram
+
+If multiple memory backends are used (vNUMA, DIMMs), configure all
+memory backends accordingly.
+
+Once the VM is in the desired state, stop the VM and save other VM state,
+leaving the current state of VM RAM reside in the file.
+
+In order to have a new VM be based on a template VM, we have to
+configure VM RAM to be based on a template VM RAM file; however, the VM
+should not be able to modify file content.
+
+Supply VM RAM via memory-backend-file, with ``share=off`` (modifications
+stay private), ``readonly=on`` (open the file readonly) and ``rom=off``
+(don't make the memory readonly for the VM). Note that ``share=off`` is
+implicit and that other VM state has to be restored separately.
+
+In the following command-line example, a 2GB VM is created based on the
+existing 2GB file ``template``.
+
+.. parsed-literal::
+
+ |qemu_system| [...] -m 2g \\
+ -object memory-backend-file,id=pc.ram,mem-path=template,size=2g,readonly=on,rom=off,... \\
+ -machine q35,memory-backend=pc.ram
+
+If multiple memory backends are used (vNUMA, DIMMs), configure all
+memory backends accordingly.
+
+Note that ``-mem-path`` cannot be used for VM templating when creating the
+template VM or when starting new VMs based on a template VM.
+
+Incompatible features
+---------------------
+
+Some features are incompatible with VM templating, as the underlying file
+cannot be modified to discard VM RAM, or to actually share memory with
+another process.
+
+vhost-user and multi-process QEMU
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+vhost-user and multi-process QEMU are incompatible with VM templating.
+These technologies rely on shared memory, however, the template VMs
+don't actually share memory (``share=off``), even though they are
+file-based.
+
+virtio-balloon
+~~~~~~~~~~~~~~
+
+virtio-balloon inflation and "free page reporting" cannot discard VM RAM
+and will repeatedly report errors. While virtio-balloon can be used
+for template VMs (e.g., report VM RAM stats), "free page reporting"
+should be disabled and the balloon should not be inflated.
+
+virtio-mem
+~~~~~~~~~~
+
+virtio-mem cannot discard VM RAM that is managed by the virtio-mem
+device. virtio-mem will fail early when realizing the device. To use
+VM templating with virtio-mem, either hotplug virtio-mem devices to the
+new VM, or don't supply any memory to the template VM using virtio-mem
+(requested-size=0), not using a template VM file as memory backend for the
+virtio-mem device.
+
+VM migration
+~~~~~~~~~~~~
+
+For VM migration, "x-release-ram" similarly relies on discarding of VM
+RAM on the migration source to free up migrated RAM, and will
+repeatedly report errors.
+
+Postcopy live migration fails discarding VM RAM on the migration
+destination early and refuses to activate postcopy live migration. Note
+that postcopy live migration usually only works on selected filesystems
+(shmem/tmpfs, hugetlbfs) either way.
--
2.41.0
next prev parent reply other threads:[~2023-09-19 10:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-19 10:30 [GIT PULL 00/12] Host Memory Backends and Memory devices queue 2023-09-19 David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 01/12] nvdimm: Reject writing label data to ROM instead of crashing QEMU David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 02/12] softmmu/physmem: Distinguish between file access mode and mmap protection David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 03/12] backends/hostmem-file: Add "rom" property to support VM templating with R/O files David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 04/12] softmmu/physmem: Remap with proper protection in qemu_ram_remap() David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 05/12] softmmu/physmem: Bail out early in ram_block_discard_range() with readonly files David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 06/12] softmmu/physmem: Fail creation of new files in file_ram_open() with readonly=true David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 07/12] softmmu/physmem: Never return directories from file_ram_open() David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 08/12] docs: Don't mention "-mem-path" in multi-process.rst David Hildenbrand
2023-09-19 10:30 ` David Hildenbrand [this message]
2023-09-19 10:30 ` [GIT PULL 10/12] softmmu/physmem: Hint that "readonly=on, rom=off" exists when opening file R/W for private mapping fails David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 11/12] machine: Improve error message when using default RAM backend id David Hildenbrand
2023-09-19 10:30 ` [GIT PULL 12/12] memory: avoid updating ioeventfds for some address_space David Hildenbrand
2023-09-19 19:13 ` [GIT PULL 00/12] Host Memory Backends and Memory devices queue 2023-09-19 Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230919103029.235736-10-david@redhat.com \
--to=david@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).