From: Eric Blake <eblake@redhat.com>
To: Zhang Haoyu <zhanghy@sangfor.com.cn>, qemu-devel <qemu-devel@nongnu.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Fam Zheng <famz@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [Qemu-devel] How to clone a running vm?
Date: Mon, 12 Jan 2015 08:17:05 -0700 [thread overview]
Message-ID: <54B3E571.70008@redhat.com> (raw)
In-Reply-To: <201501121549354944503@sangfor.com.cn>
[-- Attachment #1: Type: text/plain, Size: 1142 bytes --]
On 01/12/2015 12:49 AM, Zhang Haoyu wrote:
> Hi,
>
> I want to clone a running vm without shutoff,
A number of people have expressed a desire to do this. But PLEASE
consider the security implications. If you have two guests running from
the same initial running state, without sanitizing at least one of the
guests, then you have set yourself up for major security breaches if the
two guests can be accessed on the same network.
Things you need to sanitize include, but are not limited to, all guest
OS random number seeding, IP addresses, UUIDs, ssh keys, etc.
> can below method work?
> 1) create a snapshot for the vm
> 2) create a new qcow2 image from the snapshot, but how?
> 3) use the new qcow2 image as backing image to clone vms
While you can indeed create a qcow2 image from a running guest, I highly
suggest scrubbing and sanitizing that image before cloning new VMs that
use that state; and that your new guests be booted from scratch rather
than attempting to live-boot the cloned guests.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
prev parent reply other threads:[~2015-01-12 15:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-12 7:49 [Qemu-devel] How to clone a running vm? Zhang Haoyu
2015-01-12 8:15 ` Zhang Haoyu
2015-01-12 9:13 ` Paolo Bonzini
2015-01-12 15:17 ` Eric Blake [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B3E571.70008@redhat.com \
--to=eblake@redhat.com \
--cc=famz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=zhanghy@sangfor.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).