From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38653) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAgk0-000641-EH for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:17:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YAgjw-0002PC-DP for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:17:16 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36169) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YAgjw-0002P8-5W for qemu-devel@nongnu.org; Mon, 12 Jan 2015 10:17:12 -0500 Message-ID: <54B3E571.70008@redhat.com> Date: Mon, 12 Jan 2015 08:17:05 -0700 From: Eric Blake MIME-Version: 1.0 References: <201501121549354944503@sangfor.com.cn> In-Reply-To: <201501121549354944503@sangfor.com.cn> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2q4KhcWeoejQJJ74IHCNQLA9pcRVuDElM" Subject: Re: [Qemu-devel] How to clone a running vm? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Zhang Haoyu , qemu-devel Cc: Paolo Bonzini , Fam Zheng , Stefan Hajnoczi This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2q4KhcWeoejQJJ74IHCNQLA9pcRVuDElM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/12/2015 12:49 AM, Zhang Haoyu wrote: > Hi, >=20 > I want to clone a running vm without shutoff, A number of people have expressed a desire to do this. But PLEASE consider the security implications. If you have two guests running from the same initial running state, without sanitizing at least one of the guests, then you have set yourself up for major security breaches if the two guests can be accessed on the same network. Things you need to sanitize include, but are not limited to, all guest OS random number seeding, IP addresses, UUIDs, ssh keys, etc. > can below method work? > 1) create a snapshot for the vm > 2) create a new qcow2 image from the snapshot, but how? > 3) use the new qcow2 image as backing image to clone vms While you can indeed create a qcow2 image from a running guest, I highly suggest scrubbing and sanitizing that image before cloning new VMs that use that state; and that your new guests be booted from scratch rather than attempting to live-boot the cloned guests. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --2q4KhcWeoejQJJ74IHCNQLA9pcRVuDElM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJUs+VxAAoJEKeha0olJ0Nq0tQH/ic/mKV3jFYRPBSnMSjDN99f CpDdH7we4KPTpncsLOKrnDGrytp7x4sG3hDO7nYxDCFScWtrPNmQKqLYZ60XiO3X itdO+JS/uCPeZisjsu7jjSuKbi3CD0vjiwzHGTVDm4q66prm1r6ydQ5odf7+eTJi y4dZ36puj1KTT5fgUek2+to59bEPk61T4jsDyX2iEVM8+obBqAU9NZFGFaeWusA6 WuwTBzf3MLxypJ+V+6Zk4fUS8+I2Hs0MMXD8ENFoXrDIcA3xoJHilE4x+PqOCWWk 6lW/rSUp33I4zx8MXVwc+nuEmVsf8ftvzl6Oro7rHPjkQBppsSsFQtrQ2rvuP8c= =Femz -----END PGP SIGNATURE----- --2q4KhcWeoejQJJ74IHCNQLA9pcRVuDElM--