cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/qemu-system-common/system/vm-templating.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

270 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>QEMU VM templating &mdash; QEMU Debian 1:8.2.2+ds-0ubuntu1.11 documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="../_static/theme_overrides.css?v=08e6c168" />
<link rel="shortcut icon" href="../_static/qemu_32x32.png"/>
<script src="../_static/jquery.js?v=8dae8fb0"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../_static/documentation_options.js?v=802af9f6"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../_static/custom.js?v=2ab9f71d"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="User Mode Emulation" href="../user/index.html" />
<link rel="prev" title="Confidential Guest Support" href="confidential-guest-support.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" style="background: #802400" >
<a href="../index.html" class="icon icon-home">
QEMU
<img src="../_static/qemu_128x128.png" class="logo" alt="Logo"/>
</a>
<div class="version">
8.2.2
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../about/index.html">About QEMU</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">System Emulation</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="introduction.html">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="invocation.html">Invocation</a></li>
<li class="toctree-l2"><a class="reference internal" href="device-emulation.html">Device Emulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="keys.html">Keys in the graphical frontends</a></li>
<li class="toctree-l2"><a class="reference internal" href="mux-chardev.html">Keys in the character backend multiplexer</a></li>
<li class="toctree-l2"><a class="reference internal" href="monitor.html">QEMU Monitor</a></li>
<li class="toctree-l2"><a class="reference internal" href="images.html">Disk Images</a></li>
<li class="toctree-l2"><a class="reference internal" href="virtio-net-failover.html">QEMU virtio-net standby (net_failover)</a></li>
<li class="toctree-l2"><a class="reference internal" href="linuxboot.html">Direct Linux Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="generic-loader.html">Generic Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="guest-loader.html">Guest Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="barrier.html">QEMU Barrier Client</a></li>
<li class="toctree-l2"><a class="reference internal" href="vnc-security.html">VNC security</a></li>
<li class="toctree-l2"><a class="reference internal" href="tls.html">TLS setup for network services</a></li>
<li class="toctree-l2"><a class="reference internal" href="secrets.html">Providing secret data to QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="authz.html">Client authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="gdb.html">GDB usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="replay.html">Record/replay</a></li>
<li class="toctree-l2"><a class="reference internal" href="managed-startup.html">Managed start up options</a></li>
<li class="toctree-l2"><a class="reference internal" href="bootindex.html">Managing device boot order with bootindex properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="cpu-hotplug.html">Virtual CPU hotplug</a></li>
<li class="toctree-l2"><a class="reference internal" href="pr-manager.html">Persistent reservation managers</a></li>
<li class="toctree-l2"><a class="reference internal" href="targets.html">QEMU System Emulator Targets</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="multi-process.html">Multi-process QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="confidential-guest-support.html">Confidential Guest Support</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">QEMU VM templating</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#overview">Overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="#security-alert">!!! Security Alert !!!</a></li>
<li class="toctree-l3"><a class="reference internal" href="#memory-configuration">Memory configuration</a></li>
<li class="toctree-l3"><a class="reference internal" href="#incompatible-features">Incompatible features</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#vhost-user-and-multi-process-qemu">vhost-user and multi-process QEMU</a></li>
<li class="toctree-l4"><a class="reference internal" href="#virtio-balloon">virtio-balloon</a></li>
<li class="toctree-l4"><a class="reference internal" href="#virtio-mem">virtio-mem</a></li>
<li class="toctree-l4"><a class="reference internal" href="#vm-migration">VM migration</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../user/index.html">User Mode Emulation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../tools/index.html">Tools</a></li>
<li class="toctree-l1"><a class="reference internal" href="../interop/index.html">System Emulation Management and Interoperability</a></li>
<li class="toctree-l1"><a class="reference internal" href="../specs/index.html">System Emulation Guest Hardware Specifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../devel/index.html">Developer Information</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" style="background: #802400" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">QEMU</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">System Emulation</a></li>
<li class="breadcrumb-item active">QEMU VM templating</li>
<li class="wy-breadcrumbs-aside">
<a href="https://gitlab.com/qemu-project/qemu/blob/master/docs/system/vm-templating.rst" class="fa fa-gitlab"> Edit on GitLab</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="qemu-vm-templating">
<h1>QEMU VM templating<a class="headerlink" href="#qemu-vm-templating" title="Link to this heading"></a></h1>
<p>This document explains how to use VM templating in QEMU.</p>
<p>For now, the focus is on VM memory aspects, and not about how to save and
restore other VM state (i.e., migrate-to-file with <code class="docutils literal notranslate"><span class="pre">x-ignore-shared</span></code>).</p>
<section id="overview">
<h2>Overview<a class="headerlink" href="#overview" title="Link to this heading"></a></h2>
<p>With VM templating, a single template VM serves as the starting point for
new VMs. This allows for fast and efficient replication of VMs, resulting
in fast startup times and reduced memory consumption.</p>
<p>Conceptually, the VM state is frozen, to then be used as a basis for new
VMs. The Copy-On-Write mechanism in the operating systems makes sure that
new VMs are able to read template VM memory; however, any modifications
stay private and dont modify the original template VM or any other
created VM.</p>
</section>
<section id="security-alert">
<h2>!!! Security Alert !!!<a class="headerlink" href="#security-alert" title="Link to this heading"></a></h2>
<p>When effectively cloning VMs by VM templating, hardware identifiers
(such as UUIDs and NIC MAC addresses), and similar data in the guest OS
(such as machine IDs, SSH keys, certificates) that are supposed to be
<em>unique</em> are no longer unique, which can be a security concern.</p>
<p>Please be aware of these implications and how to mitigate them for your
use case, which might involve vmgenid, hot(un)plug of NIC, etc..</p>
</section>
<section id="memory-configuration">
<h2>Memory configuration<a class="headerlink" href="#memory-configuration" title="Link to this heading"></a></h2>
<p>In order to create the template VM, we have to make sure that VM memory
ends up in a file, from where it can be reused for the new VMs:</p>
<p>Supply VM RAM via memory-backend-file, with <code class="docutils literal notranslate"><span class="pre">share=on</span></code> (modifications go
to the file) and <code class="docutils literal notranslate"><span class="pre">readonly=off</span></code> (open the file writable). Note that
<code class="docutils literal notranslate"><span class="pre">readonly=off</span></code> is implicit.</p>
<p>In the following command-line example, a 2GB VM is created, whereby VM RAM
is to be stored in the <code class="docutils literal notranslate"><span class="pre">template</span></code> file.</p>
<pre class="literal-block">qemu-system-x86_64 [...] -m 2g \
-object memory-backend-file,id=pc.ram,mem-path=template,size=2g,share=on,... \
-machine q35,memory-backend=pc.ram</pre>
<p>If multiple memory backends are used (vNUMA, DIMMs), configure all
memory backends accordingly.</p>
<p>Once the VM is in the desired state, stop the VM and save other VM state,
leaving the current state of VM RAM reside in the file.</p>
<p>In order to have a new VM be based on a template VM, we have to
configure VM RAM to be based on a template VM RAM file; however, the VM
should not be able to modify file content.</p>
<p>Supply VM RAM via memory-backend-file, with <code class="docutils literal notranslate"><span class="pre">share=off</span></code> (modifications
stay private), <code class="docutils literal notranslate"><span class="pre">readonly=on</span></code> (open the file readonly) and <code class="docutils literal notranslate"><span class="pre">rom=off</span></code>
(dont make the memory readonly for the VM). Note that <code class="docutils literal notranslate"><span class="pre">share=off</span></code> is
implicit and that other VM state has to be restored separately.</p>
<p>In the following command-line example, a 2GB VM is created based on the
existing 2GB file <code class="docutils literal notranslate"><span class="pre">template</span></code>.</p>
<pre class="literal-block">qemu-system-x86_64 [...] -m 2g \
-object memory-backend-file,id=pc.ram,mem-path=template,size=2g,readonly=on,rom=off,... \
-machine q35,memory-backend=pc.ram</pre>
<p>If multiple memory backends are used (vNUMA, DIMMs), configure all
memory backends accordingly.</p>
<p>Note that <code class="docutils literal notranslate"><span class="pre">-mem-path</span></code> cannot be used for VM templating when creating the
template VM or when starting new VMs based on a template VM.</p>
</section>
<section id="incompatible-features">
<h2>Incompatible features<a class="headerlink" href="#incompatible-features" title="Link to this heading"></a></h2>
<p>Some features are incompatible with VM templating, as the underlying file
cannot be modified to discard VM RAM, or to actually share memory with
another process.</p>
<section id="vhost-user-and-multi-process-qemu">
<h3>vhost-user and multi-process QEMU<a class="headerlink" href="#vhost-user-and-multi-process-qemu" title="Link to this heading"></a></h3>
<p>vhost-user and multi-process QEMU are incompatible with VM templating.
These technologies rely on shared memory, however, the template VMs
dont actually share memory (<code class="docutils literal notranslate"><span class="pre">share=off</span></code>), even though they are
file-based.</p>
</section>
<section id="virtio-balloon">
<h3>virtio-balloon<a class="headerlink" href="#virtio-balloon" title="Link to this heading"></a></h3>
<p>virtio-balloon inflation and “free page reporting” cannot discard VM RAM
and will repeatedly report errors. While virtio-balloon can be used
for template VMs (e.g., report VM RAM stats), “free page reporting”
should be disabled and the balloon should not be inflated.</p>
</section>
<section id="virtio-mem">
<h3>virtio-mem<a class="headerlink" href="#virtio-mem" title="Link to this heading"></a></h3>
<p>virtio-mem cannot discard VM RAM that is managed by the virtio-mem
device. virtio-mem will fail early when realizing the device. To use
VM templating with virtio-mem, either hotplug virtio-mem devices to the
new VM, or dont supply any memory to the template VM using virtio-mem
(requested-size=0), not using a template VM file as memory backend for the
virtio-mem device.</p>
</section>
<section id="vm-migration">
<h3>VM migration<a class="headerlink" href="#vm-migration" title="Link to this heading"></a></h3>
<p>For VM migration, “x-release-ram” similarly relies on discarding of VM
RAM on the migration source to free up migrated RAM, and will
repeatedly report errors.</p>
<p>Postcopy live migration fails discarding VM RAM on the migration
destination early and refuses to activate postcopy live migration. Note
that postcopy live migration usually only works on selected filesystems
(shmem/tmpfs, hugetlbfs) either way.</p>
</section>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="confidential-guest-support.html" class="btn btn-neutral float-left" title="Confidential Guest Support" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="../user/index.html" class="btn btn-neutral float-right" title="User Mode Emulation" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2025, The QEMU Project Developers.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
<!-- Empty para to force a blank line after "Built with Sphinx ..." -->
<p></p>
<p>This documentation is for QEMU version 8.2.2.</p>
<p><a href="../about/license.html">QEMU and this manual are released under the
GNU General Public License, version 2.</a></p>
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink