[libvirt-users] converting save/dump output into physical memory image
by Andrew Tappert
A lot of people in the security community, myself included, are
interested in memory forensics these days. Virtualization is a natural
fit with memory forensics because it allows one to get access to a
guest's memory without having to introduce any extra software into the
guest or otherwise interfere with it. Incident responders are
particularly interested in getting memory dumps from systems they're
investigating.
Virsh has "save" and "dump" commands for storing the state of a guest to
a file on disk, but memory of KVM guests doesn't get saved in the
"standard" input format for memory forensics tools, which is a raw
physical memory image. (This is what you'd get via the classical "dd
/dev/mem" approach or the contemporary equivalent using the crash
driver; and VMware Server and Workstation produce .vmem files, which are
such raw physical memory images, when a guest is paused or snapshotted.)
In order to analyze the memory of Libvirt/KVM guests with my Linux
memory forensics software, Second Look, I've created a tool for
converting Libvirt-QEMU-save files (output of virsh save command) or
QEMU-savevm files (output of virsh dump command) to raw physical memory
images.
I've got a basic working capability, though I'm still tracking down some
problems with a guest allocated 8GB RAM--not all the memory seems to be
present in the save or dump file. And I haven't tested very extensively
yet, version support is limited to what I myself am currently running, etc.
I'd like to know if this is a capability that others are interested in.
Is this something that would be of interest to the Libvirt project if I
were to contribute the code, or to the KVM project, or do you think it
best exists as a separate project?
I've also got a proof-of-concept tool for converting hibernate images to
raw physical memory images. Perhaps a collection of tools for
converting various memory dump formats would be a good project. Anyone
else interested in this kind of stuff? As an author of commercial
memory forensics software I've got a vested interest in availability of
good memory acquisition capabilities. But there are a number of people
working on FOSS Linux memory analysis tools, too...
Andrew
12 years, 5 months
Re: [libvirt-users] ruby-libvirt 0.4.0
by Chris Lalancette
On 07/29/11 - 09:34:17AM, David M. Barlieb wrote:
> Hi, I'm fairly new to using libvirt. I have RHEL6 servers running KVM
> virtual environment. As I understand it, libvirt provides the tools to
> the KVM environment so that I can create domains or virtual guests. So,
> that being said, what does this ruby-libvirt provide me or enhance given
> my current setup.
>
>
>
> I'll understabnd if this is a little rudimentary but I really do not
> know who or where else to ask these types of question. I get quite a bit
> of email from the libvirt-users groups about libvirt and really have no
> idea if I can or should put any of these into my current setup, or if I
> should be asking RedHat this.
>
>
>
> I certainly wouldn't mind testing and contributing to these effort to
> enhance the libvirt tools and KVM hypervisor but think I need a better
> understanding of exactly how libvirt and KVM interact and what the
> enhancements bring to the table.
In the future it is usually best to keep one of the lists on an email; that
way, if I'm away or not responding, someone else can help you. I've added
libvirt-users to this response.
In any case, you have the right idea. Libvirt is a control plane for various
different virtualization solutions. Arguably the most popular virtualization
solution that libvirt can control is KVM, but it can also manage Xen, VMware
ESX, LXC (linux containers), UML, etc.
Libvirt provides both tools (like virsh and libvirtd) and APIs for interacting
with virtual machines. The APIs are things like virDomainShutdown(),
virDomainReboot(), etc. The ruby-libvirt package is a thin wrapper around
these APIs, so that you can use this functionality from ruby programs. That
is, you would be able to do something like:
dom.reboot
dom.shutdown
from your ruby programs. There are also bindings for other languages such
as python, php, and perl.
There is a lot more information at http://libvirt.org, and there is more
information specifically about the ruby bindings at http://libvirt.org/ruby
--
Chris Lalancette
13 years
[libvirt-users] RAID1 over IP?
by David Ehle
I asksed about this in November last year but got on response. Anyone
have any ideas now?
Does anyone here have any experience with using KVM/libvirt with RAID1
over IP/DRBD or other HA solution?
I'm trying to figure out the hardware configuration I would need to be
able to survive a failure or planned shutdown of any one unit in a
virtualization cluster.
KVM/libvirt makes moving running VM's from one host to another a no
brainer, but I'm trying to figure out the right way to be able to take a
the storage backend for maintenance without disrupting the VMs.
Right now I'm thinking something like KVM + libvirt + heartbeat/corosync +
pacemaker + DBRM on Ubuntu 10.04 with 3 or 4 nodes - 2 hosts, 2 storage,
or 1 host, 1 host + storage, 1 storage.
Any thoughts?
Thanks!
13 years, 2 months
[libvirt-users] Using libvirt with a preexisting network infrastructure
by Vegard Vesterheim
I have a server running Ubuntu natty (libvirt 0.8.8) with separate
ethernet interfaces. I have created an unnumbered bridge for each
interface, these are connected to an already established network
infrastructure, with preexisting DHCP and DNS services.
I would like to handle *establishment* of these bridges outside libvirt
(via /etc/network/interfaces), but still have them defined as networks
within libvirt. So, libvirt shall not *configure* the bridges, just be
aware of their existence and connect each VM to its configured
bridge. This way I can use virt-manager/libvirt to connect my virtual
hosts to the correct network. The libvirt commands net-start,
net-destroy would become no-ops. It seems that libvirt is geared towards
handling all network configuration itself, but I do not need help from
libvirt for establishing the bridges, DHCP and DNS.
I know that I can edit the <interface> element in the VM XML-files
after creation, to assign a virtual host to a bridge, like
this:
<interface type='bridge'>
<source bridge='br22'/>
....
</interface>
This works, but I would like to do this with libvirt mechanisms. Is this
possible?
- Vegard V -
13 years, 3 months
[libvirt-users] Custom storage pools/volumes
by Mohammed Naser
Hello everyone,
We're currently working with using libvirt as an abstract API to make our dealings with other hypervisors far easier and faster, however, we have our own storage API that connects/disconnects and makes LUNs available over iSCSI with iSER.
We would have loved to use a storage pool however our system implements a one target per LUN/VDI, therefore, we'd have to create a pool for each server.
We really would like to utilize the virStorageVolDownload / virStorageVolUpload API calls, however, it seems that those would only work if the storage volume is within a pool.
Is there a way we could possibly define a storage volume without a pool or will we have to create a storage pool for each individual volume?
Thank you,
Mohammed Naser
http://vexxhost.com
13 years, 3 months
[libvirt-users] UID/GID for qemu & kvm
by Jeff
We use AD infrastructure for user/group management, and GID 107 is already in use. Can I create an AD entry for the kvm and qemu groups with different GIDs, as well as the qemu user/UID? From looking at the libvirt package, it appears it does a getent to see if these exist and, if not, creates them locally, so I assume adding them to AD is ok - and that the GID/UID specified in the package isn't explicitly necessary. Just looking for verification.
- Jeff
13 years, 4 months
[libvirt-users] ANNOUNCE: ruby-libvirt 0.4.0
by Chris Lalancette
All,
I'm pleased to announce the release of ruby-libvirt 0.4.0. ruby-libvirt
is a ruby wrapper around the libvirt API. Version 0.4.0 brings new APIs, more
documentation, and bugfixes:
* Updated Domain class, implementing dom.memory_parameters=,
dom.memory_parameters, dom.updated?, dom.migrate2, dom.migrate_to_uri2,
dom.migrate_set_max_speed, dom.qemu_monitor_command, dom.blkio_parameters,
dom.blkio_parameters=, dom.state, dom.open_console, dom.screenshot, and
dom.inject_nmi
* Implementation of the Stream class, which covers the libvirt virStream APIs
* Add the ability to build against non-system libvirt libraries
* Updated Error object, which now includes the libvirt code, component and
level of the error, as well as all of the error constants from libvirt.h
* Updated Connect class, implementing conn.sys_info, conn.stream,
conn.interface_change_begin, conn.interface_change_commit, and
conn.interface_change_rollback
* Updated StorageVol class, implementing vol.download and vol.upload
* Various bugfixes
Version 0.4.0 is available from http://libvirt.org/ruby:
Tarball: http://libvirt.org/ruby/download/ruby-libvirt-0.4.0.tgz
Gem: http://libvirt.org/ruby/download/ruby-libvirt-0.4.0.gem
It is also available from rubygems.org; to get the latest version, run:
$ gem install ruby-libvirt
As usual, if you run into questions, problems, or bugs, please feel free to
mail me (clalance(a)redhat.com) and/or the libvirt mailing list.
--
Chris Lalancette
13 years, 4 months
[libvirt-users] management tools for kvm
by David M. Barlieb
I have been installing kvm guests on a number of hosts and have been
managing them through a single virt manager on one of the hosts. I am
looking for a tool that will allow me to manage them from a windows
workstation, possibly using a web interface. Everything I've looked at
and read about seems to require a linux workstation to install on, like
oVirt or ConVirt. I am looking for a product that can run on a windows
workstation using either firefox or ie.
dave
13 years, 4 months
[libvirt-users] Seg fault in 0.9.4-rc1
by Whit Blauvelt
Hi,
Using virt-manager, asking to migrate a kvm domain from the same box
virt-manager is running on to another consistently results in libvirtd
faulting on the local box. Migration in the other direction, from the second
box to the box virt-manager is on, works fine.
A libvirtd log made with debug=1 is at
http://transpect.com/debug/libvirtd_segfault.log
It was doing the same thing with a recent 0.9.3 git version too. This is
with virt-manager 0.9.0.
Whit
13 years, 4 months
[libvirt-users] qemu:///session vs qemu:///system
by Peter Thomassen
Hi,
I am running several QEMU VMs on a host machine. There's different
persons being responsible for different VMs.
I would like to find a way to allow everybody to manage just the VMs
they are assigned to (i.e. insert some ISO file, stop the machine and so
on) without allowing them to disturb the other VMs.
Also, I would like to allow these persons to set up new VMs (there's
plenty of unallocated storage) without having to ask me (root) to do it
for them, but without allowing them to delete other VMs.
(Just setting user rights on the filesystem is not enough, as I use LVM
volumes which are not assigned to a user in the typical sense, are they?)
I know that most of this could probably be achieved by using
qemu:///session instead of qemu:///system. However, I read that there's
networking issue in this case (which issues precisely?), and I am also
not sure if there's other disadvantages like less efficient handling in
some situations by the kernel, or whatever. Is anybody there who could
clarify this for me?
Thank you,
Peter
13 years, 4 months
