[libvirt-users] converting save/dump output into physical memory image
by Andrew Tappert
A lot of people in the security community, myself included, are
interested in memory forensics these days. Virtualization is a natural
fit with memory forensics because it allows one to get access to a
guest's memory without having to introduce any extra software into the
guest or otherwise interfere with it. Incident responders are
particularly interested in getting memory dumps from systems they're
investigating.
Virsh has "save" and "dump" commands for storing the state of a guest to
a file on disk, but memory of KVM guests doesn't get saved in the
"standard" input format for memory forensics tools, which is a raw
physical memory image. (This is what you'd get via the classical "dd
/dev/mem" approach or the contemporary equivalent using the crash
driver; and VMware Server and Workstation produce .vmem files, which are
such raw physical memory images, when a guest is paused or snapshotted.)
In order to analyze the memory of Libvirt/KVM guests with my Linux
memory forensics software, Second Look, I've created a tool for
converting Libvirt-QEMU-save files (output of virsh save command) or
QEMU-savevm files (output of virsh dump command) to raw physical memory
images.
I've got a basic working capability, though I'm still tracking down some
problems with a guest allocated 8GB RAM--not all the memory seems to be
present in the save or dump file. And I haven't tested very extensively
yet, version support is limited to what I myself am currently running, etc.
I'd like to know if this is a capability that others are interested in.
Is this something that would be of interest to the Libvirt project if I
were to contribute the code, or to the KVM project, or do you think it
best exists as a separate project?
I've also got a proof-of-concept tool for converting hibernate images to
raw physical memory images. Perhaps a collection of tools for
converting various memory dump formats would be a good project. Anyone
else interested in this kind of stuff? As an author of commercial
memory forensics software I've got a vested interest in availability of
good memory acquisition capabilities. But there are a number of people
working on FOSS Linux memory analysis tools, too...
Andrew
12 years, 5 months
Re: [libvirt-users] ruby-libvirt 0.4.0
by Chris Lalancette
On 07/29/11 - 09:34:17AM, David M. Barlieb wrote:
> Hi, I'm fairly new to using libvirt. I have RHEL6 servers running KVM
> virtual environment. As I understand it, libvirt provides the tools to
> the KVM environment so that I can create domains or virtual guests. So,
> that being said, what does this ruby-libvirt provide me or enhance given
> my current setup.
>
>
>
> I'll understabnd if this is a little rudimentary but I really do not
> know who or where else to ask these types of question. I get quite a bit
> of email from the libvirt-users groups about libvirt and really have no
> idea if I can or should put any of these into my current setup, or if I
> should be asking RedHat this.
>
>
>
> I certainly wouldn't mind testing and contributing to these effort to
> enhance the libvirt tools and KVM hypervisor but think I need a better
> understanding of exactly how libvirt and KVM interact and what the
> enhancements bring to the table.
In the future it is usually best to keep one of the lists on an email; that
way, if I'm away or not responding, someone else can help you. I've added
libvirt-users to this response.
In any case, you have the right idea. Libvirt is a control plane for various
different virtualization solutions. Arguably the most popular virtualization
solution that libvirt can control is KVM, but it can also manage Xen, VMware
ESX, LXC (linux containers), UML, etc.
Libvirt provides both tools (like virsh and libvirtd) and APIs for interacting
with virtual machines. The APIs are things like virDomainShutdown(),
virDomainReboot(), etc. The ruby-libvirt package is a thin wrapper around
these APIs, so that you can use this functionality from ruby programs. That
is, you would be able to do something like:
dom.reboot
dom.shutdown
from your ruby programs. There are also bindings for other languages such
as python, php, and perl.
There is a lot more information at http://libvirt.org, and there is more
information specifically about the ruby bindings at http://libvirt.org/ruby
--
Chris Lalancette
13 years
[libvirt-users] CPU Model detection with virsh capabilities
by Olivier BONHOMME
Hello everybody,
I am a new user discovering libvirt with KVM software. During my first
VM creation, I saw an issue with virsh that I can't understand.
I wanted to emulate another CPU than the classical qemu32 using virsh.
So I used the virsh capabilites command to detect how is detected my CPU
host which is an Intel Xeon E5410 and my problem is that this CPU is
detected only with the cpumodel "pentium3".
But if use the kvm -cpu ? command, it returns me the following
capabilities :
$ kvm -cpu ?
x86 qemu64
x86 phenom
x86 core2duo
x86 kvm64
x86 qemu32
x86 coreduo
x86 486
x86 pentium
x86 pentium2
x86 pentium3
x86 athlon
x86 n270
Moreover, if i decide to use the pentium3 cpumodel for my KVM VM, the
CentOS freeze during its loading.
My libvirt and kvm are the following on a Debian Squeeeze :
$ virsh version
Compiled against library: libvir 0.8.3
Using library: libvir 0.8.3
Using API: QEMU 0.8.3
Running hypervisor: QEMU 0.12.5
Does anybody already had the same issue or am I doing anything wrong ?
Thanks for your answers
Regards,
Olivier BONHOMME
13 years, 2 months
[libvirt-users] RAID1 over IP?
by David Ehle
I asksed about this in November last year but got on response. Anyone
have any ideas now?
Does anyone here have any experience with using KVM/libvirt with RAID1
over IP/DRBD or other HA solution?
I'm trying to figure out the hardware configuration I would need to be
able to survive a failure or planned shutdown of any one unit in a
virtualization cluster.
KVM/libvirt makes moving running VM's from one host to another a no
brainer, but I'm trying to figure out the right way to be able to take a
the storage backend for maintenance without disrupting the VMs.
Right now I'm thinking something like KVM + libvirt + heartbeat/corosync +
pacemaker + DBRM on Ubuntu 10.04 with 3 or 4 nodes - 2 hosts, 2 storage,
or 1 host, 1 host + storage, 1 storage.
Any thoughts?
Thanks!
13 years, 2 months
[libvirt-users] New with Libvirt and having problems.
by Kevins Thoughts
Hi all.
I've been playing around with KVM for a bit now and have several virtual
machines up and running. Having passed what I considered "first look"
stage, I'm ready to start using libvirt as a manager. For reference,
pre-libvirt, I have started this VM with:
/kvm -net nic,model=virtio -net tap,ifname=tap5,script=no -drive
file=test1.img,if=virtio,boot=on -curses -no-reboot -m 1g -smp 2/
I have a test environment I like to play with, and created the initial
domain XML using virt-install:
/virt-install --name "Test" --ram 1024 --vcpus=2 --cpu host
--description "Test VM" --import --file test1.img --os-type=linux
--os-variant=virtio26 --network bridge=br0,model=virtio --graphics=none
--autostart --prompt/
When I look in /var/log/libvirt/qemu/Test.log I see the VM is started
with the command (edited down to the relevant parts):
//usr/bin/qemu-kvm -S -m 1024 -smp 2 -name Test,process=qemu:Test
-nographics -boot c -drive file=/kvms/test1.img,if=none,boot=on
/This has two problems:
1) The "-S" is keeping the system from booting
2) the "if=none" needs to be "if=virtio"
I've confirmed both by changing -nographics to -curses and watching what
happens. For #1, its a big fat nothing (no surprise since -S turns off
the CPUs), for #2 grub loads and the kernel boots, but my /dev/vda3
isn't found so "init" can't start.
I'm anticipating a 3rd problem: I don't see where to specify that I
want the VM to use "tap5" of my bridged network.
Can some kind soul please let me know what I need to change in the
domain XML file to fix these issues?
Thanks,
Kevin
ps. I've post this to my blog at
http://www.kevinsthoughts.com/2011/08/kvm-management-libvirt/ if anyone
would prefer to answer there.
13 years, 2 months
[libvirt-users] conflict disk error
by Paras pradhan
Hi,
In one of my nodes I am getting libvirt error.
--
ERROR Unknown failure
Traceback (most recent call last):
File "/usr/sbin/virt-install", line 895, in ?
main()
File "/usr/sbin/virt-install", line 677, in main
options.sparse, options.nodisks, guest, ishvm, conn)
File "/usr/sbin/virt-install", line 239, in get_disks
is_file_path), disk, size)
File "/usr/sbin/virt-install", line 239, in <lambda>
is_file_path), disk, size)
File "/usr/sbin/virt-install", line 202, in get_disk
d = cli.disk_prompt(None, kwargs)
File "/usr/lib/python2.4/site-packages/virtinst/cli.py", line 277,
in disk_prompt
if dev.is_conflict_disk(conn) is True:
File "/usr/lib/python2.4/site-packages/virtinst/VirtualDisk.py",
line 890, in is_conflict_disk
xml = vm.XMLDesc(0)
File "/usr/lib64/python2.4/site-packages/libvirt.py", line 247, in XMLDesc
if ret is None: raise libvirtError ('virDomainGetXMLDesc()
failed', dom=self)
libvirtError: Unknown failure
--
command used:
virt-install --nographics --paravirt --name dora --ram 2048 --file
/dora.img --file-size 153 --location
nfs://mydom:/distributions/redhat60/x86_64/ -x
"ks=http://mydom/ks/redhat60-dora.ks ip=x.x.x.x netmask=255.255.255.0
dns=x.x.x.x gateway=x.x.x.x" -b xenbr0
Ideas?
Thanks
Paras.
13 years, 2 months
Re: [libvirt-users] New with Libvirt and having problems.
by Kevins Thoughts
>
> Ah I never gave KVM or virtualization a try in Gentoo. None of my
> servers have X though using X11 forwarding still works. In CentOS the
> package is xorg-x11-xauth , looks like it may be x11-apps/xauth in
> Gentoo.
No X anywhere in my environment <smile>. Somehow I normally manage!
>
> Does "virsh iface-list" show tap5?
Actually that command errors out:
/virsh # iface-list
error: Failed to list active interfaces
error: this function is not supported by the connection driver:
virConnectNumOfInterfaces/
>
> For the disk, this is what I have for my virtio disks...
>
> <disk type='file' device='disk'>
> <driver name='qemu' type='qcow2'/>
> <source file='/vmstore/images/domain0001.qcow2'/>
> *<target dev='vdb' bus='virtio'/>*
> <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
> function='0x0'/>
> </disk>
My XML had the type wrong, setting it to raw.
Alas, I still see the invoked KVM being passed:
/-drive
file=/kvms/test1.img,if=none,id=drive-virtio-disk0,boot=on,format=qcow2 /
The "if=none" is the problem, it needs to be "if=virtio". KVM is also
still being passed the "-S" flag as its first parameter, so the CPUs are
not starting.
>
> Also maybe add something like this to your virt-install line...
>
> "--disk path=test1.img,device=disk,bus=virtio"
At this point, I'm just editing the XML, its easier. Once I get one
working, I can tweak for the others. Virt-install at least got me started.
Kevin
13 years, 2 months
[libvirt-users] Fwd: Re: New with Libvirt and having problems.
by Kevins Thoughts
On 8/29/2011 10:29 PM, Trey Dockendorf wrote:
> Have you looked into using virt-manager? When I started using KVM I
> found that new VM provisioning was much simpler with that interface.
Alas, Virtmanager doesn't seem to be a supported program under Gentoo -
the distribution I use. If its X-based, it wouldn't work anyhow - I'm
strictly a command line shop.
>
> Once you've created your domain with "virt-install" you can make
> changes using virsh.
>
> virsh -c qemu:///system edit Test
>
> That will allow you to directly edit the domain.
>
> In the virt-install line you used "bridge=br0" , maybe replace that
> with "bridge=tap5". If that doesn't do it, once your editing the XML
> you can try something like the following...
I'm familiar with virsh edit and have used it to probe around a bit.
Actually tried the "bridge=tap5" a few days ago and get the message:
/ERROR internal error Failed to add tap interface to bridge. tap5 is
not a bridge device/
>
> <interface type='bridge'>
> <mac address='52:54:00:4d:74:c7'/>
> <source bridge='tap5'/>
> <model type='virtio'/>
> <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
> function='0x0'/>
> </interface>
>
> That was created using virt-manager, so you probably need to use what
> virt-install created for your mac address and address.
Gave that a shot, attempting to create a new domain with "br0" replaced
by "tap5" and got the same error message:
/error: internal error Failed to add tap interface to bridge. tap5 is
not a bridge device/
>
> Is your init failing on /dev/vda3 and then kernel panic? If so it's
> likely your guest OS doesn't have the necessary kernel modules loaded.
> Depending on your distro it will vary, but using CentOS 6 I've found
> they are automatically loaded. This is what's loaded in CentOS 6
Well, yes and no. Its failing with a kernel panic because KVM is being
started with if=none instead of if=virtio. If I manually change it, it
works fine. Just need to know where to update that in the domain XML file.
For what its worth, the image runs 100% fine with started manually with:
/kvm -net nic,model=virtio -net tap,ifname=tap5,script=no -drive
file=test1.img,if=virtio,boot=on -curses -no-reboot -m 2g -smp 2/
So I know the image is good.
>
> # lsmod | grep virtio
> virtio_blk 5087 5
> virtio_pci 6733 0
> virtio_ring 7169 2 virtio_blk,virtio_pci
> virtio 4824 2 virtio_blk,virtio_pci
>
> Try changing the disk to ide , and then verifying your system is able
> to load the virtio modules.
>
> Also , once you have your XML the way you like, if your going to stick
> with command line look at using virsh though I highly recommend
> virt-manager.
>
> I'm still very new to KVM myself, so hopefully that was of some use
>
> - Trey
Thanks!
13 years, 2 months
[libvirt-users] VMs do not start randomically during host boot
by Josir Cardoso Gomes
Hi Folks,
Host: Ubuntu 10.04 64bits
3 Guests with Ubuntu 10.04 64bits
Every monday, when I turn the host on, some guests starts automatically and
others don´t.
Every week libvirt "elects" a different guest and don´t start it.
If I start it manually, it boot fine.
Looking at /var/log/libvirtd, it only show the log of the guests that boot.
Not a tip of the sleepy guests servers.
Could somebody give me a glue on how to find the problem ?
Thanks in advance,
Josir.
13 years, 2 months
[libvirt-users] hello, I 've deployed libvirt, and it is OK to use kvm.But when I use virtualbox, I can not attach a device to a domain
by bin liu
hello,I 've deployed libvirt, and it is OK to use kvm.But when I use
virtualbox,I can not attach a device to a domain.
It reports the error that can't get device from device.xml
here is my xml file for device(device.xml):
<disk type='block'>
<driver name='phy'/>
<source dev="/home/lb/iscsitest/vdisk.img"/>
<target dev='sdb' bus='usb'/>
</disk>
and the xml file for the vm:
<domain type='vbox'>
<name>winxp_3D</name>
<uuid>d2542bf2-3d56-41fa-a048-4f9a7ed3cf4a</uuid>
<memory>787456</memory>
<currentMemory>787456</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='fd'/>
<boot dev='cdrom'/>
<boot dev='hd'/>
</os>
<features>
<acpi/>
</features>
<clock offset='localtime'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<disk type='file' device='disk'>
<source file='/root/VirtualBox VMs/winxp_3D/winxp_3D.vdi'/>
<target dev='hda' bus='ide'/>
</disk>
<interface type='bridge'>
<mac address='08:00:27:6f:c6:4f'/>
<source bridge='tap0'/>
<model type='Am79C973'/>
</interface>
<input type='mouse' bus='ps2'/>
<graphics type='desktop' display=':0.0'/>
<sound model='ac97'/>
<video>
<model type='vbox' vram='32768' heads='1'>
<acceleration accel3d='yes' accel2d='yes'/>
</model>
</video>
</devices>
</domain>
13 years, 2 months