
On Tue, 01 Oct 2013 06:10:46 -0600 Eric Blake <eblake@redhat.com> wrote:
On 10/01/2013 06:04 AM, James Gibbon wrote:
Hello all,
I have a KVM guest VM which is a clone of a production machine running on a different physical server, incarnated from an image backup.
Careful. You need to scrub more than just the IP address for a clone and it's parent to safely run at the same time. For example, if you don't scrub the entropy pool, then one of the two machines will now have predictable "random" numbers just by watching what the other host did, which is horrible from a security perspective. I highly recommend the use of 'virt-sysprep' on the image backup prior to creating your clone, which will not only scrub the IP address, but everything else that ought to be unique between a clone that is intended to run alongside the parent. Once you start from a clean image, then the question about starting the guest with network disabled may be moot.
Thanks, looks really useful but unfortunately I don't have it on this particular machine, which is going to be decommissioned in a few weeks anyway. The cloned VM will only be used for testing purposes, and only for a short time. Would be grateful if someone could suggest a way to disable the networking in the cloned VM within the XML, if that's possible. Thanks again, James