Re: [libvirt-users] Bringing up a guest with network disabled
On Tue, 01 Oct 2013 06:10:46 -0600
Eric Blake <eblake(a)redhat.com> wrote:
On 10/01/2013 06:04 AM, James Gibbon wrote:
>
>
> Hello all,
>
> I have a KVM guest VM which is a clone of a production machine
> running on a different physical server, incarnated from an
> image backup.
Careful. You need to scrub more than just the IP address for a
clone and it's parent to safely run at the same time. For
example, if you don't scrub the entropy pool, then one of the
two machines will now have predictable "random" numbers just by
watching what the other host did, which is horrible from a
security perspective. I highly recommend the use of
'virt-sysprep' on the image backup prior to creating your
clone, which will not only scrub the IP address, but everything
else that ought to be unique between a clone that is intended
to run alongside the parent. Once you start from a clean
image, then the question about starting the guest with network
disabled may be moot.
Thanks, looks really useful but unfortunately I don't have it
on this particular machine, which is going to be decommissioned
in a few weeks anyway. The cloned VM will only be used for
testing purposes, and only for a short time. Would be grateful if
someone could suggest a way to disable the networking in the
cloned VM within the XML, if that's possible.
Thanks again,
James