10:48 a.m.
Hello all
Apologies for the basic nature of the question, but having recently started working with
libvirt - and virtualisation in general - I find there is a lot of out-of-date and
sometimes contradictory material out there across blogs, articles, stackoverflow, the
usual sources... I thought I might be able to get definitive answers here. For the record,
I assume libvirt.org is authoritative but while there is a lot of material there, its
structure is not always clear to me. Also the lack of dates on any pages leaves some room
for doubt.
I am wondering if there is a recent, reliable summary of the various approaches and
current best practices for backing up VMs that covers snapshots both internal and
external, approaches that use backup-begin and third-party approaches which simply stop
the VM and copy off files.
If there is not such a summary, can anyone confirm my reading of
https://libvirt.org/kbase/domainstatecapture.html that a simple backup-begin
<domain-name> will:
- pause the VM and quiesce the disk (in which case is qemu agent a requirement on the
guest?)
- generate a date-suffixed disk-only copy of a VMs disks alongside the originals wherever
that storage is
- not generate any backing image chains or metadata that needs to be retained
Furthermore, is it then possible to restore to that point by stopping a VM, and
associating that backup file with the VM either by virsh-editing its xml or overwriting
the original file with the backup file.
This seems to be my experience in testing this, but there are very few references to this
tool compared to the many lengthy discussions about snapshots and other approaches which
is a bit puzzling. It would be great to have this understanding confirmed or refined!
Many thanks for any pointers
2:30 p.m.
On Thu, Jan 16, 2025 at 16:48:59 -0000, camccuk--- via Users wrote:
Hello all
Apologies for the basic nature of the question, but having recently started working with
libvirt - and virtualisation in general - I find there is a lot of out-of-date and
sometimes contradictory material out there across blogs, articles, stackoverflow, the
usual sources... I thought I might be able to get definitive answers here. For the record,
I assume libvirt.org is authoritative but while there is a lot of material there, its
structure is not always clear to me. Also the lack of dates on any pages leaves some room
for doubt.
I am wondering if there is a recent, reliable summary of the various approaches and
current best practices for backing up VMs that covers snapshots both internal and
external, approaches that use backup-begin and third-party approaches which simply stop
the VM and copy off files.
If there is not such a summary, can anyone confirm my reading of
https://libvirt.org/kbase/domainstatecapture.html that a simple backup-begin
<domain-name> will:
That document is mostly accurate but it was created before the actual
implementation of backups was finished so some things were not actually
implemented in the end.
- pause the VM and quiesce the disk (in which case is qemu agent a
requirement on the guest?)
The disk quiescing is not part of the backup operation and needs to be
done manually via 'virsh domfsfreeze' if required. The original
intention was to mirror the snapshot code which does disk quiescing but
it's a bit problematic to fold all operations into one so here we didn't
do it.
Also the backup operation doesn't actually (need to) pause the VM. It
can create a point in time backup/copy of the disks without pausing the
VM at all. You can even thaw/un-quiesce the disks right away the backup
operation starts/while it's running.
- generate a date-suffixed disk-only copy of a VMs disks alongside
the originals wherever that storage is
Yes if you don't override the path in the XML the backup images will be
stored in the same path with a suffix of the UNIX timestamp of the time
when it was started.
- not generate any backing image chains or metadata that needs to be
retained
By default a full backup creates a stand-alone image. If you'd use
incremental backups, then it is actually creating images that depend on
each other.
Furthermore, is it then possible to restore to that point by stopping a VM, and
associating that backup file with the VM either by virsh-editing its xml or overwriting
the original file with the backup file.
Yes it is. Note though that since the VM was likely running at the point
when you took the backup the 'restore' operation will look like a
cold-boot after a power failure at the exact time when the backup was
taken.
This seems to be my experience in testing this, but there are very few references to this
tool compared to the many lengthy discussions about snapshots and other approaches which
is a bit puzzling. It would be great to have this understanding confirmed or refined!
Snapshots also allow you to capture memory state and also pre-date
backups thus they are documented a bit more in depth.
6:29 p.m.
This is really helpful, thanks.
The disk quiescing is not part of the backup operation and needs to
be
done manually via 'virsh domfsfreeze' if required. The original
I assume quiescing *would* be necessary for workloads like databases and if we can live
with a crash-consistent backup then we can bypass this, but if I was to include this, the
sequence would be:
virsh domfsfreeze <domain-name>
virsh backup-begin <domain-name>
virsh domfsthaw <domain-name>
Again, I assume the qemu-agent would need to be running on the guest to allow
freeze/thaw.
I was about to ask how backup-begin is different from creating a disk-only, no-metadata
snapshot but I think it is equivalent - the advantage is that we don't need to deal
with merging the overlay file and pivoting afterwards, is that right?
I also realised this is very like the sequence described at the bottom of that
domainstatecapture page comparing 'direct backup' and 'Backup via temporary
snapshot' - what confused me there and which I still don't understand are the two
references to events. For direct backup, this step is:
- wait for push mode event, or pull data over NBD # most time spent here
Can you expand this any? I am assuming direct backup is a 'push' mode backup as
per the description at https://libvirt.org/kbase/live_full_disk_backup.html - what is this
push mode event?
By default a full backup creates a stand-alone image. If you'd
use
incremental backups, then it is actually creating images that depend on
each other.
OK, and that would be by populating an appropriate xml as per
https://libvirt.org/formatbackup.html - which I think you answered on this list a year or
two ago.
Yes it is. Note though that since the VM was likely running at the
point
when you took the backup the 'restore' operation will look like a
cold-boot after a power failure at the exact time when the backup was
taken.
Snapshots also allow you to capture memory state and also pre-date
backups thus they are documented a bit more in depth.
OK - just to make this explicit - if we want to capture memory state as well as disk then
we *must* use snapshots, either internal or external?
And - last question! - while we are covering the bases... managedsave sounds like it is
designed for preserving a one-off recovery position for a potentially relatively long
outage such as a hypervisor restart. VM restart will pick up just this latest saved image,
but it *will* capture memory also?
Once again thanks for your clarifications - it's clearing up a lot of confusion for
me.
5:28 a.m.
On Fri, Jan 17, 2025 at 00:29:55 -0000, camccuk--- via Users wrote:
This is really helpful, thanks.
> The disk quiescing is not part of the backup operation and needs to be
> done manually via 'virsh domfsfreeze' if required. The original
I assume quiescing *would* be necessary for workloads like databases
So normally the quiescing restricts writes to the device and fluses
filesystem caches inside the guest OS.
In addition the guest agent should allow you to register scripts which
are executed before the FS is quiesced allowing e.g. database memory
state to be flused to disk so that also the application data is
consistent.
and if we can live with a crash-consistent backup then we can bypass
>
The application consistency mentioned above is extra important for the
use of the backup API or disk-only snapshots as using the saved state is
equivalent to pulling out the power plug of a real machine.
this, but if I was to include this, the sequence would be:
virsh domfsfreeze <domain-name>
virsh backup-begin <domain-name>
virsh domfsthaw <domain-name>
Again, I assume the qemu-agent would need to be running on the guest to allow
freeze/thaw.
Yes the guest agent is needed as this operation actually happens inside
the guest OS.
I was about to ask how backup-begin is different from creating a disk-only, no-metadata
snapshot but I think it is equivalent - the advantage is that we don't need to deal
with merging the overlay file and pivoting afterwards, is that right?
So the basic 'push' mode of doing a full backup is indeed semantically
equivalent of creating a disk-only, no-metadata snapshot, then copying
out the data to a standalone image and then merging the overlay back.
The backup API though also allows tracking differences since the last
backup and creating an incremental backup which would be a thinner image
of only the differences.
Additionally the backup API also allows PULL mode when an NBD connection
to an application doing the backup of the actual blocks is used.
I also realised this is very like the sequence described at the bottom of that
domainstatecapture page comparing 'direct backup' and 'Backup via temporary
snapshot' - what confused me there and which I still don't understand are the two
references to events. For direct backup, this step is:
- wait for push mode event, or pull data over NBD # most time spent here
Can you expand this any? I am assuming direct backup is a 'push' mode backup as
per the description at https://libvirt.org/kbase/live_full_disk_backup.html - what is this
push mode event?
So the backup operation is potentially long-running if you're backing up
a huge disk. The 'virsh backup-begin' kicks of the operation and returns
right away, while the backup progresses on the background.
In push mode when qemu is writing the backup image the job is running
while data is written, after it finishes an event is fired to clients
listening for it notifying that the job is complete and the output images
are finished.
Note that the state of the backup will still correspond to the point in
time when the operation was *started*, even when the guest OS overwrites
any blocks subsequently.
For a pull mode backup the client doing the backup knows when it's
ready so the job is not auto-finished (which would fire the event) but
rather needs to be terminated manually.
> By default a full backup creates a stand-alone image. If
you'd use
> incremental backups, then it is actually creating images that depend on
> each other.
OK, and that would be by populating an appropriate xml as per
https://libvirt.org/formatbackup.html - which I think you answered on this list a year or
two ago.
> Yes it is. Note though that since the VM was likely running at the point
> when you took the backup the 'restore' operation will look like a
> cold-boot after a power failure at the exact time when the backup was
> taken.
>
>
> Snapshots also allow you to capture memory state and also pre-date
> backups thus they are documented a bit more in depth.
OK - just to make this explicit - if we want to capture memory state as well as disk then
we *must* use snapshots, either internal or external?
Yes exactly, currently only snapshots allow memory state capture
synchronized with disk state capture.
And - last question! - while we are covering the bases... managedsave sounds like it is
designed for preserving a one-off recovery position for a potentially relatively long
outage such as a hypervisor restart. VM restart will pick up just this latest saved image,
but it *will* capture memory also?
A (managed)-save saves only the memory state to an image, disk images
are kept as they are. No preservation points for the disks are created.
Resuming from the (managed)-save will continue using/modifying the disk
image without the possibility of getting back.
It is indeed meant to e.g. preserve the state of VM while the host OS
reboots.
'managed' is in brackeds as there is also a non-managed save.
Once again thanks for your clarifications - it's clearing up a lot of confusion for
me.
19
days inactive
20
days old
4 comments
2 participants
participants (2)
-
camccuk@yahoo.com -
Peter Krempa