[libvirt-users] Bringing up a guest with network disabled
James Gibbon
james.gibbon at virgin.net
Tue Oct 1 13:29:31 UTC 2013
On Tue, 01 Oct 2013 06:10:46 -0600
Eric Blake <eblake at redhat.com> wrote:
> On 10/01/2013 06:04 AM, James Gibbon wrote:
> >
> >
> > Hello all,
> >
> > I have a KVM guest VM which is a clone of a production machine
> > running on a different physical server, incarnated from an
> > image backup.
>
> Careful. You need to scrub more than just the IP address for a
> clone and it's parent to safely run at the same time. For
> example, if you don't scrub the entropy pool, then one of the
> two machines will now have predictable "random" numbers just by
> watching what the other host did, which is horrible from a
> security perspective. I highly recommend the use of
> 'virt-sysprep' on the image backup prior to creating your
> clone, which will not only scrub the IP address, but everything
> else that ought to be unique between a clone that is intended
> to run alongside the parent. Once you start from a clean
> image, then the question about starting the guest with network
> disabled may be moot.
>
Thanks, looks really useful but unfortunately I don't have it
on this particular machine, which is going to be decommissioned
in a few weeks anyway. The cloned VM will only be used for
testing purposes, and only for a short time. Would be grateful if
someone could suggest a way to disable the networking in the
cloned VM within the XML, if that's possible.
Thanks again,
James
More information about the libvirt-users
mailing list