ondrejhome / fast-vm Goto Github PK
View Code? Open in Web Editor NEW'fast-vm' is a script for defining VMs from images provided in thin LVM pool.
License: GNU General Public License v3.0
'fast-vm' is a script for defining VMs from images provided in thin LVM pool.
License: GNU General Public License v3.0
Idea:
The expected outcome is to be able to determine which VMs were not run or accessed for extended period of time and be able to tell which users they belong to. (this information may be useful for automated notification on inactivity on shared servers)
Issue: RHEL 8 contains package edk2-ovmf
that is automatically pulled in with dependencies when installing libvirt and provides "some" UEFI firmware. This firmware however seems to only run with Q35 machine type which is not the one that get used when defining VM from fast-vm libvirt template. This firmware is usable when used with Q35 machine that requires 'no IDE' and 'PCIe' root port. So here we would either need new templates for Q35 machines so this runs with what is installed on RHEL8 or providing separate location for firmware in libvirt xml file.
In both cases a separate XML would be needed. For now the dirty (and working) way is to replace one symlink that RHEL 8 uses so we can use procedure that worked well on RHEL 7.
As the images and definition files can get corrupted (or tampered with) during transfer, the fast-vm should support some signing and verifying mechanism to detect this and warn user about this.
Questions:
Based on PR #34 add and test bash completion with scp
and keydist
commands.
diff --git a/fast-vm.bash_completion b/fast-vm.bash_completion
index defd6f8..48a542d 100644
--- a/fast-vm.bash_completion
+++ b/fast-vm.bash_completion
@@ -94,6 +94,21 @@ _fast-vm()
return 0
fi
+ if [ "$cword" -eq 3 ] && [ ${COMP_WORDS[1]} == "scp" ]; then
+ COMPREPLY=( $( compgen -W "vm:" -f -- "$cur" ) )
+ return 0
+ fi
+ if [ "$cword" -eq 4 ] && [ ${COMP_WORDS[1]} == "scp" ]; then
+ # source path did /not/ contain "vm:", so prompt only that
+ COMPREPLY=( $( compgen -W "vm:" ) )
+ return 0
+ fi
+ if [ "$cword" -ge 5 ] && [ ${COMP_WORDS[1]} == "scp" ]; then
+ # source path /did/ contain "vm:", so exclude it from destination
+ COMPREPLY=( $( compgen -f -- "$cur" ) )
+ return 0
+ fi
+
case $prev in
import_image|import_custom_image|import_profile)
return 0
@@ -122,7 +137,7 @@ _fast-vm()
COMPREPLY=( $( compgen -W "all active inactive" -- "$cur" ) )
return 0
;;
- start|stop|delete|console|ssh|info|resize)
+ start|stop|delete|console|keydist|scp|ssh|info|resize)
local vm_numbers
case $prev in
start|resize)
@@ -131,7 +146,7 @@ _fast-vm()
delete|edit_note|info)
vm_numbers=$(fast-vm list all short)
;;
- console|ssh|stop)
+ console|keydist|scp|ssh|stop)
vm_numbers=$(fast-vm list active short)
;;
esac
@@ -142,7 +157,7 @@ _fast-vm()
$split && return 0
if [ "$cword" -lt 2 ]; then
- COMPREPLY=( $( compgen -W 'import_image import_custom_image export_image remove_image resize_image import_profile remove_profile edit_note list_images list_profiles create start stop delete resize console ssh list info' -- "$cur" ) )
+ COMPREPLY=( $( compgen -W 'import_image import_custom_image export_image remove_image resize_image import_profile remove_profile edit_note keydist list_images list_profiles create start stop delete resize console scp ssh list info' -- "$cur" ) )
return 0
fi
Document how to use polkit in libvirt for minimal operation of fast-vm. This should allow the tighter restrictions for libvirt to fast-vm users useful in shared environments.
https://libvirt.org/aclpolkit.html
Idea:
/usr/libexec/
- ignore, will get resolved by Debian using FHS 3.0W: fast-vm: non-standard-dir-in-usr usr/libexec/
N:
N: The FHS says "No large software packages should use a direct
N: subdirectory under the /usr hierarchy". This package contains a
N: directory in /usr that is not mentioned in the Filesystem Hierarchy
N: Standard.
N:
N: Refer to Filesystem Hierarchy Standard (The /usr Hierarchy) for details.
N:
N: Severity: normal, Certainty: certain
N:
N: Check: files, Type: binary, udeb
N:
http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html
FHS 3.0 not yet part of Debian policy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787816
/usr/libexec/
2 - ignore, will get resolved by Debian using FHS 3.0W: fast-vm: file-in-unusual-dir usr/libexec/fast-vm-helper.sh
N:
N: This file or symbolic link is in a directory where files are not
N: normally installed by Debian packages.
N:
N: Severity: normal, Certainty: certain
N:
N: Check: files, Type: binary, udeb
N:
http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html
FHS 3.0 not yet part of Debian policy
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787816
W: fast-vm: manpage-has-bad-whatis-entry usr/share/man/man5/fast-vm.conf.5.gz
N:
N: Each manual page should start with a "NAME" section, which lists the
N: name and a brief description of the page separated by "\-". The "NAME"
N: section is parsed by lexgrog and used to generate a database that's
N: queried by commands like apropos and whatis. This tag indicates that
N: lexgrog was unable to parse the NAME section of this manual page.
N:
N: For manual pages that document multiple programs, functions, files, or
N: other things, the part before "\-" should list each separated by a comma
N: and a space. Each thing listed must not contain spaces; a man page for a
N: two-part command like "fs listacl" must use something like "fs_listacl"
N: in the "NAME" section so that it can be parsed by lexgrog.
N:
N: Refer to the lexgrog(1) manual page, the groff_man(7) manual page, and
N: the groff_mdoc(7) manual page for details.
N:
N: Severity: normal, Certainty: certain
N:
N: Check: manpages, Type: binary
N:
W: fast-vm: manpage-has-bad-whatis-entry usr/share/man/man8/fast-vm-list.8.gz
W: fast-vm: binary-without-manpage usr/bin/fast-vm-net-cleanup
N:
N: Each binary in /usr/bin, /usr/sbin, /bin, /sbin or /usr/games should
N: have a manual page
N:
N: Note that though the man program has the capability to check for several
N: program names in the NAMES section, each of these programs should have
N: its own manual page (a symbolic link to the appropriate manual page is
N: sufficient) because other manual page viewers such as xman or tkman
N: don't support this.
N:
N: If the name of the man page differs from the binary by case, man may be
N: able to find it anyway; however, it is still best practice to make the
N: case of the man page match the case of the binary.
N:
N: If the man pages are provided by another package on which this package
N: depends, lintian may not be able to determine that man pages are
N: available. In this case, after confirming that all binaries do have man
N: pages after this package and its dependencies are installed, please add
N: a lintian override.
N:
N: Refer to Debian Policy Manual section 12.1 (Manual pages) for details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: manpages, Type: binary
N:
Idea:
Implementation:
TODO
After fast-vm import_image
I have to run stty sane
or stty echo
to restore echo in my terminal. This only happens in bash
when pv
is installed and is used by fast-vm
. In zsh
I don't have this problem.
$ stty -a
speed 38400 baud; rows 43; columns 173; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk brkint ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
$ fast-vm import_image fedora29 http://ftp.linux.cz/pub/linux/people/ondrej_famera/fastvm-images/generated/6g__fedora-29.img.xz https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/master/fedora/xml/fedora-28-current.xml https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/master/fedora/hacks/6g_fedora-29-hacks.sh
[__][inf] provided empty file path
[__][inf] Detected remote file with size 340209204
[__][inf] provided empty file path
[__][inf] Detected remote file with size 1443
[__][inf] downloading https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/master/fedora/xml/fedora-28-current.xml
[__]into /tmp/tmp.cmmaqLbyiL
[__][inf] provided empty file path
[__][inf] Detected remote file with size 793
[__][inf] downloading https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/master/fedora/hacks/6g_fedora-29-hacks.sh
[__]into /tmp/tmp.GrKEP8Whc1
[__][inf] Size of image was determined from the filename to be 6G.
[__][inf] creating LV fastvm-fedora29 ...
[__][inf] importing image http://ftp.linux.cz/pub/linux/people/ondrej_famera/fastvm-images/generated/6g__fedora-29.img.xz into /dev/serenity/fastvm-fedora29
download: 324MiB 0:00:44 [7.35MiB/s] [==================================================================================================================>] 100%
unpack: 6.00GiB 0:00:45 [ 133MiB/s] [==================================================================================================================>] 100%
0+767635 records in
0+767635 records out
6442450944 bytes (6.4 GB, 6.0 GiB) copied, 45.8734 s, 140 MB/s
[__][ok] Image fedora29 imported
# at this point there is no echo
$ speed 38400 baud; rows 43; columns 173; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V;
discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk brkint ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase tostop -echoprt echoctl echoke -flusho -extproc
Apparently pv -c
is known for this kind of behavior: https://serverfault.com/a/690183
The workaround would be to run stty sane
or stty echo
after pv -c
invocation.
Idea:
Allow for some common operations (start,stop,delete) to accept multiple VM numbers.
For example: fast-vm start 50 51 52 (will start 3 VMs)
Notes:
Issue: fast-vm VM which was edited to use multiple NICs fails to remove correct card as the script doesn't expect more than one network card.
Workaround: After error running the 'fast-vm-net-cleanup' removes the missed DHCP reservation.
when runing fast-vm list, it errors with sudo password is required.
Once, I run the command with sudo, then it stops asking.
$ fast-vm list
sudo: a password is required
VM# Image name Status Profile_name Size( %used ) Activity Notes
sudo: a password is required
-:1: parser error : Document is empty
/usr/bin/fast-vm: line 208: (1638929036-)/86400: syntax error: operand expected (error token is ")/86400")
75 rhel-7.5 shut off ago :
-:1: parser error : Document is empty
/usr/bin/fast-vm: line 208: (1638929036-)/86400: syntax error: operand expected (error token is ")/86400")
79 rhel-7.9 shut off ago :
-:1: parser error : Document is empty
/usr/bin/fast-vm: line 208: (1638929037-)/86400: syntax error: operand expected (error token is ")/86400")
88 rhel-8.3 shut off ago :
-:1: parser error : Document is empty
/usr/bin/fast-vm: line 208: (1638929037-)/86400: syntax error: operand expected (error token is ")/86400")
89 rhel-8.3 shut off ago :
I'm running fast-vm 1.7
# rpm -q fast-vm
fast-vm-1.7-1.el7.noarch
Hi,
I bumped into this project by accident. My team developed Lago (https://github.com/lago-project/lago) and it seems to be pretty close. We have opted not to use LVM thin LVs (as it requires setup), but qcow over raw (sparse!) images, which seems like it might be an interesting project for you to compare to.
When installing fast-vm, it requires extra LVM to create lvm thinpool.
If there is no extra space left on your local disk, this could be an issue.
It would be great when installing fast-vm it has the option to create a loop device, instead of asking for lvm to create lvm thinpool.
Please refer to the step below that I used.
1. create sparse disk
truncate -s 100G /home/jarame/VirtualMachines/fast-vm.img
2. create fast-vm systemd service to mount loopback device
tee -a /etc/systemd/system/fast-vm.service <<EOM
[Unit]
Description=fast-vm loop devices
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target
After=systemd-udevd.service home.mount
Required=systemd-udevd.service
[Service]
Type=oneshot
ExecStart=/sbin/losetup /dev/loop100 "/home/jarame/VirtualMachines/fast-vm.img"
ExecStop=/sbin/losetup -d /dev/loop100
TimeoutSec=60
RemainAfterExit=yes
[Install]
WantedBy=local-fs.target
Also=systemd-udevd.service
EOM
systemctl daemon-reload
systemctl enable --now fast-vm.service
4. check loopback device
losetup -l
5. create pv, vg
pvcreate /dev/loop100
vgcreate vg-fastvm /dev/loop100
7. create lv thin pool (configure-fast-vm)
lvcreate -n lv-fastvm -l 100%FREE vg-fastvm
lvconvert --type thin-pool vg-fastvm/lv-fastvm
Hello Ondrej,
Thank you so much for fast-vm!
I have a question on usage.
I started one instance and installed and configured some applications.
And want to make this as an image similarly snapshot.
I checked out fast-vm --help, I can see "/usr/bin/fast-vm export_image ImageName <xz|gz>". But it looks I can export image I imported.
How can I do this ? Kindly let me know ?
Many Thanks,
Ted Won
Virtual machine gets following hostnames:
fastvm-DISTRO-V1-V2-VMNumber
In my opinion it would be a little bit more practical if it was:
fastvm-VMNumber-DISTRO-V1-V2
Not a big deal anyway :)
IDEA:
Use virt-sparsify
to reduce the occupied space on disks of machines that are not active
virt-sparsify --in-place /dev/vg_data/fastvm-centos-7.6-XX
Add option that can do this cleanup. It is needed to change ownership of block device (fast-vm-helper.sh
can be utilized to do this.
man virt-spartify
...
In-place sparsification works using discard (a.k.a trim or unmap) support.
...
If implemented this might be part of periodic cron job (daily/weekly?). We need to ensure that disk will be locked while cleaning up the machine. Consider having option to either disable this or document how to add this if disabled by default.
Use of UEFI in libvirt requires some additional storage for EUFI and this should be ideally handled by fast-vm. How the fast-vm should detect that image need uefi? (XML definition file?, extra flag?, ...)
Option to run command after the SSH server on the VM starts.
This can be used to run scripts that expects the VM is running, for example run ansible script as soon as the machine is started.
TODO:
When user is part of group that needs to be authenticated when changed using sg
command, the fast-vm will prompt for password. Providing wrong password results into either skipping updating the notes file (minor issue) or not creating the notes file (major issue - as then VM will be considered to be owned by root).
Based on discussion with @micharbet it looks that despite user guide and other guides the packages on CentOS/RHEL or dependencies for some role seems to slip out from radar of users when installing fast-vm which then leads to state that something doesn't work, or just prints warning and user may ignore it until it hits the real issue later.
Idea here is to have 2 fast-vm packages:
fast-vm
containing all "relevant" dependencies mentioned in user guide as requiredfast-vm-minimal
containing minimal set of packages that can get fast-vm up and running without fatal crashes (in case that this would be considered for inclusion into any upstream distribution)Idea:
Implementation:
Updated commands:
Location of delete hack_file will be same as regular hack_file with prefix 'delete-'.
I tried to import fedora image:
# fast-vm import_image fedora-28 http://ftp.linux.cz/pub/linux/people/ondrej_famera/fastvm-images/generated/6g__fedora-28.img.xz https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/develop/fedora/xml/fedora-28.xml https://raw.githubusercontent.com/OndrejHome/fast-vm-public-images/develop/fedora/hacks/6g_fedora-28-hacks.sh
[__][err] ImageName cannot end with '-XX' where XX is number.
I could do it when I change image name from fedora-28 to e.g. fedora-2.8 But this is just wrong.
Please kindly remove this limitation.
-michael-
Current script is divided into multiples scripts to allow partial configuration and fast-vm itself only considers last value in configuration file.
Make short collection of videos for showing how to work with fast-vm.
Considerations:
TODO videos:
To create videos the asciinema rec filename
command can be used. The final editing can be done in any text editor.
Idea:
Possible implementation/TODO:
use the virsh desc domain
as the only storage for the VM notes and other metadata instead of file used now.
configure-fast-vm
to not ask about note storage and allow it to rather ask for conversionIdentified cons of this change:
fast-vm list
where the slowdown is visible (on my testing machine from 0.7s to 1.1s with 10 VMs)With Debian packages it should be possible to run fast-vm also on Ubuntu.
TODO:
Issues so far:
Currently no validation is done and despite it may become obvious that value provided was wrong, the proper validation would be much better. Recent issue: inputed whole subnet instead of just XX number for fast-vm network. This caused the network not to define, but provided very little why.
Extract the parts of fast-vm requiring the root privilege into smaller helper script, that could be run through sudo and leave everything else in the normal script to be run as user.
Stuff that must be run as root:
Things to consider:
It might be desirable to do some user separation or at least locking to prevent issues when multiple users are using fast-vm on single system (use case: collaboration server).
Proof of concept on Debian 9.3:
apt-get install libvirt-daemon libvirt-clients libvirt-daemon-system pv ovmf bash-completion dnsmasq-utils make curl sudo thin-provisioning-tools gawk
make install
installation works - will need a DEB package#!/bin/sh
to #!/bin/bash
in /usr/bin/fast-vm
for proper operationawk '{ s=substr($0, 0, 5); print s; }'
on https://github.com/OndrejHome/fast-vm/blob/master/fast-vm#L83 - seems to disappear when gawk
is installed, need to further checkapt-get install libguestfs-tools
Things that needs to be done:
#!/bin/sh
fails and fix places where neededOutlook is optimistic.
Idea:
Check what needs to be changed for fast-vm
to run properly on RHEL 8.
firewalld
gets stoppedqemu-kvm
package as for RHEL/CentOS 7.x and document in PACKAGING
qemu-kvm
seems to be present in Beta repos :/qemu-kvm
package with some difficulties - https://access.redhat.com/discussions/4342891seabios
package as for RHEL/CentOS 7.x and document in PACKAGING
config.seabios-256k
is still relevant or if it takes defaults from config.seabios-128k
docs/user_guide.txt
to reflect any specifics of RHEL8qemu-kvm
and seabios
packages to confirm that they works wellallow the fast-vm to import images from virt-builder compatible repositories. Allow fast-vm-repo to parse additional fast-vm specific data from repositories to download image+libvirt_definition+hacks_file.
fast-vm-repo is inteded to be separate script that will just make it easier to import images to fast-vm.
On CentOS host with fresh installation of Fast-VM I obtained error message [1]
missing 'guestfish' was later installed manually and error while configuring netxt VM disappeared.
However the first one (#75 in my example) remained on storage and unconfigured - no host name, no network, etc..
Note: fast-vm was installed from rpm, so I think guestfish might be in dependencies
[1]
$ fast-vm create centos-7.5 75
[75][inf] using file /etc/fast-vm/config-centos-7.5.xml as libvirt XML
[75][inf] using file /etc/fast-vm/hacks-centos-7.5.sh as hack file
[75][inf] defining virtual machine 'fastvm-centos-7.5-75' in libvirt
Domain fastvm-centos-7.5-75 defined from /tmp/tmp.6HhdGA53jp.xml
Domain title updated successfully
[75][inf] creating disk 'fastvm-centos-7.5-75'
[75][inf] adding static lease for 192.168.22.75 into libvirts DHCP
[75][inf] applying hacks from /etc/fast-vm/hacks-centos-7.5.sh
which: no guestfish in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[!!!] Command 'guestfish' not found (Install it!). Making changes to VM FAILED.
[75][err] It is not possible to use image centos-7.5 for creating VM now as it is being used by fast-vm or other process at the moment
Idea:
New commands:
Updated commands:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.