libvirt users - Oct 2013 - Re: Bringing up a guest with network disabled

On Tue, 01 Oct 2013 06:10:46 -0600
Eric Blake <eblake@redhat.com> wrote:
> On 10/01/2013 06:04 AM, James Gibbon wrote:
> > 
> > 
> > Hello all,
> > 
> > I have a KVM guest VM which is a clone of a production machine
> > running on a different physical server, incarnated from an 
> > image backup.
> 
> Careful.  You need to scrub more than just the IP address for a
> clone and it's parent to safely run at the same time.  For
> example, if you don't scrub the entropy pool, then one of the
> two machines will now have predictable "random" numbers just by
> watching what the other host did, which is horrible from a
> security perspective.  I highly recommend the use of
> 'virt-sysprep' on the image backup prior to creating your
> clone, which will not only scrub the IP address, but everything
> else that ought to be unique between a clone that is intended
> to run alongside the parent.  Once you start from a clean
> image, then the question about starting the guest with network
> disabled may be moot.
> 
Thanks, looks really useful but unfortunately I don't have it
on this particular machine, which is going to be decommissioned
in a few weeks anyway. The cloned VM will only be used for
testing purposes, and only for a short time. Would be grateful if
someone could suggest a way to disable the networking in the
cloned VM within the XML, if that's possible.

Thanks again,
James

On 10/01/2013 07:29 AM, James Gibbon wrote:
> Thanks, looks really useful but unfortunately I don't have it
> on this particular machine, which is going to be decommissioned
> in a few weeks anyway. The cloned VM will only be used for
> testing purposes, and only for a short time. Would be grateful if
> someone could suggest a way to disable the networking in the
> cloned VM within the XML, if that's possible.
Have you tried just removing the network device from the xml altogether,
then booting the guest, then hot-plugging a replacement device?  The
hotplug action would force the guest to negotiate a new IP address.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

On 10/01/2013 09:29 AM, James Gibbon wrote:
>  Would be grateful if someone could suggest a way to disable the networking
in the
> cloned VM within the XML, if that's possible.
I have no idea if it's possible to "disable" the NIC on the VM
definition but you could boot into runlevel 1 (where there is no
network) and perform the changes there.  You may do this by passing a 1
to the end of the kernel line (during GRUB boot section).

HTH,
Jorge

2013/10/2 Jorge Fábregas <jorge.fabregas@gmail.com>
> On 10/01/2013 09:29 AM, James Gibbon wrote:
> >  Would be grateful if someone could suggest a way to disable the
> networking in the
> > cloned VM within the XML, if that's possible.
>
> I have no idea if it's possible to "disable" the NIC on the
VM
> definition but you could boot into runlevel 1 (where there is no
> network) and perform the changes there.  You may do this by passing a 1
> to the end of the kernel line (during GRUB boot section).
>
try : virsh domif-setlink

On Tue, 01 Oct 2013 15:46:52 -0400
Jorge Fábregas <jorge.fabregas@gmail.com> wrote:
> On 10/01/2013 09:29 AM, James Gibbon wrote:
> >  Would be grateful if someone could suggest a way to disable
> > the networking in the cloned VM within the XML, if that's
> > possible.
> 
> I have no idea if it's possible to "disable" the NIC on the
VM
> definition but you could boot into runlevel 1 (where there is no
> network) and perform the changes there.  You may do this by
> passing a 1 to the end of the kernel line (during GRUB boot
> section).
> 
I solved this eventually by both removing the <interface> section
from the config, and interrupting grub and booting single user.

I wasn't sure I'd get an opportunity to interrupt the boot, but
since I had belt and braces I went for it. Many thanks for all
the suggestions.

James