RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 955734 - RFE: Read-only point-in-time throwaway snapshot support for qemu-kvm -- enables CloudForms VM fleecing
Summary: RFE: Read-only point-in-time throwaway snapshot support for qemu-kvm -- enabl...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: pre-dev-freeze
: ---
Assignee: John Snow
QA Contact: Tingting Mao
URL:
Whiteboard:
Depends On: 905125 956577
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-23 16:32 UTC by Hugh Brock
Modified: 2020-12-11 15:53 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-10 23:53:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Hugh Brock 2013-04-23 16:32:33 UTC 
We need cheap point-in-time snapshots, as described below:

> This is not for backup, it is for inspection of a point-in-time
> snapshot.  I used the word "backup" because it uses the same "tool"
> (copy-on-write to the backup image), but it's for a wholly different
> purpose.

Re-reading your email I think this is what you're describing:

1. qemu-img create -f qcow2 -o backing_file=RUNNING-VM.img BACKUP.qcow2
   (or perhaps a special way of creating this file within the running
   QEMU so the running VM's image file uses a shared BlockDriverState.)

2. start a point-in-time-backup job to BACKUP; it doesn't have to do a
   full copy, just save the old contents whenever the guests does a
   write.

3. export BACKUP via the run-time NBD server.

Reads to sectors that have not be overwritten go to RUNNING-VM.img.

Reads to sectors that have been overwritten go to BACKUP.qcow2.

When fleecing completes, close and delete BACKUP.qcow2.


This is nice.  VM write performance is slightly degraded during fleecing
since we need to save sectors into BACKUP.qcow2 before overwriting them
in RUNNING-VM.img.  Besides that there is no performance penalty and
deletion is O(1).
Comment 5 John Snow 2016-06-02 22:08:26 UTC 
Moving to qemu-kvm-rhev, and a status update:

This is technically already possible upstream (and in rhev 2.6.0!) but it's not well tested and we need to do more work to create proper scope and testing for the workflow.

There are many potential dangerous uses of the feature given certain configurations, and more work needs to be done to eke out a well defined scope for this feature before we advertise its use.
Comment 6 John Snow 2017-04-28 19:09:28 UTC 
Status remains the same; we need a proper testing framework and a formalized API to utilize the feature, but it remains technically possible.
Comment 8 John Snow 2017-11-28 21:15:46 UTC 
Debate on proper API is occurring upstream right now (2.12 and beyond)
Comment 9 Ademar Reis 2018-06-05 22:13:09 UTC 
(In reply to Hugh Brock from comment #0)
> We need cheap point-in-time snapshots, as described below:
> 
> > This is not for backup, it is for inspection of a point-in-time
> > snapshot.  I used the word "backup" because it uses the same "tool"
> > (copy-on-write to the backup image), but it's for a wholly different
> > purpose.
> 
> Re-reading your email I think this is what you're describing:
> 
> 1. qemu-img create -f qcow2 -o backing_file=RUNNING-VM.img BACKUP.qcow2
>    (or perhaps a special way of creating this file within the running
>    QEMU so the running VM's image file uses a shared BlockDriverState.)
> 
> 2. start a point-in-time-backup job to BACKUP; it doesn't have to do a
>    full copy, just save the old contents whenever the guests does a
>    write.
> 
> 3. export BACKUP via the run-time NBD server.
> 
> Reads to sectors that have not be overwritten go to RUNNING-VM.img.
> 
> Reads to sectors that have been overwritten go to BACKUP.qcow2.
> 
> When fleecing completes, close and delete BACKUP.qcow2.
> 
> 
> This is nice.  VM write performance is slightly degraded during fleecing
> since we need to save sectors into BACKUP.qcow2 before overwriting them
> in RUNNING-VM.img.  Besides that there is no performance penalty and
> deletion is O(1).

Is this still desired? Meaning: is there customer demand for it in layered products? I haven't seen it prioritized by product management, but I believe we have all the pieces ready upstream to support this at this point.

We need to understand the details of the use-cases in order to provide the right APIs in libvirt though.
Comment 10 John Snow 2018-06-12 23:18:10 UTC 
At present, fleecing is possible and is expected to be formalized as a supported API once libvirt uses it for incremental backup purposes.

However, as a standalone feature, libvirt does not present know how to utilize this feature and cannot expose it to clients.

Moving this back to "NEW" for now to indicate that nobody is working on the formalized API, though the backend primitives to enable it in QEMU are complete.
Comment 12 John Snow 2018-12-10 23:53:03 UTC 
Closing this for lack of information.
Please re-open if there's a business case for it that can help shape the API.
Note You need to log in before you can comment on or make changes to this bug.