% QQ2CLONE(1) qq2clone 0.1 % Jesse Gardner % February 2021 # NAME qq2clone - Create and manage QEMU/KVM VMs using template machines and qcow2 images with backing files # SYNOPSIS **qq2clone** [*OPTION*]... *COMMAND* [*ARG*]... # DESCRIPTION **qq2clone** is a tool working on top of virsh that makes creating clones of template QEMU/KVM machines simple. By using the copy on write feature for which qcow2 is named, clones of an existing virtual machine can be made without inadvertently altering the original image (with caveats - read the **LIMITATIONS** section if you aren't already familiar with how copy on write works). **qq2clone** makes creating and managing these clones simple and efficient. **qq2clone** supports creating numerous clones of a template and performing batch operations on them - including the execution of arbitrary commands with exec. This simplifies workflows involving large numbers of virtual machines, or the frequent creation/destruction of virtual machines. In addition to virsh, basic linux utilities and QEMU/KVM, qq2clone requires: Bash 4.0+ sqlite3 qemu-img libvirt tools: virt-clone virt-xml virt-xml-validate xmllint (from libxml2) If you want to easily establish graphical connections to your virtual machines, you should have virt-viewer and/or spicy installed and configure your templates to use Spice graphics. This is not strictly necessary, and with the use of **qq2clone** **exec** and a small script of your own you can automate connecting to Spice/VNC clients of your choice without too much hassle # OPTIONS Not every option has an effect in the context of every command. Specifying an option that has no effect in the context of the command being invoked will not produce an error, it simply will not do anything Options are parsed left to right, and right-hand options override left-hand options. The only exception is for \-Q/\-\-quieter, which *must* be the first option listed to work properly. \-c, \-\-connection [*URI*] : Specify a non-default connection URI: sets the value of LIBVIRT_DEFAULT_URI \-f, \-\-no\-spice : Do not attempt to connect to a virtual machine's Spice graphics. Overrides USE_SPICE setting in configuration \-g, \-\-use\-spice : Attempt to connect to a virtual machine's spice graphics. Overrides SPICE setting in configuration \-h, \-\-help : Print basic help information and exit \-n, \-\-no-run : After making a clone of a template, do not run it. Overrides NORUN setting in configuration \-q, \-\-quiet : Suppress most non-error output. Overrides QUIET setting in configuration. Also suppresses various prompts for user choices, either exiting with an error or making a safe default choice depending on the command. Recommended only once familiar with the behavior of **qq2clone** \-Q, \-\-quieter : This option is (currently) required to appear immediately following the invocation of **qq2clone**. Suppresses all output, error message or otherwise, except when running interactive commands or commands that require output to be useful. The commands for which output is not entirely supressed are: config list, config info, list, list-templates, exec, edit, modify-template edit, and check. Other commands will receive only an exit code as output. This option is intended for calling qq2clone from a script. \-r, \-\-run : Run a clone when creating it. Overrides NORUN setting in configuration \-s, \-\-storage [*LOCATION*] : When creating a clone, place new disk image file(s) at location specified by [*LOCATION*]. [*LOCATION*] may be one of an absolute filepath, or the name of a libvirt directory type storage pool. Also defines where state files will be saved when using **save** command. Overrides STORAGE option in configuration \-S, \-\-spicy : Use spicy rather than virt-viewer when connecting to the spice graphics of a clone. Overrides SPICY setting in configuration \-t, \-\-template [*NAME*] : Use template of given name as context when executing a clone command (see TYPES OF COMMAND section above). Overrides TEMPLATE option in configuration \-v, \-\-verbose : Enable all output. Overrides QUIET setting in configuration \-V, \-\-virt\-viewer : Use virt-viewer rather than spicy when connecting to the spice graphics of a clone. Overrides SPICY setting in configuration # TYPES OF COMMAND There are two main classes of commands: commands that operate directly on templates, and commands that create or operate on clones of templates. In order to make it less likely that the user may unintentionally invoke a command of one class when they intended to invoke one of the other, they use a different syntax. Commands that operate on templates use the syntax: **qq2clone** **command** [*template-name*] [*ARG*] ... while commands that operate on clones use the syntax: **qq2clone** \-\-template [*template-name*] **command** [*ARG*] ... Notice that commands operating on clones work within the context of a template defined by the option \-\-template/\-t. Conversely, commands operating on templates specify the template as an argument to the command. There can also be a default template defined by the TEMPLATE option in the configuration file, allowing the \-\-template option to be omitted for commands that operate on clones. Commands operating on templates do not respect this default - the template must always be explicitly defined, further reducing the likelihood of accidentally modifying or deleting a template. # TEMPLATE COMMMANDS **copy-template** [*CURRENT-NAME*] [*NEW-NAME*] : Copy the XML of template *CURRENT-NAME* to a new template with *NEW-NAME*. The new template will not receive a copy of the old template's storage devices - it will point to the same locations **delete-template** [*NAME*] : Delete the template *NAME*. This operation will succeed only if there are currently no clones of the template **import-template** [*LIBVIRT-DOMAIN*] [*NAME*], **import-template** [*XML-LOCATION*] [*NAME*] : Import a new template from either an existing libvirt domain, or a fully qualified filepath to a libvirt domain XML file on disk. If argument *NAME* is ommited, qq2clone will assume you want to use the machine's name as described in the XML file as the template name **list-templates** : List the names of all existing templates **modify-template** [*NAME*] **sub-command** [*ARG*] ... : Templates can be modified in various ways by invoking **modify-template**. Each subcommand is described below **modify-template** [*NAME*] **commit-image** : After an image has been created and modified as desired using **modify-template** [*NAME*] **prepare-image**, **commit-image** is used to alter a template's underlying storage device by commiting any changes made using prepare-image. See the commit command described in **man** **qemu-img** for more information on how this works **modify-template** [*NAME*] **destroy-image** : Invoke virsh destroy on a running image created/run through **modify-template** [*NAME*] **prepare-image**. This is generally not wise, as it is equivalent to unplugging a physical machine and could cause corruption to the image that will later be commited as a permanent change to the template's image **modify-template** [*NAME*] **discard-image** : Delete an image produced by **modify-template** [*NAME*] **prepare-image** without commiting any changes **modify-template** [*NAME*] **edit** : Edit the XML document defining a template **modify-template** [*NAME*] **rename** [*NEW-NAME*] : Change the name of a template, and all of its clones **modify-template** [*NAME*] **prepare-image** : Create and/or run a clone that acts as a staging area for changes to the `template's` actual image. For instance, you could update the `template's` software by running **modify-template** [*NAME*] **prepare-image**, updating the clone produced by this command, shutting it down, and then running **modify-template** [*NAME*] **commit-image**. This serves a twofold purpose - to prevent incidental damage to an underlying image by providing a safe buffer to work in, and to allow modifications to be safely prepared for an underlying image even while that image has existing clones. # CLONE COMMANDS A description of the argument *SET* is described in the **SETS** section below **clone** [*NUMBER*] : Invoke without any argument to produce a single clone. Supply a number as an argument to specify the number of clones to create **connect** [*SET*] : Start any machine in *SET* that `isn't` already running. If any machine in *SET* has spice graphics and spicy or virt-viewer is installed, use one or the other (chosen by command-line option or configuration) to connect to the graphical console **destroy** [*SET*] : Invoke virsh destroy on any running machine in *SET* (in other words, if the domain is running forcibly turn it off) **edit** [*NUMBER*] : Edit the XML file of the clone with given number **exec** [*SET*] [*command-string*] : For every machine in *SET*, sequentially, execute the contents of the command string in an environment where the following variables are defined per clone: `"$uuid"`, `"$name"`, `"$disks"` (a newline delimited string containing the machine's qcow2 disk device filepaths). This is done using bash's eval command, so be sure to put any instances of these variables in single quotes (double quotes inside the single quotes is best practice) or they will not be set properly. If any instance of exec has a non-zero return value, execution stops. **list** [*ARG*] : Without arguments, list all clones of the current template and their state. With argument "all", provide list including all clones of every template. With argument "xml", produce an XML document with information about every template, their clones, and their state. The XML option is not complete - its format is at this point defined only implicitly, by the output of this command. **resume** [*SET*] : Resume any suspended machines in *SET* **rm** [*SET*] : Destroy every domain in *SET* (if running), undefine them and delete their storage volumes **rm-wipe** [*SET*] : Destroy every domain in *SET* (if running), undefine them and wipe their storage volumes using virsh **rm-shred** [*SET*] : Destroy every domain in *SET* (if running), undefine them and shred their storage volumes **save** [*SET*] : Save execution state of every running domain in *SET* to file **save-rm** [*SET*] : Delete the state file associated with every machine in *SET* **start** [*SET*] : Start every machine in *SET* that is currently not running. For saved domains, their state will be restored **suspend** [*SET*] : Suspend execution of every machine in *SET* # OTHER COMMANDS **check** [*TEMPLATE-NAME*] : As described in the limitations section, there are ways that qq2clone can lose track of a clone. If this happens, it will remain in qq2clone's database, its ID number will remain reserved, and its image files may not be deleted and take up space doing nothing. The **check** command finds and fixes occurences of this problem. The *TEMPLATE-NAME* argument is optional, and restricts the check to that template and its clones. Otherwise, all templates are checked **config** list, **config** info [*OPTION*], **config** edit [*OPTION*] : List all configuration options and their current value, get info about a particular option, or edit one # SETS *SET* is listed as an argument to many commands. *SET* simply describes a set of virtual machines - clones of a given template. *SET* is a comma delimited list with no whitespace. *SET* can be an individual machine or several individual machines designated by number: 1 (Machine 1) 3,7 (Machines 3 and 7) Machine numbers can be shown with **qq2clone** **list**. Ranges and omitted values are supported as well: 1,2-5,^3 (Machines 1 and 2-5 excluding 3) 1-10,^3-7 (Machines 1-10 excluding 3-7) Lastly, groups of machines can be addressed by their state: all (All machines) all,^running (All machines that aren't running) ^running,1-10 (Machines 1-10 except those that are running) The possible states of a virtual machine are based on the states listed in **man virsh**, with some modifications. States in qq2clone are: all crashed idle in-shutdown off paused pmsuspended running saved Specifying machines that do not exist will not cause an error: i.e., 1-10 is a valid set even if only machines 3-7 exist. A set will only cause an error if it is malformed, includes zero existing machines, contains no machines that the command being invoked may act upon, or includes numbers less than 1. # CONFIG There is no need to refer to the manual to understand configuration options. Use "**qq2clone** config list" to see all options and their current values, and "**qq2clone** config info [*OPTION*]" to get information about a particular option. However, here is the same information provided by **qq2clone** info for each option TEMPLATE > This template will be used for commands like clone, rm, destroy when option \-\-template/\-t is not specified > > Default value: `'0'` TEMPLATE_DIR > This is the where template XML files will be kept > > Default value: `'${HOME}/storage-qq2clone/templates'` QUIET > If set to 1, most non-error output will be suppressed > > Default value: `'0'` USE_SPICE > If set to 1, attempt to connect > to the spice graphics of a virtual machine by default when cloning it, if it is configured to use spice graphics. qq2clone can do this using the programs spicy and virt-viewer. If either is installed on your system during the first run, the default value is `'1'` (enabled). Otherwise, the default value is `'0'` S_TIMEOUT > Wait this many seconds before timing out when trying to connect to a virtual `machine's` spice graphics. > > Default value: `'10'` STORAGE > The default location to store clone images when creating them. Changing this location is fine, but it is a good idea to ensure that whatever location you do choose is only used by qq2clone > > Default value: `'${HOME}/storage-qq2clone/qq2clone-pool'` # EXAMPLES **qq2clone** \-\-template Debian \-\-run \-\-virt-viewer clone : Make a clone of Debian, run it, and connect to its spice graphics using virt\-viewer. All of these options could have instead been defined in the configuration, so that the entire command would be: **qq2clone** clone **qq2clone** \-\-template Debian exec 3 'virsh console "$uuid"' : Use virsh to connect to the serial console of template Debian's clone with number 3 (as shown in **qq2clone** list) **qq2clone** **modify-template** Debian *prepare-image* : Create a clone of Debian that can be used as a staging area for permanent changes to the backing template storage device **qq2clone** **modify-template** Debian **commit-image** : Commit changes to the image Debian staged with the previous command **qq2clone** **copy-template** Debian Debian_2 : Copy the XML of template Debian, creating a new template with the same backing storage device that you can edit as you please # LIMITATIONS The largest limitation of **qq2clone** is that it cannot protect your template images from the actions of other software. If nothing else touches a template's storage volumes, qq2clone can safely handle them (barring unknown bugs or bad luck during a commit-image). However, if something else alters the image upon which a template is based, its existing clones may be corrupted and future clones may behave differently than expected. It is the user's responsibility to understand this aspect of copy on write and carefully manage template images. Future updates to qq2clone may add features that give some additional protections, but this risk is inherent to copy on write. Libvirt has permissions errors when a storage pool is in a "hidden" directory with a name beginning with "." and qcow2 files with backing files are involved. This may be due to apparmor, or it may be an issue with libvirt. It is unknown how widespread this issue is, but it is the reason that the default directory storage-qq2clone does not start with '.' If the UUID of a clone is changed, qq2clone will no longer be able to track it and will not be able to perform commands on it anymore. This will be addressed in the future using custom metadata in the libvirt domain XML. If the user undefines a domain, this will obviously cause it to disappear from qq2clone's perspective when it is turned off, creating a discrepancy in its database. This can be fixed with **qq2clone** **check**. qq2clone can only produce clones by making qcow2 image files. The backing file need not be qcow2, but the images produced by qq2clone always will be. This is unlikely to ever change - levaraging the features of qcow2 is the entire purpose of qq2clone. If it does change, qq2clone will need a new name. qq2clone does not support creating images in pool types other than directories, and attempting to use a machine as a template when it has storage volumes in a non-directory pool is likely to fail or have unexpected results. Support for some other pool types may be added in the future. qq2clone currently cannot copy storage volumes when importing a template (it just references the originals), or when copying a template. This will change in the future, and qq2clone will also be able to handle more complex relationships between templates, clones and their images # FILES ~/.config/qq2clone : This document simply contains a string defining the location at which qq2clone will store files, including the database containing the rest of it configuration options. Currently, qq2clone cannot run without ${HOME} being defined unless a few lines are altered to refer to a new location ~/storage-qq2clone : Directory where qq2clone stores all files and binary executables. Can be changed by modifying ~/.config/qq2clone. This directory is not named "qq2clone" because (at least on Ubuntu 20.04) default Bash completion scripts will see a file starting with "qq2clone" as well as a command in PATH of that name, and fail to insert a space after "qq2clone" when in the home directory. It does not start with a '.' for the reasons described in the **LIMITATIONS** section above ~/storage-qq2clone/qq2clone.db : sqlite3 database containing the configuration information for qq2clone, as well as data about templates and clones ~/storage-qq2clone/qq2clone-pool : Storage pool used for clone images, if the \-\-storage option is not used when creating or saving a clone and the option STORAGE is not changed in the configuration file ~/qq2clone/templates : Directory in which template XML files are stored. These can be edited manually, but it is more advisable to use **qq2clone** **modify-template** [*template-name*] edit # BUGS As described in the options section, the implementation of the \-\-quieter/\-Q option needs some work. Its current behavior is the easiest functional approach without complicating the options parser, but it will eventually be modified and become better behaved. In addition to the previously described problem, very early error messages will not be suppressed. Most likely, the solution is to implement a better options parser and make it the first thing to run when executing qq2clone. However, the impact of this bug is minimal and other improvements are likely to come before this bug fix. If you find any worse bugs, and I'm sure I missed some, please let me know and I will fix them as time allows. Contact me at: jgardner7289@protonmail.com # EXIT VALUES **10** : No permission to access file or file doesn't exist **11** : Required software dependencies are not met (see description for a list), or are cannot be found in PATH **12** : Invalid command line argument specified, or command specifies an invalid action **13** : Problem with a template - i.e., specified template does not exist, or import-template failed because template of specified name already exists **14** : Invocation of an external command failed **15** : Problem with a libvirt XML file **16** : Attempted action with a libvirt tool resulted in failure **17** : Could not establish graphical spice connection to machine before timeout expired **18** : A file is of the wrong type or does not exist **19** : Unexpected error - a bug in qq2clone, or a highly unexpected failure of some command