qq2clone/man.pandoc

528 lines
20 KiB
Plaintext

% QQ2CLONE(1) qq2clone 0.1
% Jesse Gardner
% February 2021
# NAME
qq2clone - Create and manage QEMU/KVM VMs using template machines and qcow2
images with backing files
# SYNOPSIS
**qq2clone** [*OPTION*]... *COMMAND* [*ARG*]...
# DESCRIPTION
**qq2clone** is a tool working on top of virsh that makes creating clones
of template QEMU/KVM machines simple. By using the copy on write feature
for which qcow2 is named, clones of an existing virtual machine can be made
without inadvertently altering the original image (with caveats - read the
**LIMITATIONS** section if you aren't already familiar with how copy on
write works). **qq2clone** makes creating and managing these clones simple
and efficient.
**qq2clone** supports creating numerous clones of a template and
performing batch operations on them - including the execution of arbitrary
commands with exec. This simplifies workflows involving large numbers of
virtual machines, or the frequent creation/destruction of virtual machines.
In addition to virsh, basic linux utilities and QEMU/KVM, qq2clone
requires:
Bash 4.0+
sqlite3
qemu-img
libvirt tools:
virt-clone
virt-xml
virt-xml-validate
xmllint (from libxml2)
If you want to easily establish graphical connections to your virtual
machines, you should have virt-viewer and/or spicy installed and configure
your templates to use Spice graphics. This is not strictly necessary, and
with the use of **qq2clone** **exec** and a small script of your own
you can automate connecting to Spice/VNC clients of your choice without
too much hassle
# OPTIONS
Not every option has an effect in the context of every command. Specifying
an option that has no effect in the context of the command being invoked
will not produce an error, it simply will not do anything
Options are parsed left to right, and right-hand options override
left-hand options. The only exception is for \-Q/\-\-quieter, which *must*
be the first option listed to work properly.
\-c, \-\-connection [*URI*]
: Specify a non-default connection URI: sets the value of
LIBVIRT_DEFAULT_URI
\-f, \-\-no\-spice
: Do not attempt to connect to a virtual machine's Spice graphics.
Overrides USE_SPICE setting in configuration
\-g, \-\-use\-spice
: Attempt to connect to a virtual machine's spice graphics. Overrides
SPICE setting in configuration
\-h, \-\-help
: Print basic help information and exit
\-n, \-\-no-run
: After making a clone of a template, do not run it. Overrides NORUN
setting in configuration
\-q, \-\-quiet
: Suppress most non-error output. Overrides QUIET setting in
configuration. Also suppresses various prompts for user choices, either
exiting with an error or making a safe default choice depending on the
command. Recommended only once familiar with the behavior of **qq2clone**
\-Q, \-\-quieter
: This option is (currently) required to appear immediately following the
invocation of **qq2clone**. Suppresses all output, error message or
otherwise, except when running interactive commands or
commands that require output to be useful. The commands for which output
is not entirely supressed are: config list, config info, list,
list-templates, exec, edit, modify-template edit, and check. Other
commands will receive only an exit code as output. This option is intended
for calling qq2clone from a script.
\-r, \-\-run
: Run a clone when creating it. Overrides NORUN setting in configuration
\-s, \-\-storage [*LOCATION*]
: When creating a clone, place new disk image file(s) at location
specified by [*LOCATION*]. [*LOCATION*] may be one of an absolute
filepath, or the name of a libvirt directory type storage pool. Also
defines where state files will be saved when using **save** command.
Overrides STORAGE option in configuration
\-S, \-\-spicy
: Use spicy rather than virt-viewer when connecting to the spice graphics
of a clone. Overrides SPICY setting in configuration
\-t, \-\-template [*NAME*]
: Use template of given name as context when executing a clone command
(see TYPES OF COMMAND section above). Overrides TEMPLATE option in
configuration
\-v, \-\-verbose
: Enable all output. Overrides QUIET setting in configuration
\-V, \-\-virt\-viewer
: Use virt-viewer rather than spicy when connecting to the spice graphics
of a clone. Overrides SPICY setting in configuration
# TYPES OF COMMAND
There are two main classes of commands: commands that operate directly on
templates, and commands that create or operate on clones of templates. In
order to make it less likely that the user may unintentionally invoke a
command of one class when they intended to invoke one of the other, they
use a different syntax. Commands that operate on templates use the syntax:
**qq2clone** **command** [*template-name*] [*ARG*] ...
while commands that operate on clones use the syntax:
**qq2clone** \-\-template [*template-name*] **command** [*ARG*] ...
Notice that commands operating on clones work within the context of a
template defined by the option \-\-template/\-t. Conversely, commands
operating on templates specify the template as an argument to the
command. There can also be a default template defined by the
TEMPLATE option in the configuration file, allowing the \-\-template
option to be omitted for commands that operate on clones. Commands
operating on templates do not respect this default - the template must
always be explicitly defined, further reducing the likelihood of
accidentally modifying or deleting a template.
# TEMPLATE COMMMANDS
**copy-template** [*CURRENT-NAME*] [*NEW-NAME*]
: Copy the XML of template *CURRENT-NAME* to a new template with
*NEW-NAME*. The new template will not receive a copy of the old template's
storage devices - it will point to the same locations
**delete-template** [*NAME*]
: Delete the template *NAME*. This operation will succeed only if there
are currently no clones of the template
**import-template** [*LIBVIRT-DOMAIN*] [*NAME*], **import-template**
[*XML-LOCATION*] [*NAME*]
: Import a new template from either an existing libvirt domain, or a fully
qualified filepath to a libvirt domain XML file on disk. If argument
*NAME* is ommited, qq2clone will assume you want to use the machine's name
as described in the XML file as the template name
**list-templates**
: List the names of all existing templates
**modify-template** [*NAME*] **sub-command** [*ARG*] ...
: Templates can be modified in various ways by invoking
**modify-template**. Each subcommand is described below
**modify-template** [*NAME*] **commit-image**
: After an image has been created and modified as desired using
**modify-template** [*NAME*] **prepare-image**, **commit-image** is used
to alter a template's underlying storage device by commiting any changes
made using prepare-image. See the commit command described in **man**
**qemu-img** for more information on how this works
**modify-template** [*NAME*] **destroy-image**
: Invoke virsh destroy on a running image created/run through
**modify-template** [*NAME*] **prepare-image**. This is generally not
wise, as it is equivalent to unplugging a physical machine and could cause
corruption to the image that will later be commited as a permanent change
to the template's image
**modify-template** [*NAME*] **discard-image**
: Delete an image produced by **modify-template** [*NAME*]
**prepare-image** without commiting any changes
**modify-template** [*NAME*] **edit**
: Edit the XML document defining a template
**modify-template** [*NAME*] **rename** [*NEW-NAME*]
: Change the name of a template, and all of its clones
**modify-template** [*NAME*] **prepare-image**
: Create and/or run a clone that acts as a staging area for changes to
the `template's` actual image. For instance, you could update the
`template's` software by running **modify-template** [*NAME*]
**prepare-image**, updating the clone produced by this command,
shutting it down, and then running **modify-template** [*NAME*]
**commit-image**. This serves a twofold purpose - to prevent incidental
damage to an underlying image by providing a safe buffer to work in, and
to allow modifications to be safely prepared for an underlying image even
while that image has existing clones.
# CLONE COMMANDS
A description of the argument *SET* is described in the **SETS** section
below
**clone** [*NUMBER*]
: Invoke without any argument to produce a single clone. Supply a number
as an argument to specify the number of clones to create
**connect** [*SET*]
: Start any machine in *SET* that `isn't` already running. If any machine
in *SET* has spice graphics and spicy or virt-viewer is installed, use one
or the other (chosen by command-line option or configuration) to connect
to the graphical console
**destroy** [*SET*]
: Invoke virsh destroy on any running machine in *SET* (in other words, if
the domain is running forcibly turn it off)
**edit** [*NUMBER*]
: Edit the XML file of the clone with given number
**exec** [*SET*] [*command-string*]
: For every machine in *SET*, sequentially, execute the contents of the
command string in an environment where the following variables are defined
per clone: `"$uuid"`, `"$name"`, `"$disks"` (a newline delimited string
containing the machine's qcow2 disk device filepaths). This is done using
bash's eval command, so be sure to put any instances of these variables in
single quotes (double quotes inside the single quotes is best practice) or
they will not be set properly. If any instance of exec has a non-zero
return value, execution stops.
**list** [*ARG*]
: Without arguments, list all clones of the current template and their
state. With argument "all", provide list including all clones of every
template. With argument "xml", produce an XML document with information
about every template, their clones, and their state. The XML option
is not complete - its format is at this point defined only implicitly, by
the output of this command.
**resume** [*SET*]
: Resume any suspended machines in *SET*
**rm** [*SET*]
: Destroy every domain in *SET* (if running), undefine them and delete
their storage volumes
**rm-wipe** [*SET*]
: Destroy every domain in *SET* (if running), undefine them and wipe their
storage volumes using virsh
**rm-shred** [*SET*]
: Destroy every domain in *SET* (if running), undefine them and shred
their storage volumes
**save** [*SET*]
: Save execution state of every running domain in *SET* to file
**save-rm** [*SET*]
: Delete the state file associated with every machine in *SET*
**start** [*SET*]
: Start every machine in *SET* that is currently not running. For saved
domains, their state will be restored
**suspend** [*SET*]
: Suspend execution of every machine in *SET*
# OTHER COMMANDS
**check** [*TEMPLATE-NAME*]
: As described in the limitations section, there are ways that qq2clone
can lose track of a clone. If this happens, it will remain in qq2clone's
database, its ID number will remain reserved, and its image files may not
be deleted and take up space doing nothing. The **check** command
finds and fixes occurences of this problem. The *TEMPLATE-NAME* argument is
optional, and restricts the check to that template and its clones.
Otherwise, all templates are checked
**config** list, **config** info [*OPTION*], **config** edit [*OPTION*]
: List all configuration options and their current value, get info about a
particular option, or edit one
# SETS
*SET* is listed as an argument to many commands. *SET* simply describes a
set of virtual machines - clones of a given template. *SET* is a comma
delimited list with no whitespace. *SET* can be an individual machine or
several individual machines designated by number:
1 (Machine 1)
3,7 (Machines 3 and 7)
Machine numbers can be shown with **qq2clone** **list**. Ranges and
omitted values are supported as well:
1,2-5,^3 (Machines 1 and 2-5 excluding 3)
1-10,^3-7 (Machines 1-10 excluding 3-7)
Lastly, groups of machines can be addressed by their state:
all (All machines)
all,^running (All machines that aren't running)
^running,1-10 (Machines 1-10 except those that are running)
The possible states of a virtual machine are based on the states listed in
**man virsh**, with some modifications. States in qq2clone are:
all
crashed
idle
in-shutdown
off
paused
pmsuspended
running
saved
Specifying machines that do not exist will not cause an error: i.e.,
1-10 is a valid set even if only machines 3-7 exist. A set will only cause
an error if it is malformed, includes zero existing machines, contains no
machines that the command being invoked may act upon, or includes numbers
less than 1.
# CONFIG
There is no need to refer to the manual to understand configuration
options. Use "**qq2clone** config list" to see all options and their
current values, and "**qq2clone** config info [*OPTION*]" to get
information about a particular option. However, here is the same
information provided by **qq2clone** info for each option
TEMPLATE
> This template will be used for commands like clone, rm, destroy when
option \-\-template/\-t is not specified
>
> Default value: `'0'`
TEMPLATE_DIR
> This is the where template XML files will be kept
>
> Default value: `'${HOME}/storage-qq2clone/templates'`
QUIET
> If set to 1, most non-error output will be suppressed
>
> Default value: `'0'`
USE_SPICE
> If set to 1, attempt to connect
> to the spice graphics of a virtual machine by default when cloning it,
if it is configured to use spice graphics. qq2clone can do this using the
programs spicy and virt-viewer. If either is installed on your system
during the first run, the default value is `'1'` (enabled). Otherwise, the
default value is `'0'`
S_TIMEOUT
> Wait this many seconds before timing out when trying to connect to a
virtual `machine's` spice graphics.
>
> Default value: `'10'`
STORAGE
> The default location to store clone images when creating them. Changing
this location is fine, but it is a good idea to ensure that whatever
location you do choose is only used by qq2clone
>
> Default value: `'${HOME}/storage-qq2clone/qq2clone-pool'`
# EXAMPLES
**qq2clone** \-\-template Debian \-\-run \-\-virt-viewer clone
: Make a clone of Debian, run it, and connect to its spice graphics using
virt\-viewer. All of these options could have instead been defined in the
configuration, so that the entire command would be: **qq2clone** clone
**qq2clone** \-\-template Debian exec 3 'virsh console "$uuid"'
: Use virsh to connect to the serial console of template Debian's clone
with number 3 (as shown in **qq2clone** list)
**qq2clone** **modify-template** Debian *prepare-image*
: Create a clone of Debian that can be used as a staging area for
permanent changes to the backing template storage device
**qq2clone** **modify-template** Debian **commit-image**
: Commit changes to the image Debian staged with the previous command
**qq2clone** **copy-template** Debian Debian_2
: Copy the XML of template Debian, creating a new template with the same
backing storage device that you can edit as you please
# LIMITATIONS
The largest limitation of **qq2clone** is that it cannot protect your
template images from the actions of other software. If nothing else
touches a template's storage volumes, qq2clone can safely handle them
(barring unknown bugs or bad luck during a commit-image). However,
if something else alters the image upon which a template is based, its
existing clones may be corrupted and future clones may behave differently
than expected. It is the user's responsibility to understand this aspect
of copy on write and carefully manage template images. Future updates to
qq2clone may add features that give some additional protections, but this
risk is inherent to copy on write.
Libvirt has permissions errors when a storage pool is in a "hidden"
directory with a name beginning with "." and qcow2 files with backing files
are involved. This may be due to apparmor, or it may be an issue with
libvirt. It is unknown how widespread this issue is, but it is the reason
that the default directory storage-qq2clone does not start with '.'
If the UUID of a clone is changed, qq2clone will no longer be able to
track it and will not be able to perform commands on it anymore. This will
be addressed in the future using custom metadata in the libvirt domain
XML. If the user undefines a domain, this will obviously cause it to
disappear from qq2clone's perspective when it is turned off, creating a
discrepancy in its database. This can be fixed with **qq2clone** **check**.
qq2clone can only produce clones by making qcow2 image files. The backing
file need not be qcow2, but the images produced by qq2clone always will
be. This is unlikely to ever change - levaraging the features of qcow2 is
the entire purpose of qq2clone. If it does change, qq2clone will need a
new name.
qq2clone does not support creating images in pool types other than
directories, and attempting to use a machine as a template when it has
storage volumes in a non-directory pool is likely to fail or have
unexpected results. Support for some other pool types may be added in the
future.
qq2clone currently cannot copy storage volumes when importing a template
(it just references the originals), or when copying a template. This will
change in the future, and qq2clone will also be able to handle more complex
relationships between templates, clones and their images
# FILES
~/.config/qq2clone
: This document simply contains a string defining the location at which
qq2clone will store files, including the database containing the rest of
it configuration options. Currently, qq2clone cannot run without ${HOME}
being defined unless a few lines are altered to refer to a new location
~/storage-qq2clone
: Directory where qq2clone stores all files and binary executables. Can be
changed by modifying ~/.config/qq2clone. This directory is not
named "qq2clone" because (at least on Ubuntu 20.04) default Bash completion
scripts will see a file starting with "qq2clone" as well as a command in
PATH of that name, and fail to insert a space after "qq2clone"
when in the home directory. It does not start with a '.'
for the reasons described in the **LIMITATIONS** section above
~/storage-qq2clone/qq2clone.db
: sqlite3 database containing the configuration information for qq2clone,
as well as data about templates and clones
~/storage-qq2clone/qq2clone-pool
: Storage pool used for clone images, if the
\-\-storage option is not used when creating or saving a clone and the
option STORAGE is not changed in the configuration file
~/qq2clone/templates
: Directory in which template XML files are stored. These can be edited
manually, but it is more advisable to use **qq2clone** **modify-template**
[*template-name*] edit
# BUGS
As described in the options section, the implementation of the
\-\-quieter/\-Q option needs some work. Its current behavior is the
easiest functional approach without complicating the options parser, but it
will eventually be modified and become better behaved. In addition to the
previously described problem, very early error messages will not be
suppressed. Most likely, the solution is to implement a better options
parser and make it the first thing to run when executing qq2clone. However,
the impact of this bug is minimal and other improvements are likely to
come before this bug fix.
If you find any worse bugs, and I'm sure I missed some, please let me know
and I will fix them as time allows. Contact me at:
jgardner7289@protonmail.com
# EXIT VALUES
**10**
: No permission to access file or file doesn't exist
**11**
: Required software dependencies are not met (see description for a list),
or are cannot be found in PATH
**12**
: Invalid command line argument specified, or command specifies an invalid
action
**13**
: Problem with a template - i.e., specified template does not exist, or
import-template failed because template of specified name already exists
**14**
: Invocation of an external command failed
**15**
: Problem with a libvirt XML file
**16**
: Attempted action with a libvirt tool resulted in failure
**17**
: Could not establish graphical spice connection to machine before timeout
expired
**18**
: A file is of the wrong type or does not exist
**19**
: Unexpected error - a bug in qq2clone, or a highly unexpected failure of
some command