3 Back in 2008 we faced a pressing problem with virtualization:
4 How do we look at what's going on inside a virtual machine?
6 [diagram of components of a VM]
8 Let's step back: what is a virtual machine? In nuts and bolts terms,
9 it's a big file or partition containing a disk image, and when it's
10 running, it's a complicated emulation of CPUs, memory, and virtual
11 devices like network cards. It's interesting and necessary to be able
12 to look inside all of those things. ("How many packets are coming out
13 of the virtual network card?" "How is the virtual CPU coping with the
14 load?"). But for the purpose of this talk I'm just going to talk
15 about looking inside that disk image.
19 The disk image has a rich internal structure: a Master Boot Record; a
20 boot partition; LVM, which has its own internal structures.
22 What might we want to do with the disk image? Clone the machine,
23 changing a few config files like the hostname. Edit grub.conf in a VM
24 which isn't booting. Audit a VM to find out what licensed software is
25 installed. Is the VM running out of disk space? Offline resizing or
26 backups. Make a new virtual machine from scratch ...
30 In 2008 you could look inside the disk image. First of all you'd need
31 to be root. Then you could run a command line tool called 'kpartx'
32 which splits the disk image partitions into device mapper devices
33 (this is why you need to be root). These are actually global devices
34 on your host, visible to everyone. If you're lucky, LVM on the host
35 might find the volume groups located in the disk image, but you might
36 have to adjust the global host LVM configuration to get that to work.
37 If you're unlucky, those could conflict with volume groups already in
40 So if you are root, you should usually be able to mount a guest disk
41 in the host. If your program crashes, of course, it will leave
42 unattached device mapper devices, loopback devices and mount points on
45 It's not clear from a security point of view if mounting untrusted
46 guest devices on the host as root is a good idea.
48 That said, kpartx is a useful tool if: you are already root on the
49 host, you just want to mount a partition, it's ad hoc (no scripting),
50 you can clean up if you make a mistake, and if you can trust the
53 So we considered how we could improve this process and provide
56 You shouldn't need to be root: If you have a word-processor document,
57 you don't need to be root to edit that document. If you have a JPEG
58 file, you don't need to run GIMP as root to crop it. So why are disk
59 image files any different? You should be able to modify disk images
60 from CGI scripts, or from shell scripts. You shouldn't have to clean
61 up after it. There should be no gotchas or corner cases where it
64 [libguestfs, list of languages, list of names of tools]
66 What is libguestfs? An API for creating, accessing, manipulating and
67 modifying filesystems and disk images. Access from many different
68 programming languages, or the command line. A set of useful tools.
69 And applications built on top.
71 Today is going to be mainly a demonstration of what can be
72 done with libguestfs and the tools we've built around this.
74 [demonstration slide: guestfish on a VM]
76 "Guestfish" is the "guest filesystem interactive shell", and you
77 can just run it on any disk image you happen to find. You don't
78 need to be root, unless you need root to access that particular
79 image. In this case, the image is just a local file so I don't
82 You can see this image is a Linux virtual machine of some sort.
86 We can use the "cat" command to look for some identification:
89 ><fs> cat /etc/redhat-release
90 ><fs> cat /etc/debian_version
92 We can also edit files. For example, we can edit the /etc/issue
93 file to change the console login message:
97 Guestfish is the shell-scripting interface to the libguestfs API.
98 It exposes the entire API, and as you can see that's quite large:
102 Since the API is quite daunting, we do offer an overview of the
103 whole API in the man page. So I won't go through that here, but
104 I'll just mention a few points.
106 Listing the mount points:
110 Listing the LVM configuration:
116 There are also commands for creating and resizing and deleting
119 All the usual file copy, linking, edit, move, make directory, list
120 files etc. commands are available.
122 [demonstration slide: equivalent in languages]
124 And all of this is also available through the language bindings, so
125 you can, as an example, write a non-root CGI script in Python that has
126 full access to the API.
128 This Perl script shows the kind of ad hoc querying (and modifications)
129 that are possible using libguestfs and Augeas.
137 [demonstration slide: guestfish on a Fedora installation CD]
139 We're not limited to hard disk images. Floppy images, CD ISOs, and
140 memory cards can all be handled.
147 mount-loop /cd/LiveOS/squashfs.img /squash
152 Guestfish and the language bindings are quite low level. On top
153 of this base we've built a number of more useful high level tools.
155 [demonstration slide: virt-df]
157 [demonstration slide: virt-inspector]
159 You can see there are possibilities for auditing, inventory
166 [demonstration slide: virt-win-reg]
168 [demonstration slide: guestmount]
170 [demonstration slide: guestmount, Windows and hivexsh]
174 Red Hat: last year R&D 20.2% of revenue (18% over last 5 years)
175 $130 million per year