[ovirt-devel] Access to memory snapshots?
Nir Soffer
nsoffer at redhat.com
Thu Mar 17 12:28:27 UTC 2016
On Wed, Mar 16, 2016 at 9:56 PM, Matt Mossholder <matt at mossholder.com> wrote:
> Hi everyone!
> I am working on developing a plugin for the cuckoo sandbox
> (http://cuckoosandbox.org), that will allow users to select oVirt as a
> virtualiztion solution. I have it working, for the most part, but one area
> where I need some guidance is in retrieving memory images. I know that when
> you take a snapshot, you can request that the memory be stored as well.
>
> My issue is that I don't see a way to retrieve the memory, so that it
> can be feed into analysis tools like Volatility
> (http://www.volatilityfoundation.org/). Does anyone have any pointers for
> me?
Memory snapshots are stored in special ovirt disks images in shared storage.
I think the best way to access them is to attach the memory volume to another
vm as a disk, and accessing the disk contents from that vm. When you finish
with the disk you can hotunplug it from the vm.
We use similar way to backup volumes with regular disks, hopefully
this is possible
with memory volumes.
See https://www.ovirt.org/develop/release-management/features/storage/backup-restore-api-integration/
If this is not possible within engine, you can get access to the
memory volumes by
using the prepareImage and teardownImage apis using vdsClient.
1. find the memory snapshot volume uuids (available in vdsm log, look
for VM.snapshot)
probably available via engine apis
2. prepare the image
vdsClient -s 0 prepareImage ... (see online help for the arguments)
This returns the path to the image
3. read the data from the path using dd (it may be block device)
4. tear down the image
vdsClient -s 0 teardownImage ... (see online help for the arguments)
Note that doing this behind engine back is not a good idea, but it may
be good enough
for your use case.
In 4.0 you will have to ability to upload and download images using
http, this should
be the easiest way to access the memory volumes.
For more info you can check the ovirt-imageio project:
- https://www.ovirt.org/develop/release-management/features/image-upload/
- git clone https://gerrit.ovirt.org/ovirt-imageio
Nir
More information about the Devel
mailing list