How to declare a drive read-only for a vm?

skraw

Well-Known Member
Aug 13, 2019
77
1
48
57
Hello,

I try to protect a (second) drive of some vm. With qemu/virt-manager it was easy to flag a drive read-only. But I cannot find a corresponding option in proxmox. How can I do that?
The drive is an nfs-mounted raw file, btw.
--
Regards
Stephan
 
This is currently not possible. QEMU itself supports it, so technically you could add a drive, run qm showcmd VMID --pretty, and put the corresponding '-drive' and '-device' blocks (with 'read-only=on' added to '-drive') as 'args:' in your VM config (and remove drive options themselves), but this could potentially break any number of other storage related things, since PVE will no longer know that the drive is connected to your VM.

You can open a bug report in our bug tracker if you want: https://bugzilla.proxmox.com
 
One would prefer an solution inside proxmox GUI of course. Fiddling with the file base isn't really that transparent in this case. I was pretty astonished though that libvirt/virt-manager supports this out-of-the-box (and it was often used in my environment) whereas here it isn't even something to think about ...
 
What I used often in kiosk systems was the immutable flag, that allows writes to the drive but it gets reset every time the machine boots up. Technically, this was done via a QCOW2 file overlay that stored the changes.
 
That's really not our use case. We use read-only drives often as backups where you can examine an older setup, and you must not be able to write anything there, even if it is thrown away afterwards. Else you cannot judge if the status is as it was when this snapshot was done.
 
That's really not our use case. We use read-only drives often as backups where you can examine an older setup, and you must not be able to write anything there, even if it is thrown away afterwards. Else you cannot judge if the status is as it was when this snapshot was done.

If this is an requirement in Windows, you can use ZFS with snapshots and export them via Samba. This works perfectly and is integrated into the "file history" stuff in windows.
 
Lets simply end with the fact that proxmox does not have the feature (compared to libvirt/virt-manager) although it would be dead simple to implement.
In our case there is no wind*ws involved.
 
Well, easy-going to tell that. But if you already happen to follow quite a lot of the important projects there is not much spare time left. And honestly I would not start at this topic, but rather with
- why does a proxmox cluster node change its ssh keys on occasion (happened 3 times during the last weeks)
(no more migration possible then, first remove old key, re-login and answer "yes" to save new key)
- why does corosync not allow to change mtu in config during runtime, but pmtud is allowed to change it on the fly?
- why does a whole ha-group go in failure-state (vms running) sometimes?
(can only be cleared by deleting the group and re-adding vms to new group)
- the vms listed in the search tab show a relative percentage of RAM usage, but no absolute value (e.g. in GB).
(prevents recognising the top RAM users, additionally high percentage says absolutely nothing in a linux guest)
- why is the vm list to the left always id-sorted? Nobody outside the proxmox software cares about the id, its the _name_ you give a vm that you want to find.. (true for all lists btw)
- a combined load tab of all vms (load for every single vm) would be great. There one could see if some (or all) peak some time during the day/night and who's to blame, same for RAM usage.
- add your favourite problem here :)
 
I didn't mean to urge you to submit a patch yourself, it was just a suggestion. A feature request would suffice and increase the probability that it lands in a future version of Proxmox. We also have limited resources, so we cannot keep track of feature requests in the forum, that's what the bugzilla is for.
 
Stay serious, please. You are already the second staff member that read this thread. And none of the two found it worth the time making a feature request for it. If that is an easy process, it should likely take just as long as answering in the thread - for you. For me on the other hand - since I am new here - everything takes at least double time. Still I am just evaluating the product and comparing to others. I am just telling what looks strange to me - or missing.
 
As you are new here, you should learn how the project and the community is working. so please follow the standard procedures and if you have a feature request, please file it on the right place.
 
For that, a feature request exists, but is in a "wontfix" state:
it is actually in a 'postponed' state as it would be nice to have, but not so easy to implement and nobody had time to do it yet
 
So there are no coders in your staff? Alphabetical sorting of a given list is "not so easy to implement" ?!?
(sorry, couldn't resist)
 
Can you please elaborate what that means. "containers" like "LXC containers" ? We have none in the setup.
We are talking about the vm list on the left of the web gui... (as an example)
 
We are talking about the vm list on the left of the web gui... (as an example)

Sorry, I misunderstood you, you want to sort them by name. The thing is even more weird if you have containers and VMs, because they're sorted by type, then by id.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!