Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-70566

[RFE] Add VM Generation ID (VMGenID) Support in OpenShift Virtualization

XMLWordPrintable

    • Product / Portfolio Work
    • 0.42
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None

      As a:
      Platform administrator running Microsoft Active Directory Domain Controllers inside OpenShift Virtualization

      I want:
      OpenShift Virtualization (KubeVirt) to expose and manage a VM Generation ID (VMGenID) device for virtual machines backed by QEMU/libvirt

      So that:
      Windows Server Domain Controllers and other VMGenID-aware applications can safely detect VM snapshot or clone rollbacks and prevent USN rollback or replication corruption during backup/restore workflows.

      Background / Context

      • QEMU already includes an emulated vmgenid device that provides a unique 128-bit identifier to guests.
      • libvirt (since v4.4) supports a <genid> XML element in domain definitions, enabling hypervisors to set and update the ID on clone/snapshot events.
      • However, KubeVirt/OpenShift Virtualization currently does not expose this device through its CRDs or controller logic, nor does it rotate the ID on snapshot/restore.
      • This limitation prevents proper Active Directory rollback detection when restoring from infrastructure-level snapshots or backups.
      • API/CRD Support
        • Extend the VirtualMachine CRD with a new feature flag, e.g.:
          spec:domain:features:vmgenid: {}
        • The controller auto-generates and persists a GUID for each VM.
      • Lifecycle Integration
        • On VM snapshot, clone, or restore, the controller regenerates the VMGenID and updates the running QEMU domain via libvirt.
        • Ensure correct persistence across VM restarts and migrations.
      • QEMU/Libvirt Implementation
        • Verify the generated GUID is injected into the domain XML via <genid> and passed to QEMU’s -device vmgenid.
      • Guest Validation
        • Windows Server 2012 R2+ guests running dsamain/AD DS detect GUID changes and reset invocation ID automatically.
        • Manual validation: event ID 1109 appears in Directory Service log after a VMGenID change.
      • Backward Compatibility
        • Feature is optional and disabled by default to avoid affecting existing workloads.
        • Older guests or non-Windows VMs are unaffected.
      • Documentation / Operator UX
        • Add guidance in OpenShift Virtualization docs explaining:
          • VMGenID purpose and usage
          • Required Windows versions
          • Backup/restore workflows (e.g., Rubrik VSS integration)

      Technical Notes

      • Leverage QEMU’s native vmgenid device (hw/acpi/vmgenid.c).
      • Use libvirt’s <genid> XML element for state storage.
      • On snapshot/restore events, trigger a new UUID generation within the KubeVirt controller.
      • Maintain ID persistence in the VM’s annotations or status field for auditability.
      • Validate against existing migration logic and CDI image imports.

       

              tnisan@redhat.com Tal Nisan
              rhn-support-jhowell William Howell
              Kedar Bidarkar Kedar Bidarkar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: