Skip to content

Change VM disk format from raw to qcow2 with 100GB virtual size#591

Merged
matusmarhefka merged 3 commits intoRHSecurityCompliance:mainfrom
Arden97:qcow2_disks
Apr 17, 2026
Merged

Change VM disk format from raw to qcow2 with 100GB virtual size#591
matusmarhefka merged 3 commits intoRHSecurityCompliance:mainfrom
Arden97:qcow2_disks

Conversation

@Arden97
Copy link
Copy Markdown
Contributor

@Arden97 Arden97 commented Apr 15, 2026
edited
Loading

Description

Changed VM disk creation from 20GB raw format to 100GB qcow2 format with metadata preallocation

Rationale:

  • GUI installations require more disk space
  • virt-install cannot pass preallocation options to qemu-img
  • preallocation=metadata provides near-raw performance with minimal overhead
  • /var/log/audit size reduction hack in translate_ssg_kickstart() is no longer needed with 100GB virtual space
  • Fix Always create VMs with qcow2 disks #559

Review hints

  • /hardening/oscap/stig check was successfully run on the remote TF machine, disk pre-creation with appropriate 100 GB size was verified

@Arden97 Arden97 requested a review from matusmarhefka April 15, 2026 09:04
comps
comps reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@comps comps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few small comments.

Also, @matusmarhefka recently made #586 which introduces 30GB images and some hacks to make large partitions work. Should they also be increased to 100 GB, for consistency? Can any of the hacks be now removed, or are we waiting for OpenSCAP blueprint adjustments (#587)?

Comment thread lib/virt.py Outdated
Comment thread lib/virt.py
@matusmarhefka
Copy link
Copy Markdown
Contributor

matusmarhefka commented Apr 16, 2026

I left a few small comments.

Also, @matusmarhefka recently made #586 which introduces 30GB images and some hacks to make large partitions work. Should they also be increased to 100 GB, for consistency? Can any of the hacks be now removed, or are we waiting for OpenSCAP blueprint adjustments (#587)?

Actually yes, the disk image file generated by composer-cli is sparse so we can update

contest/lib/osbuild.py

Lines 41 to 44 in 183e64c

# composer-cli compose start --size: disk image size in MiB.
# 30 GiB should be enough for all profiles, e.g. STIG which uses 10 GiB
# /var/log/audit partition because of DISA requirements.
QCOW2_IMAGE_SIZE_MIB = 30 * 1024

to allocate even 100 GB:

QCOW2_IMAGE_SIZE_MIB = 100 * 1024

But the partitioning_mode = "raw" still needs to be set (until OpenSCAP/openscap#2334 is resolved), otherwise the / partition won't be able to grow when IB composes an image and we might encounter No space left on device issues with some profiles like STIG.

@Arden97
Copy link
Copy Markdown
Contributor Author

Arden97 commented Apr 17, 2026

PR was verified by custom productization pipeline

matusmarhefka
matusmarhefka approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@matusmarhefka matusmarhefka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

matusmarhefka
matusmarhefka reviewed Apr 17, 2026
View reviewed changes
Comment thread lib/virt.py Outdated
@matusmarhefka matusmarhefka merged commit edcf58d into RHSecurityCompliance:main Apr 17, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@comps comps comps left review comments

@matusmarhefka matusmarhefka matusmarhefka approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Always create VMs with qcow2 disks

3 participants

@Arden97 @matusmarhefka @comps