avoid redundant writing of virus scan signatures in VMs on same disk

schf1919 asked:

I have two VMs on the same disk that each have clamav installed. Both regularly run updates for the same virus scan signatures
simultaneously which results in an unnecessary strain on the performance of the disk every time.
Since those are the same signatures that are downloaded, I want to reduce the redundancy in that case.

The initial idea was to let them share a virtual disk where those signatures are downloaded once,
so the VMs just read them from there. Therefore, only one VM needs a write access to the disk for downloading while the other has readonly access.

I attached the virtual disk to the first VM with:
$ virsh attach-disk <VM1> <virtDisk> vdb --cache none

However, while trying to attach the same virtual disk to the second VM, after attaching it to the first successfully, with:
$ virsh attach-disk <VM2> <virtDisk> vdb --cache none --mode readonly

the error
unable to execute QEMU command 'device-add': Failed to get shared "write" lock
occurred.
Is it just not possible that way or am I missing an option?

What would be the best way to share those signatures between VMs for that purpose?

My answer:


A hypervisor will not support sharing a virtual storage to two different virtual machines simultaneously. It does not make sense to do so, since it would be impossible for one VM (or possibly both) to have a consistent view of the storage, even if one is "read only". The guest OS will not be expecting anything else to write to the storage.

To share storage between virtual machines, use an existing solution such as NFS or iSCSI which are designed for this purpose, or a clustered filesystem if you really want to make it far more complicated than your use case really needs.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.