mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
46e59e9535c2fcd1c188464b5249a249f22af1a0
libguestfs/sysprep/virt-sysprep.pod
Richard W.M. Jones 05d4fcb64d Update copyright dates for 2019. 
This command run over the source:

perl -pi.bak -e 's/(20[01][0-9])-2018/$1-2019/g' `git ls-files`
2019-01-08 11:58:30 +00:00

644 lines
18 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
=head1 NAME
virt-sysprep - Reset, unconfigure or customize a virtual machine so clones can be made
=head1 SYNOPSIS
virt-sysprep [--options] -d domname
virt-sysprep [--options] -a disk.img [-a disk.img ...]
=head1 DESCRIPTION
Virt-sysprep can reset or unconfigure a virtual machine so that
clones can be made from it. Steps in this process include removing
SSH host keys, removing persistent network MAC configuration, and
removing user accounts. Virt-sysprep can also customize a virtual
machine, for instance by adding SSH keys, users or logos. Each step
can be enabled or disabled as required.
Virt-sysprep modifies the guest or disk image I<in place>. The guest
must be shut down. If you want to preserve the existing contents of
the guest, I<you must snapshot, copy or clone the disk first>. See
L</COPYING AND CLONING> below.
You do I<not> need to run virt-sysprep as root. In fact we'd
generally recommend that you don't. The time you might want to run it
as root is when you need root in order to access the disk image, but
even in this case it would be better to change the permissions on the
disk image to be writable as the non-root user running virt-sysprep.
"Sysprep" stands for "system preparation" tool. The name comes from
the Microsoft program F<sysprep.exe> which is used to unconfigure
Windows machines in preparation for cloning them. Having said that,
virt-sysprep does I<not> currently work on Microsoft Windows guests.
We plan to support Windows sysprepping in a future version, and we
already have code to do it.
=head1 OPTIONS
=over 4
=item B<--help>
Display brief help.
=item B<-a> file
=item B<--add> file
Add I<file> which should be a disk image from a virtual machine.
The format of the disk image is auto-detected. To override this and
force a particular format use the I<--format> option.
=item B<-a> URI
=item B<--add> URI
Add a remote disk. The URI format is compatible with guestfish.
See L<guestfish(1)/ADDING REMOTE STORAGE>.
=item B<--colors>
=item B<--colours>
Use ANSI colour sequences to colourize messages. This is the default
when the output is a tty. If the output of the program is redirected
to a file, ANSI colour sequences are disabled unless you use this
option.
=item B<-c> URI
=item B<--connect> URI
If using libvirt, connect to the given I<URI>. If omitted, then we
connect to the default libvirt hypervisor.
If you specify guest block devices directly (I<-a>), then libvirt is
not used at all.
=item B<-d> guest
=item B<--domain> guest
Add all the disks from the named libvirt guest. Domain UUIDs can be
used instead of names.
=item B<-n>
=item B<--dry-run>
Perform a read-only "dry run" on the guest. This runs the sysprep
operation, but throws away any changes to the disk at the end.
=item B<--enable> operations
Choose which sysprep operations to perform. Give a comma-separated
list of operations, for example:
--enable ssh-hostkeys,udev-persistent-net
would enable ONLY C<ssh-hostkeys> and C<udev-persistent-net> operations.
If the I<--enable> option is not given, then we default to trying most
sysprep operations (see I<--list-operations> to show which are
enabled).
Regardless of the I<--enable> option, sysprep operations are skipped
for some guest types.
Use I<--list-operations> to list operations supported by a particular
version of virt-sysprep.
See L</OPERATIONS> below for a list and an explanation of each
operation.
=item B<--operation> operations
=item B<--operations> operations
Choose which sysprep operations to perform. Give a comma-separated
list of operations, for example:
--operations ssh-hostkeys,udev-persistent-net
would enable ONLY C<ssh-hostkeys> and C<udev-persistent-net> operations.
I<--operations> allows you to enable and disable any operation, including
the default ones (which would be tried when specifying neither
I<--operations> nor I<--enable>) and all the available ones; prepending
a C<-> in front of an operation name removes it from the list of enabled
operations, while the meta-names C<defaults> and C<all> represent
respectively the operations enabled by default and all the available ones.
For example:
--operations firewall-rules,defaults,-tmp-files
would enable the C<firewall-rules> operation (regardless whether it is enabled by
default), all the default ones, and disable the C<tmp-files> operation.
I<--operations> can be specified multiple times; the first time the set
of enabled operations is empty, while any further I<--operations> affects
the operations enabled so far.
If the I<--operations> option is not given, then we default to trying most
sysprep operations (see I<--list-operations> to show which are
enabled).
Regardless of the I<--operations> option, sysprep operations are skipped
for some guest types.
Use I<--list-operations> to list operations supported by a particular
version of virt-sysprep.
See L</OPERATIONS> below for a list and an explanation of each
operation.
=item B<--echo-keys>
When prompting for keys and passphrases, virt-sysprep normally turns
echoing off so you cannot see what you are typing. If you are not
worried about Tempest attacks and there is no one else in the room
you can specify this flag to see what you are typing.
=item B<--format> raw|qcow2|..
=item B<--format> auto
The default for the I<-a> option is to auto-detect the format of the
disk image. Using this forces the disk format for I<-a> options which
follow on the command line. Using I<--format auto> switches back to
auto-detection for subsequent I<-a> options.
For example:
virt-sysprep --format raw -a disk.img
forces raw format (no auto-detection) for F<disk.img>.
virt-sysprep --format raw -a disk.img --format auto -a another.img
forces raw format (no auto-detection) for F<disk.img> and reverts to
auto-detection for F<another.img>.
If you have untrusted raw-format guest disk images, you should use
this option to specify the disk format. This avoids a possible
security problem with malicious guests (CVE-2010-3851).
=item B<--key> SELECTOR
Specify a key for LUKS, to automatically open a LUKS device when using
the inspection. C<SELECTOR> can be in one of the following formats:
=over 4
=item B<--key> C<DEVICE>:key:KEY_STRING
Use the specified C<KEY_STRING> as passphrase.
=item B<--key> C<DEVICE>:file:FILENAME
Read the passphrase from F<FILENAME>.
=back
=item B<--keys-from-stdin>
Read key or passphrase parameters from stdin. The default is
to try to read passphrases from the user by opening F</dev/tty>.
=item B<--list-operations>
List the operations supported by the virt-sysprep program.
These are listed one per line, with one or more single-space-separated
fields, eg:
$ virt-sysprep --list-operations
bash-history * Remove the bash history in the guest
cron-spool * Remove user at-jobs and cron-jobs
dhcp-client-state * Remove DHCP client leases
dhcp-server-state * Remove DHCP server leases
[etc]
The first field is the operation name, which can be supplied
to I<--enable>. The second field is a C<*> character if the
operation is enabled by default or blank if not. Subsequent
fields on the same line are the description of the operation.
Before libguestfs 1.17.33 only the first (operation name) field was
shown and all operations were enabled by default.
=item B<--mount-options> mp:opts[;mp:opts;...]
Set the mount options used when libguestfs opens the disk image. Note
this has no effect on the guest. It is used when opening certain
guests such as ones using the UFS (BSD) filesystem.
Use a semicolon-separated list of C<mountpoint:options> pairs.
You may need to quote this list to protect it from the shell.
For example:
--mount-options "/:noatime"
will mount the root directory with C<notime>. This example:
--mount-options "/:noatime;/var:rw,nodiratime"
will do the same, plus mount F</var> with C<rw,nodiratime>.
=item B<-q>
=item B<--quiet>
Dont print log messages.
To enable detailed logging of individual file operations, use I<-x>.
=item B<--network>
=item B<--no-network>
Enable or disable network access from the guest during the installation.
In virt-sysprep, the network is I<disabled> by default. You must use
I<--network> to enable it, in order that options such as I<--install>
or I<--update> will work.
L<virt-builder(1)> has more information about the security advantages
of disabling the network.
=item B<-v>
=item B<--verbose>
Enable verbose messages for debugging.
=item B<-V>
=item B<--version>
Display version number and exit.
=item B<-x>
Enable tracing of libguestfs API calls.
__EXTRA_OPTIONS__
=back
=head1 OPERATIONS
If the I<--enable>/I<--operations> option is I<not> given,
then most sysprep operations are enabled.
Use C<virt-sysprep --list-operations> to list all operations for your
virt-sysprep binary. The ones which are enabled by default are marked
with a C<*> character. Regardless of the I<--enable>/I<--operations>
options, sysprep operations are skipped for some guest types.
Operations can be individually enabled using the
I<--enable>/I<--operations> options.
Use a comma-separated list, for example:
virt-sysprep --operations ssh-hostkeys,udev-persistent-net [etc..]
Future versions of virt-sysprep may add more operations. If you are
using virt-sysprep and want predictable behaviour, specify only the
operations that you want to have enabled.
C<*> = enabled by default when no I<--enable>/I<--operations> option
is given.
__OPERATIONS__
=head1 COPYING AND CLONING
Virt-sysprep can be used as part of a process of cloning guests, or to
prepare a template from which guests can be cloned. There are many
different ways to achieve this using the virt tools, and this section
is just an introduction.
A virtual machine (when switched off) consists of two parts:
=over 4
=item I<configuration>
The configuration or description of the guest. eg. The libvirt
XML (see C<virsh dumpxml>), the running configuration of the guest,
or another external format like OVF.
Some configuration items that might need to be changed:
=over 4
=item *
name
=item *
UUID
=item *
path to block device(s)
=item *
network card MAC address
=back
=item I<block device(s)>
One or more hard disk images, themselves containing files,
directories, applications, kernels, configuration, etc.
Some things inside the block devices that might need to be changed:
=over 4
=item *
hostname and other net configuration
=item *
UUID
=item *
SSH host keys
=item *
Windows unique security ID (SID)
=item *
Puppet registration
=back
=back
=head2 COPYING THE BLOCK DEVICE
Starting with an original guest, you probably wish to copy the guest
block device and its configuration to make a template. Then once you
are happy with the template, you will want to make many clones from
it.
virt-sysprep
|
v
original guest --------> template ---------->
\------> cloned
\-----> guests
\---->
You can, of course, just copy the block device on the host using
L<cp(1)> or L<dd(1)>.
dd dd
original guest --------> template ---------->
\------> cloned
\-----> guests
\---->
There are some smarter (and faster) ways too:
snapshot
template ---------->
\------> cloned
\-----> guests
\---->
You may want to run virt-sysprep twice, once to reset the guest (to
make a template) and a second time to customize the guest for a
specific user:
virt-sysprep virt-sysprep
(reset) (add user, keys, logos)
| |
dd v dd v
original guest ----> template ---------> copied ------> custom
template guest
=over 4
=item *
Create a snapshot using qemu-img:
qemu-img create -f qcow2 -o backing_file=original snapshot.qcow
The advantage is that you dont need to copy the original (very fast)
and only changes are stored (less storage required).
Note that writing to the backing file once you have created guests on
top of it is not possible: you will corrupt the guests.
=item *
Create a snapshot using C<lvcreate --snapshot>.
=item *
Other ways to create snapshots include using filesystems-level tools
(for filesystems such as btrfs).
Most Network Attached Storage (NAS) devices can also create cheap
snapshots from files or LUNs.
=item *
Get your NAS to duplicate the LUN. Most NAS devices can also
duplicate LUNs very cheaply (they copy them on-demand in the
background).
=item *
Prepare your template using L<virt-sparsify(1)>. See below.
=back
=head2 VIRT-CLONE
A separate tool, L<virt-clone(1)>, can be used to duplicate the block
device and/or modify the external libvirt configuration of a guest.
It will reset the name, UUID and MAC address of the guest in the
libvirt XML.
L<virt-clone(1)> does not use libguestfs and cannot look inside the
disk image. This was the original motivation to write virt-sysprep.
=head2 SPARSIFY
virt-sparsify
original guest --------> template
L<virt-sparsify(1)> can be used to make the cloning template smaller,
making it easier to compress and/or faster to copy.
Notice that since virt-sparsify also copies the image, you can use it
to make the initial copy (instead of C<dd>).
=head2 RESIZE
virt-resize
template ---------->
\------> cloned
\-----> guests
\---->
If you want to give people cloned guests, but let them pick the size
of the guest themselves (eg. depending on how much they are prepared
to pay for disk space), then instead of copying the template, you can
run L<virt-resize(1)>. Virt-resize performs a copy and resize, and
thus is ideal for cloning guests from a template.
=head1 FIRSTBOOT VS SCRIPT
The two options I<--firstboot> and I<--script> both supply shell
scripts that are run against the guest. However these two options are
significantly different.
I<--firstboot script> uploads the file C<script> into the guest
and arranges that it will run, in the guest, when the guest is
next booted. (The script will only run once, at the "first boot").
I<--script script> runs the shell C<script> I<on the host>, with its
current directory inside the guest filesystem.
If you needed, for example, to C<yum install> new packages, then you
I<must not> use I<--script> for this, since that would (a) run the
C<yum> command on the host and (b) wouldn't have access to the same
resources (repositories, keys, etc.) as the guest. Any command that
needs to run on the guest I<must> be run via I<--firstboot>.
On the other hand if you need to make adjustments to the guest
filesystem (eg. copying in files), then I<--script> is ideal since (a)
it has access to the host filesystem and (b) you will get immediate
feedback on errors.
Either or both options can be used multiple times on the command line.
=head1 SECURITY
Although virt-sysprep removes some sensitive information from the
guest, it does not pretend to remove all of it. You should examine
the L</OPERATIONS> above and the guest afterwards.
Sensitive files are simply removed. The data they contained may still
exist on the disk, easily recovered with a hex editor or undelete
tool. The I<--scrub> option can be used to scrub files instead of
just deleting them. L<virt-sparsify(1)> is another way to remove this
content. See also the L<scrub(1)> command to get rid of deleted
content in directory entries and inodes.
=head2 RANDOM SEED
I<(This section applies to Linux guests only)>
For supported guests, virt-sysprep writes a few bytes of randomness
from the host into the guests random seed file.
If this is just done once and the guest is cloned from the same
template, then each guest will start with the same entropy, and things
like SSH host keys and TCP sequence numbers may be predictable.
Therefore you should arrange to add more randomness I<after> cloning
from a template too, which can be done by enabling just the customize
module:
cp template.img newguest.img
virt-sysprep --enable customize -a newguest.img
=head1 SELINUX
For guests which make use of SELinux, special handling for them might
be needed when using operations which create new files or alter
existing ones.
For further details, see L<virt-builder(1)/SELINUX>.
=head1 WINDOWS 8
Windows 8 "fast startup" can prevent virt-sysprep from working.
See L<guestfs(3)/WINDOWS HIBERNATION AND WINDOWS 8 FAST STARTUP>.
=head1 EXIT STATUS
This program returns 0 on success, or 1 if there was an error.
=head1 ENVIRONMENT VARIABLES
=over 4
=item C<VIRT_TOOLS_DATA_DIR>
This can point to the directory containing data files used for Windows
firstboot installation.
Normally you do not need to set this. If not set, a compiled-in
default will be used (something like F</usr/share/virt-tools>).
This directory may contain the following files:
=over 4
=item F<rhsrvany.exe>
This is the RHSrvAny Windows binary, used to install a "firstboot"
script in Windows guests. It is required if you intend to use the
I<--firstboot> or I<--firstboot-command> options with Windows guests.
See also: C<https://github.com/rwmjones/rhsrvany>
=item F<pvvxsvc.exe>
This is a Windows binary shipped with SUSE VMDP, used to install a "firstboot"
script in Windows guests. It is required if you intend to use the
I<--firstboot> or I<--firstboot-command> options with Windows guests.
=back
=back
For other environment variables, see L<guestfs(3)/ENVIRONMENT VARIABLES>.
=head1 SEE ALSO
L<guestfs(3)>,
L<guestfish(1)>,
L<virt-builder(1)>,
L<virt-clone(1)>,
L<virt-customize(1)>,
L<virt-rescue(1)>,
L<virt-resize(1)>,
L<virt-sparsify(1)>,
L<virsh(1)>,
L<lvcreate(8)>,
L<qemu-img(1)>,
L<scrub(1)>,
L<http://libguestfs.org/>,
L<http://libvirt.org/>.
=head1 AUTHORS
Richard W.M. Jones L<http://people.redhat.com/~rjones/>
Wanlong Gao, Fujitsu Ltd.
=head1 COPYRIGHT
Copyright (C) 2011-2019 Red Hat Inc.
Copyright (C) 2012 Fujitsu Ltd.
Reference in New Issue View Git Blame Copy Permalink