Provided by: libguestfs-tools_1.24.5-1ubuntu0.1_amd64 
NAME
virt-sysprep - Reset, unconfigure or customize a virtual machine so clones can be made
SYNOPSIS
virt-sysprep [--options] -d domname
virt-sysprep [--options] -a disk.img [-a disk.img ...]
DESCRIPTION
Virt-sysprep can reset or unconfigure a virtual machine so that clones can be made from it. Steps in
this process include removing SSH host keys, removing persistent network MAC configuration, and removing
user accounts. Virt-sysprep can also customize a virtual machine, for instance by adding SSH keys, users
or logos. Each step can be enabled or disabled as required.
Virt-sysprep modifies the guest or disk image in place. The guest must be shut down. If you want to
preserve the existing contents of the guest, you must snapshot, copy or clone the disk first. See
"COPYING AND CLONING" below.
You do not need to run virt-sysprep as root. In fact we'd generally recommend that you don't. The time
you might want to run it as root is when you need root in order to access the disk image, but even in
this case it would be better to change the permissions on the disk image to be writable as the non-root
user running virt-sysprep.
"Sysprep" stands for "system preparation" tool. The name comes from the Microsoft program "sysprep.exe"
which is used to unconfigure Windows machines in preparation for cloning them. Having said that, virt-
sysprep does not currently work on Microsoft Windows guests. We plan to support Windows sysprepping in a
future version, and we already have code to do it.
OPTIONS
--help
Display brief help.
-a file
--add file
Add file which should be a disk image from a virtual machine.
The format of the disk image is auto-detected. To override this and force a particular format use
the --format option.
-a URI
--add URI
Add a remote disk. The URI format is compatible with guestfish. See "ADDING REMOTE STORAGE" in
guestfish(1).
-c URI
--connect URI
If using libvirt, connect to the given URI. If omitted, then we connect to the default libvirt
hypervisor.
If you specify guest block devices directly (-a), then libvirt is not used at all.
-d guest
--domain guest
Add all the disks from the named libvirt guest. Domain UUIDs can be used instead of names.
-n
--dry-run
Perform a read-only "dry run" on the guest. This runs the sysprep operation, but throws away any
changes to the disk at the end.
--enable operations
Choose which sysprep operations to perform. Give a comma-separated list of operations, for example:
--enable ssh-hostkeys,udev-persistent-net
would enable ONLY "ssh-hostkeys" and "udev-persistent-net" operations.
If the --enable option is not given, then we default to trying most sysprep operations (see
--list-operations to show which are enabled).
Regardless of the --enable option, sysprep operations are skipped for some guest types.
Use --list-operations to list operations supported by a particular version of virt-sysprep.
See "OPERATIONS" below for a list and an explanation of each operation.
--format raw|qcow2|..
--format auto
The default for the -a option is to auto-detect the format of the disk image. Using this forces the
disk format for -a options which follow on the command line. Using --format auto switches back to
auto-detection for subsequent -a options.
For example:
virt-sysprep --format raw -a disk.img
forces raw format (no auto-detection) for "disk.img".
virt-sysprep --format raw -a disk.img --format auto -a another.img
forces raw format (no auto-detection) for "disk.img" and reverts to auto-detection for "another.img".
If you have untrusted raw-format guest disk images, you should use this option to specify the disk
format. This avoids a possible security problem with malicious guests (CVE-2010-3851).
--list-operations
List the operations supported by the virt-sysprep program.
These are listed one per line, with one or more single-space-separated fields, eg:
$ virt-sysprep --list-operations
bash-history * Remove the bash history in the guest
cron-spool * Remove user at-jobs and cron-jobs
dhcp-client-state * Remove DHCP client leases
dhcp-server-state * Remove DHCP server leases
[etc]
The first field is the operation name, which can be supplied to --enable. The second field is a "*"
character if the operation is enabled by default or blank if not. Subsequent fields on the same line
are the description of the operation.
Before libguestfs 1.17.33 only the first (operation name) field was shown and all operations were
enabled by default.
--mount-options mp:opts[;mp:opts;...]
Set the mount options for each mountpoint in the guest. Use a semicolon-separated list of
"mountpoint:options" pairs. You may need to quote this list to protect it from the shell.
For example:
--mount-options "/:noatime"
will mount the root directory with "notime". This example:
--mount-options "/:noatime;/var:rw,nodiratime"
will do the same, plus mount "/var" with "rw,nodiratime".
-q
--quiet
Don't print log messages.
To enable detailed logging of individual file operations, use -x.
--selinux-relabel
--no-selinux-relabel
--selinux-relabel forces SELinux relabelling next time the guest boots. --no-selinux-relabel
disables relabelling.
The default is to try to detect if SELinux relabelling is required. See "SELINUX RELABELLING" below
for more details.
-v
--verbose
Enable verbose messages for debugging.
-V
--version
Display version number and exit.
-x Enable tracing of libguestfs API calls.
--firstboot SCRIPT (see "firstboot" below)
Run script(s) once next time the guest boots. You can supply the --firstboot option as many times as
needed.
--hostname HOSTNAME (see "hostname" below)
Change the hostname. If not given, defaults to "localhost.localdomain".
--password USERNAME:SELECTOR (see "password" below)
Set a user password. The user must exist already (this option does not create users).
The --password option takes "USERNAME:SELECTOR". The --root-password option takes just the
"SELECTOR". The format of the "SELECTOR" is described below:
--password USERNAME:file:FILENAME
--root-password file:FILENAME
Read the password from "FILENAME". The whole first line of this file is the replacement
password. Any other lines are ignored. You should create the file with mode 0600 to ensure no
one else can read it.
--password USERNAME:password:PASSWORD
--root-password password:PASSWORD
Set the password to the literal string "PASSWORD".
Note: this is not secure since any user on the same machine can see the cleartext password using
ps(1).
--password-crypto md5|sha256|sha512 (see "password" below)
Set the password encryption to "md5", "sha256" or "sha512".
"sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside the guest).
"md5" will work with relatively old Linux guests (eg. RHEL 3), but is not secure against modern
attacks.
The default is "sha512" unless libguestfs detects an old guest that didn't have support for SHA-512,
in which case it will use "md5". You can override libguestfs by specifying this option.
--root-password SELECTOR (see "password" below)
Set the root password. See --password above for the format of "SELECTOR".
--script SCRIPT (see "script" below)
Run the named "SCRIPT" (a shell script or program) against the guest. The script can be any program
on the host. The script's current directory will be the guest's root directory.
Note: If the script is not on the $PATH, then you must give the full absolute path to the script.
--scriptdir SCRIPTDIR (see "script" below)
The mount point (an empty directory on the host) used when the "script" operation is enabled and one
or more scripts are specified using --script parameter(s).
Note: "SCRIPTDIR" must be an absolute path.
If --scriptdir is not specified then a temporary mountpoint will be created.
OPERATIONS
If the --enable option is not given, then most sysprep operations are enabled.
Use "virt-sysprep --list-operations" to list all operations for your virt-sysprep binary. The ones which
are enabled by default are marked with a "*" character. Regardless of the --enable option, sysprep
operations are skipped for some guest types.
Operations can be individually enabled using the --enable option. Use a comma-separated list, for
example:
virt-sysprep --enable=ssh-hostkeys,udev-persistent-net [etc..]
Future versions of virt-sysprep may add more operations. If you are using virt-sysprep and want
predictable behaviour, specify only the operations that you want to have enabled.
"*" = enabled by default when no --enable option is given.
abrt-data *
Remove the crash data generated by ABRT.
Remove the automatically generated ABRT crash data in "/var/spool/abrt/".
bash-history *
Remove the bash history in the guest.
Remove the bash history of user "root" and any other users who have a ".bash_history" file in their home
directory.
Notes on bash-history
Currently this only looks in "/root" and "/home/*" for home directories, so users with home directories
in other locations won't have the bash history removed.
blkid-tab *
Remove blkid tab in the guest.
ca-certificates
Remove CA certificates in the guest.
crash-data *
Remove the crash data generated by kexec-tools.
Remove the automatically generated kdump kernel crash data.
cron-spool *
Remove user at-jobs and cron-jobs.
dhcp-client-state *
Remove DHCP client leases.
dhcp-server-state *
Remove DHCP server leases.
dovecot-data *
Remove Dovecot (mail server) data.
firewall-rules
Remove the firewall rules.
This removes custom firewall rules by removing "/etc/sysconfig/iptables" or custom firewalld
configuration in "/etc/firewalld/*/*".
Note this is not enabled by default since it may expose guests to exploits. Use with care.
firstboot *
Add scripts to run once at next boot.
Supply one of more shell scripts (using the --firstboot option).
These are run the first time the guest boots, and then are deleted. So these are useful for performing
last minute configuration that must run in the context of the guest operating system, for example "yum
update".
Output or errors from the scripts are written to "~root/virt-sysprep-firstboot.log" (in the guest).
Notes on firstboot
Currently this is only implemented for Linux guests using either SysVinit-style scripts, Upstart or
systemd.
flag-reconfiguration
Flag the system for reconfiguration.
Note that this may require user intervention when the guest is booted.
fs-uuids
Change filesystem UUIDs.
On guests and filesystem types where this is supported, new random UUIDs are generated and assigned to
filesystems.
Notes on fs-uuids
The fs-uuids operation is disabled by default because it does not yet find and update all the places in
the guest that use the UUIDs. For example "/etc/fstab" or the bootloader. Enabling this operation is
more likely than not to make your guest unbootable.
See: https://bugzilla.redhat.com/show_bug.cgi?id=991641
hostname *
Change the hostname of the guest.
This operation changes the hostname of the guest to the value given in the --hostname parameter.
If the --hostname parameter is not given, then the hostname is changed to "localhost.localdomain".
Notes on hostname
Currently this can only set the hostname on Linux guests.
kerberos-data
Remove Kerberos data in the guest.
logfiles *
Remove many log files from the guest.
On Linux the following files are removed:
/root/anaconda-ks.cfg
/root/install.log
/root/install.log.syslog
/var/cache/fontconfig/*
/var/cache/gdm/*
/var/cache/man/*
/var/lib/AccountService/users/*
/var/lib/fprint/*
/var/lib/logrotate.status
/var/log/*.log*
/var/log/BackupPC/LOG
/var/log/apache2/*_log
/var/log/apache2/*_log-*
/var/log/audit/*
/var/log/btmp*
/var/log/ceph/*.log
/var/log/chrony/*.log
/var/log/cron*
/var/log/cups/*_log
/var/log/dmesg*
/var/log/gdm/*
/var/log/glusterfs/*glusterd.vol.log
/var/log/glusterfs/glusterfs.log
/var/log/httpd/*log
/var/log/jetty/jetty-console.log
/var/log/lastlog*
/var/log/libvirt/libvirtd.log
/var/log/libvirt/lxc/*.log
/var/log/libvirt/qemu/*.log
/var/log/libvirt/uml/*.log
/var/log/mail/*
/var/log/maillog*
/var/log/messages*
/var/log/ntp
/var/log/ntpstats/*
/var/log/ppp/connect-errors
/var/log/sa/*
/var/log/secure*
/var/log/setroubleshoot/*.log
/var/log/spooler*
/var/log/squid/*.log
/var/log/tallylog*
/var/log/wtmp*
/var/named/data/named.run
lvm-uuids *
Change LVM2 PV and VG UUIDs.
On Linux guests that have LVM2 physical volumes (PVs) or volume groups (VGs), new random UUIDs are
generated and assigned to those PVs and VGs.
machine-id *
Remove the local machine ID.
The machine ID is usually generated from a random source during system installation and stays constant
for all subsequent boots. Optionally, for stateless systems it is generated during runtime at boot if it
is found to be empty.
mail-spool *
Remove email from the local mail spool directory.
net-hostname *
Remove HOSTNAME in network interface configuration.
For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*" files.
net-hwaddr *
Remove HWADDR (hard-coded MAC address) configuration.
For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*" files.
pacct-log *
Remove the process accounting log files.
The system wide process accounting will store to the pacct log files if the process accounting is on.
package-manager-cache *
Remove package manager cache.
pam-data *
Remove the PAM data in the guest.
password *
Set root or user password.
Set root or another user's password.
Use the --root-password option to specify a replacement root password for the guest. You can only use
this option once.
Use the --password option to specify replacement user password(s). You can use this option as many times
as you want.
Use --password-crypto to change the password encryption used.
See "OPTIONS" above for details of these options.
This operation is enabled by default, but it only does something if there is at least one --root-password
or --password argument given.
Notes on password
Currently this only works for glibc-based Linux guests that use shadow passwords.
puppet-data-log *
Remove the data and log files of puppet.
random-seed *
Generate random seed for guest.
Write some random bytes from the host into the random seed file of the guest.
See "RANDOM SEED" below.
rhn-systemid *
Remove the RHN system ID.
rpm-db *
Remove host-specific RPM database files.
Remove host-specific RPM database files and locks. RPM will recreate these files automatically if
needed.
samba-db-log *
Remove the database and log files of Samba.
script *
Run arbitrary scripts against the guest.
The "script" module lets you run arbitrary shell scripts or programs against the guest.
Note this feature requires FUSE support. You may have to enable this in your host, for example by adding
the current user to the "fuse" group, or by loading a kernel module.
Use one or more --script parameters to specify scripts or programs that will be run against the guest.
The script or program is run with its current directory being the guest's root directory, so relative
paths should be used. For example: "rm etc/resolv.conf" in the script would remove a Linux guest's DNS
configuration file, but "rm /etc/resolv.conf" would (try to) remove the host's file.
Normally a temporary mount point for the guest is used, but you can choose a specific one by using the
--scriptdir parameter.
Note: This is different from --firstboot scripts (which run in the context of the guest when it is
booting first time). --script scripts run on the host, not in the guest.
smolt-uuid *
Remove the Smolt hardware UUID.
ssh-hostkeys *
Remove the SSH host keys in the guest.
The SSH host keys are regenerated (differently) next time the guest is booted.
If, after cloning, the guest gets the same IP address, ssh will give you a stark warning about the host
key changing:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ssh-userdir *
Remove ".ssh" directories in the guest.
Remove the ".ssh" directory of user "root" and any other users who have a ".ssh" directory in their home
directory.
Notes on ssh-userdir
Currently this only looks in "/root" and "/home/*" for home directories, so users with home directories
in other locations won't have the ssh files removed.
sssd-db-log *
Remove the database and log files of sssd.
tmp-files *
Remove temporary files.
This removes temporary files under "/tmp" and "/var/tmp".
udev-persistent-net *
Remove udev persistent net rules.
Remove udev persistent net rules which map the guest's existing MAC address to a fixed ethernet device
(eg. eth0).
After a guest is cloned, the MAC address usually changes. Since the old MAC address occupies the old
name (eg. eth0), this means the fresh MAC address is assigned to a new name (eg. eth1) and this is
usually undesirable. Erasing the udev persistent net rules avoids this.
user-account
Remove the user accounts in the guest.
Remove all the user accounts and their home directories. The "root" account is not removed.
Notes on user-account
Currently this does not remove the user accounts from "/etc/shadow". This is because there is no lens
for the shadow password file in Augeas.
utmp *
Remove the utmp file.
This file records who is currently logged in on a machine. In modern Linux distros it is stored in a
ramdisk and hence not part of the virtual machine's disk, but it was stored on disk in older distros.
yum-uuid *
Remove the yum UUID.
Yum creates a fresh UUID the next time it runs when it notices that the original UUID has been erased.
COPYING AND CLONING
Virt-sysprep can be used as part of a process of cloning guests, or to prepare a template from which
guests can be cloned. There are many different ways to achieve this using the virt tools, and this
section is just an introduction.
A virtual machine (when switched off) consists of two parts:
configuration
The configuration or description of the guest. eg. The libvirt XML (see "virsh dumpxml"), the
running configuration of the guest, or another external format like OVF.
Some configuration items that might need to be changed:
• name
• UUID
• path to block device(s)
• network card MAC address
block device(s)
One or more hard disk images, themselves containing files, directories, applications, kernels,
configuration, etc.
Some things inside the block devices that might need to be changed:
• hostname and other net configuration
• UUID
• SSH host keys
• Windows unique security ID (SID)
• Puppet registration
COPYING THE BLOCK DEVICE
Starting with an original guest, you probably wish to copy the guest block device and its configuration
to make a template. Then once you are happy with the template, you will want to make many clones from
it.
virt-sysprep
|
v
original guest --------> template ---------->
\------> cloned
\-----> guests
\---->
You can, of course, just copy the block device on the host using cp(1) or dd(1).
dd dd
original guest --------> template ---------->
\------> cloned
\-----> guests
\---->
There are some smarter (and faster) ways too:
snapshot
template ---------->
\------> cloned
\-----> guests
\---->
You may want to run virt-sysprep twice, once to reset the guest (to make a template) and a second time to
customize the guest for a specific user:
virt-sysprep virt-sysprep
(reset) (add user, keys, logos)
| |
dd v dd v
original guest ----> template ---------> copied ------> custom
template guest
• Create a snapshot using qemu-img:
qemu-img create -f qcow2 -o backing_file=original snapshot.qcow
The advantage is that you don't need to copy the original (very fast) and only changes are stored
(less storage required).
Note that writing to the backing file once you have created guests on top of it is not possible: you
will corrupt the guests.
• Create a snapshot using "lvcreate --snapshot".
• Other ways to create snapshots include using filesystems-level tools (for filesystems such as btrfs).
Most Network Attached Storage (NAS) devices can also create cheap snapshots from files or LUNs.
• Get your NAS to duplicate the LUN. Most NAS devices can also duplicate LUNs very cheaply (they copy
them on-demand in the background).
• Prepare your template using virt-sparsify(1). See below.
VIRT-CLONE
A separate tool, virt-clone(1), can be used to duplicate the block device and/or modify the external
libvirt configuration of a guest. It will reset the name, UUID and MAC address of the guest in the
libvirt XML.
virt-clone(1) does not use libguestfs and cannot look inside the disk image. This was the original
motivation to write virt-sysprep.
SPARSIFY
virt-sparsify
original guest --------> template
virt-sparsify(1) can be used to make the cloning template smaller, making it easier to compress and/or
faster to copy.
Notice that since virt-sparsify also copies the image, you can use it to make the initial copy (instead
of "dd").
RESIZE
virt-resize
template ---------->
\------> cloned
\-----> guests
\---->
If you want to give people cloned guests, but let them pick the size of the guest themselves (eg.
depending on how much they are prepared to pay for disk space), then instead of copying the template, you
can run virt-resize(1). Virt-resize performs a copy and resize, and thus is ideal for cloning guests
from a template.
FIRSTBOOT VS SCRIPT
The two options --firstboot and --script both supply shell scripts that are run against the guest.
However these two options are significantly different.
--firstboot script uploads the file "script" into the guest and arranges that it will run, in the guest,
when the guest is next booted. (The script will only run once, at the "first boot").
--script script runs the shell "script" on the host, with its current directory inside the guest
filesystem.
If you needed, for example, to "yum install" new packages, then you must not use --script for this, since
that would (a) run the "yum" command on the host and (b) wouldn't have access to the same resources
(repositories, keys, etc.) as the guest. Any command that needs to run on the guest must be run via
--firstboot.
On the other hand if you need to make adjustments to the guest filesystem (eg. copying in files), then
--script is ideal since (a) it has access to the host filesystem and (b) you will get immediate feedback
on errors.
Either or both options can be used multiple times on the command line.
SECURITY
Although virt-sysprep removes some sensitive information from the guest, it does not pretend to remove
all of it. You should examine the "OPERATIONS" above and the guest afterwards.
Sensitive files are simply removed. The data they contained may still exist on the disk, easily
recovered with a hex editor or undelete tool. Use virt-sparsify(1) as one way to remove this content.
See also the scrub(1) command to get rid of deleted content in directory entries and inodes.
RANDOM SEED
(This section applies to Linux guests only)
The virt-sysprep "random-seed" operation writes a few bytes of randomness from the host into the guest's
random seed file.
If this is just done once and the guest is cloned from the same template, then each guest will start with
the same entropy, and things like SSH host keys and TCP sequence numbers may be predictable.
Therefore you should arrange to add more randomness after cloning from a template too, which can be done
by just enabling the "random-seed" operation:
cp template.img newguest.img
virt-sysprep --enable random-seed -a newguest.img
SELINUX RELABELLING
(This section applies to Linux guests using SELinux only)
If any new files are created by virt-sysprep, then virt-sysprep touches "/.autorelabel" so that these
will be correctly labelled by SELinux the next time the guest is booted. This process interrupts boot
and can take some time.
You can force relabelling for all guests by supplying the --selinux-relabel option.
You can disable relabelling entirely by supplying the --no-selinux-relabel option.
WINDOWS 8
Windows 8 "fast startup" can prevent virt-sysprep from working. See "WINDOWS HIBERNATION AND WINDOWS 8
FAST STARTUP" in guestfs(3).
SHELL QUOTING
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as "#"
and space. You may need to quote or escape these characters on the command line. See the shell manual
page sh(1) for details.
EXIT STATUS
This program returns 0 on success, or 1 if there was an error.
SEE ALSO
guestfs(3), guestfish(1), virt-clone(1), virt-rescue(1), virt-resize(1), virt-sparsify(1), virsh(1),
lvcreate(8), qemu-img(1), scrub(1), http://libguestfs.org/, http://libvirt.org/.
AUTHORS
Richard W.M. Jones http://people.redhat.com/~rjones/
Wanlong Gao, Fujitsu Ltd.
COPYRIGHT
Copyright (C) 2011-2014 Red Hat Inc.
Copyright (C) 2012 Fujitsu Ltd.
LICENSE
This program is free software; you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write
to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
BUGS
To get a list of bugs against libguestfs, use this link:
https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
To report a new bug against libguestfs, use this link:
https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
When reporting a bug, please supply:
• The version of libguestfs.
• Where you got libguestfs (eg. which Linux distro, compiled from source, etc)
• Describe the bug accurately and give a way to reproduce it.
• Run libguestfs-test-tool(1) and paste the complete, unedited output into the bug report.
libguestfs-1.24.5 2015-10-14 virt-sysprep(1)