How to reset a KVM clone virtual Machines with virt-sysprep on Linux

ADVERTISEMENTS



Syntax to reset a KVM clone virtual Machines with virt-sysprep command

I know how to clone a KVM VM . Once cloned I would like to reset cloned VM. How do I reset, unconfigure or customize a virtual machine so clones can be made? How can I reset a KVM clone virtual Machines with virt-sysprep command on a Linux server based hypervisor?: You need to use the virt-sysprep command to reset a virtual machine. You can remove ssh-keys, hostname, network mac configuration, user accounts and more. You can enable or disable specific features. This page shows how to use the virt-clone and virt-sysprep commands together to clone a KVM VM on a Linux based server.

The syntax is:

virt-sysprep -d kvmDomain

virt-sysprep -d kvmDomainHere options

A list of sysprep operations to perform on a KVM VM to reset it

abrt-data Remove the crash data generated by ABRT backup-files Remove editor backup files from the guest bash-history Remove the bash history in the guest blkid-tab Remove blkid tab in the guest ca-certificates Remove CA certificates in the guest crash-data Remove the crash data generated by kexec-tools cron-spool Remove user at-jobs and cron-jobs customize Customize the guest dhcp-client-state Remove DHCP client leases dhcp-server-state Remove DHCP server leases dovecot-data Remove Dovecot (mail server) data firewall-rules Remove the firewall rules flag-reconfiguration Flag the system for reconfiguration fs-uuids Change filesystem UUIDs kerberos-data Remove Kerberos data in the guest logfiles Remove many log files from the guest lvm-uuids Change LVM2 PV and VG UUIDs machine-id Remove the local machine ID mail-spool Remove email from the local mail spool directory net-hostname Remove HOSTNAME and DHCP_HOSTNAME in network interface configuration net-hwaddr Remove HWADDR (hard-coded MAC address) configuration pacct-log Remove the process accounting log files package-manager-cache Remove package manager cache pam-data Remove the PAM data in the guest passwd-backups Remove /etc/passwd- and similar backup files puppet-data-log Remove the data and log files of puppet rh-subscription-manager Remove the RH subscription manager files rhn-systemid Remove the RHN system ID rpm-db Remove host-specific RPM database files samba-db-log Remove the database and log files of Samba script Run arbitrary scripts against the guest smolt-uuid Remove the Smolt hardware UUID ssh-hostkeys Remove the SSH host keys in the guest ssh-userdir Remove “.ssh” directories in the guest sssd-db-log Remove the database and log files of sssd tmp-files Remove temporary files udev-persistent-net Remove udev persistent net rules user-account Remove the user accounts in the guest utmp Remove the utmp file yum-uuid Remove the yum UUID

You can choose which sysprep operations to perform. Give a comma-separated list of operations, for example:

virt-sysprep -d {vmDomainHere} --enable ssh-hostkeys,udev-persistent-net

Step 1. Clone your VM and spawn new instances in KVM

First use the virsh list command to get a list of all running VM domains/guest:

virsh list

Sample outputs:

1 openbsd62 running 2 freebsd11-nixcraft running 3 fedora28-nixcraft running 4 rhel7 running 5 centos7-nixcraft running 6 sles12sp3 running 16 bionic running

First suspend the KVM, run:

virsh suspend bionic

Domain bionic suspended

To clone vm named ‘bionic’ as testvm using the virt-clone command, run:

virt-clone --original bionic --name testvm --auto-clone



You can specify disk file instead of --auto-clone option:

# virt-clone --original bionicVM --name testVM02 --file /var/lib/libvirt/images/testvm02-disk01.qcow2

You may resume bionic VM, run:

virsh resume bionic

Domain bionic resumed

Step 2. Use virt-sysprep command

Simply run as follows to reset everything:

virt-sysprep -d testvm



You can setup the hostname of the guest and force to keep the user account named vivek in the guest:

virt-sysprep -d testvm --hostname testvm --enable user-account --keep-user-accounts vivek

You can create a new Linux user account called tom and force password change on first login as follows:

virt-sysprep -d testvm --firstboot-command 'useradd -s /bin/bash -m -G sudo tom; chage -d 0 tom'

You can set root user account password too:

virt-sysprep -d testvm --root-password password:MySuperSecureRootPasswordHere

Or combine all of them:

virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --root-password password:MySuperSecureRootPasswordHere

How to skip certain guest VM reset features

You can enable specific operations with --enable . For example, enable all options except resetting fs-uuids ( Change filesystem UUIDs), lvm-uuids ( Change LVM2 PV and VG UUIDs), and ssh-userdir ( Remove “.ssh” directories in the guest):

w =$ ( virt-sysprep --list-operations | egrep -v 'fs-uuids|lvm-uuids|ssh-userdir' | awk '{ printf "%s,", $1}' | sed 's/,$//' ) echo " $w " w=$(virt-sysprep --list-operations | egrep -v 'fs-uuids|lvm-uuids|ssh-userdir' | awk '{ printf "%s,", $1}' | sed 's/,$//') echo "$w"

Now run it as follows:

virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w

Another example:

virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w --firstboot-command 'dpkg-reconfigure openssh-server'

virt-sysprep command list options

-a, --add <file> Add disk image file --append-line <FILE:LINE> Append line ( s ) to the file -c, --connect <uri> Set libvirt URI --chmod <PERMISSIONS:FILE> Change the permissions of a file --color, --colors, --colour, --colours Use ANSI colour sequences even if not tty --commands-from-file <FILENAME> Read customize commands from file --copy <SOURCE:DEST> Copy files in disk image --copy-in <LOCALPATH:REMOTEDIR> Copy local files or directories into image -d, --domain <domain> Set libvirt guest name --delete <PATH> Delete a file or directory -n, --dryrun, --dry-run Perform a dry run --echo-keys Don't turn off echo for passphrases --edit <FILE:EXPR> Edit file using Perl expression --enable <operations> Enable specific operations --firstboot <SCRIPT> Run script at first guest boot --firstboot-command <'CMD+ARGS'> Run command at first guest boot --firstboot-install <PKG,PKG..> Add package ( s ) to install at first boot --format <format> Set format ( default: auto ) --help Display brief help --hostname <HOSTNAME> Set the hostname --install <PKG,PKG..> Add package ( s ) to install --keep-user-accounts <users> Users to keep --keys-from-stdin Read passphrases from stdin --link <TARGET:LINK [ :LINK.. ] > Create symbolic links --list-operations List supported operations --mkdir <DIR> Create a directory --mount-options <opts> Set mount options ( eg /:noatime;/var:rw,noatime ) --move <SOURCE:DEST> Move files in disk image --network Enable appliance network --no-logfile Scrub build log file --no-network Disable appliance network ( default ) --no-selinux-relabel Compatibility option, does nothing --operation, --operations <operations> Enable/disable specific operations --password <USER:SELECTOR> Set user password --password-crypto <md5|sha256|sha512> Set password crypto -q, --quiet Don't print progress messages --remove-user-accounts <users> Users to remove --root-password <SELECTOR> Set root password --run <SCRIPT> Run script in disk image --run-command <'CMD+ARGS'> Run command in disk image --script <script> Script or program to run on guest --scriptdir <dir> Mount point on host --scrub <FILE> Scrub a file --selinux-relabel Relabel files with correct SELinux labels --sm-attach <SELECTOR> Attach to a subscription-manager pool --sm-credentials <SELECTOR> Credentials for subscription-manager --sm-register Register using subscription-manager --sm-remove Remove all the subscriptions --sm-unregister Unregister using subscription-manager --ssh-inject <USER [ :SELECTOR ] > Inject a public key into the guest --timezone <TIMEZONE> Set the default timezone --touch <FILE> Run touch on a file --truncate <FILE> Truncate a file to zero size --truncate-recursive <PATH> Recursively truncate all files in directory --uninstall <PKG,PKG..> Uninstall package ( s ) --update Update packages --upload <FILE:DEST> Upload local file to destination -V, --version Display version and exit -v, --verbose Enable libguestfs debugging messages --write <FILE:CONTENT> Write file -x Enable tracing of libguestfs calls -a, --add <file> Add disk image file --append-line <FILE:LINE> Append line(s) to the file -c, --connect <uri> Set libvirt URI --chmod <PERMISSIONS:FILE> Change the permissions of a file --color, --colors, --colour, --colours Use ANSI colour sequences even if not tty --commands-from-file <FILENAME> Read customize commands from file --copy <SOURCE:DEST> Copy files in disk image --copy-in <LOCALPATH:REMOTEDIR> Copy local files or directories into image -d, --domain <domain> Set libvirt guest name --delete <PATH> Delete a file or directory -n, --dryrun, --dry-run Perform a dry run --echo-keys Don't turn off echo for passphrases --edit <FILE:EXPR> Edit file using Perl expression --enable <operations> Enable specific operations --firstboot <SCRIPT> Run script at first guest boot --firstboot-command <'CMD+ARGS'> Run command at first guest boot --firstboot-install <PKG,PKG..> Add package(s) to install at first boot --format <format> Set format (default: auto) --help Display brief help --hostname <HOSTNAME> Set the hostname --install <PKG,PKG..> Add package(s) to install --keep-user-accounts <users> Users to keep --keys-from-stdin Read passphrases from stdin --link <TARGET:LINK[:LINK..]> Create symbolic links --list-operations List supported operations --mkdir <DIR> Create a directory --mount-options <opts> Set mount options (eg /:noatime;/var:rw,noatime) --move <SOURCE:DEST> Move files in disk image --network Enable appliance network --no-logfile Scrub build log file --no-network Disable appliance network (default) --no-selinux-relabel Compatibility option, does nothing --operation, --operations <operations> Enable/disable specific operations --password <USER:SELECTOR> Set user password --password-crypto <md5|sha256|sha512> Set password crypto -q, --quiet Don't print progress messages --remove-user-accounts <users> Users to remove --root-password <SELECTOR> Set root password --run <SCRIPT> Run script in disk image --run-command <'CMD+ARGS'> Run command in disk image --script <script> Script or program to run on guest --scriptdir <dir> Mount point on host --scrub <FILE> Scrub a file --selinux-relabel Relabel files with correct SELinux labels --sm-attach <SELECTOR> Attach to a subscription-manager pool --sm-credentials <SELECTOR> Credentials for subscription-manager --sm-register Register using subscription-manager --sm-remove Remove all the subscriptions --sm-unregister Unregister using subscription-manager --ssh-inject <USER[:SELECTOR]> Inject a public key into the guest --timezone <TIMEZONE> Set the default timezone --touch <FILE> Run touch on a file --truncate <FILE> Truncate a file to zero size --truncate-recursive <PATH> Recursively truncate all files in directory --uninstall <PKG,PKG..> Uninstall package(s) --update Update packages --upload <FILE:DEST> Upload local file to destination -V, --version Display version and exit -v, --verbose Enable libguestfs debugging messages --write <FILE:CONTENT> Write file -x Enable tracing of libguestfs calls

Step 3. Start the VM

virsh start testvm

Domain testvm started



Verify it with the following virsh command:

virsh list

Step 4. Login to the VM

Find/get the DHCP IP address of testvm using the following command along with the grep command:

virsh net-dhcp-leases default

virsh net-dhcp-leases default | grep testvm

virsh net-dhcp-leases default | grep testvm | awk '{ print $5}'

Sample outputs:

192.168.122.174/24

Use the ssh command:

ssh vivek@192.168.122.174

Conclusion

You just learned how to clone a KVM VM and reset the data. I strongly suggest that you read virt-sysprep help page here.

