1virt-sysprep(1)             Virtualization Support             virt-sysprep(1)
2
3
4

NAME

6       virt-sysprep - Reset, unconfigure or customize a virtual machine so
7       clones can be made
8

SYNOPSIS

10        virt-sysprep [--options] -d domname
11
12        virt-sysprep [--options] -a disk.img [-a disk.img ...]
13

DESCRIPTION

15       Virt-sysprep can reset or unconfigure a virtual machine so that clones
16       can be made from it.  Steps in this process include removing SSH host
17       keys, removing persistent network MAC configuration, and removing user
18       accounts.  Virt-sysprep can also customize a virtual machine, for
19       instance by adding SSH keys, users or logos.  Each step can be enabled
20       or disabled as required.
21
22       Virt-sysprep modifies the guest or disk image in place.  The guest must
23       be shut down.  If you want to preserve the existing contents of the
24       guest, you must snapshot, copy or clone the disk first.  See "COPYING
25       AND CLONING" below.
26
27       You do not need to run virt-sysprep as root.  In fact we'd generally
28       recommend that you don't.  The time you might want to run it as root is
29       when you need root in order to access the disk image, but even in this
30       case it would be better to change the permissions on the disk image to
31       be writable as the non-root user running virt-sysprep.
32
33       "Sysprep" stands for "system preparation" tool.  The name comes from
34       the Microsoft program "sysprep.exe" which is used to unconfigure
35       Windows machines in preparation for cloning them.  Having said that,
36       virt-sysprep does not currently work on Microsoft Windows guests.  We
37       plan to support Windows sysprepping in a future version, and we already
38       have code to do it.
39

OPTIONS

41       --help
42           Display brief help.
43
44       -a file
45       --add file
46           Add file which should be a disk image from a virtual machine.
47
48           The format of the disk image is auto-detected.  To override this
49           and force a particular format use the --format option.
50
51       -c URI
52       --connect URI
53           If using libvirt, connect to the given URI.  If omitted, then we
54           connect to the default libvirt hypervisor.
55
56           If you specify guest block devices directly (-a), then libvirt is
57           not used at all.
58
59       -d guest
60       --domain guest
61           Add all the disks from the named libvirt guest.  Domain UUIDs can
62           be used instead of names.
63
64       -n
65       --dry-run
66           Perform a read-only "dry run" on the guest.  This runs the sysprep
67           operation, but throws away any changes to the disk at the end.
68
69       --enable operations
70           Choose which sysprep operations to perform.  Give a comma-separated
71           list of operations, for example:
72
73            --enable ssh-hostkeys,udev-persistent-net
74
75           would enable ONLY "ssh-hostkeys" and "udev-persistent-net"
76           operations.
77
78           If the --enable option is not given, then we default to trying most
79           sysprep operations (see --list-operations to show which are
80           enabled).
81
82           Regardless of the --enable option, sysprep operations are skipped
83           for some guest types.
84
85           Use --list-operations to list operations supported by a particular
86           version of virt-sysprep.
87
88           See "OPERATIONS" below for a list and an explanation of each
89           operation.
90
91       --format raw|qcow2|..
92       --format auto
93           The default for the -a option is to auto-detect the format of the
94           disk image.  Using this forces the disk format for -a options which
95           follow on the command line.  Using --format auto switches back to
96           auto-detection for subsequent -a options.
97
98           For example:
99
100            virt-sysprep --format raw -a disk.img
101
102           forces raw format (no auto-detection) for "disk.img".
103
104            virt-sysprep --format raw -a disk.img --format auto -a another.img
105
106           forces raw format (no auto-detection) for "disk.img" and reverts to
107           auto-detection for "another.img".
108
109           If you have untrusted raw-format guest disk images, you should use
110           this option to specify the disk format.  This avoids a possible
111           security problem with malicious guests (CVE-2010-3851).
112
113       --list-operations
114           List the operations supported by the virt-sysprep program.
115
116           These are listed one per line, with one or more single-space-
117           separated fields, eg:
118
119            $ virt-sysprep --list-operations
120            bash-history * Remove the bash history in the guest
121            cron-spool * Remove user at-jobs and cron-jobs
122            dhcp-client-state * Remove DHCP client leases
123            dhcp-server-state * Remove DHCP server leases
124            [etc]
125
126           The first field is the operation name, which can be supplied to
127           --enable.  The second field is a "*" character if the operation is
128           enabled by default or blank if not.  Subsequent fields on the same
129           line are the description of the operation.
130
131           Before libguestfs 1.17.33 only the first (operation name) field was
132           shown and all operations were enabled by default.
133
134       -q
135       --quiet
136           Don't print log messages.
137
138           To enable detailed logging of individual file operations, use -x.
139
140       --selinux-relabel
141       --no-selinux-relabel
142           --selinux-relabel forces SELinux relabelling next time the guest
143           boots.  --no-selinux-relabel disables relabelling.
144
145           The default is to try to detect if SELinux relabelling is required.
146           See "SELINUX RELABELLING" below for more details.
147
148       -v
149       --verbose
150           Enable verbose messages for debugging.
151
152       -V
153       --version
154           Display version number and exit.
155
156       -x  Enable tracing of libguestfs API calls.
157
158       --delete PATHNAME (see "delete" below)
159           Delete (recursively) the specified "PATHNAME" in the guest.
160
161       --firstboot SCRIPT (see "firstboot" below)
162           Run script(s) once next time the guest boots.  You can supply the
163           --firstboot option as many times as needed.
164
165       --hostname HOSTNAME (see "hostname" below)
166           Change the hostname.  If not given, defaults to
167           "localhost.localdomain".
168
169       --password USERNAME:SELECTOR (see "password" below)
170           Set a user password.  The user must exist already (this option does
171           not create users).
172
173           The --password option takes "USERNAME:SELECTOR".  The
174           --root-password option takes just the "SELECTOR".  The format of
175           the "SELECTOR" is described below:
176
177           --password USERNAME:file:FILENAME
178           --root-password file:FILENAME
179               Read the password from "FILENAME".  The whole first line of
180               this file is the replacement password.  Any other lines are
181               ignored.  You should create the file with mode 0600 to ensure
182               no one else can read it.
183
184           --password USERNAME:password:PASSWORD
185           --root-password password:PASSWORD
186               Set the password to the literal string "PASSWORD".
187
188               Note: this is not secure since any user on the same machine can
189               see the cleartext password using ps(1).
190
191           --password USERNAME:random
192           --root-password random
193               Choose a random password, which is printed on stdout.  The
194               password has approximately 120 bits of randomness.
195
196           --password USERNAME:disabled
197           --root-password disabled
198               The account password is disabled.  This is like putting "*" in
199               the password field.
200
201           --password USERNAME:locked:file:FILENAME
202           --password USERNAME:locked:password:PASSWORD
203           --password USERNAME:locked:random
204           --root-password locked:file:FILENAME
205           --root-password locked:password:PASSWORD
206           --root-password locked:random
207               The account is locked, but a password is placed on the account.
208               If first unlocked (using "passwd -u") then logins will use the
209               given password.
210
211           --password USERNAME:locked
212           --password USERNAME:locked:disabled
213           --root-password locked
214           --root-password locked:disabled
215               The account is locked and password is disabled.
216
217       --password-crypto md5|sha256|sha512 (see "password" below)
218           Set the password encryption to "md5", "sha256" or "sha512".
219
220           "sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside
221           the guest).
222
223           "md5" will work with relatively old Linux guests (eg. RHEL 3), but
224           is not secure against modern attacks.
225
226           The default is "sha512" unless libguestfs detects an old guest that
227           didn't have support for SHA-512, in which case it will use "md5".
228           You can override libguestfs by specifying this option.
229
230       --root-password SELECTOR (see "password" below)
231           Set the root password.  See --password above for the format of
232           "SELECTOR".
233
234       --script SCRIPT (see "script" below)
235           Run the named "SCRIPT" (a shell script or program) against the
236           guest.  The script can be any program on the host.  The script's
237           current directory will be the guest's root directory.
238
239           Note: If the script is not on the $PATH, then you must give the
240           full absolute path to the script.
241
242       --scriptdir SCRIPTDIR (see "script" below)
243           The mount point (an empty directory on the host) used when the
244           "script" operation is enabled and one or more scripts are specified
245           using --script parameter(s).
246
247           Note: "SCRIPTDIR" must be an absolute path.
248
249           If --scriptdir is not specified then a temporary mountpoint will be
250           created.
251

OPERATIONS

253       If the --enable option is not given, then most sysprep operations are
254       enabled.
255
256       Use "virt-sysprep --list-operations" to list all operations for your
257       virt-sysprep binary.  The ones which are enabled by default are marked
258       with a "*" character.  Regardless of the --enable option, sysprep
259       operations are skipped for some guest types.
260
261       Operations can be individually enabled using the --enable option.  Use
262       a comma-separated list, for example:
263
264        virt-sysprep --enable=ssh-hostkeys,udev-persistent-net [etc..]
265
266       Future versions of virt-sysprep may add more operations.  If you are
267       using virt-sysprep and want predictable behaviour, specify only the
268       operations that you want to have enabled.
269
270       "*" = enabled by default when no --enable option is given.
271
272   abrt-data *
273       Remove the crash data generated by ABRT.
274
275       Remove the automatically generated ABRT crash data in
276       "/var/spool/abrt/".
277
278   bash-history *
279       Remove the bash history in the guest.
280
281       Remove the bash history of user "root" and any other users who have a
282       ".bash_history" file in their home directory.
283
284       Notes on bash-history
285
286       Currently this only looks in "/root" and "/home/*" for home
287       directories, so users with home directories in other locations won't
288       have the bash history removed.
289
290   blkid-tab *
291       Remove blkid tab in the guest.
292
293   ca-certificates
294       Remove CA certificates in the guest.
295
296   crash-data *
297       Remove the crash data generated by kexec-tools.
298
299       Remove the automatically generated kdump kernel crash data.
300
301   cron-spool *
302       Remove user at-jobs and cron-jobs.
303
304   delete *
305       Delete specified files or directories.
306
307       Delete specified files or directories.
308
309       Use the --delete option to specify a path to remove.
310
311       You can use shell glob characters in the specified path; note that such
312       metacharacters might require proper escape.  For example:
313
314        virt-sysprep --delete '/var/log/*.log'.
315
316   dhcp-client-state *
317       Remove DHCP client leases.
318
319   dhcp-server-state *
320       Remove DHCP server leases.
321
322   dovecot-data *
323       Remove Dovecot (mail server) data.
324
325   firewall-rules
326       Remove the firewall rules.
327
328       This removes custom firewall rules by removing
329       "/etc/sysconfig/iptables" or custom firewalld configuration in
330       "/etc/firewalld/*/*".
331
332       Note this is not enabled by default since it may expose guests to
333       exploits.  Use with care.
334
335   firstboot *
336       Add scripts to run once at next boot.
337
338       Supply one of more shell scripts (using the --firstboot option).
339
340       These are run the first time the guest boots, and then are deleted.  So
341       these are useful for performing last minute configuration that must run
342       in the context of the guest operating system, for example "yum update".
343
344       Output or errors from the scripts are written to
345       "~root/virt-sysprep-firstboot.log" (in the guest).
346
347       Notes on firstboot
348
349       Currently this is only implemented for Linux guests using either
350       SysVinit-style scripts, Upstart or systemd.
351
352   flag-reconfiguration
353       Flag the system for reconfiguration.
354
355       Note that this may require user intervention when the guest is booted.
356
357   hostname *
358       Change the hostname of the guest.
359
360       This operation changes the hostname of the guest to the value given in
361       the --hostname parameter.
362
363       If the --hostname parameter is not given, then the hostname is changed
364       to "localhost.localdomain".
365
366       Notes on hostname
367
368       Currently this can only set the hostname on Linux guests.
369
370   kerberos-data
371       Remove Kerberos data in the guest.
372
373   logfiles *
374       Remove many log files from the guest.
375
376       On Linux the following files are removed:
377
378        /root/anaconda-ks.cfg
379        /root/install.log
380        /root/install.log.syslog
381        /var/cache/fontconfig/*
382        /var/cache/gdm/*
383        /var/cache/man/*
384        /var/lib/AccountService/users/*
385        /var/lib/fprint/*
386        /var/lib/logrotate.status
387        /var/log/*.log*
388        /var/log/BackupPC/LOG
389        /var/log/apache2/*_log
390        /var/log/apache2/*_log-*
391        /var/log/audit/*
392        /var/log/btmp*
393        /var/log/ceph/*.log
394        /var/log/chrony/*.log
395        /var/log/cron*
396        /var/log/cups/*_log
397        /var/log/dmesg*
398        /var/log/gdm/*
399        /var/log/glusterfs/*glusterd.vol.log
400        /var/log/glusterfs/glusterfs.log
401        /var/log/httpd/*log
402        /var/log/jetty/jetty-console.log
403        /var/log/lastlog*
404        /var/log/libvirt/libvirtd.log
405        /var/log/libvirt/lxc/*.log
406        /var/log/libvirt/qemu/*.log
407        /var/log/libvirt/uml/*.log
408        /var/log/mail/*
409        /var/log/maillog*
410        /var/log/messages*
411        /var/log/ntp
412        /var/log/ntpstats/*
413        /var/log/ppp/connect-errors
414        /var/log/sa/*
415        /var/log/secure*
416        /var/log/setroubleshoot/*.log
417        /var/log/spooler*
418        /var/log/squid/*.log
419        /var/log/tallylog*
420        /var/log/wtmp*
421        /var/named/data/named.run
422
423   lvm-uuids *
424       Change LVM2 PV and VG UUIDs.
425
426       On Linux guests that have LVM2 physical volumes (PVs) or volume groups
427       (VGs), new random UUIDs are generated and assigned to those PVs and
428       VGs.
429
430   machine-id *
431       Remove the local machine ID.
432
433       The machine ID is usually generated from a random source during system
434       installation and stays constant for all subsequent boots.  Optionally,
435       for stateless systems it is generated during runtime at boot if it is
436       found to be empty.
437
438   mail-spool *
439       Remove email from the local mail spool directory.
440
441   net-hostname *
442       Remove HOSTNAME in network interface configuration.
443
444       For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*"
445       files.
446
447   net-hwaddr *
448       Remove HWADDR (hard-coded MAC address) configuration.
449
450       For Fedora and Red Hat Enterprise Linux, this is removed from "ifcfg-*"
451       files.
452
453   pacct-log *
454       Remove the process accounting log files.
455
456       The system wide process accounting will store to the pacct log files if
457       the process accounting is on.
458
459   package-manager-cache *
460       Remove package manager cache.
461
462   pam-data *
463       Remove the PAM data in the guest.
464
465   password *
466       Set root or user password.
467
468       Set root or another user's password.
469
470       Use the --root-password option to specify a replacement root password
471       for the guest.  You can only use this option once.
472
473       Use the --password option to specify replacement user password(s).  You
474       can use this option as many times as you want.
475
476       Use --password-crypto to change the password encryption used.
477
478       See "OPTIONS" above for details of these options.
479
480       This operation is enabled by default, but it only does something if
481       there is at least one --root-password or --password argument given.
482
483       Notes on password
484
485       Currently this only works for glibc-based Linux guests that use shadow
486       passwords.
487
488   puppet-data-log *
489       Remove the data and log files of puppet.
490
491   random-seed *
492       Generate random seed for guest.
493
494       Write some random bytes from the host into the random seed file of the
495       guest.
496
497       See "RANDOM SEED" below.
498
499   rhn-systemid *
500       Remove the RHN system ID.
501
502   rpm-db *
503       Remove host-specific RPM database files.
504
505       Remove host-specific RPM database files and locks.  RPM will recreate
506       these files automatically if needed.
507
508   samba-db-log *
509       Remove the database and log files of Samba.
510
511   script *
512       Run arbitrary scripts against the guest.
513
514       The "script" module lets you run arbitrary shell scripts or programs
515       against the guest.
516
517       Note this feature requires FUSE support.  You may have to enable this
518       in your host, for example by adding the current user to the "fuse"
519       group, or by loading a kernel module.
520
521       Use one or more --script parameters to specify scripts or programs that
522       will be run against the guest.
523
524       The script or program is run with its current directory being the
525       guest's root directory, so relative paths should be used.  For example:
526       "rm etc/resolv.conf" in the script would remove a Linux guest's DNS
527       configuration file, but "rm /etc/resolv.conf" would (try to) remove the
528       host's file.
529
530       Normally a temporary mount point for the guest is used, but you can
531       choose a specific one by using the --scriptdir parameter.
532
533       Note: This is different from --firstboot scripts (which run in the
534       context of the guest when it is booting first time).  --script scripts
535       run on the host, not in the guest.
536
537   smolt-uuid *
538       Remove the Smolt hardware UUID.
539
540   ssh-hostkeys *
541       Remove the SSH host keys in the guest.
542
543       The SSH host keys are regenerated (differently) next time the guest is
544       booted.
545
546       If, after cloning, the guest gets the same IP address, ssh will give
547       you a stark warning about the host key changing:
548
549        @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
550        @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
551        @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
552        IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
553
554   ssh-userdir *
555       Remove ".ssh" directories in the guest.
556
557       Remove the ".ssh" directory of user "root" and any other users who have
558       a ".ssh" directory in their home directory.
559
560       Notes on ssh-userdir
561
562       Currently this only looks in "/root" and "/home/*" for home
563       directories, so users with home directories in other locations won't
564       have the ssh files removed.
565
566   sssd-db-log *
567       Remove the database and log files of sssd.
568
569   tmp-files *
570       Remove temporary files.
571
572       This removes temporary files under "/tmp" and "/var/tmp".
573
574   udev-persistent-net *
575       Remove udev persistent net rules.
576
577       Remove udev persistent net rules which map the guest's existing MAC
578       address to a fixed ethernet device (eg. eth0).
579
580       After a guest is cloned, the MAC address usually changes.  Since the
581       old MAC address occupies the old name (eg. eth0), this means the fresh
582       MAC address is assigned to a new name (eg. eth1) and this is usually
583       undesirable.  Erasing the udev persistent net rules avoids this.
584
585   user-account
586       Remove the user accounts in the guest.
587
588       Remove all the user accounts and their home directories.  The "root"
589       account is not removed.
590
591   utmp *
592       Remove the utmp file.
593
594       This file records who is currently logged in on a machine.  In modern
595       Linux distros it is stored in a ramdisk and hence not part of the
596       virtual machine's disk, but it was stored on disk in older distros.
597
598   yum-uuid *
599       Remove the yum UUID.
600
601       Yum creates a fresh UUID the next time it runs when it notices that the
602       original UUID has been erased.
603

COPYING AND CLONING

605       Virt-sysprep can be used as part of a process of cloning guests, or to
606       prepare a template from which guests can be cloned.  There are many
607       different ways to achieve this using the virt tools, and this section
608       is just an introduction.
609
610       A virtual machine (when switched off) consists of two parts:
611
612       configuration
613           The configuration or description of the guest.  eg. The libvirt XML
614           (see "virsh dumpxml"), the running configuration of the guest, or
615           another external format like OVF.
616
617           Some configuration items that might need to be changed:
618
619           ·   name
620
621           ·   UUID
622
623           ·   path to block device(s)
624
625           ·   network card MAC address
626
627       block device(s)
628           One or more hard disk images, themselves containing files,
629           directories, applications, kernels, configuration, etc.
630
631           Some things inside the block devices that might need to be changed:
632
633           ·   hostname and other net configuration
634
635           ·   UUID
636
637           ·   SSH host keys
638
639           ·   Windows unique security ID (SID)
640
641           ·   Puppet registration
642
643   COPYING THE BLOCK DEVICE
644       Starting with an original guest, you probably wish to copy the guest
645       block device and its configuration to make a template.  Then once you
646       are happy with the template, you will want to make many clones from it.
647
648                               virt-sysprep
649                                    |
650                                    v
651        original guest --------> template ---------->
652                                             \------> cloned
653                                              \-----> guests
654                                               \---->
655
656       You can, of course, just copy the block device on the host using cp(1)
657       or dd(1).
658
659                          dd                 dd
660        original guest --------> template ---------->
661                                             \------> cloned
662                                              \-----> guests
663                                               \---->
664
665       There are some smarter (and faster) ways too:
666
667                                 snapshot
668                       template ---------->
669                                   \------> cloned
670                                    \-----> guests
671                                     \---->
672
673       You may want to run virt-sysprep twice, once to reset the guest (to
674       make a template) and a second time to customize the guest for a
675       specific user:
676
677                           virt-sysprep        virt-sysprep
678                             (reset)      (add user, keys, logos)
679                                |                   |
680                        dd      v          dd       v
681        original guest ----> template ---------> copied ------> custom
682                                                 template       guest
683
684       ·   Create a snapshot using qemu-img:
685
686            qemu-img create -f qcow2 -o backing_file=original snapshot.qcow
687
688           The advantage is that you don't need to copy the original (very
689           fast) and only changes are stored (less storage required).
690
691           Note that writing to the backing file once you have created guests
692           on top of it is not possible: you will corrupt the guests.
693
694       ·   Create a snapshot using "lvcreate --snapshot".
695
696       ·   Other ways to create snapshots include using filesystems-level
697           tools (for filesystems such as btrfs).
698
699           Most Network Attached Storage (NAS) devices can also create cheap
700           snapshots from files or LUNs.
701
702       ·   Get your NAS to duplicate the LUN.  Most NAS devices can also
703           duplicate LUNs very cheaply (they copy them on-demand in the
704           background).
705
706       ·   Prepare your template using virt-sparsify(1).  See below.
707
708   VIRT-CLONE
709       A separate tool, virt-clone(1), can be used to duplicate the block
710       device and/or modify the external libvirt configuration of a guest.  It
711       will reset the name, UUID and MAC address of the guest in the libvirt
712       XML.
713
714       virt-clone(1) does not use libguestfs and cannot look inside the disk
715       image.  This was the original motivation to write virt-sysprep.
716
717   SPARSIFY
718                     virt-sparsify
719        original guest --------> template
720
721       virt-sparsify(1) can be used to make the cloning template smaller,
722       making it easier to compress and/or faster to copy.
723
724       Notice that since virt-sparsify also copies the image, you can use it
725       to make the initial copy (instead of "dd").
726
727   RESIZE
728                                virt-resize
729                       template ---------->
730                                   \------> cloned
731                                    \-----> guests
732                                     \---->
733
734       If you want to give people cloned guests, but let them pick the size of
735       the guest themselves (eg. depending on how much they are prepared to
736       pay for disk space), then instead of copying the template, you can run
737       virt-resize(1).  Virt-resize performs a copy and resize, and thus is
738       ideal for cloning guests from a template.
739

FIRSTBOOT VS SCRIPT

741       The two options --firstboot and --script both supply shell scripts that
742       are run against the guest.  However these two options are significantly
743       different.
744
745       --firstboot script uploads the file "script" into the guest and
746       arranges that it will run, in the guest, when the guest is next booted.
747       (The script will only run once, at the "first boot").
748
749       --script script runs the shell "script" on the host, with its current
750       directory inside the guest filesystem.
751
752       If you needed, for example, to "yum install" new packages, then you
753       must not use --script for this, since that would (a) run the "yum"
754       command on the host and (b) wouldn't have access to the same resources
755       (repositories, keys, etc.) as the guest.  Any command that needs to run
756       on the guest must be run via --firstboot.
757
758       On the other hand if you need to make adjustments to the guest
759       filesystem (eg. copying in files), then --script is ideal since (a) it
760       has access to the host filesystem and (b) you will get immediate
761       feedback on errors.
762
763       Either or both options can be used multiple times on the command line.
764

SECURITY

766       Although virt-sysprep removes some sensitive information from the
767       guest, it does not pretend to remove all of it.  You should examine the
768       "OPERATIONS" above and the guest afterwards.
769
770       Sensitive files are simply removed.  The data they contained may still
771       exist on the disk, easily recovered with a hex editor or undelete tool.
772       Use virt-sparsify(1) as one way to remove this content.  See also the
773       scrub(1) command to get rid of deleted content in directory entries and
774       inodes.
775
776   RANDOM SEED
777       (This section applies to Linux guests only)
778
779       The virt-sysprep "random-seed" operation writes a few bytes of
780       randomness from the host into the guest's random seed file.
781
782       If this is just done once and the guest is cloned from the same
783       template, then each guest will start with the same entropy, and things
784       like SSH host keys and TCP sequence numbers may be predictable.
785
786       Therefore you should arrange to add more randomness after cloning from
787       a template too, which can be done by just enabling the "random-seed"
788       operation:
789
790        cp template.img newguest.img
791        virt-sysprep --enable random-seed -a newguest.img
792
793   SELINUX RELABELLING
794       (This section applies to Linux guests using SELinux only)
795
796       If any new files are created by virt-sysprep, then virt-sysprep touches
797       "/.autorelabel" so that these will be correctly labelled by SELinux the
798       next time the guest is booted.  This process interrupts boot and can
799       take some time.
800
801       You can force relabelling for all guests by supplying the
802       --selinux-relabel option.
803
804       You can disable relabelling entirely by supplying the
805       --no-selinux-relabel option.
806
807       Please note that if your guest uses SELinux, and you are doing
808       operations on it which might create new files or change existing ones,
809       you are recommended to use --selinux-relabel.  This will help in making
810       sure that files have the right SELinux labels.
811

WINDOWS 8

813       Windows 8 "fast startup" can prevent virt-sysprep from working.  See
814       "WINDOWS HIBERNATION AND WINDOWS 8 FAST STARTUP" in guestfs(3).
815

SHELL QUOTING

817       Libvirt guest names can contain arbitrary characters, some of which
818       have meaning to the shell such as "#" and space.  You may need to quote
819       or escape these characters on the command line.  See the shell manual
820       page sh(1) for details.
821

EXIT STATUS

823       This program returns 0 on success, or 1 if there was an error.
824

SEE ALSO

826       guestfs(3), guestfish(1), virt-clone(1), virt-rescue(1),
827       virt-resize(1), virt-sparsify(1), virsh(1), lvcreate(8), qemu-img(1),
828       scrub(1), http://libguestfs.org/, http://libvirt.org/.
829

AUTHORS

831       Richard W.M. Jones http://people.redhat.com/~rjones/
832
833       Wanlong Gao, Fujitsu Ltd.
834
836       Copyright (C) 2011-2012 Red Hat Inc.
837
838       Copyright (C) 2012 Fujitsu Ltd.
839

LICENSE

841       This program is free software; you can redistribute it and/or modify it
842       under the terms of the GNU General Public License as published by the
843       Free Software Foundation; either version 2 of the License, or (at your
844       option) any later version.
845
846       This program is distributed in the hope that it will be useful, but
847       WITHOUT ANY WARRANTY; without even the implied warranty of
848       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
849       General Public License for more details.
850
851       You should have received a copy of the GNU General Public License along
852       with this program; if not, write to the Free Software Foundation, Inc.,
853       51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
854

BUGS

856       To get a list of bugs against libguestfs, use this link:
857       https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
858
859       To report a new bug against libguestfs, use this link:
860       https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
861
862       When reporting a bug, please supply:
863
864       ·   The version of libguestfs.
865
866       ·   Where you got libguestfs (eg. which Linux distro, compiled from
867           source, etc)
868
869       ·   Describe the bug accurately and give a way to reproduce it.
870
871       ·   Run libguestfs-test-tool(1) and paste the complete, unedited output
872           into the bug report.
873
874
875
876libguestfs-1.20.11                2013-08-27                   virt-sysprep(1)
Impressum