1virt-customize(1) Virtualization Support virt-customize(1)
2
3
4
6 virt-customize - Customize a virtual machine
7
9 virt-customize
10 [ -a disk.img [ -a disk.img ... ] | -d domname ]
11 [--attach ISOFILE] [--attach-format FORMAT]
12 [ -c URI | --connect URI ] [ -n | --dry-run ]
13 [ --format FORMAT] [ -m MB | --memsize MB ]
14 [ --network | --no-network ]
15 [ -q | --quiet ] [--smp N] [ -v | --verbose ] [-x]
16 [--append-line FILE:LINE] [--chmod PERMISSIONS:FILE]
17 [--commands-from-file FILENAME] [--copy SOURCE:DEST]
18 [--copy-in LOCALPATH:REMOTEDIR] [--delete PATH] [--edit FILE:EXPR]
19 [--firstboot SCRIPT] [--firstboot-command 'CMD+ARGS']
20 [--firstboot-install PKG,PKG..] [--hostname HOSTNAME]
21 [--install PKG,PKG..] [--link TARGET:LINK[:LINK..]] [--mkdir DIR]
22 [--move SOURCE:DEST] [--password USER:SELECTOR]
23 [--root-password SELECTOR] [--run SCRIPT]
24 [--run-command 'CMD+ARGS'] [--scrub FILE] [--sm-attach SELECTOR]
25 [--sm-register] [--sm-remove] [--sm-unregister]
26 [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
27 [--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
28 [--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
29 [--write FILE:CONTENT] [--no-logfile]
30 [--password-crypto md5|sha256|sha512] [--selinux-relabel]
31 [--sm-credentials SELECTOR]
32
33
34 virt-customize [ -V | --version ]
35
37 Using "virt-customize" on live virtual machines, or concurrently with
38 other disk editing tools, can be dangerous, potentially causing disk
39 corruption. The virtual machine must be shut down before you use this
40 command, and disk images must not be edited concurrently.
41
43 Virt-customize can customize a virtual machine (disk image) by
44 installing packages, editing configuration files, and so on.
45
46 Virt-customize modifies the guest or disk image in place. The guest
47 must be shut down. If you want to preserve the existing contents of
48 the guest, you must snapshot, copy or clone the disk first.
49
50 You do not need to run virt-customize as root. In fact we'd generally
51 recommend that you don't.
52
53 Related tools include: virt-sysprep(1) and virt-builder(1).
54
56 --help
57 Display brief help.
58
59 -a file
60 --add file
61 Add file which should be a disk image from a virtual machine.
62
63 The format of the disk image is auto-detected. To override this
64 and force a particular format use the --format option.
65
66 -a URI
67 --add URI
68 Add a remote disk. The URI format is compatible with guestfish.
69 See "ADDING REMOTE STORAGE" in guestfish(1).
70
71 --attach ISOFILE
72 The given disk is attached to the libguestfs appliance. This is
73 used to provide extra software repositories or other data for
74 customization.
75
76 You probably want to ensure the volume(s) or filesystems in the
77 attached disks are labelled (or use an ISO volume name) so that you
78 can mount them by label in your run-scripts:
79
80 mkdir /tmp/mount
81 mount LABEL=EXTRA /tmp/mount
82
83 You can have multiple --attach options, and the format can be any
84 disk format (not just an ISO).
85
86 --attach-format FORMAT
87 Specify the disk format for the next --attach option. The "FORMAT"
88 is usually "raw" or "qcow2". Use "raw" for ISOs.
89
90 --colors
91 --colours
92 Use ANSI colour sequences to colourize messages. This is the
93 default when the output is a tty. If the output of the program is
94 redirected to a file, ANSI colour sequences are disabled unless you
95 use this option.
96
97 -c URI
98 --connect URI
99 If using libvirt, connect to the given URI. If omitted, then we
100 connect to the default libvirt hypervisor.
101
102 If you specify guest block devices directly (-a), then libvirt is
103 not used at all.
104
105 -d guest
106 --domain guest
107 Add all the disks from the named libvirt guest. Domain UUIDs can
108 be used instead of names.
109
110 -n
111 --dry-run
112 Perform a read-only "dry run" on the guest. This runs the sysprep
113 operation, but throws away any changes to the disk at the end.
114
115 --echo-keys
116 When prompting for keys and passphrases, virt-customize normally
117 turns echoing off so you cannot see what you are typing. If you
118 are not worried about Tempest attacks and there is no one else in
119 the room you can specify this flag to see what you are typing.
120
121 --format raw|qcow2|..
122 --format auto
123 The default for the -a option is to auto-detect the format of the
124 disk image. Using this forces the disk format for -a options which
125 follow on the command line. Using --format auto switches back to
126 auto-detection for subsequent -a options.
127
128 For example:
129
130 virt-customize --format raw -a disk.img
131
132 forces raw format (no auto-detection) for disk.img.
133
134 virt-customize --format raw -a disk.img --format auto -a another.img
135
136 forces raw format (no auto-detection) for disk.img and reverts to
137 auto-detection for another.img.
138
139 If you have untrusted raw-format guest disk images, you should use
140 this option to specify the disk format. This avoids a possible
141 security problem with malicious guests (CVE-2010-3851).
142
143 --key SELECTOR
144 Specify a key for LUKS, to automatically open a LUKS device when
145 using the inspection. "ID" can be either the libguestfs device
146 name, or the UUID of the LUKS device.
147
148 --key "ID":key:KEY_STRING
149 Use the specified "KEY_STRING" as passphrase.
150
151 --key "ID":file:FILENAME
152 Read the passphrase from FILENAME.
153
154 --keys-from-stdin
155 Read key or passphrase parameters from stdin. The default is to
156 try to read passphrases from the user by opening /dev/tty.
157
158 If there are multiple encrypted devices then you may need to supply
159 multiple keys on stdin, one per line.
160
161 -m MB
162 --memsize MB
163 Change the amount of memory allocated to --run scripts. Increase
164 this if you find that --run scripts or the --install option are
165 running out of memory.
166
167 The default can be found with this command:
168
169 guestfish get-memsize
170
171 --network
172 --no-network
173 Enable or disable network access from the guest during the
174 installation.
175
176 Enabled is the default. Use --no-network to disable access.
177
178 The network only allows outgoing connections and has other minor
179 limitations. See "NETWORK" in virt-rescue(1).
180
181 If you use --no-network then certain other options such as
182 --install will not work.
183
184 This does not affect whether the guest can access the network once
185 it has been booted, because that is controlled by your hypervisor
186 or cloud environment and has nothing to do with virt-customize.
187
188 Generally speaking you should not use --no-network. But here are
189 some reasons why you might want to:
190
191 1. Because the libguestfs backend that you are using doesn't
192 support the network. (See: "BACKEND" in guestfs(3)).
193
194 2. Any software you need to install comes from an attached ISO, so
195 you don't need the network.
196
197 3. You don’t want untrusted guest code trying to access your host
198 network when running virt-customize. This is particularly an
199 issue when you don't trust the source of the operating system
200 templates. (See "SECURITY" below).
201
202 4. You don’t have a host network (eg. in secure/restricted
203 environments).
204
205 -q
206 --quiet
207 Don’t print log messages.
208
209 To enable detailed logging of individual file operations, use -x.
210
211 --smp N
212 Enable N ≥ 2 virtual CPUs for --run scripts to use.
213
214 -v
215 --verbose
216 Enable verbose messages for debugging.
217
218 -V
219 --version
220 Display version number and exit.
221
222 -x Enable tracing of libguestfs API calls.
223
224 Customization options
225 --append-line FILE:LINE
226 Append a single line of text to the "FILE". If the file does not
227 already end with a newline, then one is added before the appended
228 line. Also a newline is added to the end of the "LINE" string
229 automatically.
230
231 For example (assuming ordinary shell quoting) this command:
232
233 --append-line '/etc/hosts:10.0.0.1 foo'
234
235 will add either "10.0.0.1 foo⏎" or "⏎10.0.0.1 foo⏎" to the file,
236 the latter only if the existing file does not already end with a
237 newline.
238
239 "⏎" represents a newline character, which is guessed by looking at
240 the existing content of the file, so this command does the right
241 thing for files using Unix or Windows line endings. It also works
242 for empty or non-existent files.
243
244 To insert several lines, use the same option several times:
245
246 --append-line '/etc/hosts:10.0.0.1 foo'
247 --append-line '/etc/hosts:10.0.0.2 bar'
248
249 To insert a blank line before the appended line, do:
250
251 --append-line '/etc/hosts:'
252 --append-line '/etc/hosts:10.0.0.1 foo'
253
254 --chmod PERMISSIONS:FILE
255 Change the permissions of "FILE" to "PERMISSIONS".
256
257 Note: "PERMISSIONS" by default would be decimal, unless you prefix
258 it with 0 to get octal, ie. use 0700 not 700.
259
260 --commands-from-file FILENAME
261 Read the customize commands from a file, one (and its arguments)
262 each line.
263
264 Each line contains a single customization command and its
265 arguments, for example:
266
267 delete /some/file
268 install some-package
269 password some-user:password:its-new-password
270
271 Empty lines are ignored, and lines starting with "#" are comments
272 and are ignored as well. Furthermore, arguments can be spread
273 across multiple lines, by adding a "\" (continuation character) at
274 the of a line, for example
275
276 edit /some/file:\
277 s/^OPT=.*/OPT=ok/
278
279 The commands are handled in the same order as they are in the file,
280 as if they were specified as --delete /some/file on the command
281 line.
282
283 --copy SOURCE:DEST
284 Copy files or directories recursively inside the guest.
285
286 Wildcards cannot be used.
287
288 --copy-in LOCALPATH:REMOTEDIR
289 Copy local files or directories recursively into the disk image,
290 placing them in the directory "REMOTEDIR" (which must exist).
291
292 Wildcards cannot be used.
293
294 --delete PATH
295 Delete a file from the guest. Or delete a directory (and all its
296 contents, recursively).
297
298 You can use shell glob characters in the specified path. Be
299 careful to escape glob characters from the host shell, if that is
300 required. For example:
301
302 virt-customize --delete '/var/log/*.log'.
303
304 See also: --upload, --scrub.
305
306 --edit FILE:EXPR
307 Edit "FILE" using the Perl expression "EXPR".
308
309 Be careful to properly quote the expression to prevent it from
310 being altered by the shell.
311
312 Note that this option is only available when Perl 5 is installed.
313
314 See "NON-INTERACTIVE EDITING" in virt-edit(1).
315
316 --firstboot SCRIPT
317 Install "SCRIPT" inside the guest, so that when the guest first
318 boots up, the script runs (as root, late in the boot process).
319
320 The script is automatically chmod +x after installation in the
321 guest.
322
323 The alternative version --firstboot-command is the same, but it
324 conveniently wraps the command up in a single line script for you.
325
326 You can have multiple --firstboot options. They run in the same
327 order that they appear on the command line.
328
329 Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
330 more information and caveats about the first boot scripts.
331
332 See also --run.
333
334 --firstboot-command 'CMD+ARGS'
335 Run command (and arguments) inside the guest when the guest first
336 boots up (as root, late in the boot process).
337
338 You can have multiple --firstboot options. They run in the same
339 order that they appear on the command line.
340
341 Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
342 more information and caveats about the first boot scripts.
343
344 See also --run.
345
346 --firstboot-install PKG,PKG..
347 Install the named packages (a comma-separated list). These are
348 installed when the guest first boots using the guest’s package
349 manager (eg. apt, yum, etc.) and the guest’s network connection.
350
351 For an overview on the different ways to install packages, see
352 "INSTALLING PACKAGES" in virt-builder(1).
353
354 --hostname HOSTNAME
355 Set the hostname of the guest to "HOSTNAME". You can use a dotted
356 hostname.domainname (FQDN) if you want.
357
358 --install PKG,PKG..
359 Install the named packages (a comma-separated list). These are
360 installed during the image build using the guest’s package manager
361 (eg. apt, yum, etc.) and the host’s network connection.
362
363 For an overview on the different ways to install packages, see
364 "INSTALLING PACKAGES" in virt-builder(1).
365
366 See also --update, --uninstall.
367
368 --link TARGET:LINK[:LINK..]
369 Create symbolic link(s) in the guest, starting at "LINK" and
370 pointing at "TARGET".
371
372 --mkdir DIR
373 Create a directory in the guest.
374
375 This uses "mkdir -p" so any intermediate directories are created,
376 and it also works if the directory already exists.
377
378 --move SOURCE:DEST
379 Move files or directories inside the guest.
380
381 Wildcards cannot be used.
382
383 --no-logfile
384 Scrub "builder.log" (log file from build commands) from the image
385 after building is complete. If you don't want to reveal precisely
386 how the image was built, use this option.
387
388 See also: "LOG FILE".
389
390 --password USER:SELECTOR
391 Set the password for "USER". (Note this option does not create the
392 user account).
393
394 See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
395 "SELECTOR" field, and also how to set up user accounts.
396
397 --password-crypto md5|sha256|sha512
398 When the virt tools change or set a password in the guest, this
399 option sets the password encryption of that password to "md5",
400 "sha256" or "sha512".
401
402 "sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside
403 the guest).
404
405 "md5" will work with relatively old Linux guests (eg. RHEL 3), but
406 is not secure against modern attacks.
407
408 The default is "sha512" unless libguestfs detects an old guest that
409 didn't have support for SHA-512, in which case it will use "md5".
410 You can override libguestfs by specifying this option.
411
412 Note this does not change the default password encryption used by
413 the guest when you create new user accounts inside the guest. If
414 you want to do that, then you should use the --edit option to
415 modify "/etc/sysconfig/authconfig" (Fedora, RHEL) or
416 "/etc/pam.d/common-password" (Debian, Ubuntu).
417
418 --root-password SELECTOR
419 Set the root password.
420
421 See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
422 "SELECTOR" field, and also how to set up user accounts.
423
424 Note: In virt-builder, if you don't set --root-password then the
425 guest is given a random root password.
426
427 --run SCRIPT
428 Run the shell script (or any program) called "SCRIPT" on the disk
429 image. The script runs virtualized inside a small appliance,
430 chrooted into the guest filesystem.
431
432 The script is automatically chmod +x.
433
434 If libguestfs supports it then a limited network connection is
435 available but it only allows outgoing network connections. You can
436 also attach data disks (eg. ISO files) as another way to provide
437 data (eg. software packages) to the script without needing a
438 network connection (--attach). You can also upload data files
439 (--upload).
440
441 You can have multiple --run options. They run in the same order
442 that they appear on the command line.
443
444 See also: --firstboot, --attach, --upload.
445
446 --run-command 'CMD+ARGS'
447 Run the command and arguments on the disk image. The command runs
448 virtualized inside a small appliance, chrooted into the guest
449 filesystem.
450
451 If libguestfs supports it then a limited network connection is
452 available but it only allows outgoing network connections. You can
453 also attach data disks (eg. ISO files) as another way to provide
454 data (eg. software packages) to the script without needing a
455 network connection (--attach). You can also upload data files
456 (--upload).
457
458 You can have multiple --run-command options. They run in the same
459 order that they appear on the command line.
460
461 See also: --firstboot, --attach, --upload.
462
463 --scrub FILE
464 Scrub a file from the guest. This is like --delete except that:
465
466 · It scrubs the data so a guest could not recover it.
467
468 · It cannot delete directories, only regular files.
469
470 --selinux-relabel
471 Relabel files in the guest so that they have the correct SELinux
472 label.
473
474 This will attempt to relabel files immediately, but if the
475 operation fails this will instead touch /.autorelabel on the image
476 to schedule a relabel operation for the next time the image boots.
477
478 You should only use this option for guests which support SELinux.
479
480 --sm-attach SELECTOR
481 Attach to a pool using "subscription-manager".
482
483 See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
484 "SELECTOR" field.
485
486 --sm-credentials SELECTOR
487 Set the credentials for "subscription-manager".
488
489 See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
490 "SELECTOR" field.
491
492 --sm-register
493 Register the guest using "subscription-manager".
494
495 This requires credentials being set using --sm-credentials.
496
497 --sm-remove
498 Remove all the subscriptions from the guest using
499 "subscription-manager".
500
501 --sm-unregister
502 Unregister the guest using "subscription-manager".
503
504 --ssh-inject USER[:SELECTOR]
505 Inject an ssh key so the given "USER" will be able to log in over
506 ssh without supplying a password. The "USER" must exist already in
507 the guest.
508
509 See "SSH KEYS" in virt-builder(1) for the format of the "SELECTOR"
510 field.
511
512 You can have multiple --ssh-inject options, for different users and
513 also for more keys for each user.
514
515 --timezone TIMEZONE
516 Set the default timezone of the guest to "TIMEZONE". Use a
517 location string like "Europe/London"
518
519 --touch FILE
520 This command performs a touch(1)-like operation on "FILE".
521
522 --truncate FILE
523 This command truncates "FILE" to a zero-length file. The file must
524 exist already.
525
526 --truncate-recursive PATH
527 This command recursively truncates all files under "PATH" to zero-
528 length.
529
530 --uninstall PKG,PKG..
531 Uninstall the named packages (a comma-separated list). These are
532 removed during the image build using the guest’s package manager
533 (eg. apt, yum, etc.). Dependent packages may also need to be
534 uninstalled to satisfy the request.
535
536 See also --install, --update.
537
538 --update
539 Do the equivalent of "yum update", "apt-get upgrade", or whatever
540 command is required to update the packages already installed in the
541 template to their latest versions.
542
543 See also --install, --uninstall.
544
545 --upload FILE:DEST
546 Upload local file "FILE" to destination "DEST" in the disk image.
547 File owner and permissions from the original are preserved, so you
548 should set them to what you want them to be in the disk image.
549
550 "DEST" could be the final filename. This can be used to rename the
551 file on upload.
552
553 If "DEST" is a directory name (which must already exist in the
554 guest) then the file is uploaded into that directory, and it keeps
555 the same name as on the local filesystem.
556
557 See also: --mkdir, --delete, --scrub.
558
559 --write FILE:CONTENT
560 Write "CONTENT" to "FILE".
561
563 For guests which make use of SELinux, special handling for them might
564 be needed when using operations which create new files or alter
565 existing ones.
566
567 For further details, see "SELINUX" in virt-builder(1).
568
570 This program returns 0 on success, or 1 if there was an error.
571
573 "VIRT_TOOLS_DATA_DIR"
574 This can point to the directory containing data files used for
575 Windows firstboot installation.
576
577 Normally you do not need to set this. If not set, a compiled-in
578 default will be used (something like /usr/share/virt-tools).
579
580 This directory may contain the following files:
581
582 rhsrvany.exe
583 This is the RHSrvAny Windows binary, used to install a
584 "firstboot" script in Windows guests. It is required if you
585 intend to use the --firstboot or --firstboot-command options
586 with Windows guests.
587
588 See also: "https://github.com/rwmjones/rhsrvany"
589
590 pvvxsvc.exe
591 This is a Windows binary shipped with SUSE VMDP, used to
592 install a "firstboot" script in Windows guests. It is required
593 if you intend to use the --firstboot or --firstboot-command
594 options with Windows guests.
595
596 For other environment variables, see "ENVIRONMENT VARIABLES" in
597 guestfs(3).
598
600 guestfs(3), guestfish(1), virt-builder(1), virt-clone(1),
601 virt-rescue(1), virt-resize(1), virt-sparsify(1), virt-sysprep(1),
602 virsh(1), lvcreate(8), qemu-img(1), scrub(1), http://libguestfs.org/,
603 http://libvirt.org/.
604
606 Richard W.M. Jones http://people.redhat.com/~rjones/
607
609 Copyright (C) 2011-2020 Red Hat Inc.
610
612 This program is free software; you can redistribute it and/or modify it
613 under the terms of the GNU General Public License as published by the
614 Free Software Foundation; either version 2 of the License, or (at your
615 option) any later version.
616
617 This program is distributed in the hope that it will be useful, but
618 WITHOUT ANY WARRANTY; without even the implied warranty of
619 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
620 General Public License for more details.
621
622 You should have received a copy of the GNU General Public License along
623 with this program; if not, write to the Free Software Foundation, Inc.,
624 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
625
627 To get a list of bugs against libguestfs, use this link:
628 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
629
630 To report a new bug against libguestfs, use this link:
631 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
632
633 When reporting a bug, please supply:
634
635 · The version of libguestfs.
636
637 · Where you got libguestfs (eg. which Linux distro, compiled from
638 source, etc)
639
640 · Describe the bug accurately and give a way to reproduce it.
641
642 · Run libguestfs-test-tool(1) and paste the complete, unedited output
643 into the bug report.
644
645
646
647libguestfs-1.44.0 2021-01-05 virt-customize(1)