1virt-customize(1)           Virtualization Support           virt-customize(1)
2
3
4

NAME

6       virt-customize - Customize a virtual machine
7

SYNOPSIS

9        virt-customize
10           [ -a disk.img [ -a disk.img ... ] | -d domname ]
11           [--attach ISOFILE] [--attach-format FORMAT]
12           [ -c URI | --connect URI ] [ -n | --dry-run ]
13           [ --format FORMAT] [ -m MB | --memsize MB ]
14           [ --network | --no-network ]
15           [ -q | --quiet ] [--smp N] [ -v | --verbose ] [-x]
16           [--append-line FILE:LINE] [--chmod PERMISSIONS:FILE]
17           [--commands-from-file FILENAME] [--copy SOURCE:DEST]
18           [--copy-in LOCALPATH:REMOTEDIR] [--delete PATH] [--edit FILE:EXPR]
19           [--firstboot SCRIPT] [--firstboot-command 'CMD+ARGS']
20           [--firstboot-install PKG,PKG..] [--hostname HOSTNAME]
21           [--install PKG,PKG..] [--link TARGET:LINK[:LINK..]] [--mkdir DIR]
22           [--move SOURCE:DEST] [--password USER:SELECTOR]
23           [--root-password SELECTOR] [--run SCRIPT]
24           [--run-command 'CMD+ARGS'] [--scrub FILE] [--sm-attach SELECTOR]
25           [--sm-register] [--sm-remove] [--sm-unregister]
26           [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
27           [--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
28           [--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
29           [--write FILE:CONTENT] [--no-logfile]
30           [--password-crypto md5|sha256|sha512] [--selinux-relabel]
31           [--sm-credentials SELECTOR]
32
33
34        virt-customize [ -V | --version ]
35

WARNING

37       Using "virt-customize" on live virtual machines, or concurrently with
38       other disk editing tools, can be dangerous, potentially causing disk
39       corruption.  The virtual machine must be shut down before you use this
40       command, and disk images must not be edited concurrently.
41

DESCRIPTION

43       Virt-customize can customize a virtual machine (disk image) by
44       installing packages, editing configuration files, and so on.
45
46       Virt-customize modifies the guest or disk image in place.  The guest
47       must be shut down.  If you want to preserve the existing contents of
48       the guest, you must snapshot, copy or clone the disk first.
49
50       You do not need to run virt-customize as root.  In fact we'd generally
51       recommend that you don't.
52
53       Related tools include: virt-sysprep(1) and virt-builder(1).
54

OPTIONS

56       --help
57           Display brief help.
58
59       -a file
60       --add file
61           Add file which should be a disk image from a virtual machine.
62
63           The format of the disk image is auto-detected.  To override this
64           and force a particular format use the --format option.
65
66       -a URI
67       --add URI
68           Add a remote disk.  The URI format is compatible with guestfish.
69           See "ADDING REMOTE STORAGE" in guestfish(1).
70
71       --attach ISOFILE
72           The given disk is attached to the libguestfs appliance.  This is
73           used to provide extra software repositories or other data for
74           customization.
75
76           You probably want to ensure the volume(s) or filesystems in the
77           attached disks are labelled (or use an ISO volume name) so that you
78           can mount them by label in your run-scripts:
79
80            mkdir /tmp/mount
81            mount LABEL=EXTRA /tmp/mount
82
83           You can have multiple --attach options, and the format can be any
84           disk format (not just an ISO).
85
86       --attach-format FORMAT
87           Specify the disk format for the next --attach option.  The "FORMAT"
88           is usually "raw" or "qcow2".  Use "raw" for ISOs.
89
90       --colors
91       --colours
92           Use ANSI colour sequences to colourize messages.  This is the
93           default when the output is a tty.  If the output of the program is
94           redirected to a file, ANSI colour sequences are disabled unless you
95           use this option.
96
97       -c URI
98       --connect URI
99           If using libvirt, connect to the given URI.  If omitted, then we
100           connect to the default libvirt hypervisor.
101
102           If you specify guest block devices directly (-a), then libvirt is
103           not used at all.
104
105       -d guest
106       --domain guest
107           Add all the disks from the named libvirt guest.  Domain UUIDs can
108           be used instead of names.
109
110       -n
111       --dry-run
112           Perform a read-only "dry run" on the guest.  This runs the sysprep
113           operation, but throws away any changes to the disk at the end.
114
115       --echo-keys
116           When prompting for keys and passphrases, virt-customize normally
117           turns echoing off so you cannot see what you are typing.  If you
118           are not worried about Tempest attacks and there is no one else in
119           the room you can specify this flag to see what you are typing.
120
121       --format raw|qcow2|..
122       --format auto
123           The default for the -a option is to auto-detect the format of the
124           disk image.  Using this forces the disk format for -a options which
125           follow on the command line.  Using --format auto switches back to
126           auto-detection for subsequent -a options.
127
128           For example:
129
130            virt-customize --format raw -a disk.img
131
132           forces raw format (no auto-detection) for disk.img.
133
134            virt-customize --format raw -a disk.img --format auto -a another.img
135
136           forces raw format (no auto-detection) for disk.img and reverts to
137           auto-detection for another.img.
138
139           If you have untrusted raw-format guest disk images, you should use
140           this option to specify the disk format.  This avoids a possible
141           security problem with malicious guests (CVE-2010-3851).
142
143       --key SELECTOR
144           Specify a key for LUKS, to automatically open a LUKS device when
145           using the inspection.  "ID" can be either the libguestfs device
146           name, or the UUID of the LUKS device.
147
148           --key "ID":key:KEY_STRING
149               Use the specified "KEY_STRING" as passphrase.
150
151           --key "ID":file:FILENAME
152               Read the passphrase from FILENAME.
153
154       --keys-from-stdin
155           Read key or passphrase parameters from stdin.  The default is to
156           try to read passphrases from the user by opening /dev/tty.
157
158           If there are multiple encrypted devices then you may need to supply
159           multiple keys on stdin, one per line.
160
161       -m MB
162       --memsize MB
163           Change the amount of memory allocated to --run scripts.  Increase
164           this if you find that --run scripts or the --install option are
165           running out of memory.
166
167           The default can be found with this command:
168
169            guestfish get-memsize
170
171       --network
172       --no-network
173           Enable or disable network access from the guest during the
174           installation.
175
176           Enabled is the default.  Use --no-network to disable access.
177
178           The network only allows outgoing connections and has other minor
179           limitations.  See "NETWORK" in virt-rescue(1).
180
181           If you use --no-network then certain other options such as
182           --install will not work.
183
184           This does not affect whether the guest can access the network once
185           it has been booted, because that is controlled by your hypervisor
186           or cloud environment and has nothing to do with virt-customize.
187
188           Generally speaking you should not use --no-network.  But here are
189           some reasons why you might want to:
190
191           1.  Because the libguestfs backend that you are using doesn't
192               support the network.  (See: "BACKEND" in guestfs(3)).
193
194           2.  Any software you need to install comes from an attached ISO, so
195               you don't need the network.
196
197           3.  You don’t want untrusted guest code trying to access your host
198               network when running virt-customize.  This is particularly an
199               issue when you don't trust the source of the operating system
200               templates.  (See "SECURITY" below).
201
202           4.  You don’t have a host network (eg. in secure/restricted
203               environments).
204
205       -q
206       --quiet
207           Don’t print log messages.
208
209           To enable detailed logging of individual file operations, use -x.
210
211       --smp N
212           Enable N ≥ 2 virtual CPUs for --run scripts to use.
213
214       -v
215       --verbose
216           Enable verbose messages for debugging.
217
218       -V
219       --version
220           Display version number and exit.
221
222       --wrap
223           Wrap error, warning, and informative messages.  This is the default
224           when the output is a tty.  If the output of the program is
225           redirected to a file, wrapping is disabled unless you use this
226           option.
227
228       -x  Enable tracing of libguestfs API calls.
229
230   Customization options
231       --append-line FILE:LINE
232           Append a single line of text to the "FILE".  If the file does not
233           already end with a newline, then one is added before the appended
234           line.  Also a newline is added to the end of the "LINE" string
235           automatically.
236
237           For example (assuming ordinary shell quoting) this command:
238
239            --append-line '/etc/hosts:10.0.0.1 foo'
240
241           will add either "10.0.0.1 foo⏎" or "⏎10.0.0.1 foo⏎" to the file,
242           the latter only if the existing file does not already end with a
243           newline.
244
245           "⏎" represents a newline character, which is guessed by looking at
246           the existing content of the file, so this command does the right
247           thing for files using Unix or Windows line endings.  It also works
248           for empty or non-existent files.
249
250           To insert several lines, use the same option several times:
251
252            --append-line '/etc/hosts:10.0.0.1 foo'
253            --append-line '/etc/hosts:10.0.0.2 bar'
254
255           To insert a blank line before the appended line, do:
256
257            --append-line '/etc/hosts:'
258            --append-line '/etc/hosts:10.0.0.1 foo'
259
260       --chmod PERMISSIONS:FILE
261           Change the permissions of "FILE" to "PERMISSIONS".
262
263           Note: "PERMISSIONS" by default would be decimal, unless you prefix
264           it with 0 to get octal, ie. use 0700 not 700.
265
266       --commands-from-file FILENAME
267           Read the customize commands from a file, one (and its arguments)
268           each line.
269
270           Each line contains a single customization command and its
271           arguments, for example:
272
273            delete /some/file
274            install some-package
275            password some-user:password:its-new-password
276
277           Empty lines are ignored, and lines starting with "#" are comments
278           and are ignored as well.  Furthermore, arguments can be spread
279           across multiple lines, by adding a "\" (continuation character) at
280           the of a line, for example
281
282            edit /some/file:\
283              s/^OPT=.*/OPT=ok/
284
285           The commands are handled in the same order as they are in the file,
286           as if they were specified as --delete /some/file on the command
287           line.
288
289       --copy SOURCE:DEST
290           Copy files or directories recursively inside the guest.
291
292           Wildcards cannot be used.
293
294       --copy-in LOCALPATH:REMOTEDIR
295           Copy local files or directories recursively into the disk image,
296           placing them in the directory "REMOTEDIR" (which must exist).
297
298           Wildcards cannot be used.
299
300       --delete PATH
301           Delete a file from the guest.  Or delete a directory (and all its
302           contents, recursively).
303
304           You can use shell glob characters in the specified path.  Be
305           careful to escape glob characters from the host shell, if that is
306           required.  For example:
307
308            virt-customize --delete '/var/log/*.log'.
309
310           See also: --upload, --scrub.
311
312       --edit FILE:EXPR
313           Edit "FILE" using the Perl expression "EXPR".
314
315           Be careful to properly quote the expression to prevent it from
316           being altered by the shell.
317
318           Note that this option is only available when Perl 5 is installed.
319
320           See "NON-INTERACTIVE EDITING" in virt-edit(1).
321
322       --firstboot SCRIPT
323           Install "SCRIPT" inside the guest, so that when the guest first
324           boots up, the script runs (as root, late in the boot process).
325
326           The script is automatically chmod +x after installation in the
327           guest.
328
329           The alternative version --firstboot-command is the same, but it
330           conveniently wraps the command up in a single line script for you.
331
332           You can have multiple --firstboot options.  They run in the same
333           order that they appear on the command line.
334
335           Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
336           more information and caveats about the first boot scripts.
337
338           See also --run.
339
340       --firstboot-command 'CMD+ARGS'
341           Run command (and arguments) inside the guest when the guest first
342           boots up (as root, late in the boot process).
343
344           You can have multiple --firstboot options.  They run in the same
345           order that they appear on the command line.
346
347           Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
348           more information and caveats about the first boot scripts.
349
350           See also --run.
351
352       --firstboot-install PKG,PKG..
353           Install the named packages (a comma-separated list).  These are
354           installed when the guest first boots using the guest’s package
355           manager (eg. apt, yum, etc.) and the guest’s network connection.
356
357           For an overview on the different ways to install packages, see
358           "INSTALLING PACKAGES" in virt-builder(1).
359
360       --hostname HOSTNAME
361           Set the hostname of the guest to "HOSTNAME".  You can use a dotted
362           hostname.domainname (FQDN) if you want.
363
364       --install PKG,PKG..
365           Install the named packages (a comma-separated list).  These are
366           installed during the image build using the guest’s package manager
367           (eg. apt, yum, etc.) and the host’s network connection.
368
369           For an overview on the different ways to install packages, see
370           "INSTALLING PACKAGES" in virt-builder(1).
371
372           See also --update, --uninstall.
373
374       --link TARGET:LINK[:LINK..]
375           Create symbolic link(s) in the guest, starting at "LINK" and
376           pointing at "TARGET".
377
378       --mkdir DIR
379           Create a directory in the guest.
380
381           This uses "mkdir -p" so any intermediate directories are created,
382           and it also works if the directory already exists.
383
384       --move SOURCE:DEST
385           Move files or directories inside the guest.
386
387           Wildcards cannot be used.
388
389       --no-logfile
390           Scrub "builder.log" (log file from build commands) from the image
391           after building is complete.  If you don't want to reveal precisely
392           how the image was built, use this option.
393
394           See also: "LOG FILE".
395
396       --password USER:SELECTOR
397           Set the password for "USER".  (Note this option does not create the
398           user account).
399
400           See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
401           "SELECTOR" field, and also how to set up user accounts.
402
403       --password-crypto md5|sha256|sha512
404           When the virt tools change or set a password in the guest, this
405           option sets the password encryption of that password to "md5",
406           "sha256" or "sha512".
407
408           "sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside
409           the guest).
410
411           "md5" will work with relatively old Linux guests (eg. RHEL 3), but
412           is not secure against modern attacks.
413
414           The default is "sha512" unless libguestfs detects an old guest that
415           didn't have support for SHA-512, in which case it will use "md5".
416           You can override libguestfs by specifying this option.
417
418           Note this does not change the default password encryption used by
419           the guest when you create new user accounts inside the guest.  If
420           you want to do that, then you should use the --edit option to
421           modify "/etc/sysconfig/authconfig" (Fedora, RHEL) or
422           "/etc/pam.d/common-password" (Debian, Ubuntu).
423
424       --root-password SELECTOR
425           Set the root password.
426
427           See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
428           "SELECTOR" field, and also how to set up user accounts.
429
430           Note: In virt-builder, if you don't set --root-password then the
431           guest is given a random root password.
432
433       --run SCRIPT
434           Run the shell script (or any program) called "SCRIPT" on the disk
435           image.  The script runs virtualized inside a small appliance,
436           chrooted into the guest filesystem.
437
438           The script is automatically chmod +x.
439
440           If libguestfs supports it then a limited network connection is
441           available but it only allows outgoing network connections.  You can
442           also attach data disks (eg. ISO files) as another way to provide
443           data (eg. software packages) to the script without needing a
444           network connection (--attach).  You can also upload data files
445           (--upload).
446
447           You can have multiple --run options.  They run in the same order
448           that they appear on the command line.
449
450           See also: --firstboot, --attach, --upload.
451
452       --run-command 'CMD+ARGS'
453           Run the command and arguments on the disk image.  The command runs
454           virtualized inside a small appliance, chrooted into the guest
455           filesystem.
456
457           If libguestfs supports it then a limited network connection is
458           available but it only allows outgoing network connections.  You can
459           also attach data disks (eg. ISO files) as another way to provide
460           data (eg. software packages) to the script without needing a
461           network connection (--attach).  You can also upload data files
462           (--upload).
463
464           You can have multiple --run-command options.  They run in the same
465           order that they appear on the command line.
466
467           See also: --firstboot, --attach, --upload.
468
469       --scrub FILE
470           Scrub a file from the guest.  This is like --delete except that:
471
472           •   It scrubs the data so a guest could not recover it.
473
474           •   It cannot delete directories, only regular files.
475
476       --selinux-relabel
477           Relabel files in the guest so that they have the correct SELinux
478           label.
479
480           This will attempt to relabel files immediately, but if the
481           operation fails this will instead touch /.autorelabel on the image
482           to schedule a relabel operation for the next time the image boots.
483
484           You should only use this option for guests which support SELinux.
485
486       --sm-attach SELECTOR
487           Attach to a pool using "subscription-manager".
488
489           See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
490           "SELECTOR" field.
491
492       --sm-credentials SELECTOR
493           Set the credentials for "subscription-manager".
494
495           See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
496           "SELECTOR" field.
497
498       --sm-register
499           Register the guest using "subscription-manager".
500
501           This requires credentials being set using --sm-credentials.
502
503       --sm-remove
504           Remove all the subscriptions from the guest using
505           "subscription-manager".
506
507       --sm-unregister
508           Unregister the guest using "subscription-manager".
509
510       --ssh-inject USER[:SELECTOR]
511           Inject an ssh key so the given "USER" will be able to log in over
512           ssh without supplying a password.  The "USER" must exist already in
513           the guest.
514
515           See "SSH KEYS" in virt-builder(1) for the format of the "SELECTOR"
516           field.
517
518           You can have multiple --ssh-inject options, for different users and
519           also for more keys for each user.
520
521       --timezone TIMEZONE
522           Set the default timezone of the guest to "TIMEZONE".  Use a
523           location string like "Europe/London"
524
525       --touch FILE
526           This command performs a touch(1)-like operation on "FILE".
527
528       --truncate FILE
529           This command truncates "FILE" to a zero-length file. The file must
530           exist already.
531
532       --truncate-recursive PATH
533           This command recursively truncates all files under "PATH" to zero-
534           length.
535
536       --uninstall PKG,PKG..
537           Uninstall the named packages (a comma-separated list).  These are
538           removed during the image build using the guest’s package manager
539           (eg. apt, yum, etc.).  Dependent packages may also need to be
540           uninstalled to satisfy the request.
541
542           See also --install, --update.
543
544       --update
545           Do the equivalent of "yum update", "apt-get upgrade", or whatever
546           command is required to update the packages already installed in the
547           template to their latest versions.
548
549           See also --install, --uninstall.
550
551       --upload FILE:DEST
552           Upload local file "FILE" to destination "DEST" in the disk image.
553           File owner and permissions from the original are preserved, so you
554           should set them to what you want them to be in the disk image.
555
556           "DEST" could be the final filename.  This can be used to rename the
557           file on upload.
558
559           If "DEST" is a directory name (which must already exist in the
560           guest) then the file is uploaded into that directory, and it keeps
561           the same name as on the local filesystem.
562
563           See also: --mkdir, --delete, --scrub.
564
565       --write FILE:CONTENT
566           Write "CONTENT" to "FILE".
567

SELINUX

569       For guests which make use of SELinux, special handling for them might
570       be needed when using operations which create new files or alter
571       existing ones.
572
573       For further details, see "SELINUX" in virt-builder(1).
574

EXIT STATUS

576       This program returns 0 on success, or 1 if there was an error.
577

ENVIRONMENT VARIABLES

579       "VIRT_TOOLS_DATA_DIR"
580           This can point to the directory containing data files used for
581           Windows firstboot installation.
582
583           Normally you do not need to set this.  If not set, a compiled-in
584           default will be used (something like /usr/share/virt-tools).
585
586           This directory may contain the following files:
587
588           rhsrvany.exe
589               This is the RHSrvAny Windows binary, used to install a
590               "firstboot" script in Windows guests.  It is required if you
591               intend to use the --firstboot or --firstboot-command options
592               with Windows guests.
593
594               See also: "https://github.com/rwmjones/rhsrvany"
595
596           pvvxsvc.exe
597               This is a Windows binary shipped with SUSE VMDP, used to
598               install a "firstboot" script in Windows guests.  It is required
599               if you intend to use the --firstboot or --firstboot-command
600               options with Windows guests.
601
602       For other environment variables, see "ENVIRONMENT VARIABLES" in
603       guestfs(3).
604

SEE ALSO

606       guestfs(3), guestfish(1), virt-builder(1), virt-clone(1),
607       virt-rescue(1), virt-resize(1), virt-sparsify(1), virt-sysprep(1),
608       virsh(1), lvcreate(8), qemu-img(1), scrub(1), http://libguestfs.org/,
609       http://libvirt.org/.
610

AUTHORS

612       Richard W.M. Jones http://people.redhat.com/~rjones/
613
615       Copyright (C) 2011-2020 Red Hat Inc.
616

LICENSE

618       This program is free software; you can redistribute it and/or modify it
619       under the terms of the GNU General Public License as published by the
620       Free Software Foundation; either version 2 of the License, or (at your
621       option) any later version.
622
623       This program is distributed in the hope that it will be useful, but
624       WITHOUT ANY WARRANTY; without even the implied warranty of
625       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
626       General Public License for more details.
627
628       You should have received a copy of the GNU General Public License along
629       with this program; if not, write to the Free Software Foundation, Inc.,
630       51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
631

BUGS

633       To get a list of bugs against libguestfs, use this link:
634       https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
635
636       To report a new bug against libguestfs, use this link:
637       https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
638
639       When reporting a bug, please supply:
640
641       •   The version of libguestfs.
642
643       •   Where you got libguestfs (eg. which Linux distro, compiled from
644           source, etc)
645
646       •   Describe the bug accurately and give a way to reproduce it.
647
648       •   Run libguestfs-test-tool(1) and paste the complete, unedited output
649           into the bug report.
650
651
652
653guestfs-tools-1.48.2              2022-05-26                 virt-customize(1)
Impressum