1virt-customize(1) Virtualization Support virt-customize(1)
2
6 virt-customize - Customize a virtual machine
7
9 virt-customize
10 [ -a disk.img [ -a disk.img ... ] | -d domname ]
11 [--attach ISOFILE] [--attach-format FORMAT]
12 [ -c URI | --connect URI ] [ -n | --dry-run ]
13 [ --format FORMAT] [ -m MB | --memsize MB ]
14 [ --network | --no-network ]
15 [ -q | --quiet ] [--smp N] [ -v | --verbose ] [-x]
16 [--append-line FILE:LINE] [--chmod PERMISSIONS:FILE]
17 [--commands-from-file FILENAME] [--copy SOURCE:DEST]
18 [--copy-in LOCALPATH:REMOTEDIR] [--delete PATH] [--edit FILE:EXPR]
19 [--firstboot SCRIPT] [--firstboot-command 'CMD+ARGS']
20 [--firstboot-install PKG,PKG..] [--hostname HOSTNAME]
21 [--install PKG,PKG..] [--link TARGET:LINK[:LINK..]] [--mkdir DIR]
22 [--move SOURCE:DEST] [--password USER:SELECTOR]
23 [--root-password SELECTOR] [--run SCRIPT]
24 [--run-command 'CMD+ARGS'] [--scrub FILE] [--sm-attach SELECTOR]
25 [--sm-register] [--sm-remove] [--sm-unregister]
26 [--ssh-inject USER[:SELECTOR]] [--truncate FILE]
27 [--truncate-recursive PATH] [--timezone TIMEZONE] [--touch FILE]
28 [--uninstall PKG,PKG..] [--update] [--upload FILE:DEST]
29 [--write FILE:CONTENT] [--no-logfile]
30 [--password-crypto md5|sha256|sha512] [--no-selinux-relabel]
31 [--selinux-relabel] [--sm-credentials SELECTOR]
32 virt-customize [ -V | --version ]
35
37 Using "virt-customize" on live virtual machines, or concurrently with
38 other disk editing tools, can be dangerous, potentially causing disk
39 corruption. The virtual machine must be shut down before you use this
40 command, and disk images must not be edited concurrently.
41
43 Virt-customize can customize a virtual machine (disk image) by
44 installing packages, editing configuration files, and so on.
45 Virt-customize modifies the guest or disk image in place. The guest
47 must be shut down. If you want to preserve the existing contents of
48 the guest, you must snapshot, copy or clone the disk first.
49 You do not need to run virt-customize as root. In fact we'd generally
51 recommend that you don't.
52 Related tools include: virt-sysprep(1) and virt-builder(1).
54
56 --help
57 Display brief help.
58 -a file
60 --add file
61 Add file which should be a disk image from a virtual machine.
62 The format of the disk image is auto-detected. To override this
64 and force a particular format use the --format option.
65 -a URI
67 --add URI
68 Add a remote disk. The URI format is compatible with guestfish.
69 See "ADDING REMOTE STORAGE" in guestfish(1).
70 --attach ISOFILE
72 The given disk is attached to the libguestfs appliance. This is
73 used to provide extra software repositories or other data for
74 customization.
75 You probably want to ensure the volume(s) or filesystems in the
77 attached disks are labelled (or use an ISO volume name) so that you
78 can mount them by label in your run-scripts:
79 mkdir /tmp/mount
81 mount LABEL=EXTRA /tmp/mount
82 You can have multiple --attach options, and the format can be any
84 disk format (not just an ISO).
85 --attach-format FORMAT
87 Specify the disk format for the next --attach option. The "FORMAT"
88 is usually "raw" or "qcow2". Use "raw" for ISOs.
89 --colors
91 --colours
92 Use ANSI colour sequences to colourize messages. This is the
93 default when the output is a tty. If the output of the program is
94 redirected to a file, ANSI colour sequences are disabled unless you
95 use this option.
96 -c URI
98 --connect URI
99 If using libvirt, connect to the given URI. If omitted, then we
100 connect to the default libvirt hypervisor.
101 If you specify guest block devices directly (-a), then libvirt is
103 not used at all.
104 -d guest
106 --domain guest
107 Add all the disks from the named libvirt guest. Domain UUIDs can
108 be used instead of names.
109 -n
111 --dry-run
112 Perform a read-only "dry run" on the guest. This runs the sysprep
113 operation, but throws away any changes to the disk at the end.
114 --echo-keys
116 When prompting for keys and passphrases, virt-customize normally
117 turns echoing off so you cannot see what you are typing. If you
118 are not worried about Tempest attacks and there is no one else in
119 the room you can specify this flag to see what you are typing.
120 --format raw|qcow2|..
122 --format auto
123 The default for the -a option is to auto-detect the format of the
124 disk image. Using this forces the disk format for -a options which
125 follow on the command line. Using --format auto switches back to
126 auto-detection for subsequent -a options.
127 For example:
129 virt-customize --format raw -a disk.img
131 forces raw format (no auto-detection) for disk.img.
133 virt-customize --format raw -a disk.img --format auto -a another.img
135 forces raw format (no auto-detection) for disk.img and reverts to
137 auto-detection for another.img.
138 If you have untrusted raw-format guest disk images, you should use
140 this option to specify the disk format. This avoids a possible
141 security problem with malicious guests (CVE-2010-3851).
142 --key SELECTOR
144 Specify a key for LUKS, to automatically open a LUKS device when
145 using the inspection. "ID" can be either the libguestfs device
146 name, or the UUID of the LUKS device.
147 --key "ID":key:KEY_STRING
149 Use the specified "KEY_STRING" as passphrase.
150 --key "ID":file:FILENAME
152 Read the passphrase from FILENAME.
153 --key "ID":clevis
155 Attempt passphrase-less unlocking for "ID" with Clevis, over
156 the network. Please refer to "ENCRYPTED DISKS" in guestfs(3)
157 for more information on network-bound disk encryption (NBDE).
158 Note that if any such option is present on the command line,
160 QEMU user networking will be automatically enabled for the
161 libguestfs appliance.
162 --keys-from-stdin
164 Read key or passphrase parameters from stdin. The default is to
165 try to read passphrases from the user by opening /dev/tty.
166 If there are multiple encrypted devices then you may need to supply
168 multiple keys on stdin, one per line.
169 -m MB
171 --memsize MB
172 Change the amount of memory allocated to --run scripts. Increase
173 this if you find that --run scripts or the --install option are
174 running out of memory.
175 The default can be found with this command:
177 guestfish get-memsize
179 --network
181 --no-network
182 Enable or disable network access from the guest during the
183 installation.
184 Enabled is the default. Use --no-network to disable access.
186 The network only allows outgoing connections and has other minor
188 limitations. See "NETWORK" in virt-rescue(1).
189 If you use --no-network then certain other options such as
191 --install will not work.
192 This does not affect whether the guest can access the network once
194 it has been booted, because that is controlled by your hypervisor
195 or cloud environment and has nothing to do with virt-customize.
196 Generally speaking you should not use --no-network. But here are
198 some reasons why you might want to:
199 1. Because the libguestfs backend that you are using doesn't
201 support the network. (See: "BACKEND" in guestfs(3)).
202 2. Any software you need to install comes from an attached ISO, so
204 you don't need the network.
205 3. You don’t want untrusted guest code trying to access your host
207 network when running virt-customize. This is particularly an
208 issue when you don't trust the source of the operating system
209 templates. (See "SECURITY" below).
210 4. You don’t have a host network (eg. in secure/restricted
212 environments).
213 -q
215 --quiet
216 Don’t print log messages.
217 To enable detailed logging of individual file operations, use -x.
219 --smp N
221 Enable N ≥ 2 virtual CPUs for --run scripts to use.
222 -v
224 --verbose
225 Enable verbose messages for debugging.
226 -V
228 --version
229 Display version number and exit.
230 --wrap
232 Wrap error, warning, and informative messages. This is the default
233 when the output is a tty. If the output of the program is
234 redirected to a file, wrapping is disabled unless you use this
235 option.
236 -x Enable tracing of libguestfs API calls.
238 Customization options
240 --append-line FILE:LINE
241 Append a single line of text to the "FILE". If the file does not
242 already end with a newline, then one is added before the appended
243 line. Also a newline is added to the end of the "LINE" string
244 automatically.
245 For example (assuming ordinary shell quoting) this command:
247 --append-line '/etc/hosts:10.0.0.1 foo'
249 will add either "10.0.0.1 foo⏎" or "⏎10.0.0.1 foo⏎" to the file,
251 the latter only if the existing file does not already end with a
252 newline.
253 "⏎" represents a newline character, which is guessed by looking at
255 the existing content of the file, so this command does the right
256 thing for files using Unix or Windows line endings. It also works
257 for empty or non-existent files.
258 To insert several lines, use the same option several times:
260 --append-line '/etc/hosts:10.0.0.1 foo'
262 --append-line '/etc/hosts:10.0.0.2 bar'
263 To insert a blank line before the appended line, do:
265 --append-line '/etc/hosts:'
267 --append-line '/etc/hosts:10.0.0.1 foo'
268 --chmod PERMISSIONS:FILE
270 Change the permissions of "FILE" to "PERMISSIONS".
271 Note: "PERMISSIONS" by default would be decimal, unless you prefix
273 it with 0 to get octal, ie. use 0700 not 700.
274 --commands-from-file FILENAME
276 Read the customize commands from a file, one (and its arguments)
277 each line.
278 Each line contains a single customization command and its
280 arguments, for example:
281 delete /some/file
283 install some-package
284 password some-user:password:its-new-password
285 Empty lines are ignored, and lines starting with "#" are comments
287 and are ignored as well. Furthermore, arguments can be spread
288 across multiple lines, by adding a "\" (continuation character) at
289 the of a line, for example
290 edit /some/file:\
292 s/^OPT=.*/OPT=ok/
293 The commands are handled in the same order as they are in the file,
295 as if they were specified as --delete /some/file on the command
296 line.
297 --copy SOURCE:DEST
299 Copy files or directories recursively inside the guest.
300 Wildcards cannot be used.
302 --copy-in LOCALPATH:REMOTEDIR
304 Copy local files or directories recursively into the disk image,
305 placing them in the directory "REMOTEDIR" (which must exist).
306 Wildcards cannot be used.
308 --delete PATH
310 Delete a file from the guest. Or delete a directory (and all its
311 contents, recursively).
312 You can use shell glob characters in the specified path. Be
314 careful to escape glob characters from the host shell, if that is
315 required. For example:
316 virt-customize --delete '/var/log/*.log'.
318 See also: --upload, --scrub.
320 --edit FILE:EXPR
322 Edit "FILE" using the Perl expression "EXPR".
323 Be careful to properly quote the expression to prevent it from
325 being altered by the shell.
326 Note that this option is only available when Perl 5 is installed.
328 See "NON-INTERACTIVE EDITING" in virt-edit(1).
330 --firstboot SCRIPT
332 Install "SCRIPT" inside the guest, so that when the guest first
333 boots up, the script runs (as root, late in the boot process).
334 The script is automatically chmod +x after installation in the
336 guest.
337 The alternative version --firstboot-command is the same, but it
339 conveniently wraps the command up in a single line script for you.
340 You can have multiple --firstboot options. They run in the same
342 order that they appear on the command line.
343 Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
345 more information and caveats about the first boot scripts.
346 See also --run.
348 --firstboot-command 'CMD+ARGS'
350 Run command (and arguments) inside the guest when the guest first
351 boots up (as root, late in the boot process).
352 You can have multiple --firstboot options. They run in the same
354 order that they appear on the command line.
355 Please take a look at "FIRST BOOT SCRIPTS" in virt-builder(1) for
357 more information and caveats about the first boot scripts.
358 See also --run.
360 --firstboot-install PKG,PKG..
362 Install the named packages (a comma-separated list). These are
363 installed when the guest first boots using the guest’s package
364 manager (eg. apt, yum, etc.) and the guest’s network connection.
365 For an overview on the different ways to install packages, see
367 "INSTALLING PACKAGES" in virt-builder(1).
368 --hostname HOSTNAME
370 Set the hostname of the guest to "HOSTNAME". You can use a dotted
371 hostname.domainname (FQDN) if you want.
372 --install PKG,PKG..
374 Install the named packages (a comma-separated list). These are
375 installed during the image build using the guest’s package manager
376 (eg. apt, yum, etc.) and the host’s network connection.
377 For an overview on the different ways to install packages, see
379 "INSTALLING PACKAGES" in virt-builder(1).
380 See also --update, --uninstall.
382 --link TARGET:LINK[:LINK..]
384 Create symbolic link(s) in the guest, starting at "LINK" and
385 pointing at "TARGET".
386 --mkdir DIR
388 Create a directory in the guest.
389 This uses "mkdir -p" so any intermediate directories are created,
391 and it also works if the directory already exists.
392 --move SOURCE:DEST
394 Move files or directories inside the guest.
395 Wildcards cannot be used.
397 --no-logfile
399 Scrub "builder.log" (log file from build commands) from the image
400 after building is complete. If you don't want to reveal precisely
401 how the image was built, use this option.
402 See also: "LOG FILE".
404 --no-selinux-relabel
406 Do not attempt to correct the SELinux labels of files in the guest.
407 In such guests that support SELinux, customization automatically
409 relabels files so that they have the correct SELinux label. (The
410 relabeling is performed immediately, but if the operation fails,
411 customization will instead touch /.autorelabel on the image to
412 schedule a relabel operation for the next time the image boots.)
413 This option disables the automatic relabeling.
414 The option is a no-op for guests that do not support SELinux.
416 --password USER:SELECTOR
418 Set the password for "USER". (Note this option does not create the
419 user account).
420 See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
422 "SELECTOR" field, and also how to set up user accounts.
423 --password-crypto md5|sha256|sha512
425 When the virt tools change or set a password in the guest, this
426 option sets the password encryption of that password to "md5",
427 "sha256" or "sha512".
428 "sha256" and "sha512" require glibc ≥ 2.7 (check crypt(3) inside
430 the guest).
431 "md5" will work with relatively old Linux guests (eg. RHEL 3), but
433 is not secure against modern attacks.
434 The default is "sha512" unless libguestfs detects an old guest that
436 didn't have support for SHA-512, in which case it will use "md5".
437 You can override libguestfs by specifying this option.
438 Note this does not change the default password encryption used by
440 the guest when you create new user accounts inside the guest. If
441 you want to do that, then you should use the --edit option to
442 modify "/etc/sysconfig/authconfig" (Fedora, RHEL) or
443 "/etc/pam.d/common-password" (Debian, Ubuntu).
444 --root-password SELECTOR
446 Set the root password.
447 See "USERS AND PASSWORDS" in virt-builder(1) for the format of the
449 "SELECTOR" field, and also how to set up user accounts.
450 Note: In virt-builder, if you don't set --root-password then the
452 guest is given a random root password.
453 --run SCRIPT
455 Run the shell script (or any program) called "SCRIPT" on the disk
456 image. The script runs virtualized inside a small appliance,
457 chrooted into the guest filesystem.
458 The script is automatically chmod +x.
460 If libguestfs supports it then a limited network connection is
462 available but it only allows outgoing network connections. You can
463 also attach data disks (eg. ISO files) as another way to provide
464 data (eg. software packages) to the script without needing a
465 network connection (--attach). You can also upload data files
466 (--upload).
467 You can have multiple --run options. They run in the same order
469 that they appear on the command line.
470 See also: --firstboot, --attach, --upload.
472 --run-command 'CMD+ARGS'
474 Run the command and arguments on the disk image. The command runs
475 virtualized inside a small appliance, chrooted into the guest
476 filesystem.
477 If libguestfs supports it then a limited network connection is
479 available but it only allows outgoing network connections. You can
480 also attach data disks (eg. ISO files) as another way to provide
481 data (eg. software packages) to the script without needing a
482 network connection (--attach). You can also upload data files
483 (--upload).
484 You can have multiple --run-command options. They run in the same
486 order that they appear on the command line.
487 See also: --firstboot, --attach, --upload.
489 --scrub FILE
491 Scrub a file from the guest. This is like --delete except that:
492 • It scrubs the data so a guest could not recover it.
494 • It cannot delete directories, only regular files.
496 --selinux-relabel
498 This is a compatibility option that does nothing.
499 --sm-attach SELECTOR
501 Attach to a pool using "subscription-manager".
502 See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
504 "SELECTOR" field.
505 --sm-credentials SELECTOR
507 Set the credentials for "subscription-manager".
508 See "SUBSCRIPTION-MANAGER" in virt-builder(1) for the format of the
510 "SELECTOR" field.
511 --sm-register
513 Register the guest using "subscription-manager".
514 This requires credentials being set using --sm-credentials.
516 --sm-remove
518 Remove all the subscriptions from the guest using
519 "subscription-manager".
520 --sm-unregister
522 Unregister the guest using "subscription-manager".
523 --ssh-inject USER[:SELECTOR]
525 Inject an ssh key so the given "USER" will be able to log in over
526 ssh without supplying a password. The "USER" must exist already in
527 the guest.
528 See "SSH KEYS" in virt-builder(1) for the format of the "SELECTOR"
530 field.
531 You can have multiple --ssh-inject options, for different users and
533 also for more keys for each user.
534 --timezone TIMEZONE
536 Set the default timezone of the guest to "TIMEZONE". Use a
537 location string like "Europe/London"
538 --touch FILE
540 This command performs a touch(1)-like operation on "FILE".
541 --truncate FILE
543 This command truncates "FILE" to a zero-length file. The file must
544 exist already.
545 --truncate-recursive PATH
547 This command recursively truncates all files under "PATH" to zero-
548 length.
549 --uninstall PKG,PKG..
551 Uninstall the named packages (a comma-separated list). These are
552 removed during the image build using the guest’s package manager
553 (eg. apt, yum, etc.). Dependent packages may also need to be
554 uninstalled to satisfy the request.
555 See also --install, --update.
557 --update
559 Do the equivalent of "yum update", "apt-get upgrade", or whatever
560 command is required to update the packages already installed in the
561 template to their latest versions.
562 See also --install, --uninstall.
564 --upload FILE:DEST
566 Upload local file "FILE" to destination "DEST" in the disk image.
567 File owner and permissions from the original are preserved, so you
568 should set them to what you want them to be in the disk image.
569 "DEST" could be the final filename. This can be used to rename the
571 file on upload.
572 If "DEST" is a directory name (which must already exist in the
574 guest) then the file is uploaded into that directory, and it keeps
575 the same name as on the local filesystem.
576 See also: --mkdir, --delete, --scrub.
578 --write FILE:CONTENT
580 Write "CONTENT" to "FILE".
581
583 For guests which make use of SELinux, special handling for them might
584 be needed when using operations which create new files or alter
585 existing ones.
586 For further details, see "SELINUX" in virt-builder(1).
588
590 This program returns 0 on success, or 1 if there was an error.
591
593 "VIRT_TOOLS_DATA_DIR"
594 This can point to the directory containing data files used for
595 Windows firstboot installation.
596 Normally you do not need to set this. If not set, a compiled-in
598 default will be used (something like /usr/share/virt-tools).
599 This directory may contain the following files:
601 rhsrvany.exe
603 This is the RHSrvAny Windows binary, used to install a
604 "firstboot" script in Windows guests. It is required if you
605 intend to use the --firstboot or --firstboot-command options
606 with Windows guests.
607 See also: "https://github.com/rwmjones/rhsrvany"
609 pvvxsvc.exe
611 This is a Windows binary shipped with SUSE VMDP, used to
612 install a "firstboot" script in Windows guests. It is required
613 if you intend to use the --firstboot or --firstboot-command
614 options with Windows guests.
615 For other environment variables, see "ENVIRONMENT VARIABLES" in
617 guestfs(3).
618
620 guestfs(3), guestfish(1), virt-builder(1), virt-clone(1),
621 virt-rescue(1), virt-resize(1), virt-sparsify(1), virt-sysprep(1),
622 virsh(1), lvcreate(8), qemu-img(1), scrub(1), http://libguestfs.org/,
623 http://libvirt.org/.
624
626 Richard W.M. Jones http://people.redhat.com/~rjones/
627
629 Copyright (C) 2011-2020 Red Hat Inc.
630
632 This program is free software; you can redistribute it and/or modify it
633 under the terms of the GNU General Public License as published by the
634 Free Software Foundation; either version 2 of the License, or (at your
635 option) any later version.
636 This program is distributed in the hope that it will be useful, but
638 WITHOUT ANY WARRANTY; without even the implied warranty of
639 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
640 General Public License for more details.
641 You should have received a copy of the GNU General Public License along
643 with this program; if not, write to the Free Software Foundation, Inc.,
644 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
645
647 To get a list of bugs against libguestfs, use this link:
648 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
649 To report a new bug against libguestfs, use this link:
651 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
652 When reporting a bug, please supply:
654 • The version of libguestfs.
656 • Where you got libguestfs (eg. which Linux distro, compiled from
658 source, etc)
659 • Describe the bug accurately and give a way to reproduce it.
661 • Run libguestfs-test-tool(1) and paste the complete, unedited output
663 into the bug report.
664guestfs-tools-1.49.7 2022-12-10 virt-customize(1)