Preparing Linux Template VMs - The Lone Sysadmin. Dan over at Bashing Linux has a good post on what he does to prep his template VMs for use with Puppet. He’s inspired me to share how I prepare my Linux VMs to become a template. He’s got a few steps I don’t have, mainly to prep for Puppet, and I have a few steps he doesn’t have. One big difference is that I don’t prepare my template images for a particular configuration management system, but instead bootstrap them once they’re deployed. I use my templates for a variety of things, and sometimes the people who end up with the VMs don’t want my management systems on them. It also means I have to handle some of what he does in his prep script via the configuration management system, but that’s just fine. I’d actually rather do it that way because it helps me guarantee the state of the system. Not saying he’s wrong, he’s got different problems to solve than I do. You can do this in full multiuser — runlevel 3 — or in single- user by issuing an “init 1” and waiting for all the processes to stop. I wouldn’t do any of this in runlevel 5, with full X Windows running. In fact, I really don’t suggest installing X Windows at all on VMs unless you really, really need it for some reason. As Lenin said, “Trust, but verify.”Update – 1/5/2. I’ve updated this document with a few new items based on my continued experiences with RHEL/Cent. OS 6 & 7. Step 0: Stop logging services./sbin/service rsyslog stop. You’re going to all this trouble to clean, might as well stop writing new data. Parent Directory - 389-ds-base-1.3.4.0-19.el7.x86 CentOS, Ubuntu, Fedora, Debian, Windows Server Step 1 of building a DevOps Culture. John Hildebrand just wrote a great post on whether DevOps is a load of BS. I largely agree with the post, that DevOps has been driven by developers find.
VMware vSphere Big Data Extensions Administrator's and User's Guide vSphere Big Data Extensions Getting Started with Big Data Extensions Big Data Extensions and Project Serengeti About Big Data Extensions Architecture. Otherwise all your deployed VMs will have a log of you shutting the VM down. This has to go before the yum cleanup in Step 2, it needs your channel data. Cobbler is a Linux installation server that allows for rapid setup of network installation environments. With a simple series of commands, network installs can be configured for PXE, reinstallations, media-based net-installs. Parent Directory - 389-ds-base-1.3.4.0-19.el7.src.rpm: 2015-12-01 19:46 : 3.9M : Cython-0.19-3.el7.src.rpm: 2014-07-05 12:55 : 1.3M : ElectricFence-2.2.2-39.el7.src.rpm: 2014-07-05 12:57 : 48K : GConf2-3.2.6-8.el7.src.rpm. I usually let the post- deployment configuration management take care of this, but this is nice when we create a new template for a intermediate/point release, or to cover a security hole. Step 2: Clean out yum./usr/bin/yum clean all. Yum keeps a cache in /var/cache/yum that can grow quite large, especially after applying patches to the template. For example, the host where my blog resides has 2. MB of stuff in yum’s cache right now, just from a few months of incremental patching. In the interest of keeping my template as small as possible I wipe this. Step 3: Force the logs to rotate & remove old logs we don’t need./usr/sbin/logrotate ? It means that you don’t have old, irrelevant log data on all your cloned VMs, and it also means that your template image is smaller. Change out the “rm” command for one that matches whatever your logrotate renames files as. Also, if you get really, really bored it’s fun to look at the old log data people leave on virtual appliances & in cloud templates. Lots of leaked information there. Step 4: Truncate. This is irrelevant in Cent. OS/RHEL 7, but it won’t hurt anything. Step 6: Remove the traces of the template MAC address and UUIDs./bin/sed - i . Thanks to Ed in the comments for the reminder about sed. You can also change the “- i” to “- i. Step 7: Clean /tmp out./bin/rm . Use tmpwatch or any manner of safer ways to do this, since there are attacks people can use by leaving symlinks and whatnot in /tmp that rm might traverse (“whoops, I don’t have an /etc/passwd anymore!”). Plus, users and processes might actually be using /tmp, and it’s impolite to delete their files. However, this is your template image, and if there are people attacking your template you should reconsider how you’re doing business. Really. Step 8: Remove the SSH host keys./bin/rm . It’s also annoying to fix later when you’ve realized you’ve deployed a couple of years of VMs and forgot to do this in your prep script. Not that I would know anything about that. Nope. Step 9: Remove the root user’s shell history./bin/rm - f ~root/. No sense in keeping this history around, it’s irrelevant to the cloned VM. Step 1. 0: Remove the root user’s SSH history & other cruft./bin/rm - rf ~root/. You might choose to just remove ~root/. It basically fills each filesystem to 9. Well, if you storage v. Motion the template VM to another array, or to another datastore on an array without VAAI, and you specify thin provisioning, the software datamover will suck all the zeroes back out of the image, and it’ll be as small as possible. Keep in mind you can’t do this within an array using VAAI, because under VAAI the array does the copying, and the zero- sucking magic is only in the software datamover at the ESXi level. Just move it to a local disk and back to your array if that’s the case. This is also cool if you have storage that deduplicates, too, like Net. App arrays. Why only to 9. That way you can run it on operational VMs and it lessens the chance of causing something to crash because you filled the filesystem. It relies heavily on keeping the rest of the VM clean, and only cleans up what we can’t avoid sullying. What else am I missing here? Leave me a comment!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2016
Categories |