A long time ago, in a galaxy far far away when I started with openvz I followed this tutorial for Debian template creation. Now I am adapting it (using my own experience and this template-squeeze tutorial too) to Qemu/KVM disk images than later can be used directly or via libvirt.
This procedure tries to generalize the template. While working with disk cloned images many elements need to be “generalized” before capturing and deploying a disk image to multiple computers. Some of these elements include:
- ssh keys
- /etc/apt/sources.list
The more “generalized” is a template, the less manual work is needed after deploying it.
This method must work in others virtualization systems: vmware, virtualbox, etc. As it is “virtualizator/hypervisor/emulator independent” as it is focused only in the disk image.
- Install the Debian image using you usual procedure, LVM, packages, virtio, etc.
- Set Debian repositories
cat <<EOF > /etc/apt/sources.list
deb http://ftp.rediris.es/debian/ squeeze main
deb-src http://ftp.rediris.es/debian/ squeeze main
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
# squeeze-updates, previously known as 'volatile'
deb http://ftp.rediris.es/debian/ squeeze-updates main
deb-src http://ftp.rediris.es/debian/ squeeze-updates main
EOF
- Install some more packages
apt-get install ssh quota less acpid bash-completion sudo vim facter
- Remove some unneeded packages
dpkg --purge ppp pppoeconf pppoe pppconfig
- Upgrade system
apt-get upgrade
- Clean packages
After installing packages, you’ll have some junk packages laying around in your cache. Since you don’t want your template to have those, this command will wipe them out.
apt-get --purge clean
- Reconfigure your desired locales
dpkg-reconfigure locales
- Change timezone
dpkg-reconfigure tzdata
- Disable all but one tty in /etc/inittab as in a VM you don’t usually need 6 tty working, even in real servers… 😛
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
- Disable sync() for syslog
Turn off doing sync() on every write for syslog’s log files, to improve I/O performance:
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf
- Copy your public key to the template (for passwordless ssh logins)
ssh-copy-id root@IPADDRESS
- Delete the udev rule related to your NIC
This is important or when you clone your first VM you will see that it doesn’t have any NIC… This is caused by the rule /etc/udev/rules.d/70-persistent-net.rules as it has your current MAC configured on it. Cloned VM will have different MAC so this rule will fail and VM will not have any eth0 configured.
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
# PCI device 0x1af4:0x1000 (virtio_net)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:18:d9:5f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERN
EL=="eth*", NAME="eth0"
It’s safe to delete it as a new file will be generated on boot time
rm /etc/udev/rules.d/70-persistent-net.rules
- Fix SSH host keys.
rm -f /etc/ssh/ssh_host_*
This is only useful if you installed SSH. Each individual VM should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.
cat << EOF > /etc/init.d/ssh_gen_host_keys
#!/bin/sh
### BEGIN INIT INFO
# Provides: Generates new ssh host keys on first boot
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Generates new ssh host keys on first boot
# Description: Generates new ssh host keys on first boot
### END INIT INFO
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""
insserv -r /etc/init.d/ssh_gen_host_keys
rm -f \$0
EOF
chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys
Finally stop the VM make a backup and label it as a Template.
In next posts I am gonna configure all the cloned servers “automagically” using puppet.
Have a look to the Installing Puppet master and client in the same host. The Debian way previous post for more info.
Great! How about changing hostname, mailname, etc? Or do you go real generic there and don’t depend on it for anything?
Hi,
The good thing about having a generic template is that you have to change few things to modify after a template is launched.
It is a real nightmare when you have to deal with a cloned server from a dev environment moved from test environment, bla, bla, bla 🙁
There are several options. I use puppet to configure the server after is launched.
Another valid option is to create a script (Similar to /etc/init.d/ssh_gen_host_keys) to retrieve all the configuration from a valid URL. The script will and modify the hostname, mailname after first boot following the instructions from the URL.
Hope it helps
Best regards
For example: