Debian Templates Disk Images Qemu/KVM for libvirt

A long time ago, in a galaxy far far away when I started with openvz I followed this tutorial for Debian template creation. Now I am adapting it (using my own experience and this template-squeeze tutorial too) to Qemu/KVM disk images than later can be used directly or via libvirt.

This procedure tries to generalize the template. While working with disk cloned images many elements need to be “generalized” before capturing and deploying a disk image to multiple computers. Some of these elements include:

  1. ssh keys
  2. /etc/apt/sources.list

The more “generalized” is a template, the less manual work is needed after deploying it.

This method must work in others virtualization systems: vmware, virtualbox, etc. As it is “virtualizator/hypervisor/emulator independent” as it is focused only in the disk image.

  • Install the Debian image using you usual procedure, LVM, packages, virtio, etc.
  • Set Debian repositories
cat <<EOF > /etc/apt/sources.list
deb squeeze main
deb-src squeeze main

deb squeeze/updates main
deb-src squeeze/updates main

# squeeze-updates, previously known as 'volatile'
deb squeeze-updates main
deb-src squeeze-updates main
  • Install some more packages
apt-get install ssh quota less acpid bash-completion sudo vim facter
  • Remove some unneeded packages
dpkg --purge ppp pppoeconf pppoe pppconfig
  • Upgrade system
apt-get upgrade
  • Clean packages

After installing packages, you’ll have some junk packages laying around in your cache. Since you don’t want your template to have those, this command will wipe them out.

apt-get --purge clean
  • Reconfigure your desired locales
dpkg-reconfigure locales
  • Change timezone

dpkg-reconfigure tzdata

  • Disable all but one tty in /etc/inittab as in a VM you don’t usually need 6 tty working, even in real servers… 😛
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
  • Disable sync() for syslog

Turn off doing sync() on every write for syslog’s log files, to improve I/O performance:

sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf
  • Copy your public key to the template (for passwordless ssh logins)
ssh-copy-id root@IPADDRESS
  • Delete the udev rule related to your NIC

This is important or when you clone your first VM you will see that it doesn’t have any NIC… This is caused by the rule /etc/udev/rules.d/70-persistent-net.rules as it has your current MAC configured on it. Cloned VM will have different MAC so this rule will fail and VM will not have any eth0 configured.

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x1af4:0x1000 (virtio_net)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:18:d9:5f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERN
EL=="eth*", NAME="eth0"

It’s safe to delete it as a new file will be generated on boot time

rm /etc/udev/rules.d/70-persistent-net.rules
  • Fix SSH host keys.
rm -f /etc/ssh/ssh_host_*

This is only useful if you installed SSH. Each individual VM should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.

cat << EOF > /etc/init.d/ssh_gen_host_keys
# Provides:          Generates new ssh host keys on first boot
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Generates new ssh host keys on first boot
# Description:       Generates new ssh host keys on first boot
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""
insserv -r /etc/init.d/ssh_gen_host_keys
rm -f \$0
chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys

Finally stop the VM make a backup and label it as a Template.

In next posts I am gonna configure all the cloned servers “automagically” using puppet.

Have a look to the Installing Puppet master and client in the same host. The Debian way previous post for more info.



2 thoughts on “Debian Templates Disk Images Qemu/KVM for libvirt

  1. Great! How about changing hostname, mailname, etc? Or do you go real generic there and don’t depend on it for anything?

    • Hi,

      The good thing about having a generic template is that you have to change few things to modify after a template is launched.

      It is a real nightmare when you have to deal with a cloned server from a dev environment moved from test environment, bla, bla, bla 🙁

      There are several options. I use puppet to configure the server after is launched.

      Another valid option is to create a script (Similar to /etc/init.d/ssh_gen_host_keys) to retrieve all the configuration from a valid URL. The script will and modify the hostname, mailname after first boot following the instructions from the URL.

      Hope it helps

      Best regards

      For example:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Juan Sierra Pons.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a ovh que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.


This site uses Akismet to reduce spam. Learn how your comment data is processed.