How to reset a KVM clone virtual Machines with virt-sysprep on Linux

Author: Vivek Gite Last updated: August 10, 2020 0 comments

I know how to clone a KVM VM. Once cloned I would like to reset cloned VM. How do I reset, unconfigure or customize a virtual machine so clones can be made? How can I reset a KVM clone virtual Machines with virt-sysprep command on a Linux server based hypervisor?

Introduction: You need to use the virt-sysprep command to reset a virtual machine. You can remove ssh-keys, hostname, network mac configuration, user accounts and more. You can enable or disable specific features. This page shows how to use the virt-clone and virt-sysprep commands together to clone a KVM VM on a Linux based server.

Syntax to reset a KVM clone virtual Machines with virt-sysprep command

The syntax is:
virt-sysprep -d kvmDomain virt-sysprep -d kvmDomainHere options

A list of sysprep operations to perform on a KVM VM to reset it

`abrt-data`	Remove the crash data generated by ABRT
`backup-files`	Remove editor backup files from the guest
`bash-history`	Remove the bash history in the guest
`blkid-tab`	Remove blkid tab in the guest
`ca-certificates`	Remove CA certificates in the guest
`crash-data`	Remove the crash data generated by kexec-tools
`cron-spool`	Remove user at-jobs and cron-jobs
`customize`	Customize the guest
`dhcp-client-state`	Remove DHCP client leases
`dhcp-server-state`	Remove DHCP server leases
`dovecot-data`	Remove Dovecot (mail server) data
`firewall-rules`	Remove the firewall rules
`flag-reconfiguration`	Flag the system for reconfiguration
`fs-uuids`	Change filesystem UUIDs
`kerberos-data`	Remove Kerberos data in the guest
`logfiles`	Remove many log files from the guest
`lvm-uuids`	Change LVM2 PV and VG UUIDs
`machine-id`	Remove the local machine ID
`mail-spool`	Remove email from the local mail spool directory
`net-hostname`	Remove HOSTNAME and DHCP_HOSTNAME in network interface configuration
`net-hwaddr`	Remove HWADDR (hard-coded MAC address) configuration
`pacct-log`	Remove the process accounting log files
`package-manager-cache`	Remove package manager cache
`pam-data`	Remove the PAM data in the guest
`passwd-backups`	Remove /etc/passwd- and similar backup files
`puppet-data-log`	Remove the data and log files of puppet
`rh-subscription-manager`	Remove the RH subscription manager files
`rhn-systemid`	Remove the RHN system ID
`rpm-db`	Remove host-specific RPM database files
`samba-db-log`	Remove the database and log files of Samba
`script`	Run arbitrary scripts against the guest
`smolt-uuid`	Remove the Smolt hardware UUID
`ssh-hostkeys`	Remove the SSH host keys in the guest
`ssh-userdir`	Remove “.ssh” directories in the guest
`sssd-db-log`	Remove the database and log files of sssd
`tmp-files`	Remove temporary files
`udev-persistent-net`	Remove udev persistent net rules
`user-account`	Remove the user accounts in the guest
`utmp`	Remove the utmp file
`yum-uuid`	Remove the yum UUID

You can choose which sysprep operations to perform. Give a comma-separated list of operations, for example:
virt-sysprep -d {vmDomainHere} --enable ssh-hostkeys,udev-persistent-net

Step 1. Clone your VM and spawn new instances in KVM

First use the virsh list command to get a list of all running VM domains/guest:
virsh list
Sample outputs:

 1     openbsd62                      running
 2     freebsd11-nixcraft             running
 3     fedora28-nixcraft              running
 4     rhel7                          running
 5     centos7-nixcraft               running
 6     sles12sp3                      running
 16    bionic                         running

First suspend the KVM, run:
virsh suspend bionic Domain bionic suspended
To clone vm named ‘bionic’ as testvm using the virt-clone command, run:
virt-clone --original bionic --name testvm --auto-clone

You can specify disk file instead of --auto-clone option:
# virt-clone --original bionicVM --name testVM02 --file /var/lib/libvirt/images/testvm02-disk01.qcow2
You may resume bionic VM, run:
virsh resume bionic Domain bionic resumed

Step 2. Use virt-sysprep command

Simply run as follows to reset everything:
virt-sysprep -d testvm

You can setup the hostname of the guest and force to keep the user account named vivek in the guest:
virt-sysprep -d testvm --hostname testvm --enable user-account --keep-user-accounts vivek
You can create a new Linux user account called tom and force password change on first login as follows:
virt-sysprep -d testvm --firstboot-command 'useradd -s /bin/bash -m -G sudo tom; chage -d 0 tom'
You can set root user account password too:
virt-sysprep -d testvm --root-password password:MySuperSecureRootPasswordHere
Or combine all of them:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --root-password password:MySuperSecureRootPasswordHere

How to skip certain guest VM reset features

You can enable specific operations with --enable. For example, enable all options except resetting fs-uuids ( Change filesystem UUIDs), lvm-uuids ( Change LVM2 PV and VG UUIDs), and ssh-userdir ( Remove “.ssh” directories in the guest):

w=$(virt-sysprep --list-operations | egrep -v 'fs-uuids|lvm-uuids|ssh-userdir' | awk '{ printf "%s,", $1}' | sed 's/,$//')
echo "$w"

Now run it as follows:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w
Another example:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w --firstboot-command 'dpkg-reconfigure openssh-server'

virt-sysprep command list options

  -a, --add <file>                    Add disk image file
  --append-line <FILE:LINE>           Append line(s) to the file
  -c, --connect <uri>                 Set libvirt URI
  --chmod <PERMISSIONS:FILE>          Change the permissions of a file
  --color, --colors, --colour, --colours
                                      Use ANSI colour sequences even if not tty
  --commands-from-file <FILENAME>     Read customize commands from file
  --copy <SOURCE:DEST>                Copy files in disk image
  --copy-in <LOCALPATH:REMOTEDIR>     Copy local files or directories into image
  -d, --domain <domain>               Set libvirt guest name
  --delete <PATH>                     Delete a file or directory
  -n, --dryrun, --dry-run             Perform a dry run
  --echo-keys                         Don't turn off echo for passphrases
  --edit <FILE:EXPR>                  Edit file using Perl expression
  --enable <operations>               Enable specific operations
  --firstboot <SCRIPT>                Run script at first guest boot
  --firstboot-command <'CMD+ARGS'>    Run command at first guest boot
  --firstboot-install <PKG,PKG..>     Add package(s) to install at first boot
  --format <format>                   Set format (default: auto)
  --help                              Display brief help
  --hostname <HOSTNAME>               Set the hostname
  --install <PKG,PKG..>               Add package(s) to install
  --keep-user-accounts <users>        Users to keep
  --keys-from-stdin                   Read passphrases from stdin
  --link <TARGET:LINK[:LINK..]>       Create symbolic links
  --list-operations                   List supported operations
  --mkdir <DIR>                       Create a directory
  --mount-options <opts>              Set mount options (eg /:noatime;/var:rw,noatime)
  --move <SOURCE:DEST>                Move files in disk image
  --network                           Enable appliance network
  --no-logfile                        Scrub build log file
  --no-network                        Disable appliance network (default)
  --no-selinux-relabel                Compatibility option, does nothing
  --operation, --operations <operations>
                                      Enable/disable specific operations
  --password <USER:SELECTOR>          Set user password
  --password-crypto <md5|sha256|sha512>
                                      Set password crypto
  -q, --quiet                         Don't print progress messages
  --remove-user-accounts <users>      Users to remove
  --root-password <SELECTOR>          Set root password
  --run <SCRIPT>                      Run script in disk image
  --run-command <'CMD+ARGS'>          Run command in disk image
  --script <script>                   Script or program to run on guest
  --scriptdir <dir>                   Mount point on host
  --scrub <FILE>                      Scrub a file
  --selinux-relabel                   Relabel files with correct SELinux labels
  --sm-attach <SELECTOR>              Attach to a subscription-manager pool
  --sm-credentials <SELECTOR>         Credentials for subscription-manager
  --sm-register                       Register using subscription-manager
  --sm-remove                         Remove all the subscriptions
  --sm-unregister                     Unregister using subscription-manager
  --ssh-inject <USER[:SELECTOR]>      Inject a public key into the guest
  --timezone <TIMEZONE>               Set the default timezone
  --touch <FILE>                      Run touch on a file
  --truncate <FILE>                   Truncate a file to zero size
  --truncate-recursive <PATH>         Recursively truncate all files in directory
  --uninstall <PKG,PKG..>             Uninstall package(s)
  --update                            Update packages
  --upload <FILE:DEST>                Upload local file to destination
  -V, --version                       Display version and exit
  -v, --verbose                       Enable libguestfs debugging messages
  --write <FILE:CONTENT>              Write file
  -x                                  Enable tracing of libguestfs calls

-a, --add <file> Add disk image file --append-line <FILE:LINE> Append line(s) to the file -c, --connect <uri> Set libvirt URI --chmod <PERMISSIONS:FILE> Change the permissions of a file --color, --colors, --colour, --colours Use ANSI colour sequences even if not tty --commands-from-file <FILENAME> Read customize commands from file --copy <SOURCE:DEST> Copy files in disk image --copy-in <LOCALPATH:REMOTEDIR> Copy local files or directories into image -d, --domain <domain> Set libvirt guest name --delete <PATH> Delete a file or directory -n, --dryrun, --dry-run Perform a dry run --echo-keys Don't turn off echo for passphrases --edit <FILE:EXPR> Edit file using Perl expression --enable <operations> Enable specific operations --firstboot <SCRIPT> Run script at first guest boot --firstboot-command <'CMD+ARGS'> Run command at first guest boot --firstboot-install <PKG,PKG..> Add package(s) to install at first boot --format <format> Set format (default: auto) --help Display brief help --hostname <HOSTNAME> Set the hostname --install <PKG,PKG..> Add package(s) to install --keep-user-accounts <users> Users to keep --keys-from-stdin Read passphrases from stdin --link <TARGET:LINK[:LINK..]> Create symbolic links --list-operations List supported operations --mkdir <DIR> Create a directory --mount-options <opts> Set mount options (eg /:noatime;/var:rw,noatime) --move <SOURCE:DEST> Move files in disk image --network Enable appliance network --no-logfile Scrub build log file --no-network Disable appliance network (default) --no-selinux-relabel Compatibility option, does nothing --operation, --operations <operations> Enable/disable specific operations --password <USER:SELECTOR> Set user password --password-crypto <md5|sha256|sha512> Set password crypto -q, --quiet Don't print progress messages --remove-user-accounts <users> Users to remove --root-password <SELECTOR> Set root password --run <SCRIPT> Run script in disk image --run-command <'CMD+ARGS'> Run command in disk image --script <script> Script or program to run on guest --scriptdir <dir> Mount point on host --scrub <FILE> Scrub a file --selinux-relabel Relabel files with correct SELinux labels --sm-attach <SELECTOR> Attach to a subscription-manager pool --sm-credentials <SELECTOR> Credentials for subscription-manager --sm-register Register using subscription-manager --sm-remove Remove all the subscriptions --sm-unregister Unregister using subscription-manager --ssh-inject <USER[:SELECTOR]> Inject a public key into the guest --timezone <TIMEZONE> Set the default timezone --touch <FILE> Run touch on a file --truncate <FILE> Truncate a file to zero size --truncate-recursive <PATH> Recursively truncate all files in directory --uninstall <PKG,PKG..> Uninstall package(s) --update Update packages --upload <FILE:DEST> Upload local file to destination -V, --version Display version and exit -v, --verbose Enable libguestfs debugging messages --write <FILE:CONTENT> Write file -x Enable tracing of libguestfs calls

Step 3. Start the VM

virsh start testvm Domain testvm started
Verify it with the following virsh command:
virsh list

Step 4. Login to the VM

Find/get the DHCP IP address of testvm using the following command along with the grep command:
virsh net-dhcp-leases default virsh net-dhcp-leases default | grep testvm virsh net-dhcp-leases default | grep testvm | awk '{ print $5}'
Sample outputs:

192.168.122.174/24

Use the ssh command:
ssh vivek@192.168.122.174

Conclusion

You just learned how to clone a KVM VM and reset the data. I strongly suggest that you read virt-sysprep help page here.

This entry is 6 of 10 in the Linux KVM Cloud Computing/VM Tutorial series. Keep reading the rest of the series:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:

RSS feed or Weekly email newsletter
Share to Twitter • Facebook • 0 comments... add one ↓

UP NEXT

Category	List of Unix and Linux commands
File Management	cat
Firewall	CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04