How to reset a KVM clone virtual Machines with virt-sysprep on Linux

I know how to clone a KVM VM. Once cloned I would like to reset cloned VM. How do I reset, unconfigure or customize a virtual machine so clones can be made? How can I reset a KVM clone virtual Machines with virt-sysprep command on a Linux server based hypervisor?

Introduction: You need to use the virt-sysprep command to reset a virtual machine. You can remove ssh-keys, hostname, network mac configuration, user accounts and more. You can enable or disable specific features. This page shows how to use the virt-clone and virt-sysprep commands together to clone a KVM VM on a Linux based server.

Syntax to reset a KVM clone virtual Machines with virt-sysprep command

The syntax is:
virt-sysprep -d kvmDomain
virt-sysprep -d kvmDomainHere options

A list of sysprep operations to perform on a KVM VM to reset it

abrt-data Remove the crash data generated by ABRT
backup-files Remove editor backup files from the guest
bash-history Remove the bash history in the guest
blkid-tab Remove blkid tab in the guest
ca-certificates Remove CA certificates in the guest
crash-data Remove the crash data generated by kexec-tools
cron-spool Remove user at-jobs and cron-jobs
customize Customize the guest
dhcp-client-state Remove DHCP client leases
dhcp-server-state Remove DHCP server leases
dovecot-data Remove Dovecot (mail server) data
firewall-rules Remove the firewall rules
flag-reconfiguration Flag the system for reconfiguration
fs-uuids Change filesystem UUIDs
kerberos-data Remove Kerberos data in the guest
logfiles Remove many log files from the guest
lvm-uuids Change LVM2 PV and VG UUIDs
machine-id Remove the local machine ID
mail-spool Remove email from the local mail spool directory
net-hostname Remove HOSTNAME and DHCP_HOSTNAME in network interface configuration
net-hwaddr Remove HWADDR (hard-coded MAC address) configuration
pacct-log Remove the process accounting log files
package-manager-cache Remove package manager cache
pam-data Remove the PAM data in the guest
passwd-backups Remove /etc/passwd- and similar backup files
puppet-data-log Remove the data and log files of puppet
rh-subscription-manager Remove the RH subscription manager files
rhn-systemid Remove the RHN system ID
rpm-db Remove host-specific RPM database files
samba-db-log Remove the database and log files of Samba
script Run arbitrary scripts against the guest
smolt-uuid Remove the Smolt hardware UUID
ssh-hostkeys Remove the SSH host keys in the guest
ssh-userdir Remove “.ssh” directories in the guest
sssd-db-log Remove the database and log files of sssd
tmp-files Remove temporary files
udev-persistent-net Remove udev persistent net rules
user-account Remove the user accounts in the guest
utmp Remove the utmp file
yum-uuid Remove the yum UUID

You can choose which sysprep operations to perform. Give a comma-separated list of operations, for example:
virt-sysprep -d {vmDomainHere} --enable ssh-hostkeys,udev-persistent-net

Step 1. Clone your VM and spawn new instances in KVM

First use the virsh list command to get a list of all running VM domains/guest:
virsh list
Sample outputs:

 1     openbsd62                      running
 2     freebsd11-nixcraft             running
 3     fedora28-nixcraft              running
 4     rhel7                          running
 5     centos7-nixcraft               running
 6     sles12sp3                      running
 16    bionic                         running

First suspend the KVM, run:
virsh suspend bionic
Domain bionic suspended

To clone vm named ‘bionic’ as testvm using the virt-clone command, run:
virt-clone --original bionic --name testvm --auto-clone

You can specify disk file instead of --auto-clone option:
# virt-clone --original bionicVM --name testVM02 --file /var/lib/libvirt/images/testvm02-disk01.qcow2
You may resume bionic VM, run:
virsh resume bionic
Domain bionic resumed

Step 2. Use virt-sysprep command

Simply run as follows to reset everything:
virt-sysprep -d testvm

You can setup the hostname of the guest and force to keep the user account named vivek in the guest:
virt-sysprep -d testvm --hostname testvm --enable user-account --keep-user-accounts vivek
You can create a new Linux user account called tom and force password change on first login as follows:
virt-sysprep -d testvm --firstboot-command 'useradd -s /bin/bash -m -G sudo tom; chage -d 0 tom'
You can set root user account password too:
virt-sysprep -d testvm --root-password password:MySuperSecureRootPasswordHere
Or combine all of them:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --root-password password:MySuperSecureRootPasswordHere

How to skip certain guest VM reset features

You can enable specific operations with --enable. For example, enable all options except resetting fs-uuids ( Change filesystem UUIDs), lvm-uuids ( Change LVM2 PV and VG UUIDs), and ssh-userdir ( Remove “.ssh” directories in the guest):

w=$(virt-sysprep --list-operations | egrep -v 'fs-uuids|lvm-uuids|ssh-userdir' | awk '{ printf "%s,", $1}' | sed 's/,$//')
echo "$w"

Now run it as follows:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w
Another example:
virt-sysprep -d testvm --hostname testvm --keep-user-accounts vivek --enable $w --firstboot-command 'dpkg-reconfigure openssh-server'

virt-sysprep command list options

  -a, --add <file>                    Add disk image file
  --append-line <FILE:LINE>           Append line(s) to the file
  -c, --connect <uri>                 Set libvirt URI
  --chmod <PERMISSIONS:FILE>          Change the permissions of a file
  --color, --colors, --colour, --colours
                                      Use ANSI colour sequences even if not tty
  --commands-from-file <FILENAME>     Read customize commands from file
  --copy <SOURCE:DEST>                Copy files in disk image
  --copy-in <LOCALPATH:REMOTEDIR>     Copy local files or directories into image
  -d, --domain <domain>               Set libvirt guest name
  --delete <PATH>                     Delete a file or directory
  -n, --dryrun, --dry-run             Perform a dry run
  --echo-keys                         Don't turn off echo for passphrases
  --edit <FILE:EXPR>                  Edit file using Perl expression
  --enable <operations>               Enable specific operations
  --firstboot <SCRIPT>                Run script at first guest boot
  --firstboot-command <'CMD+ARGS'>    Run command at first guest boot
  --firstboot-install <PKG,PKG..>     Add package(s) to install at first boot
  --format <format>                   Set format (default: auto)
  --help                              Display brief help
  --hostname <HOSTNAME>               Set the hostname
  --install <PKG,PKG..>               Add package(s) to install
  --keep-user-accounts <users>        Users to keep
  --keys-from-stdin                   Read passphrases from stdin
  --link <TARGET:LINK[:LINK..]>       Create symbolic links
  --list-operations                   List supported operations
  --mkdir <DIR>                       Create a directory
  --mount-options <opts>              Set mount options (eg /:noatime;/var:rw,noatime)
  --move <SOURCE:DEST>                Move files in disk image
  --network                           Enable appliance network
  --no-logfile                        Scrub build log file
  --no-network                        Disable appliance network (default)
  --no-selinux-relabel                Compatibility option, does nothing
  --operation, --operations <operations>
                                      Enable/disable specific operations
  --password <USER:SELECTOR>          Set user password
  --password-crypto <md5|sha256|sha512>
                                      Set password crypto
  -q, --quiet                         Don't print progress messages
  --remove-user-accounts <users>      Users to remove
  --root-password <SELECTOR>          Set root password
  --run <SCRIPT>                      Run script in disk image
  --run-command <'CMD+ARGS'>          Run command in disk image
  --script <script>                   Script or program to run on guest
  --scriptdir <dir>                   Mount point on host
  --scrub <FILE>                      Scrub a file
  --selinux-relabel                   Relabel files with correct SELinux labels
  --sm-attach <SELECTOR>              Attach to a subscription-manager pool
  --sm-credentials <SELECTOR>         Credentials for subscription-manager
  --sm-register                       Register using subscription-manager
  --sm-remove                         Remove all the subscriptions
  --sm-unregister                     Unregister using subscription-manager
  --ssh-inject <USER[:SELECTOR]>      Inject a public key into the guest
  --timezone <TIMEZONE>               Set the default timezone
  --touch <FILE>                      Run touch on a file
  --truncate <FILE>                   Truncate a file to zero size
  --truncate-recursive <PATH>         Recursively truncate all files in directory
  --uninstall <PKG,PKG..>             Uninstall package(s)
  --update                            Update packages
  --upload <FILE:DEST>                Upload local file to destination
  -V, --version                       Display version and exit
  -v, --verbose                       Enable libguestfs debugging messages
  --write <FILE:CONTENT>              Write file
  -x                                  Enable tracing of libguestfs calls

Step 3. Start the VM

virsh start testvm
Domain testvm started

Verify it with the following virsh command:
virsh list

Step 4. Login to the VM

Find/get the DHCP IP address of testvm using the following command along with the grep command:
virsh net-dhcp-leases default
virsh net-dhcp-leases default | grep testvm
virsh net-dhcp-leases default | grep testvm | awk '{ print $5}'

Sample outputs:

Use the ssh command:
ssh vivek@


You just learned how to clone a KVM VM and reset the data. I strongly suggest that you read virt-sysprep help page here.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum