Le 15/02/2022 à 10:32, Arik Hadas a écrit :
On Mon, Feb 14, 2022 at 11:29 PM Nathanaël Blanchet <blanchet@abes.fr> wrote:
Le 14 févr. 2022 21:09, Arik Hadas <ahadas@redhat.com> a écrit :
On Mon, Feb 14, 2022 at 8:44 PM Nathanaël Blanchet <blanchet@abes.fr> wrote:
Le 14/02/2022 à 17:45, Arik Hadas a écrit :
On Mon, Feb 14, 2022 at 4:52 PM Nathanaël Blanchet <blanchet@abes.fr> wrote:
Hello,
I noticed that a vm created from a "sealed" template is initially mount
on one host with libguestfs, with a virt-sysprep process, before getting
ready to be used.
This should be unuseful given that the template is already sealed. Is
there a reason to that?
Yes, we do this in order to produce different LVM IDs and machine IDs for the provisioned VMs, see: https://gerrit.ovirt.org/c/ovirt-engine/+/115009okay, but, I modified the /usr/lib/python3.6/site-packages/vdsm/virtsysprep.py file like following:
args = ['--hostname', 'localhost', ''--selinux-relabel', '--update', '--network']"
in order to update packages on template creation.
The template creation still works and the template is checked as sealed and os is updated, but now the vm creation never ends up and I have to manually kill the virt-sysprep process to stop the infinite process creation.
I believed it was a good workaround to get updated templates, but I had to rollback to default virt-sysprep args configuration, unless there is trick do to so?
If you create the VM from the webadmin, you can uncheck the 'sealed' option in the new-vm dialog to skip the second execution of virt-sysprep on the VMIf you create it from REST-API (or the VM portal), you might want to change the configuration of the template in the database:update vm_static set is_template_sealed='f' where vm_name='<your template's name>';Thanks for this useful tip, but as you said if second seal has been designed it is to produce different VM IDs... So what will happen if I skip this process?
It was that way (i.e., without sysprep-ing the vm volumes) for years - if that worked well for you, you shouldn't notice a differenceSecondly I'd like to know if there is a way to skip the second seal from the template with oVirt VM ansible module( don't seem to be), it is safer than modifying the DB.
Ansible is in the second category (since it is based on oVirt's REST-API) so yeah, I don't see a different way you can achieve this at the momentAnd you're right, it's not recommended to modify the DB directly but the same goes for changing the VDSM source files ;)Anyway, that is_template_sealed field only affects the UI (presenting whether the template is sealed) and this functionality (deciding whether virt-sysprep should be executed on the vm volumes) - so changing it should be safe.
Thank you it works as expected now.
But giving that my templates are auto-created, is there a way to set is_template_sealed to false at template creation rather than manually doing it in a second time?
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet@abes.fr
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7VSOFV3TFSMKPEZBI2ERRVUCTFGJALQT/
-- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr
-- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr