12:32 p.m.
On Mon, Feb 14, 2022 at 11:29 PM Nathanaël Blanchet <blanchet(a)abes.fr>
wrote:
Le 14 févr. 2022 21:09, Arik Hadas <ahadas(a)redhat.com> a écrit :
On Mon, Feb 14, 2022 at 8:44 PM Nathanaël Blanchet <blanchet(a)abes.fr>
wrote:
Le 14/02/2022 à 17:45, Arik Hadas a écrit :
On Mon, Feb 14, 2022 at 4:52 PM Nathanaël Blanchet <blanchet(a)abes.fr>
wrote:
Hello,
I noticed that a vm created from a "sealed" template is initially mount
on one host with libguestfs, with a virt-sysprep process, before getting
ready to be used.
This should be unuseful given that the template is already sealed. Is
there a reason to that?
Yes, we do this in order to produce different LVM IDs and machine IDs for
the provisioned VMs, see: https://gerrit.ovirt.org/c/ovirt-engine/+/115009
okay, but, I modified the
/usr/lib/python3.6/site-packages/vdsm/virtsysprep.py file like following:
args = ['--hostname', 'localhost', ''--selinux-relabel',
'--update',
'--network']"
in order to update packages on template creation.
The template creation still works and the template is checked as sealed
and os is updated, but now the vm creation never ends up and I have to
manually kill the virt-sysprep process to stop the infinite process
creation.
I believed it was a good workaround to get updated templates, but I had to
rollback to default virt-sysprep args configuration, unless there is trick
do to so?
If you create the VM from the webadmin, you can uncheck the 'sealed'
option in the new-vm dialog to skip the second execution of virt-sysprep on
the VM
If you create it from REST-API (or the VM portal), you might want to
change the configuration of the template in the database:
update vm_static set is_template_sealed='f' where vm_name='<your
template's name>';
Thanks for this useful tip, but as you said if second seal has been
designed it is to produce different VM IDs... So what will happen if I skip
this process?
It was that way (i.e., without sysprep-ing the vm volumes) for years - if
that worked well for you, you shouldn't notice a difference
Secondly I'd like to know if there is a way to skip the second
seal from
the template with oVirt VM ansible module( don't seem to be), it is safer
than modifying the DB.
Ansible is in the second category (since it is based on oVirt's REST-API)
so yeah, I don't see a different way you can achieve this at the moment
And you're right, it's not recommended to modify the DB directly but the
same goes for changing the VDSM source files ;)
Anyway, that is_template_sealed field only affects the UI (presenting
whether the template is sealed) and this functionality (deciding whether
virt-sysprep should be executed on the vm volumes) - so changing it should
be safe.
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7VSOFV3TFSM...
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14blanchet(a)abes.fr