Hi Jeremy,

Can someone tell me what sealing does to a Linux VM?

In short, "sealing is the process of removing all system-specific details from a virtual machine before creating a template based on that virtual machine". In entails actions such as removing SSH host keys, removing MAC address information from the system, changing the hostname to a generic etc. You could do all this manually, but as far as Linux VMs are concerned, you don't have to. oVirt can do this for you when you create a teamplate.

So, if I want to manage a VM created from a template would this general process work?-

Seal the VM
Install CloudInit and keys, accounts, etc
Shut off VM and create template from it.

Create new VM using Ansbile & CloudInit
CloudInit would have just enough info so that you could manage the VM with Ansible.

I think the better order would be:
  • Upload a disk that you want to use as a basis for your template (RHEL, CentOS, whatever you use)
  • Create a VM with that disk attached
  • Start the VM
  • Do all the necessary configuration that you want to be part of your future template. That means for example enabling repositories, updating packages etc. If you want to start your future VMs using cloud-init, you need to install (and enable it!) here.
  • Stop the VM
  • Create template out of this VM (Don't forget to check the Seal Template option during template creation)
  • Create a new VM out of that template (using Ansible if you wish so)
Sample Ansible playbook creating a single VM would look like this:

---
- name: Create VM using Ansible role
  hosts: localhost
  connection: local
  gather_facts: false

  vars:
    engine_fqdn: my_enging.my_domain.com
    engine_user: admin@internal
    engine_password: mypass
   
    my_vm_profile:
      template: cloud_init_enabled_template
      ssh_key: "your_public_ssh_key"

    vms:
      - name: test_vm
        cluster: my_cluster
        profile: "{{ my_vm_profile }}"
        state: running
        cloud_init:
          host_name: sandbox
          root_password: sandbox
          custom_script: |
            packages:
              - vim-enhanced
              - screen

  roles:
    - ovirt.vm-infra

All the variables that may be provided to ovirt.vm-infra role can be found here. Pay special attention to the cloud_init key in the test_vm dictionary. This dictionary is used to control cloud-init setup on VM. It natively supports many of the cloud-init parameters and you can find them all in the previous link. Should this not be sufficient for you, cloud_init dictionary may also contain custom_script key. To that key, you simply provide a string which holds raw cloud-init script. Examples of raw cloud-init scripts can be found in cloud-init's doc page.

Hope this was helpful. Best regards!

Jan

On Mon, Dec 23, 2019 at 4:30 PM Luca 'remix_tj' Lorenzetto <lorenzetto.luca@gmail.com> wrote:
Hello Jeremy,

we did this kind of workflow:

- create a standard base image, with all the required updates you
want. We usually started from the previous template of the same RHEL
release, but you can start from scratch every time if you want.
- Install cloud-init that starts at boot and then, after the first
successful execution, disables itself.
- a ssh key for ansible to allow login as root without password. This
key will be then removed after deployment is completed.
- create this new template as new version of the existing RHEL
template (RHEL 7 as example)

At deploy time with ansible:
- deploy a new vm starting from the latest template of RHEL7. Use
run_once cloudinit details for setting ip address. The vm has to be
connected to the right virtual network.
- wait_for vm to be reachable via network
- proceed with ansible to configure/install the remaining parts
(authentication, monitoring agents, backup utilities).

Luca

On Mon, Dec 23, 2019 at 4:20 PM <jeremy_tourville@hotmail.com> wrote:
>
> I want to be able to manage VMs using Ansible.  As part of the template creation process it says to seal the VM.  Can someone tell me what sealing does to a Linux VM?  I understand it removes some of things that make the VM unique but no real specifics.
>
> So, if I want to manage a VM created from a template would this general process work?-
>
> Seal the VM
> Install CloudInit and keys, accounts, etc
> Shut off VM and create template from it.
>
> Create new VM using Ansbile & CloudInit
> CloudInit would have just enough info so that you could manage the VM with Ansible.
>
> Would that work?
>
> I am just starting to explore what CloudInit can do and what it is.  I am brand new to it.  I didn't find enough info on template sealing to help me devise a full cycle management strategy.  Perhaps there are other/easier methods?  Thanks for your advice and input.
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-leave@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJ6OOPUT3KJEME6PEZJIX4FN4YA7BB6K/



--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca@gmail.com>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VSPOODV5O3PPTAKVRNMTAKDL435XCDHZ/


--

Jan Zmeskal

Quality Engineer, RHV Core System

Red Hat