Hi Jeremy,
Can someone tell me what sealing does to a Linux VM?
In short, "sealing is the process of removing all system-specific details
from a virtual machine before creating a template based on that virtual
machine". In entails actions such as removing SSH host keys, removing MAC
address information from the system, changing the hostname to a generic
etc. You could do all this manually, but as far as Linux VMs are concerned,
you don't have to. oVirt can do this for you when you create a teamplate.
So, if I want to manage a VM created from a template would this general
> process work?-
> Seal the VM
> Install CloudInit and keys, accounts, etc
> Shut off VM and create template from it.
> Create new VM using Ansbile & CloudInit
> CloudInit would have just enough info so that you could manage the VM with
> Ansible.
I think the better order would be:
- Upload a disk
<
https://www.ovirt.org/documentation/admin-guide/chap-Virtual_Machine_Disk...
that you want to use as a basis for your template (RHEL,
CentOS, whatever
you use)
- Create a VM with that disk attached
- Start the VM
- Do all the necessary configuration that you want to be part of your
future template. That means for example enabling repositories, updating
packages etc. If you want to start your future VMs using cloud-init, you
need to install (and enable it!) here.
- Stop the VM
- Create template out of this VM (Don't forget to check the *Seal
Template* option during template creation)
- Create a new VM out of that template (using Ansible if you wish so)
Sample Ansible playbook creating a single VM would look like this:
---
- name: Create VM using Ansible role
hosts: localhost
connection: local
gather_facts: false
vars:
engine_fqdn:
my_enging.my_domain.com
engine_user: admin@internal
engine_password: mypass
my_vm_profile:
template: cloud_init_enabled_template
ssh_key: "your_public_ssh_key"
vms:
- name: test_vm
cluster: my_cluster
profile: "{{ my_vm_profile }}"
state: running
cloud_init:
host_name: sandbox
root_password: sandbox
custom_script: |
packages:
- vim-enhanced
- screen
roles:
- ovirt.vm-infra
All the variables that may be provided to ovirt.vm-infra role can be found
here <
https://github.com/oVirt/ovirt-ansible-vm-infra/blob/master/README.md>.
Pay special attention to the *cloud_init *key in the test_vm dictionary.
This dictionary is used to control cloud-init setup on VM. It natively
supports many of the cloud-init parameters and you can find them all in the
previous link. Should this not be sufficient for you, *cloud_init*
dictionary may also contain *custom_script *key. To that key, you simply
provide a string which holds raw cloud-init script. Examples of raw
cloud-init scripts can be found in cloud-init's doc page
<
https://cloudinit.readthedocs.io/en/latest/topics/examples.html>.
Hope this was helpful. Best regards!
Jan
On Mon, Dec 23, 2019 at 4:30 PM Luca 'remix_tj' Lorenzetto <
lorenzetto.luca(a)gmail.com> wrote:
> Hello Jeremy,
> we did this kind of workflow:
> - create a standard base image, with all the required
updates you
> want. We usually started from the previous template of the same RHEL
> release, but you can start from scratch every time if you want.
> - Install cloud-init that starts at boot and then, after the first
> successful execution, disables itself.
> - a ssh key for ansible to allow login as root without password. This
> key will be then removed after deployment is completed.
> - create this new template as new version of the existing RHEL
> template (RHEL 7 as example)
> At deploy time with ansible:
> - deploy a new vm starting from the latest template of RHEL7. Use
> run_once cloudinit details for setting ip address. The vm has to be
> connected to the right virtual network.
> - wait_for vm to be reachable via network
> - proceed with ansible to configure/install the remaining parts
> (authentication, monitoring agents, backup utilities).
> Luca
> On Mon, Dec 23, 2019 at 4:20 PM
<jeremy_tourville(a)hotmail.com> wrote:
>
> > I want to be able to manage VMs using Ansible. As
part of the template
> creation process it says to seal the VM. Can someone tell me what sealing
> does to a Linux VM? I understand it removes some of things that make the
> VM unique but no real specifics.
>
> > So, if I want to manage a VM created from a template
would this general
> process work?-
>
> > Seal the VM
> > Install CloudInit and keys, accounts, etc
> > Shut off VM and create template from it.
>
> > Create new VM using Ansbile & CloudInit
> > CloudInit would have just enough info so that you could manage the VM
> with Ansible.
>
> > Would that work?
>
> > I am just starting to explore what CloudInit can do
and what it is. I
> am brand new to it. I didn't find enough info on template sealing to help
> me devise a full cycle management strategy. Perhaps there are other/easier
> methods? Thanks for your advice and input.
> > _______________________________________________
> > Users mailing list -- users(a)ovirt.org
> > To unsubscribe send an email to users-leave(a)ovirt.org
> > Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
> > oVirt Code of Conduct:
>
https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJ6OOPUT3KJ...
> --
> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
> calcoli che potrebbero essere affidati a chiunque se si usassero delle
> macchine"
> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
> "Internet è la più grande biblioteca del mondo.
> Ma il problema è che i libri sono tutti sparsi sul pavimento"
> John Allen Paulos, Matematico (1945-vivente)
> Luca 'remix_tj' Lorenzetto,
http://www.remixtj.net
, <
> lorenzetto.luca(a)gmail.com
>
_______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
>
https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VSPOODV5O3P...
--
Jan Zmeskal
Quality Engineer, RHV Core System
Red Hat <
https://www.redhat.com
<
https://www.redhat.com