[proxmox] CentOS7 Template 만들기(수동, 자동)

사용자가 정의 할수 있는 설정 값이나 어플리케이션 설치 후에 아래 과정을 진행한다.

특별히 구성할 설정이 없다면 CentOS 설치 후에 바로 진행해도 상관 없다.

 

방법은 수동과 자동으로 나뉜다. 편한 방법을 사용하여 진행한다.

 

 

 

사용자 정의(Optional)

---

selinux disable

vim /etc/selinux/config
...
SELINUX=disabled
...

 

 

firewalld disable

systemctl disable firewalld

 

 

기본 패키지 설치

yum install tcpdump vim psmisc net-tools bind-utils epel-release wget

 

 

 

qemu-guest-agent 설치

yum install qemu-guest-agent
systemctl enable qemu-guest-agent

 

 

 

 

 

Template 을 위한 초기화 작업(수동)

---

hostname 초기화

hostnamectl set-hostname localhost.localdomain

 

 

machine-id 삭제

> /etc/machine-id

 

 

ssh root key 삭제

rm -f /etc/ssh/ssh_host_*
rm -rf /root/.ssh/
rm -f /root/anaconda-ks.cfg
rm -f /root/.bash_history

 

 

 

network interface script 수정

- UUID 삭제

TYPE=Ethernet
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp

 

 

 

Log 삭제

rm -f /var/log/boot.log
rm -f /var/log/cron
rm -f /var/log/dmesg
rm -f /var/log/grubby
rm -f /var/log/lastlog
rm -f /var/log/maillog
rm -f /var/log/messages
rm -f /var/log/secure
rm -f /var/log/spooler
rm -f /var/log/tallylog
rm -f /var/log/wpa_supplicant.log
rm -f /var/log/wtmp
rm -f /var/log/yum.log
rm -f /var/log/audit/audit.log
rm -f /var/log/tuned/tuned.log

 

 

 

history unset

unset HISTFILE

 

 

 

sys-unconfig 및 전원off

sys-unconfig

 

 

GUI 상에서 template 전환

 

 

 

Template 을 위한 초기화 작업(자동)

---

VM 종료

사용자 정의(Optional) 작업이 끝나고 VM의 전원을 종료한다.

 

 

 

virt-sysprep

virt-sysprep 를 사용하여 초기화 작업을 진행하며 패키지를 설치한다.

apt install libguestfs-tools

 

virt-sysprep이 수행하는 항목은 아래와 같이 확인할 수 있다.

virt-sysprep --list-operations

abrt-data * Remove the crash data generated by ABRT
backup-files * Remove editor backup files from the guest
bash-history * Remove the bash history in the guest
blkid-tab * Remove blkid tab in the guest
ca-certificates   Remove CA certificates in the guest
crash-data * Remove the crash data generated by kexec-tools
cron-spool * Remove user at-jobs and cron-jobs
customize * Customize the guest
dhcp-client-state * Remove DHCP client leases
dhcp-server-state * Remove DHCP server leases
dovecot-data * Remove Dovecot (mail server) data
firewall-rules   Remove the firewall rules
flag-reconfiguration   Flag the system for reconfiguration
fs-uuids   Change filesystem UUIDs
ipa-client * Remove the IPA files
kerberos-data   Remove Kerberos data in the guest
kerberos-hostkeytab * Remove the Kerberos host keytab file in the guest
logfiles * Remove many log files from the guest
lvm-uuids * Change LVM2 PV and VG UUIDs
machine-id * Remove the local machine ID
mail-spool * Remove email from the local mail spool directory
net-hostname * Remove HOSTNAME and DHCP_HOSTNAME in network interface configuration
net-hwaddr * Remove HWADDR (hard-coded MAC address) configuration
pacct-log * Remove the process accounting log files
package-manager-cache * Remove package manager cache
pam-data * Remove the PAM data in the guest
passwd-backups * Remove /etc/passwd- and similar backup files
puppet-data-log * Remove the data and log files of puppet
rh-subscription-manager * Remove the RH subscription manager files
rhn-systemid * Remove the RHN system ID
rpm-db * Remove host-specific RPM database files
samba-db-log * Remove the database and log files of Samba
script * Run arbitrary scripts against the guest
smolt-uuid * Remove the Smolt hardware UUID
ssh-hostkeys * Remove the SSH host keys in the guest
ssh-userdir * Remove ".ssh" directories in the guest
sssd-db-log * Remove the database and log files of sssd
tmp-files * Remove temporary files
udev-persistent-net * Remove udev persistent net rules
user-account   Remove the user accounts in the guest
utmp * Remove the utmp file
yum-uuid * Remove the yum UUID

 

 

 

초기화 수행

VM 이미지가 있는 곳으로 이동 후 qcow2, raw 등의 이미지 파일을 사용하여 초기화를 진행한다.

virt-sysprep -a vm-120-disk-0.qcow2 
[   0.0] Examining the guest ...
[  14.1] Performing "abrt-data" ...
[  14.1] Performing "backup-files" ...
[  16.0] Performing "bash-history" ...
[  16.0] Performing "blkid-tab" ...
[  16.1] Performing "crash-data" ...
[  16.1] Performing "cron-spool" ...
[  16.1] Performing "dhcp-client-state" ...
[  16.1] Performing "dhcp-server-state" ...
[  16.1] Performing "dovecot-data" ...
[  16.1] Performing "ipa-client" ...
[  16.2] Performing "kerberos-hostkeytab" ...
[  16.2] Performing "logfiles" ...
[  16.5] Performing "machine-id" ...
[  16.5] Performing "mail-spool" ...
[  16.5] Performing "net-hostname" ...
[  16.7] Performing "net-hwaddr" ...
[  16.9] Performing "pacct-log" ...
[  16.9] Performing "package-manager-cache" ...
[  17.1] Performing "pam-data" ...
[  17.1] Performing "passwd-backups" ...
[  17.2] Performing "puppet-data-log" ...
[  17.2] Performing "rh-subscription-manager" ...
[  17.2] Performing "rhn-systemid" ...
[  17.3] Performing "rpm-db" ...
[  17.3] Performing "samba-db-log" ...
[  17.3] Performing "script" ...
[  17.3] Performing "smolt-uuid" ...
[  17.3] Performing "ssh-hostkeys" ...
[  17.4] Performing "ssh-userdir" ...
[  17.4] Performing "sssd-db-log" ...
[  17.4] Performing "tmp-files" ...
[  17.5] Performing "udev-persistent-net" ...
[  17.5] Performing "utmp" ...
[  17.5] Performing "yum-uuid" ...
[  17.5] Performing "customize" ...
[  17.6] Setting a random seed
[  17.6] Setting the machine ID in /etc/machine-id
[  17.7] Performing "lvm-uuids" ...

 

 

GUI 상에 template으로 전환한다.