Dan Kenigsberg has uploaded a new change for review. Change subject: sysprep hook: unconfigure a vm clone ......................................................................
sysprep hook: unconfigure a vm clone This hook lets you run virt-sysprep on the disk images of a VM before it is first run. It is useful to do that after a VM is cloned, in order to remove outdated MAC addresses, ssh keys, or user accounts. Change-Id: I447a4b01b86b17289030b71264d5d4218c2aa1e3 Signed-off-by: Dan Kenigsberg <[email protected]> --- M configure.ac A debian/vdsm-hook-sysprep.docs A debian/vdsm-hook-sysprep.install M vdsm.spec.in M vdsm_hooks/Makefile.am A vdsm_hooks/sysprep/Makefile.am A vdsm_hooks/sysprep/README A vdsm_hooks/sysprep/before_vm_start.py 8 files changed, 178 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/86/26886/1 diff --git a/configure.ac b/configure.ac index 12828be..ee1efb1 100644 --- a/configure.ac +++ b/configure.ac @@ -302,6 +302,7 @@ vdsm_hooks/smbios/Makefile vdsm_hooks/spiceoptions/Makefile vdsm_hooks/sriov/Makefile + vdsm_hooks/sysprep/Makefile vdsm_hooks/vhostmd/Makefile vdsm_hooks/vmdisk/Makefile vdsm_hooks/vmfex/Makefile diff --git a/debian/vdsm-hook-sysprep.docs b/debian/vdsm-hook-sysprep.docs new file mode 100644 index 0000000..5ecd9c6 --- /dev/null +++ b/debian/vdsm-hook-sysprep.docs @@ -0,0 +1 @@ +COPYING diff --git a/debian/vdsm-hook-sysprep.install b/debian/vdsm-hook-sysprep.install new file mode 100644 index 0000000..bfa51cc --- /dev/null +++ b/debian/vdsm-hook-sysprep.install @@ -0,0 +1 @@ +usr/libexec/vdsm/hooks/before_vm_start/60_sysprep diff --git a/vdsm.spec.in b/vdsm.spec.in index 08fc15e..e7e02ef 100644 --- a/vdsm.spec.in +++ b/vdsm.spec.in @@ -550,6 +550,14 @@ This vdsm hook can be used to configure some of the spice optimization attributes and values.. +%package hook-sysprep +Summary: Unconfigure guest OS using virt-sysprep +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description hook-sysprep +VDSM hook which unconfigures guest OS image. + %package hook-vmfex Summary: vmfex support for VDSM BuildArch: noarch @@ -1323,6 +1331,10 @@ %defattr(-, root, root, -) %{_libexecdir}/%{vdsm_name}/hooks/before_vm_start/50_spiceoptions +%files hook-sysprep +%defattr(-, root, root, -) +%{_libexecdir}/%{vdsm_name}/hooks/before_vm_start/60_sysprep + %files hook-vmdisk %defattr(-, root, root, -) %{_libexecdir}/%{vdsm_name}/hooks/before_vm_start/50_vmdisk diff --git a/vdsm_hooks/Makefile.am b/vdsm_hooks/Makefile.am index b57181b..c919b23 100644 --- a/vdsm_hooks/Makefile.am +++ b/vdsm_hooks/Makefile.am @@ -43,6 +43,7 @@ smbios \ spiceoptions \ sriov \ + sysprep \ vmdisk \ vmfex \ vmfex_dev \ diff --git a/vdsm_hooks/sysprep/Makefile.am b/vdsm_hooks/sysprep/Makefile.am new file mode 100644 index 0000000..c36ee32 --- /dev/null +++ b/vdsm_hooks/sysprep/Makefile.am @@ -0,0 +1,30 @@ +# +# Copyright 2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# +# Refer to the README and COPYING files for full details of the license +# + +EXTRA_DIST = \ + before_vm_start.py + +install-data-local: + $(MKDIR_P) $(DESTDIR)$(vdsmhooksdir)/before_vm_start + $(INSTALL_SCRIPT) $(srcdir)/before_vm_start.py \ + $(DESTDIR)$(vdsmhooksdir)/before_vm_start/60_sysprep + +uninstall-local: + $(RM) $(DESTDIR)$(vdsmhooksdir)/before_vm_start/60_sysprep diff --git a/vdsm_hooks/sysprep/README b/vdsm_hooks/sysprep/README new file mode 100644 index 0000000..d846b18 --- /dev/null +++ b/vdsm_hooks/sysprep/README @@ -0,0 +1,23 @@ +sysprep vdsm hook +================================= +This hook lets you run virt-sysprep on the disk images of a VM +before it is first run. + +Installation: +* Drop before_vm_start.py as /usr/libexec/vdsm/before_vm_start/60_sysprep + or (better) install vdsm-hook-sysprep.rpm on each of your hosts. + +* Use the engine-config to append the appropriate custom property: + + sudo engine-config -s "UserDefinedVMProperties=sysprep=^(true|false)$" + +Usage: +After cloning a VM, and before running it for the first time, set its "sysprep" +custom property to "true" and fire it up. virt-sysprep would be called before +the VM is started and would unconfigure the guest. See the virt-sysprep(1) +manual page for more details on which information is being removed from the +guest. + +It is highly important to remove the "sysprep" property after it is used. +Otherwise, it would be re-applied when the VM is started again, removing +valuable information. diff --git a/vdsm_hooks/sysprep/before_vm_start.py b/vdsm_hooks/sysprep/before_vm_start.py new file mode 100755 index 0000000..cea3a7e --- /dev/null +++ b/vdsm_hooks/sysprep/before_vm_start.py @@ -0,0 +1,109 @@ +#!/usr/bin/python +""" +Run virt-sysprep on the VM images before starting it. + +This hook should be triggered only via the Run Once option +""" + + +import os +import sys +import traceback + +import hooking + + +def iterate_sources(domxml): + for disk in domxml.getElementsByTagName('disk'): + if not disk.hasAttribute('device'): + continue + if disk.attributes['device'].value != 'disk': + continue + drivers = disk.getElementsByTagName('driver') + if not drivers: + continue + driver, = drivers + + source, = disk.getElementsByTagName('source') + if source.hasAttribute('file'): + path = source.attributes['file'].value + elif source.hasAttribute('dev'): + path = source.attributes['dev'].value + + yield driver.attributes['type'].value, path + + +def build_cmd_line(domxml): + cmd = ['virt-sysprep'] + for format, path in iterate_sources(domxml): + cmd.extend(['-a', path, '--format', format]) + return cmd + + +def main(): + sysprep = os.environ.get('sysprep') + if sysprep is not None: + doc = hooking.read_domxml() + out, err, rc = hooking.execCmd(build_cmd_line(doc)) + if rc: + raise RuntimeError(err, rc) + + +def test(): + from xml.dom.minidom import parseString + + TEST1 = """ + <domain type='qemu'> + <uuid>00000000-0000-0000-0000-000000000000</uuid> + <memory>219136</memory> + <currentMemory>219136</currentMemory> + <vcpu>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='block' device='disk'> + <source dev='/dev/HostVG/QEMUGuest1'/> + <target dev='hda' bus='ide'/> + </disk> + <disk type='block' device='cdrom'> + <driver name='qemu' type='raw'/> + <target dev='hdc' bus='ide' tray='open'/> + <readonly/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/path/to/image'/> + <target dev='hdc' bus='ide'/> + <readonly/> + <alias name='ide0-1-0'/> + <address type='drive' controller='0' bus='1' target='0' unit='0'/> + </disk> + <disk type='block' device='disk'> + <driver name='qemu' type='qcow2'/> + <source dev='/dev/sdb'/> + <geometry cyls='16383' heads='16' secs='63' trans='lba'/> + <blockio logical_block_size='512' physical_block_size='4096'/> + <target dev='hda' bus='ide'/> + </disk> + </devices> + </domain>""" + + print(build_cmd_line(parseString(TEST1))) + + +if __name__ == '__main__': + try: + if '--test' in sys.argv: + test() + else: + main() + except: + hooking.exit_hook('[unexpected error]: %s\n' % + traceback.format_exc()) -- To view, visit http://gerrit.ovirt.org/26886 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I447a4b01b86b17289030b71264d5d4218c2aa1e3 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
