# EL7 VM Templatization for Proxmox ## Description These are some handy tools to turn a VM into a template, so that creating a new VM is as simple as (full) clone and boot. There are several assumptions made that may not necessarily match with anyone else's environment: - CentOS 7 minimal install (will probably work on any flavor of EL7) - DHCP server available - rootfs (/) is on the last partition of the primary disk, and is a primary partition - a `centos` user exists on the VM (this is not a hard requirement, nothing bad will happen if it's not true) Right now, the main things it will do is on the first time a new VM boots it will: - generate a new hostname (configurable, defaults to using UUIDs) - grow the rootfs ## Setup 1. Create a new VM (with a very small disk, like <=8GB) and install CentOS 7 minimal 1. Customize new install with whatever software/users/ssh keys you will want on *every* VM by default 1. Copy each of the four files to the location specified in the comment at the top: - `cp ./vm-{seal,firstrun}.sh /usr/local/sbin/` - `cp ./vm-firstrun.example-config /etc/sysconfig/vm-firstrun` - `cp ./vm-firstrun.service /etc/systemd/system/vm-firstrun.service` 1. Make the two .sh scripts executable: `chmod +x /usr/local/sbin/vm-{seal,firstrun}.sh` 1. Let systemd see the new unit file: `systemctl daemon-reload` 1. Once all your customizations are done and you're ready to turn it into a template, run: `/usr/local/sbin/vm-seal.sh` 1. The VM should shutdown, then in Proxmox you can just right-click and convert to template ## Usage After doing the setup, to create a new VM: 1. do a full clone of the template 1. grow the size of the disk if needed 1. start the VM If you ever need to make changes to your template: 1. follow the above steps to create a new VM from the template 1. make your changes on the new VM that will become the new template 1. when done making changes, run `/usr/local/sbin/vm-seal.sh` 1. after the new VM stops, convert it to a template and delete the old template Note that because it touches `/.autorelabel`, the first boot can take a few minutes while the SELinux contexts are re-applied or whatever, if SELinux is disabled in your environment this may not matter. ## How it works It's very simple, `vm-seal.sh` basically de-configures the parts of the system that should be unique, then removes any log files or anything that shouldn't really be on a newly-installed system. Then it enables `vm-firstrun.service` in systemd and does a shutdown. At the next boot, systemd starts the `vm-firstrun.service` which just runs `vm-firstrun.sh`, which generates a new hostname and grows the rootfs. Then it disables the `vm-firstrun.service` so that it won't run again next time the VM is rebooted.