.. Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information#
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
Creating a Linux Template
-------------------------
Linux Templates should be prepared using this documentation in order to
prepare your linux Instances for Template deployment. For ease of
documentation, the Instance which you are configuring the Template on will be
referred to as "Main Template". The final product, as created and usable
for deployment in Cloudstack, will be referred as "Final Template".
This guide will cover cloud-init setup and scripted setups where available. It is assumed that openssh-server
is installed during installation.
An overview of the procedure is as follow:
#. Upload your Linux ISO.
For more information, see `“Adding an
ISO†<templates.html#adding-an-iso>`_.
#. Create an Instance with this ISO.
For more information, see `“Creating
Instances†<virtual_machines.html#creating-instances>`_.
#. Prepare the Linux Instance
#. Create a Template from the Instance.
For more information, see `“Creating a Template from an Existing
Instance†<#creating-a-template-from-an-existing-instance>`_.
System preparation for Linux
----------------------------
The following steps will provide basic Linux installation for
templating of Centos and Ubuntu.
#. **Update OS**
The next step update the packages on the Main Template.
~ CentOS
.. code:: bash
yum update -y
reboot
~ Ubuntu
.. code:: bash
sudo -i
apt-get update
apt-get upgrade -y
apt-get install -y acpid ntp
reboot
#. **Networking**
Set Template Network interface configuration to DHCP so Cloudstack infrastructure can assign one on boot.
.. warning::
For CentOS, it is mandatory to take unique identification out of the
interface configuration file /etc/sysconfig/network-scripts/ifcfg-eth0. Any entries starting with <VALUE> should be removed.
~ Centos
.. code:: bash
echo "DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=dhcp
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-eth0
#. **Hostname Management**
Set a generic name to the Template Instance during installation, this will ensure components such as LVM do not appear unique to a machine. It is recommended that the name of "localhost" is used for installation.
.. code:: bash
hostname localhost
echo "localhost" > /etc/hostname
#. **Password management**
.. note::
It is a good practice to remove any non root Users that come with the OS (such as ones created during the Ubuntu
installation). First ensure the root user Account is enabled by giving it a password and then login as root to continue.
Once logged in as root, any custom User can be removed.
.. code:: bash
deluser myuser --remove-home
User password management and reset cappabilities in GUI are available with:
* `Cloud-init integration <templates/_cloud_init.html#linux-with-cloud-init>`_
* `Adding Password Management to Your Templates <templates.html#adding-password-management-to-templates>`_ /Legacy for non systemd systems only/
#. **SSH keys management**
Cloudstack can create key pair and push certificates to Instances. This feature is available with:
* `Cloud-init integration <templates/_cloud_init.html#linux-with-cloud-init>`_
* `Implementing a SSH-Key bash script <http://docs.cloudstack.apache.org/en/latest/adminguide/virtual_machines.html#creating-an-instance-template-that-supports-ssh-keys>`_
#. **Partition management**
Volumes can autorextend after reboot when partition is extended in the GUI.
This feature is possible with `Cloud-init integration <templates/_cloud_init.html#linux-with-cloud-init>`_.
#. **User-data**
Cloudstack can push user-data during Instance creation.
This feature is possible with `Cloud-init integration <templates/_cloud_init.html#linux-with-cloud-init>`_.
#. **Template cleanup**
.. warning::
Cleanup steps should be run when all Main Template configuration
is done and just before the shutdown step. After shut down Final
Template should be created. If the Main Template is started or
rebooted before Final Template creation all cleanup steps have to be rerun.
- **Remove the udev persistent device rules**
This step removes information unique to the Main Template such as
Network MAC addresses, lease files and CD block devices, the files
are automatically generated on next boot.
~ CentOS
.. code:: bash
rm -f /etc/udev/rules.d/70*
rm -f /var/lib/dhclient/*
~ Ubuntu
.. code:: bash
rm -f /etc/udev/rules.d/70*
rm -f /var/lib/dhcp/dhclient.*
- **Remove SSH Keys**
This step is to ensure all Templated Instances do not have the same
SSH keys, which would decrease the security of the machines
dramatically.
.. code:: bash
rm -f /etc/ssh/*key*
- **Cleaning log files**
It is good practice to remove old logs from the Main Template.
.. code:: bash
cat /dev/null > /var/log/audit/audit.log 2>/dev/null
cat /dev/null > /var/log/wtmp 2>/dev/null
logrotate -f /etc/logrotate.conf 2>/dev/null
rm -f /var/log/*-* /var/log/*.gz 2>/dev/null
- **Set User password to expire**
This step forces the User to change the password of the Instance after the
Template has been deployed.
.. code:: bash
passwd --expire root
- **Clearing User History**
The next step clears the bash commands you have just run.
.. code:: bash
history -c
unset HISTFILE
#. **Shutdown the Instance**
Shutdown the Main Template.
.. code:: bash
halt -p
#. **Create the Template!**
You are now ready to create the Final Template, for more information see
`“Creating a Template from an Existing Virtual
Machine†<#creating-a-template-from-an-existing-instance>`_.