Custom Cloud Images for OpenStack pt2

In the last post, I essentially kicked off a new multipart series on creating custom cloud images for RHEL, Fedora, and CentOS. I showed you the basics for RHEL, then said I would follow up with Fedora or CentOS. I lied. I decided that I wanted to show you a little fun with “GuestFish” (guestfs, libguestfs) first. It’ll be a quick post with some links to take you further should you want to take things deeper…

Guestfish provides a means of editing guest images without actually powering them on. This means not only can it me automated and/or made part of a program or script, but it also means that you don’t have to go through the process of clearing out “dynamic artifacts” again. Static and Dynamic artifacts are those pieces of data that ID the host as “webserver01” or “instance561.domain5.com” or SSH host key <enter_string_here>. There are many static items like network configuration and filesystem mount instructions that are easy to clear out once. Then there are things like SSH keys and network udev rules that are created every time the host is booted if they don’t already exist.

For something like an image that is supposed to be “generic”, having to reset all of that every time there is an edit to made is tedious at best.

Much like the other virtualization related tools, guestfish requires that your sandbox be a KVM hypervisor. See the previous post for the recommended packages.

Let’s say it’s time to change the password on all of the base images. No problem. Start by using the OpenSSL toolkit to create your new password as follows:

# openssl passwd -1 N3w_P4ssw0Rd!
$1$usAcrinH$5FnfzxW4kOjfOUfd60/yu0

Then fire up guestfish to edit /etc/shadow:

guestfish --rw -a /tmp/demo.qcow2
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: 'help' for help on command
    'man' to read the manual
    'quit' to quit the shell
><fs> run
><fs> list-filesystems
/dev/sda1: xfs
/dev/sda2: xfs
><fs> mount /dev/sda2 /
><fs> vi /etc/shadow
    root:$1$Avc7f4zA$xk2Jl4GKRIsjKlL0VGJa1.:16513:0:99999:7::: 

When editing /etc/shadow, replace the 2nd field, whatever is between the first pair of “:”. If it is the first time, the second field will be blank. In the example above, the current password starts with “$” and ends with “.”.

Continue on to some network editing..

><fs> vi /etc/sysconfig/network-scripts/ifcfg-eth0

Here I removed the “UUID”, “MACADDR”, and most of the IPV6 lines. Again, this is to keep it generic as a cloud image. And I’m done for now. You get the idea. Hopefully you see it’s usefulness.

><fs> quit

You don’t have to use it interactively either – you can effectively do inline edits as well, depending on what you’re trying to do. Here is a page maintained by the incredibly talented Richard W.M. Jones – libguestfs recipes. The official OpenStack documentation also has some good examples as well – OpenStack guestfs.

Hope this helps,

Captain KVM

Agree? Disagree? Something to add to the conversation?