Libguestfs - Sep 2013 - Re: [PATCH 3/5] sysprep: remove the custom kdump configurations

On Fri, Sep 06, 2013 at 04:25:07PM +0800, Wanlong Gao
wrote:
> On 09/06/2013 04:06 PM, Richard W.M. Jones wrote:
> > On Fri, Sep 06, 2013 at 03:52:40PM +0800, Wanlong Gao wrote:
> >> +	kdump_config \
> > 
> > Better to call this one just "kdump" ?
> > 
> > However I'm unclear why anyone would want to remove kdump config
in a
> > sysprep operation.  Or TCP wrappers for that matter.  There seems to
> > be no useful point in having virt-sysprep start to remove random
> > config files.
> 
> Thought that these are most important and useful config files in a VM.
> Below is quoted from whom gave me these requirement:
> "
> Motivation
>   virt-sysprep command is simple and useful command for deploying VMs.
>   So, we hope its enchance.
> 
>   Though we know guestfish can be used for removing these files too,
>   (by writing script, etc)
>   currently it is not good for normal users by the following reasons.
>    
>       guestfish cannot handle errors appropriately.
>         - When user uses interactive mode of guestfish, it may abort when
>           error occurs.
>         - When user uses batch mode of it, it may ignore error.
>         - Its error message is too noisy (ex, when the specified file is
not
>           present.)
> "
How about the 'virt-sysprep --script' parameter?

http://libguestfs.org/virt-sysprep.1.html#script%2d

Although this uses FUSE, which is also less than ideal, it is
well-tested and the error behaviour is under user control.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

On 09/06/2013 05:23 PM, Richard W.M. Jones wrote:
> On Fri, Sep 06, 2013 at 04:25:07PM +0800, Wanlong Gao wrote:
>> On 09/06/2013 04:06 PM, Richard W.M. Jones wrote:
>>> On Fri, Sep 06, 2013 at 03:52:40PM +0800, Wanlong Gao wrote:
>>>> +	kdump_config \
>>>
>>> Better to call this one just "kdump" ?
>>>
>>> However I'm unclear why anyone would want to remove kdump
config in a
>>> sysprep operation.  Or TCP wrappers for that matter.  There seems
to
>>> be no useful point in having virt-sysprep start to remove random
>>> config files.
>>
>> Thought that these are most important and useful config files in a VM.
>> Below is quoted from whom gave me these requirement:
>> "
>> Motivation
>>   virt-sysprep command is simple and useful command for deploying VMs.
>>   So, we hope its enchance.
>>
>>   Though we know guestfish can be used for removing these files too,
>>   (by writing script, etc)
>>   currently it is not good for normal users by the following reasons.
>>    
>>       guestfish cannot handle errors appropriately.
>>         - When user uses interactive mode of guestfish, it may abort
when
>>           error occurs.
>>         - When user uses batch mode of it, it may ignore error.
>>         - Its error message is too noisy (ex, when the specified file
is not
>>           present.)
>> "
> 
> How about the 'virt-sysprep --script' parameter?
> 
> http://libguestfs.org/virt-sysprep.1.html#script%2d
> 
> Although this uses FUSE, which is also less than ideal, it is
> well-tested and the error behaviour is under user control.
Yes, sure. Then can you give some comments about following TODO list?
For which is necessary to add for users and which is not?
Although we know almost all of the features we have in sysprep can be done
by "--script" feature, right?


"
add features to remove the following files or values
  if user required.

  B-1) Data files which are made by iscsi initiator.
       /var/lib/iscsi/*

  B-2) Definition files of iscsi target emulator.
       /etc/tgt/*

  B-3) Definition files of iptables
       /etc/sysconfig/iptables

  B-4) Definition of TCP Wrapper
       /etc/hosts.*

  B-5) Definition for hostname/DNS.
       /etc/resolv.conf
       /etc/hosts

  B-6) Definition of network routing
        /etc/sysconfig/network-scripts/route-*
        /etc/sysconfig/network-scripts/rule-*


  B-7) Temporary files
        /tmp/*
        /var/tmp/*

  B-8) kdump setting file
        /etc/kdump.conf


  B-9) NFS setting.
      /etc/exports

  B-10) Remove all files/directories under a directory which is specified by
        new virt-sysprep option
 
      (User may want to each directories depends on thier circumstance.)



  B-9) Remove or initialize value which is related specified users/groups.

     User can select a) or b)
     a) Remove specified users/groups
        
        - Remove definition for them from /etc/passwd and /etc/groups
        - Remove their home directories.

       (Don't remove the files /etc/passwd /etc/groups.)
        
     b) Initialize normal users/groups password


     Note: 
           Original requirement is to remove/initaliaze 
           all of normal UID/GID user's setting.

           But the definition of normal user is a bit confusable.
            RHEL6 : UID is 500 or more,   RHEL7 : 1000 or more
           In addition, nfsnobody uses 65534.

           So, specifing concrete UID/GID by command option is desirable.
           For example, "--uid=500,5021000-60000"

"

Thanks,
Wanlong Gao
> 
> Rich.
>

On Mon, Sep 09, 2013 at 04:09:14PM +0800, Wanlong Gao
wrote:
> Yes, sure. Then can you give some comments about following TODO list?
> For which is necessary to add for users and which is not?
> Although we know almost all of the features we have in sysprep can be done
> by "--script" feature, right?
> 
> 
> "
> add features to remove the following files or values
>   if user required.
> 
>   B-1) Data files which are made by iscsi initiator.
>        /var/lib/iscsi/*
Some of this is configuration apparently; ie. it is set up by
the iscsiadm utility.
>   B-2) Definition files of iscsi target emulator.
>        /etc/tgt/*
Configuration?
>   B-3) Definition files of iptables
>        /etc/sysconfig/iptables
Although we added this already, I'm inclined to think it is
configuration, not temporary data.
>   B-4) Definition of TCP Wrapper
>        /etc/hosts.*
Configuration.
>   B-5) Definition for hostname/DNS.
>        /etc/resolv.conf
>        /etc/hosts
/etc/resolv.conf could be removed, definitely on guests which use
dhcp, if there is a way to tell if a guest uses dhcp.

/etc/hosts seems like configuration to me.
>   B-6) Definition of network routing
>         /etc/sysconfig/network-scripts/route-*
>         /etc/sysconfig/network-scripts/rule-*
Don't really know enough to comment on this.
>   B-7) Temporary files
>         /tmp/*
>         /var/tmp/*
Yes, it was good to remove this.
>   B-8) kdump setting file
>         /etc/kdump.conf
> 
>   B-9) NFS setting.
>       /etc/exports
No.
>   B-10) Remove all files/directories under a directory which is specified
by
>         new virt-sysprep option
>  
>       (User may want to each directories depends on thier circumstance.)
Yes, good idea.  User should specify a wildcard / list of wildcards.
>   B-9) Remove or initialize value which is related specified users/groups.
> 
>      User can select a) or b)
>      a) Remove specified users/groups
>         
>         - Remove definition for them from /etc/passwd and /etc/groups
>         - Remove their home directories.
> 
>        (Don't remove the files /etc/passwd /etc/groups.)
Yes -- already done ('user-account').
>      b) Initialize normal users/groups password
> 
> 
>      Note: 
>            Original requirement is to remove/initaliaze 
>            all of normal UID/GID user's setting.
> 
>            But the definition of normal user is a bit confusable.
>             RHEL6 : UID is 500 or more,   RHEL7 : 1000 or more
>            In addition, nfsnobody uses 65534.
> 
>            So, specifing concrete UID/GID by command option is desirable.
>            For example, "--uid=500,5021000-60000"
Unclear.

------

I think a better way to think about this: Suppose someone wants to use
virt-sysprep to get back to the original configuration of the guest at
installation.  Wouldn't it be better (cleaner, safer) for them to
install a new guest from scratch?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top