[PATCH] sysprep: remove the data and log files of puppet
by Wanlong Gao
Remove the data(keys) and log files of puppet.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
TODO | 1 -
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_puppet_data_log.ml | 52 ++++++++++++++++++++++++++
3 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 sysprep/sysprep_operation_puppet_data_log.ml
diff --git a/TODO b/TODO
index b2d53d7..a89d52e 100644
--- a/TODO
+++ b/TODO
@@ -377,7 +377,6 @@ virt-sysprep ideas
------------------
- other Spacewalk / RHN IDs (?)
- - Puppet registration
- Windows sysprep
(see: https://github.com/clalancette/oz/blob/e74ce83283d468fd987583d6837b441608... )
- (librarian suggests ...)
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index 4f49ad3..2afd406 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -49,6 +49,7 @@ SOURCES = \
sysprep_operation_net_hwaddr.ml \
sysprep_operation_package_manager_cache.ml \
sysprep_operation_pam_data.ml \
+ sysprep_operation_puppet_data_log.ml \
sysprep_operation_random_seed.ml \
sysprep_operation_rhn_systemid.ml \
sysprep_operation_samba_db_log.ml \
@@ -86,6 +87,7 @@ OBJECTS = \
sysprep_operation_net_hwaddr.cmx \
sysprep_operation_package_manager_cache.cmx \
sysprep_operation_pam_data.cmx \
+ sysprep_operation_puppet_data_log.cmx \
sysprep_operation_random_seed.cmx \
sysprep_operation_rhn_systemid.cmx \
sysprep_operation_samba_db_log.cmx \
diff --git a/sysprep/sysprep_operation_puppet_data_log.ml b/sysprep/sysprep_operation_puppet_data_log.ml
new file mode 100644
index 0000000..38061f8
--- /dev/null
+++ b/sysprep/sysprep_operation_puppet_data_log.ml
@@ -0,0 +1,52 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Sysprep_gettext.Gettext
+
+module G = Guestfs
+
+let puppet_data_log_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ let paths = [ "/var/log/puppet/*";
+ "/var/lib/puppet/*/*";
+ "/var/lib/puppet/*/*/*" ] in
+ List.iter (
+ fun path ->
+ let files = g#glob_expand path in
+ Array.iter (
+ fun file ->
+ try g#rm file with G.Error _ -> ()
+ ) files;
+ ) paths;
+
+ []
+ )
+ else []
+
+let puppet_data_log_op = {
+ name = "puppet-data-log";
+ enabled_by_default = false;
+ heading = s_"Remove the data and log files of puppet";
+ pod_description = None;
+ extra_args = [];
+ perform = puppet_data_log_perform;
+}
+
+let () = register_operation puppet_data_log_op
--
1.7.10
12 years, 2 months
libguestfs on Debian 6 squeeze problems
by Zoltan
I'm trying to install libguestfs on Debian squeeze installed from
http://people.debian.org/~bengen/libguestfs/
It does not work. Here are the details:
I was able to install libguestfs-tools and its dependencies. However,
aptitude removed the following two packages: qemu and qemu-system. I'm
not sure if it's okay or not. If I try to install those packages back, I
get the following:
# aptitude install qemu qemu-system
The following NEW packages will be installed:
qemu qemu-system{b}
0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 16.6 MB of archives. After unpacking 50.9 MB will be used.
The following packages have unmet dependencies:
qemu-system: Depends: openbios-ppc (>= 1.0+svn1018) but 1.0+svn640-1
is installed.
Depends: openbios-sparc (>= 1.0+svn1018) but
1.0+svn640-1 is installed.
My first question is, is this normal? Do I need the qemu and qemu-system
packages installed? What about these openbios dependencies?
The next problem I have encountered: When I installed libguestfs-tools,
aptitude also installed the cryptsetup ( cryptsetup/squeeze uptodate
2:1.1.3-4squeeze2 ) package as a dependency. Since then, every time I
run update-initramfs, I get this:
# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
cryptsetup: WARNING: failed to detect canonical device of /dev/md1
cryptsetup: WARNING: could not determine root device from /etc/fstab
I use RAID1 arrays md1 and md3 on my system. I googled "cryptsetup:
WARNING: failed to detect canonical device" and "cryptsetup: WARNING:
could not determine root device" to no avail. I mean, some other people
get these warnings too, but I haven't find any solution to get rid of
these warning messages. Since these are just warnings, I guess I can
just ignore these?
Now, back to the main issue: libguestfs does not work! When I run
libguestfs-test-tool, it stops with the following error:
Failed to connect to virtio-serial channel.
This is a fatal error and the appliance will now exit.
Usually this error is caused by either QEMU or the appliance
kernel not supporting the vmchannel method that the
libguestfs library chose to use. Please run
'libguestfs-test-tool' and provide the complete, unedited
output to the libguestfs developers, either in a bug report
or on the libguestfs redhat com mailing list.
When I try to use the virt-filesystems tool, after about 2-3 seconds it
stops with an error message that says:
# virt-filesystems -a myimagefile.img
libguestfs: error: guestfs_launch failed, see earlier error messages
Then in the log files I see these:
libvirtd: 04:49:11.561: warning : qemudStartup:1832 : Unable to create
cgroup for driver: No such device or address
libvirtd: 04:49:11.729: warning : lxcStartup:1900 : Unable to create
cgroup for driver: No such device or address
Basically, none of the libguestfs tools work on my Debian squeeze
system... What can I do to make libguestfs install properly?
I thought that maybe I should install a newer Linux kernel from
backports? Currently I use the following squeeze kernel:
linux-image-2.6.32-5-amd64/squeeze uptodate 2.6.32-45
Do I need to install 3.x kernel for libguestfs ?
BTW, the following packages are installed from the squeeze-backports (or
Bengen's) repository on my system:
febootstrap/squeeze uptodate 3.14-2~bpo60+1
ipxe/squeeze uptodate 1.0.0+git-2.149b50-1~bpo60+1
kvm/squeeze uptodate 1:0.14.1+dfsg-4~bpo60+1
libguestfs0/squeeze uptodate 1:1.16.17-1~bpo60+1
libguestfs-perl/squeeze uptodate 1:1.16.17-1~bpo60+1
libguestfs-tools/squeeze uptodate 1:1.16.17-1~bpo60+1
qemu-keymaps/squeeze uptodate 0.14.1+dfsg-3~bpo60+1
qemu-kvm/squeeze uptodate 0.14.1+dfsg-4~bpo60+1
qemu-user/squeeze uptodate 0.14.1+dfsg-3~bpo60+1
qemu-utils/squeeze uptodate 0.14.1+dfsg-3~bpo60+1
seabios/squeeze uptodate 1.6.3-2~bpo60+1
vgabios/squeeze uptodate 0.7a-1~bpo60+1
Do I miss something?
I would really appreciate if someone can point me to the right
direction! Thanks!
Zoltan
12 years, 2 months
Re: [Libguestfs] 【help】why not support showing filename containing chinese characters with the ls function?
by 马磊
On Tue, May 22, 2012 at 11:08 PM, 马磊 <aware.why(a)gmail.com> wrote:
>
>
> On Tue, May 22, 2012 at 7:48 PM, Richard W.M. Jones <rjones(a)redhat.com>wrote:
>
>> On Tue, May 22, 2012 at 07:44:04PM +0800, 马磊 wrote:
>> > On Tue, May 22, 2012 at 7:37 PM, Richard W.M. Jones <rjones(a)redhat.com
>> >wrote:
>> >
>> > > On Tue, May 22, 2012 at 06:38:45PM +0800, 马磊 wrote:
>> > > > [malei@xen-test2 ~]$ guestfish --rw -a /home/malei/d.img
>> > > >
>> > > > Welcome to guestfish, the libguestfs filesystem interactive shell
>> for
>> > > > editing virtual machine filesystems.
>> > > >
>> > > > Type: 'help' for help on commands
>> > > > 'man' to read the manual
>> > > > 'quit' to quit the shell
>> > > >
>> > > > ><fs> mount-options '' /dev/vda1 /
>> > > > libguestfs: error: mount_options: call launch before using this
>> function
>> > > > (in guestfish, don't forget to use the 'run' command)
>> > > > ><fs> launch
>> > > > ><fs> mount-options '' /dev/vda1 /
>> > > > ><fs> ls /
>> > > > ?? ????.txt
>> > > > ?? ????.wav
>> > > > ?? WinRAR ZIP ????.zip
>> > > > root1
>> > > > root2
>> > > > ><fs>
>> > > > ===============================================
>> > > > Does it have something to do with the LANG environment variable or
>> the
>> > > disk
>> > > > img which is not bootable?
>> > >
>> > > I guess this is a FAT or VFAT image? (Try the 'list-filesystems'
>> command).
>> > >
>> > > There are several bugs, they even prevent me from creating such an
>> > > image to start with :-( I have filed these:
>> > >
>> > > https://bugzilla.redhat.com/show_bug.cgi?id=823885
>> > > https://bugzilla.redhat.com/show_bug.cgi?id=823887
>> > >
>> > > How large is 'd.img'? Would it be possible for me to get a copy of
>> > > it, or of a similar image that fails in the same way?
>> > >
>> > > Rich.
>> > >
>> > > --
>> > > Richard Jones, Virtualization Group, Red Hat
>> > > http://people.redhat.com/~rjones
>> > > virt-p2v converts physical machines to virtual machines. Boot with a
>> > > live CD or over the network (PXE) and turn machines into Xen guests.
>> > > http://et.redhat.com/~rjones/virt-p2v
>> >
>> >
>> >
>> >
>> > You're right! The partition containg chinese-character-name files
>> is
>> > vfat filesystem.
>> > [malei@xen-test2 ~]$ guestfish --rw -a /home/malei/d.img
>> >
>> > Welcome to guestfish, the libguestfs filesystem interactive shell for
>> > editing virtual machine filesystems.
>> >
>> > Type: 'help' for help on commands
>> > 'man' to read the manual
>> > 'quit' to quit the shell
>> >
>> > ><fs> run
>> > ><fs> list_filesystems
>> > /dev/vda1: vfat
>> > /dev/vda2: ntfs
>> > /dev/vda3: ntfs
>> > /dev/vda4: unknown
>> > /dev/vda5: vfat
>> > /dev/vda6: vfat
>> > /dev/vda7: ntfs
>> > ><fs> mount-options /dev/vda2 /
>> > mount-options should have 3 parameter(s)
>> > type 'help mount-options' for help on mount-options
>> > ><fs> mount-options '' /dev/vda2 /
>> > ><fs> ls /
>> > System Volume Information
>> > root1
>> > root2
>> > 新建 WinRAR ZIP 压缩文件.zip
>> > 新建 文本文档.txt
>> > 新建 波形声音.wav
>>
>> It'd be great if you could get me / point me to a vfat image that
>> contains Chinese character filenames. One way (assuming this image
>> does not contain sensitive data) is:
>>
>> guestfish --ro -a /home/malei/d.img
>> ><fs> run
>> ><fs> download /dev/vda1 - | xz --best > /tmp/vda1.img.xz
>>
>> and then send me the file /tmp/vda1.img.xz.
>>
>> Rich.
>>
>> --
>> Richard Jones, Virtualization Group, Red Hat
>> http://people.redhat.com/~rjones
>> libguestfs lets you edit virtual machines. Supports shell scripting,
>> bindings from many languages. http://libguestfs.org
>>
>
> I have sent it to you, check please.
>
BTW, another problem about mount:
[malei@xen-test2 ~]$ guestfish --rw -a d.img -m /dev/vda1:/:utf8
libguestfs: error: mount_options: you must mount something on / first
guestfish: '/dev/vda1' could not be mounted. Did you mean one of these?
/dev/vda1 (vfat)
/dev/vda2 (ntfs)
/dev/vda3 (ntfs)
/dev/vda4 (unknown)
/dev/vda5 (vfat)
/dev/vda6 (vfat)
/dev/vda7 (ntfs)
12 years, 2 months
[PATCH] TODO: sysprep todo list clearance
by Wanlong Gao
Remove the implemented features from TODO list.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
TODO | 3 ---
1 file changed, 3 deletions(-)
diff --git a/TODO b/TODO
index 93f8787..b2d53d7 100644
--- a/TODO
+++ b/TODO
@@ -377,15 +377,12 @@ virt-sysprep ideas
------------------
- other Spacewalk / RHN IDs (?)
- - Kerberos keys
- Puppet registration
- Windows sysprep
(see: https://github.com/clalancette/oz/blob/e74ce83283d468fd987583d6837b441608... )
- (librarian suggests ...)
. install a firstboot script virt-sysprep --script=/tmp/foo.sh
- . run an external shell script
. run external guestfish script virt-sysprep --fish=/tmp/foo.fish
- - /var/run/* and pam_faillock's data files
- if drives are encrypted, then dm-crypt key should be changed
and drives all re-encrypted
- /etc/pki
--
1.7.10
12 years, 2 months
failure to find hostname causing fatal error
by Todd Mummert
Trying to inspect an old OpenSuSE image, which has an empty
/etc/HOSTNAME file. This causes check_hostname_unix() in
inspect_fs_unix() to return -1 -- causing inspection to fail.
Somewhat interestingly, if no files of interest were found, the
function would return 0.....which I think doesn't cause problems
upstream.
It's somewhat related to this closed bug where the fix was to set the
return code to 0 and hostname could end up null.
https://bugzilla.redhat.com/show_bug.cgi?id=726739
It may be correct, in fact, to try each of the hostname checks until 1
succeeds or they all fail, and then return 0 in all cases.
--Todd
12 years, 2 months
[ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images
by Richard W.M. Jones
I'm pleased to announce the latest stable release of libguestfs, a
library and a set of tools for reading, writing, managing, inspecting,
rescuing, resizing and aligning disk images, and offline and live
virtual machines. There are many new features and bug fixes in this
release; see the release notes below.
You can get libguestfs 1.18.0 from:
Main website: http://libguestfs.org
Source: http://libguestfs.org/download/1.18-stable/
Fedora 17: https://admin.fedoraproject.org/updates/libguestfs-1.18.0-1.fc17
Debian/Ubuntu: [coming soon]
Rich.
Release notes for libguestfs 1.18.0
-----------------------------------
These release notes only cover the differences from the previous
stable/dev branch split (1.16.0). For detailed changelogs, please see
the git repository, or the ChangeLog file distributed in the tarball.
New features
virt tools:
- virt-sysprep has been rewritten and expanded (thanks Wanlong Gao)
http://libguestfs.org/virt-sysprep.1.html
- virt-sparsify --zero is a new option that zeroes the named
partition or filesystem
- virt-sparsify can now safely sparsify Linux swap partitions
- virt-sparsify fixed so it cleans up after ^C
http://libguestfs.org/virt-sparsify.1.html
- a new tool 'libguestfs-make-fixed-appliance' is provided to build
fixed appliances that can be copied to other machines that don't
have febootstrap support
http://libguestfs.org/libguestfs-make-fixed-appliance.1.html
- virt-filesystems now displays the parents (containers) of MD
devices and volume groups
- virt-alignment-scan, run with no args, displays alignment information
for all libvirt domains
- virt-df and virt-alignment-scan will display information from all
guests even when a disk is inaccessible
- virt-rescue new --scratch option to make scratch disks
https://rwmj.wordpress.com/2012/04/26/virt-rescue-scratch/#content
- virt-make-fs can now be used to create btrfs
- virt-edit preserves permissions, UID, GID and SELinux context
when editing files
- guestfish passes the close event over stdout and remote correctly
- guestfish new '--pipe-error' option lets you detect errors in pipe
commands
- guestfish globs now expand device names
- comma and colon characters in filenames now handled correctly by
all virt tools
inspection:
- added support for Fedora 17+
- added support for FreeDOS
- added support for Buildroot and Cirros
- inspection is now compatible with Windows guests that have been
sysprepped (thanks Grant Williamson).
API:
- broad support for btrfs added, including adding multiple devices,
fsck, snapshots (thanks Wanlong Gao)
- the new 'mount-local' API brings FUSE support directly into the
core libguestfs API
https://rwmj.wordpress.com/2012/05/14/tip-using-mount-local-api-from-c/#c...
- new man page: guestfs-performance(1), which contains performance
tuning tips
http://libguestfs.org/guestfs-performance.1.html
- new man page: guestfs-faq(1), Frequently Asked Questions
http://libguestfs.org/guestfs-faq.1.html
- ENOTSUP (from guestfs_last_errno) is now returned for APIs that
are not supported
examples:
- 'copy_over' example showing how to copy between two handles
- 'display_icon' program displays the icon associated with a guest
- 'mount_local.c' example shows how to use the mount-local API
Security
(no security problems were found or fixed in this release)
New APIs
btrfs-device-add: Add devices to a btrfs filesystem.
btrfs-device-delete: Remove devices from a btrfs filesystem.
btrfs-filesystem-sync: Sync a btrfs filesystem.
btrfs-filesystem-balance: Balance a btrfs filesystem.
btrfs-fsck: Check btrfs filesystem.
btrfs-set-seeding: Enable or disable seeding.
btrfs-subvolume-create: Create a btrfs snapshot.
btrfs-subvolume-delete: Delete a btrfs snapshot.
btrfs-subvolume-list: List btrfs snapshots and subvolumes.
btrfs-subvolume-set-default: Set default btrfs subvolume.
btrfs-subvolume-snapshot: Create a writable btrfs snapshot.
get-e2attrs: List ext2 file attributes of a file.
get-e2generation: Get ext2 file generation of a file.
isoinfo, isoinfo-device: Get information from the header of ISO files.
llz: List files with SELinux information.
lvcreate-free: Create an LVM logical volume in % remaining free space.
md-stat: Return underlying devices from an MD device.
mkfs-brtfs: Make btrfs filesystem, with all tunables.
mount-local, mount-local-run, umount-local: FUSE support in the API.
ntfsclone-in, ntfsclone-out: Save, restore NTFS from backup.
ntfsfix: Fix common errors and force Windows to check NTFS.
set-e2attrs: Set or clear ext2 file attributes of a file.
set-e2generation: Set ext2 file generation of a file.
set-label: Unified interface for setting filesystem label.
vgmeta: Get volume group metadata.
wipefs: Wipe filesystem signatures from a device.
zero-free-space: Zero free space in a filesystem.
Internals
- The debian/ subdirectory has been removed. We recommend you use
the official Debian packages made by Hilko Bengen.
http://people.debian.org/~bengen/libguestfs/
http://packages.debian.org/search?keywords=libguestfs
- O_CLOEXEC / SOCK_CLOEXEC is now used for almost all file
descriptors that the library opens.
- posix_fadvise is called when sequentially reading or writing large
files.
- close all file descriptors and remove all signal handlers in the
recovery process
- multiple gcc warnings and Coverity bugs have been fixed; many
strict-overflow bugs have also been fixed
- use ./configure --enable-valgrind-daemon to use valgrind on the
daemon; many errors have been fixed
- use ./configure --with-qemu-options to pass extra options to qemu
- the daemon now has a growable strings buffer type (DECLARE_STRINGSBUF)
- the <guestfs.h> header file works with C++ and we have a regression
test for this
- multiple APIs which should only be called in the CONFIG state now
give an error if they are not
- .gitignore fixed to use absolute paths
- gobject bindings have been expanded, including mapping libguestfs
events to gobject signals (thanks Matt Booth)
- gobject documentation is generated properly (thanks Matt Booth)
- gobject header files now live in a subdirectory
- CompareWithString test in the generator now works
- FUInt32, FUInt64 struct field types now use the correct XDR type
- OCaml tests are now run on bytecode and native code.
- java -Xlint:all is used, and all warnings have been fixed
- bmptopng, wrestool (etc) missing or failure no longer prints
warning messages
- ruby: Use RbConfig instead of Config.
- PYTHONPATH is set by the ./run script.
- appliance building is now thread-safe.
- appliance now uses 'ip' instead of 'ifconfig' and 'netstat'
commands
- several fixes to make parallel builds work properly
- guestfish --listen now cleans up properly
- the BUSY state has been removed
- gettextize has been removed, replaced by a simple Makefile.am
- gettext support now covers virt-resize, virt-sparsify and virt-sysprep
- better support for the arm architecture
Bugs fixed
- 822490 virt-ls error: "libguestfs: error: checksum: path: parameter cannot be NULL"
- 816839 data overflow error when debug progress -1
- 816098 virt-make-fs fails to make a btrfs filesystem because it doesn't allocate enough space
- 811872 inspection fails on ubuntu 10.04 guest with encrypted swap
- 811650 guestfs_last_error not set when qemu fails early during launch
- 811649 libguestfs cannot open disk images which are symlinks to files that contain ':' (colon) character
- 811117 [RFE][virt-sysprep] net-hwaddr not removed from "ifcfg-*" files on rhel
- 811112 [RFE][virt-sysprep] hostname can not be changed on rhel system
- 809361 inspection doesn't recognize Fedora 18 (grub2 + GPT)
- 807905 mkfs blocksize option breaks when creating btrfs
- 805070 virt-filesystems should show 'parents' of LV and RAID devices
- 804464 libguestfs cannot be built when LINGUAS is different then ja or uk
- 803664 libguestfs inspection fails on Windows XP: libguestfs: error: hivex: could not locate HKLM\SYSTEM\MountedDevices
- 803533 guestfish: write error
- 802389 event handlers for 'close' event doesn't work in remote mode
- 802109 libguestfs uses putc on stderr, results in many individual 1 byte writes of debug messages
- 801640 [RFE] the error reported by resize2fs-M need to be more clear
- 801298 Possible null dereference and resource leaks
- 801273 Document for set-pgroup need to be updated
- 798196 virt-resize confuses format and output_format variables; using --output-format sets the input format
- 797986 virt-resize on Windows XP in sysprep state causes "UNMOUNTABLE_BOOT_VOLUME" BSOD
- 796520 [RFE] Prevent user from running some appliance configure commands after appliance boot up
- 790721 multiprovider build error: RuntimeError: link: /tmp/.guestfs-0/kernel /tmp/.guestfs-0/kernel.10139: File exists
- 789960 guestfsd crash when try to mount non-exist disk
- 789504 virt-df (other tools?) should not give up if a guest disk is missing
- 788641 virt-edit doesn't preserve file permissions
- 786215 libguestfs inspection does not recognize FreeDOS operating system
- 786188 libguestfs inspection does not recognize FreeDOS install CD
- 785668 aug-defnode: daemon crash
- 784647 Libguestfs uses deprecated net-tools
- 769304 virt-resize on RHEL 6 kernel fails to re-read the partition table
- 755729 Error message for resize2fs-M needs tweaking
- 701814 virt-win-reg fails on a libvirt guest that has no defined disk format: "format parameter is empty or contains disallowed characters"
- 679737 libguestfs: improve error message when zerofree is not available in the appliance
- 635971 glob mkfs ext2 /dev/vd[b-t]1 does not expand
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
12 years, 2 months
Notes on libguestfs on Fedora/ARM
by Richard W.M. Jones
I've added some commits to ensure libguestfs can compile on Fedora/ARM
(with all options and bindings enabled except Haskell).
However it doesn't quite run yet:
(1) The Fedora qemu package is broken. Don't use it; compile qemu
from source instead.
(2) You have to configure libguestfs to pass extra qemu options.
Currently you should use:
PATH=/path/to/your/qemu/arm-softmmu:$PATH \
./autogen.sh \
--with-qemu=qemu-system-arm \
--with-qemu-options="-M versatilepb -cpu arm926"
(3) The versatilepb emulated system only supports memory < 512MB, and
will only boot the standard kernel, so when running you need something
like this:
FEBOOTSTRAP_KERNEL=/boot/vmlinuz-3.3.4-4.fc17.armv7hl \
FEBOOTSTRAP_MODULES=/lib/modules/3.3.4-4.fc17.armv7hl \
LIBGUESTFS_MEMSIZE=256 \
LIBGUESTFS_DEBUG=1 \
make check
(4) Currently this will fail because the virtio-pci driver doesn't
work on ARM. The characteristic stack trace starts with:
[ 4.841052] [<c0230a08>] (vp_reset+0x14/0x64) from [<c022fa48>] (register_virtio_device+0x4c/0x94)
[ 4.844047] [<c022fa48>] (register_virtio_device+0x4c/0x94) from [<c04277bc>] (virtio_pci_probe+0x100/0x168)
[ 4.846966] [<c04277bc>] (virtio_pci_probe+0x100/0x168) from [<c02138e0>] (pci_device_probe+0x90/0x120)
[ 4.850258] [<c02138e0>] (pci_device_probe+0x90/0x120) from [<c025fe98>] (driver_probe_device+0x148/0x2c4)
(Note that you cannot work around this by choosing a different block
driver, because eventually virtio-serial is required which will fail
in the same way).
(5) To fix (4), it is planned to move to vexpress emulation. This
also lifts the memory limit to <= 2GB. vexpress doesn't have PCI at
all, but it has a non-upstream virtio-mmio transport which allegedly
works (I've not tried it). This also requires a new kernel for
Fedora/ARM build with vexpress support. The configure options
mentioned in step (2) will change to:
--with-qemu-options="-M vexpress-a9 -cpu cortex-a9"
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
12 years, 2 months
[PATCH] sysprep: remove kerberos data in the guest
by Wanlong Gao
Remove the generated kerberos data in the guest.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 ++
sysprep/sysprep_operation_kerberos_data.ml | 52 ++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
create mode 100644 sysprep/sysprep_operation_kerberos_data.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index d24ce13..4f49ad3 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -43,6 +43,7 @@ SOURCES = \
sysprep_operation_dovecot_data.ml \
sysprep_operation_flag_reconfiguration.ml \
sysprep_operation_hostname.ml \
+ sysprep_operation_kerberos_data.ml \
sysprep_operation_logfiles.ml \
sysprep_operation_mail_spool.ml \
sysprep_operation_net_hwaddr.ml \
@@ -79,6 +80,7 @@ OBJECTS = \
sysprep_operation_dovecot_data.cmx \
sysprep_operation_flag_reconfiguration.cmx \
sysprep_operation_hostname.cmx \
+ sysprep_operation_kerberos_data.cmx \
sysprep_operation_logfiles.cmx \
sysprep_operation_mail_spool.cmx \
sysprep_operation_net_hwaddr.cmx \
diff --git a/sysprep/sysprep_operation_kerberos_data.ml b/sysprep/sysprep_operation_kerberos_data.ml
new file mode 100644
index 0000000..911b9e9
--- /dev/null
+++ b/sysprep/sysprep_operation_kerberos_data.ml
@@ -0,0 +1,52 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Sysprep_gettext.Gettext
+
+module StringSet = Set.Make (String)
+module G = Guestfs
+
+let kerberos_data_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ let excepts = [ "/var/kerberos/krb5kdc/kadm5.acl";
+ "/var/kerberos/krb5kdc/kdc.conf"; ] in
+ let paths = Array.to_list (g#glob_expand "/var/kerberos/krb5kdc/*") in
+ let set = List.fold_right StringSet.add paths StringSet.empty in
+ let excepts = List.fold_right StringSet.add excepts StringSet.empty in
+ let set = StringSet.diff set excepts in
+ StringSet.iter (
+ fun filename ->
+ try g#rm filename with G.Error _ -> ()
+ ) set;
+
+ []
+ )
+ else []
+
+let kerberos_data_op = {
+ name = "kerberos-data";
+ enabled_by_default = false;
+ heading = s_"Remove Kerberos data in the guest";
+ pod_description = None;
+ extra_args = [];
+ perform = kerberos_data_perform;
+}
+
+let () = register_operation kerberos_data_op
--
1.7.10
12 years, 2 months
[PATCH 1/2] sysprep: remove ca certificates in the guest
by Wanlong Gao
Remove the ca certificates.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
sysprep/Makefile.am | 2 +
sysprep/sysprep_operation_ca_certificates.ml | 62 ++++++++++++++++++++++++++
2 files changed, 64 insertions(+)
create mode 100644 sysprep/sysprep_operation_ca_certificates.ml
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index d82e5ae..c6292cc 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -35,6 +35,7 @@ SOURCES = \
sysprep_operation.ml \
sysprep_operation.mli \
sysprep_operation_bash_history.ml \
+ sysprep_operation_ca_certificates.ml \
sysprep_operation_cron_spool.ml \
sysprep_operation_dhcp_client_state.ml \
sysprep_operation_dhcp_server_state.ml \
@@ -68,6 +69,7 @@ OBJECTS = \
utils.cmx \
sysprep_operation.cmx \
sysprep_operation_bash_history.cmx \
+ sysprep_operation_ca_certificates.cmx \
sysprep_operation_cron_spool.cmx \
sysprep_operation_dhcp_client_state.cmx \
sysprep_operation_dhcp_server_state.cmx \
diff --git a/sysprep/sysprep_operation_ca_certificates.ml b/sysprep/sysprep_operation_ca_certificates.ml
new file mode 100644
index 0000000..82b4189
--- /dev/null
+++ b/sysprep/sysprep_operation_ca_certificates.ml
@@ -0,0 +1,62 @@
+(* virt-sysprep
+ * Copyright (C) 2012 FUJITSU LIMITED
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Sysprep_gettext.Gettext
+
+module G = Guestfs
+
+let ca_certificates_perform g root =
+ let typ = g#inspect_get_type root in
+ if typ <> "windows" then (
+ let paths = [ "/etc/pki/CA/certs/*";
+ "/etc/pki/CA/crl/*";
+ "/etc/pki/CA/newcerts/*";
+ "/etc/pki/CA/private/*";
+ "/etc/pki/tls/private/*";
+ "/etc/pki/tls/certs/*.crt"; ] in
+ let excepts = [ "/etc/pki/tls/certs/ca-bundle.crt";
+ "/etc/pki/tls/certs/ca-bundle.trust.crt"; ] in
+ List.iter (
+ fun path ->
+ let files = g#glob_expand path in
+ Array.iter (
+ fun file ->
+ List.iter (
+ fun except ->
+ if file <> except then (
+ try g#rm file with G.Error _ -> ()
+ )
+ ) excepts;
+ ) files;
+ ) paths;
+
+ []
+ )
+ else []
+
+let ca_certificates_op = {
+ name = "ca-certificates";
+ enabled_by_default = true;
+ heading = s_"Remove CA certificates in the guest";
+ pod_description = None;
+ extra_args = [];
+ perform = ca_certificates_perform;
+}
+
+let () = register_operation ca_certificates_op
--
1.7.10
12 years, 2 months
