: Primarily for Linux guests on KVM/QEMU and oVirt environments.   Unix & Linux Stack Exchange  +4 📋 Manual "Sealing" Checklist   If you aren't using a tool, you must manually clear specific files to prevent conflicts like duplicate IDs or network errors:   Category   Action Key Files/Commands Identification Clear unique system IDs > /etc/machine-id Networking Remove hardware-specific rules rm /etc/udev/rules.d/70-persistent-net.rules Security Regenerate identity on first boot rm /etc/ssh/ssh_host_* Logs Clear history and logs > /var/log/lastlog

No, You Can’t Just Clone the Disk: The Art and Science of Linux Sysprep If you’re coming from the Windows world, you know the drill: run sysprep /generalize , shut down, capture the image. It strips away unique identifiers: the SID, computer name, driver caches, and logs. It prepares the OS to be born again on new hardware. On Linux, there is no sysprep command. There is no single magic incantation. And that leads to a dangerous misconception: "Linux doesn't need sysprep. Just clone the disk." If you’ve ever cloned a production Linux VM and watched both the original and the clone fight over the same static IP, share the same SSH host keys, or mount the wrong filesystems, you know that’s a lie. Linux needs sysprep. It just calls it generalization , image preparation , or cloud-init seeding . And if you don't do it right, you’re building a house on a foundation of salt. Why Cloning a Running Linux System is Dangerous Let’s get specific. What breaks when you dd or clone a Linux VM without preparation?

Network Identities: MAC addresses are hardcoded in /etc/netplan/*.yaml or /etc/sysconfig/network-scripts/ifcfg-* . Clones will have identical MACs on the same broadcast domain. Persistent Network Rules: systemd and udev remember interfaces (e.g., ens192 used to be ens160 ). A cloned system might rename its interface, breaking all networking. SSH Host Keys: If two servers share the same SSH host key, you get the dreaded "REMOTE HOST IDENTIFICATION HAS CHANGED" error. Worse, it's a security risk (MITM becomes plausible). Machine ID: /etc/machine-id is a unique identifier used by systemd, DHCP clients, and some licensing systems. Clones with the same ID cause chaos in logging and monitoring. Subscription & Licensing: Tools like Red Hat Subscription Manager or Ubuntu Pro attach to a specific hardware profile. Clones look identical and may violate terms or fail to update.

Simply put: A golden image is not a backup. It’s a template. The Three Pillars of Linux Generalization Real Linux sysprep happens in three phases. Most people only do the first. 1. The Cleanup Phase (Remove the Self) This removes transient, machine-specific data. # Remove logs rm -rf /var/log/* /var/log/.* 2>/dev/null Remove temporary files rm -rf /tmp/* /var/tmp/* Remove shell history rm -f ~/.bash_history ~/.zsh_history /home/*/.bash_history Remove SSH host keys (they will regenerate on next boot) rm -f /etc/ssh/ssh_host_* Remove machine-id (systemd regenerates on next boot) > /etc/machine-id If using dbus machine-id rm -f /var/lib/dbus/machine-id

2. The Uniqueness Phase (Break the Identity) This ensures the next boot creates new, unique identifiers.

Network: Delete persistent interface rules. rm -f /etc/udev/rules.d/70-persistent-net.rules rm -f /etc/systemd/network/99-default.link

Regenerate SSH keys on next boot: Create a systemd service or cloud-init directive. Regenerate GRUB (if hardware changes): Not always needed, but for BIOS→UEFI or disk changes, you may want grub-install on first boot.

3. The Automation Phase (First Boot Setup) This is where Linux surpasses Windows sysprep. Instead of a GUI answer file, Linux uses cloud-init . Install cloud-init in your golden image. On first boot, it will:

Generate new SSH host keys. Set a unique hostname (from metadata). Configure networking (DHCP or static from metadata). Expand the root filesystem. Inject SSH keys or run user-data scripts.

A minimal cloud-init config in /etc/cloud/cloud.cfg.d/99_general.cfg : preserve_hostname: false manage_etc_hosts: true ssh_pwauth: false disable_root: false

The Real-World Workflow: How Professionals Do It Here is the battle-tested, distro-agnostic flow for Linux sysprep: Step 1: Provision a "clean" VM (not container) Build a VM exactly how you want your golden image: packages, configs, users, hardening. Step 2: Run the Generalization Script Save this as /usr/local/sbin/sysprep-linux.sh : #!/bin/bash set -e echo "=== Linux Sysprep - Generalizing System ===" 1. Clean logs and caches find /var/log -type f -exec truncate -s 0 {} ; rm -rf /var/cache/* /tmp/* /var/tmp/* 2. Remove unique IDs echo -n > /etc/machine-id rm -f /var/lib/systemd/random-seed 3. Remove SSH host keys rm -f /etc/ssh/ssh_host_* 4. Remove network interface persistence rm -f /etc/udev/rules.d/70-persistent-net.rules rm -f /etc/network/interfaces.d/50-cloud-init.cfg # if using netplan 5. Clean package manager cache apt clean || yum clean all || dnf clean all 6. Remove shell history unset HISTFILE history -c find /home -name ".*history" -exec rm -f {} ; rm -f /root/.bash_history 7. Prepare for first-boot provisioning Ensure cloud-init is installed and enabled systemctl enable cloud-init 8. Remove udev hardware database (forces re-detection) rm -f /etc/udev/hwdb.bin echo "=== Sysprep complete. Shutting down for imaging. ===" shutdown -h now

Run it as root, then capture the image from the powered-off VM. Step 3: Deploy with Metadata When you deploy from this image, pass cloud-init user-data: #cloud-config hostname: web-01 fqdn: web-01.example.com users: - name: deploy sudo: ALL=(ALL) NOPASSWD:ALL ssh_authorized_keys: - ssh-rsa AAAAB3... packages: - nginx runcmd: - systemctl enable nginx - systemctl start nginx

linux sysprep

Tidskriftspriset 2012

Nöjesguiden är Årets Tidskrift Digitala Medier 2012.

Läs mer
Mest läst
1. Krogkommenterarna – februari 2026
2. Stockholms 11 bästa omeletter
3. “De bygger Lego med sin son och kopplar det till ledarskap”
4. Bokrean 2026: En guide till årets bästa “bang for the book”
5. Hanna Lublin Niklasson: "Stockholm är världens vackraste stad"
Senast
1. Möt Shapes & Objects på Dryckesfesten Stockholm
2. Ekerö Brygghus till dryckesfesten i Stockholm
3. “De bygger Lego med sin son och kopplar det till ledarskap”
4. Månadens ångest: februari
5. 5 yrken att sikta mot om du inte vill ha jobb
Senast
1. Möt Shapes & Objects på Dryckesfesten Stockholm
2. Ekerö Brygghus till dryckesfesten i Stockholm
3. “De bygger Lego med sin son och kopplar det till ledarskap”
4. Månadens ångest: februari
5. 5 yrken att sikta mot om du inte vill ha jobb
Senast
1. Möt Shapes & Objects på Dryckesfesten Stockholm
2. Ekerö Brygghus till dryckesfesten i Stockholm
3. “De bygger Lego med sin son och kopplar det till ledarskap”
4. Månadens ångest: februari
5. 5 yrken att sikta mot om du inte vill ha jobb

Nöjesguidens nyhetsbrev


 

Missa inga nyheter! Missa inga fester!
Anmäl dig idag!

Signa upp mig

Senaste skivrecensioner

Senaste filmrecensioner

Linux Sysprep !!exclusive!! Page

: Primarily for Linux guests on KVM/QEMU and oVirt environments.   Unix & Linux Stack Exchange  +4 📋 Manual "Sealing" Checklist   If you aren't using a tool, you must manually clear specific files to prevent conflicts like duplicate IDs or network errors:   Category   Action Key Files/Commands Identification Clear unique system IDs > /etc/machine-id Networking Remove hardware-specific rules rm /etc/udev/rules.d/70-persistent-net.rules Security Regenerate identity on first boot rm /etc/ssh/ssh_host_* Logs Clear history and logs > /var/log/lastlog

No, You Can’t Just Clone the Disk: The Art and Science of Linux Sysprep If you’re coming from the Windows world, you know the drill: run sysprep /generalize , shut down, capture the image. It strips away unique identifiers: the SID, computer name, driver caches, and logs. It prepares the OS to be born again on new hardware. On Linux, there is no sysprep command. There is no single magic incantation. And that leads to a dangerous misconception: "Linux doesn't need sysprep. Just clone the disk." If you’ve ever cloned a production Linux VM and watched both the original and the clone fight over the same static IP, share the same SSH host keys, or mount the wrong filesystems, you know that’s a lie. Linux needs sysprep. It just calls it generalization , image preparation , or cloud-init seeding . And if you don't do it right, you’re building a house on a foundation of salt. Why Cloning a Running Linux System is Dangerous Let’s get specific. What breaks when you dd or clone a Linux VM without preparation?

Network Identities: MAC addresses are hardcoded in /etc/netplan/*.yaml or /etc/sysconfig/network-scripts/ifcfg-* . Clones will have identical MACs on the same broadcast domain. Persistent Network Rules: systemd and udev remember interfaces (e.g., ens192 used to be ens160 ). A cloned system might rename its interface, breaking all networking. SSH Host Keys: If two servers share the same SSH host key, you get the dreaded "REMOTE HOST IDENTIFICATION HAS CHANGED" error. Worse, it's a security risk (MITM becomes plausible). Machine ID: /etc/machine-id is a unique identifier used by systemd, DHCP clients, and some licensing systems. Clones with the same ID cause chaos in logging and monitoring. Subscription & Licensing: Tools like Red Hat Subscription Manager or Ubuntu Pro attach to a specific hardware profile. Clones look identical and may violate terms or fail to update.

Simply put: A golden image is not a backup. It’s a template. The Three Pillars of Linux Generalization Real Linux sysprep happens in three phases. Most people only do the first. 1. The Cleanup Phase (Remove the Self) This removes transient, machine-specific data. # Remove logs rm -rf /var/log/* /var/log/.* 2>/dev/null Remove temporary files rm -rf /tmp/* /var/tmp/* Remove shell history rm -f ~/.bash_history ~/.zsh_history /home/*/.bash_history Remove SSH host keys (they will regenerate on next boot) rm -f /etc/ssh/ssh_host_* Remove machine-id (systemd regenerates on next boot) > /etc/machine-id If using dbus machine-id rm -f /var/lib/dbus/machine-id linux sysprep

2. The Uniqueness Phase (Break the Identity) This ensures the next boot creates new, unique identifiers.

Network: Delete persistent interface rules. rm -f /etc/udev/rules.d/70-persistent-net.rules rm -f /etc/systemd/network/99-default.link

Regenerate SSH keys on next boot: Create a systemd service or cloud-init directive. Regenerate GRUB (if hardware changes): Not always needed, but for BIOS→UEFI or disk changes, you may want grub-install on first boot. : Primarily for Linux guests on KVM/QEMU and

3. The Automation Phase (First Boot Setup) This is where Linux surpasses Windows sysprep. Instead of a GUI answer file, Linux uses cloud-init . Install cloud-init in your golden image. On first boot, it will:

Generate new SSH host keys. Set a unique hostname (from metadata). Configure networking (DHCP or static from metadata). Expand the root filesystem. Inject SSH keys or run user-data scripts.

A minimal cloud-init config in /etc/cloud/cloud.cfg.d/99_general.cfg : preserve_hostname: false manage_etc_hosts: true ssh_pwauth: false disable_root: false It prepares the OS to be born again on new hardware

The Real-World Workflow: How Professionals Do It Here is the battle-tested, distro-agnostic flow for Linux sysprep: Step 1: Provision a "clean" VM (not container) Build a VM exactly how you want your golden image: packages, configs, users, hardening. Step 2: Run the Generalization Script Save this as /usr/local/sbin/sysprep-linux.sh : #!/bin/bash set -e echo "=== Linux Sysprep - Generalizing System ===" 1. Clean logs and caches find /var/log -type f -exec truncate -s 0 {} ; rm -rf /var/cache/* /tmp/* /var/tmp/* 2. Remove unique IDs echo -n > /etc/machine-id rm -f /var/lib/systemd/random-seed 3. Remove SSH host keys rm -f /etc/ssh/ssh_host_* 4. Remove network interface persistence rm -f /etc/udev/rules.d/70-persistent-net.rules rm -f /etc/network/interfaces.d/50-cloud-init.cfg # if using netplan 5. Clean package manager cache apt clean || yum clean all || dnf clean all 6. Remove shell history unset HISTFILE history -c find /home -name ".*history" -exec rm -f {} ; rm -f /root/.bash_history 7. Prepare for first-boot provisioning Ensure cloud-init is installed and enabled systemctl enable cloud-init 8. Remove udev hardware database (forces re-detection) rm -f /etc/udev/hwdb.bin echo "=== Sysprep complete. Shutting down for imaging. ===" shutdown -h now

Run it as root, then capture the image from the powered-off VM. Step 3: Deploy with Metadata When you deploy from this image, pass cloud-init user-data: #cloud-config hostname: web-01 fqdn: web-01.example.com users: - name: deploy sudo: ALL=(ALL) NOPASSWD:ALL ssh_authorized_keys: - ssh-rsa AAAAB3... packages: - nginx runcmd: - systemctl enable nginx - systemctl start nginx

Mest läst

Tillbaka
Fler inlägg