├── README.md ├── aws ├── azure ├── Containerfile ├── README.md ├── etc │ └── cloud │ │ └── cloud.cfg.d │ │ ├── 05_logging.cfg │ │ └── 91-azure_datasource.cfg └── usr │ └── lib │ └── bootc │ └── install │ └── 05-cloud-kargs.toml ├── cloud-init └── Containerfile ├── container-auth ├── Containerfile └── containers-auth.conf ├── gcp ├── Containerfile ├── README.md ├── etc │ └── yum.repos.d │ │ └── google-cloud.repo └── usr │ └── lib │ └── bootc │ └── install │ └── 05-cloud-kargs.toml ├── insights ├── .rhc_connect_credentials ├── Containerfile └── rhc-connect.service ├── kubevirt └── Containerfile ├── openstack └── vmware ├── Containerfile ├── README.md └── etc └── vmware-tools └── tools.conf /README.md: -------------------------------------------------------------------------------- 1 | # RHEL bootc examples 2 | 3 | Welcome to the examples repository for RHEL bootc! 4 | 5 | The `registry.redhat.io/rhel9/rhel-bootc:9.4` container image 6 | represents a new mechanism to configure Red Hat Enterprise Linux. 7 | 8 | You can define your systems via a container build, generate 9 | disk images from the containers or deploy them directly via 10 | Anaconda or `bootc install`. 11 | 12 | Thereafter, the systems can be upgraded in-place with 13 | transactional updates/rollbacks and maintained in a git-ops 14 | fashion, or with live changes applied out of band. 15 | 16 | This git repository contains just a few representative 17 | examples of configuring a Linux system via containers. 18 | 19 | ## General guidance 20 | 21 | A very significant percentage of Linux system configuration 22 | boils down to writing configuration files. For example, 23 | kernel parameters can be changed by writing to `/usr/lib/sysctl.d`. 24 | 25 | In general, configuration like this will Just Work when 26 | done in a container build. 27 | 28 | As a result, this example repository focuses on two things: 29 | 30 | - Additional software patterns (especially for public clouds) 31 | - Subtle and less obvious cases, such as SSH key management 32 | 33 | ## Examples 34 | 35 | ### Systems management 36 | 37 | - [insights](insights) - Configure the booted container to register to Insights 38 | 39 | ### Systems configuration 40 | 41 | - [container-auth](container-auth) - Currently, authentication file locations 42 | for `bootc` and `podman` different, and there are some subtleties in the `podman` 43 | location; this writes a pull secret to a central location embedded in the container 44 | (underneath `/usr` as part of the immutable state). 45 | 46 | ### Cloud and virtualization 47 | 48 | - [aws, kubevirt, openstack](cloud-init) - these all simply add cloud-init, 49 | which many use cases (but not all) will want. 50 | - [vmware](vmware) - Usage of this agent is often required. 51 | 52 | ## More examples 53 | 54 | There are more community-contributed examples available in the [upstream Fedora-bootc project](https://gitlab.com/fedora/bootc/examples). 55 | 56 | -------------------------------------------------------------------------------- /aws: -------------------------------------------------------------------------------- 1 | cloud-init -------------------------------------------------------------------------------- /azure/Containerfile: -------------------------------------------------------------------------------- 1 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 2 | COPY etc/ /etc/ 3 | 4 | # install required packages and enable services 5 | RUN dnf -y install \ 6 | WALinuxAgent \ 7 | cloud-init \ 8 | cloud-utils-growpart \ 9 | gdisk \ 10 | hyperv-daemons && \ 11 | dnf clean all && \ 12 | systemctl enable NetworkManager.service && \ 13 | systemctl enable waagent.service && \ 14 | systemctl enable cloud-init.service && \ 15 | echo 'ClientAliveInterval 180' >> /etc/ssh/sshd_config 16 | 17 | # configure waagent for cloud-init to handle provisioning 18 | RUN sed -i 's/Provisioning.Agent=auto/Provisioning.Agent=cloud-init/g' /etc/waagent.conf && \ 19 | sed -i 's/ResourceDisk.Format=y/ResourceDisk.Format=n/g' /etc/waagent.conf && \ 20 | sed -i 's/ResourceDisk.EnableSwap=y/ResourceDisk.EnableSwap=n/g' /etc/waagent.conf 21 | -------------------------------------------------------------------------------- /azure/README.md: -------------------------------------------------------------------------------- 1 | # Pre-install Azure Linux VM Agent 2 | 3 | In this example, we install the [Azure Linux VM Agent](https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux) and enable its service for autostart. 4 | 5 | For more information on the steps of the Containerfile, please refer to the [requirements](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/redhat-create-upload-vhd#rhel-8-using-hyper-v-manager) for creating custom RHEL images for use on Azure. 6 | -------------------------------------------------------------------------------- /azure/etc/cloud/cloud.cfg.d/05_logging.cfg: -------------------------------------------------------------------------------- 1 | # This tells cloud-init to redirect its stdout and stderr to 2 | # 'tee -a /var/log/cloud-init-output.log' so the user can see output 3 | # there without needing to look on the console. 4 | output: {all: '| tee -a /var/log/cloud-init-output.log'} 5 | -------------------------------------------------------------------------------- /azure/etc/cloud/cloud.cfg.d/91-azure_datasource.cfg: -------------------------------------------------------------------------------- 1 | datasource_list: [ Azure ] 2 | datasource: 3 | Azure: 4 | apply_network_config: False 5 | -------------------------------------------------------------------------------- /azure/usr/lib/bootc/install/05-cloud-kargs.toml: -------------------------------------------------------------------------------- 1 | [install] 2 | # See also: 3 | # - https://github.com/coreos/fedora-coreos-config/blob/testing-devel/platforms.yaml 4 | # - https://github.com/osbuild/images/blob/63a1eead26a7c802dbcebe863439f591be6dc6e5/pkg/distro/rhel9/qcow2.go#L159 5 | # - https://learn.microsoft.com/en-us/azure/virtual-machines/linux/create-upload-generic?source=recommendations#general-linux-system-requirements 6 | kargs = ["rootdelay=300", "console=tty0", "console=ttyS0,115200n8", "earlyprintk=ttyS0", "net.iframes=0"] 7 | 8 | -------------------------------------------------------------------------------- /cloud-init/Containerfile: -------------------------------------------------------------------------------- 1 | # This image demonstrates installing cloud-init on top of the base image. 2 | # Some workflows in particular will want to at least support fetching e.g. 3 | # SSH keys from the hypervisor metadata, and also cloud-init can be 4 | # a useful way to inject secrets from the instance metadata, instead 5 | # of including it in container images. 6 | # However, cloud-init type functionality is not included in the base image 7 | # because some systems will want to run in an "immutable infrastructure" 8 | # fashion instead, e.g. fully turning off SSH even. 9 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 10 | 11 | RUN dnf -y install cloud-init && \ 12 | ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants && \ 13 | rm -rf /var/{cache,log} /var/lib/{dnf,rhsm} 14 | 15 | -------------------------------------------------------------------------------- /container-auth/Containerfile: -------------------------------------------------------------------------------- 1 | # This example expects a secret named "creds" to contain 2 | # the registry pull secret. To build, use e.g. 3 | # podman build --secret id=creds,src=$HOME/.docker/config.json ... 4 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 5 | # Use a single pull secret for bootc and podman by symlinking both locations 6 | # to a common persistent file embedded in the container image. 7 | # 8 | # NOTE: In this example, /usr/lib/container-auth.json is a made-up location. 9 | # 10 | # There is some discussion of a centralized authentication file in 11 | # https://github.com/containers/image/pull/1746 12 | # 13 | COPY containers-auth.conf /usr/lib/tmpfiles.d/link-podman-credentials.conf 14 | RUN --mount=type=secret,id=creds,required=true cp /run/secrets/creds /usr/lib/container-auth.json && \ 15 | chmod 0600 /usr/lib/container-auth.json && \ 16 | ln -sr /usr/lib/container-auth.json /etc/ostree/auth.json 17 | -------------------------------------------------------------------------------- /container-auth/containers-auth.conf: -------------------------------------------------------------------------------- 1 | # Make /run/containers/0/auth.json (a transient runtime file) 2 | # a symlink to our /usr/lib/container-auth.json (a persistent file) 3 | # which is also symlinked from /etc/ostree/auth.json. 4 | d /run/containers/0 0755 root root - 5 | L /run/user/0/containers/auth.json - - - - ../../../../usr/lib/container-auth.json 6 | -------------------------------------------------------------------------------- /gcp/Containerfile: -------------------------------------------------------------------------------- 1 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 2 | # Inject our configuration; the etc/ contains yum.repos.d files for the google-cloud external 3 | # yum repository. 4 | COPY etc /etc/ 5 | # This directory injects console= kernel arguments, but is commented 6 | # out right now as there is a plan to make this more generic, see 7 | # https://github.com/containers/bootc/issues/470 8 | #COPY usr /usr/ 9 | # Note that we don't install osconfig-agent, which conceptually 10 | # clashes with what we're doing here in managing the OS as a container. 11 | # 12 | # google-compute-engine tries to regenerate the initramfs in %post, 13 | # but that's unnecessary because we already ship the nvme driver 14 | # in the initramfs in C9S/RHEL9. 15 | # https://github.com/GoogleCloudPlatform/guest-configs/blob/b0fbc3b6ec49f0f6406beb3cf05d157ee141f447/packaging/google-compute-engine.spec#L87 16 | RUN dnf -y install google-compute-engine && dnf clean all 17 | -------------------------------------------------------------------------------- /gcp/README.md: -------------------------------------------------------------------------------- 1 | # Build a host with default tweaks to run in GCP 2 | 3 | See and 4 | . 5 | -------------------------------------------------------------------------------- /gcp/etc/yum.repos.d/google-cloud.repo: -------------------------------------------------------------------------------- 1 | [google-compute-engine] 2 | name=Google Compute Engine 3 | baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el9-${basearch}-stable 4 | enabled=1 5 | gpgcheck=1 6 | repo_gpgcheck=0 7 | gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg 8 | https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 9 | -------------------------------------------------------------------------------- /gcp/usr/lib/bootc/install/05-cloud-kargs.toml: -------------------------------------------------------------------------------- 1 | [install] 2 | # See also: 3 | # - https://github.com/coreos/fedora-coreos-config/blob/testing-devel/platforms.yaml 4 | # - https://github.com/osbuild/images/blob/63a1eead26a7c802dbcebe863439f591be6dc6e5/pkg/distro/rhel9/qcow2.go#L159 5 | kargs = ["console=tty0", "console=ttyS0,115200n8"] 6 | -------------------------------------------------------------------------------- /insights/.rhc_connect_credentials: -------------------------------------------------------------------------------- 1 | RHC_ACT_KEY= 2 | RHC_ORG_ID= 3 | -------------------------------------------------------------------------------- /insights/Containerfile: -------------------------------------------------------------------------------- 1 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 2 | 3 | RUN dnf install rhc rhc-worker-playbook -y 4 | 5 | # If you want the system to auto register to insights on first boot, uncomment 6 | # the next three statements and populate the .rhc_connect_credentials file 7 | # with an activation key and organization id. 8 | # See https://console.redhat.com/insights/connector/activation-keys 9 | 10 | # COPY rhc-connect.service /usr/lib/systemd/system/rhc-connect.service 11 | # COPY .rhc_connect_credentials /etc/rhc/.rhc_connect_credentials 12 | # RUN systemctl enable rhc-connect && touch /etc/rhc/.run_rhc_connect_next_boot 13 | -------------------------------------------------------------------------------- /insights/rhc-connect.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run rhc connect at boot 3 | After=network-online.target 4 | ConditionPathExists=/etc/rhc/.run_rhc_connect_next_boot 5 | 6 | [Service] 7 | Type=oneshot 8 | EnvironmentFile=/etc/rhc/.rhc_connect_credentials 9 | ExecStart=/usr/bin/rhc connect --activation-key ${RHC_ACT_KEY} --organization ${RHC_ORG_ID} 10 | Restart=no 11 | WatchdogSec=900 12 | CPUQuota=30% 13 | MemoryHigh=1G 14 | MemoryMax=2G 15 | TasksMax=300 16 | BlockIOWeight=100 17 | ExecStartPre=/bin/rm -f /etc/rhc/.run_rhc_connect_next_boot 18 | ExecStop=/bin/rm -f /etc/rhc/.rhc_connect_credentials 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /kubevirt/Containerfile: -------------------------------------------------------------------------------- 1 | # This includes cloud-init plus qemu-guest-agent, which kubevirt also 2 | # prefers to have. 3 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 4 | RUN dnf -y install cloud-init qemu-guest-agent && \ 5 | ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants && \ 6 | dnf clean all 7 | -------------------------------------------------------------------------------- /openstack: -------------------------------------------------------------------------------- 1 | cloud-init -------------------------------------------------------------------------------- /vmware/Containerfile: -------------------------------------------------------------------------------- 1 | FROM registry.redhat.io/rhel9/rhel-bootc:9.4 2 | 3 | # Copy our custom configuration in /etc/vmware-tools/tools.conf 4 | COPY etc/ /etc/ 5 | RUN dnf -y install open-vm-tools && \ 6 | dnf clean all && \ 7 | systemctl enable vmtoolsd.service 8 | -------------------------------------------------------------------------------- /vmware/README.md: -------------------------------------------------------------------------------- 1 | # Build an image for use with VMware 2 | 3 | Before building, make any desired configuration changes in `etc/vmware-tools/tools.conf`. 4 | 5 | __ 6 | [Using VMware Tools Configuration File](https://docs.vmware.com/en/VMware-Tools/12.3.0/com.vmware.vsphere.vmwaretools.doc/GUID-EA16729B-43C9-4DF9-B780-9B358E71B4AB.html) 7 | -------------------------------------------------------------------------------- /vmware/etc/vmware-tools/tools.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019-2023 VMware, Inc. All rights reserved. 2 | 3 | # "CAUTION: tools.conf is highly syntax sensitive file. Use extreme caution 4 | # while editing it. If modified, it is automatically re-loaded by 5 | # VMware Tools services every 5 seconds." 6 | # 7 | # Lines must not end with trailing white space. 8 | 9 | [unsetenvironment] 10 | # Defines environment variables to be removed from the service reading 11 | # the configuration file. Supported formats are: 12 | # 13 | # 1. = 14 | # 2. .= 15 | # 16 | # Where refers to the 'vmsvc' and 'vmusr', 17 | # refers to the name of the environment 18 | # variable to be removed. '=' sign after 19 | # is mandatory to maintain the configuration file syntax. 20 | # However, anything after '=' is ignored. 21 | # 22 | # Case-sensitive behavior is defined by the operating system. 23 | # 24 | # Note: unsetenvironment group is processed before setenvironment group. 25 | # As the service environment is setup at start up time, any changes 26 | # in this group require service to be restarted in order to take effect. 27 | # 28 | # Unsetting PATH for all services: 29 | # PATH= 30 | # 31 | # Unsetting PATH for vmsvc only: 32 | # vmsvc.PATH= 33 | # 34 | # Unsetting PATH for vmusr only: 35 | # vmusr.PATH= 36 | 37 | [setenvironment] 38 | # Defines environment variables to be set for the service reading 39 | # the configuration file. Supported formats are: 40 | # 41 | # 1. = 42 | # 2. .= 43 | # 44 | # Where refers to the 'vmsvc' and 'vmusr', 45 | # refers to the name of the environment 46 | # variable to be set, and refers to the 47 | # value to be assigned to the environment variable. 48 | # 49 | # Case-sensitive behavior is defined by the operating system. 50 | # 51 | # Note: setenvironment group is processed after unsetenvironment group. 52 | # As the service environment is setup at start up time, any changes 53 | # in this group require service to be restarted in order to take effect. 54 | # 55 | # Setting TMPDIR for all services: 56 | # TMPDIR=/vmware/temp 57 | # 58 | # Setting TMPDIR for vmsvc only: 59 | # vmsvc.TMPDIR=/vmware/vmsvc/temp 60 | # 61 | # Setting TMPDIR for vmusr only: 62 | # vmusr.TMPDIR=/vmware/vmusr/temp 63 | 64 | [logging] 65 | # set to false to turn off logging 66 | #log = true 67 | 68 | # Log destinations for various services 69 | # By default, logs go to 70 | # %windir%/temp/vmware-.log 71 | # for Windows, and 72 | # /var/log/vmware--.log 73 | # for Linux, MacOS and Solaris. 74 | 75 | # Possible values for handler are: 76 | # file: logs to a file. Set *.data to the file name 77 | # file+: same as 'file', but appends to the file 78 | # All file paths used in *.data value need to be in Unix 79 | # format (forward slashes) and in utf-8, for all operating 80 | # systems. 81 | # vmx: logs to the host (ESXi, Workstation, Fusion) 82 | # std: Logs to stdout for level >= 'message', 83 | # and to stderr for more severe than 'message'. 84 | # syslog: logs to syslog 85 | # outputdebugstring: uses OutputDebugString (Windows only) 86 | 87 | # If handler is 'syslog' and the OS is Linux, the facility 88 | # can be set with .facility. The facility value can be one of 89 | # 'local0'..'local7', 'daemon' or 'user'. The default is 'user'. 90 | #vmtoolsd.facility = user 91 | 92 | # possible values for level are: 93 | # debug, info, message, warning, critical, error 94 | # Note that "debug" level logs generate huge amounts of logs and may also 95 | # include sensitive data required for diagnosis. Therefore, this level should 96 | # be used only for the duration of diagnosis of an issue and reverted back to 97 | # default setting post diagnosis. 98 | 99 | # Enable tools service logging to a file. 100 | #vmtoolsd.level = debug 101 | #vmtoolsd.handler = file 102 | #vmtoolsd.data = c:/tmp/vmtoolsd-${USER}.log 103 | 104 | # Enable 'vmsvc' service logging to a file. 105 | #vmsvc.level = debug 106 | #vmsvc.handler = file 107 | #vmsvc.data = c:/tmp/vmsvc.log 108 | 109 | # Enable VMwareResolutionSet.exe logging to a file. 110 | # Comment this for Linux guest, sometimes vmusr logs are not generated due 111 | # to this being uncommented 112 | #vmresset.level = debug 113 | #vmresset.handler = file+ 114 | #vmresset.data = c:/tmp/vmresset.log 115 | 116 | # Enable new "vmusr" service logging to a file. 117 | #vmusr.level = debug 118 | #vmusr.handler = file 119 | #vmusr.data = c:/tmp/vmusr.${USER}.log 120 | 121 | # Set the following configuration if you want to collect the logs for 122 | # vmware-toolbox-cmd utility 123 | #toolboxcmd.level = debug 124 | #toolboxcmd.handler = file 125 | #toolboxcmd.data = c:/tmp/vmtoolboxcmd-${USER}.log 126 | 127 | # With no explicit logging configuration for deployPkg, its default log path in 128 | # Linux is /var/log/vmware-imc/toolsDeployPkg.log, and in Windows is 129 | # %WINDIR%/Temp/vmware-imc/toolsDeployPkg.log 130 | # Set the following configuration if you want to redirect the deployPkg log to 131 | # any existing location other than the default. 132 | #deployPkg.level = debug 133 | #deployPkg.handler = file 134 | #deployPkg.data = c:/tmp/toolsDeployPkg-${USER}.log 135 | 136 | # Redirecting the deployPkg log to the vmx log file. Please note that 137 | # "log = true" and the vmsvc log handler setting to vmx are also neccessary 138 | # if you want to redirect the deployPkg log to vmx. 139 | #log = true 140 | #vmsvc.level = debug 141 | #vmsvc.handler = vmx 142 | #deployPkg.level = debug 143 | #deployPkg.handler = vmx 144 | 145 | # Enable old VMwareUser/vmware-user logging to file. 146 | #log.file = c:/tmp/vmtools.log 147 | 148 | # Enable "hgfsServer" request handling logging to the appropriate service file. 149 | #hgfsServer.level = debug 150 | 151 | # Enable "hgfs" manager and transport logging to the appropriate service file. 152 | #hgfsd.level = debug 153 | 154 | #vmbackup.level = debug 155 | #vmbackup.handler = vmx 156 | 157 | #vmvss.level = debug 158 | #vmvss.handler = vmx 159 | 160 | # Default 4096, 0=> deactivate log caching 161 | #maxCacheEntries=4096 162 | 163 | 164 | # Set the following configurations for modifying network script logging file. 165 | # Only for Linux, Mac OS X, Solaris, and FreeBSD 166 | #network.handler = file 167 | #network.data = /tmp/network.log 168 | #network.maxOldLogFiles = 9 169 | 170 | # Redirect network script logs to vmx 171 | #network.handler = vmx 172 | 173 | [powerops] 174 | # Custom scripts for power operations 175 | # This can be an absolute path, or a path relative to the tools 176 | # install path (/etc/vmware-tools/ for Linux). 177 | # For more information on configuring and querying custom scripts with 178 | # VMware Tools, see the "Use Custom VMware Tools Scripts" section of the 179 | # "VMware Tools Configuration Utility User's Guide". 180 | 181 | # Runs when the virtual machine is being powered on rather than resumed. 182 | # Also runs after virtual machine restarts. 183 | # The default script has no effect on networking for the virtual machine. 184 | #poweron-script=poweron-vm-default 185 | 186 | # Runs when the virtual machine is being powered off or reset. 187 | # The default script has no effect on networking for the virtual machine. 188 | #poweroff-script=poweroff-vm-default 189 | 190 | # Runs when the virtual machine is resumed after it was suspended. 191 | # On Windows guest operating systems, if the virtual machine is configured to 192 | # use DHCP, the default script renews the IP address of the virtual machine. 193 | # On Linux, Mac OS X, Solaris, and FreeBSD guest operating systems, 194 | # this script starts networking for the virtual machine. 195 | #resume-script=resume-vm-default 196 | 197 | # Runs when the virtual machine is being suspended. 198 | # On Windows guest operating systems, if the virtual machine is configured 199 | # to use DHCP, the default script releases the IP address of the virtual 200 | # machine. 201 | # On Linux, Mac OS X, Solaris, and FreeBSD, this script stops networking for 202 | # the virtual machine. 203 | #suspend-script=suspend-vm-default 204 | 205 | [guestinfo] 206 | 207 | # Set to true to deactivate the perf monitor. 208 | #disable-perf-mon=false 209 | 210 | # Set to true to deactivate DiskInfo. 211 | #disable-query-diskinfo=false 212 | 213 | # User-defined poll interval in seconds. Set to 0 to deactivate polling. 214 | #poll-interval=30 215 | 216 | # User-defined stats interval in seconds. Set to 0 to deactivate stats collection. 217 | #stats-interval=20 218 | 219 | # Whether stat results should be written to the log. 220 | #enable-stat-logging=false 221 | 222 | # Set a comma separated list of network interface names that can be the 223 | # primary ones. These will be sorted to the top. Interface names can use 224 | # wildcards like '*' and '?'. Default is no value. 225 | #primary-nics= 226 | 227 | # Set a comma separated list of network interface names that have low priority 228 | # (so they will be sorted to the end). Interface names can use wildcards like 229 | # '*' and '?'. Default is no value. 230 | #low-priority-nics= 231 | 232 | # Set a comma separated list of network interface names that shall be ignored. 233 | # Interface names can use wildcards like '*' and '?'. 234 | # Default for Linux and all non-Windows: 235 | #exclude-nics=veth*,docker*,virbr*,antrea-*,cali* 236 | # Default for Windows: 237 | #exclude-nics=vEthernet* 238 | 239 | # max umber of IPv4 routes to gather. 240 | #max-ipv4-routes=100 241 | 242 | # max umber of IPv6 routes to gather. 243 | #max-ipv6-routes=100 244 | 245 | # whether to include reserved space in diskInfo space metrics on Linux 246 | #diskinfo-include-reserved=false 247 | 248 | [globalconf] 249 | 250 | # The GlobalConf feature provides an ability for the vSphere administrators 251 | # to distribute a 'VMware Tools Configuration File' (tools.conf) via the 252 | # GuestStore for multiple VMs at scale. 253 | 254 | # Defines the configuration to activate/deactivate the GlobalConf module. 255 | # Set to true to enable(activate) the module. 256 | # Set to false to deactivate the module. Default false. 257 | #enabled=false 258 | 259 | # Defines a custom GlobalConf poll interval (in seconds). 260 | # Default 3600 seconds. Minimum 1800 seconds. 261 | #poll-interval=3600 262 | 263 | # Defines the global configuration resource in GuestStore. 264 | # Windows guests 265 | #resource=/vmware/configurations/vmtools/windows/tools.conf 266 | # 267 | # Linux guests 268 | #resource=/vmware/configurations/vmtools/linux/tools.conf 269 | 270 | [componentmgr] 271 | 272 | # This plugin manages the known and enabled components add/remove status. 273 | # The plugin polls at regular interval and triggers action add/remove for 274 | # all the known and enabled components in the componentMgr plugin. 275 | 276 | # Default and minimum polling interval in seconds (0 => polling deactivated) 277 | #poll-interval=180 278 | 279 | # Comma separated list of components managed by the plugin. If not specified, 280 | # default value is all, which means all components are enabled by default. 281 | # A special value of none means no component, which is equivalent to disabling 282 | # the plugin completely. Value is parsed left to right and parsing stops at 283 | # first occurrence of all or none or end of line. 284 | #included=all 285 | 286 | [appinfo] 287 | 288 | # This plugin collects info about running applications in guest OS. 289 | 290 | # Set to true to deactivate the appinfo plugin. 291 | #disabled=false 292 | 293 | # User-defined poll interval in seconds. Set to 0 to deactivate the plugin. 294 | #poll-interval=21600 295 | 296 | # For Windows guest, set to true to use WMI for getting the application 297 | # version info, otherwise native Win32 API is used. 298 | #useWMI=false 299 | 300 | # Whether to remove the duplicate applications information in the 301 | # guestinfo variable. 302 | #remove-duplicates=true 303 | 304 | [containerinfo] 305 | 306 | # This plugin collects info about running containers in guest OS. 307 | 308 | # User-defined poll interval in seconds. Set to 0 to deactivate the plugin. 309 | #poll-interval=21600 310 | 311 | # Maximum number of containers to be retrieved per namespace. 312 | #max-containers=256 313 | 314 | # Whether to remove the duplicate containers information in the 315 | # guestinfo variable. 316 | #remove-duplicates=true 317 | 318 | # Unix socket to use to communicate with the docker daemon. 319 | #docker-unix-socket=/var/run/docker.sock 320 | 321 | # The unix socket to connect to communicate with containerd grpc server 322 | # for retrieving the list of running containers. 323 | #containerd-unix-socket=/run/containerd/containerd.sock 324 | 325 | # List of namespaces to be queried for the running containers. 326 | # The value for this key is a comman separated list. 327 | #allowed-namespaces=moby,k8s.io,default 328 | 329 | [servicediscovery] 330 | 331 | # This plugin provides admins with additional info for better VM management. 332 | 333 | # Set to true to deactivate the servicediscovery plugin. 334 | #disabled=false 335 | 336 | [unity] 337 | # 338 | # Unity is available for Windows only. 339 | # 340 | 341 | # Set to true to override system decisions about whether unity should be available. 342 | #forceEnable=false 343 | 344 | # Override the desktop background color when in Unity mode. 345 | #desktop.backgroundColor= 346 | 347 | # The socket type can be 'ipsocket' or 'vsocket': 348 | #pbrpc.socketType 349 | 350 | [resolutionKMS] 351 | 352 | # Default is true if tools finds an xf86-video-vmware driver with 353 | # version >= 13.2.0. If you don't have X installed, set this to true manually. 354 | # This only affects tools for Linux. 355 | #enable=true 356 | 357 | [guestosinfo] 358 | 359 | # Override the short OS name sent by tools. 360 | #short-name= 361 | 362 | # Override the long OS name sent by tools. 363 | #long-name= 364 | 365 | [vmbackup] 366 | 367 | # enableSyncDriver is Linux only. 368 | #enableSyncDriver=true 369 | 370 | # enableVSS is Windows only. 371 | #enableVSS=true 372 | 373 | # vss.disableAppQuiescing is Windows only. 374 | # This setting can be used to force file system quiescing on Windows systems 375 | # having problems with application quiescing. 376 | # See https://kb.vmware.com/s/article/2146204 377 | #vss.disableAppQuiescing=false 378 | 379 | # Linux: 380 | # The value of excludedFileSystems is a comma-separated list of glob-style 381 | # patterns specifying the file system mount points to be excluded from 382 | # quiescing operation. The patterns may use '*' (wildcard) to represent 383 | # any string of characters and '?' (joker) to represent any single character. 384 | # The characters represented by the patterns '*' and '?' may include any 385 | # characters, including '/'. 386 | # 387 | # Windows: 388 | # The value of excludedFileSystems is a comma-separated list of mount points 389 | # specifying the volumes to be excluded from quiesced snapshots. 390 | # Each mount point must be a full path separated and ended with "\\". 391 | # For example, to exclude volumes with drive letter 'E' or mount point 392 | # "F:\mount\", use: 393 | # excludedFileSystems=E:\\,F:\\mount\\ 394 | # This setting is ignored when application quiescing is used. 395 | 396 | #excludedFileSystems= 397 | 398 | # Linux: 399 | # It is possible that filesystems are being frozen in pre-freeze scripts 400 | # to control the order in which those specific filesystems are to be frozen. 401 | # The vmtoolsd process must be informed of all such filesystems with the help 402 | # of "excludedFileSystems" setting of tools.conf. 403 | # 404 | # A temporary workaround is available (starting from 12.3.0) for admins to allow 405 | # quiesceing operation to succeed until the "excludedFileSystems" list 406 | # is configured. 407 | # 408 | # If another process thaws the file system while a quiescing operation 409 | # operation is ongoing, the snapshot may be compromised. Once the 410 | # "excludedFileSystems" list is configured this setting MUST be unset (or set 411 | # to false). 412 | # 413 | # The value of ignoreFrozenFileSystems is a true or false; the default is 414 | # false. 415 | # 416 | # Set to true to ignore pre-frozen file systems during the quiescing operation. 417 | # 418 | # ignoreFrozenFileSystems is Linux only (Not supported on Windows). 419 | #ignoreFrozenFileSystems=false 420 | 421 | # execScripts specifies whether to execute scripts as part of the quiescing 422 | # operation. Scripts are executed from the scripts directory along with the 423 | # legacy scripts. 424 | # 425 | # Scripts directory: 426 | # Linux: /etc/vmware-tools/backupScripts.d 427 | # Windows: \backupScripts.d 428 | # 429 | # Legacy scripts: 430 | # Linux: /usr/sbin/pre-freeze-script and /usr/sbin/post-thaw-script 431 | # Windows: C:\windows\pre-freeze-script.bat and C:\windows\post-thaw-script.bat 432 | # 433 | # On each quiescing operation, scripts are invoked before quiescing and 434 | # either after a quiescing failure or after thawing. 435 | # The first argument passed to each script is 436 | # "freeze", when invoked before quiescing; 437 | # "freezefail", when invoked after a quiescing failure; or 438 | # "thaw", when invoked after thawing. 439 | # When invoked before quiescing, scripts from the directory are invoked in 440 | # alphabetically ascending order; when invoked following a quiescing failure 441 | # or thawing, they are invoked in the reverse order. Any subdirectories are 442 | # ignored. 443 | # Note that the legacy pre-freeze-script is invoked only before quiescing as 444 | # the first script and post-thaw-script is invoked after a quiescing failure 445 | # as well as after thawing as the last script. 446 | 447 | #execScripts=true 448 | 449 | # Additional argument to be passed to scripts 450 | #scriptArg= 451 | 452 | [guestoperations] 453 | 454 | # to deactivate all guest ops 455 | #disabled=false 456 | 457 | # Whether to use vgauth for guest op authentication 458 | #useVGAuth=true 459 | 460 | [autoupgrade] 461 | 462 | # The "allow-upgrade" option controls whether automatic upgrades (or reinstalls) 463 | # are allowed. 464 | #allow-upgrade=true 465 | 466 | # The autoupgrade plugin is only available for Windows. 467 | # The "allow-add-feature" and "allow-remove-feature" control whether adding 468 | # or removing a feature will be allowed. 469 | # The allow-msi-transforms option controls whether TRANSFORMS property is 470 | # allowed. 471 | 472 | #allow-add-feature=true 473 | #allow-remove-feature=true 474 | #allow-msi-transforms=false 475 | 476 | [deployPkg] 477 | 478 | # to deactivate guest customization 479 | #enable-customization=false 480 | 481 | # This "wait-cloudinit-timeout" option controls how long does guest 482 | # customization wait for cloud-init execution done when it detects cloud-init 483 | # is available in guest. 484 | # Guest customization will continue executing as soon as it detects cloud-init 485 | # execution done within this option's value in seconds. 486 | # If cloud-init is still running beyond this option's value in seconds, guest 487 | # customization will continue executing regardless cloud-init execution status. 488 | # Minimum valid value is 0 second, set to 0 to deactivate waiting. 489 | # Maximum valid value is 1800 seconds (30 minutes). 490 | # Default value is 30 seconds. 491 | #wait-cloudinit-timeout=30 492 | 493 | [cbhelper] 494 | 495 | # The carbonblack helper plugin is only available for Windows. 496 | 497 | # User-defined poll interval in seconds. Set to 0 to deactivate polling. 498 | #poll-interval=60 499 | 500 | [gueststoreupgrade] 501 | 502 | # The guestStoreUpgrade plugin is only available for Windows. 503 | 504 | # The policy value is one of the settings listed below. 505 | # off = no VMware Tools upgrade from GuestStore. Feature is 506 | # deactivated. 507 | # manual = (Default) VMware Tools upgrade from GuestStore is 508 | # manually started. 509 | # powercycle = VMware Tools upgrade from GuestStore on system 510 | # power on. 511 | 512 | #policy=manual 513 | 514 | # Time interval for periodically checking available VMware Tools package 515 | # version in the GuestStore. 516 | # User-defined poll interval in seconds. Set to 0 to deactivate polling. 517 | # Minimum valid value is 900 seconds (15 minutes) 518 | # Default value is 3600 seconds (60 minutes) 519 | #poll-interval=3600 520 | 521 | # VMware Tools package version metadata key to specify a VMware Tools 522 | # package version in the GuestStore. 523 | # User-defined key for VMware Tools package version. 524 | # Default value is "vmtools" which points to the latest version of 525 | # VMware Tools package in the GuestStore. 526 | #vmtools-version-key=vmtools 527 | 528 | [devicehelper] 529 | 530 | # The deviceHelper plugin is only available for Windows. 531 | 532 | # Set to true to deactivate the deviceHelper plugin. 533 | #disabled=false 534 | 535 | [gitray] 536 | 537 | # The gitray plugin is only available for Windows 538 | # with Complete VMTools install or with File 539 | # Introspection Custom install. 540 | 541 | # By default the gitray plugin is enabled 542 | # To disable gitray user plugin set 543 | #enabled=false 544 | --------------------------------------------------------------------------------