Common cleanup script (one-sysprep)

[kvaps]

I think it would be nice to provide single cleanup script, for remove all sensitive information from the images after preparation.

I leave there a few examples that can go in there.

Linux

Clean package cache:

# Ubuntu / Debian
apt-get clean all

# Centos
yum clean all

# Alpine
rm -rf /var/cache/apk/*

# openSUSE
zypper clean --all

Remove root password

passwd -d root

Remove network configuration

# Ubuntu / Debian
# TODO

# Centos
# TODO

# Alpine
# TODO

# openSUSE
rm -f /etc/sysconfig/network/ifcfg-eth*
rm -f /etc/sysconfig/network/routes
sed -i '/^NETCONFIG_DNS_STATIC_SERVERS=/ s/=.*$/=""/' /etc/sysconfig/network/config
sed -i '/^NETCONFIG_DNS_STATIC_SEARCHLIST=/ s/=.*$/=""/' /etc/sysconfig/network/config
sed -i '/^ *[^#]/d' /etc/resolv.conf

Remove DNS configuration

sed -i '/^ *[^#]/d' /etc/resolv.conf

Clear bash/ash history:

rm -f ~/.*_history

Remove host ssh keys:

rm -f /mnt/etc/ssh/ssh_host_* 

Something else?

Windows

Clean opennebula-contextulization logs:

rm -force C:\.opennebula-context.out

• Run sysprep - it's already cleaning everything well

[openmilanese]

Do not forget /etc/machine-id. Some OS uses the contents of /etc/machine-id to determine the DHCP unique identifier (duid) that is used for DHCP requests.

[vholer]

Extending the use-case:

• packages post-install should trigger this tool for partial cleanup as well, instead of directly implementing cleanups (https://github.com/OpenNebula/addon-context-linux/blob/master/pkg/postinstall#L66)
• each cleanup operation should be selectable

For inspiration, we can follow the naming and implementation of some operations of virt-sysprep (see virt-sysprep --list-operations).

[ospalax]

Hi @kvaps

it was implemented in onesysprep tool in the master - can you check it out https://github.com/OpenNebula/addon-context-linux/pull/214?

The tool is in: src/usr/sbin/onesysprep

Thanks