# FreeBSD Sysprep (create OS Template)



## Pepe (Dec 16, 2015)

Hello!

Is there any official way to "sysprep" a FreeBSD host?

As Ubuntu's manpages says:


			
				http://manpages.ubuntu.com/manpages/wily/man1/virt-sysprep.1.html said:
			
		

> "Sysprep" stands for "system preparation" tool. The name comes from
> the Microsoft program "sysprep.exe" which is used to unconfigure
> Windows machines in preparation for cloning them.



What I want to do is:

Install FreeBSD (virtual machine)

Install some ports (using `pkg` and/or compile from ports)
Configure ports
And finally create a "template" (removing host specific data).
Share the template with other people (external)

I know that I don't need to worry about license data. But I'm worried about configs, ssh keys, logs, etc.

Example of some important/interesting items (based on Linux) from "virt-sysprep": (from Ubuntu's manpage cited above)
_*Note*: *Bold *items are very important._
- shell history
- ca-certificates (restore defaults)
*- crash-data (dumps)*
- cron-spool
- dhcp-client-state (Remove DHCP client leases)
- dhcp-server-state (Remove DHCP server leases)
- firewall-rules
- flag-reconfiguration (For Linux guests, this touches "/.unconfigured", which causes the first boot to interactively query the user for settings such as the root password and timezone)
- fs-uuids Change filesystem UUIDs)
- kerberos-data
*- logfiles*
- machine-id (Remove the local machine ID)
*- mail-spool*
- net-hostname (Remove HOSTNAME in network interface configuration)
- net-hwaddr (Remove HWADDR (hard-coded MAC address) configuration)
*- ssh-hostkeys*
- ssh-userdir
- sssd-db-log
*- tmp-files
- udev-persistent-net* (Remove udev persistent net rules which map the guest's existing MAC address to a fixed ethernet device (eg. eth0).)
- user-account
- yum-uuid (thats the RHEL package manager - like pkg)


I'm starting to learn FreeBSD, so I don't know some FreeBSD's specific needs, example:
- Do I need the remove any `pkg`'s unique data (like RHEL's yum uuid)
- Are there other data/uuid to remove (recommended)

I tried to search (FreeBSD's forum/manpages and Google), but without success.
If there isn't a tool/script to do that, do you (the community) recommend to remove other item/data/uuid?


----------



## tobik@ (Dec 16, 2015)

Pepe said:


> What I want to do is:
> 
> Install FreeBSD (virtual machine)
> Install some ports (using  pkg and/or compile from ports)
> ...


See bsdinstall(8). You can combine this with mdconfig(8) to install into an image.


----------



## SirDice (Dec 16, 2015)

tobik said:


> See bsdinstall(8). You can combine this with mdconfig(8) to install into an image.


And you can combine everything to make a custom installer, see release(7).


----------



## ondra_knezour (Dec 16, 2015)

There is the NanoBSD, which may be somehow inspiring.

When I am preparing images for virtualization, I usually only remove keys in the /etc/sshd/ directory, they would be regenerated after boot and have script which I can run after boot to set new hostname and an IP address. Enough for me.

Regarding your points:

shell history - I don't care, nothing security related is written on the terminal during install, however you can look for the /root/.history, users .history if any user is used during install, history of the Midnight Commander, SQL shell etc.
ca-certificates - There are involved only certificates from the FreeBSD project during installation so I don't care. You may consider installing the security/ca_root_nss if you want to have something.
crash data - Something what has crashed during install should be fixed first. However you can look for the *.core files and the kernel dump may be also stored in the swap partition or another device, see dumpon(8).

If you are preparing your image from the start, you don't have to worry about the cron(8), firewall and kerberos(8). DHCP will take care about itself.

There is nothing comparable to the flag-reconfiguration, udev-persistent-net, yum-uuid in the system as far as I know. The sssd(8) daemon may be installed from the ports, but is not installed in the base.

You may also like to clear the swap partition if you don't encrypt it with one time key.


----------



## SirDice (Dec 16, 2015)

Another trick you can use is to define your network settings like this:

```
ifconfig_DEFAULT="DHCP"
```

And while playing around with the Vagrant images I found a couple of helpful ports: sysutils/firstboot-growfs, sysutils/firstboot-pkgs and sysutils/firstboot-freebsd-update


----------

