There seems to be speed benefits when using VMware's templates to create new VMs. However, I'm concerned about possible less obvious security and flexibility implications. For e.g.:
- First boot generated keys
- VMware proprietary methods of configuring server settings (IPs, hostname, etc.)
In a shop that's almost entirely VMware with a majority of Linux being RHEL-based distros, has anyone come across some pitfalls when provisioning from templates? How about concerns when cloning?
BTW: Regardless of the initial provisioning method, it would primarily be used as a bootstrap to Puppet for the rest of the configuration.
Best Answer
Depending on the environment and your provisioning process, it may be faster to build anew than using VMware templates and the clone from template feature.
I did work in a large Linux-focused VMware environment, where the deployment process wasn't as automated as it should have been. We relied on vSphere templates of RHEL systems, but quite a bit of manual work was needed following the initial clone.
Template advantages:
sys-unconfig
command to "unconfigure" a system ahead of templating. This is the Linux equivalent to Microsoft'sSysprep
and removes network interface rules, SSH keys, network settings, etc.PXE/kickstart deployment advantages:
In the end, it depends on your application and how much additional work is needed following the initial OS install. I've taken a hybrid approach, using clones for the most complex instances and new builds via a provisioning system for routine systems. They're not mutually exclusive.