Summary

This article provides information about preparation of sealed images for Centos (Linux) and Ubuntu Virtual Machines.

Applies To

Applies to MachPanel v7.2.x and onward.

Important Note:

• It is recommended to Create Virtual Machines for preparing sealed image based on Gen2 and in MachPanel also choose the option for Generation 2.
• You may download Preconfigured Gen 2 sealed images to use with MachPanel for Centos7 and Ubuntu20 from links below:
  • Centos7.vhdx
  • Ubuntu20.vhdx
  • Ubuntu22.vhdx
  • Ubuntu24.vhdx

• Make sure when adding sealed image details to MachPanel for Ubuntu22, set correct "Default User" i.e. "machsol" (without quotes) if our preconfigured sealed image is used.
• While preparing the sealed image, ensure that rc.local (attached) contains the contents. Also mentioned at the end of this KB. For Ubuntu VMs with kernel version 6.11 or above, the NoCloud ISO option must be selected.
  Note: This approach will work for all supported Ubuntu versions, provided the VM is sealed using the attached rc.local.
• On the Hyper-V host, ensure that the required ADK is installed.  
  https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install

Pre-requisites

• While installing CentOS, for Partitioning either choose Automatically Configure Partitioning OR if you choose I will configure partitioning set the Volume Group Name as centos.
• Create a standard Centos & build
• Configure the Network - nmtui
• Install dos2unix - sudo yum install dos2unix
• Change Permissions for rc.local file to run on bootup - chmod +x /etc/rc.d/rc.local
• Remove all files from /etc/netplan/  folder (In case of Ubunto only)

​Procedure for preparing Centos (Linux) Sealed Image for Gen 2 virtual Machines

• Make rc.local file settings like below in your sealed image. (sudo nano /etc/rd.d/rc.local)

​

================================================================================

================================================================================

Selinux Config: Selinux Config file should contain below settings. (root\etc\SELINUX\Config)

 ================================================================================

​Procedure for preparing Centos (Linux) Sealed Image for Gen1 virtual Machines

Below are the settings which are required for preparing the Linux (Centos) Sealed image for Gen1.

• Make sure your Centos flavor supports floppy

• Create Floppy Folder under /media - mkdir /media/floppy

• Make rc.local file settings like below in your sealed image. (sudo nano /etc/rc.local)

================================================================================

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do full Sys V style init stuff.

touch /var/lock/subsys/local
insmod /lib/modules/$(uname -r)/kernel/drivers/block/floppy.ko
mount /dev/fd0 /media/floppy && mount -o remount,rw /dev/fd0
wait
sed -n 's/;#COMMAND//p' /media/floppy/Config.bat > /media/floppy/Config.bak && mv -f /media/floppy/Config.bak /media/floppy/Config.bat && chmod 777 /media/floppy/Config.bat && dos2unix /media/floppy/Config.bat
sh /media/floppy/Config.bat
rm -f /media/floppy/Config.bat
rm -f /media/floppy/Config.bak
umount -l /dev/fd0

================================================================================

Selinux Config: Selinux Config file should contain below settings. (root\etc\SELINUX\Config)

Procedure for preparing Ubuntu Sealed Image

1. Sudo apt-get update
2. Sudo apt-get install linux-azure

For Ubuntu Flavors / Versions with no rc.local file, following should be taken care during sealed image preparation.

• Create rc.local file

=========================================================================

nano /etc/rc.local
Add following Content to rc.local file

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
touch /var/lock/subsys/local
#sed -n 's/;#COMMAND//p' /root/Config.bat > /root/Config.bak && mv -f /root/Config.bak /root/Config.bat && chmod 777 /root/Config.bat && dos2unix /root/Config.bat
sh /root/Config.bat
rm -f /root/Config.bat
#rm -f /root/Config.bak
exit 0
chmod +x /etc/rc.local

===============================================================================

• Create rc-local.service Service

========================================================================

sudo nano /etc/systemd/system/rc-local.service
Then add the following content to it
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

sudo chmod +x /etc/rc.local
printf '%s\n' '#!/bin/bash' 'exit 0' | sudo tee -a /etc/rc.local

• sudo chmod +x /etc/rc.local
  
• sudo systemctl enable rc-local
  
• sudo systemctl start rc-local.service
  
• sudo systemctl status rc-local.service
  

===============================================================================

Ubunto 22/24.04 RC file: 

===============================================================================

#!/bin/sh -e
touch /var/lock/subsys/local

# Define paths
CONFIG_SRC="/mnt/cdrom/Config.bat"
CONFIG_DST="/root/Config.bat"
NETPLAN_SRC="/mnt/cdrom/01-NetworkSettings.yaml"
NETPLAN_DST="/etc/netplan/01-NetworkSettings.yaml"
CONFIG_HASH="/root/.config_hash"
NETPLAN_HASH="/root/.netplan_hash"

# Mount ISO
mkdir -p /mnt/cdrom
mount /dev/cdrom /mnt/cdrom 2>/dev/null || true

# === Handle Config.bat ===
if [ -f "$CONFIG_SRC" ]; then
    NEW_HASH=$(sha256sum "$CONFIG_SRC" | awk '{print $1}')
    OLD_HASH=""
    [ -f "$CONFIG_HASH" ] && OLD_HASH=$(cat "$CONFIG_HASH")

    if [ "$NEW_HASH" != "$OLD_HASH" ]; then
        echo "Detected new or updated Config.bat, executing..."

        cp "$CONFIG_SRC" "$CONFIG_DST"
        sed -n 's/;#COMMAND//p' "$CONFIG_DST" > /root/Config.bak && mv -f /root/Config.bak "$CONFIG_DST"
        chmod 777 "$CONFIG_DST"
        dos2unix "$CONFIG_DST"

        sh "$CONFIG_DST"
        rm -f "$CONFIG_DST"

        echo "$NEW_HASH" > "$CONFIG_HASH"
        echo "$(date): Config.bat updated and executed" >> /var/log/config.log
    else
        echo "$(date): Config.bat unchanged, skipping execution" >> /var/log/config.log
    fi
else
    echo "$(date): Config.bat not found on ISO" >> /var/log/config.log
fi

# === Handle Netplan config ===
if [ -f "$NETPLAN_SRC" ]; then
    NEW_HASH=$(sha256sum "$NETPLAN_SRC" | awk '{print $1}')
    OLD_HASH=""
    [ -f "$NETPLAN_HASH" ] && OLD_HASH=$(cat "$NETPLAN_HASH")

    if [ "$NEW_HASH" != "$OLD_HASH" ]; then
        echo "Detected updated Netplan configuration, applying..."

        cp "$NETPLAN_SRC" "$NETPLAN_DST"
        chmod 600 "$NETPLAN_DST"
        netplan apply

        echo "$NEW_HASH" > "$NETPLAN_HASH"
        echo "$(date): Netplan updated and applied" >> /var/log/config.log
    else
        echo "$(date): Netplan unchanged, skipping apply" >> /var/log/config.log
    fi
else
    echo "$(date): Netplan not found on ISO" >> /var/log/config.log
fi

# Cleanup
umount /mnt/cdrom 2>/dev/null || true
eject /dev/cdrom 2>/dev/null || echo "$(date): Failed to eject CD-ROM" >> /var/log/config.log
exit 0

========================================================================