RudderVirt

#Best Practices

#Disk sizing

  • Boot disk size matters: too small and the install fails; too big wastes storage and clone time.
    • Minimal Debian/Ubuntu cloud image: 4–6 GiB
    • General-purpose Linux: 10–20 GiB
    • Windows Desktop: 25 GiB
    • Windows Server: 30–40 GiB
    • Maximum supported disk size: 50 GiB

#Resources

  • For builds, prefer more CPU and RAM than the clones will use. Builds are CPU-bound during installs and RAM-bound during Windows Setup. Use buildOverrides to give the build phase generous resources.
  • For clones, set resources on each VM at the level the application actually needs.

#SSH timeouts

  • Cloud images: 5 minutes is fine.
  • ISO Linux installs: 30–60 minutes.
  • Fresh Windows from ISO: 4–8 hours, especially with windows-update.

#Reboot provisioners

Reboot any time a step changes something that needs a clean process tree:

  • Kernel modules / driver installation
  • Major package upgrades (dist-upgrade, large Windows feature changes)
  • Group membership / SID-affecting changes
  • Anything that registers a service to start at boot

A reboot step also flushes pending file-system caches, which makes the captured template VM more reproducible.

#Idempotency

Provisioners should be idempotent where practical. If a step gets retried (e.g., after a transient SSH hiccup), it should still work:

# Bad
useradd alice

# Better
id alice >/dev/null 2>&1 || useradd alice

# Bad
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH

# Better
if (-not (Get-NetFirewallRule -DisplayName SSH -ErrorAction SilentlyContinue)) {
  New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
}

#File names

Each files[].name is the filename downstream. Use full filenames with extensions:

  • Autounattend.xml, preseed.cfg, netkvm.inf, app.conf — good
  • unattend, preseed, netkvm, app-config — bad

This avoids surprises in floppy contents, HTTP URLs, and file destinations.

#Timeouts

Set timeout to a realistic ceiling:

  • Linux cloud-image build with package installs: 30–60 min
  • Linux ISO install: 60–90 min
  • Windows ISO + Windows Update + heavy provisioning: 4–8 hours

A too-short timeout aborts mid-build; a too-long timeout means a stuck build wastes resources. Pick something 50% above the expected runtime.

#Secrets and SSH keys

  • Don't put production secrets in files inline if the build configuration is going to be checked into a repo. Use userDataFrom/scriptFrom/file.source to pull from a Secret instead.
  • Don't set sshPassword to anything sensitive — passwords on build-time accounts should be throwaway. The OS user that exists on the resulting template VM is best replaced or disabled by your last provisioner.