Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Pre-seeding an image

When Ubuntu Core boots for the first time, a seeding process installs an initial set of snaps and runs their respective hooks (see Snaps in Ubuntu Core for more details).

Each installed snap needs to be verified and have their respective AppArmor and seccomp security profiles, systemd units and mount points created. The time this takes is proportional to the number of asserted snaps being seeded but installing many snaps can impact first boot speed.

Pre-seeding speeds up the seeding process by performing as many of these administrative tasks as possible in advance when an image is being created.

During deployment, snapd still performs the seeding process but it automatically skips any parts successfully completed during pre-seeding.

Building a preseeded image

When Building an image, preseeded images are created with the same ubuntu-image tool, or the snap prepare-image command, with an additional --preseed argument.

Pre-seeding requirements:

  • snapd 2.56 or newer, both on the host system (where the image is created) and in the resultant preseeded system.
  • Pre-seeding is supported in Ubuntu Core 20 onwards
  • The same architecture on both the host and pre-seeded system (during pre-seeding, snapd from the target system is executed to perform seeding).
  • It’s recommended that the kernel on the host should have the same AppArmor features as that of the target system. Differing AppArmor features will nullify the pre-created security profiles which will subsequently need to be recreated on first boot.

Usage:

snap prepare-image --preseed --preseed-sign-key=<gpg-key-name> --channel=stable --snap=... <model-assertion> <target directory>

or with ubuntu-image:

sudo ubuntu-image snap --preseed --preseed-sign-key=<gpg-key-name> -i 8G --snap [...] <model-assertion>

The --preseed-sign-key argument is optional and the default GPG key will be used if omitted. This is the brand GPG key.

A custom AppArmor features directory may be specified with --apparmor-features-dir=.... The target should be a snapshot of sys/kernel/security/apparmor/features from the target system. If not specified, the sys/kernel/security/apparmor/features from the host system will be used.

On a new device, snaps are installed from the ubuntu-seed volume (see Inside Ubuntu Core). On a classic system, this set of snaps to install is defined in /var/lib/snapd/seed/seed.yaml.

This page was last modified a month ago. Help improve this document in the forum.