When Ubuntu Core boots for the first time, a seeding process installs an initial set of snaps and runs their respective hooks (see Snaps in Ubuntu Core for more details).
Each installed snap needs to be verified and have their respective AppArmor and seccomp security profiles, systemd units and mount points created. The time this takes is proportional to the number of asserted snaps being seeded but installing many snaps can impact first boot speed.
Preseeding speeds up the seeding process by performing as many of these administrative tasks as possible in advance when an image is being created.
During deployment, snapd still performs the seeding process but it automatically skips any parts successfully completed during preseeding.
Building a preseeded image
When Building an image, preseeded images are created with the same
ubuntu-image tool, or the
snap prepare-image command, with an additional
- snapd 2.56 or newer, both on the host system (where the image is created) and in the resultant preseeded system.
- Currently, only Ubuntu Core 20 (UC20) images can be preseeded.
- The same architecture on both the host and preseeded system (during preseeding, snapd from the target system is executed to perform seeding).
- It’s recommended that the kernel on the host should have the same AppArmor features as that of the target system. Differing AppArmor features will nullify the pre-created security profiles which will subsequently need to be recreated on first boot.
snap prepare-image --preseed --preseed-sign-key=<gpg-key-name> --channel=stable --snap=... <model-assertion> <target directory>
or with ubuntu-image:
ubuntu-image snap --preseed --preseed-sign-key=<gpg-key-name> -i 8G --snap [...] <model-assertion>
--preseed-sign-key argument is optional and the default GPG key will be used if omitted. This is the brand GPG key.
A custom AppArmor features directory may be specified with
--apparmor-features-dir=.... The target should be a snapshot of
sys/kernel/security/apparmor/features from the target system. If not specified, the
sys/kernel/security/apparmor/features from the host system will be used.
On a new device, snaps are installed from the
ubuntu-seed volume (see Inside Ubuntu Core). On a classic system, this set of snaps to install is defined in