====== OS Install: VM Template ======

**General Information**

Creating a VM template "golden image" for Linux. 

**Checklist**
  * Distro(s): Enterprise Linux 6 or 7
  * Other: VMware ESXi 5+

----

====== Create the Virtual Machine ======

  * Create a new virtual machine.
    * Virtual Hardware:
      * Enable CPU -> CPU Hot Plug -> check "Enable CPU Hot Add" (Allows you to add CPUs to a VM while running)
      * Enable Memory -> Memory Hot Plug -> check "Enable"  (Allows you to add Memory to a VM while running)
  * Install the EL OS.
    * If the screen resolution is too small
      * Press "TAB" on the "Install CentOS.." to edit the boot options
      * Add the following to the boot line, which will use a 1024x768 resolution<code bash>vga=791</code>

----

===== Partitioning =====

Red Hat Recommendations
  * [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-diskpartrecommend-x86.html|RHEL 6 Recommended Partitioning]]
  * [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-recommended-partitioning-scheme-x86|RHEL 7 Recommended Partitioning]]

LVM provides a very flexible partitioning layout. The goal is to create a small disk footprint and allow elastic growing for partitions depending upon the type of server being deployed.

  * **Disk Total Size**: 20 GB
    * /boot = 512 MB
    * LVM = 19.5 GB
      * swap = 4 GB
      * / = 4 GB
      * /home = 2 GB
      * /tmp = 2 GB
      * /var = 4 GB
    * LVM Allocated: 16 GB
    * LVM Free: 3.5 GB (Available for minor partition expansion)

**NOTE:** Contrary to a lot of online documentation, it is a BAD idea to put /usr on a separate partition. Especially with CentOS 7.2 (which symlinks /bin, /lib, and /sbin into /usr/{bin,lib,sbin} respectively), there are important files in /usr that should be mounted along with /.

\\
After a CentOS 6.7 minimal install, the disk usage with that partitioning looks like this:\\
TODO - SCREENSHOT

After a CentOS 7.2 minimal install, the disk usage with that partitioning looks like this:\\
TODO - SCREENSHOT

----

====== System Configuration =====

Modify the OS with changes you want to be included on ALL systems. They should be server role generic.

----

===== CentOS 6: Post Install/Pre Template Create =====

The following are some useful post install configuration done to a CentOS 6 minimal install.\\
All of the following will be included in the VM template. Keep it server role generic.

<code bash>
# System Update
yum update

# Extra system packages
yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nc nfs-utils openssh-clients rsync tcpdump vim-enhanced wget

# Install VMware Tools
See: https://www.owlbearconsulting.com/doku.php?id=linux_wiki:vmware_tools

# Disable SELinux (/etc/sysconfig/selinux SHOULD be a symlink to first original file)
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/sysconfig/selinux

# Reboot for selinux to not interfere with the rest of the config changes
shutdown -r now

# Remove Global Network Gateway
sed -i "/GATEWAY/d" /etc/sysconfig/network

# Grub Config => /boot/grub/grub.conf
timeout=3
removed 'hiddenmenu'
removed 'rhgb quiet' from kernel boot lines

# Root's bashrc (/root/.bashrc) => Red Prompt and service shortcut
PS1='\[\033[01;31m\]\u@\h \[\033[01;31m\]\W $ \[\033[00m\]'

#service shortcut
alias sv='service'

# Reboot and verify all changes persistent
shutdown -r now

</code>

**Proceed to "CentOS 6: VM Cleanup" before creating template.**

----

===== CentOS 6: VM Cleanup =====

Perform any other customizations/installs prior to the following steps.

<code bash>
# Cleanup => Remove ssh host keys (so each deployed VM has a different fingerprint)
rm -f /etc/ssh/ssh_host_*

# Cleanup => Remove persistent rules and network hw address - prevents eth0 from incrementing
rm -f /etc/udev/rules.d/70-persistent-*
sed -i "/HWADDR/d" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "/UUID/d" /etc/sysconfig/network-scripts/ifcfg-eth0

# Cleanup => Remove some of root's files
rm -f /root/anaconda-ks.cfg /root/install.log*

# Cleanup => remove tmp files
rm -rf /tmp/*

# Cleanup => stop auditd from logging, remove log files
# Stop any other service that actively logs to sub directories of /var/log
# Recommended to install sysstat (sar) during a post deployment phase.
service auditd stop
rm -rf /var/log/*
mkdir /var/log/audit

# Update locate's database
updatedb

# Clear history and shutdown for template cloning
history -c && history -w
shutdown -P now
</code>

  * Create a VM Template from the powered off system.

----

===== CentOS 7: Post Install/Pre Template Create =====

The following are some useful post install configuration done to a CentOS 7 minimal install.\\
All of the following will be included in the VM template. Keep it server role generic.

<code bash>
# System Update
yum update

# Extra system packages (dmidecode,man,openssh-clients installed by default)
yum -y install bash-completion bind-utils iotop lsof mailx mlocate nfs-utils open-vm-tools perl rsync tcpdump vim-enhanced wget

# Update man pages
mandb

# Install VMware Tools (open-vm-tools included in CentOS 7 base repo) - Installed above

# Disable SELinux (/etc/sysconfig/selinux SHOULD be a symlink to first original file)
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/sysconfig/selinux

# Reboot for selinux to not interfere with the rest of the config changes
shutdown -r now

# Grub Config => kernel options and change network interface names back to legacy
vim /etc/default/grub
 
timeout=3
#removed 'rhgb quiet' from kernel boot lines ("GRUB_CMDLINE_LINUX")
#append the 'net.ifnames=0 biosdevname=0' to GRUB_CMDLINE_LINUX:
GRUB_CMDLINE_LINUX="rd.lvm.lv=vglocal/lvswap rd.lvm.lv=vglocal/lvroot net.ifnames=0 biosdevname=0"
 
#generate new grub2 boot file
grub2-mkconfig -o /boot/grub2/grub.cfg

# Change network interface back to legacy scheme (continued)
mv /etc/sysconfig/network-scripts/ifcfg-en0XXXX /etc/sysconfig/network-scripts/ifcfg-eth0

vim /etc/sysconfig/network-scripts/ifcfg-eth0
 
Name="eth0"
Device="eth0"
#removed UUID

systemctl restart NetworkManager

# Root's bashrc (/root/.bashrc) => Red Prompt and systemctl shortcut

# systemctl shortcut
alias sc='systemctl'
 
# Turn root's prompt red
PS1='\[\033[01;31m\]\u@\h \[\033[01;31m\]\W $ \[\033[00m\]'

# Disable NetworkManager for old style network scripts
vim /etc/sysconfig/network-scripts/ifcfg-eth0

NM_CONTROLLED="no"
PEERDNS="no"
IPV6_PEERDNS="no"

systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl mask NetworkManager
systemctl start network
systemctl enable network

# Reboot and verify all changes persistent
shutdown -r now

</code>

**Proceed to "CentOS 7: VM Cleanup" before creating template.**

----

===== CentOS 7: VM Cleanup =====

Perform any other customizations/installs prior to the following steps.

<code bash>
# Cleanup => Remove ssh host keys (so each deployed VM has a different fingerprint)
rm -f /etc/ssh/ssh_host_*

# Cleanup => Remove network hw address - prevents eth0 from incrementing
sed -i "/HWADDR/d" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "/UUID/d" /etc/sysconfig/network-scripts/ifcfg-eth0

# Cleanup => Remove some of root's files
rm -f /root/anaconda-ks.cfg /root/install.log*

# Cleanup => remove tmp files
rm -rf /tmp/*

# Cleanup => stop auditd from logging, remove log files
# Stop any other service that actively logs to sub directories of /var/log
# Recommended to install sysstat (sar) during a post deployment phase.
systemctl stop auditd
rm -rf /var/log/*
mkdir {/var/log/audit,/var/log/chrony,/var/log/tuned}
touch /var/log/spooler && chmod 600 /var/log/spooler

# Update locate's database
updatedb

# Clear history and shutdown for template cloning
history -c && history -w
shutdown -P now
</code>

  * Create a VM Template from the powered off system.

----