General Information

Creating a VM template “golden image” for Linux.

Checklist

• Distro(s): Enterprise Linux 6 or 7
• Other: VMware ESXi 5+

• Create a new virtual machine.
  • Virtual Hardware:
    • Enable CPU → CPU Hot Plug → check “Enable CPU Hot Add” (Allows you to add CPUs to a VM while running)
    • Enable Memory → Memory Hot Plug → check “Enable” (Allows you to add Memory to a VM while running)
• Install the EL OS.
  • If the screen resolution is too small
    • Press “TAB” on the “Install CentOS..” to edit the boot options
    • Add the following to the boot line, which will use a 1024×768 resolution

      vga=791

Red Hat Recommendations

• RHEL 6 Recommended Partitioning
• RHEL 7 Recommended Partitioning

LVM provides a very flexible partitioning layout. The goal is to create a small disk footprint and allow elastic growing for partitions depending upon the type of server being deployed.

• Disk Total Size: 20 GB
  • /boot = 512 MB
  • LVM = 19.5 GB
    • swap = 4 GB
    • / = 4 GB
    • /home = 2 GB
    • /tmp = 2 GB
    • /var = 4 GB
  • LVM Allocated: 16 GB
  • LVM Free: 3.5 GB (Available for minor partition expansion)

NOTE: Contrary to a lot of online documentation, it is a BAD idea to put /usr on a separate partition. Especially with CentOS 7.2 (which symlinks /bin, /lib, and /sbin into /usr/{bin,lib,sbin} respectively), there are important files in /usr that should be mounted along with /.

After a CentOS 6.7 minimal install, the disk usage with that partitioning looks like this:
TODO - SCREENSHOT

After a CentOS 7.2 minimal install, the disk usage with that partitioning looks like this:
TODO - SCREENSHOT

Modify the OS with changes you want to be included on ALL systems. They should be server role generic.

The following are some useful post install configuration done to a CentOS 6 minimal install.
All of the following will be included in the VM template. Keep it server role generic.

# System Update
yum update
 
# Extra system packages
yum -y install bash-completion bind-utils dmidecode iotop lsof mailx man mlocate nc nfs-utils openssh-clients rsync tcpdump vim-enhanced wget
 
# Install VMware Tools
See: https://www.owlbearconsulting.com/doku.php?id=linux_wiki:vmware_tools
 
# Disable SELinux (/etc/sysconfig/selinux SHOULD be a symlink to first original file)
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/sysconfig/selinux
 
# Reboot for selinux to not interfere with the rest of the config changes
shutdown -r now
 
# Remove Global Network Gateway
sed -i "/GATEWAY/d" /etc/sysconfig/network
 
# Grub Config => /boot/grub/grub.conf
timeout=3
removed 'hiddenmenu'
removed 'rhgb quiet' from kernel boot lines
 
# Root's bashrc (/root/.bashrc) => Red Prompt and service shortcut
PS1='\[\033[01;31m\]\u@\h \[\033[01;31m\]\W $ \[\033[00m\]'
 
#service shortcut
alias sv='service'
 
# Reboot and verify all changes persistent
shutdown -r now

Proceed to “CentOS 6: VM Cleanup” before creating template.

Perform any other customizations/installs prior to the following steps.

# Cleanup => Remove ssh host keys (so each deployed VM has a different fingerprint)
rm -f /etc/ssh/ssh_host_*
 
# Cleanup => Remove persistent rules and network hw address - prevents eth0 from incrementing
rm -f /etc/udev/rules.d/70-persistent-*
sed -i "/HWADDR/d" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "/UUID/d" /etc/sysconfig/network-scripts/ifcfg-eth0
 
# Cleanup => Remove some of root's files
rm -f /root/anaconda-ks.cfg /root/install.log*
 
# Cleanup => remove tmp files
rm -rf /tmp/*
 
# Cleanup => stop auditd from logging, remove log files
# Stop any other service that actively logs to sub directories of /var/log
# Recommended to install sysstat (sar) during a post deployment phase.
service auditd stop
rm -rf /var/log/*
mkdir /var/log/audit
 
# Update locate's database
updatedb
 
# Clear history and shutdown for template cloning
history -c && history -w
shutdown -P now

• Create a VM Template from the powered off system.

The following are some useful post install configuration done to a CentOS 7 minimal install.
All of the following will be included in the VM template. Keep it server role generic.

# System Update
yum update
 
# Extra system packages (dmidecode,man,openssh-clients installed by default)
yum -y install bash-completion bind-utils iotop lsof mailx mlocate nfs-utils open-vm-tools perl rsync tcpdump vim-enhanced wget
 
# Update man pages
mandb
 
# Install VMware Tools (open-vm-tools included in CentOS 7 base repo) - Installed above
 
# Disable SELinux (/etc/sysconfig/selinux SHOULD be a symlink to first original file)
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
sed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/sysconfig/selinux
 
# Reboot for selinux to not interfere with the rest of the config changes
shutdown -r now
 
# Grub Config => kernel options and change network interface names back to legacy
vim /etc/default/grub
 
timeout=3
#removed 'rhgb quiet' from kernel boot lines ("GRUB_CMDLINE_LINUX")
#append the 'net.ifnames=0 biosdevname=0' to GRUB_CMDLINE_LINUX:
GRUB_CMDLINE_LINUX="rd.lvm.lv=vglocal/lvswap rd.lvm.lv=vglocal/lvroot net.ifnames=0 biosdevname=0"
 
#generate new grub2 boot file
grub2-mkconfig -o /boot/grub2/grub.cfg
 
# Change network interface back to legacy scheme (continued)
mv /etc/sysconfig/network-scripts/ifcfg-en0XXXX /etc/sysconfig/network-scripts/ifcfg-eth0
 
vim /etc/sysconfig/network-scripts/ifcfg-eth0
 
Name="eth0"
Device="eth0"
#removed UUID
 
systemctl restart NetworkManager
 
# Root's bashrc (/root/.bashrc) => Red Prompt and systemctl shortcut
 
# systemctl shortcut
alias sc='systemctl'
 
# Turn root's prompt red
PS1='\[\033[01;31m\]\u@\h \[\033[01;31m\]\W $ \[\033[00m\]'
 
# Disable NetworkManager for old style network scripts
vim /etc/sysconfig/network-scripts/ifcfg-eth0
 
NM_CONTROLLED="no"
PEERDNS="no"
IPV6_PEERDNS="no"
 
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl mask NetworkManager
systemctl start network
systemctl enable network
 
# Reboot and verify all changes persistent
shutdown -r now

Proceed to “CentOS 7: VM Cleanup” before creating template.

Perform any other customizations/installs prior to the following steps.

# Cleanup => Remove ssh host keys (so each deployed VM has a different fingerprint)
rm -f /etc/ssh/ssh_host_*
 
# Cleanup => Remove network hw address - prevents eth0 from incrementing
sed -i "/HWADDR/d" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i "/UUID/d" /etc/sysconfig/network-scripts/ifcfg-eth0
 
# Cleanup => Remove some of root's files
rm -f /root/anaconda-ks.cfg /root/install.log*
 
# Cleanup => remove tmp files
rm -rf /tmp/*
 
# Cleanup => stop auditd from logging, remove log files
# Stop any other service that actively logs to sub directories of /var/log
# Recommended to install sysstat (sar) during a post deployment phase.
systemctl stop auditd
rm -rf /var/log/*
mkdir {/var/log/audit,/var/log/chrony,/var/log/tuned}
touch /var/log/spooler && chmod 600 /var/log/spooler
 
# Update locate's database
updatedb
 
# Clear history and shutdown for template cloning
history -c && history -w
shutdown -P now

• Create a VM Template from the powered off system.