Creating a CentOS 7.2 VMware Gold Template

In a post from last year I documented how to create a CentOS 7 VMware Gold Template for all the non-Linux admins out there.

There were questions at the time on me not leaving this in a fully cleaned state making it not 100% usable outside of my homelab environment. centos7

Following the instructions below will yield a template ready for future use that ensures you can deploy at speed and in a reliable fashion ensuring that SSH keys are deleted, logs emptied and unique network identifiers are removed from the image.

All told this should take no longer than 30 minutes to complete.

Just to point out that for this to succeed you need to be running vCenter 5.5u3 or vCenter 6 as found in the Guest OS Customization Matrix 


Creating the VM

I have used the web client for this installation, the more I used the web client on vSphere 6 the more I like it.


Use Ctrl + N to open the New Virtual Machine wizard.


Accept the Typical configuration and click Next


Enter the name of the template and click Next


Select your Resource Pool and click Next


Select your Datastore and click Next


Choose your OS type and version, click Next


Choose your Network and change your adapter type if required, the VMXNET3 driver is present during the installation process and is the default card, click Next


Choose your disk provisioning policy and click Next


Click the Edit VM settings box


Browse to your ISO file, click Connect at power on and then remove the floppy drive, click Finish

Installing CentOS 7

Now we have the VM created we need to install the OS, select the VM, open the console and hit the green arrow to power on


Click in to the VM and use the up cursor to skip the Media Test and select Install CentOS 7


Choose your default language and locale, click Continue


Select Software Selection


I chose Infrastructure Server as this looks to be the replacement for the older Basic Server install that a lot of people defaulted to. Also click on the Guest Agents as this will install the open-vm-tools client. Click Done


Select Installation Destination


Click Done


Click Network & Hostname


Toggle the On\Off switch so that you’re connected. All being good when you toggle the switch on and you have DHCP active on your network you should get an address, if you don’t click on the Configure button and enter the IPv4 settings there. I have left the hostname as the default setting as this will be changed during deployment.


Click on General and tick the Automatically connect to this network when it is available Click Done


Click Begin Installation


Select Root Password


Enter your default password twice, click Done

Wait for the installation to finish


Click Reboot

Disconnect the ISO image from the VM

Installing CentOS 7 Software Updates and Verifying Open-VM-Tools version

Using either Putty or the console log in to the server


Here I am still using the VM Console to access the VM

Login as root

Now we are going to install updates using yum.

Type yum update –-skip-broken -y

skip-broken is a feature in yum to skip packages that have dependency problems or introduce problems to the installed packages


Update complete.

Next we are going to check the running version of the open-vm-tools.


Type rpm –q open-vm-tools to return the local version of the rpm files, type yum list open-vm-tools to show the version in the repo

You should find that VMware tools is listed as Running (Guest managed) in vCenter


In my previous article I described how to add the missing deployPkg dependency that was required to successfully deploy CentOS7 as a template as it was missing from the earlier base release of open-vm-tools, however as from version 9.10 of the tools this is no longer a requirement.

Preparing for Template creation

Now we need to clean up the VM to make it usable as a template, this will include cleaning up YUM, Logs and SSH keys.

First thing we are going to do is to stop logging services, this just stops us logging everything we’re doing to prepare the template

service rsyslog stop
service auditd stop

Next we are going to clean up any old kernels and packages

/bin/package-cleanup –oldkernels –count=1

/usr/bin/yum clean all

Next we need to shrink the log space, remove old logs and truncate logs

logrotate -f /etc/logrotate.conf
rm -f /var/log/*-???????? /var/log/*.gz
rm -f /var/log/dmesg.old
rm -rf /var/log/anaconda
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/grubby

Next we are going to remove the old hardware rules and remove the UUID from the ifcfg scripts.

rm -f /etc/udev/rules.d/70*
sed –i”.bak” ‘/UUID/d’ /etc/sysconfig/network-scripts/ifcfg-eno16777984

We are then going to remove SSH host keys so that each new VM

rm -f /etc/ssh/*key*

We are going to remove the root users shell history

rm -f ~root/.bash_history

Finally we are going remove root users SSH history and then shutdown for template creation

rm -rf ~root/.ssh/

history –c



Now as you can see that’s a little time consuming so you could instead just cut and paste the information below into a new .sh file, SCP it across to your VM, chmod +x file.sh to make it executable and then run it by typing ./file.sh, if you have any errors trying to execute the script make sure that if you created it under Windows that you set the EOL to Unix/Linux converstion and then try again.

#stop logging services
/sbin/service rsyslog stop
/sbin/service auditd stop
#remove old kernels
/bin/package-cleanup –oldkernels –count=1
#clean yum cache
/usr/bin/yum clean all
#force logrotate to shrink logspace and remove old logs as well as truncate logs
/usr/sbin/logrotate -f /etc/logrotate.conf
/bin/rm -f /var/log/*-???????? /var/log/*.gz
/bin/rm -f /var/log/dmesg.old
/bin/rm -rf /var/log/anaconda
/bin/cat /dev/null > /var/log/audit/audit.log
/bin/cat /dev/null > /var/log/wtmp
/bin/cat /dev/null > /var/log/lastlog
/bin/cat /dev/null > /var/log/grubby
#remove udev hardware rules
/bin/rm -f /etc/udev/rules.d/70*
#remove uuid from ifcfg scripts
/bin/sed –i”.bak” ‘/UUID/d’ /etc/sysconfig/network-scripts/ifcfg-eno16777984
#remove SSH host keys
/bin/rm -f /etc/ssh/*key*
#remove root users shell history
/bin/rm -f ~root/.bash_history
#remove root users SSH history
/bin/rm -rf ~root/.ssh/

Now the problem with the script route is that there is no way to run history –c from a script (nothing happens), so once you have run the script you will need to run the following.

history –c


Finally we are going to convert it to a template.

In the C# client browse to the VM Summary page and click on Convert to Template


That’s it, a sanitised template that should be good to go for most people.



  1. Hi,
    how does one contact you about an article on your blog.
    I can’t find any twitter, email, etc.. link on your about me page.

  2. Shall I turn back on the logging services after I create a vm from this image?

      • I also noticed that the machine-id remains the same when I create clones of the OS and the following steps should be performed

        remove machine-id
        rm /etc/machine-id

        generate new id

        cat /etc/machine-id

        • Should this be done to the machine after the image is deployed or is this a part of the clean up process during image creation and prior to exporting the template?

Leave a Reply

Your email address will not be published. Required fields are marked *