In a post from last year I documented how to create a CentOS 7 VMware Gold Template for all the non-Linux admins out there.
There were questions at the time on me not leaving this in a fully cleaned state making it not 100% usable outside of my homelab environment.
Following the instructions below will yield a template ready for future use that ensures you can deploy at speed and in a reliable fashion ensuring that SSH keys are deleted, logs emptied and unique network identifiers are removed from the image.
All told this should take no longer than 30 minutes to complete.
Just to point out that for this to succeed you need to be running vCenter 5.5u3 or vCenter 6 as found in the Guest OS Customization Matrix
Creating the VM
I have used the web client for this installation, the more I used the web client on vSphere 6 the more I like it.
Use Ctrl + N to open the New Virtual Machine wizard.
Accept the Typical configuration and click Next
Enter the name of the template and click Next
Select your Resource Pool and click Next
Select your Datastore and click Next
Choose your OS type and version, click Next
Choose your Network and change your adapter type if required, the VMXNET3 driver is present during the installation process and is the default card, click Next
Choose your disk provisioning policy and click Next
Click the Edit VM settings box
Browse to your ISO file, click Connect at power on and then remove the floppy drive, click Finish
Installing CentOS 7
Now we have the VM created we need to install the OS, select the VM, open the console and hit the green arrow to power on
Click in to the VM and use the up cursor to skip the Media Test and select Install CentOS 7
Choose your default language and locale, click Continue
Select Software Selection
I chose Infrastructure Server as this looks to be the replacement for the older Basic Server install that a lot of people defaulted to. Also click on the Guest Agents as this will install the open-vm-tools client. Click Done
Select Installation Destination
Click Network & Hostname
Toggle the On\Off switch so that you’re connected. All being good when you toggle the switch on and you have DHCP active on your network you should get an address, if you don’t click on the Configure button and enter the IPv4 settings there. I have left the hostname as the default setting as this will be changed during deployment.
Click on General and tick the Automatically connect to this network when it is available Click Done
Click Begin Installation
Select Root Password
Enter your default password twice, click Done
Wait for the installation to finish
Disconnect the ISO image from the VM
Installing CentOS 7 Software Updates and Verifying Open-VM-Tools version
Using either Putty or the console log in to the server
Here I am still using the VM Console to access the VM
Login as root
Now we are going to install updates using yum.
Type yum update –-skip-broken -y
skip-broken is a feature in yum to skip packages that have dependency problems or introduce problems to the installed packages
Next we are going to check the running version of the open-vm-tools.
Type rpm –q open-vm-tools to return the local version of the rpm files, type yum list open-vm-tools to show the version in the repo
You should find that VMware tools is listed as Running (Guest managed) in vCenter
In my previous article I described how to add the missing deployPkg dependency that was required to successfully deploy CentOS7 as a template as it was missing from the earlier base release of open-vm-tools, however as from version 9.10 of the tools this is no longer a requirement.
Preparing for Template creation
Now we need to clean up the VM to make it usable as a template, this will include cleaning up YUM, Logs and SSH keys.
First thing we are going to do is to stop logging services, this just stops us logging everything we’re doing to prepare the template
service rsyslog stop
service auditd stop
Next we are going to clean up any old kernels and packages
/bin/package-cleanup –oldkernels –count=1
/usr/bin/yum clean all
Next we need to shrink the log space, remove old logs and truncate logs
logrotate -f /etc/logrotate.conf
rm -f /var/log/*-???????? /var/log/*.gz
rm -f /var/log/dmesg.old
rm -rf /var/log/anaconda
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/grubby
Next we are going to remove the old hardware rules and remove the UUID from the ifcfg scripts.
rm -f /etc/udev/rules.d/70*
sed –i”.bak” ‘/UUID/d’ /etc/sysconfig/network-scripts/ifcfg-eno16777984
We are then going to remove SSH host keys so that each new VM
rm -f /etc/ssh/*key*
We are going to remove the root users shell history
rm -f ~root/.bash_history
Finally we are going remove root users SSH history and then shutdown for template creation
rm -rf ~root/.ssh/
Now as you can see that’s a little time consuming so you could instead just cut and paste the information below into a new .sh file, SCP it across to your VM, chmod +x file.sh to make it executable and then run it by typing ./file.sh, if you have any errors trying to execute the script make sure that if you created it under Windows that you set the EOL to Unix/Linux converstion and then try again.
#stop logging services
/sbin/service rsyslog stop
/sbin/service auditd stop
#remove old kernels
/bin/package-cleanup –oldkernels –count=1
#clean yum cache
/usr/bin/yum clean all
#force logrotate to shrink logspace and remove old logs as well as truncate logs
/usr/sbin/logrotate -f /etc/logrotate.conf
/bin/rm -f /var/log/*-???????? /var/log/*.gz
/bin/rm -f /var/log/dmesg.old
/bin/rm -rf /var/log/anaconda
/bin/cat /dev/null > /var/log/audit/audit.log
/bin/cat /dev/null > /var/log/wtmp
/bin/cat /dev/null > /var/log/lastlog
/bin/cat /dev/null > /var/log/grubby
#remove udev hardware rules
/bin/rm -f /etc/udev/rules.d/70*
#remove uuid from ifcfg scripts
/bin/sed –i”.bak” ‘/UUID/d’ /etc/sysconfig/network-scripts/ifcfg-eno16777984
#remove SSH host keys
/bin/rm -f /etc/ssh/*key*
#remove root users shell history
/bin/rm -f ~root/.bash_history
#remove root users SSH history
/bin/rm -rf ~root/.ssh/
Now the problem with the script route is that there is no way to run history –c from a script (nothing happens), so once you have run the script you will need to run the following.
Finally we are going to convert it to a template.
In the C# client browse to the VM Summary page and click on Convert to Template
That’s it, a sanitised template that should be good to go for most people.
how does one contact you about an article on your blog.
I can’t find any twitter, email, etc.. link on your about me page.
You can contact me via twitter @ev_simon or email email@example.com
Shall I turn back on the logging services after I create a vm from this image?
I believe it should start automatically when you clone the template.
Using sys-unconfig, I think, it will be more difficult to use customspecs to set hostname and IP on the linux vm.
Ahh I will have a look at the new version 🙂
I also noticed that the machine-id remains the same when I create clones of the OS and the following steps should be performed
generate new id
Thanks, I will look to add this to the page.
Should this be done to the machine after the image is deployed or is this a part of the clean up process during image creation and prior to exporting the template?