Virtual Machine Template Guidelines for VMWare – “Redhat/CentOS Linux 6.x”

Following are the guidelines/steps to create a Virtual Machine template for redhat/centos linux 6x. Please note always start with minimum Specs and then extend later, whenever it will required.

It’s time to start.

1-First create a new VM

  • Right Click on Server and Choose New Virtual Machine
  • Enter VM Name (according to defined naming convention) and Inventory Location
  • Select Datastore
  • Select Virtual Machine Version: select latest available
  • Select “Rehhat/CentOS Linux Version X (32/64-bit)” as OS Version
  • # of Virtual Processors: 1
  • Amount of RAM: 1GB
  • Network
  • # of NICs: 1
  • Adapter Type: VMXNET 3
  • Select “Connect at Power On
  • SCSI Controller: Paravirtual
  • Create New Virtual Disk: 15GB
  • Disk Provision Method-> Thin Provisioning
  • Virtual Device Node: SCSI

2-Now prepare the virtual hardware

  • Right click on VM ->Hardware Upgrade(If Applicable)
  • Edit VM Settings > Options->VMWare Tools->Advanced->
  • Check upgrade Tool during power cycling
  • Check synchronize guest time with host
  • Edit VM Settings->Advance->General Section ->Uncheck “Enable logging”
  • Edit VM Settings->Remove Extra Hardware(USB & floppy etc)

3-VM Configuration & OS Installation

  • Edit VM Settings->Boot Options > Check box to force going into the BIOS on next boot
  • Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
  • Disable Serial port A
  • Disable Serial port B
  • Disable Parallel port
  • Disable floppy drive
  • Change boot sequence-> Save and Exit
  • Install redhat/centos linux 6x 32/64bit
  • Install redhat/centos with minimal and default configuration

vmtemplate-rhel07-01

  • Once installed, restart the server
  • Disconnect redhat/centos linux ISO and set device type to Client Device

4-OS Configuration

4.1-Network configuration

By default in redhat/centos 6, Ethernet configuration is disabled on boot. To enable it, go to mentioned directory path.

#cd /etc/sysconfig/network-scripts

verify Ethernet

#ls –l

As in below screenshot we have only one Ethernet i.e: eth0

vmtemplate-rhel06-03

Edit Ethernet configuration

#vi ifcfg-eth0
Set ONBOOT=yes

vmtemplate-rhel06-05

Restart the network service

#service network restart

Verify the network configuration and make sure the system gets ip.

#ifconfig

vmtemplate-rhel06-08

4.2-Disable selinux

#vi /etc/selinux/config

vmtemplate-rhel06-09

4.3-Add Route

#cd /etc/sysconfig/network-scripts
#vi route-eth0

NOTE: As we have only ethernet0 so we will use route-eth0 otherwise incase of ethernet1 then route file would be route-eth1 and so on.

vmtemplate-rhel06-11

NOTE: Incase of second route copy and paste these three lines and replace the above three fields 0 with 1 and so on.

Now restart the network service in order to get the newly added routes

#service network restart

4.4-YUM Client Setting:

1-Create file under /etc/yum.repos.d

#vi /etc/yum.repos.d/yum-local.repo

Add following lines:

[YUM-Local-Repo]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://yumserverIP/yum/YUMRHEL6
enabled=1
gpgcheck=0

NOTE: Set baseurl paremeters according to yum server. Above repo configuration reflects the configuration of our local yum server. Make sure this repo exists on yum server before configuration.

4.5-VMware Tools

Prerequisite: make sure to install perl package before vmware tools installation

#yum install perl

vmtemplate-rhel06-13

#mount /dev/cdrom /mnt
#cd /mnt

Copy VMwareTools-9.0.5-1065307.tar.gz to root directory

#cp VMwareTools-9.0.5-1065307.tar.gz /root
#tar –xzvf VMwareTools-9.0.5-1065307.tar.gz
#cd vmware-tools-distrib

Run vmware-install.pl

# ./vmware-install.pl

Follow the wizard instructions with yes

vmtemplate-rhel06-15

Verify from vm that vmtools are running

vmtemplate-rhel06-17

4.6-Set NTP

before this configuration. make sure you already have NTP server configured in your environment. other wise ignore below settings or use the default public NTP Servers.

#vi /etc/ntp.conf

Comment all public servers pool settings and write below settings

server ntp.mycompnay.com

where ntp.mycompany.com is the ntp server

save and quit

Start the service

#service ntpd start

Start the service on boot

#chkconfig –level 35 ntpd on

NTP Time Sync Setting

#crontab –e

##Time Server Sync

59 23 * * *    /usr/sbin/ntpdate -u ntp.mycompany.com

01 01 * * *    /usr/sbin/ntpdate -u ntp.mycompany.com

4.7-Set SYSLOG

before this configuration. make sure you already have SYSLog server configured in your environment. other wise ignore below settings.

#vi /etc/rsyslog.conf

Insert the following code

####Syslog configuration##########

*.* @syslog.mycompany.com

Where syslog.mycompany.com is the address of our syslog server

Start syslog service

#service rsyslog start

Start syslog service on boot

#chkconfig rsyslog on

4.8-Stop unnecessary services

To check the running services at run level3

#cd /etc/rc3.d

Here name starts with “S” shows all running services status and “K” shows offline services.

To check the running services run “ls –l S*”

vmtemplate-rhel06-19

Following are unnecessary services in our environment

#chkconfig ip6tables off
#chkconfig rhnsd off
#chkconfig postfix off

if you have GUI Installed than also do the above setting in runlevel 5

To check the running services at run level5 (GUI)

#cd /etc/rc5.d

Here name starts with “S” shows all running services status and “K” shows offline services.

To check the running services run “ls –l S*”

4.9-Remove the udev persistent device rules.

#rm -f /etc/udev/rules.d/70*

4.10-Remove the traces of the template MAC address and UUIDs.

#sed -i ‘/^(HWADDR|UUID)=/d’ /etc/sysconfig/network-scripts/ifcfg-ethx

NOTE: above command removing unique identifiers from the template so the cloned VM gets its own.

4.11-Clean /tmp files

#rm –rf /tmp/*
#rm –rf /var/tmp/*

4.12-Remove the SSH host keys.

#rm –f /etc/ssh/*key*

NOTE: If you don’t do this all your VMs will have all the same keys, which has negative security implications.

4.13-Remove the root user’s SSH history & other cruft.

#rm -rf ~root/.ssh/
#rm -f ~root/anaconda-ks.cfg

NOTE: You might choose to just remove ~root/.ssh/known_hosts if you have SSH keys you want to keep around.

4.14-Clean the Log Files.

Stop logging services.

#systemctl stop rsyslog
#systemctl stop auditd

It is good to stop log services before cleaning it up. Because it will create more logs while you are cleaning the log files.

Force the logs to rotate & remove old logs we don’t need.

#logrotate –f /etc/logrotate.conf
#rm –f /var/log/*-???????? /var/log/*.gz
#rm -f /var/log/dmesg.old
#/rm -rf /var/log/anaconda

Starting fresh with the logs is nice. It means that you don’t have old, irrelevant log data on all your cloned VMs,

4.15-Remove the root user’s shell history.

#m -f ~root/.bash_history
#unset HISTFILE

NOTE: It is good idea to clean bash history. Its make no sense in keeping this history around, it’s irrelevant to the cloned VM

5-Optional Settings:

This settings required after words when you create a VM from template

GUI Installation

#yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

NOTE: In order to work the above command make sure that you have configured group repo in your local yum server.

Next change the default run level from 3 (CLI) to 5 (GUI). 

Open /etc/inittab using a text editor and change following line:

id:3:initdefault:
To:
id:5:initdefault:

After making the change, reboot the machine.

#init 6

Configure VNC If Required

Go to following link to configure vnc.
Use following guidelines to Configure VNC Server
Configure Sudo If Required

This settings required. If you want an ordinary user to use root privileges. You need to add sudo in start of each command which you want to run as root privileges from ordinary user.

In order to use sudo you first need to configure the sudoers file. The sudoers file is located at /etc/sudoers. And you should not edit it directly; you need to use the visudo command. Enter visudo command,

#visudo

Add the below line.

If you want an individual user to use sudo with root privileges.

oracle ALL=(ALL) ALL

  • oracle: name of user to be allowed to use sudo
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

If you want a whole group to use sudo with root privileges

%sysadmins ALL =(ALL) NOPASSWD: ALL

  • sysadmins : name of group to be allowed to use sudo
  • Nopasswd: user wont be asked for password every time to execute a command
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s