Virtual Machine Template Guidelines for VMWare – “Redhat/CentOS Linux 7.x”

Following are the guidelines/steps to create a Virtual Machine template for redhat/centos linux 7x. Please note always start with minimum Specs and then extend later, whenever it will required.

It’s time to start.

1-First create a new VM

  • Right Click on Server and Choose New Virtual Machine
  • Enter VM Name (according to defined naming convention) and Inventory Location
  • Select Datastore
  • Select Virtual Machine Version: select latest available
  • Select “Rehhat/CentOS Linux Version X (32/64-bit)” as OS Version
  • # of Virtual Processors: 1
  • Amount of RAM: 1GB
  • Network
  • # of NICs: 1
  • Adapter Type: VMXNET 3
  • Select “Connect at Power On
  • SCSI Controller: Paravirtual
  • Create New Virtual Disk: 15GB
  • Disk Provision Method-> Thin Provisioning
  • Virtual Device Node: SCSI

2-Now prepare the virtual hardware

  • Right click on VM ->Hardware Upgrade(If Applicable)
  • Edit VM Settings > Options->VMWare Tools->Advanced->
  • Check upgrade Tool during power cycling
  • Check synchronize guest time with host
  • Edit VM Settings->Advance->General Section ->Uncheck “Enable logging”
  • Edit VM Settings->Remove Extra Hardware(USB & floppy etc)

3-VM Configuration & OS Installation

  • Edit VM Settings->Boot Options > Check box to force going into the BIOS on next boot
  • Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
  • Disable Serial port A
  • Disable Serial port B
  • Disable Parallel port
  • Disable floppy drive
  • Change boot sequence-> Save and Exit
  • Install redhat/centos linux 7x 32/64bit
  • Install redhat/centos with minimal and default configuration

vmtemplate-rhel07-01

  • Once installed, restart the server
  • Disconnect redhat/centos linux ISO and set device type to Client Device

4-OS Configuration

4.1-Network configuration

In redhat/CentOS 7, Check Ethernet configuration is enabled on boot time or not. Make sure you have configured the network configuration during installation.

NOTE: In redhat/CentOS 7. By default Ethernet name starts with “enoxxx”. Reset of the configurations remains the same as previous redhat distributions.

To verify, it’s enable on boot time. go to Ethernet configuration file. The path is /etc/sysconfig/network-scripts/ ifcfg-eno16780032 (its default name of Ethernet is RHEL/CentOS7)

#vi /etc/sysconfig/network-scripts/ifcfg-eno16780032
Set ONBOOT=yes

vmtemplate-rhel07-02

Verify the network configuration and make sure the system gets ip.

#ifconfig

Above command Is available only if you have installed “net-tools” rpm. Other wise use command

#ip addr show

vmtemplate-rhel07-03

4.2-Disable selinux

#vi /etc/selinux/config

vmtemplate-rhel06-09

4.3-Add Route

#cd /etc/sysconfig/network-scripts
#vi route-enoxxxx

NOTE: you should create a route file with the name of enthernet for example route-enoxxx

vmtemplate-rhel06-11

NOTE: Incase of second route copy and paste these three lines and replace the above three fields 0 with 1 and so on.

Now restart the network service in order to get the newly added routes

#systemctl restart network

4.4-YUM Client Setting:

1-Create file under /etc/yum.repos.d

#vi /etc/yum.repos.d/yum-local.repo

Add following lines:

[YUM-Local-Repo]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://yumserverIP/yum/YUMRHEL7
enabled=1
gpgcheck=0

NOTE: Set baseurl paremeters according to yum server. Above repo configuration reflects the configuration of our local yum server. Make sure this repo exists on yum server before configuration.

4.5-VMware Tools

Prerequisite: make sure to install perl package before vmware tools installation

#yum install perl
#yum install open-vm-tools

NOTE: In redhat/CentOS 7 release vm tools comes as RPM as well and this is recommended method of installing tools instead of using the old method by installing the tools which shipped with ESXi server.

After installing VM tools start the service

#systemctl restart vmtoolsd

Verify from vm that vmtools are running

vmtemplate-rhel07-06

4.6-For Template Customization

If you are using the virtual machine as a template or SRM (Site Recovery Manager) to customize virtual machines after fail over, then install the deployPkg Tools plug-in.

For more information visit following VMWare KB.

NOTE: In versions 9.10 and later versions of open-vm-tools above steps are not necessary.

To determine the version of open-vm-tools installed, run this command:

#vmware-toolbox-cmd –v

4.7-Configure Time Server Client

In RHEL/CentOS 7 there are two methods to install Time server. One is NTP (old method) and second one is Chrony (new). I would recommend the new one.

Configure Chrony client.

Install the Chrony service (RPM):

# yum install -y chrony

Activate the Chrony service at boot:

# systemctl enable chronyd

Start the Chrony service:

# systemctl start chronyd

The Chrony configuration is in the /etc/chrony.conf file:

Comment all public servers pool settings and write below settings.

server ntp.mycompany.com iburst

where ntp.mycompany.com is the ntp server

Alternate way is to set these server offline by adding offline parameters at the end of line

server 0.rhel.pool.ntp.org offline

save and quit

Restart the Chorny Service.

# systemctl restart chronyd

Check log of any error.

#journalctl –f

To verify the NTP Synchronization source.

# chronyc sources -v

NOTE: Above is equivalent information as were “ntpq” command worked in NTP Daemon.

4.8-Set SYSLOG

before this configuration. make sure you already have SYSLog server configured in your environment. other wise ignore below settings.

#vi /etc/rsyslog.conf

Insert the following code

####Syslog configuration##########

*.* @syslog.mycompany.com

Where syslog.mycompany.com is the address of our syslog server

Start syslog service

#systemctl start rsyslog

Start syslog service on boot

systemctl enable rsyslog

4.9-Stop unnecessary services
To check all active services

#systemctl --type=service --state=running

vmtemplate-rhel07-07

To stop unnecessary service use below command

#systemctl stop postfix.service

Where postfix is a service name which you want to stop.

To stop service on boot time.

#systemctl disable postfix.service

4.10-Remove the udev persistent device rules.

#rm -f /etc/udev/rules.d/70*

4.11-Remove the traces of the template MAC address and UUIDs.

#sed -i ‘/^(HWADDR|UUID)=/d’ /etc/sysconfig/network-scripts/ifcfg-ethx

NOTE: above command removing unique identifiers from the template so the cloned VM gets its own.

4.12-Clean /tmp files

#rm –rf /tmp/*
#rm –rf /var/tmp/*

4.13-Remove the SSH host keys.

#rm –f /etc/ssh/*key*

NOTE: If you don’t do this all your VMs will have all the same keys, which has negative security implications.

4.14-Remove the root user’s SSH history & other cruft.

#rm -rf ~root/.ssh/
#rm -f ~root/anaconda-ks.cfg

NOTE: You might choose to just remove ~root/.ssh/known_hosts if you have SSH keys you want to keep around.

4.15-Clean the Log Files.

Stop logging services.

#systemctl stop rsyslog
#systemctl stop auditd

It is good to stop log services before cleaning it up. Because it will create more logs while you are cleaning the log files.

Force the logs to rotate & remove old logs we don’t need.

#logrotate –f /etc/logrotate.conf
#rm –f /var/log/*-???????? /var/log/*.gz
#rm -f /var/log/dmesg.old
#/rm -rf /var/log/anaconda

Starting fresh with the logs is nice. It means that you don’t have old, irrelevant log data on all your cloned VMs,

4.16-Remove the root user’s shell history.

#m -f ~root/.bash_history
#unset HISTFILE

NOTE: It is good idea to clean bash history. Its make no sense in keeping this history around, it’s irrelevant to the cloned VM

5-Optional Settings:

This settings required after words when you create a VM from template

GUI Installation

#yum groupinstall 'Server with GUI'

NOTE: In order to work the above command make sure that you have configured group repo in your local yum server.

#systemctl set-default graphical.target

This will set default mode into graphical from the default (multiuser.traget). When you next time reboot the machine.

Configure VNC If Required

Go to following link to configure vnc.

http://www.linuxtechi.com/install-configure-vnc-server-centos-7-rhel-7/

Configure Sudo If Required

This settings required. If you want an ordinary user to use root privileges. You need to add sudo in start of each command which you want to run as root privileges from ordinary user.

In order to use sudo you first need to configure the sudoers file. The sudoers file is located at /etc/sudoers. And you should not edit it directly; you need to use the visudo command. Enter visudo command,

#visudo

Add the below line.

If you want an individual user to use sudo with root privileges.

oracle ALL=(ALL) ALL

  • oracle: name of user to be allowed to use sudo
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

If you want a whole group to use sudo with root privileges

%sysadmins ALL =(ALL) NOPASSWD: ALL

  • sysadmins : name of group to be allowed to use sudo
  • Nopasswd: user wont be asked for password every time to execute a command
Advertisements

2 responses to “Virtual Machine Template Guidelines for VMWare – “Redhat/CentOS Linux 7.x”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s