Following are the guidelines/steps to create a Virtual Machine template for redhat/centos linux 7x. Please note always start with minimum Specs and then extend later, whenever it will required.
It’s time to start.
1-First create a new VM
- Right Click on Server and Choose New Virtual Machine
- Enter VM Name (according to defined naming convention) and Inventory Location
- Select Datastore
- Select Virtual Machine Version: select latest available
- Select “Rehhat/CentOS Linux Version X (32/64-bit)” as OS Version
- # of Virtual Processors: 1
- Amount of RAM: 1GB
- # of NICs: 1
- Adapter Type: VMXNET 3
- Select “Connect at Power On
- SCSI Controller: Paravirtual
- Create New Virtual Disk: 15GB
- Disk Provision Method-> Thin Provisioning
- Virtual Device Node: SCSI
2-Now prepare the virtual hardware
- Right click on VM ->Hardware Upgrade(If Applicable)
- Edit VM Settings > Options->VMWare Tools->Advanced->
- Check upgrade Tool during power cycling
- Check synchronize guest time with host
- Edit VM Settings->Advance->General Section ->Uncheck “Enable logging”
- Edit VM Settings->Remove Extra Hardware(USB & floppy etc)
3-VM Configuration & OS Installation
- Edit VM Settings->Boot Options > Check box to force going into the BIOS on next boot
- Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
- Disable Serial port A
- Disable Serial port B
- Disable Parallel port
- Disable floppy drive
- Change boot sequence-> Save and Exit
- Install redhat/centos linux 7x 32/64bit
- Install redhat/centos with minimal and default configuration
- Once installed, restart the server
- Disconnect redhat/centos linux ISO and set device type to Client Device
In redhat/CentOS 7, Check Ethernet configuration is enabled on boot time or not. Make sure you have configured the network configuration during installation.
NOTE: In redhat/CentOS 7. By default Ethernet name starts with “enoxxx”. Reset of the configurations remains the same as previous redhat distributions.
To verify, it’s enable on boot time. go to Ethernet configuration file. The path is /etc/sysconfig/network-scripts/ ifcfg-eno16780032 (its default name of Ethernet is RHEL/CentOS7)
#vi /etc/sysconfig/network-scripts/ifcfg-eno16780032 Set ONBOOT=yes
Verify the network configuration and make sure the system gets ip.
Above command Is available only if you have installed “net-tools” rpm. Other wise use command
#ip addr show
#cd /etc/sysconfig/network-scripts #vi route-enoxxxx
NOTE: you should create a route file with the name of enthernet for example route-enoxxx
NOTE: Incase of second route copy and paste these three lines and replace the above three fields 0 with 1 and so on.
Now restart the network service in order to get the newly added routes
#systemctl restart network
4.4-YUM Client Setting:
1-Create file under /etc/yum.repos.d
Add following lines:
[YUM-Local-Repo] name=Red Hat Enterprise Linux $releasever - $basearch - Source baseurl=http://yumserverIP/yum/YUMRHEL7 enabled=1 gpgcheck=0
NOTE: Set baseurl paremeters according to yum server. Above repo configuration reflects the configuration of our local yum server. Make sure this repo exists on yum server before configuration.
Prerequisite: make sure to install perl package before vmware tools installation
#yum install perl #yum install open-vm-tools
NOTE: In redhat/CentOS 7 release vm tools comes as RPM as well and this is recommended method of installing tools instead of using the old method by installing the tools which shipped with ESXi server.
After installing VM tools start the service
#systemctl restart vmtoolsd
Verify from vm that vmtools are running
4.6-For Template Customization
If you are using the virtual machine as a template or SRM (Site Recovery Manager) to customize virtual machines after fail over, then install the deployPkg Tools plug-in.
For more information visit following VMWare KB.
NOTE: In versions 9.10 and later versions of open-vm-tools above steps are not necessary.
To determine the version of open-vm-tools installed, run this command:
4.7-Configure Time Server Client
In RHEL/CentOS 7 there are two methods to install Time server. One is NTP (old method) and second one is Chrony (new). I would recommend the new one.
Configure Chrony client.
Install the Chrony service (RPM):
# yum install -y chrony
Activate the Chrony service at boot:
# systemctl enable chronyd
Start the Chrony service:
# systemctl start chronyd
The Chrony configuration is in the /etc/chrony.conf file:
Comment all public servers pool settings and write below settings.
server ntp.mycompany.com iburst
where ntp.mycompany.com is the ntp server
Alternate way is to set these server offline by adding offline parameters at the end of line
server 0.rhel.pool.ntp.org offline
save and quit
Restart the Chorny Service.
# systemctl restart chronyd
Check log of any error.
To verify the NTP Synchronization source.
# chronyc sources -v
NOTE: Above is equivalent information as were “ntpq” command worked in NTP Daemon.
before this configuration. make sure you already have SYSLog server configured in your environment. other wise ignore below settings.
Insert the following code
Where syslog.mycompany.com is the address of our syslog server
Start syslog service
#systemctl start rsyslog
Start syslog service on boot
systemctl enable rsyslog
4.9-Stop unnecessary services
To check all active services
#systemctl --type=service --state=running
To stop unnecessary service use below command
#systemctl stop postfix.service
Where postfix is a service name which you want to stop.
To stop service on boot time.
#systemctl disable postfix.service
4.10-Remove the udev persistent device rules.
#rm -f /etc/udev/rules.d/70*
4.11-Remove the traces of the template MAC address and UUIDs.
#sed -i ‘/^(HWADDR|UUID)=/d’ /etc/sysconfig/network-scripts/ifcfg-ethx
NOTE: above command removing unique identifiers from the template so the cloned VM gets its own.
4.12-Clean /tmp files
#rm –rf /tmp/* #rm –rf /var/tmp/*
4.13-Remove the SSH host keys.
#rm –f /etc/ssh/*key*
NOTE: If you don’t do this all your VMs will have all the same keys, which has negative security implications.
4.14-Remove the root user’s SSH history & other cruft.
#rm -rf ~root/.ssh/ #rm -f ~root/anaconda-ks.cfg
NOTE: You might choose to just remove ~root/.ssh/known_hosts if you have SSH keys you want to keep around.
4.15-Clean the Log Files.
Stop logging services.
#systemctl stop rsyslog #systemctl stop auditd
It is good to stop log services before cleaning it up. Because it will create more logs while you are cleaning the log files.
Force the logs to rotate & remove old logs we don’t need.
#logrotate –f /etc/logrotate.conf #rm –f /var/log/*-???????? /var/log/*.gz #rm -f /var/log/dmesg.old #/rm -rf /var/log/anaconda
Starting fresh with the logs is nice. It means that you don’t have old, irrelevant log data on all your cloned VMs,
4.16-Remove the root user’s shell history.
#m -f ~root/.bash_history #unset HISTFILE
NOTE: It is good idea to clean bash history. Its make no sense in keeping this history around, it’s irrelevant to the cloned VM
This settings required after words when you create a VM from template
#yum groupinstall 'Server with GUI'
NOTE: In order to work the above command make sure that you have configured group repo in your local yum server.
#systemctl set-default graphical.target
This will set default mode into graphical from the default (multiuser.traget). When you next time reboot the machine.
Configure VNC If Required
Go to following link to configure vnc.
Configure Sudo If Required
This settings required. If you want an ordinary user to use root privileges. You need to add sudo in start of each command which you want to run as root privileges from ordinary user.
In order to use sudo you first need to configure the sudoers file. The sudoers file is located at /etc/sudoers. And you should not edit it directly; you need to use the visudo command. Enter visudo command,
Add the below line.
If you want an individual user to use sudo with root privileges.
oracle ALL=(ALL) ALL
- oracle: name of user to be allowed to use sudo
- ALL : Allow sudo access from any terminal ( any machine ).
- (ALL) : Allow sudo command to be executed as any user.
- ALL : Allow all commands to be executed.
If you want a whole group to use sudo with root privileges
%sysadmins ALL =(ALL) NOPASSWD: ALL
- sysadmins : name of group to be allowed to use sudo
- Nopasswd: user wont be asked for password every time to execute a command