This post will help your creating a CentOS 7 Template for VMware.

Getting started

Install CentOS 7 on any VMware virtualization product with “Minimal Install” for the software selection. You can find the most recent install image here.
Please use a VM hardware version of 10, if you want to deploy your CentOS template to vSphere 5.5 or vCloud Air.

After successful installation login and upgrade packages to the latest version:

# upgrade
yum -y upgrade

# reboot if a new kernel was installed
init 6

Customization

The template will not have a root password nor an admin user password. You will require a private SSH key to login into the VM.

The following lines can either be copied and pasted into a shell or issued step by step:

# some variables
export ADMIN_USER="admin"
export ADMIN_PUBLIC_KEY="your public ssh key"

# install necessary and helpful components
yum -y install net-tools nano deltarpm wget bash-completion yum-plugin-remove-with-leaves yum-utils

# install VM tools and perl for VMware VM customizations
yum -y install open-vm-tools perl

# Stop logging services
systemctl stop rsyslog
service auditd stop

# Remove old kernels
package-cleanup -y --oldkernels --count=1

# Clean out yum
yum clean all

# Force the logs to rotate & remove old logs we don’t need
/usr/sbin/logrotate /etc/logrotate.conf --force
rm -f /var/log/*-???????? /var/log/*.gz
rm -f /var/log/dmesg.old
rm -rf /var/log/anaconda

# Truncate the audit logs (and other logs we want to keep placeholders for)
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/grubby

# Remove the traces of the template MAC address and UUIDs
sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-e*

# enable network interface onboot
sed -i -e 's@^ONBOOT="no@ONBOOT="yes@' /etc/sysconfig/network-scripts/ifcfg-e*

# Clean /tmp out
rm -rf /tmp/*
rm -rf /var/tmp/*

# Remove the SSH host keys
rm -f /etc/ssh/*key*

# configure sshd_config to only allow Pubkey Authentication
sed -i -r 's/^#?(PermitRootLogin|PasswordAuthentication|PermitEmptyPasswords) (yes|no)/\1 no/' /etc/ssh/sshd_config
sed -i -r 's/^#?(PubkeyAuthentication) (yes|no)/\1 yes/' /etc/ssh/sshd_config

# add user 'ADMIN_USER'
adduser $ADMIN_USER

# add public SSH key
mkdir -m 700 /home/$ADMIN_USER/.ssh
chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh
echo $ADMIN_PUBLIC_KEY > /home/$ADMIN_USER/.ssh/authorized_keys
chmod 600 /home/$ADMIN_USER/.ssh/authorized_keys
chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh/authorized_keys

# add support for ssh-add
echo 'eval $(ssh-agent) > /dev/null' >> /home/$ADMIN_USER/.bashrc

# add user 'ADMIN_USER' to sudoers
echo "$ADMIN_USER    ALL = NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER
chmod 0440 /etc/sudoers.d/$ADMIN_USER

# Remove the root user’s SSH history
rm -rf ~root/.ssh/
rm -f ~root/anaconda-ks.cfg

# remove the root password
passwd -d root

# for support guest customization of CentOS 7 in vSphere 5.5 and vCloud Air
# mv /etc/redhat-release /etc/redhat-release.old && touch /etc/redhat-release && echo 'Red Hat Enterprise Linux Server release 7.0 (Maipo)' > /etc/redhat-release

# Remove the root user’s shell history
history -cw

# shutdown
init 0

Notes

Starting with Open VM Tools 9.10 the deployPkg (open-vm-tools-deploypkg) is not needed anymore. Please see VMware support for Open VM Tools.

CentOS 7 is only supported starting with vSphere 6. As a workaround to deploy your CentOS template to vSphere 5.5 or vCloud Air and use VM customization, please uncomment the line to modify /etc/redhat-release.