This post will help your creating a CentOS 7 Template for VMware.
Install CentOS 7 on any VMware virtualization product with “Minimal Install” for the software selection. You can find the most recent install image here.
Please use a VM hardware version of 10, if you want to deploy your CentOS template to vSphere 5.5 or vCloud Air.
After successful installation login and upgrade packages to the latest version:
# upgrade yum -y upgrade # reboot if a new kernel was installed init 6
The template will not have a root password nor an admin user password. You will require a private SSH key to login into the VM.
The following lines can either be copied and pasted into a shell or issued step by step:
# some variables export ADMIN_USER="admin" export ADMIN_PUBLIC_KEY="your public ssh key" # install necessary and helpful components yum -y install net-tools nano deltarpm wget bash-completion yum-plugin-remove-with-leaves yum-utils # install VM tools and perl for VMware VM customizations yum -y install open-vm-tools perl # Stop logging services systemctl stop rsyslog service auditd stop # Remove old kernels package-cleanup -y --oldkernels --count=1 # Clean out yum yum clean all # Force the logs to rotate & remove old logs we don’t need /usr/sbin/logrotate /etc/logrotate.conf --force rm -f /var/log/*-???????? /var/log/*.gz rm -f /var/log/dmesg.old rm -rf /var/log/anaconda # Truncate the audit logs (and other logs we want to keep placeholders for) cat /dev/null > /var/log/audit/audit.log cat /dev/null > /var/log/wtmp cat /dev/null > /var/log/lastlog cat /dev/null > /var/log/grubby # Remove the traces of the template MAC address and UUIDs sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-e* # enable network interface onboot sed -i -e 's@^ONBOOT="no@ONBOOT="yes@' /etc/sysconfig/network-scripts/ifcfg-e* # Clean /tmp out rm -rf /tmp/* rm -rf /var/tmp/* # Remove the SSH host keys rm -f /etc/ssh/*key* # configure sshd_config to only allow Pubkey Authentication sed -i -r 's/^#?(PermitRootLogin|PasswordAuthentication|PermitEmptyPasswords) (yes|no)/\1 no/' /etc/ssh/sshd_config sed -i -r 's/^#?(PubkeyAuthentication) (yes|no)/\1 yes/' /etc/ssh/sshd_config # add user 'ADMIN_USER' adduser $ADMIN_USER # add public SSH key mkdir -m 700 /home/$ADMIN_USER/.ssh chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh echo $ADMIN_PUBLIC_KEY > /home/$ADMIN_USER/.ssh/authorized_keys chmod 600 /home/$ADMIN_USER/.ssh/authorized_keys chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh/authorized_keys # add support for ssh-add echo 'eval $(ssh-agent) > /dev/null' >> /home/$ADMIN_USER/.bashrc # add user 'ADMIN_USER' to sudoers echo "$ADMIN_USER ALL = NOPASSWD: ALL" > /etc/sudoers.d/$ADMIN_USER chmod 0440 /etc/sudoers.d/$ADMIN_USER # Remove the root user’s SSH history rm -rf ~root/.ssh/ rm -f ~root/anaconda-ks.cfg # remove the root password passwd -d root # for support guest customization of CentOS 7 in vSphere 5.5 and vCloud Air # mv /etc/redhat-release /etc/redhat-release.old && touch /etc/redhat-release && echo 'Red Hat Enterprise Linux Server release 7.0 (Maipo)' > /etc/redhat-release # Remove the root user’s shell history history -cw # shutdown init 0
Starting with Open VM Tools 9.10 the deployPkg (open-vm-tools-deploypkg) is not needed anymore. Please see VMware support for Open VM Tools.
CentOS 7 is only supported starting with vSphere 6. As a workaround to deploy your CentOS template to vSphere 5.5 or vCloud Air and use VM customization, please uncomment the line to modify /etc/redhat-release.
Have you successfully tried this on 7.2? I am struggling to get any host renames working on fresh deployments.
Yes, I’m using CentOS 7.2.
If you are using vSphere 5.5, have you modified /etc/redhat-release? The line is uncommented and only necessary for vSphere versions earlier than vSphere 6, which supports CentOS 7 natively.
Hi i am Swaroop, we had an existing centos 6 template. I am cloning from the centos 6 template using java code (vsphere api). When is power on the cloned server i am able to successfully assign a desired ip address using customization spec from the code like (CustomizationFixedIp fixedIp = new CustomizationFixedIp();
CustomizationIPSettings customizationIPSettings = new CustomizationIPSettings();
We created a new Centos 7 template and when i clone, i am able to assign the desired ip-address or no ip-address is assigned. When is go to edit settings of the cloned centos 7 server the network adapter is not ticked. While in cloned centos 6 server the network adapter is automatically ticked .
What do you suggest or think what might be the difference in the templates centos 6 and 7. I even compared the network scripts eth01 and network file and replicated the same on to centos 7 template and still same issue. But when i manually clone from the vsphere client the vmware is able to assign a random ip address. Note: when cloning from java for centos 6 template the network adapter is getting ticked and for centos 7 it is not getting ticked. Kindly need you help or suggestions.
Sorry there are some typing errors,
When i power on the cloned server i am able to successfully assign a desired ip address which is preset using customisation spec from the code like
We created a new Centos 7 template and when i cloned a server, i am not able to assign the desired ip-address or no ip-address is assigned. When i go to edit settings of the cloned centos 7 server the network adapter is not ticked. While in cloned centos 6 server the network adapter is automatically ticked .
It is bad habit to use “init 6” to restart a unix box. The runlevels/targets can be redefined on any host. As well, some discrepancy may exist between default runlevels in older flavors of unix. The “shutdown” command, or even a “sync;sync;reboot” are safer to use everywhere.
If you must take the shortcut of typing “init 6”, then you should also be checking /etc/inittab or /usr/lib/systemd/system/runlevel6.target each time to make sure that runlevel 6 is indeed defined as reboot… thus making it a not-so-short-cut. 🙂
This is actually one of the main questions I ask about in interviews of unix sysadmins to help determine whether they are junior or senior level. It’s that important.