What is the recommended method to prepare Red Hat/CentOS 7 templates?
What we think of as the initial setup is actually in three parts. The first two are:
- Initial setup, which asks you to accept the license and create a user
- Firstboot, which asks you to configure kdump and (on RHEL) set up your subscription
Both of these are now enabled via systemd; once complete they disable themselves.
So, all you should have to do is remove any local user(s) created during the first Initial Setup process and re-enable these services:
systemctl enable initial-setup-graphical.service
systemctl enable firstboot-graphical.service
> /etc/sysconfig/firstboot
and reboot.
I'm not entirely sure about the third part, which asks you for your language and to create a user account or to to join the machine to a domain. This, at least, will continue coming back until you actually complete the wizard. (So don't do that.)
It still may be a good idea to clean-up host keys and any hardware specific configuration. (Mac addresses in udev rules and interface configuration files.)
Related videos on Youtube
Aaron Copley
Updated on September 18, 2022Comments
-
Aaron Copley almost 2 years
If I need to deploy Red Hat 7 from template, I would like to take the recommended steps to make my "golden image" clean. It should boot to the first boot prompt and guide the user through the typical steps.
In Red Hat 5/6, I followed the documentation provided by the vendor. However, I cannot find the equivalent for Red Hat 7. Specifically,
touch /.unconfigured
does not trigger the first boot setup.9.3.1. Sealing a Linux Virtual Machine for Deployment as a Template
Summary
Generalize (seal) a Linux virtual machine before making it into a template. This prevents conflicts between virtual machines deployed from the template.Procedure 9.6. Sealing a Linux Virtual Machine
Log in to the virtual machine. Flag the system for re-configuration by running the following command as root:
# touch /.unconfigured
- Remove ssh host keys. Run:
# rm -rf /etc/ssh/ssh_host_*
- Set
HOSTNAME=localhost.localdomain
in/etc/sysconfig/network
- Remove /etc/udev/rules.d/70-*. Run:
# rm -rf /etc/udev/rules.d/70-*
- Remove the HWADDR= and UUID= line from
/etc/sysconfig/network-scripts/ifcfg-eth*
. - Optionally delete all the logs from
/var/log
and build logs from/root
. - Shut down the virtual machine. Run:
# poweroff
Edit: Steps 1 & 7 can be combined by running
sys-unconfig
last. Or, have a look atvirt-sysprep
from libguestfs-tools-c which does much, much more.[user@hostname ~]$ virt-sysprep --list-operations abrt-data * Remove the crash data generated by ABRT bash-history * Remove the bash history in the guest blkid-tab * Remove blkid tab in the guest ca-certificates Remove CA certificates in the guest crash-data * Remove the crash data generated by kexec-tools cron-spool * Remove user at-jobs and cron-jobs delete * Delete specified files or directories dhcp-client-state * Remove DHCP client leases dhcp-server-state * Remove DHCP server leases dovecot-data * Remove Dovecot (mail server) data firewall-rules Remove the firewall rules firstboot * Add scripts to run once at next boot flag-reconfiguration Flag the system for reconfiguration hostname * Change the hostname of the guest kerberos-data Remove Kerberos data in the guest logfiles * Remove many log files from the guest lvm-uuids * Change LVM2 PV and VG UUIDs machine-id * Remove the local machine ID mail-spool * Remove email from the local mail spool directory net-hostname * Remove HOSTNAME in network interface configuration net-hwaddr * Remove HWADDR (hard-coded MAC address) configuration pacct-log * Remove the process accounting log files package-manager-cache * Remove package manager cache pam-data * Remove the PAM data in the guest password * Set root or user password puppet-data-log * Remove the data and log files of puppet random-seed * Generate random seed for guest rhn-systemid * Remove the RHN system ID rpm-db * Remove host-specific RPM database files samba-db-log * Remove the database and log files of Samba script * Run arbitrary scripts against the guest smolt-uuid * Remove the Smolt hardware UUID ssh-hostkeys * Remove the SSH host keys in the guest ssh-userdir * Remove ".ssh" directories in the guest sssd-db-log * Remove the database and log files of sssd tmp-files * Remove temporary files udev-persistent-net * Remove udev persistent net rules user-account Remove the user accounts in the guest utmp * Remove the utmp file yum-uuid * Remove the yum UUID
-
Aaron Copley almost 10 yearsAlmost had it. Setting
RUN_FIRSTBOOT=YES
in/etc/sysconfig/firstboot
got me the Kdump configuration part, but not the rest of the Firstboot process.
-
Aaron Copley almost 10 yearsFigured it out... You can't have any users other than 'root'. I had been using the user created the first time through the Initial Setup process. Logged in as root, userdel'd the user and rebooted -- Initial Setup worked.
-
Michael Hampton almost 10 yearsAh, I never create local users because I'm generally joining a domain. Figures.