Skip to main content

How to Create a Red Hat Enterprise Linux 7.0 VMware Template



References:
Red Hat (VMware Cloning Precautions) - https://access.redhat.com/site/solutions/271643
Linux Tutorials Website (NixCraft): http://www.cyberciti.biz/faq/centos-ssh/
The Lone SysAdmin - http://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
Mfariso1 - https://www.suse.com/communities/conversations/creating-standard-server-template-sles-11-sp1-vmware/
DISA STIG Compliance Tool Viewer: http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx
DISA STIG (Operating Systems): http://iase.disa.mil/stigs/os/Pages/index.aspx
DISA STIG How-To YouTube Video: https://www.youtube.com/watch?v=-h_lj5sWo4A
Force Use of Screen at Login (Red Hat): https://goo.gl/3RU1wU 

1. Upload the ISO to your datastore. Create a Linux virtual machine (Remove the floppy disk and boot into the BIOS and Disable anything you don't need or won't need) with only the packages you actually need and will use.

2. vi /etc/motd (This is the security banner message for your company).

2a. VMware Specific configurations: VMware Tools & Other
http://partnerweb.vmware.com/GOSIG/RHEL_7.html

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014294

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075048

3. Antivirus/Malware Software: (Use Something)

3a. Don't forget visudo if your using Active Directory. This way you don't have to add it later manually
%DOMAIN\\SECURITYGROUP
Note: If your using spaces in your AD security groups. Just change it to a "-" or "_" make life easier with a dash or an underscore.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027766

4. Clean out your temporary files and log files
/usr/bin/yum clean all
go to /var/log and clean out all of the log files. You don't need anything for a template to remain.
/etc/ssh/sshd_config (configure to your security requirements. DO NOT LOGIN AS ROOT!!!)
/tmp/ (be careful completely blowing away /tmp on VMware for VMware Tools, etc)

5. Blow away the current NIC configurations:
 /bin/sed -i '/^\(HWADDR\|UUID\)=/d' /etc/sysconfig/network-scripts/ifcfg-ens19 (*whatever ens is)
(ens32 is new and different from eth0. Go Here is you want to know what changed)

6. Remove SSH Keys
/bin/rm –f /etc/ssh/*key*

7. Remove Root's History
/bin/rm -f ~root/.bash_history
unset HISTFILE

8. Clear out all of the junk and anything showing what you did:
cat /dev/null > ~/.bash_history && history -c && init 0

*Only add && init 0 after history -c if you want to immediately shut the box down.

8. Shutdown and convert to template
init 0 
(*VMware/RHEV/OpenStack Convert it to a template)

Popular posts from this blog

How to Configure HP ILO 4 for Active Directory Login

1. Make sure that your Windows Active Directory Domain Controller has an SSL Certificate to support port 636 (HP's authentication doesn't like 389)

2. Use Softerra LDAP Administrator (or whatever is your preferred tool to get the OU path) if you don't know how to do it by heart (which...um...sometimes its better to verify).

3. Make sure that you have a way to authenticate users by adding in the OU where your restricted accounts are located. You don't want anyone in the domain to be able to login to the server.

ILO Login > Administration > User Administration - Click New and Add the Group DN Only:



Click Add Group and then you will see your group added. (*Make sure it's a security group)


4. Add in your Windows Active Directory DC to authenticate against (Verified against 2008R2):

ILO Login > Administration > Security - Directory (*Make sure it's the OU where the security group is)


5. Sign Out (Log off) and then Log Back in (If you don't see Direct…

How to Fix /storage/core filesystem Out of Disk Space Error on VCSA 6.0U1

How to fix the error of "The /storage/core filesystem is out of disk space or inodes"


Step 1: Login to the new VCSA 6.0U1 HTML5 web client. https://ip address:5480



Step 2: Enable SSH and Bash Shell
Step 3: Login as root and type "shell" at Command> shell
Step 4: df -h (Check if it's out of space)
/dev/mapper/core_vg-core               50G   50G     0 100% /storage/core
Step 5: Stop the services of VCSA: 
hostname: # service vmware-vpxd stop hostname: # service vmware-vpxd status (make sure it is stopped)
Step 6:  cd /storage/core
Step 7: rm -rf *.tgz (be CAREFUL...do this in the wrong directory and you will be retrieving from a backup.)


If you need help. Go to Cybercity (http://www.cyberciti.biz/faq/delete-all-files-folder-linux/
Step 8: service vmware-vpxd restart

Step 9: history -c
Step 10: Refresh the browser (https://ip address:5480). Now it's all green


VMware KB: (

VCSA vmware-vpxd Service Won't Restart After Upgrading to 6.0 U2

You navigate to the VMware Web Client and you get this 503 Error:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x7fe4a805cc90] _serverNamespace = / _isRedirect = false _pipeName =/var/run/vmware/vpxd-webserver-pipe)
Cause:(SSL Certificates wouldn’t issue automatically after reboot for service vmware-vpxd
Compounded Problem:(Clearing logs under ~/.* **root**) – Specifically, clearing ~/.pgpass 
(Lesson Learned: NEVER EVER CLEAR FILES UNDER ~/. Except .bash_history on templates creation only!!!)
Fix: Kill all the services running vpxd
1. ps -ef | grep vpxd 2. kill ### 3. Re-add the ~/.pgpass file with the PostGreSQL password 4. vi /et c/vmware-vpx/embedded_db.cfg 5. Copy the password you see between PGUSER_PASSWORD=’password here‘ 6. Put the password back in ~/.pgpass
localhost:5432:VCDB:postgres: password here localhost:5432:postgres:postgres: password here localhost:5432:VCDB:vc: password here
7. Check /etc/hosts and make sure config is there. 10.…