Installing the Centos stream 9 template for VRA 7.6

Posted on By Martin Hasin No Comments on Inštalácia šablóny Centos stream 9 pre VRA 7.6

The creation of the CENTOS stream operating system template for the vmware automation system must meet certain requirements, whether security or the implementation of security policies of the organization or specific settings. Among the main settings that need to be made is to prevent the operating system from performing periodic operations that use system resources. For example, cloned VMs would create the same servers with the same machine-ID, which would cause IP address allocation errors or network collisions.

VM settings in VMware

Disable Secure Boot
SWAP File Shutdown
sched.swap.vmxSwapEnabled   false

Operating system installation:

Selecting the operating system version for the desktop version you need to select: “Workstation”

Time zone and NTP server settings

Setting a Root password and enabling login via SSH (root account is required for the server version)

Create an account under which the user will log in:

  1. Update system:
yum update
yum upgrade

2. SSH settings

Enable SSH root login and disable vmware account for server version

nano /etc/ssh/sshd_config.d/01-permitrootlogin.conf
PermitRootLogin yes
DenyUsers vmware

Regeneration of SSH keys after template creation

nano /etc/rc.local
SSHKEYGEN=/usr/bin/ssh-keygen

if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
    $SSHKEYGEN -q -t rsa  -f /etc/ssh/ssh_host_rsa_key -N "" \
        -C "" < /dev/null > /dev/null 2> /dev/null
    echo "Created /etc/ssh_host_rsa_key"
fi

if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
    $SSHKEYGEN -q -t dsa  -f /etc/ssh/ssh_host_dsa_key -N "" \
        -C "" < /dev/null > /dev/null 2> /dev/null
    echo "Created /etc/ssh_host_dsa_key"
fi

Delete current keys:

rm -f /etc/ssh/ssh_host_*

3. Installing additional libraries, disabling the firewall

yum install -y perl
systemctl disable firewalld
systemctl disable cloud-init

4. Delete temporary files and turn off the SWAP partition

yum clean all
echo "" | sudo tee /etc/machine-id >/dev/null
rm -rf /tmp/*
rm -rf /var/tmp/*
if [ -f /var/log/audit/audit.log ]; then
    cat /dev/null > /var/log/audit/audit.log
fi
if [ -f /var/log/wtmp ]; then
    cat /dev/null > /var/log/wtmp
fi
if [ -f /var/log/lastlog ]; then
    cat /dev/null > /var/log/lastlog
fi
if [ -f /var/log/cron ]; then
    cat /dev/null > /var/log/cron
fi
if [ -f /var/log/messages ]; then
    cat /dev/null > /var/log/messages
fi
sudo swapoff --all
sudo sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
history -c
history -w
sudo shutdown -h now

5. Convert the created system as a template:

Martin Hasin
CEO at mhite S.R.O. | Website | + posts

Odborník na kybernetickú bezpečnosť, správu Azure Cloud a VMware onprem. Využíva technológie, ako Checkmk a MRTG, na monitorovanie siete a zvyšovanie efektívnosti a bezpečnosti IT infraštruktúry.

Automation Tags:, , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

en_US
sk_SK en_US