If I need to deploy Red Hat 7 from template, I would like to take the recommended steps to make my "golden image" clean. It should boot to the first boot prompt and guide the user through the typical steps.
In Red Hat 5/6, I followed the documentation provided by the vendor. However, I cannot find the equivalent for Red Hat 7. Specifically, touch /.unconfigured does not trigger the first boot setup.
9.3.1. Sealing a Linux Virtual Machine for Deployment as a Template
Summary
Generalize (seal) a Linux virtual machine before making it into a template. This prevents conflicts between virtual machines deployed from the template.Procedure 9.6. Sealing a Linux Virtual Machine
Log in to the virtual machine. Flag the system for re-configuration by running the following command as root:
# touch /.unconfigured- Remove ssh host keys. Run:
# rm -rf /etc/ssh/ssh_host_*- Set
HOSTNAME=localhost.localdomainin/etc/sysconfig/network- Remove /etc/udev/rules.d/70-*. Run:
# rm -rf /etc/udev/rules.d/70-*- Remove the HWADDR= and UUID= line from
/etc/sysconfig/network-scripts/ifcfg-eth*.- Optionally delete all the logs from
/var/logand build logs from/root.- Shut down the virtual machine. Run:
# poweroff
Edit: Steps 1 & 7 can be combined by running sys-unconfig last. Or, have a look at virt-sysprep from libguestfs-tools-c which does much, much more.
[user@hostname ~]$ virt-sysprep --list-operations
abrt-data * Remove the crash data generated by ABRT
bash-history * Remove the bash history in the guest
blkid-tab * Remove blkid tab in the guest
ca-certificates Remove CA certificates in the guest
crash-data * Remove the crash data generated by kexec-tools
cron-spool * Remove user at-jobs and cron-jobs
delete * Delete specified files or directories
dhcp-client-state * Remove DHCP client leases
dhcp-server-state * Remove DHCP server leases
dovecot-data * Remove Dovecot (mail server) data
firewall-rules Remove the firewall rules
firstboot * Add scripts to run once at next boot
flag-reconfiguration Flag the system for reconfiguration
hostname * Change the hostname of the guest
kerberos-data Remove Kerberos data in the guest
logfiles * Remove many log files from the guest
lvm-uuids * Change LVM2 PV and VG UUIDs
machine-id * Remove the local machine ID
mail-spool * Remove email from the local mail spool directory
net-hostname * Remove HOSTNAME in network interface configuration
net-hwaddr * Remove HWADDR (hard-coded MAC address) configuration
pacct-log * Remove the process accounting log files
package-manager-cache * Remove package manager cache
pam-data * Remove the PAM data in the guest
password * Set root or user password
puppet-data-log * Remove the data and log files of puppet
random-seed * Generate random seed for guest
rhn-systemid * Remove the RHN system ID
rpm-db * Remove host-specific RPM database files
samba-db-log * Remove the database and log files of Samba
script * Run arbitrary scripts against the guest
smolt-uuid * Remove the Smolt hardware UUID
ssh-hostkeys * Remove the SSH host keys in the guest
ssh-userdir * Remove ".ssh" directories in the guest
sssd-db-log * Remove the database and log files of sssd
tmp-files * Remove temporary files
udev-persistent-net * Remove udev persistent net rules
user-account Remove the user accounts in the guest
utmp * Remove the utmp file
yum-uuid * Remove the yum UUID
What we think of as the initial setup is actually in three parts. The first two are:
Both of these are now enabled via systemd; once complete they disable themselves.
So, all you should have to do is remove any local user(s) created during the first Initial Setup process and re-enable these services:
and reboot.
I'm not entirely sure about the third part, which asks you for your language and to create a user account or to to join the machine to a domain. This, at least, will continue coming back until you actually complete the wizard. (So don't do that.)
It still may be a good idea to clean-up host keys and any hardware specific configuration. (Mac addresses in udev rules and interface configuration files.)