- CentOS 7.x Linux 64-bit, NO GUI desktop, HTTPD, PXE, Kickstart, RepoSync+RepoTrack, NFS.
- Begin with by making a full clone from existing VM c7baseline.
- two vDisks:
- 20GB for RepoSync at “/var/www/html/repos/” hdd=”c7pxe-repos.vmdk”
- 6GB for /boot and “/” hdd=”c7baseline-d1.vmdk”
- entry for “/etc/hosts”: 10.0.0.11 c7pxe.lab.domain.net c7pxe.local c7pxe
- VM is configured with a static IP using VMware Fusion VMNET2
- Only user is “elmer”. Elmer has administrative (sudo) privileges.
- firewalld is enabled and configured, with only SSH and nss-mdns in from local subnet.
- repo EPEL is enabled.
- KDUMP and SWAP were disabled during install.
- has these packages: ip address, nmtui, gzip, tar, top, curl, epel-release, yum-utils, deltarpm, nano, nss-mdns, htop, rng-tools, rsync.
- Avahi is running, so I can use *.local name resolution and skip more complicated DNS and/or host file configurations.
- open-vm-tools is running. I have a couple folders shared into the VM for getting scripts and outputting config backups.
- SSHD is running. I do most of my activity via a host MacOS terminal ssh connection.
- I use nano as editor on CentOS VMs. If you prefer vi, emacs, or something else… thats ok with me.
- The VM gets TIME from the host, via hypervisor/open-vm-tools, so it doesn’t need NTP or Chrony.
- Virtual hardware items Printer, Sound, USB, Camera, and Bluetooth have been removed from the VM config.
- The VM using NVMe for hard disks and SATA for cdrom. No IDE or SCSI.
- The reduced hardware profile enables removing a lot of firmware packages from these VMs.
It’s easy/fast to make a ZIP backup copy of an entire VM, so I’m moderately aggressive with removing things like dracut emergency/rescue packages, old kernels, yum caches, etc. If I break a VM, I just revert to a previous backup.
With VMs under 20GB in size, making ZIP backups via the host OS filesystem is often faster than managing VMware snapshots. Also, I like knowing that I have fully contained/atomic backups set to the side and quickly available if needed.
I have some custom scripts that clean up the VM contents and shrink the vdisk (to reduce disk usage on host system).
There are many options to further minimize and harden these VMs, but this current baseline maintains normal CentOS/Fedora/RHEL/Oracle functionality and compatibility.