Create a Golden Image of Ubuntu Server in vSphere

Linux, Servers, Virtualization

If you’re virtualizing server workloads, do yourself a favor and create a golden image. Go ahead, be as meticulous as you want, because you’ll only have to do it once.

I’m a fan of using Ubuntu for Linux servers, simply because of Ubuntu’s “free-forever” mantra and aggressive update cycle. Don’t get me wrong, I love using CentOS in an anally retentive security environment (check out SELINUX), but inherent security features tend to cause a hang up on using built in package managers to install the latest and greatest versions of apps (PHP for example).

That being said, this is how I set up my golden Ubuntu Server images in vSphere….

  1. Create a new VM
    vm 1
  2. Select Ubuntu Linux x64 as the flavor. Accept the defaults.
    vm 2
  3. Remove floppy (not needed). Set the CD-ROM to be an ISO of Ubuntu Server.
    vm 3
  4. Force boot into bios to disable unneeded stuff
    vm 4
  5. Boot into bios and disable floppy.
    vm 5
  6. Go to the advanced tab and select IO device config.
    vm 6
  7. Disable unneeded serial devices and floppy controller.
    vm 7
  8. Exit saving changes
    vm 8
  9. The VM will restart and boot from the Ubuntu Server ISO. Install Ubuntu.
    vm 9

  10. Select all the defaults. Set your hostname.
    vm 10
  11. Select your time zone
  12. For partitioning disks, select the default = guided use entire disk and setup LVM
  13. Select to write changes to disk
  14. Setup the a user. Create a user account (create username/pass) (I’m not sharing my username for security reasons). Encrypt your home directory if you want.
  15. Setup your proxy info if you have a proxy server filtering your outgoing web traffic
  16. Install will commence. You will be prompted to setup how you want to install automatic updates. I choose to install security updates automatically.
  17. You will be prompted to select which packages to install, don’t select any of them<./li>
  18. Select to install grub to the master boot record.
  19. After install is complete, select to restart the server.
  20. After the server comes backup, login and install an ssh server for management
    $ sudo apt-get install openssh-server
  21. Check out what the IP is so you can ssh to it
    $ ifconfig
  22. Now switch to a ssh client (putty) and connect to your vm. Go to the root prompt to avoid typing sudo all the time.
    $ sudo bash
  23. Update your packages
    # apt-get update
    # apt-get upgrade
  24. Reboot.
    # reboot
  25. Log back in and install open-vm-tools
    $ sudo apt-get install --no-install-recommends open-vm-tools
  26. Enable the firewall to allow all outgoing traffic and deny all incoming except ssh
    # ufw default deny incoming
    # ufw default allow outgoing
    # ufw allow ssh
    # ufw enable
  27. The firewall is now active and will be enabled on reboot. Check the status and rules:
    # ufw status verbose
  28. Setup nics so they can be cloned. For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown).
    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules
  29. Shutdown ubuntu, you’re done!

    # sudo shutdown -h now


    If you get the error “eth0 error while getting interface flags no such device” after you’ve cloned

    Comment all lines in /etc/udev/rules.d/70-persistent-net.rules

    #  vi /etc/udev/rules.d/70-persistent-net.rules


    # PCI device 0x8086:0x100f (e1000)
    # SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:xx:01", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
    # PCI device 0x8086:0x100f (e1000)
    # SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:xx:00:00:02", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

    Reboot the Ubuntu server on VMware ESXi.

    For Ubuntu server clone (image) creation (moving preparation) use next command on master clone (Source server) before final poweroff (shutdown).

    # sed -i 's/SUBSYSTEM/#SUBSYSTEM/g' /etc/udev/rules.d/70-persistent-net.rules