Building a base CentOS image

Last modified by Mitchell on 2022/01/25 03:24

As noted previously, I'll be working on setting up an VMware ESXi system. I personally lean toward using CentOS for my systems, and there's an official CentOS EC2 AMI that's designed to be a secure, minimal profile. Unfortunately, contrary to its description, the CentOS AWS wiki page doesn't actually describe how they're built. There's been at least one person asking on the CentOS-virt mailing list about how they're created, but nothing on the list describes the procedure (at least back through January, 2013).

So, how to spec out the package list? Easy! Launch a simple EC2 instance. Here's the list from CentOS 6 (x86_64), version 6 (2013/05/27). Naturally, you should run yum update, but this should serve as a pretty good starting point.

AWS CentOS
acl-2.2.49-6.el6.x86_64
acpid-1.0.10-2.1.el6.x86_64
attr-2.4.44-7.el6.x86_64
audit-2.2-2.el6.x86_64
audit-libs-2.2-2.el6.x86_64
b43-openfwwf-5.2-4.el6.noarch
basesystem-10.0-4.el6.noarch
bash-4.1.2-14.el6.x86_64
binutils-2.20.51.0.2-5.36.el6.x86_64
bzip2-1.0.5-7.el6_0.x86_64
bzip2-libs-1.0.5-7.el6_0.x86_64
ca-certificates-2010.63-3.el6_1.5.noarch
centos-release-6-4.el6.centos.10.x86_64
checkpolicy-2.0.22-1.el6.x86_64
chkconfig-1.3.49.3-2.el6.x86_64
coreutils-8.4-19.el6_4.2.x86_64
coreutils-libs-8.4-19.el6_4.2.x86_64
cpio-2.10-11.el6_3.x86_64
cracklib-2.8.16-4.el6.x86_64
cracklib-dicts-2.8.16-4.el6.x86_64
cronie-1.4.4-7.el6.x86_64
cronie-anacron-1.4.4-7.el6.x86_64
crontabs-1.10-33.el6.noarch
curl-7.19.7-36.el6_4.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
dash-0.5.5.1-4.el6.x86_64
db4-4.7.25-17.el6.x86_64
db4-utils-4.7.25-17.el6.x86_64
dbus-glib-0.86-6.el6.x86_64
dbus-libs-1.2.24-7.el6_3.x86_64
deltarpm-3.5-0.5.20090913git.el6.x86_64
dhclient-4.1.1-34.P1.el6.centos.x86_64
dhcp-common-4.1.1-34.P1.el6.centos.x86_64
diffutils-2.8.1-28.el6.x86_64
dracut-004-303.el6.noarch
dracut-kernel-004-303.el6.noarch
e2fsprogs-1.41.12-14.el6.x86_64
e2fsprogs-libs-1.41.12-14.el6.x86_64
efibootmgr-0.5.4-10.el6.x86_64
elfutils-libelf-0.152-1.el6.x86_64
ethtool-3.5-1.el6.x86_64
expat-2.0.1-11.el6_2.x86_64
file-5.04-15.el6.x86_64
file-libs-5.04-15.el6.x86_64
filesystem-2.4.30-3.el6.x86_64
findutils-4.4.2-6.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
fipscheck-lib-1.2.0-7.el6.x86_64
gamin-0.1.10-9.el6.x86_64
gawk-3.1.7-10.el6.x86_64
gdbm-1.8.0-36.el6.x86_64
glib2-2.22.5-7.el6.x86_64
glibc-2.12-1.107.el6.x86_64
glibc-common-2.12-1.107.el6.x86_64
gmp-4.3.1-7.el6_2.2.x86_64
gnupg2-2.0.14-4.el6.x86_64
gpgme-1.1.8-3.el6.x86_64
grep-2.6.3-3.el6.x86_64
groff-1.18.1.4-21.el6.x86_64
grub-0.97-81.el6.x86_64
grubby-7.0.15-3.el6.x86_64
gzip-1.3.12-18.el6.x86_64
hwdata-0.233-7.9.el6.noarch
info-4.13a-8.el6.x86_64
initscripts-9.03.38-1.el6.centos.1.x86_64
iproute-2.6.32-23.el6.x86_64
iptables-1.4.7-9.el6.x86_64
iptables-ipv6-1.4.7-9.el6.x86_64
iputils-20071127-16.el6.x86_64
kbd-1.15-11.el6.x86_64
kbd-misc-1.15-11.el6.noarch
kernel-2.6.32-358.6.2.el6.x86_64
kernel-firmware-2.6.32-358.6.2.el6.noarch
keyutils-libs-1.4-4.el6.x86_64
krb5-libs-1.10.3-10.el6_4.2.x86_64
less-436-10.el6.x86_64
libacl-2.2.49-6.el6.x86_64
libattr-2.4.44-7.el6.x86_64
libblkid-2.17.2-12.9.el6_4.3.x86_64
libcap-2.16-5.5.el6.x86_64
libcap-ng-0.6.4-3.el6_0.1.x86_64
libcom_err-1.41.12-14.el6.x86_64
libcurl-7.19.7-36.el6_4.x86_64
libdrm-2.4.39-1.el6.x86_64
libedit-2.11-4.20080712cvs.1.el6.x86_64
libffi-3.0.5-3.2.el6.x86_64
libgcc-4.4.7-3.el6.x86_64
libgcrypt-1.4.5-9.el6_2.2.x86_64
libgpg-error-1.7-4.el6.x86_64
libidn-1.18-2.el6.x86_64
libnih-1.0.1-7.el6.x86_64
libpciaccess-0.13.1-2.el6.x86_64
libselinux-2.0.94-5.3.el6_4.1.x86_64
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
libsemanage-2.0.43-4.2.el6.x86_64
libsepol-2.0.41-4.el6.x86_64
libss-1.41.12-14.el6.x86_64
libssh2-1.4.2-1.el6.x86_64
libstdc++-4.4.7-3.el6.x86_64
libusb-0.1.12-23.el6.x86_64
libuser-0.56.13-5.el6.x86_64
libutempter-1.1.5-4.1.el6.x86_64
libuuid-2.17.2-12.9.el6_4.3.x86_64
libxml2-2.7.6-12.el6_4.1.x86_64
logrotate-3.7.8-16.el6.x86_64
lua-5.1.4-4.1.el6.x86_64
m4-1.4.13-5.el6.x86_64
MAKEDEV-3.24-6.el6.x86_64
man-1.6f-32.el6.x86_64
mingetty-1.08-5.el6.x86_64
module-init-tools-3.9-21.el6.x86_64
mysql-libs-5.1.69-1.el6_4.x86_64
ncurses-5.7-3.20090208.el6.x86_64
ncurses-base-5.7-3.20090208.el6.x86_64
ncurses-libs-5.7-3.20090208.el6.x86_64
net-tools-1.60-110.el6_2.x86_64
newt-0.52.11-3.el6.x86_64
nspr-4.9.2-1.el6.x86_64
nss-3.14.0.0-12.el6.x86_64
nss-softokn-3.12.9-11.el6.x86_64
nss-softokn-freebl-3.12.9-11.el6.x86_64
nss-sysinit-3.14.0.0-12.el6.x86_64
nss-tools-3.14.0.0-12.el6.x86_64
nss-util-3.14.0.0-2.el6.x86_64
openldap-2.4.23-32.el6_4.1.x86_64
openssh-5.3p1-84.1.el6.x86_64
openssh-clients-5.3p1-84.1.el6.x86_64
openssh-server-5.3p1-84.1.el6.x86_64
openssl-1.0.0-27.el6_4.2.x86_64
pam-1.1.1-13.el6.x86_64
passwd-0.77-4.el6_2.2.x86_64
pciutils-3.1.10-2.el6.x86_64
pciutils-libs-3.1.10-2.el6.x86_64
pcre-7.8-6.el6.x86_64
pinentry-0.7.6-6.el6.x86_64
plymouth-0.8.3-27.el6.centos.x86_64
plymouth-core-libs-0.8.3-27.el6.centos.x86_64
plymouth-scripts-0.8.3-27.el6.centos.x86_64
policycoreutils-2.0.83-19.30.el6.x86_64
popt-1.13-7.el6.x86_64
postfix-2.6.6-2.2.el6_1.x86_64
procps-3.2.8-25.el6.x86_64
psmisc-22.6-15.el6_0.1.x86_64
pth-2.0.7-9.3.el6.x86_64
pygpgme-0.1-18.20090824bzr68.el6.x86_64
python-2.6.6-36.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
python-libs-2.6.6-36.el6.x86_64
python-pycurl-7.19.0-8.el6.x86_64
python-urlgrabber-3.9.1-8.el6.noarch
readline-6.0-4.el6.x86_64
redhat-logos-60.0.14-12.el6.centos.noarch
rootfiles-8.1-6.1.el6.noarch
rpm-4.8.0-32.el6.x86_64
rpm-libs-4.8.0-32.el6.x86_64
rpm-python-4.8.0-32.el6.x86_64
rsync-3.0.6-9.el6.x86_64
rsyslog-5.8.10-6.el6.x86_64
sed-4.2.1-10.el6.x86_64
selinux-policy-3.7.19-195.el6_4.5.noarch
selinux-policy-targeted-3.7.19-195.el6_4.5.noarch
setup-2.8.14-20.el6.noarch
shadow-utils-4.1.4.2-13.el6.x86_64
slang-2.2.1-1.el6.x86_64
sqlite-3.6.20-1.el6.x86_64
sudo-1.8.6p3-7.el6.x86_64
system-config-firewall-base-1.2.27-5.el6.noarch
system-config-firewall-tui-1.2.27-5.el6.noarch
sysvinit-tools-2.87-4.dsf.el6.x86_64
tar-1.23-11.el6.x86_64
tcp_wrappers-libs-7.6-57.el6.x86_64
tzdata-2013b-1.el6.noarch
udev-147-2.46.el6.x86_64
upstart-0.6.5-12.el6.x86_64
ustr-1.0.4-9.1.el6.x86_64
util-linux-ng-2.17.2-12.9.el6_4.3.x86_64
vim-minimal-7.2.411-1.8.el6.x86_64
which-2.19-6.el6.x86_64
xz-4.999.9-0.3.beta.20091007git.el6.x86_64
xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
xz-lzma-compat-4.999.9-0.3.beta.20091007git.el6.x86_64
yum-3.2.29-40.el6.centos.noarch
yum-metadata-parser-1.1.2-16.el6.x86_64
yum-plugin-fastestmirror-1.1.30-14.el6.noarch
yum-presto-0.6.2-1.el6.noarch
zlib-1.2.3-29.el6.x86_64

What's particularly interesting is when you compare this against the list of RPMs installed by the CentOS 6.5 minimal CD.

CentOS minimal
acl-2.2.49-6.el6.x86_64
attr-2.4.44-7.el6.x86_64
audit-2.2-2.el6.x86_64
audit-libs-2.2-2.el6.x86_64
authconfig-6.1.12-13.el6.x86_64
b43-openfwwf-5.2-4.el6.noarch
basesystem-10.0-4.el6.noarch
bash-4.1.2-14.el6.x86_64
binutils-2.20.51.0.2-5.36.el6.x86_64
bridge-utils-1.2-10.el6.x86_64
bzip2-1.0.5-7.el6_0.x86_64
bzip2-libs-1.0.5-7.el6_0.x86_64
ca-certificates-2010.63-3.el6_1.5.noarch
centos-release-6-4.el6.centos.10.x86_64
checkpolicy-2.0.22-1.el6.x86_64
chkconfig-1.3.49.3-2.el6.x86_64
coreutils-8.4-19.el6.x86_64
coreutils-libs-8.4-19.el6.x86_64
cpio-2.10-11.el6_3.x86_64
cracklib-2.8.16-4.el6.x86_64
cracklib-dicts-2.8.16-4.el6.x86_64
cronie-1.4.4-7.el6.x86_64
cronie-anacron-1.4.4-7.el6.x86_64
crontabs-1.10-33.el6.noarch
cryptsetup-luks-1.2.0-7.el6.x86_64
cryptsetup-luks-libs-1.2.0-7.el6.x86_64
curl-7.19.7-35.el6.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
dash-0.5.5.1-4.el6.x86_64
db4-4.7.25-17.el6.x86_64
db4-utils-4.7.25-17.el6.x86_64
dbus-glib-0.86-5.el6.x86_64
dbus-libs-1.2.24-7.el6_3.x86_64
device-mapper-1.02.77-9.el6.x86_64
device-mapper-event-1.02.77-9.el6.x86_64
device-mapper-event-libs-1.02.77-9.el6.x86_64
device-mapper-libs-1.02.77-9.el6.x86_64
device-mapper-multipath-0.4.9-64.el6.x86_64
device-mapper-multipath-libs-0.4.9-64.el6.x86_64
device-mapper-persistent-data-0.1.4-1.el6.x86_64
dhclient-4.1.1-34.P1.el6.centos.x86_64
dhcp-common-4.1.1-34.P1.el6.centos.x86_64
diffutils-2.8.1-28.el6.x86_64
dracut-004-303.el6.noarch
dracut-kernel-004-303.el6.noarch
e2fsprogs-1.41.12-14.el6.x86_64
e2fsprogs-libs-1.41.12-14.el6.x86_64
efibootmgr-0.5.4-10.el6.x86_64
elfutils-libelf-0.152-1.el6.x86_64
ethtool-3.5-1.el6.x86_64
expat-2.0.1-11.el6_2.x86_64
file-5.04-15.el6.x86_64
file-libs-5.04-15.el6.x86_64
filesystem-2.4.30-3.el6.x86_64
findutils-4.4.2-6.el6.x86_64
fipscheck-1.2.0-7.el6.x86_64
fipscheck-lib-1.2.0-7.el6.x86_64
fuse-2.8.3-4.el6.x86_64
gamin-0.1.10-9.el6.x86_64
gawk-3.1.7-10.el6.x86_64
gdbm-1.8.0-36.el6.x86_64
glib2-2.22.5-7.el6.x86_64
glibc-2.12-1.107.el6.x86_64
glibc-common-2.12-1.107.el6.x86_64
gmp-4.3.1-7.el6_2.2.x86_64
gnupg2-2.0.14-4.el6.x86_64
gpgme-1.1.8-3.el6.x86_64
grep-2.6.3-3.el6.x86_64
groff-1.18.1.4-21.el6.x86_64
grub-0.97-81.el6.x86_64
grubby-7.0.15-3.el6.x86_64
gzip-1.3.12-18.el6.x86_64
hwdata-0.233-7.9.el6.noarch
info-4.13a-8.el6.x86_64
initscripts-9.03.38-1.el6.centos.x86_64
iproute-2.6.32-23.el6.x86_64
iptables-1.4.7-9.el6.x86_64
iptables-ipv6-1.4.7-9.el6.x86_64
iputils-20071127-16.el6.x86_64
iscsi-initiator-utils-6.2.0.873-2.el6.x86_64
kbd-1.15-11.el6.x86_64
kbd-misc-1.15-11.el6.noarch
kernel-2.6.32-358.el6.x86_64
kernel-firmware-2.6.32-358.el6.noarch
keyutils-libs-1.4-4.el6.x86_64
kpartx-0.4.9-64.el6.x86_64
krb5-libs-1.10.3-10.el6.x86_64
less-436-10.el6.x86_64
libacl-2.2.49-6.el6.x86_64
libaio-0.3.107-10.el6.x86_64
libattr-2.4.44-7.el6.x86_64
libblkid-2.17.2-12.9.el6.x86_64
libcap-2.16-5.5.el6.x86_64
libcap-ng-0.6.4-3.el6_0.1.x86_64
libcom_err-1.41.12-14.el6.x86_64
libcurl-7.19.7-35.el6.x86_64
libdrm-2.4.39-1.el6.x86_64
libedit-2.11-4.20080712cvs.1.el6.x86_64
libffi-3.0.5-3.2.el6.x86_64
libgcc-4.4.7-3.el6.x86_64
libgcrypt-1.4.5-9.el6_2.2.x86_64
libgpg-error-1.7-4.el6.x86_64
libidn-1.18-2.el6.x86_64
libnih-1.0.1-7.el6.x86_64
libpciaccess-0.13.1-2.el6.x86_64
libselinux-2.0.94-5.3.el6.x86_64
libselinux-utils-2.0.94-5.3.el6.x86_64
libsemanage-2.0.43-4.2.el6.x86_64
libsepol-2.0.41-4.el6.x86_64
libss-1.41.12-14.el6.x86_64
libssh2-1.4.2-1.el6.x86_64
libstdc++-4.4.7-3.el6.x86_64
libudev-147-2.46.el6.x86_64
libusb-0.1.12-23.el6.x86_64
libuser-0.56.13-5.el6.x86_64
libutempter-1.1.5-4.1.el6.x86_64
libuuid-2.17.2-12.9.el6.x86_64
libxml2-2.7.6-8.el6_3.4.x86_64
logrotate-3.7.8-16.el6.x86_64
lua-5.1.4-4.1.el6.x86_64
lvm2-2.02.98-9.el6.x86_64
lvm2-libs-2.02.98-9.el6.x86_64
m4-1.4.13-5.el6.x86_64
MAKEDEV-3.24-6.el6.x86_64
mdadm-3.2.5-4.el6.x86_64
mingetty-1.08-5.el6.x86_64
module-init-tools-3.9-21.el6.x86_64
mysql-libs-5.1.66-2.el6_3.x86_64
ncurses-5.7-3.20090208.el6.x86_64
ncurses-base-5.7-3.20090208.el6.x86_64
ncurses-libs-5.7-3.20090208.el6.x86_64
net-tools-1.60-110.el6_2.x86_64
newt-0.52.11-3.el6.x86_64
newt-python-0.52.11-3.el6.x86_64
nspr-4.9.2-1.el6.x86_64
nss-3.14.0.0-12.el6.x86_64
nss-softokn-3.12.9-11.el6.x86_64
nss-softokn-freebl-3.12.9-11.el6.x86_64
nss-sysinit-3.14.0.0-12.el6.x86_64
nss-tools-3.14.0.0-12.el6.x86_64
nss-util-3.14.0.0-2.el6.x86_64
openldap-2.4.23-31.el6.x86_64
openssh-5.3p1-84.1.el6.x86_64
openssh-clients-5.3p1-84.1.el6.x86_64
openssh-server-5.3p1-84.1.el6.x86_64
openssl-1.0.0-27.el6.x86_64
pam-1.1.1-13.el6.x86_64
passwd-0.77-4.el6_2.2.x86_64
pciutils-libs-3.1.10-2.el6.x86_64
pcre-7.8-6.el6.x86_64
pinentry-0.7.6-6.el6.x86_64
plymouth-0.8.3-27.el6.centos.x86_64
plymouth-core-libs-0.8.3-27.el6.centos.x86_64
plymouth-scripts-0.8.3-27.el6.centos.x86_64
policycoreutils-2.0.83-19.30.el6.x86_64
popt-1.13-7.el6.x86_64
postfix-2.6.6-2.2.el6_1.x86_64
procps-3.2.8-25.el6.x86_64
psmisc-22.6-15.el6_0.1.x86_64
pth-2.0.7-9.3.el6.x86_64
pygpgme-0.1-18.20090824bzr68.el6.x86_64
python-2.6.6-36.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
python-libs-2.6.6-36.el6.x86_64
python-pycurl-7.19.0-8.el6.x86_64
python-urlgrabber-3.9.1-8.el6.noarch
readline-6.0-4.el6.x86_64
redhat-logos-60.0.14-12.el6.centos.noarch
rootfiles-8.1-6.1.el6.noarch
rpm-4.8.0-32.el6.x86_64
rpm-libs-4.8.0-32.el6.x86_64
rpm-python-4.8.0-32.el6.x86_64
rsyslog-5.8.10-6.el6.x86_64
sed-4.2.1-10.el6.x86_64
selinux-policy-3.7.19-195.el6.noarch
selinux-policy-targeted-3.7.19-195.el6.noarch
setup-2.8.14-20.el6.noarch
shadow-utils-4.1.4.2-13.el6.x86_64
slang-2.2.1-1.el6.x86_64
sqlite-3.6.20-1.el6.x86_64
sudo-1.8.6p3-7.el6.x86_64
system-config-firewall-base-1.2.27-5.el6.noarch
sysvinit-tools-2.87-4.dsf.el6.x86_64
tar-1.23-11.el6.x86_64
tcp_wrappers-libs-7.6-57.el6.x86_64
tzdata-2012j-1.el6.noarch
udev-147-2.46.el6.x86_64
upstart-0.6.5-12.el6.x86_64
ustr-1.0.4-9.1.el6.x86_64
util-linux-ng-2.17.2-12.9.el6.x86_64
vim-minimal-7.2.411-1.8.el6.x86_64
which-2.19-6.el6.x86_64
xfsprogs-3.1.1-10.el6.x86_64
xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
yum-3.2.29-40.el6.centos.noarch
yum-metadata-parser-1.1.2-16.el6.x86_64
yum-plugin-fastestmirror-1.1.30-14.el6.noarch
zlib-1.2.3-29.el6.x86_64

A quick and dirty comparison of the packages shows these as the differences:

 Only in AWS EC2  Only in CentOS
 acpid         authconfig
 deltarpm      bridge-utils
 man           cryptsetup-luks
 pciutils      cryptsetup-luks-libs
 rsync         device-mapper
 system-config-firewall-tui  device-mapper-event
 xz            device-mapper-event-libs
 xz-lzma-compat  device-mapper-libs
 yum-presto    device-mapper-multipath
  device-mapper-multipath-libs
  device-mapper-persistent-data
  fuse
  iscsi-initiator-utils
  kpartx
  libaio
  libudev
  lvm2
  lvm2-libs
  mdadm
  newt-python
  xfsprogs

The necessity (or not) of these packages is left as an exercise for the reader. 😛

  • Although, it is rather frustrating if I then end up hitting a kernel panic while trying to build my base CentOS image on my desktop....
  • It also sucks when the minimal installation ISO fails to boot, and it takes you a while to figure out why.
  • The image (at least temporarily) needs enough memory, otherwise you'll get the text installer, which has limited configurability.

Posted by Mitchell · Categories: · Permalink · Comments (0)