Reduce Existing CentOS 7 Installation To “Minimal Install” – Services?

Home » CentOS » Reduce Existing CentOS 7 Installation To “Minimal Install” – Services?
CentOS 17 Comments

Hi,

When I install a CentOS server/desktop/workstation, I usually start from scratch with a barebone minimal installation, then add packages as needed.

Some machines (like dedicated servers in a datacenter) come preconfigured by the hosting company, so I thought it wouldn’t be a bad idea to start stripping that stuff first.

Here’s a little script I wrote, which essentially strips down any CentOS-7 installation to a minimal core system:

https://github.com/kikinovak/CentOS/blob/master/7.x/scripts/00-elaguer-paquets.sh

The script parses the ‘minimal’ package list and then just removes everything that’s not on the list.

Now I tried running that on an existing CentOS-7 “Web Server”
installation. I ran it, rebooted… and I got dropped to a console that suggested to run journalctl. Uh oh.

I’m currently catching up with systemd and its specificities, working through a bunch of online tutorials. But here’s what I figured out so far. Before stripping down my system, I have to reduce services to a minimum. (On a Slackware system, which is what I’m using most of the time, that’s where I would disable pretty much all services besides rc.syslog and rc.sshd.)

Now what would be the simple systemd equivalent of doing that? E. g. on any CentOS installation (be it graphical, “Web Server”, “File Server”, whatever), strip down services to the status that they’re at just after installing a “Minimal Install”?

Cheers from the sunny South of France,

Niki

Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32

17 thoughts on - Reduce Existing CentOS 7 Installation To “Minimal Install” – Services?

  • Le 06/05/2016 08:50, Nicolas Kovacs a écrit :

    PS: I gave this a spin on two sandbox machines here. One with a full GNOME GUI installation, one with a “Web Server” profile. On both, I
    defined “systemctl set-default multi-user.target”, then I stripped the system with my script. Upon reboot, startup hangs, and in my journal, I
    get a lot of “Failed to parse ACL” errors.

    I don’t know if it’s related to this:

    https://bugzilla.redhat.com/show_bug.cgi?id=1268628

    From here on, I’m clueless.

    Cheers,

    Niki


    Microlinux – Solutions informatiques durables
    7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32

  • you’re probably removing too many packages, eg some key package is a dep of MINIMAL but not in MINIMAL, and “yum remove” removes it and all its dependants. Maybe add “yum install $MINIMAL” after your yum remove command. Or replace yum remove with “rpm -e” to see if and who in $SUPPRIMER has deps in MINIMAL.

  • Le 06/05/2016 11:13, Nicolas Thierry-Mieg a écrit :

    I gave it another spin, this time with rpm -e $SUPPRIMER. Got no error messages, rpm -e simply wiped all non-essential packages. So I don’t think the problem comes from some removed minimal package.

    This time I activated startup messages. Booting gets stuck right after mounting /boot. I’ll try to reproduce it, since I can’t copy/paste it.

    [ OK ] Mounted /boot.
    [ TIME ] Timed out waiting for device dev-mapper-CentOS_amandine\x2dhome.device.
    [DEPEND] Dependency failed for /home.

    And then quite a few lines, and booting into emergency mode.

    Any suggestions?

    Niki


    Microlinux – Solutions informatiques durables
    7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32

  • –WEkIN0HCxOjQrTl0Lt49N9HXPg8RIHdGt Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    Maybe add a:

    yum groupinstall core

    –WEkIN0HCxOjQrTl0Lt49N9HXPg8RIHdGt

  • Just as an example of this, and one that RH may move into an update sooner or later. Fedora 24’s minimal comes with NetworkManager. I always remove it and use network. So, on Fedora 24, which is admittedly in beta,
    /etc/resolv.conf is now a part of NetworkManager, a symbolic link to /var/run/NetworkManager/resolv.conf. So,if one removes NetworkManager or even disables it, name resolution no longer works.

    It seems to me that the easiest thing would be to quickly run a minimal install in VirtualBox, and if you remove anything, keep an eye on it, or, as was suggested, below.

  • –P7RxbdgbbNFr5VasSQJD9GbLJeirjCTkL
    Content-Type: text/plain; charset=windows-1252
    Content-Transfer-Encoding: quoted-printable

    There actually are a couple more things than core in a minimal install
    .. here is the current minimal list:

    https://git.CentOS.org/blob/sig-core!comps.git/220ef7b59c95531d3752d4074ce673aa09792c67/c7-minimal-x86_64-RPMS.lst

    some of those might not get installed every time (ie, disk encrypt may not be on non-encrypted drives, etc.)

    But it is a good starting point.

    –P7RxbdgbbNFr5VasSQJD9GbLJeirjCTkL

  • Nicolas Kovacs wrote:
    kernel grub2 line? A UUID, a /dev/sdx, or LABEL=? If the latter, there’s a bug in grub? the boot process, so if you have a LABEL=/root or LABEL=/boot, it will fail, 100% of the time. Removing the leading / is the workaround.

    mark

  • Rather than remove them and add them back use yum shell to just remove the packages not in base or core:

    yum shell remove *
    install kernel @core @base run quit

    Peter

  • Yes, but you need to put the yum shell commands in a separate file. See yum-shell(8) for details.

    Peter

  • not that I’m wanting to strip down my C7, I’m wondering how that works if one has installed the Mate desktop from epel ?

  • You can try it with a VBox VM and share your experience just the way Nicolas has done.

    — Arun Khan