ESX server unattended install

This post was triggered by the VI3.5 Deploy Secure Analyse course I ran in Wellington last week, I realised at the end of the course that I hadn’t provided the guys with the template unattended file on the CD as I usually do.

The Ananconda Kickstart file reproduced below is an example  which builds the configuration used in the HP Virtual Labs in the VI3 Install and Configure course with a few of the security settings from the DSA course added.

Due to the lack of a suitable editor in the HPVL this script has not been tested.  The post section of the script is a Linux shell script and does not take kindly to DOS type “carriage return / line feed” end of line markers.  To create your scripts on Windows I would suggest using an editor like Crimson which respects Unix format text, alternatively use a Unix editor!

I am still planning to post about making a custom boot CD to make your automated builds even easier and using a central script store as well, hopefully I’ll get some time to test & write those soon.  Meanwhile follow the break for the unattend script.

# Auto-Generated Scripted Install Configuration file.
# This file is used for VMware ESX Server Scripted Install Deployment
install
lang en_US.UTF-8
langsupport –default en_US.UTF-8
keyboard us
mouse generic3ps/2 –device psaux
skipx
reboot

network –device eth0 –bootproto static –ip 192.168.38.36 –netmask 255.255.255.0 –gateway 192.168.38.3 –nameserver 192.168.38.3 –hostname chlorine06.hp.local –addvmportgroup=1 –vlanid=0

# root Password
rootpw –iscrypted  $1$fEO6n2tZ$q97Kwrx1fJwx5fm8Crine0

firewall –enabled

# Authconfig
authconfig –enableshadow –enablemd5

timezone –utc Pacific/Auckland

# Text Mode
text

bootloader –location=mbr

clearpart –all –drives=cciss/c0d0
part /boot –fstype ext3 –size=250 –ondisk=cciss/c0d0
part / –fstype ext3 –size=5120 –ondisk=cciss/c0d0
part swap –size=2048 –ondisk=cciss/c0d0
part /var –fstype ext3 –size=5120 –ondisk=cciss/c0d0
part /opt –fstype ext3 –size=5120 –ondisk=cciss/c0d0

# VMware Specific Commands
vmaccepteula
vmlicense –mode=server
–server=27000@dvc.demitasse.local –edition=esxFull

%packages
grub

%post
dateTime=`date ‘+%c’`
echo Built on “$dateTime” > /etc/motd
# Set banner to warn rebuild in rogress
mv /etc/issue /etc/issue.orig
cat > /etc/issue <<EOF9
Do not log on, this system is being rebuilt
Reuild began at “$dateTime”
Rebuild should complete within 30 minutes
EOF9

mv /etc/pam.d/su /etc/pam.d/su.orig
cat > /etc/pam.d/su <<EOF8
#%PAM-1.0
auth       sufficient   /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the “wheel” group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the “wheel” group.
auth       required     /lib/security/$ISA/pam_wheel.so use_uid
auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
session    optional     /lib/security/$ISA/pam_xauth.so
EOF8

# Setup SSH config
cat > /etc/ssh/sshd_config <<EOF7
Protocol 2
SyslogFacility AUTH
LogLevel VERBOSE
Subsystem sftp /usr/libexec/openssh/sftp-server
Ciphers aes256-cbc,aes128-cbc
EOF7

# Setup NTP config
cat > /etc/ntp.conf <<EOF6
restrict default ignore
restrict 127.0.0.1
restrict default kod nomodify notrap
server 192.168.38.3
fudge   127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay  0.008
authenticate yes
keys            /etc/ntp/keys
EOF6

# Setup NTP time source
cat > /etc/ntp/step-tickers <<EOF5
192.168.38.3
EOF5

# Append server information to hosts file
cat > /etc/hosts <<EOF4
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1      localhost.localdomain localhost
192.168.38.31  chlorine01  chlorine01.hp.local
192.168.38.32  chlorine02  chlorine02.hp.local
192.168.38.33  chlorine03  chlorine03.hp.local
192.168.38.34  chlorine04  chlorine04.hp.local
192.168.38.35  chlorine05  chlorine05.hp.local
192.168.38.36  chlorine06  chlorine06.hp.local
EOF4

# Things that require the VMKernel should be placed in here
cat > /tmp/esxcfg.sh <<EOF3
#!/bin/sh
# Configure ESX Server
esxcfg-firewall -e ntpClient
esxcfg-vswitch -a vSwitch1
esxcfg-vswitch -A VMOTION vSwitch1
esxcfg-vswitch -L vmnic1 vSwitch1
esxcfg-vswitch -a vSwitch2
esxcfg-vswitch -A Production vSwitch2
esxcfg-vswitch -L vmnic2 vSwitch2
esxcfg-vswitch -A iSCSIAccess vSwitch0
# Get last octet from vSWif0 IP address & use as last octet of VMotion port IP address
LAST=`/sbin/ifconfig vswif0 | grep “inet addr” | awk ‘ { print $2 } ‘ | awk -F. ‘ { print $4 } ‘`
esxcfg-vmknic -a -i 10.1.38.$LAST -n 255.255.255.0 VMOTION
# Add 150 to be last octet of IP storage port IP address
LAST=`expr $LAST + 170`
esxcfg-vmknic -a -i 192.168.38.$LAST -n 255.255.255.0 iSCSIAccess
esxcfg-route 192.168.38.3
esxcfg-firewall -e swISCSIClient
esxcfg-swiscsi -e
vmkiscsi-tool -D -a 192.168.38.42 vmhba32
sleep 5
esxcfg-rescan vmhba32
esxcfg-nas -a -o hfs-chlorine.hp.local -s “/class” NFS_ISO_Library

# Install HP Management agents
/vmfs/volumes/NFS_ISO_Library/hpmgmt/791/installvm791.sh –silent –inputfile hpmgmt.conf

#Setup sshuser and add to wheeel group
useradd -G wheel -c ‘SSH access user’ sshuser

#Cleanup after build
rm -f /etc/rc.d/rc3.d/S99VMPostConfig
rm /etc/issue
mv /etc/issue.orig /etc/issue
ln -s /etc/rc.d/init.d/vmware-Patch /etc/rc.d/rc3.d/S99VMPatch
shutdown -r now
EOF3

# Backup original rc.local file
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.bak
# Make esxcfg.sh run from rc.local and make rc.local reset itself
cat >> /etc/rc.d/rc.local <<EOF2
cd /tmp
ln -s  /tmp/esxcfg.sh /etc/rc.d/rc3.d/S99VMPostConfig
shutdown -r +3 &
mv -f /etc/rc.d/rc.local.bak /etc/rc.d/rc.local
EOF2

# Make esxcfg.sh eXcutable
chmod +x /tmp/esxcfg.sh

# Setup pre-logon build message
cp /etc/issue /etc/issue.orig

cat > /etc/issue <<EOF1
VMware ESX Server 3 (Dali)
Kernel \r on an \m

Servers is still being built, please wait.

EOF1

© 2008 – 2009, Alastair. All rights reserved.

About Alastair

I am a professional geek, working in IT Infrastructure. Mostly I help to communicate and educate around the use of current technology and the direction of future technologies.
This entry was posted in VMWare. Bookmark the permalink.