1 2 Previous Next 15 Replies Latest reply on Jan 18, 2007 2:16 PM by mike81

    ESX Scripted Install

    mturnbri Novice

      We are in the process of developing processes for the use of ESX3 and VC2. I have now got a script build that works but we want to protect our root password by automating a "build" account during the automated build. Is this possible?

       

      I know on ESX 2.x it was part of a manual install process, but ti has been dropped from the ESX3 install. I have started to search the web and so far I have not seen anything lick this as part of the KS file.

       

      Has anyone tried to do this sort of thing, or do most people just accept that they will have to use the root account at first when the server is freshly built?

       

      Thanks in advance

      Michael

        • 1. Re: ESX Scripted Install
          kix1979 Champion

          Go through the scripted installation via the VI web page on a host.  It can encrypt your password for you in that ks.cfg file.  Then you can take that string and paste it into your own ks.cfg files.  There is definately no reason to use plaintext

          • 2. Re: ESX Scripted Install
            mturnbri Novice

            Hi Thomas, I have already done all that and that is not my problem. I don't think I explained my problem/concern very well. I have used the wizard and have my ks.cfg file with the encrypted password and I am happy with all of that.

             

            The problem is we could end up having any of over 30 people build ESX server depending on peoples availability, the issue is ensuring that only the bare minimum people have access to the root password. i.e. the core team responsible for the inital setup and day to day maintainence of the environment. What I was hoping to do was make an addition to the ks.cfg file that creates an additional "build" account that the person building the server could use so they would never need to know the root password.

             

            So far I guess I am looking at using a script that is executed at the post section of the ks.cfg file. I was just hoping to make it all in one.

             

            After I have the account then the only other thing I need to do is restrict what it can do.

             

            Working in a security conscious environment means we have to restrict right and access where ever is possible.

             

            If what I am hoping to achieve is not possible then I was planning on building the server with a less secure password, then providing the engineer with a script to run following the first boot that creates the account with the correct limited rights and changes the root password.

             

            I just thought saying the growing usage and community I would not be the first or only person trying to achieve this so I would see what anyone else has tried.

             

             

            Thanks

            Michael

            • 3. Re: ESX Scripted Install
              sbeaver Guru
              vExpertUser Moderators

              In the post section of the ks.cfg file add the command useradd to add the users

              • 4. Re: ESX Scripted Install
                mturnbri Novice

                So I can just add commands there as if being run from the shell?

                • 5. Re: ESX Scripted Install
                  sbeaver Guru
                  vExpertUser Moderators

                  That or you can use rc.local to run scripts or add commands.  Just make sure you create a backup of rc.local first so when the scripts or commands are done you can restore the original rc.local otherwise those scripts or commands will run everytime ESX boots

                  1 person found this helpful
                  • 6. Re: ESX Scripted Install
                    kix1979 Champion

                    Yup, you can add users there.  Additionally I create scripts for after the first reboot that add AD authentication in for those users I create.

                    1 person found this helpful
                    • 7. Re: ESX Scripted Install
                      mturnbri Novice

                      Any chance of getting hold of that script as that would be a massive help, although I did find the thread earlier that detailed wht was needed.

                       

                      Thank you both for your help

                      • 8. Re: ESX Scripted Install
                        MBrownHenn Enthusiast

                        Call me stupid, but I've searched high and low for a solution to enabling the scripted install feature via the web interface in ESX 3.0.1.  When I click on the wizard link here is the message I get:  Google reveals nothing on this error.

                         

                        Scripted Install is disabled

                         

                        \----


                         

                        Message:   Your ESX Server is not configured to support scripted installations. To support scripted installations, please refer to the VMware Web Access Administrators Guide.

                         

                         

                        \----


                         

                        VMware Web Access

                         

                        In 2.5.x I could run the scriptedinstall-setup.pl script to enable.  How is this done in 3.0.  the Web Access Administrators Guide does not have anything in it about this that I can find.

                         

                        Thanks!

                        • 9. Re: ESX Scripted Install
                          stmclean Enthusiast

                          Enabling Scripted Installation

                          Once you have installed ESX Server 3.0.1 on a system, you must enable the scripted installation feature before you can use Web Access to create an installation script.

                          To enable scripted installation

                          1  Log in to the ESX Server 3.0.1 service console as root.

                           

                          2  Open the file /usr/lib/vmware/webAccess/tomcat/apache-tomcat-5.5.17/webapps/ui/WEB-INF/struts-config.xml in a text editor such as vi.

                           

                          3  Locate the scripted section.

                           

                          4  Comment out the line reading:

                           

                           

                          6  Save and close the file.

                           

                          7  Type service vmware-webAccess restart.

                          • 10. Re: ESX Scripted Install
                            MBrownHenn Enthusiast

                            Thanks!  Where did you find this doc?  It was likely on VMTN and I never found it.

                             

                            Thanks again!

                            • 11. Re: ESX Scripted Install
                              Jwoods Expert

                              Yeah, where did you find this???  I had the same problem and couldn't find it in any doc.  Thanks for the steps!

                              • 12. Re: ESX Scripted Install
                                A.Mikkelsen Expert
                                vExpert

                                I found the guide in the VMware Installation guide

                                 

                                http://www.vmware.com/pdf/vi3_installation_guide.pdf

                                 


                                Anders

                                • 13. Re: ESX Scripted Install
                                  Master

                                  How do you comment out, have a blonde moment big style?

                                  • 14. Re: ESX Scripted Install
                                    JDLangdon Master

                                    With most scripts, simply addnig a # at the start of a line will comment out the line.

                                     

                                    Jason

                                    1 2 Previous Next