I've just started testing my ks.cfg and was kind of stumped when alot of my options used in 2.5.x didn't work with 3.0.x. It seems that VMware is pushing everything towards the GUI and their isn't much to do with the CLI after install.
So I was wondering what everyone else was placing in their %post section? Or if you are using an "after-install" cleanup script, what kinds of things you're doing with that?
After starting over, I basically have the firewall and time configs in the %post section as well as adding additional nameservers for starters.
Here is my post to take a look at
#!/bin/sh
echo "VMWare ESX Post Install Script" > /root/PostInstall/PostInstall.log
\# Steve Beaver
\# Florida Hospital
\# November 10, 2005
#######################
\# Server Configuration Variables
SRVCFG=Servername
SCIP=10.10.10.13
VMIP=192.168.10.3
DGW=10.10.10.1
VMKGW=192.168.10.3
#######################
setPath()
{
echo "Setting PATH...."
sleep 5
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
}
setSCmem()
{
echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log
mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak
sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf
mv -f /boot/grub/grub.conf /tmp/grub.conf.bak
sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf
echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log
}
openFirewall()
{
/usr/sbin/esxcfg-firewall --allowIncoming
/usr/sbin/esxcfg-firewall --allowOutgoing
}
hpinsight()
{
echo "First step unpack and install the HP Agents" >> /root/PostInstall/PostInstall.log
cd /root
tar -zxvf hpmgmt-7.6.0-vmware.tgz
./hpmgmt/760/installvm760.sh --silent --inputfile ./hpmgmt.conf
echo "Post Install -- HP Insight Agents installed" >> /root/PostInstall/PostInstall.log
}
addKerberos()
{
echo "Next we will install the RPM's for Kerberos and LDAP" >> /root/PostInstall/PostInstall.log
rpm -ivh /root/PostInstall/OpenLDAP/krb5-workstation-1.2.7-47.i386.rpm
echo "krb5-workstation has been installed" >> /root/PostInstall/PostInstall.log
}
addDir()
{
echo "We need to make certain directories for vm-diag scripts and kerberos" >> /root/PostInstall/PostInstall.log
mkdir -p /var/kerberos/krb5kdc
mkdir -p /usr/vm-diag
mkdir -p /usr/vm-diag/logs
echo "Needed directories have been created" >> /root/PostInstall/PostInstall.log
}
addCopyFiles()
{
echo "Here where we copy over specific configuration files" >> /root/PostInstall/PostInstall.log
cp -f /root/PostInstall/ntp.conf /etc/ntp.conf
cp -f /root/PostInstall/step-tickers /etc/ntp/step-tickers
cp -f /root/PostInstall/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kdc.conf
cp -f /root/PostInstall/snmp/snmpd.conf /etc/snmp/snmpd.conf
cp -f /root/PostInstall/ldap.conf /etc/openldap/ldap.conf
echo "Pre-Configuration files have been copied over" >> /root/PostInstall/PostInstall.log
}
setSSHRoot()
{
echo "Allowing root to login via SSH..." >> /root/PostInstall/PostInstall.log
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old
sed -e "s/PermitRootLogin no/PermitRootLogin yes/g" /etc/ssh/sshd_config.old > /etc/ssh/sshd_config
rm -f /etc/ssh/sshd_config.old
/etc/init.d/ sshd restart
echo "$scriptName - Set root to login via SSH" >> /root/PostInstall/PostInstall.log
}
setSNMP()
{
echo "Copy over the snmp configuration files and restart service" >> /root/PostInstall/PostInstall.log
cp -f ./snmp/snmpd.conf /etc/snmp/snmpd.conf
service snmpd restart
service sshd restart
echo "SNMP has been configured" >> /root/PostInstall/PostInstall.log
}
setUsers()
{
echo "Adding default users..." >> /root/PostInstall/PostInstall.log
groupadd FHAdmin
/usr/sbin/useradd -c "FHAdmin" -G FHAdmin -p $1$i5a/lCrm$11fAbcDfJoCn
echo "Default users have neem created" >> /root/PostInstall/PostInstall.log
}
setLDAPSearch()
{
echo "Starting configuration of LDAP Search Script" >> /root/PostInstall/PostInstall.log
cp /root/PostInstall/LDAP /etc/cron.hourly/LDAP
chmod a+x /etc/cron.hourly/LDAP
/etc/cron.hourly/LDAP
/etc/cron.hourly/LDAP
echo "LDAP Search Script has been configured and the script has been run" >> /root/PostInstall/PostInstall.log
}
setConsoleNIC()
{
echo "Deleting current network configuration" >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch vSwitch0 -D "VM Network"
/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0
/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0
/usr/sbin/esxcfg-vswif -d vswif0
/usr/sbin/esxcfg-vswitch -d vSwitch0
service mgmt-vmware restart
echo "Reconfiguring Service Console NIC..." >> /root/PostInstall/PostInstall.log
cp /etc/vmware/esx.conf /tmp/post/esx.conf.bak
/usr/sbin/esxcfg-vswitch -a vSwitch0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1
/usr/sbin/esxcfg-vswitch -A "Service Console" vSwitch0
/usr/sbin/esxcfg-vswitch vSwitch0 -p "Service Console" -v 0
/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i $SCIP -n 255.255.255.0
route add default gw $DGW
echo "GATEWAY=$DGW" >> /etc/sysconfig/network
}
setVMotion()
{
echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log
\# Setup your VMkernel and Virtual Machine networking:
\# EXAMPLE: Add VMotion portgroup
\# EXAMPLE: Setup the VMkernel IP Stack default gateway
/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion
/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion
/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0
/usr/sbin/esxcfg-route $VMKGW
}
setFHNet()
{
echo "Setting up FH LAN Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch1
/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic6
/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic7
/usr/sbin/esxcfg-vswitch vSwitch1 -A "FH_Network"
/usr/sbin/esxcfg-vswitch vSwitch1 -p "FH_Network"
}
setCSS()
{
echo "Setting up CSS Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch2
/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic4
/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic5
/usr/sbin/esxcfg-nics -s 100 -d full vmnic4
/usr/sbin/esxcfg-nics -s 100 -d full vmnic5
/usr/sbin/esxcfg-vswitch vSwitch2 -A "VLAN_681_CSS"
/usr/sbin/esxcfg-vswitch vSwitch2 -p "VLAN_681_CSS"
}
setDMZ()
{
echo "Setting up DMZ Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch3
/usr/sbin/esxcfg-vswitch vSwitch3 -L vmnic2
/usr/sbin/esxcfg-nics -s 100 -d full vmnic2
/usr/sbin/esxcfg-vswitch vSwitch3 -A "DMZ"
/usr/sbin/esxcfg-vswitch vSwitch3 -p "DMZ"
}
setProdNet()
{
\# EXAMPLE: Create production vSwitch using remaining physical NICs and default portgroup(s)
/usr/sbin/esxcfg-vswitch --add vswitch1
export VMNICS=`esxcfg-nics --list | sed -e '1d' -e '/vmnic0/d' | awk '\{print $1}'`
for i in $VMNICS; do esxcfg-vswitch --link=$i vswitch1; done
/usr/sbin/esxcfg-vswitch --add-pg=FH_Network vswitch1
\# or
#/usr/sbin/esxcfg-vswitch --vlan=1 -p defaultProd prodSwitch
}
setLocalNet()
{
\# EXAMPLE: Create private vSwitch and default portgroup
#/usr/sbin/esxcfg-vswitch --add privateSwitch
#/usr/sbin/esxcfg-vswitch --add-pg=defaultPrivate privateSwitch
\# or
#/usr/sbin/esxcfg-vswitch --vlan=11 -p defaultPrivate privateSwitch
#/usr/sbin/esxcfg-vswitch --add Local
/usr/sbin/esxcfg-vswitch --add --pg=Local vSwitch4
/usr/sbin/esxcfg-vswitch vSwitch4 -A Local
/usr/sbin/esxcfg-vswitch vSwitch4 -p Local
service mgmt-vmware restart
}
setVMFS()
{
echo "Creating VMFS partition name to computer name" >> /root/PostInstall/PostInstall.log
export VMFS_PARTITION=`fdisk -l /dev/cciss/c0d0 | grep fb | sed -e "s/\/dev\/cciss\/c0d0p\(.\).*/\1/"`
vmhba0:0:0:$VMFS_PARTITION
vmkfstools -C vmfs3 -S $SRVCFG-VMFS vmhba0:0:0:$VMFS_PARTITION
echo "Local VMFS Volume has been renamed" >> /root/PostInstall/PostInstall.log
}
setNameResolution()
{
echo "Adding DNS Entries for DNS resolution" >> /root/PostInstall/PostInstall.log
echo "# Built by automated post install script" > /etc/resolv.conf
echo "search flhosp.net" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "DNS Name resolution has been configured" >> /root/PostInstall/PostInstall.log
}
setESXcfg()
{
echo "Configure esxcfg-auth..." >> /root/PostInstall/PostInstall.log
esxcfg-auth --enablead --addomain flhosp.net --addc flhosp.net --enablekrb5 --krb5realm=flhosp.net --krb5kdc=flhosp.net --enableldapauth --ldapserver=flhosp.net --ldapbasedn=DC=flhosp,DC=net
esxcfg-auth --passmaxdays=0
echo "ESX Authentication Configuration Completed" >> /root/PostInstall/PostInstall.log
}
setAuthd()
{
echo "Updating vmware-authd to allow AD logons" >> /root/PostInstall/PostInstall.log
echo "#%PAM-1.0" > /etc/pam.d/vmware-authd
echo "# Built by automated post install script" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd
echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd
echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "vmware-authd has been updated" >> /root/PostInstall/PostInstall.log
}
setFirewall()
{
echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log
echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-firewall --openPort 88,tcp,out,KerberosClient
/usr/sbin/esxcfg-firewall --openPort 88,udp,out,KerberosClient
/usr/sbin/esxcfg-firewall --openPort 464,tcp,out,KerberosPasswordChange
/usr/sbin/esxcfg-firewall --openPort 749,tcp,out,KerberosAdm
#/usr/sbin/esxcfg-firewall --enableService LicenseClient
#/usr/sbin/esxcfg-firewall --enableService sshServer
#/usr/sbin/esxcfg-firewall --enableService vpxHeartbeats
/usr/sbin/esxcfg-firewall --openport 389,tcp,out,in,LDAP
/usr/sbin/esxcfg-firewall --openport 636,tcp,out,in,OpenSSL
/usr/sbin/esxcfg-firewall --openPort 2381,tcp,in,hpim
/usr/sbin/esxcfg-firewall --openPort 2381,tcp,out,hpim
/usr/sbin/esxcfg-firewall --openPort 231,udp,in,out,ntpd
/usr/sbin/esxcfg-firewall --openport 280,tcp,out,sim-cert
/usr/sbin/esxcfg-firewall --enableService snmpd
/usr/sbin/esxcfg-firewall --enableService ntpClient
/usr/sbin/esxcfg-firewall --enableService CIMHttpsServer
/usr/sbin/esxcfg-firewall --enableService CIMHttpServer
/usr/sbin/esxcfg-firewall --enableService CIMSLP
/usr/sbin/esxcfg-firewall --enableService hpim
echo "Firewall has been configured" >> /root/PostInstall/PostInstall.log
}
setPerfScript()
{
echo "Now to set up performace scripts" >> /root/PostInstall/PostInstall.log
cd /root/PostInstall
cp /root/PostInstall/vm-diag/rotatemem /etc/cron.daily/rotatemem
cp /root/PostInstall/vm-diag/checkmem /usr/vm-diag/checkmem
cp /root/PostInstall/vm-diag/memcheck /usr/vm-diag/memcheck
cp /root/PostInstall/vm-diag/meminfo-munge.pl /usr/vm-diag/meminfo-munge.pl
cp /root/PostInstall/vm-diag/meminfo-munge.sh /usr/vm-diag/meminfo-munge.sh
cp /root/PostInstall/vm-diag/memrotate /usr/vm-diag/memrotate
cp /root/PostInstall/vm-diag/ps-munge.pl /usr/vm-diag/ps-munge.pl
cp /root/PostInstall/vm-diag/ps-munge.sh /usr/vm-diag/ps-munge.sh
chmod a+x /etc/cron.daily/vm_backup
chmod a+x /etc/cron.daily/rotatemem
chmod a+x /usr/vm-diag/checkmem
chmod a+x /usr/vm-diag/memcheck
chmod a+x /usr/vm-diag/meminfo-munge.pl
chmod a+x /usr/vm-diag/meminfo-munge.sh
chmod a+x /usr/vm-diag/memrotate
chmod a+x /usr/vm-diag/ps-munge.pl
chmod a+x /usr/vm-diag/ps-munge.sh
crontab crontab.txt
echo "Performance scripts have been installed" >> /root/PostInstall/PostInstall.log
}
setNTP()
{
echo "turn on ntpd and start service" >> /root/PostInstall/PostInstall.log
chkconfig --level 345 ntpd on
service ntpd restart
hwclock --systohc
echo "NTP has been configured and started" >> /root/PostInstall/PostInstall.log
}
setSSHBANNER()
{
echo "Setting SSH Security Logon Banner Text..."
echo $bannertxt1 > /etc/ssh/banner
echo " " >>/etc/ssh/banner
echo $bannertxt2 >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo $bannertxt3 >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo $bannertxt4 >> /etc/ssh/banner
echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config
echo "$scriptName - Configured SSH Banner text" >> /root/PostInstall/PostInstall.log
}
FWEnabled()
{
/usr/sbin/esxcfg-firewall --blockIncoming
/usr/sbin/esxcfg-firewall --blockOutgoing
echo "Post Install Done" >> /root/PostInstall/PostInstall.log
echo "Firewall has been enabled" >> /root/PostInstall/PostInstall.log
}
SoftMaxDirty()
{
echo 15 > /proc/vmware/config/BufferCache/SoftMaxDirty
}
HBABalance()
{
PREVIOUS="vmhba1"
echo "Starting HBA Balance....." >> /root/PostInstall/PostInstall.log
Execute new config
for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')
do
CURRENT=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')
if [\[ $\{CURRENT} = $\{PREVIOUS} ]]
then
NEW=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')
NEWPATH=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}')
esxcfg-mpath --lun=$\{LUN} --path=$\{NEWPATH} --preferred
PREVIOUS=$\{NEW}
else
PREVIOUS=$\{CURRENT}
fi
done
echo >> /root/PostInstall/PostInstall.log
echo "****** NEW HBA CONFIG *****" >> /root/PostInstall/PostInstall.log
echo >> /root/PostInstall/PostInstall.log
for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')
do
esxcfg-mpath -q --lun=$\{LUN} | grep FC
echo >> /root/PostInstall/PostInstall.log
done
echo >> /root/PostInstall/PostInstall.log
echo "****** \"active\" flag will be moved after disk activity *****" >> /root/PostInstall/PostInstall.log
echo >> /root/PostInstall/PostInstall.log
;;
*)
esac
echo "Finished HBA Balance....." >> /root/PostInstall/PostInstall.log
}
#
\# MAIN PROGRAM - ENTER HERE...
#
scriptName="ESX Post Install Script" >> /root/PostInstall/PostInstall.log
dateTime=`date '+%c'` >> /root/PostInstall/PostInstall.log
bannertxt1="Legal warning test line 1."
bannertxt2="Legal warning test line 2."
bannertxt3="Legal warning test line 3."
bannertxt4="Legal warning test line 4."
echo "$scriptName - started" >> /root/PostInstall/PostInstall.log
echo "Starting $scriptName..." >> /root/PostInstall/PostInstall.log
setPath
setSCmem
openFirewall
addKerberos
addDir
addCopyFiles
setSSHRoot
setSNMP
setUsers
setLDAPSearch
setVMFS
setNameResolution
setESXcfg
setAuthd
setFirewall
setPerfScript
setNTP
SoftMaxDirty
setConsoleNIC
setVMotion
setFHNet
setCSS
setDMZ
setLocalNet
#HBABalance
#FWEnabled
echo "$scriptName - ended" >> /root/PostInstall/PostInstall.log
reboot
exit 0
Message was edited by:
sbeaver
Needed to fix something
I have a post script that runs and does all my advanced configuration from setting up AD authentication, NTP, all the firewall stuff, re-creates all the network stuff from scratch, load balances the HBA paths ect
In addition I like to mention that everything can be done via CLI
Hi my name is Steve and I am a command line junkie
and I'm Kenneth, consider me a friend
Steve, are you editing the esx.conf manually or using the esxcfg commands? How are you balancing your HBA paths???
I too am a proud member
esxcfg commands are great and I have a script that uses esxcfg-mpath to load balance the paths
No question on how to do the scripting. I'm no stranger to scripting/programming. However, there doesn't seem to be many options (or maybe I'm just not familiar with all the commands) in VI3 to modify things during install.
Ok, so are you doing anything outside of the 22 or so "esxcfg" commands to customize your install?
Here is my post to take a look at
#!/bin/sh
echo "VMWare ESX Post Install Script" > /root/PostInstall/PostInstall.log
\# Steve Beaver
\# Florida Hospital
\# November 10, 2005
#######################
\# Server Configuration Variables
SRVCFG=Servername
SCIP=10.10.10.13
VMIP=192.168.10.3
DGW=10.10.10.1
VMKGW=192.168.10.3
#######################
setPath()
{
echo "Setting PATH...."
sleep 5
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
}
setSCmem()
{
echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log
mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak
sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf
mv -f /boot/grub/grub.conf /tmp/grub.conf.bak
sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf
echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log
}
openFirewall()
{
/usr/sbin/esxcfg-firewall --allowIncoming
/usr/sbin/esxcfg-firewall --allowOutgoing
}
hpinsight()
{
echo "First step unpack and install the HP Agents" >> /root/PostInstall/PostInstall.log
cd /root
tar -zxvf hpmgmt-7.6.0-vmware.tgz
./hpmgmt/760/installvm760.sh --silent --inputfile ./hpmgmt.conf
echo "Post Install -- HP Insight Agents installed" >> /root/PostInstall/PostInstall.log
}
addKerberos()
{
echo "Next we will install the RPM's for Kerberos and LDAP" >> /root/PostInstall/PostInstall.log
rpm -ivh /root/PostInstall/OpenLDAP/krb5-workstation-1.2.7-47.i386.rpm
echo "krb5-workstation has been installed" >> /root/PostInstall/PostInstall.log
}
addDir()
{
echo "We need to make certain directories for vm-diag scripts and kerberos" >> /root/PostInstall/PostInstall.log
mkdir -p /var/kerberos/krb5kdc
mkdir -p /usr/vm-diag
mkdir -p /usr/vm-diag/logs
echo "Needed directories have been created" >> /root/PostInstall/PostInstall.log
}
addCopyFiles()
{
echo "Here where we copy over specific configuration files" >> /root/PostInstall/PostInstall.log
cp -f /root/PostInstall/ntp.conf /etc/ntp.conf
cp -f /root/PostInstall/step-tickers /etc/ntp/step-tickers
cp -f /root/PostInstall/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kdc.conf
cp -f /root/PostInstall/snmp/snmpd.conf /etc/snmp/snmpd.conf
cp -f /root/PostInstall/ldap.conf /etc/openldap/ldap.conf
echo "Pre-Configuration files have been copied over" >> /root/PostInstall/PostInstall.log
}
setSSHRoot()
{
echo "Allowing root to login via SSH..." >> /root/PostInstall/PostInstall.log
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old
sed -e "s/PermitRootLogin no/PermitRootLogin yes/g" /etc/ssh/sshd_config.old > /etc/ssh/sshd_config
rm -f /etc/ssh/sshd_config.old
/etc/init.d/ sshd restart
echo "$scriptName - Set root to login via SSH" >> /root/PostInstall/PostInstall.log
}
setSNMP()
{
echo "Copy over the snmp configuration files and restart service" >> /root/PostInstall/PostInstall.log
cp -f ./snmp/snmpd.conf /etc/snmp/snmpd.conf
service snmpd restart
service sshd restart
echo "SNMP has been configured" >> /root/PostInstall/PostInstall.log
}
setUsers()
{
echo "Adding default users..." >> /root/PostInstall/PostInstall.log
groupadd FHAdmin
/usr/sbin/useradd -c "FHAdmin" -G FHAdmin -p $1$i5a/lCrm$11fAbcDfJoCn
echo "Default users have neem created" >> /root/PostInstall/PostInstall.log
}
setLDAPSearch()
{
echo "Starting configuration of LDAP Search Script" >> /root/PostInstall/PostInstall.log
cp /root/PostInstall/LDAP /etc/cron.hourly/LDAP
chmod a+x /etc/cron.hourly/LDAP
/etc/cron.hourly/LDAP
/etc/cron.hourly/LDAP
echo "LDAP Search Script has been configured and the script has been run" >> /root/PostInstall/PostInstall.log
}
setConsoleNIC()
{
echo "Deleting current network configuration" >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch vSwitch0 -D "VM Network"
/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0
/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0
/usr/sbin/esxcfg-vswif -d vswif0
/usr/sbin/esxcfg-vswitch -d vSwitch0
service mgmt-vmware restart
echo "Reconfiguring Service Console NIC..." >> /root/PostInstall/PostInstall.log
cp /etc/vmware/esx.conf /tmp/post/esx.conf.bak
/usr/sbin/esxcfg-vswitch -a vSwitch0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1
/usr/sbin/esxcfg-vswitch -A "Service Console" vSwitch0
/usr/sbin/esxcfg-vswitch vSwitch0 -p "Service Console" -v 0
/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i $SCIP -n 255.255.255.0
route add default gw $DGW
echo "GATEWAY=$DGW" >> /etc/sysconfig/network
}
setVMotion()
{
echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log
\# Setup your VMkernel and Virtual Machine networking:
\# EXAMPLE: Add VMotion portgroup
\# EXAMPLE: Setup the VMkernel IP Stack default gateway
/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion
/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion
/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0
/usr/sbin/esxcfg-route $VMKGW
}
setFHNet()
{
echo "Setting up FH LAN Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch1
/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic6
/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic7
/usr/sbin/esxcfg-vswitch vSwitch1 -A "FH_Network"
/usr/sbin/esxcfg-vswitch vSwitch1 -p "FH_Network"
}
setCSS()
{
echo "Setting up CSS Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch2
/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic4
/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic5
/usr/sbin/esxcfg-nics -s 100 -d full vmnic4
/usr/sbin/esxcfg-nics -s 100 -d full vmnic5
/usr/sbin/esxcfg-vswitch vSwitch2 -A "VLAN_681_CSS"
/usr/sbin/esxcfg-vswitch vSwitch2 -p "VLAN_681_CSS"
}
setDMZ()
{
echo "Setting up DMZ Switch and Network..." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-vswitch -a vSwitch3
/usr/sbin/esxcfg-vswitch vSwitch3 -L vmnic2
/usr/sbin/esxcfg-nics -s 100 -d full vmnic2
/usr/sbin/esxcfg-vswitch vSwitch3 -A "DMZ"
/usr/sbin/esxcfg-vswitch vSwitch3 -p "DMZ"
}
setProdNet()
{
\# EXAMPLE: Create production vSwitch using remaining physical NICs and default portgroup(s)
/usr/sbin/esxcfg-vswitch --add vswitch1
export VMNICS=`esxcfg-nics --list | sed -e '1d' -e '/vmnic0/d' | awk '\{print $1}'`
for i in $VMNICS; do esxcfg-vswitch --link=$i vswitch1; done
/usr/sbin/esxcfg-vswitch --add-pg=FH_Network vswitch1
\# or
#/usr/sbin/esxcfg-vswitch --vlan=1 -p defaultProd prodSwitch
}
setLocalNet()
{
\# EXAMPLE: Create private vSwitch and default portgroup
#/usr/sbin/esxcfg-vswitch --add privateSwitch
#/usr/sbin/esxcfg-vswitch --add-pg=defaultPrivate privateSwitch
\# or
#/usr/sbin/esxcfg-vswitch --vlan=11 -p defaultPrivate privateSwitch
#/usr/sbin/esxcfg-vswitch --add Local
/usr/sbin/esxcfg-vswitch --add --pg=Local vSwitch4
/usr/sbin/esxcfg-vswitch vSwitch4 -A Local
/usr/sbin/esxcfg-vswitch vSwitch4 -p Local
service mgmt-vmware restart
}
setVMFS()
{
echo "Creating VMFS partition name to computer name" >> /root/PostInstall/PostInstall.log
export VMFS_PARTITION=`fdisk -l /dev/cciss/c0d0 | grep fb | sed -e "s/\/dev\/cciss\/c0d0p\(.\).*/\1/"`
vmhba0:0:0:$VMFS_PARTITION
vmkfstools -C vmfs3 -S $SRVCFG-VMFS vmhba0:0:0:$VMFS_PARTITION
echo "Local VMFS Volume has been renamed" >> /root/PostInstall/PostInstall.log
}
setNameResolution()
{
echo "Adding DNS Entries for DNS resolution" >> /root/PostInstall/PostInstall.log
echo "# Built by automated post install script" > /etc/resolv.conf
echo "search flhosp.net" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "nameserver x.x.x.x" >> /etc/resolv.conf
echo "DNS Name resolution has been configured" >> /root/PostInstall/PostInstall.log
}
setESXcfg()
{
echo "Configure esxcfg-auth..." >> /root/PostInstall/PostInstall.log
esxcfg-auth --enablead --addomain flhosp.net --addc flhosp.net --enablekrb5 --krb5realm=flhosp.net --krb5kdc=flhosp.net --enableldapauth --ldapserver=flhosp.net --ldapbasedn=DC=flhosp,DC=net
esxcfg-auth --passmaxdays=0
echo "ESX Authentication Configuration Completed" >> /root/PostInstall/PostInstall.log
}
setAuthd()
{
echo "Updating vmware-authd to allow AD logons" >> /root/PostInstall/PostInstall.log
echo "#%PAM-1.0" > /etc/pam.d/vmware-authd
echo "# Built by automated post install script" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd
echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd
echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "vmware-authd has been updated" >> /root/PostInstall/PostInstall.log
}
setFirewall()
{
echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log
echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log
/usr/sbin/esxcfg-firewall --openPort 88,tcp,out,KerberosClient
/usr/sbin/esxcfg-firewall --openPort 88,udp,out,KerberosClient
/usr/sbin/esxcfg-firewall --openPort 464,tcp,out,KerberosPasswordChange
/usr/sbin/esxcfg-firewall --openPort 749,tcp,out,KerberosAdm
#/usr/sbin/esxcfg-firewall --enableService LicenseClient
#/usr/sbin/esxcfg-firewall --enableService sshServer
#/usr/sbin/esxcfg-firewall --enableService vpxHeartbeats
/usr/sbin/esxcfg-firewall --openport 389,tcp,out,in,LDAP
/usr/sbin/esxcfg-firewall --openport 636,tcp,out,in,OpenSSL
/usr/sbin/esxcfg-firewall --openPort 2381,tcp,in,hpim
/usr/sbin/esxcfg-firewall --openPort 2381,tcp,out,hpim
/usr/sbin/esxcfg-firewall --openPort 231,udp,in,out,ntpd
/usr/sbin/esxcfg-firewall --openport 280,tcp,out,sim-cert
/usr/sbin/esxcfg-firewall --enableService snmpd
/usr/sbin/esxcfg-firewall --enableService ntpClient
/usr/sbin/esxcfg-firewall --enableService CIMHttpsServer
/usr/sbin/esxcfg-firewall --enableService CIMHttpServer
/usr/sbin/esxcfg-firewall --enableService CIMSLP
/usr/sbin/esxcfg-firewall --enableService hpim
echo "Firewall has been configured" >> /root/PostInstall/PostInstall.log
}
setPerfScript()
{
echo "Now to set up performace scripts" >> /root/PostInstall/PostInstall.log
cd /root/PostInstall
cp /root/PostInstall/vm-diag/rotatemem /etc/cron.daily/rotatemem
cp /root/PostInstall/vm-diag/checkmem /usr/vm-diag/checkmem
cp /root/PostInstall/vm-diag/memcheck /usr/vm-diag/memcheck
cp /root/PostInstall/vm-diag/meminfo-munge.pl /usr/vm-diag/meminfo-munge.pl
cp /root/PostInstall/vm-diag/meminfo-munge.sh /usr/vm-diag/meminfo-munge.sh
cp /root/PostInstall/vm-diag/memrotate /usr/vm-diag/memrotate
cp /root/PostInstall/vm-diag/ps-munge.pl /usr/vm-diag/ps-munge.pl
cp /root/PostInstall/vm-diag/ps-munge.sh /usr/vm-diag/ps-munge.sh
chmod a+x /etc/cron.daily/vm_backup
chmod a+x /etc/cron.daily/rotatemem
chmod a+x /usr/vm-diag/checkmem
chmod a+x /usr/vm-diag/memcheck
chmod a+x /usr/vm-diag/meminfo-munge.pl
chmod a+x /usr/vm-diag/meminfo-munge.sh
chmod a+x /usr/vm-diag/memrotate
chmod a+x /usr/vm-diag/ps-munge.pl
chmod a+x /usr/vm-diag/ps-munge.sh
crontab crontab.txt
echo "Performance scripts have been installed" >> /root/PostInstall/PostInstall.log
}
setNTP()
{
echo "turn on ntpd and start service" >> /root/PostInstall/PostInstall.log
chkconfig --level 345 ntpd on
service ntpd restart
hwclock --systohc
echo "NTP has been configured and started" >> /root/PostInstall/PostInstall.log
}
setSSHBANNER()
{
echo "Setting SSH Security Logon Banner Text..."
echo $bannertxt1 > /etc/ssh/banner
echo " " >>/etc/ssh/banner
echo $bannertxt2 >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo $bannertxt3 >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo $bannertxt4 >> /etc/ssh/banner
echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config
echo "$scriptName - Configured SSH Banner text" >> /root/PostInstall/PostInstall.log
}
FWEnabled()
{
/usr/sbin/esxcfg-firewall --blockIncoming
/usr/sbin/esxcfg-firewall --blockOutgoing
echo "Post Install Done" >> /root/PostInstall/PostInstall.log
echo "Firewall has been enabled" >> /root/PostInstall/PostInstall.log
}
SoftMaxDirty()
{
echo 15 > /proc/vmware/config/BufferCache/SoftMaxDirty
}
HBABalance()
{
PREVIOUS="vmhba1"
echo "Starting HBA Balance....." >> /root/PostInstall/PostInstall.log
Execute new config
for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')
do
CURRENT=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')
if [\[ $\{CURRENT} = $\{PREVIOUS} ]]
then
NEW=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')
NEWPATH=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}')
esxcfg-mpath --lun=$\{LUN} --path=$\{NEWPATH} --preferred
PREVIOUS=$\{NEW}
else
PREVIOUS=$\{CURRENT}
fi
done
echo >> /root/PostInstall/PostInstall.log
echo "****** NEW HBA CONFIG *****" >> /root/PostInstall/PostInstall.log
echo >> /root/PostInstall/PostInstall.log
for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')
do
esxcfg-mpath -q --lun=$\{LUN} | grep FC
echo >> /root/PostInstall/PostInstall.log
done
echo >> /root/PostInstall/PostInstall.log
echo "****** \"active\" flag will be moved after disk activity *****" >> /root/PostInstall/PostInstall.log
echo >> /root/PostInstall/PostInstall.log
;;
*)
esac
echo "Finished HBA Balance....." >> /root/PostInstall/PostInstall.log
}
#
\# MAIN PROGRAM - ENTER HERE...
#
scriptName="ESX Post Install Script" >> /root/PostInstall/PostInstall.log
dateTime=`date '+%c'` >> /root/PostInstall/PostInstall.log
bannertxt1="Legal warning test line 1."
bannertxt2="Legal warning test line 2."
bannertxt3="Legal warning test line 3."
bannertxt4="Legal warning test line 4."
echo "$scriptName - started" >> /root/PostInstall/PostInstall.log
echo "Starting $scriptName..." >> /root/PostInstall/PostInstall.log
setPath
setSCmem
openFirewall
addKerberos
addDir
addCopyFiles
setSSHRoot
setSNMP
setUsers
setLDAPSearch
setVMFS
setNameResolution
setESXcfg
setAuthd
setFirewall
setPerfScript
setNTP
SoftMaxDirty
setConsoleNIC
setVMotion
setFHNet
setCSS
setDMZ
setLocalNet
#HBABalance
#FWEnabled
echo "$scriptName - ended" >> /root/PostInstall/PostInstall.log
reboot
exit 0
Message was edited by:
sbeaver
Needed to fix something
That makes sense. Thanks for the sample Steve. All is not lost on the CLI front. I think I need to play with the commands a bit more to get my build going. Thanks again for the help!
Extra points for the cli junkies
Hi All, I was wondering if there's any way to configure load balancing / port failover order from the CLI?
That would be most useful during scripted builds. Cheers
Steve, I ran part of your script and got an error
\[root@vader /]# mkdir /tmp/post
mv -f /etc/vmware/esx.conf /tmp/post/esx.conf.bak
\[root@vader /]# mv -f /etc/vmware/esx.conf /tmp/post/esx.conf.bak
\[root@vader /]# sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/post/esx.conf.bak >> /etc/vmware/esx.conf
\[root@vader /]# mv -f /boot/grub/grub.conf /tmp/post/grub.conf.bak
\[root@vader /]# sed -e 's/uppermem 277504/uppermem 523264/g s/mem=272M/mem=512M/g' /tmp/post/grub.conf.bak >> /boot/grub/grub.conf
sed: -e expression #1, char 37: Unknown option to `s'
\[root@vader /]#
Any idea what that last line is having a problem with? The script appears to have nuked /boot/grub/grub.conf without putting anything back in its place.
I had this before, when I again cut and paste the code from the internet (to VIM) in my script it worked again, very odd.
Didn't checked for the cause though.
Try this...
setSCmem()
{
echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log
mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak
sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf
mv -f /boot/grub/grub.conf /tmp/grub.conf.bak
sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf
echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log
}
I'll give it a try - thank you kindly gentlemen! You seem to be experts with sed.
I was scouring the net last night trying to figure out how to use sed to find/replace a string of text that has some special characters in it which doesn't seem to be a simple task. When sed sees special characters, it seems to behave differently. The charcters I'm struggling with are \ and # Would either of you like to assist?
In a file, I need the only existing instance of this:
PermitRootLogin no
changed to this:
#PermitRootLogin no
In a different file, I need the only existing instance of this:
\u@\h \W
changed to this:
\u@\h \w
\^^^^ notice the only change is the case of the W to w
The problem I was running into is that when sed comes across characters such as \ and # The outcome doesn't work right. For example, I think when it comes across the # sign, it interprets that as the beginning of a comment and ignores the rest of the line.