VMware Cloud Community
Jwoods
Expert
Expert
Jump to solution

Kickstart configs

I've just started testing my ks.cfg and was kind of stumped when alot of my options used in 2.5.x didn't work with 3.0.x. It seems that VMware is pushing everything towards the GUI and their isn't much to do with the CLI after install.

So I was wondering what everyone else was placing in their %post section? Or if you are using an "after-install" cleanup script, what kinds of things you're doing with that?

After starting over, I basically have the firewall and time configs in the %post section as well as adding additional nameservers for starters.

Reply
0 Kudos
1 Solution

Accepted Solutions
sbeaver
Leadership
Leadership
Jump to solution

Here is my post to take a look at

#!/bin/sh

echo "VMWare ESX Post Install Script" > /root/PostInstall/PostInstall.log

\# Steve Beaver

\# Florida Hospital

\# November 10, 2005

#######################

\# Server Configuration Variables

SRVCFG=Servername

SCIP=10.10.10.13

VMIP=192.168.10.3

DGW=10.10.10.1

VMKGW=192.168.10.3

#######################

setPath()

{

echo "Setting PATH...."

sleep 5

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin

}

setSCmem()

{

echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log

mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak

sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf

mv -f /boot/grub/grub.conf /tmp/grub.conf.bak

sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf

echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log

}

openFirewall()

{

/usr/sbin/esxcfg-firewall --allowIncoming

/usr/sbin/esxcfg-firewall --allowOutgoing

}

hpinsight()

{

echo "First step unpack and install the HP Agents" >> /root/PostInstall/PostInstall.log

cd /root

tar -zxvf hpmgmt-7.6.0-vmware.tgz

./hpmgmt/760/installvm760.sh --silent --inputfile ./hpmgmt.conf

echo "Post Install -- HP Insight Agents installed" >> /root/PostInstall/PostInstall.log

}

addKerberos()

{

echo "Next we will install the RPM's for Kerberos and LDAP" >> /root/PostInstall/PostInstall.log

rpm -ivh /root/PostInstall/OpenLDAP/krb5-workstation-1.2.7-47.i386.rpm

echo "krb5-workstation has been installed" >> /root/PostInstall/PostInstall.log

}

addDir()

{

echo "We need to make certain directories for vm-diag scripts and kerberos" >> /root/PostInstall/PostInstall.log

mkdir -p /var/kerberos/krb5kdc

mkdir -p /usr/vm-diag

mkdir -p /usr/vm-diag/logs

echo "Needed directories have been created" >> /root/PostInstall/PostInstall.log

}

addCopyFiles()

{

echo "Here where we copy over specific configuration files" >> /root/PostInstall/PostInstall.log

cp -f /root/PostInstall/ntp.conf /etc/ntp.conf

cp -f /root/PostInstall/step-tickers /etc/ntp/step-tickers

cp -f /root/PostInstall/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kdc.conf

cp -f /root/PostInstall/snmp/snmpd.conf /etc/snmp/snmpd.conf

cp -f /root/PostInstall/ldap.conf /etc/openldap/ldap.conf

echo "Pre-Configuration files have been copied over" >> /root/PostInstall/PostInstall.log

}

setSSHRoot()

{

echo "Allowing root to login via SSH..." >> /root/PostInstall/PostInstall.log

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old

sed -e "s/PermitRootLogin no/PermitRootLogin yes/g" /etc/ssh/sshd_config.old > /etc/ssh/sshd_config

rm -f /etc/ssh/sshd_config.old

/etc/init.d/ sshd restart

echo "$scriptName - Set root to login via SSH" >> /root/PostInstall/PostInstall.log

}

setSNMP()

{

echo "Copy over the snmp configuration files and restart service" >> /root/PostInstall/PostInstall.log

cp -f ./snmp/snmpd.conf /etc/snmp/snmpd.conf

service snmpd restart

service sshd restart

echo "SNMP has been configured" >> /root/PostInstall/PostInstall.log

}

setUsers()

{

echo "Adding default users..." >> /root/PostInstall/PostInstall.log

groupadd FHAdmin

/usr/sbin/useradd -c "FHAdmin" -G FHAdmin -p $1$i5a/lCrm$11fAbcDfJoCn

echo "Default users have neem created" >> /root/PostInstall/PostInstall.log

}

setLDAPSearch()

{

echo "Starting configuration of LDAP Search Script" >> /root/PostInstall/PostInstall.log

cp /root/PostInstall/LDAP /etc/cron.hourly/LDAP

chmod a+x /etc/cron.hourly/LDAP

/etc/cron.hourly/LDAP

/etc/cron.hourly/LDAP

echo "LDAP Search Script has been configured and the script has been run" >> /root/PostInstall/PostInstall.log

}

setConsoleNIC()

{

echo "Deleting current network configuration" >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch vSwitch0 -D "VM Network"

/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0

/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0

/usr/sbin/esxcfg-vswif -d vswif0

/usr/sbin/esxcfg-vswitch -d vSwitch0

service mgmt-vmware restart

echo "Reconfiguring Service Console NIC..." >> /root/PostInstall/PostInstall.log

cp /etc/vmware/esx.conf /tmp/post/esx.conf.bak

/usr/sbin/esxcfg-vswitch -a vSwitch0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1

/usr/sbin/esxcfg-vswitch -A "Service Console" vSwitch0

/usr/sbin/esxcfg-vswitch vSwitch0 -p "Service Console" -v 0

/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i $SCIP -n 255.255.255.0

route add default gw $DGW

echo "GATEWAY=$DGW" >> /etc/sysconfig/network

}

setVMotion()

{

echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log

\# Setup your VMkernel and Virtual Machine networking:

\# EXAMPLE: Add VMotion portgroup

\# EXAMPLE: Setup the VMkernel IP Stack default gateway

/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion

/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion

/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0

/usr/sbin/esxcfg-route $VMKGW

}

setFHNet()

{

echo "Setting up FH LAN Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch1

/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic6

/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic7

/usr/sbin/esxcfg-vswitch vSwitch1 -A "FH_Network"

/usr/sbin/esxcfg-vswitch vSwitch1 -p "FH_Network"

}

setCSS()

{

echo "Setting up CSS Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch2

/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic4

/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic5

/usr/sbin/esxcfg-nics -s 100 -d full vmnic4

/usr/sbin/esxcfg-nics -s 100 -d full vmnic5

/usr/sbin/esxcfg-vswitch vSwitch2 -A "VLAN_681_CSS"

/usr/sbin/esxcfg-vswitch vSwitch2 -p "VLAN_681_CSS"

}

setDMZ()

{

echo "Setting up DMZ Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch3

/usr/sbin/esxcfg-vswitch vSwitch3 -L vmnic2

/usr/sbin/esxcfg-nics -s 100 -d full vmnic2

/usr/sbin/esxcfg-vswitch vSwitch3 -A "DMZ"

/usr/sbin/esxcfg-vswitch vSwitch3 -p "DMZ"

}

setProdNet()

{

\# EXAMPLE: Create production vSwitch using remaining physical NICs and default portgroup(s)

/usr/sbin/esxcfg-vswitch --add vswitch1

export VMNICS=`esxcfg-nics --list | sed -e '1d' -e '/vmnic0/d' | awk '\{print $1}'`

for i in $VMNICS; do esxcfg-vswitch --link=$i vswitch1; done

/usr/sbin/esxcfg-vswitch --add-pg=FH_Network vswitch1

\# or

#/usr/sbin/esxcfg-vswitch --vlan=1 -p defaultProd prodSwitch

}

setLocalNet()

{

\# EXAMPLE: Create private vSwitch and default portgroup

#/usr/sbin/esxcfg-vswitch --add privateSwitch

#/usr/sbin/esxcfg-vswitch --add-pg=defaultPrivate privateSwitch

\# or

#/usr/sbin/esxcfg-vswitch --vlan=11 -p defaultPrivate privateSwitch

#/usr/sbin/esxcfg-vswitch --add Local

/usr/sbin/esxcfg-vswitch --add --pg=Local vSwitch4

/usr/sbin/esxcfg-vswitch vSwitch4 -A Local

/usr/sbin/esxcfg-vswitch vSwitch4 -p Local

service mgmt-vmware restart

}

setVMFS()

{

echo "Creating VMFS partition name to computer name" >> /root/PostInstall/PostInstall.log

export VMFS_PARTITION=`fdisk -l /dev/cciss/c0d0 | grep fb | sed -e "s/\/dev\/cciss\/c0d0p\(.\).*/\1/"`

vmhba0:0:0:$VMFS_PARTITION

vmkfstools -C vmfs3 -S $SRVCFG-VMFS vmhba0:0:0:$VMFS_PARTITION

echo "Local VMFS Volume has been renamed" >> /root/PostInstall/PostInstall.log

}

setNameResolution()

{

echo "Adding DNS Entries for DNS resolution" >> /root/PostInstall/PostInstall.log

echo "# Built by automated post install script" > /etc/resolv.conf

echo "search flhosp.net" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "DNS Name resolution has been configured" >> /root/PostInstall/PostInstall.log

}

setESXcfg()

{

echo "Configure esxcfg-auth..." >> /root/PostInstall/PostInstall.log

esxcfg-auth --enablead --addomain flhosp.net --addc flhosp.net --enablekrb5 --krb5realm=flhosp.net --krb5kdc=flhosp.net --enableldapauth --ldapserver=flhosp.net --ldapbasedn=DC=flhosp,DC=net

esxcfg-auth --passmaxdays=0

echo "ESX Authentication Configuration Completed" >> /root/PostInstall/PostInstall.log

}

setAuthd()

{

echo "Updating vmware-authd to allow AD logons" >> /root/PostInstall/PostInstall.log

echo "#%PAM-1.0" > /etc/pam.d/vmware-authd

echo "# Built by automated post install script" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd

echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd

echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "vmware-authd has been updated" >> /root/PostInstall/PostInstall.log

}

setFirewall()

{

echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log

echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-firewall --openPort 88,tcp,out,KerberosClient

/usr/sbin/esxcfg-firewall --openPort 88,udp,out,KerberosClient

/usr/sbin/esxcfg-firewall --openPort 464,tcp,out,KerberosPasswordChange

/usr/sbin/esxcfg-firewall --openPort 749,tcp,out,KerberosAdm

#/usr/sbin/esxcfg-firewall --enableService LicenseClient

#/usr/sbin/esxcfg-firewall --enableService sshServer

#/usr/sbin/esxcfg-firewall --enableService vpxHeartbeats

/usr/sbin/esxcfg-firewall --openport 389,tcp,out,in,LDAP

/usr/sbin/esxcfg-firewall --openport 636,tcp,out,in,OpenSSL

/usr/sbin/esxcfg-firewall --openPort 2381,tcp,in,hpim

/usr/sbin/esxcfg-firewall --openPort 2381,tcp,out,hpim

/usr/sbin/esxcfg-firewall --openPort 231,udp,in,out,ntpd

/usr/sbin/esxcfg-firewall --openport 280,tcp,out,sim-cert

/usr/sbin/esxcfg-firewall --enableService snmpd

/usr/sbin/esxcfg-firewall --enableService ntpClient

/usr/sbin/esxcfg-firewall --enableService CIMHttpsServer

/usr/sbin/esxcfg-firewall --enableService CIMHttpServer

/usr/sbin/esxcfg-firewall --enableService CIMSLP

/usr/sbin/esxcfg-firewall --enableService hpim

echo "Firewall has been configured" >> /root/PostInstall/PostInstall.log

}

setPerfScript()

{

echo "Now to set up performace scripts" >> /root/PostInstall/PostInstall.log

cd /root/PostInstall

cp /root/PostInstall/vm-diag/rotatemem /etc/cron.daily/rotatemem

cp /root/PostInstall/vm-diag/checkmem /usr/vm-diag/checkmem

cp /root/PostInstall/vm-diag/memcheck /usr/vm-diag/memcheck

cp /root/PostInstall/vm-diag/meminfo-munge.pl /usr/vm-diag/meminfo-munge.pl

cp /root/PostInstall/vm-diag/meminfo-munge.sh /usr/vm-diag/meminfo-munge.sh

cp /root/PostInstall/vm-diag/memrotate /usr/vm-diag/memrotate

cp /root/PostInstall/vm-diag/ps-munge.pl /usr/vm-diag/ps-munge.pl

cp /root/PostInstall/vm-diag/ps-munge.sh /usr/vm-diag/ps-munge.sh

chmod a+x /etc/cron.daily/vm_backup

chmod a+x /etc/cron.daily/rotatemem

chmod a+x /usr/vm-diag/checkmem

chmod a+x /usr/vm-diag/memcheck

chmod a+x /usr/vm-diag/meminfo-munge.pl

chmod a+x /usr/vm-diag/meminfo-munge.sh

chmod a+x /usr/vm-diag/memrotate

chmod a+x /usr/vm-diag/ps-munge.pl

chmod a+x /usr/vm-diag/ps-munge.sh

crontab crontab.txt

echo "Performance scripts have been installed" >> /root/PostInstall/PostInstall.log

}

setNTP()

{

echo "turn on ntpd and start service" >> /root/PostInstall/PostInstall.log

chkconfig --level 345 ntpd on

service ntpd restart

hwclock --systohc

echo "NTP has been configured and started" >> /root/PostInstall/PostInstall.log

}

setSSHBANNER()

{

echo "Setting SSH Security Logon Banner Text..."

echo $bannertxt1 > /etc/ssh/banner

echo " " >>/etc/ssh/banner

echo $bannertxt2 >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo $bannertxt3 >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo $bannertxt4 >> /etc/ssh/banner

echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config

echo "$scriptName - Configured SSH Banner text" >> /root/PostInstall/PostInstall.log

}

FWEnabled()

{

/usr/sbin/esxcfg-firewall --blockIncoming

/usr/sbin/esxcfg-firewall --blockOutgoing

echo "Post Install Done" >> /root/PostInstall/PostInstall.log

echo "Firewall has been enabled" >> /root/PostInstall/PostInstall.log

}

SoftMaxDirty()

{

echo 15 > /proc/vmware/config/BufferCache/SoftMaxDirty

}

HBABalance()

{

PREVIOUS="vmhba1"

echo "Starting HBA Balance....." >> /root/PostInstall/PostInstall.log

  1. Execute new config

for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')

do

CURRENT=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')

if [\[ $\{CURRENT} = $\{PREVIOUS} ]]

then

NEW=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')

NEWPATH=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}')

esxcfg-mpath --lun=$\{LUN} --path=$\{NEWPATH} --preferred

PREVIOUS=$\{NEW}

else

PREVIOUS=$\{CURRENT}

fi

done

echo >> /root/PostInstall/PostInstall.log

echo "****** NEW HBA CONFIG *****" >> /root/PostInstall/PostInstall.log

echo >> /root/PostInstall/PostInstall.log

for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')

do

esxcfg-mpath -q --lun=$\{LUN} | grep FC

echo >> /root/PostInstall/PostInstall.log

done

echo >> /root/PostInstall/PostInstall.log

echo "****** \"active\" flag will be moved after disk activity *****" >> /root/PostInstall/PostInstall.log

echo >> /root/PostInstall/PostInstall.log

;;

*)

esac

echo "Finished HBA Balance....." >> /root/PostInstall/PostInstall.log

}

#

\# MAIN PROGRAM - ENTER HERE...

#

scriptName="ESX Post Install Script" >> /root/PostInstall/PostInstall.log

dateTime=`date '+%c'` >> /root/PostInstall/PostInstall.log

bannertxt1="Legal warning test line 1."

bannertxt2="Legal warning test line 2."

bannertxt3="Legal warning test line 3."

bannertxt4="Legal warning test line 4."

echo "$scriptName - started" >> /root/PostInstall/PostInstall.log

echo "Starting $scriptName..." >> /root/PostInstall/PostInstall.log

setPath

setSCmem

openFirewall

addKerberos

addDir

addCopyFiles

setSSHRoot

setSNMP

setUsers

setLDAPSearch

setVMFS

setNameResolution

setESXcfg

setAuthd

setFirewall

setPerfScript

setNTP

SoftMaxDirty

setConsoleNIC

setVMotion

setFHNet

setCSS

setDMZ

setLocalNet

#HBABalance

#FWEnabled

echo "$scriptName - ended" >> /root/PostInstall/PostInstall.log

reboot

exit 0

Message was edited by:

sbeaver

Needed to fix something

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**

View solution in original post

Reply
0 Kudos
30 Replies
sbeaver
Leadership
Leadership
Jump to solution

I have a post script that runs and does all my advanced configuration from setting up AD authentication, NTP, all the firewall stuff, re-creates all the network stuff from scratch, load balances the HBA paths ect

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

You can create all kind of scripts in the %post setting and refer to the created scripts from the /etc/rc.d/rc.local file

For example:

cat > /tmp/esxcfg.sh /etc/rc.d/rc.local << EOF

cd /tmp

/tmp/esxcfg.sh

EOF[/i]

There are a lot of example scripts on the forum.

Reply
0 Kudos
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

In addition I like to mention that everything can be done via CLI

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

Hi my name is Steve and I am a command line junkie

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

and I'm Kenneth, consider me a friend Smiley Happy

Jwoods
Expert
Expert
Jump to solution

Steve, are you editing the esx.conf manually or using the esxcfg commands? How are you balancing your HBA paths???

Reply
0 Kudos
Jwoods
Expert
Expert
Jump to solution

I too am a proud member Smiley Happy

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

esxcfg commands are great and I have a script that uses esxcfg-mpath to load balance the paths

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
Jwoods
Expert
Expert
Jump to solution

No question on how to do the scripting. I'm no stranger to scripting/programming. However, there doesn't seem to be many options (or maybe I'm just not familiar with all the commands) in VI3 to modify things during install.

Reply
0 Kudos
Jwoods
Expert
Expert
Jump to solution

Ok, so are you doing anything outside of the 22 or so "esxcfg" commands to customize your install?

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

Here is my post to take a look at

#!/bin/sh

echo "VMWare ESX Post Install Script" > /root/PostInstall/PostInstall.log

\# Steve Beaver

\# Florida Hospital

\# November 10, 2005

#######################

\# Server Configuration Variables

SRVCFG=Servername

SCIP=10.10.10.13

VMIP=192.168.10.3

DGW=10.10.10.1

VMKGW=192.168.10.3

#######################

setPath()

{

echo "Setting PATH...."

sleep 5

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin

}

setSCmem()

{

echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log

mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak

sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf

mv -f /boot/grub/grub.conf /tmp/grub.conf.bak

sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf

echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log

}

openFirewall()

{

/usr/sbin/esxcfg-firewall --allowIncoming

/usr/sbin/esxcfg-firewall --allowOutgoing

}

hpinsight()

{

echo "First step unpack and install the HP Agents" >> /root/PostInstall/PostInstall.log

cd /root

tar -zxvf hpmgmt-7.6.0-vmware.tgz

./hpmgmt/760/installvm760.sh --silent --inputfile ./hpmgmt.conf

echo "Post Install -- HP Insight Agents installed" >> /root/PostInstall/PostInstall.log

}

addKerberos()

{

echo "Next we will install the RPM's for Kerberos and LDAP" >> /root/PostInstall/PostInstall.log

rpm -ivh /root/PostInstall/OpenLDAP/krb5-workstation-1.2.7-47.i386.rpm

echo "krb5-workstation has been installed" >> /root/PostInstall/PostInstall.log

}

addDir()

{

echo "We need to make certain directories for vm-diag scripts and kerberos" >> /root/PostInstall/PostInstall.log

mkdir -p /var/kerberos/krb5kdc

mkdir -p /usr/vm-diag

mkdir -p /usr/vm-diag/logs

echo "Needed directories have been created" >> /root/PostInstall/PostInstall.log

}

addCopyFiles()

{

echo "Here where we copy over specific configuration files" >> /root/PostInstall/PostInstall.log

cp -f /root/PostInstall/ntp.conf /etc/ntp.conf

cp -f /root/PostInstall/step-tickers /etc/ntp/step-tickers

cp -f /root/PostInstall/krb5kdc/kdc.conf /var/kerberos/krb5kdc/kdc.conf

cp -f /root/PostInstall/snmp/snmpd.conf /etc/snmp/snmpd.conf

cp -f /root/PostInstall/ldap.conf /etc/openldap/ldap.conf

echo "Pre-Configuration files have been copied over" >> /root/PostInstall/PostInstall.log

}

setSSHRoot()

{

echo "Allowing root to login via SSH..." >> /root/PostInstall/PostInstall.log

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old

sed -e "s/PermitRootLogin no/PermitRootLogin yes/g" /etc/ssh/sshd_config.old > /etc/ssh/sshd_config

rm -f /etc/ssh/sshd_config.old

/etc/init.d/ sshd restart

echo "$scriptName - Set root to login via SSH" >> /root/PostInstall/PostInstall.log

}

setSNMP()

{

echo "Copy over the snmp configuration files and restart service" >> /root/PostInstall/PostInstall.log

cp -f ./snmp/snmpd.conf /etc/snmp/snmpd.conf

service snmpd restart

service sshd restart

echo "SNMP has been configured" >> /root/PostInstall/PostInstall.log

}

setUsers()

{

echo "Adding default users..." >> /root/PostInstall/PostInstall.log

groupadd FHAdmin

/usr/sbin/useradd -c "FHAdmin" -G FHAdmin -p $1$i5a/lCrm$11fAbcDfJoCn

echo "Default users have neem created" >> /root/PostInstall/PostInstall.log

}

setLDAPSearch()

{

echo "Starting configuration of LDAP Search Script" >> /root/PostInstall/PostInstall.log

cp /root/PostInstall/LDAP /etc/cron.hourly/LDAP

chmod a+x /etc/cron.hourly/LDAP

/etc/cron.hourly/LDAP

/etc/cron.hourly/LDAP

echo "LDAP Search Script has been configured and the script has been run" >> /root/PostInstall/PostInstall.log

}

setConsoleNIC()

{

echo "Deleting current network configuration" >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch vSwitch0 -D "VM Network"

/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0

/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0

/usr/sbin/esxcfg-vswif -d vswif0

/usr/sbin/esxcfg-vswitch -d vSwitch0

service mgmt-vmware restart

echo "Reconfiguring Service Console NIC..." >> /root/PostInstall/PostInstall.log

cp /etc/vmware/esx.conf /tmp/post/esx.conf.bak

/usr/sbin/esxcfg-vswitch -a vSwitch0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1

/usr/sbin/esxcfg-vswitch -A "Service Console" vSwitch0

/usr/sbin/esxcfg-vswitch vSwitch0 -p "Service Console" -v 0

/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i $SCIP -n 255.255.255.0

route add default gw $DGW

echo "GATEWAY=$DGW" >> /etc/sysconfig/network

}

setVMotion()

{

echo "Setting up vMotion..." >> /root/PostInstall/PostInstall.log

\# Setup your VMkernel and Virtual Machine networking:

\# EXAMPLE: Add VMotion portgroup

\# EXAMPLE: Setup the VMkernel IP Stack default gateway

/usr/sbin/esxcfg-vswitch vSwitch0 -A vMotion

/usr/sbin/esxcfg-vswitch vSwitch0 -p vMotion

/usr/sbin/esxcfg-vmknic -a vMotion -i $VMIP -n 255.255.255.0

/usr/sbin/esxcfg-route $VMKGW

}

setFHNet()

{

echo "Setting up FH LAN Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch1

/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic6

/usr/sbin/esxcfg-vswitch vSwitch1 -L vmnic7

/usr/sbin/esxcfg-vswitch vSwitch1 -A "FH_Network"

/usr/sbin/esxcfg-vswitch vSwitch1 -p "FH_Network"

}

setCSS()

{

echo "Setting up CSS Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch2

/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic4

/usr/sbin/esxcfg-vswitch vSwitch2 -L vmnic5

/usr/sbin/esxcfg-nics -s 100 -d full vmnic4

/usr/sbin/esxcfg-nics -s 100 -d full vmnic5

/usr/sbin/esxcfg-vswitch vSwitch2 -A "VLAN_681_CSS"

/usr/sbin/esxcfg-vswitch vSwitch2 -p "VLAN_681_CSS"

}

setDMZ()

{

echo "Setting up DMZ Switch and Network..." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-vswitch -a vSwitch3

/usr/sbin/esxcfg-vswitch vSwitch3 -L vmnic2

/usr/sbin/esxcfg-nics -s 100 -d full vmnic2

/usr/sbin/esxcfg-vswitch vSwitch3 -A "DMZ"

/usr/sbin/esxcfg-vswitch vSwitch3 -p "DMZ"

}

setProdNet()

{

\# EXAMPLE: Create production vSwitch using remaining physical NICs and default portgroup(s)

/usr/sbin/esxcfg-vswitch --add vswitch1

export VMNICS=`esxcfg-nics --list | sed -e '1d' -e '/vmnic0/d' | awk '\{print $1}'`

for i in $VMNICS; do esxcfg-vswitch --link=$i vswitch1; done

/usr/sbin/esxcfg-vswitch --add-pg=FH_Network vswitch1

\# or

#/usr/sbin/esxcfg-vswitch --vlan=1 -p defaultProd prodSwitch

}

setLocalNet()

{

\# EXAMPLE: Create private vSwitch and default portgroup

#/usr/sbin/esxcfg-vswitch --add privateSwitch

#/usr/sbin/esxcfg-vswitch --add-pg=defaultPrivate privateSwitch

\# or

#/usr/sbin/esxcfg-vswitch --vlan=11 -p defaultPrivate privateSwitch

#/usr/sbin/esxcfg-vswitch --add Local

/usr/sbin/esxcfg-vswitch --add --pg=Local vSwitch4

/usr/sbin/esxcfg-vswitch vSwitch4 -A Local

/usr/sbin/esxcfg-vswitch vSwitch4 -p Local

service mgmt-vmware restart

}

setVMFS()

{

echo "Creating VMFS partition name to computer name" >> /root/PostInstall/PostInstall.log

export VMFS_PARTITION=`fdisk -l /dev/cciss/c0d0 | grep fb | sed -e "s/\/dev\/cciss\/c0d0p\(.\).*/\1/"`

vmhba0:0:0:$VMFS_PARTITION

vmkfstools -C vmfs3 -S $SRVCFG-VMFS vmhba0:0:0:$VMFS_PARTITION

echo "Local VMFS Volume has been renamed" >> /root/PostInstall/PostInstall.log

}

setNameResolution()

{

echo "Adding DNS Entries for DNS resolution" >> /root/PostInstall/PostInstall.log

echo "# Built by automated post install script" > /etc/resolv.conf

echo "search flhosp.net" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "nameserver x.x.x.x" >> /etc/resolv.conf

echo "DNS Name resolution has been configured" >> /root/PostInstall/PostInstall.log

}

setESXcfg()

{

echo "Configure esxcfg-auth..." >> /root/PostInstall/PostInstall.log

esxcfg-auth --enablead --addomain flhosp.net --addc flhosp.net --enablekrb5 --krb5realm=flhosp.net --krb5kdc=flhosp.net --enableldapauth --ldapserver=flhosp.net --ldapbasedn=DC=flhosp,DC=net

esxcfg-auth --passmaxdays=0

echo "ESX Authentication Configuration Completed" >> /root/PostInstall/PostInstall.log

}

setAuthd()

{

echo "Updating vmware-authd to allow AD logons" >> /root/PostInstall/PostInstall.log

echo "#%PAM-1.0" > /etc/pam.d/vmware-authd

echo "# Built by automated post install script" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd

echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd

echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "vmware-authd has been updated" >> /root/PostInstall/PostInstall.log

}

setFirewall()

{

echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log

echo "Configuring Firewall Ports...." >> /root/PostInstall/PostInstall.log

/usr/sbin/esxcfg-firewall --openPort 88,tcp,out,KerberosClient

/usr/sbin/esxcfg-firewall --openPort 88,udp,out,KerberosClient

/usr/sbin/esxcfg-firewall --openPort 464,tcp,out,KerberosPasswordChange

/usr/sbin/esxcfg-firewall --openPort 749,tcp,out,KerberosAdm

#/usr/sbin/esxcfg-firewall --enableService LicenseClient

#/usr/sbin/esxcfg-firewall --enableService sshServer

#/usr/sbin/esxcfg-firewall --enableService vpxHeartbeats

/usr/sbin/esxcfg-firewall --openport 389,tcp,out,in,LDAP

/usr/sbin/esxcfg-firewall --openport 636,tcp,out,in,OpenSSL

/usr/sbin/esxcfg-firewall --openPort 2381,tcp,in,hpim

/usr/sbin/esxcfg-firewall --openPort 2381,tcp,out,hpim

/usr/sbin/esxcfg-firewall --openPort 231,udp,in,out,ntpd

/usr/sbin/esxcfg-firewall --openport 280,tcp,out,sim-cert

/usr/sbin/esxcfg-firewall --enableService snmpd

/usr/sbin/esxcfg-firewall --enableService ntpClient

/usr/sbin/esxcfg-firewall --enableService CIMHttpsServer

/usr/sbin/esxcfg-firewall --enableService CIMHttpServer

/usr/sbin/esxcfg-firewall --enableService CIMSLP

/usr/sbin/esxcfg-firewall --enableService hpim

echo "Firewall has been configured" >> /root/PostInstall/PostInstall.log

}

setPerfScript()

{

echo "Now to set up performace scripts" >> /root/PostInstall/PostInstall.log

cd /root/PostInstall

cp /root/PostInstall/vm-diag/rotatemem /etc/cron.daily/rotatemem

cp /root/PostInstall/vm-diag/checkmem /usr/vm-diag/checkmem

cp /root/PostInstall/vm-diag/memcheck /usr/vm-diag/memcheck

cp /root/PostInstall/vm-diag/meminfo-munge.pl /usr/vm-diag/meminfo-munge.pl

cp /root/PostInstall/vm-diag/meminfo-munge.sh /usr/vm-diag/meminfo-munge.sh

cp /root/PostInstall/vm-diag/memrotate /usr/vm-diag/memrotate

cp /root/PostInstall/vm-diag/ps-munge.pl /usr/vm-diag/ps-munge.pl

cp /root/PostInstall/vm-diag/ps-munge.sh /usr/vm-diag/ps-munge.sh

chmod a+x /etc/cron.daily/vm_backup

chmod a+x /etc/cron.daily/rotatemem

chmod a+x /usr/vm-diag/checkmem

chmod a+x /usr/vm-diag/memcheck

chmod a+x /usr/vm-diag/meminfo-munge.pl

chmod a+x /usr/vm-diag/meminfo-munge.sh

chmod a+x /usr/vm-diag/memrotate

chmod a+x /usr/vm-diag/ps-munge.pl

chmod a+x /usr/vm-diag/ps-munge.sh

crontab crontab.txt

echo "Performance scripts have been installed" >> /root/PostInstall/PostInstall.log

}

setNTP()

{

echo "turn on ntpd and start service" >> /root/PostInstall/PostInstall.log

chkconfig --level 345 ntpd on

service ntpd restart

hwclock --systohc

echo "NTP has been configured and started" >> /root/PostInstall/PostInstall.log

}

setSSHBANNER()

{

echo "Setting SSH Security Logon Banner Text..."

echo $bannertxt1 > /etc/ssh/banner

echo " " >>/etc/ssh/banner

echo $bannertxt2 >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo $bannertxt3 >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo $bannertxt4 >> /etc/ssh/banner

echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config

echo "$scriptName - Configured SSH Banner text" >> /root/PostInstall/PostInstall.log

}

FWEnabled()

{

/usr/sbin/esxcfg-firewall --blockIncoming

/usr/sbin/esxcfg-firewall --blockOutgoing

echo "Post Install Done" >> /root/PostInstall/PostInstall.log

echo "Firewall has been enabled" >> /root/PostInstall/PostInstall.log

}

SoftMaxDirty()

{

echo 15 > /proc/vmware/config/BufferCache/SoftMaxDirty

}

HBABalance()

{

PREVIOUS="vmhba1"

echo "Starting HBA Balance....." >> /root/PostInstall/PostInstall.log

  1. Execute new config

for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')

do

CURRENT=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')

if [\[ $\{CURRENT} = $\{PREVIOUS} ]]

then

NEW=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}' | awk -F ":" '\{print $1}')

NEWPATH=$(esxcfg-mpath -q --lun=$\{LUN} | grep FC | grep -v "preferred" | awk '\{print $4}')

esxcfg-mpath --lun=$\{LUN} --path=$\{NEWPATH} --preferred

PREVIOUS=$\{NEW}

else

PREVIOUS=$\{CURRENT}

fi

done

echo >> /root/PostInstall/PostInstall.log

echo "****** NEW HBA CONFIG *****" >> /root/PostInstall/PostInstall.log

echo >> /root/PostInstall/PostInstall.log

for LUN in $(esxcfg-vmhbadevs | tail +2 | awk '\{print $1}')

do

esxcfg-mpath -q --lun=$\{LUN} | grep FC

echo >> /root/PostInstall/PostInstall.log

done

echo >> /root/PostInstall/PostInstall.log

echo "****** \"active\" flag will be moved after disk activity *****" >> /root/PostInstall/PostInstall.log

echo >> /root/PostInstall/PostInstall.log

;;

*)

esac

echo "Finished HBA Balance....." >> /root/PostInstall/PostInstall.log

}

#

\# MAIN PROGRAM - ENTER HERE...

#

scriptName="ESX Post Install Script" >> /root/PostInstall/PostInstall.log

dateTime=`date '+%c'` >> /root/PostInstall/PostInstall.log

bannertxt1="Legal warning test line 1."

bannertxt2="Legal warning test line 2."

bannertxt3="Legal warning test line 3."

bannertxt4="Legal warning test line 4."

echo "$scriptName - started" >> /root/PostInstall/PostInstall.log

echo "Starting $scriptName..." >> /root/PostInstall/PostInstall.log

setPath

setSCmem

openFirewall

addKerberos

addDir

addCopyFiles

setSSHRoot

setSNMP

setUsers

setLDAPSearch

setVMFS

setNameResolution

setESXcfg

setAuthd

setFirewall

setPerfScript

setNTP

SoftMaxDirty

setConsoleNIC

setVMotion

setFHNet

setCSS

setDMZ

setLocalNet

#HBABalance

#FWEnabled

echo "$scriptName - ended" >> /root/PostInstall/PostInstall.log

reboot

exit 0

Message was edited by:

sbeaver

Needed to fix something

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
Jwoods
Expert
Expert
Jump to solution

That makes sense. Thanks for the sample Steve. All is not lost on the CLI front. I think I need to play with the commands a bit more to get my build going. Thanks again for the help!

Reply
0 Kudos
Jwoods
Expert
Expert
Jump to solution

Extra points for the cli junkies Smiley Wink

Reply
0 Kudos
uqmswinb
Contributor
Contributor
Jump to solution

Hi All, I was wondering if there's any way to configure load balancing / port failover order from the CLI?

That would be most useful during scripted builds. Cheers

Reply
0 Kudos
jasonboche
Immortal
Immortal
Jump to solution

Steve, I ran part of your script and got an error

\[root@vader /]# mkdir /tmp/post

mv -f /etc/vmware/esx.conf /tmp/post/esx.conf.bak

\[root@vader /]# mv -f /etc/vmware/esx.conf /tmp/post/esx.conf.bak

\[root@vader /]# sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/post/esx.conf.bak >> /etc/vmware/esx.conf

\[root@vader /]# mv -f /boot/grub/grub.conf /tmp/post/grub.conf.bak

\[root@vader /]# sed -e 's/uppermem 277504/uppermem 523264/g s/mem=272M/mem=512M/g' /tmp/post/grub.conf.bak >> /boot/grub/grub.conf

sed: -e expression #1, char 37: Unknown option to `s'

\[root@vader /]#

Any idea what that last line is having a problem with? The script appears to have nuked /boot/grub/grub.conf without putting anything back in its place.

VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
Reply
0 Kudos
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

I had this before, when I again cut and paste the code from the internet (to VIM) in my script it worked again, very odd.

Didn't checked for the cause though.

Reply
0 Kudos
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

This is how i cutted it out of my working script:

sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/post/grub.conf.bak >> /boot/grub/grub.conf

You are missing a " ' "behind the first search Smiley Happy

edit: You are missing much more behind that, i.e. the second "-e"

Reply
0 Kudos
sbeaver
Leadership
Leadership
Jump to solution

Try this...

setSCmem()

{

echo "Setting Service Console memory to 512MB" #>> /root/PostInstall/PostInstall.log

mv -f /etc/vmware/esx.conf /tmp/esx.conf.bak

sed -e 's/boot\/memSize = \"272\"/boot\/memSize = \"512\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf

mv -f /boot/grub/grub.conf /tmp/grub.conf.bak

sed -e 's/uppermem 277504/uppermem 523264/g' -e 's/mem=272M/mem=512M/g' /tmp/grub.conf.bak >> /boot/grub/grub.conf

echo "Service Console memory has been set to 512mb" #>> /root/PostInstall/PostInstall.log

}

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
Reply
0 Kudos
jasonboche
Immortal
Immortal
Jump to solution

I'll give it a try - thank you kindly gentlemen! You seem to be experts with sed.

I was scouring the net last night trying to figure out how to use sed to find/replace a string of text that has some special characters in it which doesn't seem to be a simple task. When sed sees special characters, it seems to behave differently. The charcters I'm struggling with are \ and # Would either of you like to assist?

In a file, I need the only existing instance of this:

PermitRootLogin no

changed to this:

#PermitRootLogin no

In a different file, I need the only existing instance of this:

\u@\h \W

changed to this:

\u@\h \w

\^^^^ notice the only change is the case of the W to w

The problem I was running into is that when sed comes across characters such as \ and # The outcome doesn't work right. For example, I think when it comes across the # sign, it interprets that as the beginning of a comment and ignores the rest of the line.

Smiley Happy

VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
Reply
0 Kudos