VMware Cloud Community
surfup
Enthusiast
Enthusiast

ESX Cloning ...

Hi all,

I need to crank out ESX servers using IBM T-chassis fast. I have scripted ESX installation. But, since we work for the Navy so we need to hardening the ESX with the UNIX STIG - which is a very painful way and time consuming. So, I wonder anyone has experienced to clone the ESX? What I meant is ... after we installed and configured the ESX, and patched it to our satisfactory - this will be our ESX baseline. Then we can use Acronis or other third-party tool to take an image and use it to clone. I have used Acronis for Windows and successfully deployed Windows 2K/2K3 - all you need is to run SID changer, changed the server name, IP address and you good to do.

Since I am not a Linux guy. I wonder Linux has something similar to SID in Windows that unique per server that you need to change?

Any comments or suggestions are greatly appreciated.

Cheers,

Reply
0 Kudos
11 Replies
The_Reckoning55
Enthusiast
Enthusiast

Are you going to be using local storage or will it be connected to a SAN?

Reck

**Remember to award points if you found this post helpful DJ Gillit, VSP, VTSP Systems Integration and Special Projects localLINUX, Inc www.locallinux.com
Reply
0 Kudos
The_Reckoning55
Enthusiast
Enthusiast

To my knowledge, you could clone the box over and over again. I think as long you change the name of the box, the hashes will change and it should even have a different RSA fingerprint. I think local storage would be the issue because you would have to resignature the LUNs.

DJ

**Remember to award points if you found this post helpful DJ Gillit, VSP, VTSP Systems Integration and Special Projects localLINUX, Inc www.locallinux.com
Reply
0 Kudos
dwight
Enthusiast
Enthusiast

It is possible to clone an ESX installation. However, since the System Console is essentially a VM with special capabilities there is one issue. The MAC addresses for the VMkernel and vswif interfaces are stored in two or more configuration files (/etc/vmware/esx.conf and /etc/sysconfig/network-scripts/ifcfg-vswif*). If you do not delete those files, all your cloned servers will have the same MAC addresses, needless to say networking will not work properly.

I have more detailed notes on the process on my website at http://computing.dwighthubbard.info/index.php/white-papers/vmware/esx-35-image-installs/






RHCE, VCP

Blog: http://computing.dwighthubbard.info[computing.dwighthubbard.info|http://computing.dwighthubbard.info/index.php/white-papers/vmware/esx-35-image-installs/]

RHCE, VCP Blog: http://computing.dwighthubbard.info
Reply
0 Kudos
surfup
Enthusiast
Enthusiast

DJ,

I will used the local storage for the ESX. All the VM will reside on the iSCSI SAN. Yes, I know that I will need to change the hostname, IP address, etc. I don't think we will connect to the iSCSI storage during the installation. We can either manually scan the LUN after the installation. Thanks.

Reply
0 Kudos
surfup
Enthusiast
Enthusiast

Thanks. I will check out your website.

As you mentioned below that I need to delete the VMKernel and vSwif files. Is the vSwif contain the VLAN ID, etc? If so, this might be a problem as we have 10 - 20 VLAN that we need to configured. This is one of the reasons that we want to automate and clone the ESX server.

Thanks for sharing.

Reply
0 Kudos
The_Reckoning55
Enthusiast
Enthusiast

I did not take this into account. You are absolutely right.

My point was that I dont think there is a SID that you must change.

Reck

**Remember to award points if you found this post helpful DJ Gillit, VSP, VTSP Systems Integration and Special Projects localLINUX, Inc www.locallinux.com
Reply
0 Kudos
surfup
Enthusiast
Enthusiast

Reck,

Cool. Thanks for sharing.

PS: I am at VMworld in Sin city. A lot of information - but good info anyway.

Cheers,

Reply
0 Kudos
champcf
Enthusiast
Enthusiast

You can try booting with a Linux live disc and then use dd (disk dump) to clone the HDD and store it on an external disk or whatever you choose. Then, you can dump the image to the other machines.

Reply
0 Kudos
TomHowarth
Leadership
Leadership

you will also have to regenerate the certificate, when to match the new hostname.

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
Reply
0 Kudos
surfup
Enthusiast
Enthusiast

Hi,

I have talked to VMware at "Genius Bar" and they said I can try the following after cloning the ESX image to a new "similar" hardware:

1. boot ESX in debug mode (Does anyone know how to scripted this and force ESX boot into debug mode)

- esxcfg-boot -p

- esxcfg-boot -b

- esxcfg-boot -r

2. reboot in normal mode

I believed this will generate a new MAC address for VMKernel, boot loader, and others - however, I need to find out what exactly the options -p, -b, and -r do?

Tom, how do I re-generate the certificate (or hash) using command line? Or, how to script it so I can automate the process.

Is anything else that I need to do on the new ESX "cloned" image?

Again, thanks for your help. When I finalize and making sure the process work. I will summarize and post it for everyone view.

Cheers,

Reply
0 Kudos
surfup
Enthusiast
Enthusiast

Tom,

How do generate a new certificate? Thanks.

Cheers,

Reply
0 Kudos