Solved: HP SIM install on multiple hosts

acnsys · ‎06-09-2008

HI fellows,

I have to configure snmp and install HP SiM on multiple hosts.

What are my option?

My basic idea is to create a script that will push the snmp settings (conf, firewall ports, autostart) then upload the hp sim package on the hosts and run a silent install.

Any help, tips & tricks would be appreciated.

I would first like to know a command which would give all the hosts in my farm.

Texiwill · ‎06-10-2008

Hello,

You can add all the necessary commands to a 'firstrun' script that will run immediately after the first ESX boot. This is the way automated installs do everything. Otherwise you need to use something like 'expectsudo' to do things remotely. It is a tool I wrote that will use sudo to make changes to systems. If you are not familiar with expect or sudo then the script would be difficult to write. Unfortunately my expect setup is very specific to my client's hosts so I can not post it without doing a bit of work.

In essence it SSH's to the host. Transfers the files to execute.... then executes the scripts using expectsudo.... Note you will need expect installed on the ESX server which is NOT available by default. Expect has its own risks as well... Note sudo can not be issued directly from a script. Here is something that will work if you first install expect.

#!/usr/bin/expect --
# To use:
# Install expect from a RHEL3/CentOS3-U6/8 repository or from a Fedora 1 repository
# first run 'sudo ls' then run THIS command as the authentication state will be saved.
set timeout 5
spawn /usr/bin/sudo $argv
sleep 1

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

kjb007 · ‎06-09-2008

As you stated, doing a scripted install is fairly simple. The conf file with your trap destination and your community strings is transferrable, and copied into place fairly easily. You can get a list of ESX hosts from vc. If they are members of an HA cluster, then you can usually look at your FT_HOSTS file to get a list. It is usually pretty inclusive, but depending on agent installs, it can be incomplete. If you have the vitoolit - powershell- installed, you can use that, or export the list from vc.

If you are scrpting the process, make sure to turn on ssh login by root, and put your hosts in maintenance mode before you start.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

Texiwill · ‎06-09-2008

Hello,

Do you need to install HPSIM on multiple hosts or the HP Insight Manager Agents (HPASM) on multiple hosts. Generally there is only one HPSIM server. As for HPASM the configuration file is /etc/hpasmrc.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

acnsys · ‎06-09-2008

Hello Ed,

I was talking about the agent hpasm yes. The problem i am facing right now is that none of the hosts have ssh enabled. I have the green light to open ssh so i guess i have to do this prior to even think deploying the hpasm. Now i am wondering what is the simplest way do this?

Where to start?

Cheers

PeWe1201 · ‎06-09-2008

Hi,

I'm not shure, if I understood right your question, but if you want to know, how to enable Root-SSH-Login, you have to edit the file /etc/ssh/sshd_config (fist login to the console of your ESX host, eg. via ILO)

In this file you can find a line

PermitRootLogin no

change this to

PermitRootLogin yes

then restart the ssh deamon with the command

service sshd restart

After this, you can use an ssh client like PuTTY or so to login from remote via ssh to your ESX Host.

Greetings,

Peter

Subatomic · ‎06-10-2008

Take a look at this. I think you'll find it useful (a) for scripted installs, and (b) specifically for your HPSIM installs.

http://vmprofessional.com/index.php?content=scripted_install

If the comments were useful, please consider awarding points for helpful or correct. Thanks - SA -

Texiwill · ‎06-10-2008

Hello,

SSH is enabled by default, just not for the root user. Changing this security stance will weaken your overall VMware ESX security. I would create an administrator account, give it login access via the VIC and then scp the files to that user. Login to that user and use su to access the root user or even better configure sudo and use it. There is absolutely no need for direct root access for VMware ESX except for convenience. You want to use sudo for the increase in auditing capability. My method for installing hpasm is:

scp hpmgmt-vmware* admin@esxhost:.
ssh admin@esxhost:.
tar -xzf hpmgmt-vmware*
cd hpmgmt/800a
sudo ./installvm800a.sh --uninstall
sudo ./installvm800a.sh --install

Note no direct root access is required.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

acnsys · ‎06-10-2008

Thta makes sense i was just wondering if in one way or another i could have launched the script from a central point.

I have downloaded Remote CLI which doesnt seem to provide that capability.

We use Altiris here but i am not sure about installing an Altiris client on a ESX host.

scp hpmgmt-vmware* admin@esxhost:.
ssh admin@esxhost:.
tar -xzf hpmgmt-vmware*
cd hpmgmt/800a
sudo ./installvm800a.sh --uninstall
sudo ./installvm800a.sh --install

Subatomic · ‎06-10-2008

Thanks for your comment. I did notice security was relaxed for the script to run. For someone with limited Linux knowledge, and inconsitent ESX builds, it was nice to see a script like that.

If the comments were useful, please consider awarding points for helpful or correct. Thanks - SA -

Texiwill · ‎06-10-2008

Hello,

You can add all the necessary commands to a 'firstrun' script that will run immediately after the first ESX boot. This is the way automated installs do everything. Otherwise you need to use something like 'expectsudo' to do things remotely. It is a tool I wrote that will use sudo to make changes to systems. If you are not familiar with expect or sudo then the script would be difficult to write. Unfortunately my expect setup is very specific to my client's hosts so I can not post it without doing a bit of work.

In essence it SSH's to the host. Transfers the files to execute.... then executes the scripts using expectsudo.... Note you will need expect installed on the ESX server which is NOT available by default. Expect has its own risks as well... Note sudo can not be issued directly from a script. Here is something that will work if you first install expect.

#!/usr/bin/expect --
# To use:
# Install expect from a RHEL3/CentOS3-U6/8 repository or from a Fedora 1 repository
# first run 'sudo ls' then run THIS command as the authentication state will be saved.
set timeout 5
spawn /usr/bin/sudo $argv
sleep 1

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

acnsys · ‎06-10-2008

Thanks a lot, much appreciated.

I will look for info about your remark " Expect has its own risks as well..." but so far nobody came up with a better way to remotely run scripts.

Cheers.

Texiwill · ‎06-11-2008

Hello,

The risk is that people often leave passwords in expect scripts, which should NOT happen or if they do, they should be properly protected. It is a muddle as you use one for convenience and expect to get around Controlling TTY limitations often used by password tools.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

HP SIM install on multiple hosts