VMware Cloud Community
sammyvm
Contributor
Contributor
Jump to solution

Kickstart / %POST ESX Patching

Hi All,

I have spent the better part of today scripting a kickstart file from the UDA app to completely build our ESX host's with great consistency. Everything works great... but no Patching...

Can anyone possibly advise how they've incorporated an un-attended patching into the Post section of the kickstart file?

Cheers,

Sam

Reply
0 Kudos
1 Solution

Accepted Solutions
tsugliani
VMware Employee
VMware Employee
Jump to solution

Use << \EOF1

this will save your $ variables.

View solution in original post

Reply
0 Kudos
9 Replies
Ewan_Curtis
Enthusiast
Enthusiast
Jump to solution

The esx-autopatch perl script (http://www.vmprofessional.com/) works a treat for me.

moberle
Contributor
Contributor
Jump to solution

This is my Post section.

It DLs the Dominic's excellent perl script to a Utils Dir and runs it.

If you use IIS you will need to rename the perl file to a different file type because IIS will reformat it to windows text if you dont. You can see where I rename it back in the script.

You will need to set up the http or ftp server as described in his documentation.

%post

\# Your postinstall script goes here!

cat > /tmp/esxcfg.sh <<\EOF1

#!/bin/sh

\# DANGEROUS Allow ROOT access using SSH

echo "WARNING - COMPUTER MISUSE ACT 1990" > /etc/ssh/banner

echo " " >>/etc/ssh/banner

echo "You will commit a criminal offence blah blah." >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo "The penalty is a FINE, IMPRISONMENT or DEATH.." >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo "Or Being called a Moron blah blah" >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo "If you are acting blah blah DO NOT PROCEED any further." >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo "If you are acting within your authority please blah blah." >> /etc/ssh/banner

echo " " >> /etc/ssh/banner

echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config

esxcfg-auth --usecrack=3 8 0 0 0 0

sed -e 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new

mv -f /etc/ssh/sshd_config.new /etc/ssh/sshd_config

service sshd restart

sleep 20

\# Configure ESX Server NICs and Portgroups

esxcfg-vswif -d vswif0

esxcfg-vswif -a vswif0 -p "Service Console" -i xxx.xxx.xxx.xxx -n xxx.xxx.xxx.xxx -b xxx.xxx.xxx.xxx

esxcfg-vswitch -v xxx -p "Service Console" vSwitch0

esxcfg-vswitch -A vmotion vSwitch0

esxcfg-vswitch -v xxx -p vmotion vSwitch0

esxcfg-vmknic -a vmotion -i xxx.xxx.xxx.xxx -n xxx.xxx.xxx.xxx

esxcfg-vswitch -a vSwitch1

esxcfg-vswitch -L vmnic1 vSwitch1

esxcfg-vswitch -A int-prd vSwitch1

esxcfg-vswitch -v xxx -p int-prd vSwitch1

esxcfg-vswitch -A int-dev vSwitch1

esxcfg-vswitch -v xxx -p int-dev vSwitch1

esxcfg-vswitch -A cboki vSwitch1

esxcfg-vswitch -v xxx -p cboki vSwitch1

esxcfg-vswitch -A clustering vSwitch1

esxcfg-vswitch -v xxx -p clustering vSwitch1

esxcfg-vswitch -A hrc vSwitch1

esxcfg-vswitch -v xxx -p hrc vSwitch1

esxcfg-vswitch -A mgmt vSwitch1

esxcfg-vswitch -v xxx -p mgmt vSwitch1

esxcfg-vswitch -A pxe vSwitch1

esxcfg-vswitch -v xxx -p pxe vSwitch1

#service network restart

vimsh -n -e "/internalsvc/refresh_network"

sleep 30

\# Add Secondary & Territory DNS settings

echo nameserver xxx.xxx.xxx.xxx >> /etc/resolv.conf

echo nameserver xxx.xxx.xxx.xxx >> /etc/resolv.conf

\# Enable vMotion

vimsh -n -e "/hostsvc/vmotion/vnic_set portgroup2"

\# add dns entries for new server.

nsupdate << EOF4

server web-nrt-dc1.webservices.nrt

prereq nxdomain int-esx4b.webservices.nrt

zone webservices.nrt

update add int-esx4b.webservices.nrt 86400 A xxx.xxx.xxx.xxx

send

zone xxx.xxx.xxx.in-addr.arpa

update add xxx.xxx.xxx.xxx .in-addr.arpa 600 IN PTR int-esx4b.webservices.nrt.

send

EOF4

mkdir /Utils/

cd /Utils/

esxcfg-firewall --allowOutgoing

lwp-download http://xxx.xxx.xxx.xxx:8080/utils/esx-autopatch.test

esxcfg-firewall --blockOutgoing

mv -f ./esx-autopatch.test ./esx-autopatch.pl

EOF1

sleep 3

\# Backup original rc.local file

cp /etc/rc.d/rc.local /etc/rc.d/rc.local.bak

\# run esxcfg.sh and esx-autopatch.pl from rc.local and make rc.local reset itself

cat >> /etc/rc.d/rc.local <<\EOF2

\# Make esxcfg.sh executable

chmod +x /tmp/esxcfg.sh

cd /tmp/

./esxcfg.sh

sleep 20

cd /Utils/

\# make esx-autopatch.pl executable

chmod +x /Utils/esx-autopatch.pl

./esx-autopatch.pl --http --open-firewall --no-mm

mv -f /etc/rc.d/rc.local.bak /etc/rc.d/rc.local

\# shutdown -r

EOF2

cp -f /etc/rc.d/rc.local /tmp/rc.sh

sammyvm
Contributor
Contributor
Jump to solution

Yes thanks guys, what im running into a problem now is that I dont have a NFS/HTTP/FTP share to copy over the config files that run my post. My Shell scripts have no problem being created using:

echo 'script script script script' >> config.sh

but the esx-autopatch.pl I cannot output the same way. Does anyone know how I could redirect the output of a perl script to a files contents? As I need to add the file to the rc.local.

also tried this but seem's to strip any var strings out so $test would not be present in the file:

cat >> esxupdate.pl <<EOF1

Reply
0 Kudos
Texiwill
Leadership
Leadership
Jump to solution

Hello,

cat >> esxupdate.pl <<EOF1>

Should work as long as you drop the trailing >.

cat >> esxupdate.pl <<EOF1

... script

EOF1

Note that anything that could be shell expanded will need to be escaped... $ is a big one. You should be able to extract your %POST section and run it from the command line with no errors. If you have errors you need to fix them before using the script.

If it was me, I would create a small Linux VM to act as a HTTPD server so you can just download the stuff you need.

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
sammyvm
Contributor
Contributor
Jump to solution

Well I caved and just setup a IIS webserver to host all the files. So everything in my build work's Wonderfully except executing the esx-autopatch.pl script.

when its called in rc.local what user credential's will it use? Im assuming root is the only user able to make such changes but does anyone know how to login as root then run the post??

Reply
0 Kudos
sammyvm
Contributor
Contributor
Jump to solution

Texiwill thanks for your advice so I've got it working but what do you mean by:

"Note that anything that could be shell expanded will need to be escaped... $ is a big one."

Because any file I output using:

cat >> esxupdate.pl <<EOF1

End up fine but NO variables are in there : ex. $VMIP or $VMDNS will not show up. I haven't used shell scripting in about 8 years so im kinda rusty but is the escape character not a slash \ ??

CHeers,

Sam

Reply
0 Kudos
tsugliani
VMware Employee
VMware Employee
Jump to solution

Use << \EOF1

this will save your $ variables.

Reply
0 Kudos
sammyvm
Contributor
Contributor
Jump to solution

will this escape other characters such or command sub's ` `

Thanks,

Sam

Reply
0 Kudos
sammyvm
Contributor
Contributor
Jump to solution

Now that everythings working... (and thank you all for the great help Smiley Happy

Is there anyway that after the install you can no view the main boot up screen and instead see the scripts running? So you have an idea of how far into the install it is?

Possibly send an email notification as a 2nd resort, but I just want to avoid sitting around for 2 hours waiting for the complete patching process to finish.

Cheers,

Sam

Reply
0 Kudos