It's occoured to me that currently peoples "kickstart" questions & answers are dotted all over the place on various other threads/blogs. Beyond that there seems to be innumberable resources online especially on redhat.com.
Most of my work with kickstart has been with the UDA, although I have done some work building custom ESX CDs, and at some stage I must return to the topic of putting ESX on a memory stick - which has worked for others, but I've never made work personally.
I wondered if it would be useful to have like a "master" kickstart thread were people post their findings or questions in one place. Perhaps like a sticky FAQ?
Regards
Mike
Hiya,
I've never seen it amend the defaults before - the port group settings should just be inherited from the vswitch settings.
However I would suggest the opposite - you should explicitly change some of the defaults anyway - take security - do you really want to allow mac address spoofing and forged xmits? I suspect in 99% of cases they are better turned off...
The good news is that you can use vimsh or vmware-vim-cmd to set all of those things (all the ones I want anyway - I can't claim to have tried every permutation)
See xtravirts whitepaper for details... or just use the help option in vmware-vim-cmd...
To get you started - these commands would amend the security settings at the vswitch level:
To Reject MAC Address changes via both vSwitches
vmware-vim-cmd hostsvc/net/vswitch_setpolicy --securepolicy-macchange=false vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy --securepolicy-macchange=false vSwitch1
To Block Forged xmit on both vSwitches
vmware-vim-cmd hostsvc/net/vswitch_setpolicy --securepolicy-forgedxmit=false vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy --securepolicy-forgedxmit=false vSwitch1
This would amend the failover settings at the portgroup level
To set explicit failover
vmware-vim-cmd hostsvc/net/portgroup_set --nicteaming-policy=failover_explicit vSwitch0 vmotion
vmware-vim-cmd hostsvc/net/portgroup_set --nicteaming-policy=failover_explicit vSwitch0 'Service Console'
Dinny
Dinny you are simply a star i will give this commands a try sometime tomorrow night UK time as am off now from work and wont be able to do it till tomorrow now.
Thanks again alot.
Have you got a best way of installting the HP Sim?? Havent looked into it yet but wondered if you had a working script which works.
Also does anyone have any suggestions on solarwinds? We use that to monitor our systems. Any suggestion on what i need to install and set to monitor in solarwinds will be helpful.
Thanks
Pleasure,
If you mean the HP Insight Agents - they come supplied with a silent install procedure - it's detailed in the readme.
I would suggest familiarising yourself with doing it manually first - then trying out the silent install script - note - you will also need to customise your snmp settings.
Dinny
Updated "No SAN" code for ESX Update 2 Fix ISO in removehba.sh
71f61a69289514377eb3025abb36cd1f) # MD5SUM for the ESX 3.5 build 110268 released 8/13/08 VERSION=2.4.21-57.ELBOOT; echo "MESSAGE: This is a valid ESX 3.5 ISO, continuing...";; |
Dinny,
I am try to do NIC teaming in kickstart script ... and not sure what the syntax is for the vimsh command. What I want to do is teaming vmnic 3 and vmnic 0 for vSwitch0. which in a NIC teaming do I have option to set failover for particular port group say "VMotion" and "VMKernel"? Thanks.
Cheer,
Hi all,
I need to configure iSCSI in kickstart and so far it does not work ... or at least when I checked using VC GUI the "Software iSCSI client" box never checked. Here is my script:'
/code
esxcfg-vswitch -A iSCSI vSwitch0
esxcfg-vmknic -a -i 192.168.33.111 -n 255.255.255.0 iSCSI
Additional firewall configuration for iSCSI
service mgmt-vmware restart
sleep 20
Enable Software iSCSI
esxcfg-swiscsi -e
esxcfg-firewall -e swISCSIClient
/code
Also, dose anyone know how to confiuge software iSCSI with the iqn number? We used NetApp FAS270, and we could hardcode the VMware ESX iqn number to the NetApp iSCSI target and "if I could" scripted to the kickstart that would be great?
Cheers,
You will need to add vmnic3 to vSwitch0 first:
/usr/sbin/esxcfg-vswitch -L vmnic3 vSwitch0
I use the following line for loadbalancing on IP for vSwitch0:
/usr/bin/vimsh -n -e “hostsvc/net/vswitch_setpolicy –nicteaming-policy=loadbalance_ip vSwitch0″
Duncan
My virtualisation blog:
If you find this information useful, please award points for "correct" or "helpful".
Post-build log file and encypted passwords:
I have a working kickstart script, but (as a Windows admin) I'm having trouble getting the post install to write to a log file, so that I can troubleshoot any new additions to the script.
I'd also like to set some user passwords in the script, but can't seem to generate an encrypted password that I can then logon with. Using the following python command: import crypt; print crypt.crypt("password","salt") - it could just be that I'm not clear whether "salt" is the desired password or if I need to be changing "password" to the desired password?
Post-build log file and encypted passwords:
I have a working kickstart script, but (as a Windows admin) I'm having trouble getting the post install to write to a log file, so that I can troubleshoot any new additions to the script.
I'd also like to set some user passwords in the script, but can't seem to generate an encrypted password that I can then logon with. Using the following python command: import crypt; print crypt.crypt("password","salt") - it could just be that I'm not clear whether "salt" is the desired password or if I need to be changing "password" to the desired password?
You might want to take a look at sample KS file - as an example on how to format for post scripting and usernames/passwords...
http://www.rtfm-ed.co.uk/downloads/hp.cfg
Firstly, simply dumping esxcfg- or ESX commands to the end of the %post file will not work. Since the %post is executed at the very end of the install - and the vmkernel is NOT loaded, you will need to have any ESX commands execute AFTER the vmkernel is load (not sure if this makes a difference to logging activity). What I do is at the end of the %post is create some kind of esxpost.sh script file... I then call this by adding to rc.local. If your windows guy its a kin to using runonce on the registry or adding batch file calls to the end of autoexec.bat in Windows3/DOS (Man, that makes me feel soooo old!)
As for users, KS file should not have plain text password (for obivious reasons) I use a method which stores the password in a MD5SUM format. There's an example in the CFG file in the post. There lots of online webpages which allow you try in a password and then click, and it will generate MD5SUM value. Basically, its hash which is different every time even if you try in the same password....
Regards
Mike
i usually set user passwords to a default 'welcome' or something and set the age as expired. this forces them to type in a new password at first login.
I should have said I'm using the same approach for post scripting (rc.local). I've seen some references to logging the post-build activity but didn't quite follow where in the script the arguments should be placed.
The encrypted password issue is resolved. I was initially using grub-md5-crypt to generate the passwords, but wasn't able to test them succesfully - because I was using " " instead of ' ' in the useradd -p argument.
Thanks Mike.
For instance, I have tried the following but alI I get in the post_install log file is 'Kickstart'!
%post
exec < /dev/tty3 > /dev/tty3
chvt 3
echo "################################"
echo "# Running Post Configuration #"
echo "################################"
(
echo 'Kickstart'
) 2>&1 | /usr/bin/tee /root/post_install.log
cat > /tmp/esxcfg.sh << EOF
code
Is chvt 3 a marker that also needs to be at the end of the script??
Hi all,
I have a scripted install that included the DNS settings as below:
#################
Configure DNS
#################
echo "search domainname.com" > /etc/resolv.conf
echo "nameserver 192.168.100.20" >> /etc/resolv.conf
echo "nameserver 192.168.100.21" >> /etc/resolv.conf
After the installed, I checked the /etc/resolv.conf and it displayed correctly. However, in VC under the "Configuration --> DNS and Routing option. The DNS IP settings did not display under "Preferred DNS Server and Alternate DNS Server". But, the "Search domains" displayed correctly.
Question, Am I using the in-correct syntax? Any suggestion.
PS; I am running ESX 3.5 build 64067 and VC 2.5
Cheers,
I also need to setup the banner/legal disclaimer on the ESX kickstart and not sure where to start? Search the forum came up empty at the moment.
Any suggestion
Okay, okay ... I will look at the EDA
Hiya,
I guess that Depping's post sorted out your problem with NIC teaming?
If not perhaps post the part of the script that is failing?
Re your question about a legal notice - something like this will work:
echo "=== 8< === 8< === 8< === 8< === 8< ===" > /etc/issue
echo "|----
|" >> /etc/issue
echo "| This system is for the use of authorized users only. |" >> /etc/issue
echo "| Individuals using this computer system without authority, or in |" >> /etc/issue
echo "| excess of their authority, are subject to having all of their |" >> /etc/issue
echo "| activities on this system monitored and recorded by system |" >> /etc/issue
echo "| personnel. |" >> /etc/issue
echo "| |" >> /etc/issue
echo "| In the course of monitoring individuals improperly using this |" >> /etc/issue
echo "| system, or in the course of system maintenance, the activities |" >> /etc/issue
echo "| of authorized users may also be monitored. |" >> /etc/issue
echo "| |" >> /etc/issue
echo "| Anyone using this system expressly consents to such monitoring |" >> /etc/issue
echo "| and is advised that if such monitoring reveals possible |" >> /etc/issue
echo "| evidence of criminal activity, system personnel may provide the |" >> /etc/issue
echo "| evidence of such monitoring to law enforcement officials. |" >> /etc/issue
echo "|----
|" >> /etc/issue
echo "=== 8< === 8< === 8< === 8< === 8< ===" >> /etc/issue
echo "banner /etc/issue" >> /etc/ssh/sshd_config
Dinny
On a more general point this thread seems to be turning into its own scripting forum.
Perhaps not a bad thing - as individuals interested in scripting get to see the questions via email automatically?
However it does mean that participants never get any vmtn points - which imho is one of the things that makes vmtn so effective.
Perhaps people could post separate questions on the forum (with points available) - then ask the question again on this thread, including a link to the original question.
Then anyone wanting points could get them, and the person posing the question still has direct access to the individuals particularly interested in scripting (even if they don't all get chance to check out every post on the forums too often)?
I know its not perfect - but praps it could work?
What do people think?
Dinny
I do a similier thing to dinny...
Instead what I do is open up port 80, and download my "banner" file from a central location (my UDA). This means if it need adjusting I don't need to edit N of kickstart files - just one banner file...
As for the forum issues. A year ago when scripted installations of ESX and automation became increasing important to people - I asked the VMTN forum guys if we could have a separate forum for just this topic. Unfortunately, they didn't seem to see as a big issue.
So I started this thread in the hope it would become like a "master" thread - that would have a big long list of tips/questions.... It's not ideal... Perhaps a forum admin I should ask again. Bottom line is that if the user base makes this request - it should be approved. After all its a small task to do create a catagory...
Regards
Mike
Indeed,
I too put the bare minimum in my actual kickstart config file - from the initial kickstart file, I just copy a master build script down (from an NFS share in my case) - and I then make 99% of my config changes from the master script itself - so usually I only ever need to make changes to one centrally held build script, regardless of the number of ESX servers I actually build via that script.
Dinny