accepteula

keyboard uk

firewall --allowOutgoing  --allowIncoming
 
# Read network information from a file we are going to populate in the %pre section
# of this kixstart script.
%include /tmp/networkconfig
 
auth  --enablemd5 --enableshadow
 
install cdrom 
 
rootpw --iscrypted $1$bayw34kz$cwHzrtubh9N.NZjf6l
 
timezone --utc 'Europe/London'
 
# Read partition information from a file we are going to populate in the %pre section
# This allows me to create local vmfs with "hostname:storage1" and I've adjusted the sizes
# on my service console partitions.
%include /tmp/partconfig
 
%pre --interpreter=bash
#################################
###  Get network information  ###
#################################
 
# Clear screen prior to prompting for input and change to virtual terminal 1
# vSphere will only work on tty1 to read input
exec </dev/tty1 >/dev/tty1
chvt 1
 
header ()
{
clear
echo
echo "################################################################"
echo "###            VMWare ESX 4.0 Scripted Install               ###"
echo "################################################################"
echo
}
 
# Get user input
while [ "$fqdn" == "" ] ;do
header
echo -n "Please Enter FQDN for ESX Host: "
read fqdn
done
 
while [ "$ipnew" == "" ] ;do
header
echo -n "Please Enter Service Console IP Address: "
read ipnew
done

while [ "$vmotionipnew" == "" ] ;do
header
echo -n "Please Enter vMotion IP Address: "
read vmotionipnew
done
 
# Change back to tty 6 to watch progress on packages
chvt 6
 
# Let's cut the fqdn suffix off the hostname so we can name the vmfs partition 
# named something like this: "hostname:storage1"
temp_host=`echo $fqdn | cut -f1 -d"."`
 
# Now we are going to save of partition information using the new vmfs volume name 
# so that it can be used by Weasel install
cat <<EOF> /tmp/partconfig

# Use first detected disk:
clearpart --firstdisk --overwritevmfs
part '/boot'  --fstype=ext3 --size=1100  --onfirstdisk
# Uncomment to use first detected disk:
#part '/boot'  --fstype=ext3 --size=1100  --onfirstdisk
part 'none'  --fstype=vmkcore --size=110  --onfirstdisk
# Uncomment to use first detected disk:
#part 'none'  --fstype=vmkcore --size=110  --onfirstdisk
part 'Storage1'  --fstype=vmfs3 --size=9208 --grow  --onfirstdisk
# Uncomment to use first detected disk:
#part 'Storage1'  --fstype=vmfs3 --size=9208 --grow  --onfirstdisk
virtualdisk 'esxconsole' --size=8208 --onvmfs='Storage1'
part 'swap'  --fstype=swap --size=1204 --onvirtualdisk='esxconsole'
part '/var/log'  --fstype=ext3 --size=2000 --onvirtualdisk='esxconsole'
part '/'  --fstype=ext3 --size=5000 --grow --onvirtualdisk='esxconsole'
EOF
 
# Write the networkconfig file to be used by the Weasel install
# Using the "--addvmportgroup=0" option because another script will define my specific port groups
cat <<EOF> /tmp/networkconfig
network --device=vmnic2 --bootproto=static --ip=$ipnew --netmask=255.255.255.0 --gateway=<gateway> --nameserver=<nameserver> --hostname=$fqdn --addvmportgroup=true
EOF

cat <<EOF> /tmp/vmotionnetworkconfig
$vmotionipnew
EOF

# Need an extra post section that is not chrooted to save my variables from PRE
%post --nochroot

%post --interpreter=bash

##########################################################
# Allow hostd etc. some time to load
sleep 90
 
# ntp settings
# note if you dont enter EOF after server <ntp.domain.com> then all the networking commands will be written to the ntp.conf file
esxcfg-firewall --enableService ntpClient
chkconfig ntpd on
cat > /etc/ntp.conf <<EOF
# ---- ntp.conf ----
# Created by Weasel (ESX Installer)

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

server <ntpserver>

EOF

#### ADD a nic to vSwitch0 (second one for service console)
/usr/sbin/esxcfg-vswitch -L vmnic3 vSwitch0

####  Create a new vSwitch called vSwitch_VLAN1
/usr/sbin/esxcfg-vswitch -a vSwitch_VLAN1

####  ADD a portgroup called WrkstnVLAN to the vSwitch called vSwitch_VLAN1
/usr/sbin/esxcfg-vswitch -A WrkstnVLAN vSwitch_VLAN1

/usr/sbin/esxcfg-vswitch -L vmnic1 vSwitch_VLAN1

####  Delete the port group called VM Network from vSwitch0
/usr/sbin/esxcfg-vswitch -D "VM Network" vSwitch0

####  Create a new vSwitch called vSwitch_VLAN2
/usr/sbin/esxcfg-vswitch -a vSwitch_VLAN2

####  ADD a portgroup called VMotionVLAN to the vSwitch called vSwitch_VLAN2
/usr/sbin/esxcfg-vswitch -A VMotionVLAN vSwitch_VLAN2

/usr/sbin/esxcfg-vswitch -L vmnic4 vSwitch_VLAN2
/usr/sbin/esxcfg-vswitch -L vmnic5 vSwitch_VLAN2

#### Add a VMkernel NIC to the system
/usr/sbin/esxcfg-vmknic --add --ip=$vmotionipnew --netmask=255.255.255.0 VMotionVLAN

service mgmt-vmware restart
sleep 60

# Enable VMotion on the VMKernel Interface
/usr/bin/vmware-vim-cmd hostsvc/vmotion/vnic_set vmk0
/usr/bin/vmware-vim-cmd hostsvc/net/refresh

# Create a local user for SSH Access
useradd -p '$1$Bv8fR0nj$qCYJRjoWv1.u8lPJzcQjq/' -c "testlogin" testlogin

# Add in security banner
echo "#####################################################################" > /etc/ssh/banner
echo "WARNING - COMPUTER MISSUE ACT 1990" >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo "You will commit a criminal offence if you act outside your authority" >> /etc/ssh/banner
echo "#####################################################################" >> /etc/ssh/banner
echo " " >> /etc/ssh/banner
echo "banner /etc/ssh/banner" >> /etc/ssh/sshd_config
esxcfg-auth --usecrack=3 8 0 0 0 0
service sshd restart
sleep 4

# Create a message of the day (motd)
cat > /etc/motd <<EOF
echo "#####################################################################"
echo "By logging onto this IT system you are agreeing to be bound by the terms of our company"
echo "#####################################################################"

EOF