I need to crank out ESX servers using IBM T-chassis fast. I have scripted ESX installation. But, since we work for the Navy so we need to hardening the ESX with the UNIX STIG - which is a very painful way and time consuming. So, I wonder anyone has experienced to clone the ESX? What I meant is ... after we installed and configured the ESX, and patched it to our satisfactory - this will be our ESX baseline. Then we can use Acronis or other third-party tool to take an image and use it to clone. I have used Acronis for Windows and successfully deployed Windows 2K/2K3 - all you need is to run SID changer, changed the server name, IP address and you good to do.
Since I am not a Linux guy. I wonder Linux has something similar to SID in Windows that unique per server that you need to change?
Any comments or suggestions are greatly appreciated.
Are you going to be using local storage or will it be connected to a SAN?
To my knowledge, you could clone the box over and over again. I think as long you change the name of the box, the hashes will change and it should even have a different RSA fingerprint. I think local storage would be the issue because you would have to resignature the LUNs.
It is possible to clone an ESX installation. However, since the System Console is essentially a VM with special capabilities there is one issue. The MAC addresses for the VMkernel and vswif interfaces are stored in two or more configuration files (/etc/vmware/esx.conf and /etc/sysconfig/network-scripts/ifcfg-vswif*). If you do not delete those files, all your cloned servers will have the same MAC addresses, needless to say networking will not work properly.
I have more detailed notes on the process on my website at http://computing.dwighthubbard.info/index.php/white-papers/vmware/esx-35-image-installs/
I will used the local storage for the ESX. All the VM will reside on the iSCSI SAN. Yes, I know that I will need to change the hostname, IP address, etc. I don't think we will connect to the iSCSI storage during the installation. We can either manually scan the LUN after the installation. Thanks.
Thanks. I will check out your website.
As you mentioned below that I need to delete the VMKernel and vSwif files. Is the vSwif contain the VLAN ID, etc? If so, this might be a problem as we have 10 - 20 VLAN that we need to configured. This is one of the reasons that we want to automate and clone the ESX server.
Thanks for sharing.
I did not take this into account. You are absolutely right.
My point was that I dont think there is a SID that you must change.
You can try booting with a Linux live disc and then use dd (disk dump) to clone the HDD and store it on an external disk or whatever you choose. Then, you can dump the image to the other machines.
you will also have to regenerate the certificate, when to match the new hostname.
VMware Communities User Moderator
I have talked to VMware at "Genius Bar" and they said I can try the following after cloning the ESX image to a new "similar" hardware:
1. boot ESX in debug mode (Does anyone know how to scripted this and force ESX boot into debug mode)
- esxcfg-boot -p
- esxcfg-boot -b
- esxcfg-boot -r
2. reboot in normal mode
I believed this will generate a new MAC address for VMKernel, boot loader, and others - however, I need to find out what exactly the options -p, -b, and -r do?
Tom, how do I re-generate the certificate (or hash) using command line? Or, how to script it so I can automate the process.
Is anything else that I need to do on the new ESX "cloned" image?
Again, thanks for your help. When I finalize and making sure the process work. I will summarize and post it for everyone view.