May 032010

Since I’m currently busy with installing multiple ESX servers in our test environment, I needed to create about 32 DNS records. Well since I’m lazy and I’ve really been loving Powershell I thought it would be a nice challenge to use PowerShell and of course the powerful DNScmd command. Since we have a logical IP plan, I could use the following script.

1..32 | % {iex ([string]::format(“dnscmd /RecordAdd ESXhost{0} /createPTR A 192.168.10.{0}”,$_))}

Of course there are many other ways. For example, using a CSV file to import the DNS records.

For example:

Import-CSV c:\DNS.csv | foreach {dnscmd /RecordAdd $_.Zone $_.hostname /createPTR A $_.IPaddress}

However, keep in mind that PowerShell uses comma separated files and not the semicolon separated file which Excel automatically creates. So for example, use:


Instead of:


Apr 062010

So as promised I’ve copied the kickstart which I used to deploy our lab. Some options are default, others are not. Also I’ve added all the references that I used during the creation of the script. Options defined between [] are variables used in the sub template part of UDA. Before scrolling down to the deployment script I think you ought to look at the sub template part. This can save you loads and loads of time. Personally, I think creating such a script is loads of fun. You can configure almost anything you want and in the end all ESX servers will be identical. One of the benefits for me is that there is less change to make any mistakes during a manual installation 🙂

Back to the scripting part. Although you probably will notice that the sub template is just partial, I think you will get the idea.

The sub template:


And the Kickstart Script:

[sourcecode language=”plain”]

# VMware ESX4 template Kickstart file

# Installation Method
install url <a href="http://[UDA_IPADDR]/[OS]/[FLAVOR]">http://[UDA_IPADDR]/[OS]/[FLAVOR]</a>

# root Password
rootpw EnteryourPasswordHere

# Authconfig
auth –enableshadow –enablemd5

# BootLoader ( The user has to use grub by default )
bootloader –location=mbr

# Timezone
timezone Europe/Amsterdam

# Network install type
# This defines our final static IP on the vswif0 management interface of vmnic0 (aka the Service Console) and addvmportgroup=0 disables the default VM network creation.
network –device=vmnic0 –bootproto=static –ip=[IPADDR] –netmask=[SUBNET] –gateway=[GW] –nameserver=[DNS] –hostname=[FQDN] –addvmportgroup=0

# Keyboard
keyboard us

# Reboot after install ?

# Firewall from the installer itself will be disabled
firewall –disabled

# Clear Partitions
clearpart –overwritevmfs –firstdisk=local –all

# Either choose autopartitioning
# autopart –disk=[DISKTYPE]

# Or do the partitioning yourself
echo "Configuring Partitions"

part /boot –fstype=ext3 –size=250 –onfirstdisk=local
part local_[HOSTNAME] –fstype=vmfs3 –size=9000 –onfirstdisk=local –grow
part None –fstype=vmkcore –size=250 –onfirstdisk=local
virtualdisk cos –size=7500 –onvmfs=local_[HOSTNAME]
part / –fstype=ext3 –size=3000 –onvirtualdisk=cos –grow
part swap –fstype=swap –size=1000 –onvirtualdisk=cos
part /opt –fstype=ext3 –size=1000 –onvirtualdisk=cos
part /tmp –fstype=ext3 –size=1000 –onvirtualdisk=cos
part /home –fstype=ext3 –size=1000 –onvirtualdisk=cos

# VMware Specific Commands


%post –interpreter=bash

## —————- References —————————–
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## <a href=""></a>
## ———————————————————

## Create one time only script which kicks in after reboot for networking part
touch /etc/default/
chmod 777 /etc/default/
cat > /etc/default/ <<EOF

# wait a couple of minutes to make sure that the
# hostd-daemon is started
sleep 2m

## Adding the VMkernel/VMotion port group to vSwitch0
echo "Configuring the VMkernel/VMotion port group"
/usr/sbin/esxcfg-vswitch -A VMotion vSwitch0
/usr/sbin/esxcfg-vmknic –add –ip [VMOTIONIP] –netmask [VMOTIONSUB] VMotion
/usr/sbin/esxcfg-route [VMOTIONGW]

## Wait a couple of seconds to give ESX the time to create the vmknic
sleep 10s
/usr/bin/vmware-vim-cmd hostsvc/vmotion/vnic_set vmk0
/usr/bin/vmware-vim-cmd internalsvc/refresh_network

# runonce script
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.bak

cat >> /etc/rc.d/rc.local <<EOF3
mv -f /etc/rc.d/rc.local.bak /etc/rc.d/rc.local

## ——————————————————-
## —– the rest of the script which can run directly —
## ——————————————————-

## Give new accounts the path variables to run esxcfg commands without the need to find the correct path
cat >> /etc/skel/.bash_profile <<EOF
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc

# User specific environment and startup programs

export PATH


## ——————————————————–
## ——————————————————–
## ——————————————————–
# Configure Active Directory authentication (change both domains to yours)
esxcfg-auth –enablead – –

# Add active directory users to the local database
/usr/sbin/useradd ADuser1 -c "Full user name" -m
/usr/sbin/useradd ADuser2 -c "Full user name" -m
/usr/sbin/useradd ADuser3 -c "Full user name" -m

# Additional DNS configuration when IP’s are known.
echo nameserver >> /etc/resolv.conf

## ——————————————————–
## ——————————————————–
## ——————————————————–

## Adding the local users to groups
/usr/sbin/usermod -G wheel ADuser1
/usr/sbin/usermod -G wheel ADuser2
/usr/sbin/usermod -G wheel ADuser3

## Adding SUDO rights to the users
cat >> /etc/sudoers << SUDO
root    ALL=(ALL)       ALL

## Allows people in group wheel to run all commands
%wheel        ALL=(ALL)       ALL

## Configuring NTP services
# Backup ntpd.conf and step-tickers file
mv /etc/ntpd.conf /etc/ntpd.conf.bak
mv /etc/ntpd/step-tickers /etc/ntpd/step-tickers.bak

# Add Servers to step-tickers
cat > /ect/ntp/step-tickers <<EOF
# create ntp.conf

cat > /etc/ntp.conf << EOF
restrict mask nomodify notrap noquery
restrict mask nomodify notrap noquery
driftfile /var/lib/ntp/drift

# Service restart
service ntpd restart

# Make ntp start at boot time
chkconfig –level 345 ntpd on

# Sync hardware clock
hwclock -–systohc

## Automatically enable and starts the webservices preventing 503 errors using the web browser
## This because the web service is per default disabled
/sbin/chkconfig –level 345 vmware-webAccess on
service vmware-webAccess restart

## Firewall configuration
/usr/sbin/esxcfg-firewall –enableService webAccess
/usr/sbin/esxcfg-firewall –enableService sshClient
/usr/sbin/esxcfg-firewall –enableService ntpClient
/usr/sbin/esxcfg-firewall –openport 88,tcp,out,KerberosClientTCP
/usr/sbin/esxcfg-firewall –openport 53,tcp,out,dns

## Adding illegal notice warning during SSH login
touch /etc/default/banner
chmod 777 /etc/default/banner

cat > /etc/default/banner << EOF
This is a private system.
Do not attempt to login unless you are an authorized user.
Any authorized or unauthorized access and use, may be monitored
and can result in criminal or civil prosecution under applicable
law of The Netherlands
chmod 755 /etc/default/banner
echo Banner /etc/default/banner >> /etc/ssh/sshd_config


Mar 292010

While creating a deployment script for ESX using UDA (Ultimate Deployment Appliance) I found something pretty annoying which took some time before I figured it out. While creating my post script, I thought to create it in the /tmp folder. Since the /tmp directory is IMHO just a temp directory I figured that it would be the best place. Also, because I had to install 32 ESX hosts, I had no plans to do this manually. 🙂

Anyhow, In this script I would create just the VMkernel port for VMotion. The script would be run only once during the first boot. But somehow it didn’t run. After googleing and searching forums I finally found this article from VMware:

User-created files in the ESX /tmp directory are deleted with each host reboot
If you or the users you support store temporary files, such as application-generated log files, in the ESX /tmp directory, you will lose these files each time the host reboots.

Workaround: Do not use the ESX /tmp directory to store user-generated files and directories.

So… for some reason the VMware team “decided” to clear out the /tmp directory. Don’t know why though. However, after changing the path it worked flawlessly. 🙂 I don’t know if this will be fixed in the future but I do know this is something to watch for. During some searches, I noticed it worked in previous versions of ESX, however I don’t have any experience with that. Anyhow, sometimes I shouldn’t be lazy and just read the release notes. Even if they are huge. 🙂