My kickstart script to automate deployments of ESX 4 using UDA

VMware
Apr 062010

So as promised I’ve copied the kickstart which I used to deploy our lab. Some options are default, others are not. Also I’ve added all the references that I used during the creation of the script. Options defined between [] are variables used in the sub template part of UDA. Before scrolling down to the deployment script I think you ought to look at the sub template part. This can save you loads and loads of time. Personally, I think creating such a script is loads of fun. You can configure almost anything you want and in the end all ESX servers will be identical. One of the benefits for me is that there is less change to make any mistakes during a manual installation :)

Back to the scripting part. Although you probably will notice that the sub template is just partial, I think you will get the idea.

The sub template:

SUBTEMPLATE;IPADDR;HOSTNAME;FQDN;SUBNET;GW;DNS;
INSTALL_ESX01;192.168.255.11;ESX01;ESX01.domain.com;255.255.255.0;192.168.255.254;192.168.255.1;
INSTALL_ESX02;192.168.255.12;ESX02;ESX02.domain.com;255.255.255.0;192.168.255.254;192.168.255.1;

And the Kickstart Script:


# VMware ESX4 template Kickstart file

# Installation Method
install url <a href="http://[UDA_IPADDR]/[OS]/[FLAVOR]">http://[UDA_IPADDR]/[OS]/[FLAVOR]</a>

# root Password
rootpw EnteryourPasswordHere

# Authconfig
auth --enableshadow --enablemd5

# BootLoader ( The user has to use grub by default )
bootloader --location=mbr

# Timezone
timezone Europe/Amsterdam

# Network install type
# This defines our final static IP on the vswif0 management interface of vmnic0 (aka the Service Console) and addvmportgroup=0 disables the default VM network creation.
network --device=vmnic0 --bootproto=static --ip=[IPADDR] --netmask=[SUBNET] --gateway=[GW] --nameserver=[DNS] --hostname=[FQDN] --addvmportgroup=0

# Keyboard
keyboard us

# Reboot after install ?
reboot

# Firewall from the installer itself will be disabled
firewall --disabled

# Clear Partitions
clearpart --overwritevmfs --firstdisk=local --all

# Either choose autopartitioning
# autopart --disk=[DISKTYPE]

# Or do the partitioning yourself
echo "Configuring Partitions"

part /boot --fstype=ext3 --size=250 --onfirstdisk=local
part local_[HOSTNAME] --fstype=vmfs3 --size=9000 --onfirstdisk=local --grow
part None --fstype=vmkcore --size=250 --onfirstdisk=local
virtualdisk cos --size=7500 --onvmfs=local_[HOSTNAME]
part / --fstype=ext3 --size=3000 --onvirtualdisk=cos --grow
part swap --fstype=swap --size=1000 --onvirtualdisk=cos
part /opt --fstype=ext3 --size=1000 --onvirtualdisk=cos
part /tmp --fstype=ext3 --size=1000 --onvirtualdisk=cos
part /home --fstype=ext3 --size=1000 --onvirtualdisk=cos

# VMware Specific Commands
vmaccepteula

%packages

%post --interpreter=bash

## ---------------- References -----------------------------
## <a href="http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_installation_guide.pdf">http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_installation_guide.pdf</a>
## <a href="http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf">http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_vc_installation_guide.pdf</a>
## <a href="http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf">http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf</a>
## <a href="http://www.jume.nl/articles/vmware/125-following-the-uda-20-beta-found-workarounds">http://www.jume.nl/articles/vmware/125-following-the-uda-20-beta-found-workarounds</a>
## <a href="http://www.dailyhypervisor.com/2009/03/23/automated-deployment-of-esx-hosts-part-iii/">http://www.dailyhypervisor.com/2009/03/23/automated-deployment-of-esx-hosts-part-iii/</a>
## <a href="http://vmware-land.com/esxcfg-help.html">http://vmware-land.com/esxcfg-help.html</a>
## <a href="http://www.l4l.be/index.php/virtualisatie/40-vmware/157-esx35-kickstart">http://www.l4l.be/index.php/virtualisatie/40-vmware/157-esx35-kickstart</a>
## <a href="http://www.vreference.com/2010/01/14/ad-and-sudo-integratation-in-kickstart/">http://www.vreference.com/2010/01/14/ad-and-sudo-integratation-in-kickstart/</a>
## ---------------------------------------------------------

## Create one time only script which kicks in after reboot for networking part
touch /etc/default/esxcfg.sh
chmod 777 /etc/default/esxcfg.sh
cat > /etc/default/esxcfg.sh <<EOF

#!/bin/sh
# wait a couple of minutes to make sure that the
# hostd-daemon is started
sleep 2m

## Adding the VMkernel/VMotion port group to vSwitch0
echo "Configuring the VMkernel/VMotion port group"
/usr/sbin/esxcfg-vswitch -A VMotion vSwitch0
/usr/sbin/esxcfg-vmknic --add --ip [VMOTIONIP] --netmask [VMOTIONSUB] VMotion
/usr/sbin/esxcfg-route [VMOTIONGW]

## Wait a couple of seconds to give ESX the time to create the vmknic
sleep 10s
/usr/bin/vmware-vim-cmd hostsvc/vmotion/vnic_set vmk0
/usr/bin/vmware-vim-cmd internalsvc/refresh_network

EOF
# runonce script
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.bak

cat >> /etc/rc.d/rc.local <<EOF3
/etc/default/esxcfg.sh
mv -f /etc/rc.d/rc.local.bak /etc/rc.d/rc.local
EOF3

## -------------------------------------------------------
## ----- the rest of the script which can run directly ---
## -------------------------------------------------------

## Give new accounts the path variables to run esxcfg commands without the need to find the correct path
cat >> /etc/skel/.bash_profile <<EOF
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs
PATH=$PATH:$HOME/bin:/usr/local/sbin:/sbin:/usr/sbin:$HOME/bin”

export PATH
unset USERNAME

EOF

## --------------------------------------------------------
## --------------------------------------------------------
## --------------------------------------------------------
# Configure Active Directory authentication (change both domains to yours)
esxcfg-auth --enablead --addomain=domain.com --addc=domain.com

# Add active directory users to the local database
/usr/sbin/useradd ADuser1 -c "Full user name" -m
/usr/sbin/useradd ADuser2 -c "Full user name" -m
/usr/sbin/useradd ADuser3 -c "Full user name" -m

# Additional DNS configuration when IP's are known.
echo nameserver 10.0.0.0 >> /etc/resolv.conf

## --------------------------------------------------------
## --------------------------------------------------------
## --------------------------------------------------------

## Adding the local users to groups
/usr/sbin/usermod -G wheel ADuser1
/usr/sbin/usermod -G wheel ADuser2
/usr/sbin/usermod -G wheel ADuser3

## Adding SUDO rights to the users
cat >> /etc/sudoers << SUDO
root    ALL=(ALL)       ALL

## Allows people in group wheel to run all commands
%wheel        ALL=(ALL)       ALL
SUDO

## Configuring NTP services
# Backup ntpd.conf and step-tickers file
mv /etc/ntpd.conf /etc/ntpd.conf.bak
mv /etc/ntpd/step-tickers /etc/ntpd/step-tickers.bak

# Add Servers to step-tickers
cat > /ect/ntp/step-tickers <<EOF
dc01.domain.com
dc02.domain.com
# create ntp.conf
EOF

cat > /etc/ntp.conf << EOF
restrict 127.0.0.1
restrict dc01.domain.com mask 255.255.255.255 nomodify notrap noquery
restrict dc02.domain.com mask 255.255.255.255 nomodify notrap noquery
server dc01.domain.com
server dc02.domain.com
driftfile /var/lib/ntp/drift
EOF

# Service restart
service ntpd restart

# Make ntp start at boot time
chkconfig --level 345 ntpd on

# Sync hardware clock
hwclock -–systohc

## Automatically enable and starts the webservices preventing 503 errors using the web browser
## This because the web service is per default disabled
/sbin/chkconfig --level 345 vmware-webAccess on
service vmware-webAccess restart

## Firewall configuration
/usr/sbin/esxcfg-firewall --enableService webAccess
/usr/sbin/esxcfg-firewall --enableService sshClient
/usr/sbin/esxcfg-firewall --enableService ntpClient
/usr/sbin/esxcfg-firewall –openport 88,tcp,out,KerberosClientTCP
/usr/sbin/esxcfg-firewall –openport 53,tcp,out,dns

## Adding illegal notice warning during SSH login
touch /etc/default/banner
chmod 777 /etc/default/banner

cat > /etc/default/banner << EOF
********************************************************************************
This is a private system.
Do not attempt to login unless you are an authorized user.
Any authorized or unauthorized access and use, may be monitored
and can result in criminal or civil prosecution under applicable
law of The Netherlands
********************************************************************************
EOF
chmod 755 /etc/default/banner
echo Banner /etc/default/banner >> /etc/ssh/sshd_config
Tagged with: , , , , ,

ESX Post script won’t run when placed in the /tmp

VMware
Mar 292010

While creating a deployment script for ESX using UDA (Ultimate Deployment Appliance) I found something pretty annoying which took some time before I figured it out. While creating my post script, I thought to create it in the /tmp folder. Since the /tmp directory is IMHO just a temp directory I figured that it would be the best place. Also, because I had to install 32 ESX hosts, I had no plans to do this manually. :)

Anyhow, In this script I would create just the VMkernel port for VMotion. The script would be run only once during the first boot. But somehow it didn’t run. After googleing and searching forums I finally found this article from VMware:

User-created files in the ESX /tmp directory are deleted with each host reboot
If you or the users you support store temporary files, such as application-generated log files, in the ESX /tmp directory, you will lose these files each time the host reboots.

Workaround: Do not use the ESX /tmp directory to store user-generated files and directories.

So… for some reason the VMware team “decided” to clear out the /tmp directory. Don’t know why though. However, after changing the path it worked flawlessly. :) I don’t know if this will be fixed in the future but I do know this is something to watch for. During some searches, I noticed it worked in previous versions of ESX, however I don’t have any experience with that. Anyhow, sometimes I shouldn’t be lazy and just read the release notes. Even if they are huge. :)

Tagged with: , , , ,

Installing VMware vCenter and VMware View Composer 2 on Windows 2008 x64 with a remote SQL database

VMware
Mar 272010

Last week we started building our lab. Since it’s isolated with it’s own internet feed we thought that it would be a good idea to access it using VMware View 4 over the internet. However, since we prefer using Windows Server 2008 over Windows 2003 we were not sure if we could use this for VMware View Composer 2.0. Somehow we couldn’t find this in the documentation so we started to test this out.

First we installed Windows Server 2008 x64 Enterprise Edition. Of course, this was installed perfectly on our physical server. The next step was installing our vCenter server. Ok, here the problems started. We have a SQL server 2008 instance hosted on another server and we wanted to use this database server. Well, for this we needed to create an ODBC connection. No problem… right? Well, not quite. When you are using a 64-bit edition of Windows you need to make sure you create a 32-bit ODBC connection. Although the process of creating such ODBC connection is pretty straight forward, you can’t use the ODBC shortcut located in the administrative tools.

Instead, you need to use the version located here: %systemdrive%\Windows\SysWoW64\Odbcad32.exe. Although it seems logical that you have to create a system DSN and not an user DSN. However, in our case this was not the only thing we needed to change. With Windows server 2008 x64, the included SQL driver is too new. If you are trying it like we did, you will get this error message: “DSN is pointing to a unsupported ODBC driver.” This is described in this document from VMware. Although it stated that the SQL driver is outdated, the file date from the driver which is included by default is actually newer then the one you need to download. :)

So after we downloaded and installed the correct SQL driver (called SQL Native Client 10), we where able to create the correct 32-bit system DSN and finally we could install vCenter Server.

The next step was installing VMware View composer 2 which is an optional component of VMware View. However, since it makes it possible to use linked clones (and also since I like playing around a bit) I thought “let’s install it!” The requirements of this product is that you have to install it on the vCenter Server and it needs its own database. Well, no problem. We created a new database and we setup a new ODBC connection just like we did with the vCenter Server installation. A 32-bit System DSN with the same SQL driver. However during the installation somehow it didn’t see any DSNs. At first I was a bit stumped. But well, it isn’t my first issue, so I stopped the installation process and deleted the newly created 32-bit System DSN. Again I created a new System DSN, but this time a 64-bit DSN. I restarted the installation process and VMware View Composer 2 was finally able to use the DSN

I will probably continue configuring our new lab next week, if I have some spare time. :)

Tagged with: , , , , , , ,
Newer Entries
© 2010 Marcels Blog Suffusion theme by Sayontan Sinha