Saturday, 24 September 2011

ESXi 5.0 Kickstart Installation Part 3 - The Kickstart File

# +---------------------------------------------------------------------------+
# | Kickstat File : ESX07
# +---------------------------------------------------------------------------+



# +---------------------------------------------------------------------------+
# | Start of ESXi 5.0 Kick Start Script (22 Sept 2011)
# +---------------------------------------------------------------------------+



# +---------------------------------------------------------------------------+
# | Accept License agreement
# +---------------------------------------------------------------------------+
vmaccepteula



# +---------------------------------------------------------------------------+
# | Disk Partitioning
# | Clear all partitions in first detected disk and overwrite any VMFS
# | partitions on the specified drives.
# +---------------------------------------------------------------------------+
clearpart --firstdisk --overwritevmfs




# +---------------------------------------------------------------------------+
# | Installation media location
# +---------------------------------------------------------------------------+
# Fresh installation on first disk and overwrite an existing VMFS datastore
install --firstdisk --overwritevmfs



# +---------------------------------------------------------------------------+
# | Root password and Authication format
# | Default is shadow password enabled, MD5-based passwords enabled
# | Encrypted Root Password in MD5 format
# +---------------------------------------------------------------------------+
# root password in MD5 format
rootpw --iscrypted $1$t/Vc90$YMdWcx.g/Ek0DWQttzpEw1
#rootpw password



# +---------------------------------------------------------------------------+
# | Set default Management Interface
# | addvmportgroup set to "0" to disable the creation of default guest VM Network
# +---------------------------------------------------------------------------+
network --bootproto=static --device=vmnic0 --ip=10.0.0.67 --netmask=255.255.255.0 --gateway=10.0.0.1 --hostname=tpesx07.localdomain --nameserver=10.0.0.254 --addvmportgroup=0



# +---------------------------------------------------------------------------+
# | Reboot after installation
# +---------------------------------------------------------------------------+
reboot --noeject



# +---------------------------------------------------------------------------+
# | Specifies script to run before the kickstart configuration is evaluated
# +---------------------------------------------------------------------------+
%pre --interpreter=busybox



# +---------------------------------------------------------------------------+
# | Specifies script to run after ESXi is installed and before reboot
# +---------------------------------------------------------------------------+
%post --interpreter=busybox --ignorefailure=true



# +---------------------------------------------------------------------------+
# | Specifies script to run after ESXi installation and after first reboot
# | Most of the shell command will enabled after the first reboot
# +---------------------------------------------------------------------------+
%firstboot --interpreter=busybox



# +---------------------------------------------------------------------------+
# | Set Script Variable for use in script
# | Variable can only be define after the first reboot and when the full bshell
# | is in place
# +---------------------------------------------------------------------------+

##############################################################################
# Template for TPESX07
##############################################################################

MGT_IP2="10.0.0.77"
NET_MASK="255.255.255.0"

ISCSI_IP1="10.0.0.87"
ISCSI_IP2="10.0.0.97"

vMotion_IP="10.0.31.67"
FT_IP="10.0.31.77"
VMOTION_FT_VLAN="31"

NTP_IP="10.0.0.6"
ISCSI_IP="10.0.0.58"
ISCSI_USERID="iscsidatastore"
ISCSI_USERPWD="chappassword"

NFS_IP="10.0.0.58"
NFS_SHARE="/Software"
NFS_VOLNAME="qnapnas_Software"



##############################################################################
# vSwitch Configuration
# Total of 4 Network Cards in this configuration
# vnic0 & vnic1 connect to vSwitch0 (Management, vMotion, FT, NFS & Software iSCSI)
# vnic2 & vnic3 connect to vSwitch1 (Alt Management, Alt NFS & Software iSCSI, User VLANs)
##############################################################################



# +---------------------------------------------------------------------------+
# | vSwitch0 already created, Create vSwitch 1 now
# +---------------------------------------------------------------------------+
esxcli network vswitch standard add --ports 256 --vswitch-name vSwitch1



# +---------------------------------------------------------------------------+
# | Set vSwitch0 and vSwitch1 to Support Jamboo MTU size of 9000
# +---------------------------------------------------------------------------+
esxcli network vswitch standard set --mtu 9000 --cdp-status listen --vswitch-name vSwitch0
esxcli network vswitch standard set --mtu 9000 --cdp-status listen --vswitch-name vSwitch1  
 

# +---------------------------------------------------------------------------+
# | Attach vmnic0,1 to vSwitch 1
# | Setup vSwitch0 Policy
# +---------------------------------------------------------------------------+
esxcli network vswitch standard uplink add --uplink-name vmnic1 --vswitch-name vSwitch0
esxcli network vswitch standard policy failover set --active-uplinks vmnic0,vmnic1 --vswitch-name vSwitch0
esxcli network vswitch standard policy failover set --load-balancing mac --failure-detection link --failback yes --notify-switches yes --vswitch-name vSwitch0
esxcli network vswitch standard policy security set --allow-forged-transmits yes --allow-mac-change yes --allow-promiscuous yes --vswitch-name vSwitch0



# +---------------------------------------------------------------------------+
# | Attach vmnic2,3 to vSwitch 1
# | Setup vSwitch1 Policy
# +---------------------------------------------------------------------------+
esxcli network vswitch standard uplink add --uplink-name vmnic2 --vswitch-name vSwitch1
esxcli network vswitch standard uplink add --uplink-name vmnic3 --vswitch-name vSwitch1
esxcli network vswitch standard policy failover set --active-uplinks vmnic2,vmnic3 --vswitch-name vSwitch1
esxcli network vswitch standard policy failover set --load-balancing mac --failure-detection link --failback yes --notify-switches yes --vswitch-name vSwitch1
esxcli network vswitch standard policy security set --allow-forged-transmits yes --allow-mac-change yes --allow-promiscuous yes --vswitch-name vSwitch1



# +---------------------------------------------------------------------------+
# | Configure Portgroup for vSwitch0
# | Create vmk1 (NFS,iSCSI), vmk2 (vMotion), vmk3 (FT)
# +---------------------------------------------------------------------------+
esxcli network vswitch standard portgroup add --portgroup-name VMKernel_NFS_iSCSI_1 --vswitch-name vSwitch0
esxcli network ip interface add --interface-name vmk1 --mtu 9000 --portgroup-name VMKernel_NFS_iSCSI_1
esxcli network ip interface ipv4 set --interface-name vmk1 --ipv4 ${ISCSI_IP1} --netmask ${NET_MASK} --type static

esxcli network vswitch standard portgroup add --portgroup-name VMKernel_vMotion --vswitch-name vSwitch0
esxcli network ip interface add --interface-name vmk2 --mtu 9000 --portgroup-name VMKernel_vMotion
esxcli network vswitch standard portgroup set --portgroup-name=VMKernel_vMotion --vlan-id=${VMOTION_FT_VLAN}
esxcli network ip interface ipv4 set --interface-name vmk2 --ipv4 ${vMotion_IP} --netmask ${NET_MASK} --type static
esxcfg-advcfg -s vmk2 /Migrate/vmknic

esxcli network vswitch standard portgroup add --portgroup-name VMKernel_Fault_Tolerance --vswitch-name vSwitch0
esxcli network ip interface add --interface-name vmk3 --mtu 9000 --portgroup-name VMKernel_Fault_Tolerance
esxcli network vswitch standard portgroup set --portgroup-name=VMKernel_Fault_Tolerance --vlan-id=${VMOTION_FT_VLAN}
esxcli network ip interface ipv4 set --interface-name vmk3 --ipv4 ${FT_IP} --netmask ${NET_MASK} --type static
esxcfg-advcfg -s vmk3 /FT/vmknic



# +---------------------------------------------------------------------------+
# | Configure Portgroup for vSwitch1
# | Create vmk4 (Alt NFS, iSCSI), vmk5 (Alt Management)
# +---------------------------------------------------------------------------+
esxcli network vswitch standard portgroup add --portgroup-name VMKernel_NFS_iSCSI_2 --vswitch-name vSwitch1
esxcli network ip interface add --interface-name vmk4 --mtu 9000 --portgroup-name VMKernel_NFS_iSCSI_2
esxcli network ip interface ipv4 set --interface-name vmk4 --ipv4 ${ISCSI_IP2} --netmask ${NET_MASK} --type static

esxcli network vswitch standard portgroup add --portgroup-name Management_Network_2 --vswitch-name vSwitch1
esxcli network ip interface add --interface-name vmk5 --mtu 1500 --portgroup-name Management_Network_2
esxcli network ip interface ipv4 set --interface-name vmk5 --ipv4 ${MGT_IP2} --netmask ${NET_MASK} --type static



# +---------------------------------------------------------------------------+
# | Create portgroup in vSwitch1 for User vlan 8, 30 to 39
# +---------------------------------------------------------------------------+
VLAN_ID="8 14 30 31 32 33 34 35 36 37 38 39"

for VLAN in ${VLAN_ID}
do
 esxcli network vswitch standard portgroup add --portgroup-name "vlan_${VLAN}" --vswitch-name vSwitch1
 esxcli network vswitch standard portgroup set --portgroup-name="vlan_${VLAN}" --vlan-id=${VLAN}
done



##############################################################################
# Other Configuration
# 1) Rename datastore to Hostname + datastore
# 2) Enable/Allow Nested ESX or Hyper-V running in ESXi
# 3) Enable SSH and Create SSH Banner
# 4) Setup and Connect to NFS Storage
# 5) Setup and Connect to iSCSI Storage
# 6) Advance Setting
# 7) Setup NTP Client and Services
# 8) Enable some Firewall Services
# 9) Put to maintenance mode and reboot
##############################################################################



# +---------------------------------------------------------------------------+
# | Rename local datastore to something more meaningful
# +---------------------------------------------------------------------------+
vim-cmd hostsvc/datastore/rename datastore1 "$(hostname -s)_datastore1"



# +---------------------------------------------------------------------------+
# | Enable HV (Hardware Virtualization to run nested 64bit Guests + Hyper-V VM)
# +---------------------------------------------------------------------------+
grep -i "vhv.allow" /etc/vmware/config || echo "vhv.allow = \"TRUE\"" >> /etc/vmware/config



# +---------------------------------------------------------------------------+
# | Enable Remote SSH
# | Enable Local Local Console
# +---------------------------------------------------------------------------+
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh

vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell

# Suppress Shell Warning in Host
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1
esxcli system settings advanced set -o /UserVars/ESXiShellTimeOut -i 1



##--------------------------------------------------------------------------
##  Create SSH Banner
##--------------------------------------------------------------------------
/bin/cat > /etc/banner.new <<SSHEOF
${INDENTATION:-}ABC Pte Ltd
${INDENTATION:-}ESXi 5.0
${INDENTATION:-}=========================================
${INDENTATION:-}WARNING: UNAUTHORIZED USE IS PROHIBITED
${INDENTATION:-}-----------------------------------------
${INDENTATION:-}Property of ABC Pte Ltd, and should only
${INDENTATION:-}be accessed by authorized ABC employees.
${INDENTATION:-}Do not attempt to login unless you are an
${INDENTATION:-}authorized user.
   
${INDENTATION:-}Any authorized or unauthorized access and use,
${INDENTATION:-}will be monitored and anyone using this system
${INDENTATION:-}expressly consents to such monitoring. If such
${INDENTATION:-}monitoring reveals possible envidence of criminal
${INDENTATION:-}activity, such evidence will be provided to law
${INDENTATION:-}enforcement personnel and can result in criminal
${INDENTATION:-}or civil prosecution under applicable law of
${INDENTATION:-}Singapore.
${INDENTATION:-}-----------------------------------------
SSHEOF

# copy new banner file to overwrite /etc/issue (esxi 5 store it's banner file here)
cp /etc/banner.new /etc/issue



##--------------------------------------------------------------------------
##  Setup NFS Storage
##--------------------------------------------------------------------------
esxcli storage nfs add --host ${NFS_IP} --share ${NFS_SHARE} --volume-name ${NFS_VOLNAME}



##--------------------------------------------------------------------------
##  Setup iSCSI Storage
##--------------------------------------------------------------------------
esxcli iscsi software set --enabled=true

# search for hba card number after enabling of software iscsi
ISCSI_ADT=$(esxcli iscsi adapter list | grep -i vmhba | cut -d ' ' -f 1)

esxcli iscsi adapter discovery sendtarget add -A ${ISCSI_ADT} -a ${ISCSI_IP}
esxcli iscsi adapter discovery sendtarget auth chap set -A ${ISCSI_ADT}  -a ${ISCSI_IP} -l required -N ${ISCSI_USERID} -S ${ISCSI_USERPWD}
esxcli storage core adapter rescan --adapter ${ISCSI_ADT}



##--------------------------------------------------------------------------
##  Advance Setting
##--------------------------------------------------------------------------
esxcli system settings advanced set --option /Net/TcpipHeapSize --int-value 30
esxcli system settings advanced set --option /Net/TcpipHeapMax --int-value 120
esxcli system settings advanced set --option /NFS/HeartbeatMaxFailures --int-value 10
esxcli system settings advanced set --option /NFS/HeartbeatFrequency --int-value 20
esxcli system settings advanced set --option /NFS/HeartbeatTimeout --int-value 10
esxcli system settings advanced set --option /NFS/MaxVolumes --int-value 128



##--------------------------------------------------------------------------
##  NTP Configuration
##--------------------------------------------------------------------------
cat > /etc/ntp.conf << __NTP_CONFIG__
restrict default kod nomodify notrap noquerynopeer
restrict 127.0.0.1
server ${NTP_IP}
server 0.vmware.pool.ntp.org
server 1.vmware.pool.ntp.org
__NTP_CONFIG__
/sbin/chkconfig --level 345 ntpd on

 
##--------------------------------------------------------------------------
##  Enable Firewall
##--------------------------------------------------------------------------
esxcli network firewall set --default-action false --enabled yes

FIREWALL_SERVICES="syslog sshClient ntpClient updateManager httpClient netdump"
for SERVICE in ${FIREWALL_SERVICES}
do
 esxcli network firewall ruleset set --ruleset-id ${SERVICE} --enabled yes
done



 
##--------------------------------------------------------------------------
##  Put to Maintenance Mode, backup logs and Reboot
##--------------------------------------------------------------------------
# backup ESXi configuration to persist changes 
/sbin/auto-backup.sh  

# enter maintenance mode
# vim-cmd hostsvc/maintenance_mode_enter  

# copy %first boot script logs to persisted datastore
cp /var/log/hostd.log "/vmfs/volumes/$(hostname -s)_datastore1/firstboot-hostd.log"
cp /var/log/esxi_install.log "/vmfs/volumes/$(hostname -s)_datastore1/firstboot-esxi_install.log" 

reboot
##--------------------------------------------------------------------------
##  End of kickstart Script
##--------------------------------------------------------------------------

2 comments:

  1. Where does the firstboot section log to? I am having a heck of a time finding the actual log file showing the result of the commands in firstboot. These don't seem to be int the two log files you save off in the datastore

    ReplyDelete
  2. Is Installation on internal SD Card possible?

    ReplyDelete