ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Kickstat File_Draft_ESXI5.1_Template

Download as DOCX, PDF
L
Luca Viscomi

This kickstart file configures an ESXi 5.0 installation on a server. It clears partitions on the first disk, installs ESXi using the first disk and overwrites any existing VMFS partitions. It sets the root password, reboots after installation, configures the management network interface, and configures a vSwitch with port groups.

1 of 12
Download to read offline
# +---------------------------------------------------------------------------+ # | KickstatFile :esx-pri # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Start of ESXi 5.0.0 Update1(Build623860) KickStart Script(1-5-2012) # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # |IsIt a Dryrun (parse andtest) # +---------------------------------------------------------------------------+ #dryrun # +---------------------------------------------------------------------------+ # | AcceptLicense agreement # +---------------------------------------------------------------------------+ vmaccepteula # +---------------------------------------------------------------------------+ # | DiskPartitioning # | Clearall partitionsinfirstdetecteddiskandoverwrite anyVMFS # | partitionsonthe specifieddrives. # +---------------------------------------------------------------------------+ #clearpart--firstdisk --overwritevmfs clearpart--firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Installationmedialocation # +---------------------------------------------------------------------------+ # Freshinstallationonfirstdiskandoverwrite anexistingVMFSdatastore #install --firstdisk --overwritevmfs install --firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Rootpasswordand Authicationformat # | Defaultisshadowpasswordenabled,MD5-basedpasswordsenabled # | EncryptedRootPasswordinMD5 format # +---------------------------------------------------------------------------+ # rootpasswordinMD5 format rootpw --iscrypted$1$hgxyTT/.$J7eWEYxhJsMgwFSWbkW0L. #rootpwpassword # +---------------------------------------------------------------------------+ # | Rebootafterinstallation
# +---------------------------------------------------------------------------+ reboot # +---------------------------------------------------------------------------+ # | %include # +---------------------------------------------------------------------------+ %include /tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunbefore the kickstartconfigurationisevaluated # +---------------------------------------------------------------------------+ %pre --interpreter=busybox # +---------------------------------------------------------------------------+ # | SetdefaultManagementInterface # | addvmportgroupsetto"0" to disable the creationof defaultguestVMNetwork # +---------------------------------------------------------------------------+ VMK_INT="vmk0" VMK_LINE=$(localcli networkipinterface ipv4get|grep"${VMK_INT}") IPADDR=192.168.5.100 NETMASK=255.255.255.0 GATEWAY="192.168.5.253" DNS="192.168.5.30" HOSTNAME=esx-pri vlanid="**5" echo"network --bootproto=static--addvmportgroup=false--device=vmnic0--ip=${IPADDR} -- netmask=${NETMASK} --gateway=${GATEWAY} --nameserver=${DNS} --hostname=${HOSTNAME} -- vlanid=${vlanid}">/tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi isinstalledandbefore reboot # +---------------------------------------------------------------------------+ %post--interpreter=busybox --ignorefailure=true # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi installationandafterfirst reboot # | Most of the shell commandwill enabledafterthe firstreboot # +---------------------------------------------------------------------------+ %firstboot--interpreter=busybox
# +---------------------------------------------------------------------------+ # | SetScriptVariable foruse inscript # | Variable canonlybe define afterthe firstrebootandwhenthe full bshell # | isin place # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | rename local datastore tosomethingmore meaningful # +---------------------------------------------------------------------------+ vim-cmdhostsvc/datastore/renamedatastore1"$(hostname -s)-datastore1" # +---------------------------------------------------------------------------+ # | AssignVMware license # +---------------------------------------------------------------------------+ vim-cmdvimsvc/license--setM5425-42244-48J48-0232H-* # +---------------------------------------------------------------------------+ # | vSwitchconfiguration # +---------------------------------------------------------------------------+ # vSwitch0: Active->vmnic0,vmnic2Standby->vmnic1,vmnic3, # failback:yes # faildectection:link # loadbalancing:portid # notifyswitches:yes # avgbw: 1000000 Kbps # peakbw:1000000 Kbps # burstsize:819200 KBps # allowforgedtransmits:no # allowmacchange:no # allowpromiscuousno # cdpstatus: both # +---------------------------------------------------------------------------+ # | attach vmnic1,vmnic2,vmnic3tovSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandarduplinkadd --uplink-namevmnic1--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic2--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic3--vswitch-namevSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic4--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic5--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic6--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic7--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | remove defaultVMNetworkportgroupif required? # +---------------------------------------------------------------------------+
esxcli networkvswitchstandardportgroupremove --portgroup-name="VMNetwork"--vswitch- name vSwitch0 # +---------------------------------------------------------------------------+ # | configure portgroup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgroupadd --portgroup-name SED-I-**1--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-I-**1--vlan-id**1 esxcli networkvswitchstandardportgroupadd --portgroup-name DPM-DPM-**2--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name DPM-DPM-**2--vlan-id**2 esxcli networkvswitchstandardportgroupadd --portgroup-name ILO-**3--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name ILO-**3--vlan-id**3 esxcli networkvswitchstandardportgroupadd --portgroup-name CISCO-**4--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CISCO-**4--vlan-id**4 #esxcli networkvswitchstandardportgroupadd --portgroup-name Scon-**5--vswitch-name vSwitch0 #esxcli networkvswitchstandardportgroupset --portgroup-name"ManagementNetwork"--vlan-id **5 esxcli networkvswitchstandardportgroupadd --portgroup-name CCM-DPM-**7--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CCM-DPM-**7--vlan-id**7 esxcli networkvswitchstandardportgroupadd --portgroup-name SED-X--vswitch-namevSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-X--vlan-id0 esxcli networkvswitchstandardportgroupadd --portgroup-name SIP-X--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset--portgroup-name SIP-X--vlan-id0 # +---------------------------------------------------------------------------+ # |configure cdp # +---------------------------------------------------------------------------+ esxcli networkvswitchstandard set--cdp-statusboth --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | edited - configure active andstandbyuplinksforvSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset --active-uplinksvmnic0,vmnic2--standby-uplinks vmnic1,vmnic3--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | editedconfigure failure detection+loadbalancing(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset--failbackyes --failure-detectionlink --load- balancingportid --notify-switchesyes --vswitch-name vSwitch0
# +---------------------------------------------------------------------------+ # | FAILOVERCONFIGURATIONS - Portgropup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --active-uplinksvmnic1,vmnic3-- standby-uplinksvmnic0,vmnic2--portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | configure failure detection+loadbalancingon"ManagementNetwork"Portgroup # |(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --failbackyes --failure-detectionlink -- load-balancingportid --notify-switchesyes --portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | SECURITY CONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicysecurityset --allow-forged-transmitsno--allow-mac-change no --allow-promiscuousno --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | SHAPINGCONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyshapingset--enabledyes --avg-bandwidth100000 --peak- bandwidth100000 --burst-size 819200 --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | Update the file /etc/vmware/hostd/hostsvc.xmlwiththe parameterstotickthe # |ManagementNetworkportgroupManagementTrafficbox # +---------------------------------------------------------------------------+ echo"Stoppingthe hostd" /etc/init.d/hostdstop sleep5 echo"Enabling'Management'onvmk0" sed -ie 's/<ConfigRoot>/<ConfigRoot>n<mangementVnics>n<nicid="0000">vmk0</nic>n </mangementVnics>/'/etc/vmware/hostd/hostsvc.xml echo"Startingthe hostd" /etc/init.d/hostdstart # +---------------------------------------------------------------------------+ # | enable managementinterface # +---------------------------------------------------------------------------+ # Still needtouse python/MOBtrick cat > /tmp/enableVmkInterface.py<<__ENABLE_MGMT_INT__ importsys,re,os,urllib,urllib2
# connectioninfotoMOB url = "https://localhost/mob/?moid=ha-vnic-mgr&method=selectVnic" username = "root" password= "password" # Create global variables global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params #auth passman= urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None,url,username,password) authhandler=urllib2.HTTPBasicAuthHandler(passman) opener= urllib2.build_opener(authhandler) urllib2.install_opener(opener) # Code tocapture requiredpage dataandcookie requiredforpostbackto meetCSRF requirements ### req= urllib2.Request(url) page = urllib2.urlopen(req) page_content=page.read() # regex togetthe vmware-session-nonce value fromthe hiddenformentry reg = re.compile('name="vmware-session-nonce"type="hidden"value="?([^s^"]+)"') nonce = reg.search(page_content).group(1) # getthe page headerstocapture the cookie headers= page.info() cookie = headers.get("Set-Cookie") #execute method params = {'vmware-session-nonce':nonce,'nicType':'management','device':'vmk0'} e_params= urllib.urlencode(params) req= urllib2.Request(url,e_params,headers={"Cookie":cookie}) page = urllib2.urlopen(req).read() __ENABLE_MGMT_INT__ python/tmp/enableVmkInterface.py # +---------------------------------------------------------------------------+ # | SYSLOG CONFIGURATION # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigset --default-rotate=20-- loghost=udp://192.168.9.238:514,ssl://192.168.9.238:1514 # +---------------------------------------------------------------------------+
# | change the individualsyslogrotationcount # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigloggerset --id=hostd--rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=vmkernel --rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=fdm--rotate=20 esxcli systemsyslogconfigloggerset --id=vpxa--rotate=20 # +---------------------------------------------------------------------------+ # | NTPCONFIGURATIONS # +---------------------------------------------------------------------------+ cat > /etc/ntp.conf <<__NTP_CONFIG__ restrictdefaultkodnomodifynotrapnoquerynopeer restrict127.0.0.1 server192.168.5.30 __NTP_CONFIG__ /sbin/chkconfig--level345 ntpdon # +---------------------------------------------------------------------------+ # | FIREWALLCONFIGURATION # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Enable firewall # +---------------------------------------------------------------------------+ esxcli networkfirewall set--default-actionfalse --enabled=yes # +---------------------------------------------------------------------------+ # | servicestoenable bydefault # +---------------------------------------------------------------------------+ FIREWALL_SERVICES="syslogntpClientvSphereClient" for SERVICEin${FIREWALL_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE} --enabled=yes done # +---------------------------------------------------------------------------+ # | Deny Allowed-all accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_DIP_SERVICES="syslogntpClientvSphereClient" for SERVICE_DIPin${FIREWALL_DIP_SERVICES} do esxcli networkfirewall rulesetset--allowed-all=false --ruleset-id${SERVICE_DIP} done
# +---------------------------------------------------------------------------+ # | configure IPV4accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_IP_SERVICES="syslogntpClientvSphereClient" for SERVICE_IPin${FIREWALL_IP_SERVICES} do esxcli networkfirewall rulesetallowedipadd --ip-address=192.168.5.30 --ruleset-id${SERVICE_IP} done # +---------------------------------------------------------------------------+ # | swicthoff firewallports # +---------------------------------------------------------------------------+ FIREWALL_D_SERVICES="dnsfaultTolerance NFCHBRWOL webAccessnetDumpsnmpvMotiondhcp CIMSLP CIMHttpServerCIMHttpsServervpxHeartbeats" for SERVICE_Din ${FIREWALL_D_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE_D} --enabled=no done # +---------------------------------------------------------------------------+ # | enable &start remote ESXi Shell (SSH) # +---------------------------------------------------------------------------+ vim-cmdhostsvc/enable_ssh vim-cmdhostsvc/start_ssh # +---------------------------------------------------------------------------+ # | Refreshall firewall services # +---------------------------------------------------------------------------+ #esxcli networkfirewall refresh # +---------------------------------------------------------------------------+ # | Save the firewall configuration # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname -s)-datastore1 # +---------------------------------------------------------------------------+ # | addconfigurationtothe /etc/rc.local file # +---------------------------------------------------------------------------+ #sed-i '$ acp/vmfs/volumes/$(hostname-s)-datastore1/services.xml /etc/vmware/firewall' /etc/rc.local #sed-i '$ aesxcli networkfirewall refresh'/etc/rc.local # +---------------------------------------------------------------------------+ # | Shutdownthe DCUI & vpxa& USB arbitrator(SSHlefton)
# +---------------------------------------------------------------------------+ FIREWALL_DAEMON_SERVICES="DCUIvpxausbarbitratorESXShellsfcbd-watchdog" for SERVICE_DAEMON in${FIREWALL_DAEMON_SERVICES} do chkconfig${SERVICE_DAEMON} off done # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | ESXi Host - SecuiryHardening # +---------------------------------------------------------------------------+ vim-cmdproxysvc/remove_service "/""httpsWithRedirect" vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" # +---------------------------------------------------------------------------+ # | Create SSH Banner # +---------------------------------------------------------------------------+ /bin/cat> /etc/banner.new<<SSHEOF ${INDENTATION:-}====================================================== ${INDENTATION:-}= Company.COMLTD = ${INDENTATION:-}====================================================== ${INDENTATION:-} ${INDENTATION:-}====================================================== ${INDENTATION:-}= WARNING:UNAUTHORIZEDUSE IS PROHIBITED = ${INDENTATION:-}= ----------------------------------------- = ${INDENTATION:-}= Propertyof Company.comLtd,andshouldonly = ${INDENTATION:-}= be accessedbyauthorizedCompanyemployees. = ${INDENTATION:-}= Do not attempttologinunlessyouare an = ${INDENTATION:-}= authorizeduser. = ${INDENTATION:-}= = ${INDENTATION:-}= Anyauthorizedorunauthorizedaccessanduse, = ${INDENTATION:-}= will be monitoredandanyone usingthissystem = ${INDENTATION:-}= expresslyconsentstosuchmonitoring.If such = ${INDENTATION:-}= monitoringrevealspossibleenvidence of criminal= ${INDENTATION:-}= activity,suchevidencewillbe providedtolaw = ${INDENTATION:-}= enforcementpersonnel andcanresultincriminal = ${INDENTATION:-}= or civil prosecutionunderapplicable law of = ${INDENTATION:-}= the UnitedKingdom(UK). = ${INDENTATION:-}====================================================== SSHEOF # copynewbannerfile tooverwrite /etc/issue (esxi5store it's bannerfile here)
cp /etc/banner.new/etc/issue # +---------------------------------------------------------------------------+ # | vm AutostartRules#configure virtual machine autostartrules # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/autostartmanager/enable_autostarttrue #vim-cmdhostsvc/autostartmanager/update_defaults120120 "GuestShutdown"true # +---------------------------------------------------------------------------+ # | auto restartall Vm's # +---------------------------------------------------------------------------+ sed-i '$ afor i in $(vim-cmdvmsvc/getallvms|cut -f1-d""|grep-vVmid);dovim-cmd vmsvc/power.on$i;sleep10;done'/etc/rc.local # +---------------------------------------------------------------------------+ # | Update ESXi Host # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/maintenance_mode_enter #DS=`ls /vmfs/volumes/|grepdatastore` #wget-P "/vmfs/volumes/${DS}/"http://10.10.55.5/ESXi500-201111001.zip #esxcli software vibupdate --depot="/vmfs/volumes/${DS}/ESXi500-201111001.zip" #vim-cmdhostsvc/maintenance_mode_exit # +---------------------------------------------------------------------------+ # | Create Resource Pools(SED=pool0,DPM=pool2,CCM=pool3) # +---------------------------------------------------------------------------+ #vim-cmd/hostsvc/rsrc/create --cpu-max=4800--cpu-shares=normal --cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=2048--mem-shares=normal ha-root-pool SED vim-cmd/hostsvc/rsrc/create--cpu-max=480--cpu-shares=normal--cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=204--mem-shares=normal ha-root-pool SED #vim-cmd/hostsvc/rsrc/create --cpu-min=5664 --cpu-max=2400--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=16384 --mem-min-expandable=FALSE--mem-max=16384 --mem- shares=highha-root-pool DPM vim-cmd/hostsvc/rsrc/create--cpu-min=566--cpu-max=240--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=163--mem-min-expandable=FALSE--mem-max=163--mem- shares=highha-root-pool DPM #vim-cmd/hostsvc/rsrc/create --cpu-min=2400 --cpu-max=2400--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=1024 --mem-min-expandable=FALSE--mem-max=1024--mem- shares=normal ha-root-pool CCM vim-cmd/hostsvc/rsrc/create--cpu-min=240--cpu-max=240--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=102--mem-min-expandable=FALSE--mem-max=102--mem- shares=normal ha-root-pool CCM
# +---------------------------------------------------------------------------+ # | Importthe SED formthe DVD-ROM,unzipthe .tar file andregisterthe VM # +---------------------------------------------------------------------------+ vmkload_modiso9660 vsish-e set/vmkModules/iso9660/mount$(esxcfg-mpath-b|grep"CD-ROM" | awk '{print$1}') #source_dir=/vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM #post_dir=/vmfs/volumes/$(hostname -s)-datastore1/Staging_Folder mkdir-p/vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder #cp -r${source_dir}/*${post_dir} cp -r /vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM/*/vmfs/volumes/$(hostname -s)- datastore1/Staging_Folder sleep5 tar -zxvf /vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder/2012SED-A.TGZ-C /vmfs/volumes/$(hostname -s)-datastore1 sleep5 # +---------------------------------------------------------------------------+ # | Registerthe SEDwithESXi inside Resource pool (SED,pool0) # +---------------------------------------------------------------------------+ #####advanced options####vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)- datastore1/2012alpha-SED-B/2012alpha-SED-B.vmx `cat/etc/vmware/hostd/pools.xml |grep"SED" -A1 | grep"[objID]"|sed's///;s/</objID>//g'|sed -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//'` vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)-datastore1/2012alpha-SED-B/2012alpha- SED-B.vmx 2012alpha-SED-Bpool0 # +---------------------------------------------------------------------------+ # | Save the firewall configurationonthe post? # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname-s)-datastore1 # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | copy %firstbootscriptlogsto persisteddatastore # +---------------------------------------------------------------------------+ cp /var/log/hostd.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-hostd.log" cp /var/log/esxi_install.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-esxi_install.log" cp /etc/vmware/esx.conf"/vmfs/volumes/$(hostname-s)-datastore1"
# +---------------------------------------------------------------------------+ # | Reboot # +---------------------------------------------------------------------------+ reboot ##-------------------------------------------------------------------------- ## End of kickstartScript ##--------------------------------------------------------------------------

Recommended

Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)
Tola LENG
?
PhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdatePhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment Update
APNIC
?
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
Tola LENG
?
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
Chanaka Lasantha
?
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseConfigure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Tola LENG
?
Open vpn server_linux
Open vpn server_linuxOpen vpn server_linux
Open vpn server_linux
Tola LENG
?
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on Linux
Devin Olson
?
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
Candan BOLUKBAS
?
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
?
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
?
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
?
Network commands
Network commandsNetwork commands
Network commands
Dr. Mahadev Gawas
?
Dns explained
Dns explainedDns explained
Dns explained
Lucas Girardin
?
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
?
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)
Tola LENG
?
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
?
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
Tola LENG
?
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola LENG
?
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
?
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
Josiah Ritchie
?
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
alexis marck Huiza Canchanya
?
Linux networking
Linux networkingLinux networking
Linux networking
Armando Reis
?
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
Gireesh Hariharasubramony
?
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Redis Labs
?
New text document (2)
New text document (2)New text document (2)
New text document (2)
Furqaan Aan
?
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
?
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Puppet
?
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
Jesse Ö£ÏþÃ÷
?
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
Shaun Domingo
?
What is new in neutron QoS?
What is new in neutron QoS?What is new in neutron QoS?
What is new in neutron QoS?
S?awomir Kap?o¨½ski
?

More Related Content

What's hot (18)

Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
?
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
?
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
?
Network commands
Network commandsNetwork commands
Network commands
Dr. Mahadev Gawas
?
Dns explained
Dns explainedDns explained
Dns explained
Lucas Girardin
?
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
?
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)
Tola LENG
?
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
?
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
Tola LENG
?
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola LENG
?
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
?
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
Josiah Ritchie
?
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
alexis marck Huiza Canchanya
?
Linux networking
Linux networkingLinux networking
Linux networking
Armando Reis
?
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
Gireesh Hariharasubramony
?
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Redis Labs
?
New text document (2)
New text document (2)New text document (2)
New text document (2)
Furqaan Aan
?
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
?
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
?
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
?
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
?
Network commands
Network commandsNetwork commands
Network commands
Dr. Mahadev Gawas
?
Dns explained
Dns explainedDns explained
Dns explained
Lucas Girardin
?
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
?
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)
Tola LENG
?
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
?
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
Tola LENG
?
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola LENG
?
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
?
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
Josiah Ritchie
?
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
alexis marck Huiza Canchanya
?
Linux networking
Linux networkingLinux networking
Linux networking
Armando Reis
?
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
Gireesh Hariharasubramony
?
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Redis Labs
?
New text document (2)
New text document (2)New text document (2)
New text document (2)
Furqaan Aan
?
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
?

Similar to Kickstat File_Draft_ESXI5.1_Template (20)

Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Puppet
?
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
Jesse Ö£ÏþÃ÷
?
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
Shaun Domingo
?
What is new in neutron QoS?
What is new in neutron QoS?What is new in neutron QoS?
What is new in neutron QoS?
S?awomir Kap?o¨½ski
?
Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013
Trevor Roberts Jr.
?
Org Beamer
Org BeamerOrg Beamer
Org Beamer
Hirwanto Iwan
?
Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7
Eduardo Legatti
?
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet Factory
Nullbyte Security Conference
?
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
Remi Bergsma
?
IP Addresses
IP AddressesIP Addresses
IP Addresses
adil raja
?
Sql2
Sql2Sql2
Sql2
Breme ArunPrasath
?
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
Amazon Web Services
?
Mysql56 replication
Mysql56 replicationMysql56 replication
Mysql56 replication
Chris Makayal
?
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
Amazon Web Services
?
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
Manabu Ori
?
[2015-11? ?? ???]K8s on openstack
[2015-11? ?? ???]K8s on openstack[2015-11? ?? ???]K8s on openstack
[2015-11? ?? ???]K8s on openstack
OpenStack Korea Community
?
Operation outbreak
Operation outbreakOperation outbreak
Operation outbreak
Prathan Phongthiproek
?
XML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful ServicesXML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful Services
Zeeshan Khan
?
Development Workflows on AWS
Development Workflows on AWSDevelopment Workflows on AWS
Development Workflows on AWS
Amazon Web Services
?
PuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and PuppetPuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and Puppet
Nan Liu
?
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Puppet
?
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
²Ô±ð³Ü³Ù°ù´Ç²Ô²âÊÔÀý×Ó
Jesse Ö£ÏþÃ÷
?
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
Shaun Domingo
?
What is new in neutron QoS?
What is new in neutron QoS?What is new in neutron QoS?
What is new in neutron QoS?
S?awomir Kap?o¨½ski
?
Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013
Trevor Roberts Jr.
?
Org Beamer
Org BeamerOrg Beamer
Org Beamer
Hirwanto Iwan
?
Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7
Eduardo Legatti
?
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet Factory
Nullbyte Security Conference
?
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
Remi Bergsma
?
IP Addresses
IP AddressesIP Addresses
IP Addresses
adil raja
?
Sql2
Sql2Sql2
Sql2
Breme ArunPrasath
?
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
Amazon Web Services
?
Mysql56 replication
Mysql56 replicationMysql56 replication
Mysql56 replication
Chris Makayal
?
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
Amazon Web Services
?
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
Manabu Ori
?
[2015-11? ?? ???]K8s on openstack
[2015-11? ?? ???]K8s on openstack[2015-11? ?? ???]K8s on openstack
[2015-11? ?? ???]K8s on openstack
OpenStack Korea Community
?
Operation outbreak
Operation outbreakOperation outbreak
Operation outbreak
Prathan Phongthiproek
?
XML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful ServicesXML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful Services
Zeeshan Khan
?
Development Workflows on AWS
Development Workflows on AWSDevelopment Workflows on AWS
Development Workflows on AWS
Amazon Web Services
?
PuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and PuppetPuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and Puppet
Nan Liu
?

Kickstat File_Draft_ESXI5.1_Template

  • 1. # +---------------------------------------------------------------------------+ # | KickstatFile :esx-pri # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Start of ESXi 5.0.0 Update1(Build623860) KickStart Script(1-5-2012) # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # |IsIt a Dryrun (parse andtest) # +---------------------------------------------------------------------------+ #dryrun # +---------------------------------------------------------------------------+ # | AcceptLicense agreement # +---------------------------------------------------------------------------+ vmaccepteula # +---------------------------------------------------------------------------+ # | DiskPartitioning # | Clearall partitionsinfirstdetecteddiskandoverwrite anyVMFS # | partitionsonthe specifieddrives. # +---------------------------------------------------------------------------+ #clearpart--firstdisk --overwritevmfs clearpart--firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Installationmedialocation # +---------------------------------------------------------------------------+ # Freshinstallationonfirstdiskandoverwrite anexistingVMFSdatastore #install --firstdisk --overwritevmfs install --firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Rootpasswordand Authicationformat # | Defaultisshadowpasswordenabled,MD5-basedpasswordsenabled # | EncryptedRootPasswordinMD5 format # +---------------------------------------------------------------------------+ # rootpasswordinMD5 format rootpw --iscrypted$1$hgxyTT/.$J7eWEYxhJsMgwFSWbkW0L. #rootpwpassword # +---------------------------------------------------------------------------+ # | Rebootafterinstallation
  • 2. # +---------------------------------------------------------------------------+ reboot # +---------------------------------------------------------------------------+ # | %include # +---------------------------------------------------------------------------+ %include /tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunbefore the kickstartconfigurationisevaluated # +---------------------------------------------------------------------------+ %pre --interpreter=busybox # +---------------------------------------------------------------------------+ # | SetdefaultManagementInterface # | addvmportgroupsetto"0" to disable the creationof defaultguestVMNetwork # +---------------------------------------------------------------------------+ VMK_INT="vmk0" VMK_LINE=$(localcli networkipinterface ipv4get|grep"${VMK_INT}") IPADDR=192.168.5.100 NETMASK=255.255.255.0 GATEWAY="192.168.5.253" DNS="192.168.5.30" HOSTNAME=esx-pri vlanid="**5" echo"network --bootproto=static--addvmportgroup=false--device=vmnic0--ip=${IPADDR} -- netmask=${NETMASK} --gateway=${GATEWAY} --nameserver=${DNS} --hostname=${HOSTNAME} -- vlanid=${vlanid}">/tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi isinstalledandbefore reboot # +---------------------------------------------------------------------------+ %post--interpreter=busybox --ignorefailure=true # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi installationandafterfirst reboot # | Most of the shell commandwill enabledafterthe firstreboot # +---------------------------------------------------------------------------+ %firstboot--interpreter=busybox
  • 3. # +---------------------------------------------------------------------------+ # | SetScriptVariable foruse inscript # | Variable canonlybe define afterthe firstrebootandwhenthe full bshell # | isin place # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | rename local datastore tosomethingmore meaningful # +---------------------------------------------------------------------------+ vim-cmdhostsvc/datastore/renamedatastore1"$(hostname -s)-datastore1" # +---------------------------------------------------------------------------+ # | AssignVMware license # +---------------------------------------------------------------------------+ vim-cmdvimsvc/license--setM5425-42244-48J48-0232H-* # +---------------------------------------------------------------------------+ # | vSwitchconfiguration # +---------------------------------------------------------------------------+ # vSwitch0: Active->vmnic0,vmnic2Standby->vmnic1,vmnic3, # failback:yes # faildectection:link # loadbalancing:portid # notifyswitches:yes # avgbw: 1000000 Kbps # peakbw:1000000 Kbps # burstsize:819200 KBps # allowforgedtransmits:no # allowmacchange:no # allowpromiscuousno # cdpstatus: both # +---------------------------------------------------------------------------+ # | attach vmnic1,vmnic2,vmnic3tovSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandarduplinkadd --uplink-namevmnic1--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic2--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic3--vswitch-namevSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic4--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic5--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic6--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic7--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | remove defaultVMNetworkportgroupif required? # +---------------------------------------------------------------------------+
  • 4. esxcli networkvswitchstandardportgroupremove --portgroup-name="VMNetwork"--vswitch- name vSwitch0 # +---------------------------------------------------------------------------+ # | configure portgroup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgroupadd --portgroup-name SED-I-**1--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-I-**1--vlan-id**1 esxcli networkvswitchstandardportgroupadd --portgroup-name DPM-DPM-**2--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name DPM-DPM-**2--vlan-id**2 esxcli networkvswitchstandardportgroupadd --portgroup-name ILO-**3--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name ILO-**3--vlan-id**3 esxcli networkvswitchstandardportgroupadd --portgroup-name CISCO-**4--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CISCO-**4--vlan-id**4 #esxcli networkvswitchstandardportgroupadd --portgroup-name Scon-**5--vswitch-name vSwitch0 #esxcli networkvswitchstandardportgroupset --portgroup-name"ManagementNetwork"--vlan-id **5 esxcli networkvswitchstandardportgroupadd --portgroup-name CCM-DPM-**7--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CCM-DPM-**7--vlan-id**7 esxcli networkvswitchstandardportgroupadd --portgroup-name SED-X--vswitch-namevSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-X--vlan-id0 esxcli networkvswitchstandardportgroupadd --portgroup-name SIP-X--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset--portgroup-name SIP-X--vlan-id0 # +---------------------------------------------------------------------------+ # |configure cdp # +---------------------------------------------------------------------------+ esxcli networkvswitchstandard set--cdp-statusboth --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | edited - configure active andstandbyuplinksforvSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset --active-uplinksvmnic0,vmnic2--standby-uplinks vmnic1,vmnic3--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | editedconfigure failure detection+loadbalancing(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset--failbackyes --failure-detectionlink --load- balancingportid --notify-switchesyes --vswitch-name vSwitch0
  • 5. # +---------------------------------------------------------------------------+ # | FAILOVERCONFIGURATIONS - Portgropup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --active-uplinksvmnic1,vmnic3-- standby-uplinksvmnic0,vmnic2--portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | configure failure detection+loadbalancingon"ManagementNetwork"Portgroup # |(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --failbackyes --failure-detectionlink -- load-balancingportid --notify-switchesyes --portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | SECURITY CONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicysecurityset --allow-forged-transmitsno--allow-mac-change no --allow-promiscuousno --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | SHAPINGCONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyshapingset--enabledyes --avg-bandwidth100000 --peak- bandwidth100000 --burst-size 819200 --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | Update the file /etc/vmware/hostd/hostsvc.xmlwiththe parameterstotickthe # |ManagementNetworkportgroupManagementTrafficbox # +---------------------------------------------------------------------------+ echo"Stoppingthe hostd" /etc/init.d/hostdstop sleep5 echo"Enabling'Management'onvmk0" sed -ie 's/<ConfigRoot>/<ConfigRoot>n<mangementVnics>n<nicid="0000">vmk0</nic>n </mangementVnics>/'/etc/vmware/hostd/hostsvc.xml echo"Startingthe hostd" /etc/init.d/hostdstart # +---------------------------------------------------------------------------+ # | enable managementinterface # +---------------------------------------------------------------------------+ # Still needtouse python/MOBtrick cat > /tmp/enableVmkInterface.py<<__ENABLE_MGMT_INT__ importsys,re,os,urllib,urllib2
  • 6. # connectioninfotoMOB url = "https://localhost/mob/?moid=ha-vnic-mgr&method=selectVnic" username = "root" password= "password" # Create global variables global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params #auth passman= urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None,url,username,password) authhandler=urllib2.HTTPBasicAuthHandler(passman) opener= urllib2.build_opener(authhandler) urllib2.install_opener(opener) # Code tocapture requiredpage dataandcookie requiredforpostbackto meetCSRF requirements ### req= urllib2.Request(url) page = urllib2.urlopen(req) page_content=page.read() # regex togetthe vmware-session-nonce value fromthe hiddenformentry reg = re.compile('name="vmware-session-nonce"type="hidden"value="?([^s^"]+)"') nonce = reg.search(page_content).group(1) # getthe page headerstocapture the cookie headers= page.info() cookie = headers.get("Set-Cookie") #execute method params = {'vmware-session-nonce':nonce,'nicType':'management','device':'vmk0'} e_params= urllib.urlencode(params) req= urllib2.Request(url,e_params,headers={"Cookie":cookie}) page = urllib2.urlopen(req).read() __ENABLE_MGMT_INT__ python/tmp/enableVmkInterface.py # +---------------------------------------------------------------------------+ # | SYSLOG CONFIGURATION # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigset --default-rotate=20-- loghost=udp://192.168.9.238:514,ssl://192.168.9.238:1514 # +---------------------------------------------------------------------------+
  • 7. # | change the individualsyslogrotationcount # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigloggerset --id=hostd--rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=vmkernel --rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=fdm--rotate=20 esxcli systemsyslogconfigloggerset --id=vpxa--rotate=20 # +---------------------------------------------------------------------------+ # | NTPCONFIGURATIONS # +---------------------------------------------------------------------------+ cat > /etc/ntp.conf <<__NTP_CONFIG__ restrictdefaultkodnomodifynotrapnoquerynopeer restrict127.0.0.1 server192.168.5.30 __NTP_CONFIG__ /sbin/chkconfig--level345 ntpdon # +---------------------------------------------------------------------------+ # | FIREWALLCONFIGURATION # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Enable firewall # +---------------------------------------------------------------------------+ esxcli networkfirewall set--default-actionfalse --enabled=yes # +---------------------------------------------------------------------------+ # | servicestoenable bydefault # +---------------------------------------------------------------------------+ FIREWALL_SERVICES="syslogntpClientvSphereClient" for SERVICEin${FIREWALL_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE} --enabled=yes done # +---------------------------------------------------------------------------+ # | Deny Allowed-all accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_DIP_SERVICES="syslogntpClientvSphereClient" for SERVICE_DIPin${FIREWALL_DIP_SERVICES} do esxcli networkfirewall rulesetset--allowed-all=false --ruleset-id${SERVICE_DIP} done
  • 8. # +---------------------------------------------------------------------------+ # | configure IPV4accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_IP_SERVICES="syslogntpClientvSphereClient" for SERVICE_IPin${FIREWALL_IP_SERVICES} do esxcli networkfirewall rulesetallowedipadd --ip-address=192.168.5.30 --ruleset-id${SERVICE_IP} done # +---------------------------------------------------------------------------+ # | swicthoff firewallports # +---------------------------------------------------------------------------+ FIREWALL_D_SERVICES="dnsfaultTolerance NFCHBRWOL webAccessnetDumpsnmpvMotiondhcp CIMSLP CIMHttpServerCIMHttpsServervpxHeartbeats" for SERVICE_Din ${FIREWALL_D_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE_D} --enabled=no done # +---------------------------------------------------------------------------+ # | enable &start remote ESXi Shell (SSH) # +---------------------------------------------------------------------------+ vim-cmdhostsvc/enable_ssh vim-cmdhostsvc/start_ssh # +---------------------------------------------------------------------------+ # | Refreshall firewall services # +---------------------------------------------------------------------------+ #esxcli networkfirewall refresh # +---------------------------------------------------------------------------+ # | Save the firewall configuration # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname -s)-datastore1 # +---------------------------------------------------------------------------+ # | addconfigurationtothe /etc/rc.local file # +---------------------------------------------------------------------------+ #sed-i '$ acp/vmfs/volumes/$(hostname-s)-datastore1/services.xml /etc/vmware/firewall' /etc/rc.local #sed-i '$ aesxcli networkfirewall refresh'/etc/rc.local # +---------------------------------------------------------------------------+ # | Shutdownthe DCUI & vpxa& USB arbitrator(SSHlefton)
  • 9. # +---------------------------------------------------------------------------+ FIREWALL_DAEMON_SERVICES="DCUIvpxausbarbitratorESXShellsfcbd-watchdog" for SERVICE_DAEMON in${FIREWALL_DAEMON_SERVICES} do chkconfig${SERVICE_DAEMON} off done # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | ESXi Host - SecuiryHardening # +---------------------------------------------------------------------------+ vim-cmdproxysvc/remove_service "/""httpsWithRedirect" vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" # +---------------------------------------------------------------------------+ # | Create SSH Banner # +---------------------------------------------------------------------------+ /bin/cat> /etc/banner.new<<SSHEOF ${INDENTATION:-}====================================================== ${INDENTATION:-}= Company.COMLTD = ${INDENTATION:-}====================================================== ${INDENTATION:-} ${INDENTATION:-}====================================================== ${INDENTATION:-}= WARNING:UNAUTHORIZEDUSE IS PROHIBITED = ${INDENTATION:-}= ----------------------------------------- = ${INDENTATION:-}= Propertyof Company.comLtd,andshouldonly = ${INDENTATION:-}= be accessedbyauthorizedCompanyemployees. = ${INDENTATION:-}= Do not attempttologinunlessyouare an = ${INDENTATION:-}= authorizeduser. = ${INDENTATION:-}= = ${INDENTATION:-}= Anyauthorizedorunauthorizedaccessanduse, = ${INDENTATION:-}= will be monitoredandanyone usingthissystem = ${INDENTATION:-}= expresslyconsentstosuchmonitoring.If such = ${INDENTATION:-}= monitoringrevealspossibleenvidence of criminal= ${INDENTATION:-}= activity,suchevidencewillbe providedtolaw = ${INDENTATION:-}= enforcementpersonnel andcanresultincriminal = ${INDENTATION:-}= or civil prosecutionunderapplicable law of = ${INDENTATION:-}= the UnitedKingdom(UK). = ${INDENTATION:-}====================================================== SSHEOF # copynewbannerfile tooverwrite /etc/issue (esxi5store it's bannerfile here)
  • 10. cp /etc/banner.new/etc/issue # +---------------------------------------------------------------------------+ # | vm AutostartRules#configure virtual machine autostartrules # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/autostartmanager/enable_autostarttrue #vim-cmdhostsvc/autostartmanager/update_defaults120120 "GuestShutdown"true # +---------------------------------------------------------------------------+ # | auto restartall Vm's # +---------------------------------------------------------------------------+ sed-i '$ afor i in $(vim-cmdvmsvc/getallvms|cut -f1-d""|grep-vVmid);dovim-cmd vmsvc/power.on$i;sleep10;done'/etc/rc.local # +---------------------------------------------------------------------------+ # | Update ESXi Host # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/maintenance_mode_enter #DS=`ls /vmfs/volumes/|grepdatastore` #wget-P "/vmfs/volumes/${DS}/"http://10.10.55.5/ESXi500-201111001.zip #esxcli software vibupdate --depot="/vmfs/volumes/${DS}/ESXi500-201111001.zip" #vim-cmdhostsvc/maintenance_mode_exit # +---------------------------------------------------------------------------+ # | Create Resource Pools(SED=pool0,DPM=pool2,CCM=pool3) # +---------------------------------------------------------------------------+ #vim-cmd/hostsvc/rsrc/create --cpu-max=4800--cpu-shares=normal --cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=2048--mem-shares=normal ha-root-pool SED vim-cmd/hostsvc/rsrc/create--cpu-max=480--cpu-shares=normal--cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=204--mem-shares=normal ha-root-pool SED #vim-cmd/hostsvc/rsrc/create --cpu-min=5664 --cpu-max=2400--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=16384 --mem-min-expandable=FALSE--mem-max=16384 --mem- shares=highha-root-pool DPM vim-cmd/hostsvc/rsrc/create--cpu-min=566--cpu-max=240--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=163--mem-min-expandable=FALSE--mem-max=163--mem- shares=highha-root-pool DPM #vim-cmd/hostsvc/rsrc/create --cpu-min=2400 --cpu-max=2400--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=1024 --mem-min-expandable=FALSE--mem-max=1024--mem- shares=normal ha-root-pool CCM vim-cmd/hostsvc/rsrc/create--cpu-min=240--cpu-max=240--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=102--mem-min-expandable=FALSE--mem-max=102--mem- shares=normal ha-root-pool CCM
  • 11. # +---------------------------------------------------------------------------+ # | Importthe SED formthe DVD-ROM,unzipthe .tar file andregisterthe VM # +---------------------------------------------------------------------------+ vmkload_modiso9660 vsish-e set/vmkModules/iso9660/mount$(esxcfg-mpath-b|grep"CD-ROM" | awk '{print$1}') #source_dir=/vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM #post_dir=/vmfs/volumes/$(hostname -s)-datastore1/Staging_Folder mkdir-p/vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder #cp -r${source_dir}/*${post_dir} cp -r /vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM/*/vmfs/volumes/$(hostname -s)- datastore1/Staging_Folder sleep5 tar -zxvf /vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder/2012SED-A.TGZ-C /vmfs/volumes/$(hostname -s)-datastore1 sleep5 # +---------------------------------------------------------------------------+ # | Registerthe SEDwithESXi inside Resource pool (SED,pool0) # +---------------------------------------------------------------------------+ #####advanced options####vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)- datastore1/2012alpha-SED-B/2012alpha-SED-B.vmx `cat/etc/vmware/hostd/pools.xml |grep"SED" -A1 | grep"[objID]"|sed's///;s/</objID>//g'|sed -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//'` vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)-datastore1/2012alpha-SED-B/2012alpha- SED-B.vmx 2012alpha-SED-Bpool0 # +---------------------------------------------------------------------------+ # | Save the firewall configurationonthe post? # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname-s)-datastore1 # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | copy %firstbootscriptlogsto persisteddatastore # +---------------------------------------------------------------------------+ cp /var/log/hostd.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-hostd.log" cp /var/log/esxi_install.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-esxi_install.log" cp /etc/vmware/esx.conf"/vmfs/volumes/$(hostname-s)-datastore1"
  • 12. # +---------------------------------------------------------------------------+ # | Reboot # +---------------------------------------------------------------------------+ reboot ##-------------------------------------------------------------------------- ## End of kickstartScript ##--------------------------------------------------------------------------
AboutCopyright
? 2025 ºÝºÝߣ