ESXi 4.1 Kickstart Script for EDA Virtual Appliance

Summary:
This one has been on the back burner for a little while, but I finally got it put together thanks to resources like virtualghettolamw is crazy smartz!
Script:
Everything seems to work fine, the only one I’m not sure of is the enabling the CIMoemProviderEnabled Advanced setting as to whether that works or not.  Let me know if you happen to brave my custom kickstart script made for Dell servers, but can be adjusted for pretty much any setup I think.
   1: # Bind vmnic4 to vSwitch0.  EDA adds vmnic0 automatically
   2: # Active/Passive
   3: esxcfg-vswitch -L vmnic4 vSwitch0
   4: esxcfg-vswitch -X 1 vSwitch0
   5:  
   6: # Add vSwitch1, VMkernel, and bind vmnic1/3
   7: # Active/Passive
   8: # The following configures vSwitch1 as the vmKernel vmotion switch
   9: esxcfg-vswitch -a vSwitch1
  10: esxcfg-vswitch -A VMkernel vSwitch1
  11: esxcfg-vswitch -L vmnic1 vSwitch1
  12: esxcfg-vswitch -L vmnic3 vSwitch1
  13: esxcfg-vswitch -X 1 vSwitch1
  14:  
  15: # Add vSwitch2 and bind vmnic2/5
  16: # Active/Passive
  17: # Created VM Switch
  18: esxcfg-vswitch -a vSwitch2
  19: esxcfg-vswitch -L vmnic2 vSwitch2
  20: esxcfg-vswitch -L vmnic5 vSwitch2
  21: esxcfg-vswitch -X 1 vSwitch2
  22:  
  23: # NTP Configuration
  24: /bin/echo "restrict 127.0.0.1" > /etc/ntp.conf
  25: /bin/echo "restrict default kod nomodify notrap" >> /etc/ntp.conf
  26: /bin/echo "server timeserver1.local" >> /etc/ntp.conf
  27: /bin/echo "server timeserver2.local" >> /etc/ntp.conf
  28: /etc/init.d/ntpd restart
  29:  
  30: # Configures vmk0 as Mgmt Interface
  31: HOSTSVC_FILE=/etc/vmware/hostd/hostsvc.xml
  32:  
  33: /bin/cat > ${HOSTSVC_FILE} << __CREATE_HOST_SVC__
  34: <ConfigRoot>
  35:   <mangementVnics>
  36:     <nic id="0000">vmk0</nic>
  37:   </mangementVnics>
  38:   <mode>normal</mode>
  39:   <service>
  40:     <tsm-ssh>off</tsm-ssh>
  41:   </service>
  42: </ConfigRoot>
  43: __CREATE_HOST_SVC__
  44:  
  45: # Configure vmk1 as vMotion Interface
  46: esxcfg-vmknic -a VMkernel -i ###HOSTIP### -n 255.255.255.0
  47: /bin/vim-cmd hostsvc/net/refresh
  48: /bin/vim-cmd hostsvc/vmotion/vnic_set vmk1
  49:  
  50: # DNS Secondary (replace x.x.x.x w/ IP of another DNS server) 
  51: /bin/echo "nameserver x.x.x.x" >> /etc/resolv.conf
  52:  
  53: # Configure Local Datastore Name to standard
  54: /bin/vim-cmd hostsvc/datastore/rename datastore1 "$(hostname -s)_local"
  55:  
  56: # Configure Syslog to forward to remote syslog server like Splunk
  57: /bin/vim-cmd hostsvc/advopt/update Syslog.Remote.Hostname string x.x.x.x
  58:  
  59: # Configure port to forward Syslogs.
  60: /bin/vim-cmd hostsvc/advopt/update Syslog.Remote.Port int 514
  61:  
  62: # Only needed if local syslog going to be used.
  63: #/bin/vim-cmd hostsvc/advopt/update Syslog.Local.DatastorePath string "[$(hostname -s)_local] /logfiles/hostName.log"
  64:  
  65: # Maps standard NFS Shares (I use these as shared stores for iso and vmtemplates)
  66: esxcfg-nas -a -o linuxserver1 -s /share/STUFF nfs_share
  67: esxcfg-nas -a -o nasdevice1 -s esx_vmtemplates nfs_share_vmtemplates
  68:  
  69: #### Start of Join AD code ####
  70: #Joins to Active Directory (ESX 4.1) Update 1 Code Hashed Out
  71: /bin/cat > /tmp/joinActiveDirectory.py << __JOIN_AD__
  72: import sys,re,os,urllib,urllib2,base64
  73:  
  74: # mob url
  75: url = "https://localhost/mob/?moid=ha-ad-auth&method=joinDomain"
  76:  
  77: # mob login credentials -- use password = "" for build scripting
  78: username = "root"
  79: password = ""
  80:  
  81: # which domain to join, and associated OU
  82: # e.g.
  83: #       "local.com"
  84: #       "local.com/VMware Server OU"
  85: domainname = "local.com/someOU/"
  86:  
  87: # active directory credentials using encoded base64 password
  88: ad_username = "someserviceaccount@local.com"
  89: ### To get an encoded password, use python.  It's not really secure, but better than plain text.
  90: encodedpassword = ""
  91: ad_password = base64.b64decode(encodedpassword)
  92:  
  93: # Unhash for ESXi 4.1 Update 1
  94: ### Create global variables
  95: # global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params
  96:  
  97: # Code to build opener with HTTP Basic Authentication
  98: passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
  99: passman.add_password(None,url,username,password)
 100: authhandler = urllib2.HTTPBasicAuthHandler(passman)
 101: opener = urllib2.build_opener(authhandler)
 102: urllib2.install_opener(opener)
 103:  
 104: # Unhash below for 4.1 Update 1
 105: ### Code to capture required page data and cookie required for post back to meet CSRF requirements  ###
 106: #req = urllib2.Request(url)
 107: #page = urllib2.urlopen(req)
 108: #page_content= page.read()
 109:  
 110: # Unhash below for 4.1 Update 1
 111: ### regex to get the vmware-session-nonce value from the hidden form entry
 112: # reg = re.compile('name="vmware-session-nonce" type="hidden" value="?([^\s^"]+)"')
 113: #nonce = reg.search(page_content).group(1)
 114:  
 115: # Unhash below for 4.1 Update 1
 116: ### Code to join the domain ESXi 4.1U1
 117: #params = {'vmware-session-nonce':nonce,'domainName':domainname,'userName':ad_username,'password':ad_password}
 118: #e_params = urllib.urlencode(params)
 119: #req = urllib2.Request(url, e_params, headers={"Cookie":cookie})
 120: #page = urllib2.urlopen(req).read()
 121:  
 122: #Hash if using 4.1 U1
 123: ### Code to join domain ESX 4.1
 124: params = {'domainName':domainname,'userName':ad_username,'password':ad_password}
 125: e_params = urllib.urlencode(params)
 126: req = urllib2.Request(url,e_params)
 127: page = urllib2.urlopen(req).read()
 128:  
 129: __JOIN_AD__
 130:  
 131: #execute python script to Join AD
 132: /bin/python /tmp/joinActiveDirectory.py
 133:  
 134: #### End AD Join Code ####
 135: # Changes UserVars.CIMoemProviderEnabled to 1.  Required for OMSA VIB to work properly.
 136: esxcfg-advcfg -s 1 /UserVars/CIMoemProviderEnabled 
 137: %firstboot --unsupported --interpreter=busybox --level=9999
 138: # Do Patching in this section
 139:  
 140: #Gets Emulex and OMSA VIB from IIS Server w/ virtual directory pointed to NAS hosted directory
 141: #Applies Emulex then OMSA VIB <-- Must be in this order.
 142: # Maintenance Mode attempted twice before attempting patch because it sometimes fails.
 143: /bin/vim-cmd hostsvc/maintenance_mode_enter
 144: sleep 5
 145: /bin/vim-cmd hostsvc/maintenance_mode_enter
 146:  
 147: # Entries entered twice due to metadata.zip possibly not extracting properly the first time.
 148: /sbin/esxupdate --bundle=http://IISSERVER.local.com/VIBS/Emulex_CIM/elx-esx-4.1.0-emulex-cim-provider-3.2.30.1-offline_bundle-364582.zip update
 149:  
 150: /sbin/esxupdate --bundle=http://IISSERVER.local.com/VIBS/Emulex_CIM/elx-esx-4.1.0-emulex-cim-provider-3.2.30.1-offline_bundle-364582.zip update
 151:  
 152: /sbin/esxupdate --bundle=http://IISSERVER.local.com/VIBS/Dell_OMSA/OM-SrvAdmin-Dell-Web-6.5.0-2247.VIB-ESX41i_A01.zip update
 153:  
 154: /sbin/esxupdate --bundle=http://IISSERVER.local.com/VIBS/Dell_OMSA/OM-SrvAdmin-Dell-Web-6.5.0-2247.VIB-ESX41i_A01.zip update
 155:  
 157:  
 158: /bin/vim-cmd hostsvc/maintenance_mode_exit
 159:  
 160: /sbin/reboot -d 120

Comments

Post a Comment

Popular posts from this blog

NSX-T: Release associated invalid node ID from certificate

Image
Summary: Basically had an expiring certificate registered in NSX-T that was associated to a node_id that is no longer valid.  Long story short, there wasn't anything obvious in API to delete or disassociate a certificate from a node_id for 3.2.2.  Not sure how things got in this state, but annotating for future reference.  This may change in future revisions, so always check API for latest. Details: Effectively had a stale node associated w/ a certificate that was expiring.  Could not delete certificate until that node was disassociated from the certificate. To get certificate details and associated node_id's, you can use the following curl call (UI works too): curl -k -X GET -H "Content-Type: application/json" -u admin https://<manager ip>/api/v1/trust-management/certificates/<cert UUID> Above will return something like this: Below must be run from one of the manager nodes via elevation to root: ONLY RUN THIS IF YOU ARE ABSOLUTELY SURE OF WHAT YOU ARE DO...
Read more

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

Image
Summary: NSX-T loses synch w/ vCenter inventory, but statuses don't appear to show an issue.  Basically, you add a host to a vCenter cluster, NSX-T bits should start to automatically installing on new host.  Assuming you've created a Transport Node Profile and associated w/ the cluster.  The problem is that NSX-T doesn't see the new host and its link to the compute manager (vCenter) looks fine. Looks fine, Y U NO WORK!? So what's going on here?  This appears to affect NSX-T 2.5 and 2.5.1.  Cause is unknown. Workaround: Restart the cm-inventory service on each NSX-T mgmt/controller node using API or CLI. Details: If you were to query the status of the cm-inventory via API or CLI, you could query all 3 manager/controller nodes and get a status of running.  Even if the primary node associated w/ the VIP, if configured, is not necessarily in charge of inventory.  So you could restart the cm-inventory service till you are blue in the face ...
Read more

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.

Image
The VPN client was unable to successfully verify the IP forwarding table modification.  A VPN connection will not be established. Summary: I started running into issue utilizing Cisco AnyConnect on my Mac basically complaining about not able to overwrite IP forwarding tables.  This was on 4.6.x.  Since my VPN endpoints were not providing me w/ an updated client and w/ no access to Cisco Anyconnect downloads, my only option was to try openconnect.  It was totally worth it, here is why and how to set it up. PreReqs: Homebrew Installing OpenConnect: Launch MacOS Terminal brew install openconnect Getting VPN IP's/DNS Endpoints from AnyConnect: The information is typically located in your profile xml files located here: /opt/cisco/anyconnect/profile/somethingsomething.xml In the xml file, you are looking for "<HostAddress>typicallyaDNSName.com</HostAddress>" entry.  These are your VPN endpoints that you would need to pass to openconnec...
Read more