Blog ohne Name ;)

Wer in größeren Virtuellen Infrastrukturen arbeitet, wird um die automatisierte Installation seiner ESX Server nicht herumkommen. Mit Hilfe einer Kickstart Datei lassen sich die meisten Vorgänge während der Installation automatisieren. Ich zeige euch als Beispiel mein Installationsskript (kickstart.cfg) für HP Proliant Server. Die Installation wird mit Hilfe einer modifizierten Installations-DVD durchgeführt. Das root-Password könnt ihr im übrigen mittels “openssl passwd -1″ erstellen. Der Rest ist – denke ich – selbsterklärend.

rootpw –iscrypted $1$Za2rYqED$8e1UHiDf.tnXxNSBVycpw/

authconfig –enableshadow –enablemd5
bootloader –location=mbr
timezone Europe/Berlin
install cdrom

%include /tmp/networkconfig

keyboard de
reboot
clearpart –drives=cciss/c0d0 –initlabel –overwritevmfs

part /boot  –fstype=ext3    –size=512          –ondisk=cciss/c0d0
part none   –fstype=vmkcore –size=100          –ondisk=cciss/c0d0
part SYSTEM –fstype=vmfs3   –size=32768 –grow –ondisk=cciss/c0d0

virtualdisk COS         –size=30720 –onvmfs=SYSTEM
part /    –fstype=ext3 –size=9216  –onvirtualdisk=COS
part /var –fstype=ext3 –size=9216  –onvirtualdisk=COS
part /tmp –fstype=ext3 –size=9216  –onvirtualdisk=COS
part swap –fstype=swap –size=2048  –onvirtualdisk=COS

firewall –allowIncoming –allowOutgoing

accepteula
serialnum –esx=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

%packages

%pre –interpreter=bash
echo “reading commandline from /proc…”
set — `cat /proc/cmdline`
for I in $*; do case “$I” in *=*) eval $I;; esac; done

echo ” creating variables for network config…”
cat << EOF >> /tmp/networkconfig
network –device=vmnic0 –bootproto=static –ip=${ESXIP} –netmask=${ESXMASK} –gateway=${ESXGW} –nameserver=192.168.0.1,192.168.0.2 –hostname=${ESXHOST} –addvmportgroup=0 –vlanid=${ESXVLAN}
EOF

%post –interpreter=bash
echo ” doing some post installation processing…”

echo ” generating rc.local…”
cat > /etc/rc.d/rc.local.sik << “EOF”
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

echo > /etc/motd
echo `vmware -v` – `hostname -f` – maintained by IT Staff >> /etc/motd
echo >> /etc/motd

EOF

chmod +x /etc/rc.d/rc.local.sik
sh /etc/rc.d/rc.local.sik > /dev/null 2>&1

cat > /etc/rc.d/rc.local << “EOF2″

sleep 15

unalias rm > /dev/null 2>&1
unalias mv > /dev/null 2>&1

esxcfg-firewall –allowIncoming > /dev/null 2>&1
esxcfg-firewall –allowOutgoing  > /dev/null 2>&1

if [ -e /etc/rc.d/rc.local.tmp ]; then
mv -f /etc/rc.d/rc.local.sik /etc/rc.d/rc.local
exit 0
fi

echo ” open firewall ports…”
esxcfg-firewall –enableService ntpClient > /dev/null 2>&1
esxcfg-firewall –enableService sshClient > /dev/null 2>&1
esxcfg-firewall –enableService nfsClient > /dev/null 2>&1
esxcfg-firewall -o 80,tcp,in,http > /dev/null 2>&1
esxcfg-firewall -o 80,tcp,out,http > /dev/null 2>&1
esxcfg-firewall -o 2301,tcp,in,hpsim > /dev/null 2>&1
esxcfg-firewall -o 2301,tcp,out,hpsim > /dev/null 2>&1
esxcfg-firewall -o 88,tcp,out,KerberosClient > /dev/null 2>&1
esxcfg-firewall -o 88,udp,out,KerberosClient > /dev/null 2>&1
esxcfg-firewall -o 636,tcp,out,OpenSSL > /dev/null 2>&1
esxcfg-firewall -o 464,tcp,out,KerberosPasswordChange > /dev/null 2>&1
esxcfg-firewall -o 389,tcp,out,ldap > /dev/null 2>&1
chkconfig –level 345 portmap on > /dev/null 2>&1
chkconfig –level 345 netfs on > /dev/null 2>&1
chkconfig –level 345 ntpd on > /dev/null 2>&1
chkconfig –level 345 sshd on > /dev/null 2>&1

sleep 15

echo ” creating /etc/resolv.conf…”
SEARCH1=`hostname -d`
SEARCH2=”intern.gallien.de”

if [ $SEARCH1 = $SEARCH2 ]; then
echo “nameserver 192.168.0.1″ > /etc/resolv.conf
echo “nameserver 192.168.0.2″ >> /etc/resolv.conf
echo “search intern.gallien.de” >> /etc/resolv.conf
else
echo “nameserver 192.168.0.1″ > /etc/resolv.conf
echo “nameserver 192.168.0.2″ >> /etc/resolv.conf
echo “search $SEARCH1 $SEARCH2″ >> /etc/resolv.conf
fi

echo ” configure sshd configuration to enable root login…”
sed -e ‘s/PermitRootLogin no/PermitRootLogin yes/’ -i /etc/ssh/sshd_config

echo ” setting console memory to 512MB…”
sed -i ‘s/\/boot\/memSize\ =\ “[0-9][0-9][0-9]“/\/boot\/memSize\ =\ “512″/1′ /etc/vmware/esx.conf
sed -i ‘s/mem=300M/mem=512M/g’ /boot/grub/grub.conf
sed -i ‘s/uppermem 307200/uppermem 524288/g’ /boot/grub/grub.conf

echo ” generating ntp.conf…”
cat > /etc/ntp.conf << “EOF”
restrict 127.0.0.1
restrict default kod nomodify notrap
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
server 192.168.0.1
server 192.168.0.2
EOF

echo ” generating step-tickers…”
cat > /etc/ntp/step-tickers << “EOF”
192.168.0.1
192.168.0.2
EOF

echo ” setting time and synchronize with hardware clock…”
ntpdate 192.168.0.1
hwclock –systohc

echo ” creating necessary files and directorys…”
touch /etc/rc.d/rc.local.tmp
mkdir -p /tmp/vmware-root
mkdir -p /root/scripts

echo ” setting up advanced system config…”
esxcfg-advcfg -s 1 /Disk/UseLunReset > /dev/null 2>&1
esxcfg-advcfg -s 0 /Disk/UseDeviceReset > /dev/null 2>&1
esxcfg-advcfg -s 50 /Disk/MaxLUN > /dev/null 2>&1
esxcfg-advcfg -s 128 /Disk/SchedNumReqOutstanding > /dev/null 2>&1
cp -a /etc/bashrc /etc/bashrc.old > /dev/null 2>&1
sed -i “s/\\h \\\W/\\h \\\w/g” /etc/bashrc > /dev/null 2>&1
perl -p -i -e ‘s/nocompress/compress/g’ /etc/logrotate.d/vmkernel > /dev/null 2>&1
perl -p -i -e ‘s/nocompress/compress/g’ /etc/logrotate.d/vmksummary > /dev/null 2>&1
perl -p -i -e ‘s/#compress/compress/g’ /etc/logrotate.conf > /dev/null 2>&1

echo ” renaming local datastore…”
unalias rm > /dev/null 2>&1
DS=`cat /proc/vmware/rootFsVMDKPath | cut -d ‘/’ -f 4`
rm -f /vmfs/volumes/SYSTEM
ln -s $DS /vmfs/volumes/`hostname -s | tr [:lower:] [:upper:]`-System
vmware-vim-cmd “/internalsvc/refresh_datastores” > /dev/null 2>&1

echo ” enabling CDP…”
for switch in $( esxcfg-vswitch -l | awk ‘/vSwitch/ {print $1}’); do
/usr/sbin/esxcfg-vswitch -B both $switch
done

sleep 15

echo ” creating resource-pools…”
echo `hostname -s | tr [:lower:] [:upper:]` | sed -e ‘s/V//g’ > /tmp/clusname
CLUSNAME=`cat /tmp/clusname`V
vmware-vim-cmd hostsvc/rsrc/create –cpu-shares=low    –mem-shares=low    –cpu-min-expandable=true –mem-min-expandable=true ha-root-pool $CLUSNAME-Production-Low > /dev/null 2>&1
vmware-vim-cmd hostsvc/rsrc/create –cpu-shares=normal –mem-shares=normal –cpu-min-expandable=true –mem-min-expandable=true ha-root-pool $CLUSNAME-Production-Normal > /dev/null 2>&1
vmware-vim-cmd hostsvc/rsrc/create –cpu-shares=high   –mem-shares=high   –cpu-min-expandable=true –mem-min-expandable=true ha-root-pool $CLUSNAME-Production-High > /dev/null 2>&1
vmware-vim-cmd hostsvc/rsrc/create –cpu-shares=low    –mem-shares=low    –cpu-min-expandable=true –mem-min-expandable=true ha-root-pool $CLUSNAME-Test-Low > /dev/null 2>&1

sleep 15

echo ” fetching ssh-keys…”
mkdir -p /root/.ssh
cd /root/.ssh
lwp-download http://192.168.0.1/install/keys.tgz > /dev/null 2>&1
tar xzf keys.tgz > /dev/null 2>&1
rm keys.tgz

echo ” creating users and groups…”
useradd -s /bin/false -c “Service Desk” -p mypassword operator > /dev/null 2>&1
groupadd -g 1500 ESXAdmins > /dev/null 2>&1

echo ” enabling AD authentication…”
esxcfg-auth –enablead –addomain intern.gallien.de –addc dc1.intern.gallien.de –addc dc2.intern.gallien.de –addc dc3.intern.gallien.de –krb5realm=intern.gallien.de –krb5kdc dc1.intern.gallien.de –krb5adminserver dc1.intern.gallien.de –enablekrb5 > /dev/null 2>&1

echo ” creating LDAP config…”
cat > /etc/openldap/ldap.conf << “EOF”
base dc=intern,dc=gallien,dc=de
host dc1.intern.gallien.de dc2.intern.gallien.de dc3.intern.gallien.de
pam_password md5
ssl no
EOF

echo ” fetching some scripts…”
lwp-download -a http://192.168.0.1/install/ldap_search.sh /root/scripts/ldap_search.sh > /dev/null 2>&1
lwp-download -a http://192.168.0.1/install/makeconfig.sh /root/scripts/makeconfig.sh > /dev/null 2>&1
ln -s /root/scripts/makeconfig.sh /root/makeconfig.sh > /dev/null 2>&1
ln -s /root/scripts/ldap_search.sh /root/ldap_search.sh > /dev/null 2>&1

echo ” chmod scripts…”
chmod +x /root/scripts/ldap_search.sh > /dev/null 2>&1
chmod +x /root/scripts/makeconfig.sh > /dev/null 2>&1
/root/scripts/ldap_search.sh > /dev/null 2>&1

echo ” creating cronjobs…”
echo “@hourly     /usr/bin/lwp-download -a http://192.168.0.1/install/ldap_search.sh /root/scripts/ldap_search.sh > /dev/null 2>&1″ > /tmp/root-cron
echo “@hourly     /usr/bin/lwp-download -a http://192.168.0.1/install/makeconfig.sh /root/scripts/makeconfig.sh > /dev/null 2>&1″ >> /tmp/root-cron
echo “@hourly     /root/scripts/ldap_search.sh > /dev/null 2>&1″ >> /tmp/root-cron
crontab -u root /tmp/root-cron
rm /tmp/root-cron > /dev/null 2>&1

echo ” setting up sodoers…”
cat > /etc/sudoers << “EOF”
Defaults env_reset

root ALL=(ALL) ALL
%hpsmh ALL=NOPASSWD:/etc/init.d/snmpd
%hpsmh ALL=NOPASSWD:/usr/bin/snmptrap
%ESXAdmins ALL=(ALL) NOPASSWD: ALL, !/usr/bin/passwd root
EOF

visudo -q -c -s -f /etc/suoders

echo ” installaing HP Hardware agents…”
/etc/init.d/pegasus stop > /dev/null 2>&1
cd /tmp
lwp-download http://192.168.0.1/install/hp/hpmgmt-8.2.5-vmware4x.tgz > /dev/null 2>&1
tar xzf hpmgmt-8.2.5-vmware4x.tgz > /dev/null 2>&1

cat > /tmp/hpmgmt.conf << “EOF”
export CMASILENT=”YES”
export CMALOCALHOSTRWCOMMSTR=127.0.0.1
export CMALOCALHOSTROCOMMSTR=127.0.0.1
export CMAMGMTSTATIONRWIPORDNS=my_sim_server
export CMAMGMTSTATIONRWCOMMSTR=my_sim_server
export CMASYSCONTACT=”Servicedesk – Phone 08-15″
export CMASYSLOCATION=”My Company”
export ENABLEHPIMPORT=Y
export ENABLEHP_SIMPORT=Y
export ENABLESNMPSERVICE=Y
export ENABLESIMCERTPORT=Y
EOF

cd /tmp/hpmgmt/825
sh ./install825vibs.sh –silent –inputfile /tmp/hpmgmt.conf

echo ” creating snmp config…”
cat > /etc/snmp/snmpd.conf << “EOF”
dlmod cmaX /usr/lib64/libcmaX64.so
rwcommunity 127.0.0.1
rocommunity 127.0.0.1
rwcommunity my_sim_server
rocommunity str my_sim_server
rocommunity str my_scom_server_1
rocommunity str my_scom_server_2
trapcommunity str
trapsink localhost
trapsink my_sim_server
trapsink my_scom_server_1
trapsink my_scom_server_2
syscontact Servicedesk – Phone 08-15
syslocation My Company
EOF

echo ” creating System Management Homepage config…”
cat > /opt/hp/hpsmh/conf/smhpd.xml << “EOF”
<?xml version=”1.0″?>
<system-management-homepage>
<admin-group>ESXAdmins</admin-group>
<operator-group>operator</operator-group>
<user-group/>
<allow-default-os-admin>true</allow-default-os-admin>
<anonymous-access>false</anonymous-access>
<localaccess-enabled>false</localaccess-enabled>
<localaccess-type>Anonymous</localaccess-type>
<trustmode>TrustByName</trustmode>
<xenamelist>my_sim_server</xenamelist>
<ip-binding>false</ip-binding>
<ip-binding-list/>
<ip-restricted-logins>false</ip-restricted-logins>
<ip-restricted-include></ip-restricted-include>
<ip-restricted-exclude/>
<session-timeout>30</session-timeout><admin-kerberos/><ui-timeout>30</ui-timeout><operator-kerberos/><box-order>name</box-order><user-kerberos/><box-item-order>name</box-item-order><custom-ui>false</custom-ui><iconview>false</iconview></system-management-homepage>
EOF

echo ” creating SIM server certificate…”
cat > /opt/hp/hpsmh/certs/my_sim_server.pem << “EOF”
—–BEGIN CERTIFICATE—–
nbdbhVGGJFjghfIBAgIJUtPscfb6bV6QMA0GCSqGSIb3DQEBBAUAMIG4MQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMSAwHgYDVQQKExdIZXdsZXR0
LVBhY2thcmQgQ29tcGFueTE0MDIGA1UECxMrSGV3bGV0dC1QYWNrYXJkIE5ldHdvcmsgTWFuYWdl
bWVudCBTb2Z0d2FyZTEoMCYGA1UEAxMfc3N0cm0wMzIuZW1lYS5pc24uY29ycGludHJhLm5ldDAe
Fw0wOTAyMTgxMjI4MTlaFw0xOTAyMTkxMjI4MTlaMIG4MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMSAwHgYDVQQKExdIZXdsZXR0LVBhY2thcmQg
d2FyZTEoMCYGA1UEAxMfc3N0cm0wMzIuZW1lYS5pc24uY29ycGludHJhLm5ldDCBnzANBgkqhkiG
LobDXH+7Xt3iatZfjPAI04J6Qfi9PVbb6ww7KL3PXvYM9HAbz+Ae/eWOHcSICrFhmGPKdjpts1CQ
cm0wMzIuZW1lYS5pc24uY29ycGludHJhLm5ldDANBgkqhkiG9w0BAQQFAAOBgQA33whUdYR5GTZE
fviL5bPLpsyRtT5YDDd8vwGU9dttkfAXxbaQBBlyJzzfr0v4Dcq5O0GBNj++MyXv/dIYANT2Y/o1
3UjY/86TgUVGiYOtUtIFqQSbKkufzam1gTsWj1chNHLznuL0odU6gz2xXsVgoc0YcA+glG34Jlz0
786675==
—–END CERTIFICATE—–
EOF

echo ” creating syslog-ng config…”
cat > /etc/syslog.conf << “EOF”
*.info;mail.none;authpriv.none;cron.none;local6.none;local5.none /var/log/messages
authpriv.*                                                       /var/log/secure
mail.*                                                           /var/log/maillog
cron.*                                                           /var/log/cron
*.emerg                                                          *
uucp,news.crit                                                   /var/log/spooler
local7.*                                                         /var/log/boot.log
local6.info;local6.!notice                                       /var/log/vmksummary
local6.warning                                                   /var/log/vmkwarning
local6.notice                                                    /var/log/vmkernel
local5.*                                                         /var/log/vmkproxy
local4.*                                                         /var/log/storageMonitor
*.warning;*.emerg;*.err;*.crit;*.alert                           @my_scom_server_1
*.warning;*.emerg;*.err;*.crit;*.alert                           @my_scom_server_2
EOF

echo “closing firewall…”
esxcfg-firewall –blockIncoming > /dev/null 2>&1

echo ” disabling ASR…”
hpasmcli -s “disable asr” > /dev/null 2>&1

echo “”
echo ” ESX Installation done. Doing final reboot…”
echo “”
echo “ESX installed on `date +”%d.%m.%Y”` – `hostname -f`” >> /root/installed

sleep 15

cd /root
vmware-vim-cmd /hostsvc/maintenance_mode_enter > /dev/null 2>&1

sleep 15

rm -rf /tmp/* > /dev/null 2>&1
shutdown -r 1 ” ESX Installation done. Doing final reboot…”
EOF2

geschrieben von Sven