# VMware ESX4 template Kickstart file # VMware Specific Commands vmaccepteula # Timezone timezone Europe/London # Keyboard keyboard uk # Unencrypted root password: password auth --enableshadow --enablemd5 rootpw --iscrypted $1$5a17$In5zYe6YsCty76AycpGaf/ # Reboot after install reboot # Network install type network --device=vmnic0 --bootproto=static --ip=[IPADDR] --netmask=255.255.255.0 --gateway=192.168.3.199 --nameserver=192.168.3.199 --hostname=[HOSTNAME].vi4book.com --addvmportgroup=0 # Firewall settings firewall --disabled # Clear Partitions clearpart --drives=[DISKTYPE] --overwritevmfs # BootLoader ( The user has to use grub by default ) bootloader --location=mbr --driveorder=[DISKTYPE] # Manual Paritioning part /boot --fstype=ext3 --size=250 --ondisk=[DISKTYPE] part None --fstype=vmkcore --size=100 --ondisk=[DISKTYPE] part local_[HOSTNAME] --fstype=vmfs3 --size=20000 --ondisk=[DISKTYPE] --grow virtualdisk vd1 --size=15000 --onvmfs=local_[HOSTNAME] part swap --fstype=swap --size=1600 --onvirtualdisk=vd1 part /opt --fstype=ext3 --size=2048 --onvirtualdisk=vd1 part /tmp --fstype=ext3 --size=2048 --onvirtualdisk=vd1 part /home --fstype=ext3 --size=2048 --onvirtualdisk=vd1 part / --fstype=ext3 --size=5120 --onvirtualdisk=vd1 --grow %packages %post --interpreter=bash # Create vSwitch1 with a port group of Internal esxcfg-vswitch -a vSwitch1 esxcfg-vswitch -A Internal-[HOSTNAME] vSwitch1 # Create a vSwitch2 with a port group of Production using vmnic1 esxcfg-vswitch -a vSwitch2 esxcfg-vswitch -A Production vSwitch2 esxcfg-vswitch -L vmnic1 vSwitch2 # Create a vSwitch3 with a port group of VMotion using vmnic2 esxcfg-vswitch -a vSwitch3 esxcfg-vswitch -A VMotion vSwitch3 esxcfg-vswitch -L vmnic2 vSwitch3 esxcfg-vmknic -a VMotion -i [VMOTIONIP] -n 255.255.255.0 # On its own vmknic cannot enable VMotion... # This enables VMotion from the Service Console # BUT I CAN'T GET IT WORKING WITH THE SCRIPT vmware-vim-cmd hostsvc/vmotion/vnic_set vmk0 vmware-vim-cmd hostsvc/net/refresh # Create add with a port group for iSCSI/iSCSI-COS using vSwitch3 esxcfg-vswitch -a vSwitch4 esxcfg-vswitch -A iSCSI vSwitch4 esxcfg-vswitch -L vmnic3 vSwitch4 esxcfg-vmknic -a iSCSI -i [VMKISCISI] -n 255.255.255.0 esxcfg-vswitch -A iSCSI-COS vSwitch4 esxcfg-vswif -a vswif1 -p iSCSI-COS -i [VMKISCISI2NDCOSPORT] -n 255.255.255.0 # HA Heartbeat Port on VMotion Switch esxcfg-vswitch -A HA-Heartbeat vSwitch3 esxcfg-vswif -a vswif2 -p HA-Heartbeat -i [HAHEARTBEAT] -n 255.255.255.0 # Set-up iSCSI Software Emulator esxcfg-swiscsi -e vmkiscsi-tool -D -a 172.168.3.100 vmhba34 esxcfg-swiscsi -s # Connect to a NAS... esxcfg-nas -a nas-iso -o 172.168.3.100 -s /iso # VLAN Example # esxcfg-vswitch -a vSwitch2 # esxcfg-vswitch -A accounts vSwitch2 # esxcfg-vswitch -A rnd vSwitch2 # esxcfg-vswitch -A sales vSwitch2 # esxcfg-vswitch -L vmnic4 vSwitch2 # esxcfg-vswitch -L vmnic5 vSwitch2 # esxcfg-vswitch -v 10 -p accounts vSwitch2 # esxcfg-vswitch -v 20 -p rnd vSwitch2 # esxcfg-vswitch -v 30 -p sales vSwitch2 # Add 2nd/3rd DNS settings echo nameserver 192.168.3.200 >> /etc/resolv.conf echo nameserver 192.168.3.201 >> /etc/resolv.conf # Create a local user for SSH Access - Default password is password useradd -p '$1$Rg69B9QA$JUtqStBrjNFbyzyP9zTsf0' -c "Mike Laverick" lavericm # DANGEROUS: Allow ROOT access using SSH sed -e 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new mv -f /etc/ssh/sshd_config.new /etc/ssh/sshd_config service sshd restart # Enable the SSH client (Out/From an ESX hosts) esxcfg-firewall -e sshClient echo restrict 127.0.0.1 > /etc/ntp.conf echo restrict default kod nomodify notrap noquery nopeer >> /etc/ntp.conf echo server 0.uk.pool.ntp.org >> /etc/ntp.conf echo server 1.uk.pool.ntp.org >> /etc/ntp.conf echo server 2.uk.pool.ntp.org >> /etc/ntp.conf echo server 3.uk.pool.ntp.org >> /etc/ntp.conf echo fudge 127.127.1.0 stratum 10 >> /etc/ntp.conf echo driftfile /var/lib/ntp/drift >> /etc/ntp.conf # Create the Step-Tickers File echo server 0.uk.pool.ntp.org >> /etc/ntp/step-tickers echo server 1.uk.pool.ntp.org >> /etc/ntp/step-tickers echo server 2.uk.pool.ntp.org >> /etc/ntp/step-tickers echo server 3.uk.pool.ntp.org >> /etc/ntp/step-tickers # Handle the Service Management esxcfg-firewall -e ntpClient service ntpd start chkconfig --level 3 ntpd on hwclock --systohc # SSH Legal Message... # The echo >> /etc/banner are blank spaces for readability... echo >> /etc/banner echo This is a private system. >> /etc/banner echo Do not attempt to login unless you are an authorised user. >> /etc/banner echo Any authorised or unauthorised access and use, may be monitored >> /etc/banner echo and can result in criminal or civil prosecution under applicable law. >> /etc/banner echo >> /etc/banner echo The United Kingdown of England, Ireland, Scottland and Wales >> /etc/banner echo Computer Misuse Act 1990 >> /etc/banner echo http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm >> /etc/banner echo >> /etc/banner echo Banner /etc/banner >> /etc/ssh/sshd_config