Post-install script for VMware ESX

PostDateIcon February 23rd, 2009 | PostAuthorIcon Author: Riccardo

This post will show a simple post installation script for VMware ESX server to avoid a lot of manual configuration and some reboot to apply changes.
In the script I’m going to :
- Add an SSH banner text
- Unload unuseful modules (i.e. vmfs2 support)
- Adjust some settings for SAN access
- Increase Service Console Memory reservation to 800 MB
- Configure networking with portgroup and vlan
- Set mgmg.local as the local domain
- Add to hosts file all other esx
- Configure NTP

This script assume you have 4 esx hosts (esx01.mgmt.local, esx02.mgmt.local and so on), and you have 4 phisical NICs on each host.
Assume also you want to create networking for the following networks :
- LAN (with VLAN ID 1) for Internal Network Virtual Machines
- DMZ (with VLAN ID 10) for Virtual Machines accessible from externals network
- TS (with VLAN ID 11) for Terminal Service Virtual Machines
- LAB (with VLAN ID 12) for LAB VMs
- TEST (with VLAN ID 99) for Testing purpose

Copy and paste the following script wherever you want on your fresh installed ESX server, assign to it executable permission (only by root), execute it and after a system restart delete it.

The following is the script :

#!/bin/sh
#
# Post install script for ESX Server 3.x
# created by Riccardo Riva

##################################
# Start ESX Configuration script #
##################################

#Temporarily open all ports through the ESX firewall:
esxcfg-firewall -allowIncoming
esxcfg-firewall -allowOutgoing

#Enable services through the ESX firewall:
esxcfg-firewall -e sshClient
esxcfg-firewall -e ntpClient
esxcfg-firewall -e snmpd

#Modification to display full path in COS:
mv /etc/bashrc /etc/bashrc.orig
sed -e “s/\\h \\\W/\\h \\\w/g” /etc/bashrc.orig > /etc/bashrc

#Set SSH banner text:
echo $bannertxt1 > /etc/ssh/banner
echo ” Legal Notice” >>/etc/ssh/banner
echo $bannertxt2 >> /etc/ssh/banner
echo ” WARNING: USE OF THIS PRIVATE COMPUTER SYSTEM IS YOUR ” >> /etc/ssh/banner
echo $bannertxt3 >> /etc/ssh/banner
echo ” CONSENT TO BEING MONITORED AND RECORDED. UNAUTHORIZED ” >> /etc/ssh/banner
echo $bannertxt4 >> /etc/ssh/banner
echo ” USE IS PROHIBITED. WE RESERVE THE RIGHT TO SEEK ALL ” >> /etc/ssh/banner
echo $bannertxt5 >> /etc/ssh/banner
echo ” REMEDIES FOR UNAUTHORIZED USE. EVIDENCE OF SUSPECTED ” >> /etc/ssh/banner
echo $bannertxt6 >> /etc/ssh/banner
echo ” ILLEGAL USE MAY BE GIVEN TO LAW ENFORCEMENT. ” >> /etc/ssh/banner
echo $bannertxt7 >> /etc/ssh/banner
echo “banner /etc/ssh/banner” >> /etc/ssh/sshd_config
service sshd restart

#Add some additional error logging on the consoles:
cp /etc/syslog.conf /etc/syslog.orig
# Three lines below: we want to see several more severe log entries on TTYs too.
echo “# ” >> /etc/syslog.conf
echo “# Comment-out 3 lines below to protect tty10-tty12″ >> /etc/syslog.conf
echo “*.=crit /dev/tty12″ >> /etc/syslog.conf
echo “*.=err /dev/tty11″ >> /etc/syslog.conf
echo “*.=warning /dev/tty10″ >> /etc/syslog.conf
# The line below: restart system logging daemon to activate above additions.
/etc/init.d/syslog restart

#Unload the VMFS-2 module to improve LUN and volume scan speed and improve overall performance:
vmkload_mod -u vmfs2

#Modification to prevent vmfs2 module from loading to improve LUN and volume scan speed and improve overall performance:
mv /etc/init.d/vmware /etc/init.d/vmware.orig
sed -e “s/echo \”vmfs2 vmfs2\”/\#echo \”vmfs2 vmfs2\”/g” /etc/init.d/vmware.orig > /etc/init.d/vmware
chmod 744 /etc/init.d/vmware

#SAN multipathing best practice:
esxcfg-advcfg -s 1 /Disk/UseLunReset
esxcfg-advcfg -s 0 /Disk/UseDeviceReset
service mgmt-vmware restart

#Set Disk.MaxLUN to 40 to reduce rescan time:
esxcfg-advcfg -s 40 /Disk/MaxLUN
service mgmt-vmware restart

#Set Disk.SchedNumReqOutstanding to 64 to increase number of requests each VM can have against a single LUN at any given time:
esxcfg-advcfg -s 64 /Disk/SchedNumReqOutstanding
service mgmt-vmware restart

#Increase service console RAM allocation to 800MB:
mv -f /etc/vmware/esx.conf /etc/vmware/esx.conf.orig
sed -e ’s/boot\/memSize = \”272\”/boot\/memSize = \”800\”/g’ /etc/vmware/esx.conf.orig >> /etc/vmware/esx.conf
mv -f /boot/grub/grub.conf /boot/grub/grub.conf.orig
sed -e ’s/uppermem 277504/uppermem 523264/g’ -e ’s/mem=272M/mem=800M/g’ /boot/grub/grub.conf.orig >> /boot/grub/grub.conf

#Create VirtualCenter Agent temp install directory to prevent VC Agent install failures during future upgrades:
mkdir -p /tmp/vmware-root/

#Ensure the firewall is enabled and running before final build completion:
service firewall start
esxcfg-firewall -blockIncoming
esxcfg-firewall -blockOutgoing

#Create remaining networking adding vmnic1, vmnic2 and vmnic3 to vm_switch0
# vmnic0 and vmnic2 must be added to vswitch0 for ServiceConsole and VMotion purpose :
esxcfg-vswitch -a vm_switch0
esxcfg-vswitch -L vmnic1 vm_switch0
esxcfg-vswitch -L vmnic2 vm_switch0
esxcfg-vswitch -L vmnic3 vm_switch0
#create portgroup for the Production VLAN and tag with id: 1 because this is configured as the native VLAN
esxcfg-vswitch -A LAN vm_switch0
esxcfg-vswitch -p LAN vm_switch0 -v 1
#create portgroup for the DMZ VLAN and tag with id: 10
esxcfg-vswitch -A DMZ_VID10 vm_switch0
esxcfg-vswitch -p DMZ_VID10 vm_switch0 -v 10
#create portgroup for the TS VLAN and tag with id: 11
esxcfg-vswitch -A TS_VID11 vm_switch0
esxcfg-vswitch -p TS_VID11 vm_switch0 -v 11
#create portgroup for the LAB VLAN and tag with id: 12
esxcfg-vswitch -A LAB_VID12 vm_switch0
esxcfg-vswitch -p LAB_VID12 vm_switch0 -v 12
#create portgroup for the TEST VLAN and tag with id: 99
esxcfg-vswitch -A TEST_VID99 vm_switch0
esxcfg-vswitch -p TEST_VID99 vm_switch0 -v 99
service mgmt-vmware restart

#Add .mgmt.local to domain suffix search order:
echo “search mgmt.local” >> /etc/resolv.conf

#Add static host entries so HA agent installs and functions properly:
mv /etc/hosts /etc/hosts.orig
echo “127.0.0.1 localhost.localdomain localhost” >> /etc/hosts
echo ” ” >> /etc/hosts
echo “# Production” >> /etc/hosts
echo “10.0.0.11 esx01.mgmt.local” >> /etc/hosts
echo “10.0.0.11 esx01″ >> /etc/hosts
echo “10.0.0.12 esx02.mgmt.local” >> /etc/hosts
echo “10.0.0.12 esx02″ >> /etc/hosts
echo “10.0.0.13 esx03.mgmt.local” >> /etc/hosts
echo “10.0.0.13 esx03″ >> /etc/hosts
echo “10.0.0.14 esx04.mgmt.local” >> /etc/hosts
echo “10.0.0.14 esx04″ >> /etc/hosts

#Configure time zone and NTP:
cp /etc/ntp.conf /etc/ntp.orig
ln -sf /usr/share/zoneinfo/Europe/Italy /etc/localtime
echo “server pool.ntp.org” >> /etc/ntp.conf
echo “server time.ien.it” >> /etc/ntp.conf
echo “pool.ntp.org” >> /etc/ntp/step-tickers
echo “time.ien.it” >> /etc/ntp/step-tickers
esxcfg-firewall -e ntpClient
chkconfig –level 345 ntpd on
service ntpd restart
hwclock –systohc

#Inject install completion date/time stamp into Message Of The Day:
dateTime=`date ‘+%c’`
echo “Built on “$dateTime” by Riccardo Riva.” > /etc/motd

reboot

################################
# Ens ESX Configuration script #
################################

Hope this help

bye
RiccardoPrint This Post Print This Post

Posted in VMWare | Tags: , ,

Leave a Reply

Spam Protection by WP-SpamFree

Contacts
Look at me at Linkedin Follow me on Twitter
My Flickr Albums My Facebook profile My YouTube Videos
SkypeMe My Linux Counter GMail me
Search
Google Search
Categories
Tag Cloud 3D
Tag Cloud
FeedBurner RSS

Visitors
Locations of visitors to this page
VMware related Blogs
The following are Blog sites with feeds I personally follow. When I'll have some spare time I will complete all Feed and Twitter links.

RSS My VMware Feeds
Powered by WordPress Powered by Linux Hosted on Apache Interpreted by PHP Database on MySQL License Details
W3C XHTML Validator W3C CSS Validator

WordPress theme designed by Riccardo Riva.