SlideShare a Scribd company logo

Kickstat File_Draft_ESXI5.1_Template

Download as DOCX, PDF
L
Luca Viscomi
1 of 12
# +---------------------------------------------------------------------------+ # | KickstatFile :esx-pri # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Start of ESXi 5.0.0 Update1(Build623860) KickStart Script(1-5-2012) # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # |IsIt a Dryrun (parse andtest) # +---------------------------------------------------------------------------+ #dryrun # +---------------------------------------------------------------------------+ # | AcceptLicense agreement # +---------------------------------------------------------------------------+ vmaccepteula # +---------------------------------------------------------------------------+ # | DiskPartitioning # | Clearall partitionsinfirstdetecteddiskandoverwrite anyVMFS # | partitionsonthe specifieddrives. # +---------------------------------------------------------------------------+ #clearpart--firstdisk --overwritevmfs clearpart--firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Installationmedialocation # +---------------------------------------------------------------------------+ # Freshinstallationonfirstdiskandoverwrite anexistingVMFSdatastore #install --firstdisk --overwritevmfs install --firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Rootpasswordand Authicationformat # | Defaultisshadowpasswordenabled,MD5-basedpasswordsenabled # | EncryptedRootPasswordinMD5 format # +---------------------------------------------------------------------------+ # rootpasswordinMD5 format rootpw --iscrypted$1$hgxyTT/.$J7eWEYxhJsMgwFSWbkW0L. #rootpwpassword # +---------------------------------------------------------------------------+ # | Rebootafterinstallation
# +---------------------------------------------------------------------------+ reboot # +---------------------------------------------------------------------------+ # | %include # +---------------------------------------------------------------------------+ %include /tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunbefore the kickstartconfigurationisevaluated # +---------------------------------------------------------------------------+ %pre --interpreter=busybox # +---------------------------------------------------------------------------+ # | SetdefaultManagementInterface # | addvmportgroupsetto"0" to disable the creationof defaultguestVMNetwork # +---------------------------------------------------------------------------+ VMK_INT="vmk0" VMK_LINE=$(localcli networkipinterface ipv4get|grep"${VMK_INT}") IPADDR=192.168.5.100 NETMASK=255.255.255.0 GATEWAY="192.168.5.253" DNS="192.168.5.30" HOSTNAME=esx-pri vlanid="**5" echo"network --bootproto=static--addvmportgroup=false--device=vmnic0--ip=${IPADDR} -- netmask=${NETMASK} --gateway=${GATEWAY} --nameserver=${DNS} --hostname=${HOSTNAME} -- vlanid=${vlanid}">/tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi isinstalledandbefore reboot # +---------------------------------------------------------------------------+ %post--interpreter=busybox --ignorefailure=true # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi installationandafterfirst reboot # | Most of the shell commandwill enabledafterthe firstreboot # +---------------------------------------------------------------------------+ %firstboot--interpreter=busybox
# +---------------------------------------------------------------------------+ # | SetScriptVariable foruse inscript # | Variable canonlybe define afterthe firstrebootandwhenthe full bshell # | isin place # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | rename local datastore tosomethingmore meaningful # +---------------------------------------------------------------------------+ vim-cmdhostsvc/datastore/renamedatastore1"$(hostname -s)-datastore1" # +---------------------------------------------------------------------------+ # | AssignVMware license # +---------------------------------------------------------------------------+ vim-cmdvimsvc/license--setM5425-42244-48J48-0232H-****** # +---------------------------------------------------------------------------+ # | vSwitchconfiguration # +---------------------------------------------------------------------------+ # vSwitch0: Active->vmnic0,vmnic2Standby->vmnic1,vmnic3, # failback:yes # faildectection:link # loadbalancing:portid # notifyswitches:yes # avgbw: 1000000 Kbps # peakbw:1000000 Kbps # burstsize:819200 KBps # allowforgedtransmits:no # allowmacchange:no # allowpromiscuousno # cdpstatus: both # +---------------------------------------------------------------------------+ # | attach vmnic1,vmnic2,vmnic3tovSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandarduplinkadd --uplink-namevmnic1--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic2--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic3--vswitch-namevSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic4--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic5--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic6--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic7--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | remove defaultVMNetworkportgroupif required? # +---------------------------------------------------------------------------+
esxcli networkvswitchstandardportgroupremove --portgroup-name="VMNetwork"--vswitch- name vSwitch0 # +---------------------------------------------------------------------------+ # | configure portgroup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgroupadd --portgroup-name SED-I-**1--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-I-**1--vlan-id**1 esxcli networkvswitchstandardportgroupadd --portgroup-name DPM-DPM-**2--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name DPM-DPM-**2--vlan-id**2 esxcli networkvswitchstandardportgroupadd --portgroup-name ILO-**3--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name ILO-**3--vlan-id**3 esxcli networkvswitchstandardportgroupadd --portgroup-name CISCO-**4--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CISCO-**4--vlan-id**4 #esxcli networkvswitchstandardportgroupadd --portgroup-name Scon-**5--vswitch-name vSwitch0 #esxcli networkvswitchstandardportgroupset --portgroup-name"ManagementNetwork"--vlan-id **5 esxcli networkvswitchstandardportgroupadd --portgroup-name CCM-DPM-**7--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CCM-DPM-**7--vlan-id**7 esxcli networkvswitchstandardportgroupadd --portgroup-name SED-X--vswitch-namevSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-X--vlan-id0 esxcli networkvswitchstandardportgroupadd --portgroup-name SIP-X--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset--portgroup-name SIP-X--vlan-id0 # +---------------------------------------------------------------------------+ # |configure cdp # +---------------------------------------------------------------------------+ esxcli networkvswitchstandard set--cdp-statusboth --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | edited - configure active andstandbyuplinksforvSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset --active-uplinksvmnic0,vmnic2--standby-uplinks vmnic1,vmnic3--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | editedconfigure failure detection+loadbalancing(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset--failbackyes --failure-detectionlink --load- balancingportid --notify-switchesyes --vswitch-name vSwitch0
# +---------------------------------------------------------------------------+ # | FAILOVERCONFIGURATIONS - Portgropup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --active-uplinksvmnic1,vmnic3-- standby-uplinksvmnic0,vmnic2--portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | configure failure detection+loadbalancingon"ManagementNetwork"Portgroup # |(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --failbackyes --failure-detectionlink -- load-balancingportid --notify-switchesyes --portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | SECURITY CONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicysecurityset --allow-forged-transmitsno--allow-mac-change no --allow-promiscuousno --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | SHAPINGCONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyshapingset--enabledyes --avg-bandwidth100000 --peak- bandwidth100000 --burst-size 819200 --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | Update the file /etc/vmware/hostd/hostsvc.xmlwiththe parameterstotickthe # |ManagementNetworkportgroupManagementTrafficbox # +---------------------------------------------------------------------------+ echo"Stoppingthe hostd" /etc/init.d/hostdstop sleep5 echo"Enabling'Management'onvmk0" sed -ie 's/<ConfigRoot>/<ConfigRoot>n<mangementVnics>n<nicid="0000">vmk0</nic>n </mangementVnics>/'/etc/vmware/hostd/hostsvc.xml echo"Startingthe hostd" /etc/init.d/hostdstart # +---------------------------------------------------------------------------+ # | enable managementinterface # +---------------------------------------------------------------------------+ # Still needtouse python/MOBtrick cat > /tmp/enableVmkInterface.py<<__ENABLE_MGMT_INT__ importsys,re,os,urllib,urllib2
# connectioninfotoMOB url = "https://localhost/mob/?moid=ha-vnic-mgr&method=selectVnic" username = "root" password= "password" # Create global variables global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params #auth passman= urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None,url,username,password) authhandler=urllib2.HTTPBasicAuthHandler(passman) opener= urllib2.build_opener(authhandler) urllib2.install_opener(opener) # Code tocapture requiredpage dataandcookie requiredforpostbackto meetCSRF requirements ### req= urllib2.Request(url) page = urllib2.urlopen(req) page_content=page.read() # regex togetthe vmware-session-nonce value fromthe hiddenformentry reg = re.compile('name="vmware-session-nonce"type="hidden"value="?([^s^"]+)"') nonce = reg.search(page_content).group(1) # getthe page headerstocapture the cookie headers= page.info() cookie = headers.get("Set-Cookie") #execute method params = {'vmware-session-nonce':nonce,'nicType':'management','device':'vmk0'} e_params= urllib.urlencode(params) req= urllib2.Request(url,e_params,headers={"Cookie":cookie}) page = urllib2.urlopen(req).read() __ENABLE_MGMT_INT__ python/tmp/enableVmkInterface.py # +---------------------------------------------------------------------------+ # | SYSLOG CONFIGURATION # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigset --default-rotate=20-- loghost=udp://192.168.9.238:514,ssl://192.168.9.238:1514 # +---------------------------------------------------------------------------+
# | change the individualsyslogrotationcount # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigloggerset --id=hostd--rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=vmkernel --rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=fdm--rotate=20 esxcli systemsyslogconfigloggerset --id=vpxa--rotate=20 # +---------------------------------------------------------------------------+ # | NTPCONFIGURATIONS # +---------------------------------------------------------------------------+ cat > /etc/ntp.conf <<__NTP_CONFIG__ restrictdefaultkodnomodifynotrapnoquerynopeer restrict127.0.0.1 server192.168.5.30 __NTP_CONFIG__ /sbin/chkconfig--level345 ntpdon # +---------------------------------------------------------------------------+ # | FIREWALLCONFIGURATION # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Enable firewall # +---------------------------------------------------------------------------+ esxcli networkfirewall set--default-actionfalse --enabled=yes # +---------------------------------------------------------------------------+ # | servicestoenable bydefault # +---------------------------------------------------------------------------+ FIREWALL_SERVICES="syslogntpClientvSphereClient" for SERVICEin${FIREWALL_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE} --enabled=yes done # +---------------------------------------------------------------------------+ # | Deny Allowed-all accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_DIP_SERVICES="syslogntpClientvSphereClient" for SERVICE_DIPin${FIREWALL_DIP_SERVICES} do esxcli networkfirewall rulesetset--allowed-all=false --ruleset-id${SERVICE_DIP} done
# +---------------------------------------------------------------------------+ # | configure IPV4accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_IP_SERVICES="syslogntpClientvSphereClient" for SERVICE_IPin${FIREWALL_IP_SERVICES} do esxcli networkfirewall rulesetallowedipadd --ip-address=192.168.5.30 --ruleset-id${SERVICE_IP} done # +---------------------------------------------------------------------------+ # | swicthoff firewallports # +---------------------------------------------------------------------------+ FIREWALL_D_SERVICES="dnsfaultTolerance NFCHBRWOL webAccessnetDumpsnmpvMotiondhcp CIMSLP CIMHttpServerCIMHttpsServervpxHeartbeats" for SERVICE_Din ${FIREWALL_D_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE_D} --enabled=no done # +---------------------------------------------------------------------------+ # | enable &start remote ESXi Shell (SSH) # +---------------------------------------------------------------------------+ vim-cmdhostsvc/enable_ssh vim-cmdhostsvc/start_ssh # +---------------------------------------------------------------------------+ # | Refreshall firewall services # +---------------------------------------------------------------------------+ #esxcli networkfirewall refresh # +---------------------------------------------------------------------------+ # | Save the firewall configuration # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname -s)-datastore1 # +---------------------------------------------------------------------------+ # | addconfigurationtothe /etc/rc.local file # +---------------------------------------------------------------------------+ #sed-i '$ acp/vmfs/volumes/$(hostname-s)-datastore1/services.xml /etc/vmware/firewall' /etc/rc.local #sed-i '$ aesxcli networkfirewall refresh'/etc/rc.local # +---------------------------------------------------------------------------+ # | Shutdownthe DCUI & vpxa& USB arbitrator(SSHlefton)
# +---------------------------------------------------------------------------+ FIREWALL_DAEMON_SERVICES="DCUIvpxausbarbitratorESXShellsfcbd-watchdog" for SERVICE_DAEMON in${FIREWALL_DAEMON_SERVICES} do chkconfig${SERVICE_DAEMON} off done # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | ESXi Host - SecuiryHardening # +---------------------------------------------------------------------------+ vim-cmdproxysvc/remove_service "/""httpsWithRedirect" vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" # +---------------------------------------------------------------------------+ # | Create SSH Banner # +---------------------------------------------------------------------------+ /bin/cat> /etc/banner.new<<SSHEOF ${INDENTATION:-}====================================================== ${INDENTATION:-}= Company.COMLTD = ${INDENTATION:-}====================================================== ${INDENTATION:-} ${INDENTATION:-}====================================================== ${INDENTATION:-}= WARNING:UNAUTHORIZEDUSE IS PROHIBITED = ${INDENTATION:-}= ----------------------------------------- = ${INDENTATION:-}= Propertyof Company.comLtd,andshouldonly = ${INDENTATION:-}= be accessedbyauthorizedCompanyemployees. = ${INDENTATION:-}= Do not attempttologinunlessyouare an = ${INDENTATION:-}= authorizeduser. = ${INDENTATION:-}= = ${INDENTATION:-}= Anyauthorizedorunauthorizedaccessanduse, = ${INDENTATION:-}= will be monitoredandanyone usingthissystem = ${INDENTATION:-}= expresslyconsentstosuchmonitoring.If such = ${INDENTATION:-}= monitoringrevealspossibleenvidence of criminal= ${INDENTATION:-}= activity,suchevidencewillbe providedtolaw = ${INDENTATION:-}= enforcementpersonnel andcanresultincriminal = ${INDENTATION:-}= or civil prosecutionunderapplicable law of = ${INDENTATION:-}= the UnitedKingdom(UK). = ${INDENTATION:-}====================================================== SSHEOF # copynewbannerfile tooverwrite /etc/issue (esxi5store it's bannerfile here)
cp /etc/banner.new/etc/issue # +---------------------------------------------------------------------------+ # | vm AutostartRules#configure virtual machine autostartrules # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/autostartmanager/enable_autostarttrue #vim-cmdhostsvc/autostartmanager/update_defaults120120 "GuestShutdown"true # +---------------------------------------------------------------------------+ # | auto restartall Vm's # +---------------------------------------------------------------------------+ sed-i '$ afor i in $(vim-cmdvmsvc/getallvms|cut -f1-d""|grep-vVmid);dovim-cmd vmsvc/power.on$i;sleep10;done'/etc/rc.local # +---------------------------------------------------------------------------+ # | Update ESXi Host # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/maintenance_mode_enter #DS=`ls /vmfs/volumes/|grepdatastore` #wget-P "/vmfs/volumes/${DS}/"http://10.10.55.5/ESXi500-201111001.zip #esxcli software vibupdate --depot="/vmfs/volumes/${DS}/ESXi500-201111001.zip" #vim-cmdhostsvc/maintenance_mode_exit # +---------------------------------------------------------------------------+ # | Create Resource Pools(SED=pool0,DPM=pool2,CCM=pool3) # +---------------------------------------------------------------------------+ #vim-cmd/hostsvc/rsrc/create --cpu-max=4800--cpu-shares=normal --cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=2048--mem-shares=normal ha-root-pool SED vim-cmd/hostsvc/rsrc/create--cpu-max=480--cpu-shares=normal--cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=204--mem-shares=normal ha-root-pool SED #vim-cmd/hostsvc/rsrc/create --cpu-min=5664 --cpu-max=2400--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=16384 --mem-min-expandable=FALSE--mem-max=16384 --mem- shares=highha-root-pool DPM vim-cmd/hostsvc/rsrc/create--cpu-min=566--cpu-max=240--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=163--mem-min-expandable=FALSE--mem-max=163--mem- shares=highha-root-pool DPM #vim-cmd/hostsvc/rsrc/create --cpu-min=2400 --cpu-max=2400--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=1024 --mem-min-expandable=FALSE--mem-max=1024--mem- shares=normal ha-root-pool CCM vim-cmd/hostsvc/rsrc/create--cpu-min=240--cpu-max=240--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=102--mem-min-expandable=FALSE--mem-max=102--mem- shares=normal ha-root-pool CCM
# +---------------------------------------------------------------------------+ # | Importthe SED formthe DVD-ROM,unzipthe .tar file andregisterthe VM # +---------------------------------------------------------------------------+ vmkload_modiso9660 vsish-e set/vmkModules/iso9660/mount$(esxcfg-mpath-b|grep"CD-ROM" | awk '{print$1}') #source_dir=/vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM #post_dir=/vmfs/volumes/$(hostname -s)-datastore1/Staging_Folder mkdir-p/vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder #cp -r${source_dir}/*${post_dir} cp -r /vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM/*/vmfs/volumes/$(hostname -s)- datastore1/Staging_Folder sleep5 tar -zxvf /vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder/2012SED-A.TGZ-C /vmfs/volumes/$(hostname -s)-datastore1 sleep5 # +---------------------------------------------------------------------------+ # | Registerthe SEDwithESXi inside Resource pool (SED,pool0) # +---------------------------------------------------------------------------+ #####advanced options####vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)- datastore1/2012alpha-SED-B/2012alpha-SED-B.vmx `cat/etc/vmware/hostd/pools.xml |grep"SED" -A1 | grep"[objID]"|sed's///;s/</objID>//g'|sed -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//'` vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)-datastore1/2012alpha-SED-B/2012alpha- SED-B.vmx 2012alpha-SED-Bpool0 # +---------------------------------------------------------------------------+ # | Save the firewall configurationonthe post? # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname-s)-datastore1 # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | copy %firstbootscriptlogsto persisteddatastore # +---------------------------------------------------------------------------+ cp /var/log/hostd.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-hostd.log" cp /var/log/esxi_install.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-esxi_install.log" cp /etc/vmware/esx.conf"/vmfs/volumes/$(hostname-s)-datastore1"
# +---------------------------------------------------------------------------+ # | Reboot # +---------------------------------------------------------------------------+ reboot ##-------------------------------------------------------------------------- ## End of kickstartScript ##--------------------------------------------------------------------------

Recommended

Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)
Tola LENG
 
PhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdatePhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment Update
APNIC
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
Tola LENG
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
Chanaka Lasantha
 
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseConfigure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Tola LENG
 
Open vpn server_linux
Open vpn server_linuxOpen vpn server_linux
Open vpn server_linux
Tola LENG
 
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on Linux
Devin Olson
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
Candan BOLUKBAS
 

Recommended

Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)Configure Proxy and Firewall (Iptables)
Configure Proxy and Firewall (Iptables)
Tola LENG
 
PhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment UpdatePhNOG 2019: RPKI Deployment Update
PhNOG 2019: RPKI Deployment Update
APNIC
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
Tola LENG
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
Chanaka Lasantha
 
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseConfigure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise
Tola LENG
 
Open vpn server_linux
Open vpn server_linuxOpen vpn server_linux
Open vpn server_linux
Tola LENG
 
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on Linux
Devin Olson
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
Candan BOLUKBAS
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
Tola LENG
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
 
Network commands
Network commandsNetwork commands
Network commands
Dr. Mahadev Gawas
 
Dns explained
Dns explainedDns explained
Dns explained
Lucas Girardin
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
 
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)
Tola LENG
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
 
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
Tola LENG
 
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola LENG
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
Josiah Ritchie
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
alexis marck Huiza Canchanya
 
Linux networking
Linux networkingLinux networking
Linux networking
Armando Reis
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
Gireesh Hariharasubramony
 
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Redis Labs
 
New text document (2)
New text document (2)New text document (2)
New text document (2)
Furqaan Aan
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
 
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Puppet
 
neutron测试例子
neutron测试例子neutron测试例子
neutron测试例子
Jesse 郑晓明
 
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
Shaun Domingo
 
What is new in neutron QoS?
What is new in neutron QoS?What is new in neutron QoS?
What is new in neutron QoS?
Sławomir Kapłoński
 

More Related Content

What's hot

Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
 
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola LENG
 
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Redis Labs
 

What's hot (18)

Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
 
Network commands
Network commandsNetwork commands
Network commands
 
Dns explained
Dns explainedDns explained
Dns explained
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
 
DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)DNS windows server(2008R2) & linux(SLES 11)
DNS windows server(2008R2) & linux(SLES 11)
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
 
Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11Configure proxy firewall on SuSE Linux Enterprise Server 11
Configure proxy firewall on SuSE Linux Enterprise Server 11
 
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_Tola.leng mail server (sq_mail &amp; rcmail)_q5_
Tola.leng mail server (sq_mail &amp; rcmail)_q5_
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Vyos clustering ipsec
Vyos clustering ipsecVyos clustering ipsec
Vyos clustering ipsec
 
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
Real Time Health Analytics With WebSockets Python 3 and Redis PubSub: Benjami...
 
New text document (2)
New text document (2)New text document (2)
New text document (2)
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
 

Similar to Kickstat File_Draft_ESXI5.1_Template

Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Puppet
 

Similar to Kickstat File_Draft_ESXI5.1_Template (20)

Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
Cloudy with a Chance of Fireballs: Provisioning and Certificate Management in...
 
neutron测试例子
neutron测试例子neutron测试例子
neutron测试例子
 
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
CoreOS in anger : firing up wordpress across a 3 machine CoreOS cluster
 
What is new in neutron QoS?
What is new in neutron QoS?What is new in neutron QoS?
What is new in neutron QoS?
 
Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013Couch to OpenStack: Glance - July, 23, 2013
Couch to OpenStack: Glance - July, 23, 2013
 
Org Beamer
Org BeamerOrg Beamer
Org Beamer
 
Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7
 
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet Factory
 
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
The Mission Critical Cloud @ Apache CloudStack meetup Amsterdam June 2015
 
IP Addresses
IP AddressesIP Addresses
IP Addresses
 
Sql2
Sql2Sql2
Sql2
 
(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud(NET301) New Capabilities for Amazon Virtual Private Cloud
(NET301) New Capabilities for Amazon Virtual Private Cloud
 
Mysql56 replication
Mysql56 replicationMysql56 replication
Mysql56 replication
 
Deep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private CloudDeep Dive: Amazon Virtual Private Cloud
Deep Dive: Amazon Virtual Private Cloud
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
 
Operation outbreak
Operation outbreakOperation outbreak
Operation outbreak
 
XML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful ServicesXML / WEB SERVICES & RESTful Services
XML / WEB SERVICES & RESTful Services
 
Development Workflows on AWS
Development Workflows on AWSDevelopment Workflows on AWS
Development Workflows on AWS
 
PuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and PuppetPuppetConf 2013 vCloud Hybrid Service and Puppet
PuppetConf 2013 vCloud Hybrid Service and Puppet
 

Kickstat File_Draft_ESXI5.1_Template

  • 1. # +---------------------------------------------------------------------------+ # | KickstatFile :esx-pri # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Start of ESXi 5.0.0 Update1(Build623860) KickStart Script(1-5-2012) # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # |IsIt a Dryrun (parse andtest) # +---------------------------------------------------------------------------+ #dryrun # +---------------------------------------------------------------------------+ # | AcceptLicense agreement # +---------------------------------------------------------------------------+ vmaccepteula # +---------------------------------------------------------------------------+ # | DiskPartitioning # | Clearall partitionsinfirstdetecteddiskandoverwrite anyVMFS # | partitionsonthe specifieddrives. # +---------------------------------------------------------------------------+ #clearpart--firstdisk --overwritevmfs clearpart--firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Installationmedialocation # +---------------------------------------------------------------------------+ # Freshinstallationonfirstdiskandoverwrite anexistingVMFSdatastore #install --firstdisk --overwritevmfs install --firstdisk=hpsa--overwritevmfs # +---------------------------------------------------------------------------+ # | Rootpasswordand Authicationformat # | Defaultisshadowpasswordenabled,MD5-basedpasswordsenabled # | EncryptedRootPasswordinMD5 format # +---------------------------------------------------------------------------+ # rootpasswordinMD5 format rootpw --iscrypted$1$hgxyTT/.$J7eWEYxhJsMgwFSWbkW0L. #rootpwpassword # +---------------------------------------------------------------------------+ # | Rebootafterinstallation
  • 2. # +---------------------------------------------------------------------------+ reboot # +---------------------------------------------------------------------------+ # | %include # +---------------------------------------------------------------------------+ %include /tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunbefore the kickstartconfigurationisevaluated # +---------------------------------------------------------------------------+ %pre --interpreter=busybox # +---------------------------------------------------------------------------+ # | SetdefaultManagementInterface # | addvmportgroupsetto"0" to disable the creationof defaultguestVMNetwork # +---------------------------------------------------------------------------+ VMK_INT="vmk0" VMK_LINE=$(localcli networkipinterface ipv4get|grep"${VMK_INT}") IPADDR=192.168.5.100 NETMASK=255.255.255.0 GATEWAY="192.168.5.253" DNS="192.168.5.30" HOSTNAME=esx-pri vlanid="**5" echo"network --bootproto=static--addvmportgroup=false--device=vmnic0--ip=${IPADDR} -- netmask=${NETMASK} --gateway=${GATEWAY} --nameserver=${DNS} --hostname=${HOSTNAME} -- vlanid=${vlanid}">/tmp/networkconfig # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi isinstalledandbefore reboot # +---------------------------------------------------------------------------+ %post--interpreter=busybox --ignorefailure=true # +---------------------------------------------------------------------------+ # | Specifiesscripttorunafter ESXi installationandafterfirst reboot # | Most of the shell commandwill enabledafterthe firstreboot # +---------------------------------------------------------------------------+ %firstboot--interpreter=busybox
  • 3. # +---------------------------------------------------------------------------+ # | SetScriptVariable foruse inscript # | Variable canonlybe define afterthe firstrebootandwhenthe full bshell # | isin place # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | rename local datastore tosomethingmore meaningful # +---------------------------------------------------------------------------+ vim-cmdhostsvc/datastore/renamedatastore1"$(hostname -s)-datastore1" # +---------------------------------------------------------------------------+ # | AssignVMware license # +---------------------------------------------------------------------------+ vim-cmdvimsvc/license--setM5425-42244-48J48-0232H-****** # +---------------------------------------------------------------------------+ # | vSwitchconfiguration # +---------------------------------------------------------------------------+ # vSwitch0: Active->vmnic0,vmnic2Standby->vmnic1,vmnic3, # failback:yes # faildectection:link # loadbalancing:portid # notifyswitches:yes # avgbw: 1000000 Kbps # peakbw:1000000 Kbps # burstsize:819200 KBps # allowforgedtransmits:no # allowmacchange:no # allowpromiscuousno # cdpstatus: both # +---------------------------------------------------------------------------+ # | attach vmnic1,vmnic2,vmnic3tovSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandarduplinkadd --uplink-namevmnic1--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic2--vswitch-namevSwitch0 esxcli networkvswitchstandarduplinkadd --uplink-namevmnic3--vswitch-namevSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic4--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic5--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic6--vswitch-name vSwitch0 #esxcli networkvswitchstandarduplinkadd --uplink-name vmnic7--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | remove defaultVMNetworkportgroupif required? # +---------------------------------------------------------------------------+
  • 4. esxcli networkvswitchstandardportgroupremove --portgroup-name="VMNetwork"--vswitch- name vSwitch0 # +---------------------------------------------------------------------------+ # | configure portgroup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgroupadd --portgroup-name SED-I-**1--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-I-**1--vlan-id**1 esxcli networkvswitchstandardportgroupadd --portgroup-name DPM-DPM-**2--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name DPM-DPM-**2--vlan-id**2 esxcli networkvswitchstandardportgroupadd --portgroup-name ILO-**3--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name ILO-**3--vlan-id**3 esxcli networkvswitchstandardportgroupadd --portgroup-name CISCO-**4--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CISCO-**4--vlan-id**4 #esxcli networkvswitchstandardportgroupadd --portgroup-name Scon-**5--vswitch-name vSwitch0 #esxcli networkvswitchstandardportgroupset --portgroup-name"ManagementNetwork"--vlan-id **5 esxcli networkvswitchstandardportgroupadd --portgroup-name CCM-DPM-**7--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name CCM-DPM-**7--vlan-id**7 esxcli networkvswitchstandardportgroupadd --portgroup-name SED-X--vswitch-namevSwitch0 esxcli networkvswitchstandardportgroupset --portgroup-name SED-X--vlan-id0 esxcli networkvswitchstandardportgroupadd --portgroup-name SIP-X--vswitch-name vSwitch0 esxcli networkvswitchstandardportgroupset--portgroup-name SIP-X--vlan-id0 # +---------------------------------------------------------------------------+ # |configure cdp # +---------------------------------------------------------------------------+ esxcli networkvswitchstandard set--cdp-statusboth --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | edited - configure active andstandbyuplinksforvSwitch0 # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset --active-uplinksvmnic0,vmnic2--standby-uplinks vmnic1,vmnic3--vswitch-name vSwitch0 # +---------------------------------------------------------------------------+ # | editedconfigure failure detection+loadbalancing(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyfailoverset--failbackyes --failure-detectionlink --load- balancingportid --notify-switchesyes --vswitch-name vSwitch0
  • 5. # +---------------------------------------------------------------------------+ # | FAILOVERCONFIGURATIONS - Portgropup # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --active-uplinksvmnic1,vmnic3-- standby-uplinksvmnic0,vmnic2--portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | configure failure detection+loadbalancingon"ManagementNetwork"Portgroup # |(couldhave appendedtopreviousline) # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardportgrouppolicyfailoverset --failbackyes --failure-detectionlink -- load-balancingportid --notify-switchesyes --portgroup-name="ManagementNetwork" # +---------------------------------------------------------------------------+ # | SECURITY CONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicysecurityset --allow-forged-transmitsno--allow-mac-change no --allow-promiscuousno --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | SHAPINGCONFIGURATION # +---------------------------------------------------------------------------+ esxcli networkvswitchstandardpolicyshapingset--enabledyes --avg-bandwidth100000 --peak- bandwidth100000 --burst-size 819200 --vswitch-namevSwitch0 # +---------------------------------------------------------------------------+ # | Update the file /etc/vmware/hostd/hostsvc.xmlwiththe parameterstotickthe # |ManagementNetworkportgroupManagementTrafficbox # +---------------------------------------------------------------------------+ echo"Stoppingthe hostd" /etc/init.d/hostdstop sleep5 echo"Enabling'Management'onvmk0" sed -ie 's/<ConfigRoot>/<ConfigRoot>n<mangementVnics>n<nicid="0000">vmk0</nic>n </mangementVnics>/'/etc/vmware/hostd/hostsvc.xml echo"Startingthe hostd" /etc/init.d/hostdstart # +---------------------------------------------------------------------------+ # | enable managementinterface # +---------------------------------------------------------------------------+ # Still needtouse python/MOBtrick cat > /tmp/enableVmkInterface.py<<__ENABLE_MGMT_INT__ importsys,re,os,urllib,urllib2
  • 6. # connectioninfotoMOB url = "https://localhost/mob/?moid=ha-vnic-mgr&method=selectVnic" username = "root" password= "password" # Create global variables global passman,authhandler,opener,req,page,page_content,nonce,headers,cookie,params,e_params #auth passman= urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None,url,username,password) authhandler=urllib2.HTTPBasicAuthHandler(passman) opener= urllib2.build_opener(authhandler) urllib2.install_opener(opener) # Code tocapture requiredpage dataandcookie requiredforpostbackto meetCSRF requirements ### req= urllib2.Request(url) page = urllib2.urlopen(req) page_content=page.read() # regex togetthe vmware-session-nonce value fromthe hiddenformentry reg = re.compile('name="vmware-session-nonce"type="hidden"value="?([^s^"]+)"') nonce = reg.search(page_content).group(1) # getthe page headerstocapture the cookie headers= page.info() cookie = headers.get("Set-Cookie") #execute method params = {'vmware-session-nonce':nonce,'nicType':'management','device':'vmk0'} e_params= urllib.urlencode(params) req= urllib2.Request(url,e_params,headers={"Cookie":cookie}) page = urllib2.urlopen(req).read() __ENABLE_MGMT_INT__ python/tmp/enableVmkInterface.py # +---------------------------------------------------------------------------+ # | SYSLOG CONFIGURATION # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigset --default-rotate=20-- loghost=udp://192.168.9.238:514,ssl://192.168.9.238:1514 # +---------------------------------------------------------------------------+
  • 7. # | change the individualsyslogrotationcount # +---------------------------------------------------------------------------+ esxcli systemsyslogconfigloggerset --id=hostd--rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=vmkernel --rotate=20--size=2048 esxcli systemsyslogconfigloggerset --id=fdm--rotate=20 esxcli systemsyslogconfigloggerset --id=vpxa--rotate=20 # +---------------------------------------------------------------------------+ # | NTPCONFIGURATIONS # +---------------------------------------------------------------------------+ cat > /etc/ntp.conf <<__NTP_CONFIG__ restrictdefaultkodnomodifynotrapnoquerynopeer restrict127.0.0.1 server192.168.5.30 __NTP_CONFIG__ /sbin/chkconfig--level345 ntpdon # +---------------------------------------------------------------------------+ # | FIREWALLCONFIGURATION # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+ # | Enable firewall # +---------------------------------------------------------------------------+ esxcli networkfirewall set--default-actionfalse --enabled=yes # +---------------------------------------------------------------------------+ # | servicestoenable bydefault # +---------------------------------------------------------------------------+ FIREWALL_SERVICES="syslogntpClientvSphereClient" for SERVICEin${FIREWALL_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE} --enabled=yes done # +---------------------------------------------------------------------------+ # | Deny Allowed-all accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_DIP_SERVICES="syslogntpClientvSphereClient" for SERVICE_DIPin${FIREWALL_DIP_SERVICES} do esxcli networkfirewall rulesetset--allowed-all=false --ruleset-id${SERVICE_DIP} done
  • 8. # +---------------------------------------------------------------------------+ # | configure IPV4accesslistonthe firewall # +---------------------------------------------------------------------------+ FIREWALL_IP_SERVICES="syslogntpClientvSphereClient" for SERVICE_IPin${FIREWALL_IP_SERVICES} do esxcli networkfirewall rulesetallowedipadd --ip-address=192.168.5.30 --ruleset-id${SERVICE_IP} done # +---------------------------------------------------------------------------+ # | swicthoff firewallports # +---------------------------------------------------------------------------+ FIREWALL_D_SERVICES="dnsfaultTolerance NFCHBRWOL webAccessnetDumpsnmpvMotiondhcp CIMSLP CIMHttpServerCIMHttpsServervpxHeartbeats" for SERVICE_Din ${FIREWALL_D_SERVICES} do esxcli networkfirewall rulesetset --ruleset-id${SERVICE_D} --enabled=no done # +---------------------------------------------------------------------------+ # | enable &start remote ESXi Shell (SSH) # +---------------------------------------------------------------------------+ vim-cmdhostsvc/enable_ssh vim-cmdhostsvc/start_ssh # +---------------------------------------------------------------------------+ # | Refreshall firewall services # +---------------------------------------------------------------------------+ #esxcli networkfirewall refresh # +---------------------------------------------------------------------------+ # | Save the firewall configuration # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname -s)-datastore1 # +---------------------------------------------------------------------------+ # | addconfigurationtothe /etc/rc.local file # +---------------------------------------------------------------------------+ #sed-i '$ acp/vmfs/volumes/$(hostname-s)-datastore1/services.xml /etc/vmware/firewall' /etc/rc.local #sed-i '$ aesxcli networkfirewall refresh'/etc/rc.local # +---------------------------------------------------------------------------+ # | Shutdownthe DCUI & vpxa& USB arbitrator(SSHlefton)
  • 9. # +---------------------------------------------------------------------------+ FIREWALL_DAEMON_SERVICES="DCUIvpxausbarbitratorESXShellsfcbd-watchdog" for SERVICE_DAEMON in${FIREWALL_DAEMON_SERVICES} do chkconfig${SERVICE_DAEMON} off done # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | ESXi Host - SecuiryHardening # +---------------------------------------------------------------------------+ vim-cmdproxysvc/remove_service "/""httpsWithRedirect" vim-cmdproxysvc/remove_service "/mob""httpsWithRedirect" # +---------------------------------------------------------------------------+ # | Create SSH Banner # +---------------------------------------------------------------------------+ /bin/cat> /etc/banner.new<<SSHEOF ${INDENTATION:-}====================================================== ${INDENTATION:-}= Company.COMLTD = ${INDENTATION:-}====================================================== ${INDENTATION:-} ${INDENTATION:-}====================================================== ${INDENTATION:-}= WARNING:UNAUTHORIZEDUSE IS PROHIBITED = ${INDENTATION:-}= ----------------------------------------- = ${INDENTATION:-}= Propertyof Company.comLtd,andshouldonly = ${INDENTATION:-}= be accessedbyauthorizedCompanyemployees. = ${INDENTATION:-}= Do not attempttologinunlessyouare an = ${INDENTATION:-}= authorizeduser. = ${INDENTATION:-}= = ${INDENTATION:-}= Anyauthorizedorunauthorizedaccessanduse, = ${INDENTATION:-}= will be monitoredandanyone usingthissystem = ${INDENTATION:-}= expresslyconsentstosuchmonitoring.If such = ${INDENTATION:-}= monitoringrevealspossibleenvidence of criminal= ${INDENTATION:-}= activity,suchevidencewillbe providedtolaw = ${INDENTATION:-}= enforcementpersonnel andcanresultincriminal = ${INDENTATION:-}= or civil prosecutionunderapplicable law of = ${INDENTATION:-}= the UnitedKingdom(UK). = ${INDENTATION:-}====================================================== SSHEOF # copynewbannerfile tooverwrite /etc/issue (esxi5store it's bannerfile here)
  • 10. cp /etc/banner.new/etc/issue # +---------------------------------------------------------------------------+ # | vm AutostartRules#configure virtual machine autostartrules # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/autostartmanager/enable_autostarttrue #vim-cmdhostsvc/autostartmanager/update_defaults120120 "GuestShutdown"true # +---------------------------------------------------------------------------+ # | auto restartall Vm's # +---------------------------------------------------------------------------+ sed-i '$ afor i in $(vim-cmdvmsvc/getallvms|cut -f1-d""|grep-vVmid);dovim-cmd vmsvc/power.on$i;sleep10;done'/etc/rc.local # +---------------------------------------------------------------------------+ # | Update ESXi Host # +---------------------------------------------------------------------------+ #vim-cmdhostsvc/maintenance_mode_enter #DS=`ls /vmfs/volumes/|grepdatastore` #wget-P "/vmfs/volumes/${DS}/"http://10.10.55.5/ESXi500-201111001.zip #esxcli software vibupdate --depot="/vmfs/volumes/${DS}/ESXi500-201111001.zip" #vim-cmdhostsvc/maintenance_mode_exit # +---------------------------------------------------------------------------+ # | Create Resource Pools(SED=pool0,DPM=pool2,CCM=pool3) # +---------------------------------------------------------------------------+ #vim-cmd/hostsvc/rsrc/create --cpu-max=4800--cpu-shares=normal --cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=2048--mem-shares=normal ha-root-pool SED vim-cmd/hostsvc/rsrc/create--cpu-max=480--cpu-shares=normal--cpu-min-expandable=FALSE-- mem-min=29--mem-min-expandable=FALSE--mem-max=204--mem-shares=normal ha-root-pool SED #vim-cmd/hostsvc/rsrc/create --cpu-min=5664 --cpu-max=2400--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=16384 --mem-min-expandable=FALSE--mem-max=16384 --mem- shares=highha-root-pool DPM vim-cmd/hostsvc/rsrc/create--cpu-min=566--cpu-max=240--cpu-shares=high --cpu-min- expandable=FALSE--mem-min=163--mem-min-expandable=FALSE--mem-max=163--mem- shares=highha-root-pool DPM #vim-cmd/hostsvc/rsrc/create --cpu-min=2400 --cpu-max=2400--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=1024 --mem-min-expandable=FALSE--mem-max=1024--mem- shares=normal ha-root-pool CCM vim-cmd/hostsvc/rsrc/create--cpu-min=240--cpu-max=240--cpu-shares=normal--cpu-min- expandable=FALSE--mem-min=102--mem-min-expandable=FALSE--mem-max=102--mem- shares=normal ha-root-pool CCM
  • 11. # +---------------------------------------------------------------------------+ # | Importthe SED formthe DVD-ROM,unzipthe .tar file andregisterthe VM # +---------------------------------------------------------------------------+ vmkload_modiso9660 vsish-e set/vmkModules/iso9660/mount$(esxcfg-mpath-b|grep"CD-ROM" | awk '{print$1}') #source_dir=/vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM #post_dir=/vmfs/volumes/$(hostname -s)-datastore1/Staging_Folder mkdir-p/vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder #cp -r${source_dir}/*${post_dir} cp -r /vmfs/volumes/VMWARE_ESXI5_CUSTOM/VM/*/vmfs/volumes/$(hostname -s)- datastore1/Staging_Folder sleep5 tar -zxvf /vmfs/volumes/$(hostname-s)-datastore1/Staging_Folder/2012SED-A.TGZ-C /vmfs/volumes/$(hostname -s)-datastore1 sleep5 # +---------------------------------------------------------------------------+ # | Registerthe SEDwithESXi inside Resource pool (SED,pool0) # +---------------------------------------------------------------------------+ #####advanced options####vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)- datastore1/2012alpha-SED-B/2012alpha-SED-B.vmx `cat/etc/vmware/hostd/pools.xml |grep"SED" -A1 | grep"[objID]"|sed's///;s/</objID>//g'|sed -e 's/^[[:blank:]]*//;s/[[:blank:]]*$//'` vim-cmdsolo/registervm/vmfs/volumes/$(hostname -s)-datastore1/2012alpha-SED-B/2012alpha- SED-B.vmx 2012alpha-SED-Bpool0 # +---------------------------------------------------------------------------+ # | Save the firewall configurationonthe post? # +---------------------------------------------------------------------------+ #cp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname-s)-datastore1 # +---------------------------------------------------------------------------+ # | Backup ESXi configurationtopersistchanges # +---------------------------------------------------------------------------+ /sbin/auto-backup.sh # +---------------------------------------------------------------------------+ # | copy %firstbootscriptlogsto persisteddatastore # +---------------------------------------------------------------------------+ cp /var/log/hostd.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-hostd.log" cp /var/log/esxi_install.log"/vmfs/volumes/$(hostname -s)-datastore1/firstboot-esxi_install.log" cp /etc/vmware/esx.conf"/vmfs/volumes/$(hostname-s)-datastore1"
  • 12. # +---------------------------------------------------------------------------+ # | Reboot # +---------------------------------------------------------------------------+ reboot ##-------------------------------------------------------------------------- ## End of kickstartScript ##--------------------------------------------------------------------------