1.1 Installation of ESX Server (Scripted) The VMware ESXi Server hosts are to be built using VMware best practices, using one common configuration for all VMware ESXi Server hosts in the environment. This provides a stable and easily maintained environment. The following section presents the scripted installation for creating each VMware ESXi Server host in the environment. This serves as both an informational document for reference of the current hosts as well as guide for building additional hosts that will be joined to the data centre. Keeping a standard build process will scale the virtualization environment effectively. # The following steps will walk through the scripted installation.

IMPORTANT NOTE: Ensure that any fibre channel cables are disconnected during the install process.

1.1.1 ESXi Scripted Installation Step 1

Options Visual Discussion

ESXi Installation Step 1 –Scripted Installer1. Insert the NHS-On-A-Stick (FOAS) in the machines USB

port2. Power on the machine and boot from the USB devise3. Select the SOAS scripted install and press enter. (esx-

primary or esx-secondary

Note: The automated Scripted installer will execute

1.1.2 ESXi Scripted Installation Step 2

Options Visual Discussion

ESXi Installation

Step 2 - Scripted Installer

1. The system will boot and perform a complete ESXi installation and Scripted Installation configuration to build the complete production ready Hypervisor. Go to 1.15.1

1.1.3 ESXi Scripted Installation (Detailed Technical Summary)

The ESXi 5.0 Scripted installation is a one composite process. The indicial ESXi host installation is manually initiated then an automated scripted is run against the machine. The following section details to configuration and caveats. The script is written and saved as a ks.cfg forming a completed power-on to Production ready state in a single process.

1.1.4 ESXi USB Delivery Configuration

Options Visual Discussion

ESXi Installation

Step 1 - Create the USB Boot Device

1. Download and install ‘Live Linux USB Creator’ (LinuxLive USB Creator 2.8.11.exe)

2. Step1: Select your USB device3. Step2: Select the ESXi ISO (VMware-ESXi-5.0.0-

Update1-623860-HP-5.20.43.iso)4. Step4: Make sure the USB is formatted as FAT165. Click to Create the USB

Step 2 - Customisation1. Copy your customised ks.cfg files to the root of the

USB drive (overwriting the original) 2. Copy your Customised syslinux.cfg file to the root

directory 3. Optional: Create a Directory at the root of the USB

device (/VM) and copy any vm*.tar files into that directory (this is to auto import VM’s from the USB device during install)

1.1.4.1 ESXi USB Delivery Configuration – syslinux.cfg customisation (USB Delivery)Options Visual Discussion

ESXi Installation DEFAULT menu.c32

MENU TITLE NHS.NHS.UK vSphere ESXi 5.0 Update1 Boot Menu

NOHALT 1

PROMPT 0

TIMEOUT 300

label -

menu label ^Customer Installs:

menu disable

label bab-esx-01

menu label ^Install bab-esx-01 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks=usb:/KICKSTART/BAB-ESX-01-COIN.CFG

label tur-esx-02

menu label ^Install tur-esx-02 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:KICKSTART/TUR-ESX-02-COIN.CFG

label bab-esx-03

menu label ^Install bab-esx-03 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:/KICKSTART/BAB-ESX-03-COIN.CFG

Custom syslinux.cfg file – Saved to the root of the USB device.

This is the menu screen that the syslinux.cfg generates.

Options Visual Discussion

label tur-esx-04

menu label ^Install tur-esx-04 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:/KICKSTART/TUR-ESX-04-COIN.CFG

label rsh-esx-05

menu label ^Install rsh-esx-05 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:/KICKSTART/RSH-ESX-05-COIN.CFG

label rsh-esx-06

menu label ^Install rsh-esx-06 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:/KICKSTART/RSH-ESX-06-COIN.CFG

label rsh-esx-07

menu label ^Install rsh-esx-07 (Auto-Script)

menu indent 1

kernel mboot.c32

APPEND -c boot.cfg ks= usb:/KICKSTART/RSH-ESX-07-COIN.CFG

LABEL hddboot

LOCALBOOT 0x80

MENU LABEL ^Boot from local disk

1.1.5 ESXi PXE Delivery Configuration – Preliminary Installation

Options Visual Discussion

ESXi Installation

Step 1 - Configure a Production Ready PXE boot environment

1. Install a TFTP service (Tftpd64_SE-4.00-setup.exe) on a VM or Physical Server that has Network access to the Proposed ESXi subnet.

2. Configure the DHCP service to include Option 66 & 67 for the Boot Server ad Bootfile name. (TFTP Server IP address and File: pxelinux.0)

3. Customise and save the file ‘default’ to the directory /TFTp-root/pxelinux.cfg. (See Step 2)

4. Save the exctracted file directors from the ESXi 5.0.0 ISO (VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.iso) to the TFTP-root folder in /ESXi50.

5. Save the file pxelinu.0 & pxelinux.cfg to the FTTP-root folder.

6. Save the Customised Boot.cfg files for the the /ESXi50 folder (See step 3) {B-bab-esx-01.cfg}

7. Create Folder called /ESXi50/Kickstart and Save the customised kickstart.cfg files for each ESXi Host.

1.1.5.1 ESXi PXE Delivery Configuration – Script Customisation - ‘/pxelinux.cfg/default’Options Visual Discussion

ESXi Installation menu title PXE Menumenu tabmsgrow 22menu cmdlinerow 22menu endrow 24

menu color title 1;34;49 #eea0a0ff #cc333355 stdmenu color sel 7;37;40 #ff000000 #bb9999aa allmenu color border 30;44 #ffffffff #00000000 stdmenu color pwdheader 31;47 #eeff1010 #20ffffff stdmenu color hotkey 35;40 #90ffff00 #00000000 stdmenu color hotsel 35;40 #90000000 #bb9999aa allmenu color timeout_msg 35;40 #90ffffff #00000000 nonemenu color timeout 31;47 #eeff1010 #00000000 none

prompt 0noescape 1timeout 300default pxelinux.cfg/vesamenu.c32

label localbootmenu label Boot local hard disk

Step 2 - ‘default’ Customisation1. This is the ‘default’ landing page for the ‘LIMS PXE’

installation.

Options Visual Discussion

kernel pxelinux.cfg/chain.c32append hd0 0

label esx50KERNEL /esxi50/mboot.c32APPEND -c /esxi50/boot.cfgMENU LABEL ESXi-5.0 Installer

label blank menu label - Babbage ESXi 5.0.1 automated Buildslabel bab-esx-01

KERNEL /esxi50/mboot.c32APPEND -c /esxi50/B-bab-esx-01.cfgMENU LABEL bab-esx-01

Label bab-esx-03KERNEL /esxi50/mboot.c32APPEND -c /esxi50/B-bab-esx-03.cfgMENU LABEL bab-esx-03

label blank menu label - Turing ESXi 5.0.1 automated BuildsLabel tur-esx-02

KERNEL /esxi50/mboot.c32APPEND -c /esxi50/B-tur-esx-02.cfg

Options Visual Discussion

MENU LABEL tur-esx-02 Label tur-esx-04

KERNEL /esxi50/mboot.c32APPEND -c /esxi50/B-tur-esx-04.cfgMENU LABEL tur-esx-04

1.1.5.2 Delivery Configuration – Script Customisation - /ESXi50/Boot.cfgOptions Visual Discussion

ESXi Installation File Example: B-bab-esx-01-cfg-------------------------------------------------------------------

bootstate=0title=Loading ESXi installerkernel=/ESXi50/tboot.b00kernelopt=runweaselmodules=/ESXi50/b.b00 --- /ESXi50/useropts.gz --- /ESXi50/k.b00 --- /ESXi50/a.b00 --- /ESXi50/misc-cni.v00 --- /ESXi50/net-bnx2.v00 --- /ESXi50/net-bnx2.v01 --- /ESXi50/net-cnic.v00 --- /ESXi50/net-tg3.v00 --- /ESXi50/scsi-bnx.v00 --- /ESXi50/scsi-bnx.v01 --- /ESXi50/scsi-bfa.v00 --- /ESXi50/ima-be2i.v00 --- /ESXi50/net-be2n.v00 --- /ESXi50/scsi-be2.v00 --- /ESXi50/scsi-lpf.v00 --- /ESXi50/char-hpc.v00 --- /ESXi50/char-hpi.v00 --- /ESXi50/hp-ams.v00 --- /ESXi50/hp-build.v00 --- /ESXi50/hp-smx-p.v00 --- /ESXi50/hpacucli.v00 --- /ESXi50/hpbootcf.v00 --- /ESXi50/hponcfg.v00 --- /ESXi50/scsi-hps.v00 --- /ESXi50/scsi-hpv.v00 --- /ESXi50/vmware-e.v00 --- /ESXi50/net-igb.v00 --- /ESXi50/net-ixgb.v00 ---

Step 3 - ‘Boot.cfg’ Customisation1. Each Boot.cfg file is named after it scripted Kickstart.cfg file

name (i.e. B-bab-esx-01-cfg points to bab-esx-01-coin.cfg {Kickstart file}

2. This the redirect line to target the correct kickstart file:kernelopt=ks=/ESXi50/Kickstart/bab-esx-01-coin-test.cfg

Step 4 - Auto-ESXi-Installation1. Simple power on the ESXi host and PXE boot.

Options Visual Discussion

/ESXi50/scsi-mpt.v00 --- /ESXi50/net-mlx4.v00 --- /ESXi50/ima-qla4.v00 --- /ESXi50/net-qlcn.v00 --- /ESXi50/scsi-qla.v00 --- /ESXi50/ata-pata.v00 --- /ESXi50/ata-pata.v01 --- /ESXi50/ata-pata.v02 --- /ESXi50/ata-pata.v03 --- /ESXi50/ata-pata.v04 --- /ESXi50/ata-pata.v05 --- /ESXi50/ata-pata.v06 --- /ESXi50/ata-pata.v07 --- /ESXi50/block-cc.v00 --- /ESXi50/ehci-ehc.v00 --- /ESXi50/s.v00 --- /ESXi50/weaselin.i00 --- /ESXi50/ipmi-ipm.v00 --- /ESXi50/ipmi-ipm.v01 --- /ESXi50/ipmi-ipm.v02 --- /ESXi50/misc-dri.v00 --- /ESXi50/net-e100.v00 --- /ESXi50/net-e100.v01 --- /ESXi50/net-enic.v00 --- /ESXi50/net-forc.v00 --- /ESXi50/net-nx-n.v00 --- /ESXi50/net-r816.v00 --- /ESXi50/net-r816.v01 --- /ESXi50/net-s2io.v00 --- /ESXi50/net-sky2.v00 --- /ESXi50/ohci-usb.v00 --- /ESXi50/sata-ahc.v00 --- /ESXi50/sata-ata.v00 --- /ESXi50/sata-sat.v00 --- /ESXi50/sata-sat.v01 --- /ESXi50/sata-sat.v02 --- /ESXi50/sata-sat.v03 --- /ESXi50/scsi-aac.v00 --- /ESXi50/scsi-adp.v00 --- /ESXi50/scsi-aic.v00 --- /ESXi50/scsi-fni.v00 --- /ESXi50/scsi-ips.v00 --- /ESXi50/scsi-meg.v00 --- /ESXi50/scsi-meg.v01 --- /ESXi50/scsi-meg.v02 --- /ESXi50/scsi-mpt.v01 --- /ESXi50/scsi-mpt.v02 --- /ESXi50/scsi-rst.v00 --- /ESXi50/uhci-usb.v00 --- /ESXi50/tools.t00 --- /ESXi50/hpnmi.v00 --- /ESXi50/scsi-qla.v01 --- /ESXi50/imgdb.tgz --- /ESXi50/imgpayld.tgzbuild=updated=0kernelopt=ks=/ESXi50/Kickstart/bab-esx-01-coin.cfg

2. You will receive the PXE landing page, then select the machine description of the ESXi host you are building.

1.1.6 ESXi DVD Delivery Configuration – ISO Creation

Options Directions Notes

ESXi Installation

Step 1 - Create the DVD ISO1. Download and install ‘WinISO v5.3.exe/UltraISO.exe (License required)2. Download and install ‘VMware-vSphere-CLI-5.0.0-422456.exe’3. Download your VMware Offline Bundles (i.e: update-from-esxi5.0-5.0_update01.zip or hp-esxi5.0uX-

bundle-1.1.2-4.zip)4. Open VMware CLI (provides: PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere

PowerCLI>)5. Run# set-executionpolicy unrestricted6. Run#connect-viserver <vCenter_Server_IP>7. Run#add-esxsoftwaredepot <Offline bundle location>(i.e C:\MY_STUFF\Vsphere5_software\

Autodeploy_Archive\update-from-esxi5.0-5.0_update01.zip)8. Add further Harware bundles: Run#add-esxsoftwaredepot <Offline bundle location>(i.e:C:\MY_STUFF\

Vsphere5_software\Autodeploy_Archive\hp-esxi5.0uX-bundle-1.1.2-4.zip)9. Verify Software Bundle: get-esxsoftwarepackage10. Check your image Profiles: get-esximageprofile11. Verify the software package date/Versions: Run#Get-EsxSoftwarePackage | select

Name,Version,ReleaseDate | sort ReleaseDate12. Add the VMware product archive index : Run# Add-EsxSoftwareDepot –DepotUrl

https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml13. Verify the New Updated software package date/Versions: Run#Get-EsxSoftwarePackage | select

Name,Version,ReleaseDate | sort ReleaseDate14. Verify the new Image profiles:Run# Get-EsxImageProfile | Select Name,CreationTime,AcceptanceLevel |

Sort CreationTime | FT –AutoSize15. Create a new Custome Image profile for the NHS DVD: Run# New-EsxImageProfile -CloneProfile "ESXi-

5.0.0-20120404001-standard" -name "VMware_ESXi5_custom" -Vendor "VMware"16. Create your new NHS ISO image: Run# Export-EsxImageProfile -ImageProfile "NHS_V2_DVD” -

ExportToIso –FilePath 'C:\MY_STUFF\Vsphere5_software\Autodeploy_Archive\esxicustom.iso

Recommended to run this form your desktop or RDP to a Win2K3/2K8 machine

Options Directions Notes

Step 2 - File Customisation1. Open winISO/ or UltaISO2. Open the ISO that you created with Vmware CLI 5. ("NHS_V2_DVD” )3. Copy your customised ks.cfg files (ks.cfg) to the Kickstart (create it) folder on the root of the DVD ISO

drive (overwriting the original) goto – 1.14.54. Copy your Customised isolinux.cfg file to the DVD root directory (goto 1.14.4.1)

Optional: Create a Directory at the root of the DVD ISO (/VM) and copy any vm*.tar files into that directory (this is to auto import VM’s from the DVD device during install) (see next step 1.14.5.1)

1.1.6.1 ESXi DVD Delivery Configuration – isolinux.cfg customisation (DVD Delivery)Options Visual Discussion

ESXi Installation

DEFAULT menu.c32MENU TITLE NHS.NHS.UK vSphere ESXi 5.0 Update1 Boot MenuNOHALT 1PROMPT 0TIMEOUT 300

label - menu label ^Customer Installs: menu disable

label bab-esx-01 menu label ^Install bab-esx-01 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/BAB-ESX-01-COIN.CFG

Isolinux.cfg is the same structure as syslinux.cfg for the USB, with some additional variables.

Note: The Append line defines the following ks.cfg files in Capital letter as this is required: APPEND -c boot.cfg ks=cdrom:/KICKSTART/BAB-ESX-01-COIN.CFG

This is the menu screen that the isolinux.cfg generates:

Options Visual Discussion

label tur-esx-02 menu label ^Install tur-esx-02 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/TUR-ESX-02-COIN.CFG

label bab-esx-03 menu label ^Install bab-esx-03 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/BAB-ESX-03-COIN.CFG

label tur-esx-04 menu label ^Install tur-esx-04 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/TUR-ESX-04-COIN.CFG

label rsh-esx-05 menu label ^Install rsh-esx-05 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/RSH-ESX-05-COIN.CFG

label rsh-esx-06 menu label ^Install rsh-esx-06 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/RSH-ESX-06-COIN.CFG

Options Visual Discussion

label rsh-esx-07 menu label ^Install rsh-esx-07 (Auto-Script) menu indent 1 kernel mboot.c32 APPEND -c boot.cfg ks=cdrom:/KICKSTART/RSH-ESX-07-COIN.CFG

LABEL hddboot LOCALBOOT 0x80 MENU LABEL ^Boot from local disk

1.1.7 ESXi DVD Delivery Configuration – ks.cfg Customisation (Kick-start Script)

Scripted Installation Configuration parametersScript Section Overview

1. Make fundamental changed to the default configuration:

a. VMware EULA b. Configure Partitioning c. Installation media location d. Root password and Authentication e. Reboot after installationf. %include Sectiong. Specifies %pre scripth. Set default Management Interface and IPV4 addressing (Static)i. Specifies script to run after ESXi is installed and before the reboot (%post)j. Save the firewall configuration on the post?k. Specifies script to run after ESXi installation (%firstboot)l. Set Script Variable for use in scriptm. Rename local datastore to something more meaningfuln. Assign VMware licenseo. Global vSwitch configurationp. Enable management interfaceq. Syslog Configurationr. Change the individual syslog rotation counts. NTP Configurationt. FIREWALL Configurationu. Security Hardeningv. Create SSH Bannerw. VM Autostart Rules #configure virtual machine autostart rules (Auto-poweron feature broken with free license)x. Update ESXi Host

Scripted Installation Configuration parametersy. Backup ESXi configuration to persist changesz. Copy %first boot script logs to persisted Datastoreaa. VM Import Utility (to be completed)bb. Reboot

Scripted Installation Configuration parametersScript Section 1 1. VMware EULA

Script illustration # +---------------------------------------------------------------------------+# | Kickstat File : esx-01 # +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+# | Start of ESXi 5.0.0 Update1 (Build 623860) Kick Start Script (20-6-2012)# +---------------------------------------------------------------------------+ # +---------------------------------------------------------------------------+# |Is It a Dryrun (parse and test)# +---------------------------------------------------------------------------+ #dryrun

# +---------------------------------------------------------------------------+# | Accept License agreement# +---------------------------------------------------------------------------+ vmaccepteula

Scripted Installation Configuration parametersScript Section 2 2. Configure Partitioning

Script illustration # +---------------------------------------------------------------------------+# | Disk Partitioning# | Clear all partitions in first detected disk and overwrite any VMFS # | partitions on the specified drives.# +---------------------------------------------------------------------------+clearpart --firstdisk –overwritevmfs

Scripted Installation Configuration parametersScript Section 3 3. Installation media location

Script illustration # +---------------------------------------------------------------------------+# | Installation media location# +---------------------------------------------------------------------------+# Fresh installation on first disk and overwrite an existing VMFS datastore

Scripted Installation Configuration parametersinstall --firstdisk=usb-storage --overwritevmfs --novmfsondisk

Scripted Installation Configuration parametersScript Section 4 4. Root password and Authentication

Script illustration # +---------------------------------------------------------------------------+# | Root password and Authication format# | Default is shadow password enabled, MD5-based passwords enabled# | Encrypted Root Password in MD5 format# +---------------------------------------------------------------------------+# root password in MD5 formatrootpw --iscrypted $1$hgxyTT/.$J7eWEYxhJsMgwFSWbkW0L.#rootpw password

Scripted Installation Configuration parametersScript Section 5 5. Reboot after installation

Script illustration # +---------------------------------------------------------------------------+# | Reboot after installation# +---------------------------------------------------------------------------+reboot

Scripted Installation Configuration parametersScript Section 6 6. %include

Script illustration # +---------------------------------------------------------------------------+# | %include# +---------------------------------------------------------------------------+%include /tmp/networkconfig

Scripted Installation Configuration parametersScript Section 7 7. Specifies %pre script

Script illustration # +---------------------------------------------------------------------------+# | Specifies script to run before the kickstart configuration is evaluated# +---------------------------------------------------------------------------+%pre --interpreter=busybox

Scripted Installation Configuration parameters

Scripted Installation Configuration parametersScript Section 8 8. Set default Management Interface and IPV4 addressing (Static)

Script illustration # +---------------------------------------------------------------------------+# | Set default Management Interface# | addvmportgroup set to "0" to disable the creation of default guest VM Network# +---------------------------------------------------------------------------+

# +---------------------------------------------------------------------------+# | Customisation 'HIT-LIST'# | # +---------------------------------------------------------------------------+VMK_INT="vmk0"VMK_LINE=$(localcli network ip interface ipv4 get | grep "${VMK_INT}")IPADDR=***.***.***.***HOSTNAME=esx-01####Everything below is constant######NETMASK=***.***.***.***GATEWAY=***.***.***.***DNS="***.***.***.***vlanid="0"######################################

echo "network --bootproto=static --addvmportgroup=false --device=vmnic7 --ip=${IPADDR} --netmask=${NETMASK} --gateway=${GATEWAY} --nameserver=${DNS} --hostname=${HOSTNAME} --vlanid=${vlanid}" > /tmp/networkconfig

Scripted Installation Configuration parameters

Script Section 9 9. Specifies script to run after ESXi is installed and before the reboot (%post)

Script illustration # +---------------------------------------------------------------------------+# | Specifies script to run after ESXi is installed and before reboot# +---------------------------------------------------------------------------+%post --interpreter=busybox --ignorefailure=true

Scripted Installation Configuration parameters

Script Section 10 10. Save the firewall configuration on the post?

Script illustration(NHS-esx01 used in the example)

# +---------------------------------------------------------------------------+# | Save the firewall configuration on the post?# +---------------------------------------------------------------------------+

Scripted Installation Configuration parameterscp /etc/vmware/firewall/service.xml /vmfs/volumes/$(hostname -s)-datastore1

Scripted Installation Configuration parameters

Script Section 11 11. Specifies script to run after ESXi installation (%firstboot)

Script illustration # +---------------------------------------------------------------------------+# | Specifies script to run after ESXi installation and after first reboot# | Most of the shell command will enabled after the first reboot# +---------------------------------------------------------------------------+%firstboot --interpreter=busybox

Scripted Installation Configuration parameters

Script Section 12 12. Insert your customised variables

Script illustration # +---------------------------------------------------------------------------+# | inject variables# +---------------------------------------------------------------------------+####Section to be edited for each server#####IPADDR-MGMT2="***.***.***.***"VMK1_IPADDR="***.***.***.***"VMK2_IPADDR="***.***.***.***"VMK3_IPADDR="***.***.***.***"#####Everything below stays constant#############################NETMASK-MGMT2="255.255.255.0"DNS-SERVER-1="***.***.***.***"DNS-SERVER-2="***.***.***.***"DNS-SERVER-3="***.***.***.***"DNS-SERVER-4="***.***.***.***"

GATEWAY-MGMT2="192.168.103.1"NTPserver="***.***.***.***"ISCSI_IP="***.***.***.***"ISCSI_USERID="iscsidatastore"ISCSI_USERPWD="password"SMPT-SERVER="***.***.***.***"ADMIN-USER="root"ADMIN-USER-PW="password"AD-DOMAIN="gov"

Scripted Installation Configuration parametersNHS-TR-AD-USER="name"NHS-TR-AD-USER-PW="Password"#################################################################

Scripted Installation Configuration parameters

Script Section 13,14 13. Set Script Variable for use in script14. rename local datastore to something more meaningful

Script illustration # +---------------------------------------------------------------------------+# | Set Script Variable for use in script# | Variable can only be define after the first reboot and when the full bshell# | is in place# +---------------------------------------------------------------------------+

# +---------------------------------------------------------------------------+# | rename local datastore to something more meaningful# +---------------------------------------------------------------------------+vim-cmd hostsvc/datastore/rename datastore1 "$(hostname -s)-datastore1"

Scripted Installation Configuration parameters

Script Section 15 15. Assign VMware license

Script illustration # +---------------------------------------------------------------------------+# | Assign VMware license# +---------------------------------------------------------------------------+vim-cmd vimsvc/license --set M5425-42244-48J48-0232H-*****

Scripted Installation Configuration parameters

Script Section 16 16. Assign VMware license

Script illustration # +---------------------------------------------------------------------------+# | Storage Configurations (SATP & PSP)# +---------------------------------------------------------------------------+

## edited - SATP CONFIGURATIONS ##esxcli storage nmp satp set --satp VMW_SATP_DEFAULT_AA --default-psp VMW_PSP_RR

Scripted Installation Configuration parameters

Script Section 17 17. Global vSwitch0 configuration

Scripted Installation Configuration parametersScript illustration #####################################################

# vSwitch0 : Active->vmnic1,vmnic3,vmnic5,vmnic7 Standby-># failback: no# faildectection: link # load balancing: mac# notify switches: no# allow forged transmits: no# allow mac change: no# allow promiscuous no# cdp status: both# mtu: 1500

# +---------------------------------------------------------------------------+# | add vSwitch0# +---------------------------------------------------------------------------+#esxcli network vswitch standard add --ports 256 --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | attach vmnic1,3,5 to vSwitch0# +---------------------------------------------------------------------------+esxcli network vswitch standard uplink add --uplink-name vmnic1 --vswitch-name vSwitch0esxcli network vswitch standard uplink add --uplink-name vmnic3 --vswitch-name vSwitch0esxcli network vswitch standard uplink add --uplink-name vmnic5 --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | remove default VM Network port group if required ?# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup remove --portgroup-name="VM Network" --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | configure mtu + cdp# +---------------------------------------------------------------------------+esxcli network vswitch standard set --mtu 1500 --cdp-status both --vswitch-name vSwitch0

Scripted Installation Configuration parameters# +---------------------------------------------------------------------------+# | edited - configure active and standby uplinks for vSwitch0# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --active-uplinks vmnic1,vmnic3,vmnic5,vmnic7 --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | edited configure failure detection + load balancing (could have appended to previous line)# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --failback yes --failure-detection link --load-balancing iphash --notify-switches yes --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | configure portgroup (on vSwitch0) VM-Network# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup add --portgroup-name VM-Network --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | SECURITY CONFIGURATION# +---------------------------------------------------------------------------+esxcli network vswitch standard policy security set --allow-forged-transmits no --allow-mac-change no --allow-promiscuous no --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | SHAPING CONFIGURATION # +---------------------------------------------------------------------------+#esxcli network vswitch standard policy shaping set --enabled yes --avg-bandwidth 100000 --peak-bandwidth 100000 --burst-size 819200 --vswitch-name vSwitch0

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "VM-Network"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic1,vmnic3,vmnic5,vmnic7 --portgroup-name="VM-Network"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VM-Network" Portgroup # |(could have appended to previous line)

Scripted Installation Configuration parameters# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing iphash --notify-switches yes --portgroup-name="VM-Network"

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "Management Network"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic1,vmnic3,vmnic5,vmnic7 --portgroup-name=Management Network"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VM-Network" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing iphash --notify-switches yes --portgroup-name=Management Network"

Scripted Installation Configuration parameters

Script Section 18 18. Global vSwitch1 configuration

Script illustration # +---------------------------------------------------------------------------+# | vSwitch1 configuration# +---------------------------------------------------------------------------+# vSwitch1 : Active->vmnic2,vmnic6# failback: yes# faildectection: link# load balancing: portid# notify switches: yes# avg bw: 1000000 Kbps# peak bw: 1000000 Kbps# burst size: 819200 KBps# allow forged transmits: no# allow mac change: no# allow promiscuous no# cdp status: both# mtu: 9000

# +---------------------------------------------------------------------------+# | add vSwitch1

Scripted Installation Configuration parameters# +---------------------------------------------------------------------------+esxcli network vswitch standard add --ports 256 --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | attach vmnic4 to vSwitch1# +---------------------------------------------------------------------------+esxcli network vswitch standard uplink add --uplink-name vmnic2 --vswitch-name vSwitch1 esxcli network vswitch standard uplink add --uplink-name vmnic6 --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | configure mtu + cdp# +---------------------------------------------------------------------------+esxcli network vswitch standard set --mtu 9000 --cdp-status both --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | edited - configure active and standby uplinks for vSwitch1# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --active-uplinks vmnic2,vmnic6 --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | edited configure failure detection + load balancing (could have appended to previous line)# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | SECURITY CONFIGURATION# +---------------------------------------------------------------------------+esxcli network vswitch standard policy security set --allow-forged-transmits no --allow-mac-change no --allow-promiscuous no --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | configure portgroup (on vSwitch1) VMKiSCSI-1,VMKiSCSI-2,STORE-902# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup add --portgroup-name VMKiSCSI-1 --vswitch-name vSwitch1#esxcli network vswitch standard portgroup set --portgroup-name VMKiSCSI-1 --vlan-id 902esxcli network vswitch standard portgroup add --portgroup-name VMKiSCSI-2 --vswitch-name vSwitch1

Scripted Installation Configuration parameters#esxcli network vswitch standard portgroup set --portgroup-name VMKiSCSI-2 --vlan-id 902esxcli network vswitch standard portgroup add --portgroup-name STORE-902 --vswitch-name vSwitch1#esxcli network vswitch standard portgroup set --portgroup-name STORE-902 --vlan-id 902

# +---------------------------------------------------------------------------+# | iSCSI configuration (vSwicth1)# +---------------------------------------------------------------------------+# configure vmkernel interface for VMKiSCSI traffic + FT_VMOTION trafficVMK0_IPADDR=$(esxcli network ip interface ipv4 get | grep vmk0 | awk '{print $2}')

esxcli network ip interface add --interface-name vmk1 --mtu 9000 --portgroup-name VMKiSCSI-1esxcli network ip interface ipv4 set --interface-name vmk1 --ipv4 ${VMK1_IPADDR} --netmask 255.255.255.0 --type staticesxcli network ip interface add --interface-name vmk2 --mtu 9000 --portgroup-name VMKiSCSI-2esxcli network ip interface ipv4 set --interface-name vmk2 --ipv4 ${VMK2_IPADDR} --netmask 255.255.255.0 --type static

# +---------------------------------------------------------------------------+# | SHAPING CONFIGURATION # +---------------------------------------------------------------------------+#esxcli network vswitch standard policy shaping set --enabled yes --avg-bandwidth 100000 --peak-bandwidth 100000 --burst-size 819200 --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | edited configure failure detection + load balancing (could have appended to previous line)# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --vswitch-name vSwitch1

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "VMKiSCSI-1"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic2 --portgroup-name="VMKiSCSI-1"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VMKiSCSI-1" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="VMKiSCSI-1"

Scripted Installation Configuration parameters

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "VMKiSCSI-2"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic6 --portgroup-name="VMKiSCSI-2"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VMKiSCSI-2" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="VMKiSCSI-2"

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "STORE-902"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic6 --standby-uplinks vmnic2 --portgroup-name="STORE-902"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "STORE-902" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="STORE-902"

Scripted Installation Configuration parameters

Script Section 19 19. Global vSwitch2 configuration

Script illustration # +---------------------------------------------------------------------------+# | vSwitch2 configuration# +---------------------------------------------------------------------------+# vSwitch2 : Active->vmnic0,vmnic2,vmnic4,vmnic6 Standby->vmnic1,vmnic3,vmnic5,vmnic7# failback: yes# faildectection: link# load balancing: portid# notify switches: yes# avg bw: 1000000 Kbps# peak bw: 1000000 Kbps# burst size: 819200 KBps# allow forged transmits: no

Scripted Installation Configuration parameters# allow mac change: no# allow promiscuous no# cdp status: both# mtu: 9000

# +---------------------------------------------------------------------------+# | add vSwitch2# +---------------------------------------------------------------------------+esxcli network vswitch standard add --ports 256 --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | attach vmnic0/4 to vSwitch2# +---------------------------------------------------------------------------+esxcli network vswitch standard uplink add --uplink-name vmnic0 --vswitch-name vSwitch2esxcli network vswitch standard uplink add --uplink-name vmnic4 --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | configure mtu + cdp# +---------------------------------------------------------------------------+esxcli network vswitch standard set --mtu 9000 --cdp-status both --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | configure portgroup (on vSwitch2) FT_VMotion, VCM, VEEAM,# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup add --portgroup-name FT-VMotion --vswitch-name vSwitch2esxcli network vswitch standard portgroup set --portgroup-name FT-VMotion --vlan-id ***esxcli network vswitch standard portgroup add --portgroup-name VCM --vswitch-name vSwitch2esxcli network vswitch standard portgroup set --portgroup-name VCM --vlan-id ***esxcli network vswitch standard portgroup add --portgroup-name VEEAM --vswitch-name vSwitch2esxcli network vswitch standard portgroup set --portgroup-name VEEAM --vlan-id ***esxcli network vswitch standard portgroup add --portgroup-name MGMT-2 --vswitch-name vSwitch2esxcli network vswitch standard portgroup set --portgroup-name MGMT-2 --vlan-id ***

Scripted Installation Configuration parameters

# +---------------------------------------------------------------------------+# | FT-Vmotion (vSwicth 2 )# +---------------------------------------------------------------------------+esxcli network ip interface add --interface-name vmk3 --mtu 9000 --portgroup-name FT-VMotionesxcli network ip interface ipv4 set --interface-name vmk3 --ipv4 ${VMK3_IPADDR} --netmask 255.255.255.0 --type static

# +---------------------------------------------------------------------------+# | MGMT-2 configuration (vSwicth2)# +---------------------------------------------------------------------------+esxcli network ip interface add --interface-name vmk4 --mtu 1500 --portgroup-name MGMT-2esxcli network ip interface ipv4 set --interface-name vmk4 --ipv4 ${IPADDR-MGMT2} --netmask 255.255.255.0 --type static

# +---------------------------------------------------------------------------+# | enable FT + vMOTION interface# +---------------------------------------------------------------------------+vim-cmd hostsvc/advopt/update FT.Vmknic string vmk3vim-cmd hostsvc/vmotion/vnic_set vmk3

# +---------------------------------------------------------------------------+# | edited - configure active and standby uplinks for vSwitch2# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --active-uplinks vmnic0,vmnic4 --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | edited configure failure detection + load balancing (could have appended to previous line)# +---------------------------------------------------------------------------+ esxcli network vswitch standard policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --vswitch-name vSwitch2

# +---------------------------------------------------------------------------+# | SECURITY CONFIGURATION vSwitch2# +---------------------------------------------------------------------------+esxcli network vswitch standard policy security set --allow-forged-transmits no --allow-mac-change no --allow-promiscuous no --vswitch-name vSwitch2

Scripted Installation Configuration parameters

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "MGMT-2"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic0 --standby-uplinks vmnic4 --portgroup-name="MGMT-2"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "MGMT-2" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="MGMT-2"

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "FT-VMotion"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic4 --standby-uplinks vmnic0 --portgroup-name="FT-VMotion"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "FT-VMotion" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="FT-VMotion"

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "VCM"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic0 --standby-uplinks vmnic4 --portgroup-name="VCM"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VCM" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="VCM"

# +---------------------------------------------------------------------------+

Scripted Installation Configuration parameters# | FAILOVER CONFIGURATIONS - Portgropup - "VEEAM"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic0 --standby-uplinks vmnic4 --portgroup-name="VEEAM"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "VEEAM" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="VEEAM"

# +---------------------------------------------------------------------------+# | FAILOVER CONFIGURATIONS - Portgropup - "MGMT-2"# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic0 --standby-uplinks vmnic4 --portgroup-name="MGMT-2"

# +---------------------------------------------------------------------------+# | configure failure detection + load balancing on "MGMT-2" Portgroup # |(could have appended to previous line)# +---------------------------------------------------------------------------+esxcli network vswitch standard portgroup policy failover set --failback yes --failure-detection link --load-balancing portid --notify-switches yes --portgroup-name="MGMT-2"

Scripted Installation Configuration parameters

Script Section 20 20. ISCSI storage Configuration

Script illustration ##-------------------------------------------------------------------------- ## Setup iSCSI Storage ##-------------------------------------------------------------------------- esxcli iscsi software set --enabled=true# search for hba card number after enabling of software iscsiISCSI_ADT=$(esxcli iscsi adapter list | grep -i Software | cut -d ' ' -f 1)

#Bond each of the VMkernel NICs to the software iSCSI HBAesxcli iscsi networkportal add --adapter ${ISCSI_ADT} --nic vmk1esxcli iscsi networkportal add --adapter ${ISCSI_ADT} --nic vmk2

#Add the IP address of your iSCSI array or SAN as a dynamic discovery sendtargetesxcli iscsi adapter discovery sendtarget add --adapter ${ISCSI_ADT} --address ${ISCSI_IP}#esxcli iscsi adapter discovery sendtarget auth chap set --adapter ${ISCSI_ADT} --address ${ISCSI_IP} --level required --authname ${ISCSI_USERID} --secret $

Scripted Installation Configuration parameters{ISCSI_USERPWD}

#Re-scan your software iSCSI hba to discover volumes and VMFS datastoresesxcli storage core adapter rescan --adapter ${ISCSI_ADT}

Scripted Installation Configuration parameters

Script Section 21 21. Syslog Configuration

Script illustration # +---------------------------------------------------------------------------+# | SYSLOG CONFIGURATION# +---------------------------------------------------------------------------+esxcli system syslog config set --default-rotate=20 --loghost=udp:// ***.***.***.***:514,ssl:// ***.***.***.***:1514

Scripted Installation Configuration parameters

Script Section 22 22. change the individual syslog rotation count

Script illustration # +---------------------------------------------------------------------------+# | change the individual syslog rotation count# +---------------------------------------------------------------------------+esxcli system syslog config logger set --id=hostd --rotate=20 --size=2048esxcli system syslog config logger set --id=vmkernel --rotate=20 --size=2048esxcli system syslog config logger set --id=fdm --rotate=20esxcli system syslog config logger set --id=vpxa --rotate=20

Scripted Installation Configuration parameters

Script Section 23 23. NTP CONFIGURATIONS

Script illustration # +---------------------------------------------------------------------------+# | NTP CONFIGURATIONS# +---------------------------------------------------------------------------+cat > /etc/ntp.conf << __NTP_CONFIG__restrict default kod nomodify notrap noquerynopeerrestrict 127.0.0.1server ${NTPserver}server 0.vmware.pool.ntp.org server 1.vmware.pool.ntp.org __NTP_CONFIG__

Scripted Installation Configuration parameters/sbin/chkconfig --level 345 ntpd on

Scripted Installation Configuration parameters

Script Section 24 24. FIREWALL CONFIGURATION

Script illustration # +---------------------------------------------------------------------------+# | FIREWALL CONFIGURATION # +---------------------------------------------------------------------------+

# enable & start remote ESXi Shell (SSH)vim-cmd hostsvc/enable_sshvim-cmd hostsvc/start_ssh

# enable & start ESXi Shell (TSM)vim-cmd hostsvc/enable_esx_shellvim-cmd hostsvc/start_esx_shell

# +---------------------------------------------------------------------------+# | Enable firewall# +---------------------------------------------------------------------------+esxcli network firewall set --default-action false --enabled=yes

# +---------------------------------------------------------------------------+# | services to enable by default# +---------------------------------------------------------------------------+FIREWALL_SERVICES="syslog ntpClient vSphereClient vMotion webAccess HBR CIMSLP CIMHttpServer CIMHttpsServer vpxHeartbeats netDump iSCSI snmp updateManager faultTolerance activeDirectoryAll syslog"for SERVICE in ${FIREWALL_SERVICES}do esxcli network firewall ruleset set --ruleset-id ${SERVICE} --enabled=yes done

# +---------------------------------------------------------------------------+# | Shut down the DCUI & vpxa & USB arbitrator# +---------------------------------------------------------------------------+FIREWALL_DAEMON_SERVICES="DCUI vpxa usbarbitrator ESXShell SSH sfcbd-watchdog"for SERVICE_DAEMON in ${FIREWALL_DAEMON_SERVICES}

Scripted Installation Configuration parametersdo chkconfig ${SERVICE_DAEMON} offdone

Scripted Installation Configuration parameters

Script Section 25 25. Security Hardening

Script illustration # +---------------------------------------------------------------------------+# | ESXi Host - Secuiry Hardening# +---------------------------------------------------------------------------+vim-cmd proxysvc/remove_service "/" "httpsWithRedirect"vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"

Scripted Installation Configuration parameters

Script Section 26 26. Create scratch disk for SSD ESXi

Script illustration # +---------------------------------------------------------------------------+# | Create /scratch directory for ESXi hosts# +---------------------------------------------------------------------------+# Generate a new scratch directory for this host on a Datastorescratchdirectory=/vmfs/volumes/Datastore_08_2TB_THIN/Scratch/.locker-$(hostname 2> /dev/null)-$(esxcfg-info -b 2> /dev/null)#### for ESX hosts in RSH######scratchdirectory=/vmfs/volumes/Datastore_RECO1_1TB/Scratch/.locker-$(hostname 2> /dev/null)-$(esxcfg-info -b 2> /dev/null)

# Create the scratch directorymkdir -p $scratchdirectory

# Change the advanced configuration optionvim-cmd hostsvc/advopt/update ScratchConfig.ConfiguredScratchLocation string $scratchdirectory

Scripted Installation Configuration parameters

Script Section 27 27. Hardware Virtualization to run nested 64bit Guests + Hyper-V VM

Script illustration # +---------------------------------------------------------------------------+# | # edited - enable HV (Hardware Virtualization to run nested 64bit Guests + Hyper-V VM)# +---------------------------------------------------------------------------+grep -i "vhv.allow" /etc/vmware/config || echo "vhv.allow = \"TRUE\"" >> /etc/vmware/config

Scripted Installation Configuration parameters

Script Section 28 28. supress ESXi Shell shell warning

Script illustration # +---------------------------------------------------------------------------+# | # edited - supress ESXi Shell shell warning - Thanks to Duncan (http://www.yellow-bricks.com/2011/07/21/esxi-5-suppressing-the-localremote-shell-warning/)# +---------------------------------------------------------------------------+esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1

Scripted Installation Configuration parameters

Script Section 29 29. Create SSH Banner

Script illustration # +---------------------------------------------------------------------------+# | Create SSH Banner# +---------------------------------------------------------------------------+/bin/cat > /etc/banner.new <<SSHEOF${INDENTATION:-}======================================================${INDENTATION:-}= NHS HOSPITAL =${INDENTATION:-}======================================================${INDENTATION:-}${INDENTATION:-}======================================================${INDENTATION:-}= WARNING: UNAUTHORIZED USE IS PROHIBITED =${INDENTATION:-}= ----------------------------------------- =${INDENTATION:-}= Property of NHS Hospital , and should only =${INDENTATION:-}= be accessed by authorized NHS employees. =${INDENTATION:-}= Do not attempt to login unless you are an =${INDENTATION:-}= authorized user. =${INDENTATION:-}= =${INDENTATION:-}= Any authorized or unauthorized access and use, =${INDENTATION:-}= will be monitored and anyone using this system =${INDENTATION:-}= expressly consents to such monitoring. If such =${INDENTATION:-}= monitoring reveals possible envidence of criminal=

${INDENTATION:-}= activity, such evidence will be provided to law =${INDENTATION:-}= enforcement personnel and can result in criminal =${INDENTATION:-}= or civil prosecution under applicable law of =${INDENTATION:-}= the United Kingdom (UK). =${INDENTATION:-}======================================================SSHEOF# copy new banner file to overwrite /etc/issue (esxi 5 store it's banner file here)cp /etc/banner.new /etc/issue

Scripted Installation Configuration parameters

Script Section 30 30. Update ESXi Host

Script illustration # +---------------------------------------------------------------------------+# | Update ESXi Host (if required)# +---------------------------------------------------------------------------+#vim-cmd hostsvc/maintenance_mode_enterDS=`ls /vmfs/volumes/ | grep Datastore_01*`#wget -P "/vmfs/volumes/${DS}/" http://10.10.55.5/ESXi500-201111001.zipesxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-esxi5.0uX-bundle-1.1.2-4.zip "esxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-HPUtil-esxi5.0-bundle-1.1-38.zip"esxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-nmi-esxi5.0-bundle-2.0-11.zip"#vim-cmd hostsvc/maintenance_mode_exit

###### For ESXi Host at RSH ##############vim-cmd hostsvc/maintenance_mode_enterDS=`ls /vmfs/volumes/ | grep Datastore_RECO1_1TB`#wget -P "/vmfs/volumes/${DS}/" http://10.10.55.5/ESXi500-201111001.zipesxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-esxi5.0uX-bundle-1.3-12.zip"esxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-HPUtil-esxi5.0-bundle-1.3-6.zip"esxcli software vib install --depot="/vmfs/volumes/${DS}/STORE1/hp_offline_bundles/hp-nmi-esxi5.0-bundle-2.1-2.zip"#vim-cmd hostsvc/maintenance_mode_exit

Scripted Installation Configuration parameters

Script Section 31 31. DNS Configuration

Script illustration # +---------------------------------------------------------------------------+# |DNS Configuration# +---------------------------------------------------------------------------+esxcli network ip dns server add --server=${DNS-SERVER-1}esxcli network ip dns server add --server=${DNS-SERVER-2}

Scripted Installation Configuration parameters

Script Section 32 32. add ESXi Host to the AD-Domin

Script illustration # +---------------------------------------------------------------------------+# |add ESXi Host to the AD-Doamin# +---------------------------------------------------------------------------+vicfg-authconfig --server=${DNS-SERVER-1} --username=${ADMIN-USER}--password=${ADMIN-USER-PW} --authscheme AD --joindomain ${AD-DOMAIN} --adusername=${NHS-TR-AD-USER} --adpassword=${NHS-TR-AD-USER-PW}

Scripted Installation Configuration parameters

Script Section 33 33. Management Network portgroup Management Traffic box

Script illustration +---------------------------------------------------------------------------+# | Update the file /etc/vmware/hostd/hostsvc.xml with the parameters to tick the # |Management Network portgroup Management Traffic box# +---------------------------------------------------------------------------+echo "Stopping the hostd"/etc/init.d/hostd stopsleep 5echo "Enabling 'Management' on vmk0 & vmk4"sed -ie 's/<ConfigRoot>/<ConfigRoot>\n <mangementVnics>\n <nic id="0000">vmk0<\/nic>\n <nic id="0004">vmk4<\/nic>\n <\/mangementVnics>/' /etc/vmware/hostd/hostsvc.xmlecho "Starting the hostd"/etc/init.d/hostd startsleep 30

Scripted Installation Configuration parameters

Script Section 34 34. Backup ESXi configuration to persist changes

Script illustration # +---------------------------------------------------------------------------+# | Backup ESXi configuration to persist changes# +---------------------------------------------------------------------------+/sbin/auto-backup.sh

Scripted Installation Configuration parameters

Script Section 35 35. Copy %first boot script logs to persisted datastore

Script illustration # +---------------------------------------------------------------------------+# | copy %first boot script logs to persisted datastore# +---------------------------------------------------------------------------+cp /var/log/hostd.log "/vmfs/volumes/$(hostname -s)-datastore1/firstboot-hostd.log"

cp /var/log/esxi_install.log "/vmfs/volumes/$(hostname -s)-datastore1/firstboot-esxi_install.log"cp /etc/vmware/esx.conf "/vmfs/volumes/$(hostname -s)-datastore1"

Scripted Installation Configuration parameters

Script Section 36 36. Reboot

Script illustration # +---------------------------------------------------------------------------+# | Reboot# +---------------------------------------------------------------------------+Reboot

##-------------------------------------------------------------------------- ## End of kickstart Script##--------------------------------------------------------------------------