Deploying ESXi with Satellite 6

Deploy the files to the Satellite server
  • Download the latest ISO from VMware (e.g. VMware-ESXi-5.5U2-RollupISO2.iso).
  • Transfer to the satellite server
  • Run some code
# mount -o loop VMware-ESXi-5.5U2-RollupISO2.iso /mnt
# mkdir /var/lib/tftpboot/boot/esxi55u2
# cd /mnt
# cp -a * /var/lib/tftpboot/boot/esxi55u2
# cd /var/lib/tftpboot/boot/esxi55u2
# sed -i 's#/#/boot/esxi55u2/#g' boot.cfg
# cd ..
# restorecon -R esxi55u2

Create the Operating System inside Satellite

Hosts -> Operating Systems
  • Click New Operating System
    • Operating System
      • Name: ESXi
      • Major version: 5
      • Minor version: 5
      • Description: ESXi 5.5U2
      • OS Family: Red Hat
      • Arch: x86_64
    • Partition Table
      • Kickstart Default
    • Installation Media
      • Any Mirror – Can create a esxi mirror if desired.
Hosts -> Provisioning Templates
  • Click New Template
    • Provisioning Template
      • Name: ESXi OCP PXELinux 
        SERIAL 0 115200n8
DEFAULT esxi5.serial
PROMPT 0
MENU TITLE PXE Boot
LABEL esxi5.serial
     MENU LABEL ^4) ESXi55_Serial
     KERNEL boot/esxi55u2/mboot.c32
     APPEND -c boot/esxi55u2/boot.cfg text com1_Port=0x3f8 gdbPort=none logPort=none tty2Port=com1 ks=<%=foreman_url("provision")%>; ignoreHeadless="True"
LABEL hddboot
LOCALBOOT 0x80
MENU LABEL ^Boot from local disk
    • Type: PXELinux
    • Association:
    • ESXi 5.5
  • Click New Template
    • Provisioning Template
      • Name: ESXi OCP Kickstart 
        vmaccepteula

install --firstdisk --overwritevmfs
rootpw --iscrypted <%= root_pass %>
network --bootproto=dhcp
reboot

%post --interpreter=busybox --ignorefailure=true
# Add temporary DNS resolution so the foreman call works
echo "nameserver <%= @host.subnet.dns_primary %>" >> /etc/resolv.conf
echo "nameserver <%= @host.subnet.dns_secondary %>" >> /etc/resolv.conf
wget -O /dev/null <%= foreman_url %>
echo "Done with Foreman call"

esxcfg-advcfg -k none gdbPort
esxcfg-advcfg -k none logPort
esxcfg-advcfg -k com1 tty2Port

#script to set first boot options
%firstboot --interpreter=busybox

# enable VHV (Virtual Hardware Virtualization to run nested 64bit Guests + Hyper-V VM)
grep -i "vhv.enable" /etc/vmware/config || echo "vhv.enable = \"TRUE\"" >> /etc/vmware/config

# enable & start remote ESXi Shell (SSH)
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh

# enable & start ESXi Shell (TSM)
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell

# supress ESXi Shell shell warning
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1

# ESXi Shell interactive idle time logout
esxcli system settings advanced set -o /UserVars/ESXiShellInteractiveTimeOut -i 3600

# Disable IPv6 for VMkernel interfaces
esxcli system module parameters set -m tcpip3 -p ipv6=0

### FIREWALL CONFIGURATION ###
# enable firewall
esxcli network firewall set --default-action false --enabled yes

# services to enable by default
FIREWALL_SERVICES="syslog sshClient ntpClient updateManager httpClient netdump"
for SERVICE in ${FIREWALL_SERVICES}
do
esxcli network firewall ruleset set --ruleset-id ${SERVICE} --enabled yes
done

# enter maintenance mode
esxcli system maintenanceMode set -e true

# Needed for configuration changes that could not be performed in esxcli
esxcfg-advcfg -k none gdbPort
esxcfg-advcfg -k none logPort
esxcfg-advcfg -k com1 tty2Port
esxcli system shutdown reboot -d 60 -r "rebooting after host configurations"
      • Type: provision
      • Association:
        • ESXi 5.5
Hosts -> Operating Systems
  • Select ESXi 5.5
    • Templates
      • provision: ESXi OCP Kickstart
      • PXELinux: ESXi OCP PXELinux

Comments

Post a Comment

Popular posts from this blog

How to clean all the foreman task and locked task

1.- First make su to postgres user su -s /bin/bash - postgres  2.-Execute psql psql  3.- connect to the foreman database \c foreman;  4.- Delete all the foreman task and foreman task locks delete from foreman_tasks_tasks;  delete from foreman_tasks_locks;  5.- Quit from postgres and exit \q  exit  6. Restart all the services for s in {qpidd,pulp_celerybeat,pulp_ resource_manager,pulp_workers, httpd}; do sudo service $s restart; done  Update in todays foreman you can clean the task using the following command: foreman-rake foreman_tasks:cleanup
Read more

How to restrict users to send only mail to the local domain in Zimbra

How to restrict users to send only mail to the local domain in Zimbra 1. Open file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf and add this line below reject_non_fqdn_recipient. This is example on my system permit_sasl_authenticated check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders permit_mynetworks 2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. This is example on my system POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf RESTART mta 3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.  check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject 4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax: user@yourdomain.com local_only 5. Create a file "/opt/zimb...
Read more

Hardening Script

#!/bin/bash function set_parameter { sed -i -e "s|^$2.*|$2$3|" $1 egrep "^$2*" $1 > /dev/null ||echo "$2$3" >> $1 } #--------------------------------------------------------------------------------------------------------------- function add_line { egrep "^$2" $1 > /dev/null || echo "$2" >> $1 } #--------------------------------------------------------------------------------------------------------------- echo '# This file contains the auditctl rules that are loaded # whenever the audit daemon is started via the initscripts. # The rules are simply the parameters that would be passed # to auditctl. # First rule - delete all -D # Increase the buffers to survive stress events. # Make this bigger for busy systems -b 8192 # Feel free to add below this line. See auditctl man page -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k timechange ...
Read more