itblog.team-holm.net
Routers tagged blogs
Index
Router Setup - Howto

Router Setup - Howto

-17th of August 2011

When configuring Linux as an router, there are two main aspects to consider. Those are enabling the routing at the linux server and determining the routes between the networks. The routes between the networks describe what path to take, or where to send the network packets next to get the packets on their way to the destination. The routes between the networks are either manually configured static routes or dynamically configured. Static routes are configured by entering the route information in the terminal prompt manually. Dynamically configured routes are communicated between routers with a routing protocol such as RIP, OSPF, IGRP, EGRP, IS-IS or BGP. Applications used for configuring Linux to handle dynamic routing protocols as those mentioned are for example routed, gated and quagga. The advantage of dynamically configured routing is that dynamic changes in the network will not bring a network path between two points down as logn as other paths exist. If a path is broken, another route will be communicated between the routers by using the routing protocol. Another tool used in routing is the iptables firewall often used in the Linux system. With this firewall you can control traffic as it flows through the router, denying or allowing it, re-routing it, manipulating it in other ways or NAT'ing it.

The following steps describe the enabling of routing for forwarding network packets in Linux:
># echo "1" > /proc/sys/net/ipv4/ip_forward

However, after reboot, this setting will be reset and forwarding turned off again.
In most systems this setting can be set permanently by editing /etc/sysctl.conf, where the line to be added should be:
net.ipv4.ip_forward=1

The configuration is then loaded into the running system by the terminal command:
># sysctl -p.

Listing and adding static routes:
># route

Kernel IP routing table
DestinationGatewayGenmaskFlagsMetricRefUseIface
10.0.0.0*255.255.255.0U000eth1
192.168.1.0*255.255.255.0U000eth2
172.16.11.0*255.255.255.0U000tap0
default10.0.0.10.0.0.0UG000eth1

># route add -net 192.168.55.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth2
># route

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.55.0 192.168.1.254 255.255.255.0 UG 0 0 0 eth2
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
172.16.11.0 * 255.255.255.0 U 0 0 0 tap0
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth1


Examples of iptables:
The following makes sure that nothing on port 22(usually SSH) gets more than 4 attempts to connect to the port every 60 seconds. This prevents, or at least hinders, brute force attacks.

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

Source: LPIC-2 Study Guide. ISBN: 978-1-118-00015-1

Tagged as: LinuxRoutersHowTo

OpenVPN server on RaspberryPI 1 vs RaspberryPI 3

OpenVPN server on Raspberry PI 1 vs 3

-1st of November 2017

This article will briefly describe an experiment with performance on a Open VPN server running on Raspberry PI 1 vs running on Raspberry PI 3. Both hardware units are running Raspbian as the operating system.

Note: D:\ represents the command prompt and is not actually a part of the commands shown below.
Before we start the following needs to be summarized:
  • The available download speed as seen from the OpenVPN router is 80 Mbps
  • The available upload speed as seen from the OpenVPN router is 30 Mbps
  • How to set up a OpenVPN server will not be described here.
  • The OpenVPN server / client is not set up to compress and decompress traffic as this will load the CPU on the OpenVPN server more than I trust it to.
  • There is only one client at a time in this scenario.
There are essentially two OpenVPN servers set up, one one RaspeberryPI 1 and one on RaspberryPI 3. They both route to the same network where the same Windows 10 machine is running a server instance of iperf3. It can be started like so: 
          iperf3.exe -s

After the Iperf3 server process is startet at the Windows 10 machine, I will connect to the network remotely from a remote location in a neighboring city via OpenVPN, first using the Raspberry PI 1 based Open VPN router, then using the Raspberry PI 3 based Open VPN router. Each time I run iperf3 as a client from my VPN klient, connecting to the iperf3 server through the given OpenVPN server at the time and measuring the network throughput I get.

So, lets start by connecting through Raspberry PI 1 first, then Raspberry PI 3.


Speeds as seen through OpenVPN via Raspberry PI 1. 
          Microsoft Windows [Version 6.1.7601]
          Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

          D:\Users\User\Downloads\iperf-3.1.3-win64>iperf3.exe -c 192.168.100.51 -t 10
          Connecting to host 192.168.100.51, port 5201
          [  4] local 172.16.11.123 port 28041 connected to 192.168.100.51 port 5201
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-1.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   1.00-2.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   2.00-3.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   3.00-4.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   4.00-5.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   5.00-6.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   6.00-7.00   sec   768 KBytes  6.29 Mbits/sec
          [  4]   7.00-8.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   8.00-9.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   9.00-10.00  sec   768 KBytes  6.29 Mbits/sec
          - - - - - - - - - - - - - - - - - - - - - - - - -
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-10.00  sec  8.75 MBytes  7.34 Mbits/sec                  sender
          [  4]   0.00-10.00  sec  8.66 MBytes  7.26 Mbits/sec                  receiver

          iperf Done.

          D:\Users\User\Downloads\iperf-3.1.3-win64>iperf3.exe -c 192.168.100.51 -t 10
          Connecting to host 192.168.100.51, port 5201
          [  4] local 172.16.11.123 port 1041 connected to 192.168.100.51 port 5201
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-1.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   1.00-2.00   sec  1.00 MBytes  8.38 Mbits/sec
          [  4]   2.00-3.00   sec   896 KBytes  7.35 Mbits/sec
          [  4]   3.00-4.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   4.00-5.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   5.00-6.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   6.00-7.00   sec   896 KBytes  7.34 Mbits/sec
          [  4]   7.00-8.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   8.00-9.00   sec  1.00 MBytes  8.39 Mbits/sec
          [  4]   9.00-10.00  sec   896 KBytes  7.34 Mbits/sec
          - - - - - - - - - - - - - - - - - - - - - - - - -
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-10.00  sec  9.50 MBytes  7.97 Mbits/sec                  sender
          [  4]   0.00-10.00  sec  9.41 MBytes  7.89 Mbits/sec                  receiver

          iperf Done.

Speeds as seen through OpenVPN via Raspberry PI 3. 
          D:\Users\User\Downloads\iperf-3.1.3-win64>iperf3.exe -c 192.168.100.51 -t 10
          Connecting to host 192.168.100.51, port 5201
          [  4] local 172.16.11.123 port 1080 connected to 192.168.100.51 port 5201
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-1.00   sec  2.00 MBytes  16.8 Mbits/sec
          [  4]   1.00-2.00   sec  3.75 MBytes  31.5 Mbits/sec
          [  4]   2.00-3.00   sec  3.88 MBytes  32.5 Mbits/sec
          [  4]   3.00-4.00   sec  3.75 MBytes  31.5 Mbits/sec
          [  4]   4.00-5.00   sec  4.00 MBytes  33.6 Mbits/sec
          [  4]   5.00-6.00   sec  2.75 MBytes  23.1 Mbits/sec
          [  4]   6.00-7.00   sec  2.50 MBytes  21.0 Mbits/sec
          [  4]   7.00-8.00   sec  3.38 MBytes  28.3 Mbits/sec
          [  4]   8.00-9.00   sec  4.00 MBytes  33.6 Mbits/sec
          [  4]   9.00-10.00  sec  3.88 MBytes  32.5 Mbits/sec
          - - - - - - - - - - - - - - - - - - - - - - - - -
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-10.00  sec  33.9 MBytes  28.4 Mbits/sec                  sender
          [  4]   0.00-10.00  sec  33.8 MBytes  28.3 Mbits/sec                  receiver

          iperf Done.

          D:\Users\User\Downloads\iperf-3.1.3-win64>iperf3.exe -c 192.168.100.51 -t 10
          Connecting to host 192.168.100.51, port 5201
          [  4] local 172.16.11.123 port 1099 connected to 192.168.100.51 port 5201
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-1.00   sec  4.00 MBytes  33.6 Mbits/sec
          [  4]   1.00-2.00   sec  2.00 MBytes  16.8 Mbits/sec
          [  4]   2.00-3.00   sec  4.00 MBytes  33.6 Mbits/sec
          [  4]   3.00-4.00   sec  3.88 MBytes  32.5 Mbits/sec
          [  4]   4.00-5.00   sec  3.88 MBytes  32.5 Mbits/sec
          [  4]   5.00-6.00   sec  3.38 MBytes  28.3 Mbits/sec
          [  4]   6.00-7.00   sec  3.00 MBytes  25.2 Mbits/sec
          [  4]   7.00-8.00   sec  3.62 MBytes  30.4 Mbits/sec
          [  4]   8.00-9.00   sec  4.12 MBytes  34.6 Mbits/sec
          [  4]   9.00-10.00  sec  4.38 MBytes  36.7 Mbits/sec
          - - - - - - - - - - - - - - - - - - - - - - - - -
          [ ID] Interval           Transfer     Bandwidth
          [  4]   0.00-10.00  sec  36.2 MBytes  30.4 Mbits/sec                  sender
          [  4]   0.00-10.00  sec  36.2 MBytes  30.3 Mbits/sec                  receiver

          iperf Done.

Summary:
we can see, the Raspberry PI 3 offers much better speeds for a OpenVPN server.

Sources: None

Tagged as: LinuxRoutersNetwork

ESXi Scripted USB Install

ESXi Scripted USB Install

-31st of December 2015

Getting started

This article will contain a technical description of creating, and auto-creating scripted ESXi installs from USB. The USB drive we will be using for the install will be partitioned into three partitions labeled INSTALL, CONFIG and SETUP.

The first partition (INSTALL) will be a FAT32 partition and contain the ESXi installer files, the scripts to automate the installer, syslinux bootloader and a tftp client to download configuration we need to automatically set up our ESXi host. The second parttion (CONFIG) will be a FAT16 partition that contains patches that we will use to patch our installation automatically (ESXi only mounts FAT16 partitions locally), log files from the installation will be stored here, and a configuration file downloaded from our TFTP server will be placed here. The third and last partition (SETUP) will be a NTFS partition that will contain any script files or setup installers that we might need for later usage when working with our ESXi server that we have auto-installed.

The setup procdure will be described as performed in Linux, by using BASH scripts. This can also be done in Windows, but will require other technical expertise to acquire this, and is not described here. The whole automation is performed for VMware ESXi 5.5. Be aware that usage of the scripts shown here and the information given here, is at own risk. The writer assumes that the reader has the necessary skills to perform this safely, without the loss of data.

1. Downloading the TFTP client source code and compiling it for use

To make our TFTP client work in an ESXi environment, we need to compile it statically in an OS environment that is as similar to an ESXi as we can get it. Even though ESXi is not Linux, the closest we will get is with Centos 6.x. In this example we will use Centos 6.7 for i386 architecture for compiling the code. Compiling the code statically makes linked libraries included in the compiled result, which makes us able to run the compiled code on the ESXi even if a needed code library might be missing there. This is true to a certain degree. Some TFTP clients depend heavily on code frameworks and other libraries, that don't get included in the compiled code even when we compile the code statically. This is why we want to find a light-weight TFTP client that depends mostly on its own code and uses only standard C-libraries as much as possible. In the search of such an client, I have picked a TFTP client writte by Ian Foster. To improve the client as I wanted, I rewrote it as shown here. The improvements made to the client are described in the readme and the comments in the code. Clone the code from Ian Foster, and replace tftpclient.c with my altered code found here.

After installing and setting up Cento 6.x and downloading the TFTP client code on to it, you will need to install the builder tools needed to compile the TFTP client:
					yum install build-essential gcc make
Then head on over to the folder where you have placed the TFTP source code and compile it:
					make CFLAGS="-static" EXEEXT="-static"
Now you will have the compiled tftp client (a file without a filename extension) in the same folder as where you compiled the code. We now need to create a compressed tar ball and convert that into a t00 file that we will include in the ESXi installer to be installed with the rest of the system. Please see the example script below. Read through it, it does contain more actions then you need. I kept these there for inspiration of possible technical solutions. Edit the scrpt for your own needs.
					#! /bin/bash

					mkdir -p /tmp/ovf/files
					mkdir -p /tmp/ovf/tools
					mkdir -p /tmp/ovf/bin
					mkdir -p /tmp/ovf/bin/tftp
					
					rm -rf /tmp/tftp
					mkdir -p /tmp/tftp
					cd /tmp/tftp
					#We have our compiled TFTP code in tftp-compiled.tar.gz, copy it here:
					cp /usr/arbitrarylocation/tftp-compiled.tar.gz .
					tar xzvf tftp-compiled.tar.gz
					rsync -au /tmp/tftp/* /tmp/ovf/bin/tftp/
					
					#We are including ovf-tool with our ESXi installer:
					rsync -au /usr/lib/vmware-ovftool/* /tmp/ovf/tools/
					sed -i 's/bash/sh/' /tmp/ovf/tools/ovftool
					
					#We are including a private and public key for use with automatic SSH authentication:
					cp /usr/arbitrarylocation/deployment_rsa /tmp/ovf/files/deployment_rsa
					cp /usr/arbitrarylocation/esxi/deployment_rsa.pub /tmp/ovf/files/deployment_rsa.pub

					#Now create the t00 file:
					cd /tmp
					tar cf ovf.tar ovf
					gzip -9 ovf.tar
Here /mnt/usb/ovf-00.t00 is the file we are going to include in our VMware ESXi installer. We will later copy that file to the INSTALL partition that we have made, and later we will refer to it via boot.cfg. This same file also refers to ks.cfg, which will be our kickstart installer script to setup the ESXi.

2. Partitioning the disk and installing Syslinux on the INSTALL(boot) partition

The following BASH script will partition your USB disk for you. Be aware that will will wipe everythig on it. To run it, paste the code in a textfile and make it executeable:
chmod 755 nameOfScript.sh
The script to do the partitioning is as follows: 
					#!/bin/bash
					DISKPARTITION=$1

					if [ -z "$DISKPARTITION" ]; then
						echo -e "\e[31mError: Invalid arguments $0 \e[0m"
						echo -e "Example usage: $0 sdc"
						echo -e "First argument is disk to partition."
						exit 1
					fi
					if mount | grep -E '(^| )/mnt/usb( |$)' > /dev/null; then
						umount /mnt/usb
					fi

					echo -e "\e[35m **Wiping out all partitions on /dev/$DISKPARTITION .. \e[0m"
					dd if=/dev/zero of=/dev/$DISKPARTITION  bs=512  count=1
					echo -e "\e[35m **Creating three new partitions on $DISKPARTITION \e[0m"
					echo -e "d\nn\np\n1\n2048\n+1GB\nn\np\n2\n\n+1GB\nn\np\n3\n\n\nt\n1\nb\nt\n2\n6\nt\n3\n7\nw\n" | fdisk /dev/$DISKPARTITION > /dev/null

					echo -e "\e[35m **Formatting partitions .. \e[0m"
					/sbin/mkfs.vfat -F 32 -n INSTALL /dev/${DISKPARTITION}1
					/sbin/mkfs.vfat -F 16 -n CONFIG /dev/${DISKPARTITION}2
					mkfs.ntfs -L SETUP -f /dev/${DISKPARTITION}3
Next we need to install our bootloader, Syslinux to our USB disk. This will make it bootable. Please note that the version of VMware ESXi you are using might only support certain versions of Syslinux. In this example, Syslinux 4.05 was used for usage with ESXi 5.5. 
					#!/bin/bash
					DISKPARTITION=$1
					if [ -z "$DISKPARTITION" ]; then
						echo -e "\e[31mError: Did not receive argument for disk partition in $0 \e[0m"
						echo -e "Example usage: $0 sdc"
						exit 1
					fi
					echo -e "\e[35m **Removing any possible GPT data on /dev/$DISKPARTITION.. \e[0m"
					sgdisk --zap /dev/$DISKPARTITION
					echo -e "\e[35m **Installing syslinux to /dev/${DISKPARTITION}1.. \e[0m"
					syslinux -i /dev/${DISKPARTITION}1
					echo -e "\e[35m **Copying in mbr to /dev/$DISKPARTITION.. \e[0m"
					dd conv=notrunc bs=440 if=/usr/lib/syslinux/mbr.bin of=/dev/$DISKPARTITION
					echo -e "\e[35m **Setting bootflag on parted /dev/$DISKPARTITION.. \e[0m"
					parted /dev/$DISKPARTITION set 1 boot on

3. Set up scripts and configuration files for an automated bootable installation

The following script will copy in all files from the VMware ESXi ISO, provided that it is available under /dev/cdrom (a mounted iso in a virtual machine, for instance). When this is done, we create syslinux.cfg to tell Syslinux how to and what to boot. 
					#!/bin/bash
					echo -e "\e[35m **Starting section where we copy in from ESXi ISO to ESXI USB.. \e[0m"
					DISKPARTITION=$1
					if [ -z "$DISKPARTITION" ]; then
						echo -e "\e[31mError: Did not receive argument for disk partition in $0 \e[0m"
						echo -e "Example usage: $0 sdc"
						exit 1
					fi

					if [ ! -z "$DISKPARTITION" ]; then
						if [ ! -d "/mnt/usb" ]; then 
							mkdir -p /mnt/usb
						fi
						if mount | grep -E '(^| )/mnt/usb( |$)' > /dev/null; then
							umount /mnt/usb
						fi
						mount -t vfat /dev/${DISKPARTITION}1 /mnt/usb
						if mount | grep -E '(^| )/mnt/usb( |$)' > /dev/null; then
							echo -e "\e[35m **Usb successfully mounted, starting copy..\e[0m" 
							if mount | grep /mnt/cdrom > /dev/null; then
								umount /mnt/cdrom
							fi
							mount /dev/cdrom /mnt/cdrom
							rsync -au /mnt/cdrom/ /mnt/usb/
							echo -e "\e[35m **Copy done, setting up syslinux.cfg..\e[0m" 
							cp /mnt/cdrom/isolinux.cfg /mnt/usb/syslinux.cfg
							sed -i 's|menu.c32|mboot.c32|' /mnt/usb/syslinux.cfg
							#Place the t00 file we created earlier, on the INSTALL partition:
							mv /tmp/ovf.tar.gz /mnt/usb/ovf-00.t00
							chmod 777 /mnt/usb/ovf-00.t00
						fi
						if mount | grep -E '(^| )/mnt/usb( |$)' > /dev/null; then
							umount /mnt/usb
						fi
						if mount | grep /mnt/cdrom > /dev/null; then
							umount /mnt/cdrom
						fi
					fi
Here below is a script that places our custom BOOT.CFG and KS.CFG at the usb installation media. BOOT.CFG is pointed to by syslinux.cfg and contains information about the installer we are going to use, what files it will load and with what settings. It is in BOOT.CFG we will place the name of the t00 package we created with our TFTP client after copying the file to the USB disk. BOOT.CFG also points to KS.CFG which is the script that performs the ESXi installation, uses the TFTP client we compiled and sets up the ESXi server. 
					#!/bin/bash
					echo -e "\e[35m **Copying ESXi kickstart files.. \e[0m"
					DISKPARTITION=$1

					if [ -z "$DISKPARTITION" ]; then
						echo -e "\e[31mError: invalid arguments in $0 \e[0m"
						echo -e "Example usage: $0 sdc"
						exit 1
					fi
					if mount | grep -E '(^| )/mnt/usb( |$)' > /dev/null; then
						umount /mnt/usb
					fi
					mount -t vfat /dev/${DISKPARTITION}1 /mnt/usb

					echo -e "\e[35m       HP setup files are being copied..\e[0m"
					cp /usr/arbitraryLocation/BOOT.CFG /mnt/usb/BOOT.CFG
					cp /usr/arbitraryLocation/KS.CFG /mnt/usb/KS.CFG
The following example of BOOT.CFG is from the HP custom ESXi 5.5 ISO. We have added our t00 file to the modules list, specified our kickstart script, and added initial IP-address configuration to the host. This configuration is then repeated in KS.CFG, and is the configuration first needed to talk to the TFTP server on our network to fetch a text file with information regarding the final IP-address configuration of the host. You should not copy the BOOT.CFG file below, but use it as an example on how to configure your own BOOT.CFG from the ISO you are automating your installation. The modules list might be different for different versions of ESXi, or different vendor builds. 
					bootstate=0
					title=Automated ESXi Installer
					kernel=/tboot.b00
					kernelopt=runweasel ks=usb:/KS.CFG bootProto=static addvmportgroup=0 netdevice=vmnic0 ip=172.10.12.12 netmask=255.255.0.0 
						gateway=172.10.15.20 hostname=ESXiHost1 vlanid=100 nameserver=8.8.8.8
					modules=/b.b00 --- /jumpstrt.gz --- /useropts.gz --- /k.b00 --- /chardevs.b00 --- /a.b00 --- /user.b00 --- /sb.v00 --- /s.v00  
						--- /misc_cni.v00 --- /net_bnx2.v00 --- /net_bnx2.v01 --- /net_cnic.v00 --- /net_tg3.v00 --- /scsi_bnx.v00 --- /scsi_bnx.v01 
						--- /scsi_bfa.v00 --- /elxnet.v00 --- /ima_be2i.v00 --- /lpfc.v00 --- /scsi_be2.v00 --- /char_hpc.v00 --- /char_hpi.v00 
						--- /hp_ams.v00 --- /hp_build.v00 --- /hp_conre.v00 --- /hp_esxi_.v00 --- /hp_smx_p.v00 --- /hpbootcf.v00 --- /hpnmi.v00 
						--- /hponcfg.v00 
						--- /hpssacli.v00 --- /hptestev.v00 --- /scsi_hpd.v00 --- /scsi_hps.v00 --- /scsi_hpv.v00 --- /net_igb.v00 --- /net_ixgb.v00 
						--- /scsi_mpt.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_mst.v00 --- /ima_qla4.v00 --- /net_nx_n.v00 --- /net_qlcn.v00 
						--- /qlnative.v00 --- /scsi_qla.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 
						--- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /ehci_ehc.v00 --- /weaselin.t00 --- /esx_dvfi.v00 
						--- /xlibs.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /lsi_mr3.v00 --- /lsi_msgp.v00 --- /misc_dri.v00 
						--- /mtip32xx.v00 
						--- /net_be2n.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_forc.v00 --- /net_vmxn.v00 --- /ohci_usb.v00
						--- /rste.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 
						--- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_lpf.v00 
						--- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v01 --- /uhci_usb.v00 
						--- /tools.t00 --- /xorg.v00 --- /ovf-00.t00 --- /imgdb.tgz --- /imgpayld.tgz
					build=
					updated=0
Below is the last script for the automation. It partitions the disks of a HP GEN 8 server (different commands might be correct for a different server, test your own setup for the setup you need), sets the password, the initial IP configuration, decides what path our CONFIG partition is using, copies over patches and logs, performs the patching, downloads IP configuration from TFTP, sets the final IP configuration, and also assigns a license to the ESXi host. As you may imagine, a lot more can be done with these scripts. For instance creating standard switches and port groups with esxcli commands, amongst other things. The localcli command is used instead of esxcli when the ESXi server is not fully started yet. 
					###############PRE INSTALL SECTION##############################################################
					accepteula
					clearpart --firstdisk='HP iLO' --overwritevmfs
					clearpart --firstdisk=HP --overwritevmfs
					partition datastore1 --onfirstdisk=HP
					install --firstdisk='HP iLO' --novmfsondisk --overwritevmfs
					rootpw passord1
					network --bootproto=static --addvmportgroup=0 --device=vmnic0 --ip=172.10.12.12 --netmask=255.255.0.0 
						--gateway=172.10.15.20 --hostname=ESXiHost1 --vlanid=100 --nameserver=8.8.8.8

					###############POST INSTALL SECTION#############################################################
					%post --interpreter=busybox --ignorefailure=true
					POSTLOG="/vmfs/volumes/datastore1/postInstallKickStartLog.log"
					PATCHFILE="ESXI550-201505002.ZIP"
					
					echo "# Copying the ovf tool and custom tftp client to the correct location.." >> $POSTLOG 2>> $POSTLOG
					cp -R /ovf /vmfs/volumes/datastore1/ >> $POSTLOG 2>> $POSTLOG
					
					echo "#Stopping usbarbitrator and rescaning for storage.." >> $POSTLOG 2>> $POSTLOG
					/etc/init.d/usbarbitrator stop >> $POSTLOG 2>> $POSTLOG

					echo "#Disabling the firewall, neeed for TFTP client to work.." >> $POSTLOG 2>> $POSTLOG
					localcli network firewall set --enabled false  >> $POSTLOG 2>> $POSTLOG

					if [ -d "/vmfs/volumes/NO NAME/" ]; then
						USBDIRECTORY="/vmfs/volumes/NO NAME"
					else
						USBDIRECTORY="/vmfs/volumes/CONFIG"
					fi

					echo "Decided to use $USBDIRECTORY as path to the USB Device" >> $POSTLOG 2>> $POSTLOG
					
					echo "#Getting the config file from the TFTP server to datastore.." >> $POSTLOG 2>> $POSTLOG
					cd /vmfs/volumes/datastore1/ovf
					/vmfs/volumes/datastore1/ovf/bin/tftp/tftpclient -h 172.10.15.20 -p 69 -r servers.txt >> $POSTLOG 2>> $POSTLOG

					echo "#Getting the config file from the tftp server to FAT16 storage.." >> $POSTLOG 2>> $POSTLOG
					cd "$USBDIRECTORY/"
					/vmfs/volumes/datastore1/ovf/bin/tftp/tftpclient -h 172.10.15.20 -p 69 -r servers.txt >> $POSTLOG 2>> $POSTLOG

					echo "#Copying in servers.txt from USB to datastore, to make the version saved on USB disk the one with presedence.." >> $POSTLOG 2>> $POSTLOG
					echo "#If this fails, we hope that the previous download from the TFTP server to datastore will have done the trick.." >> $POSTLOG 2>> $POSTLOG
					cp "$USBDIRECTORY/SERVERS.TXT" /vmfs/volumes/datastore1/ovf/SERVERS.TXT >> $POSTLOG 2>> $POSTLOG
					
					echo "#Copying in patch to datastore.." >> $POSTLOG 2>> $POSTLOG
					cp "$USBDIRECTORY/PATCHES/$PATCHFILE" /vmfs/volumes/datastore1/ovf/files/$PATCHFILE >> $POSTLOG 2>> $POSTLOG
					
					echo "#Copying in weasel.log to USB disk and datastore1.." >> $POSTLOG 2>> $POSTLOG
					cp /var/log/weasel.log "$USBDIRECTORY/LOGS/weasel.log" >> $POSTLOG 2>> $POSTLOG
					cp /var/log/weasel.log /vmfs/volumes/datastore1/weasel.log >> $POSTLOG 2>> $POSTLOG

					echo "#Copying in POSTLOG to USB disk.." >> $POSTLOG 2>> $POSTLOG
					cp $POSTLOG "$USBDIRECTORY/LOGS/postInstallKickStartLog.log" >> $POSTLOG 2>> $POSTLOG
					cp /tmp/*.txt "$USBDIRECTORY/LOGS/" >> $POSTLOG 2>> $POSTLOG
					cp /var/log/*.log "$USBDIRECTORY/LOGS/" >> $POSTLOG 2>> $POSTLOG

					echo "#Rebooting the host..." >> $POSTLOG 2>> $POSTLOG
					reboot
					
					###############FIRSTBOOT SECTION##############################################################
					%firstboot --interpreter=busybox
					sleep 30
					echo "# Ensure hostd is ready" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					while ! vim-cmd hostsvc/runtimeinfo; do
					sleep 10
					done

					echo "#Stopping usbarbitrator and rescaning for storage.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					/etc/init.d/usbarbitrator stop >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					FIRSTBOOTLOG="/vmfs/volumes/datastore1/firstBootKickStartLog.log"
					PATCHFILE="ESXI550-201505002.ZIP"

					echo "#Enabling & starting the ESXi Shell.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					vim-cmd hostsvc/enable_esx_shell >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					vim-cmd hostsvc/start_esx_shell  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					if [ -d "/vmfs/volumes/NO NAME/" ]; then
						USBDIRECTORY="/vmfs/volumes/NO NAME"
					else
						USBDIRECTORY="/vmfs/volumes/CONFIG"
					fi

					echo "Decided to use $USBDIRECTORY as path to the USB Device" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Assigning license.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					vim-cmd vimsvc/license --set 00000-520EQ-00000-01DR0-00000  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Gathering information from configuration file.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					ESXiHostname=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f1`
					ESXiIpAddress=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f2`
					ESXiSubnet=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f3`
					ESXiGateway=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f4`
					ESXiSubnetID=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f5`
					ESXiVLAN=`more /vmfs/volumes/datastore1/ovf/servers.txt | grep esx1 | cut -d';' -f6`

					echo "Acquired ESXiHostname: $ESXiHostname" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					echo "Acquired ESXiIpAddress: $ESXiIpAddress" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					echo "Acquired ESXiSubnet: $ESXiSubnet" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					echo "Acquired ESXiGateway: $ESXiGateway" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					echo "Acquired ESXiSubnetID: $ESXiSubnetID" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					echo "Acquired ESXiVLAN: $ESXiVLAN" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Setting the IP address configuration on the host.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					esxcli system hostname set --host=$ESXiHostname  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					esxcli network ip interface ipv4 set --interface-name vmk0 --type static --ipv4 $ESXiIpAddress --netmask $ESXiSubnet  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					esxcli network vswitch standard portgroup set -p "Management Network" --vlan-id $ESXiVLAN  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					esxcli network ip set --ipv6-enabled false >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					
					echo "#Patching the host.."  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					esxcli software vib install -d "/vmfs/volumes/datastore1/ovf/files/$PATCHFILE" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Cleaning up the patch source when we are done.."
					rm -f /vmfs/volumes/datastore1/ovf/files/$PATCHFILE

					echo "#Backup ESXi configuration to persist changes" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					/sbin/auto-backup.sh >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					
					echo "#Copy %first boot script logs to persisted datastore" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					cp /var/log/hostd.log "/vmfs/volumes/datastore1/firstboot-hostd.log" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					cp /var/log/esxi_install.log "/vmfs/volumes/datastore1/firstboot-esxi_install.log" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Attempting to copy %first boot script logs to USB if the USB disk is available.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					cp /var/log/hostd.log "$USBDIRECTORY/LOGS/firstboot-hostd.log" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					cp /var/log/esxi_install.log "$USBDIRECTORY/LOGS/firstboot-esxi_install.log" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Attempting to copy FIRSTBOOTLOG to USB if the USB disk is available.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					cp $FIRSTBOOTLOG "$USBDIRECTORY/LOGS/firstBootKickStartLog.log" >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

					echo "#Host configuration done! Rebooting.." >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG
					sleep 180
					reboot -n -f  >> $FIRSTBOOTLOG 2>> $FIRSTBOOTLOG

4. Copy in any tools needed to the SETUP partition

The setup patition may contain any ovf images you would need to deploy on your host.
These may be ovf-tools, PowerCli, Powershell scripts or other tools needed for the last touch of the host that you just deployed automatcally.
This partition is a NTFS partition that fills up the rest of the USB disk. Populating this partition with content would be up to the administrator that is going to use it.

All these sections will sum up an automated USB based deployment. Please comment your experiences with this setup below.

Source: VMware and github.

Tagged as: VMWareScriptsRouters
Main page
Security
Crypto
Microsoft
Linux
Scripts
VMWare Hyper-V General
Taglist
Active Directory
Citrix
Commands
Cryptography
General
Hyper-V
Linux
Network
Scripts
SQL 2008
SQL 2016
Tools
VMWare
Games
HowTo
Routers