-
Notifications
You must be signed in to change notification settings - Fork 0
/
glm-kickstart.cfg.template
358 lines (315 loc) · 12.4 KB
/
glm-kickstart.cfg.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
#------------------------------------------------------------------------
# (C) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
#------------------------------------------------------------------------
# NOTE: During the initial scripted VMware install will use the iLO display,
# keyboard, etc and there will be no input/output on the serial console.
# See: Installation and Upgrade Script Commands
# https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.upgrade.doc/GUID-61A14EBB-5CF3-43EE-87EF-DB8EC6D83698.html
# Required: Accepts the ESXi license agreement.
vmaccepteula
# Required: Sets the root password for the system.
rootpw --iscrypted %ROOTPW%
{{/* Determine if the Machine/Host has a RAID logical volume setup */}}
{{/* and get the RAID logical volume ID (either UUID/NAA or EUI) and use below */}}
{{- $raiduuid := "" }}
{{- $euiraid := "" }}
{{- if .DeviceLayouts}}
# .DeviceLayouts: {{.DeviceLayouts}}
{{- range .DeviceLayouts}}
# .Device: {{.Device}}
{{- if uuid .Device}}
# Logical Volume Found via UUID/NAA: {{.Device}}
{{- $raiduuid = .Device}}
{{- end}}
{{- if hasprefix .Device "eui."}}
# Logical Volume Found via EUI: {{.Device}}
{{- $euiraid = trimprefix .Device "eui."}}
{{- end}}
{{- end}}
{{- end}}
# Clears any existing partitions on either the specific
# RAID logical volume or the first disk.
{{- if $raiduuid}}
clearpart --drives=naa.{{lower $raiduuid}} --overwritevmfs
{{- else }} {{- if $euiraid}}
clearpart --drives=t10.NVMe____HPE_NS204i2Dp_Gen102B_Boot_Controller_____{{euiswap (lower $euiraid)}} --overwritevmfs
{{- else}}
clearpart --firstdisk=local --overwritevmfs
{{- end}}{{- end}}
# Specifies that this is a fresh installation on either the specific
# RAID logical volume or the first disk.
{{- if $raiduuid}}
install --disk=naa.{{lower $raiduuid}} --overwritevmfs
{{- else }} {{- if $euiraid}}
install --disk=t10.NVMe____HPE_NS204i2Dp_Gen102B_Boot_Controller_____{{euiswap (lower $euiraid)}} --overwritevmfs
{{- else}}
install --firstdisk=local --overwritevmfs
{{- end}}{{- end}}
# Set hostname based on the HPE Metal configured Host hostname
{{- $hostname := (printf "%s%s" .Name ".local") }}
{{- if contains .Name "." }}
{{ $hostname := .Name }}
{{- end }}
{{- range $index, $conn := .Connections}}
# Expecting tagged Network setup
# Setup vmKernel first
{{- range $network := $conn.Networks}}
{{- if or (eq .Name "Public") (eq .Purpose "vmKernel")}} {{/* Looking for network named Public or Purpose set to vmKernel */}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
network --bootproto=static --addvmportgroup=0 --ip={{.Base}} --netmask={{.Netmask}} --vlanid={{$network.VID}} --gateway={{.Gateway}} --hostname={{$hostname}}
{{- end}}
{{- end}}
{{- end}}
{{- end}}
{{- end}}
# The following commands are run only once after the ESXi installation
# is complete.
# NOTE: during the %post section we are still connected to the GLM
# Provisioning network using DHCP, and will not be connected to the GLM
# Host Network(s) with static IP's until the power off and GLM has
# connect this host to its GLM Host Network(s) and powered the server
# back on.
%post --interpreter=busybox --ignorefailure=true
# Save installation logs.
mkdir /vmfs/volumes/datastore1/install-logs
cp /var/log/* /vmfs/volumes/datastore1/install-logs
# Save the kickstart file(s).
mkdir /vmfs/volumes/datastore1/kickstart
find / > /vmfs/volumes/datastore1/kickstart/find.lst
ls -lR / > /vmfs/volumes/datastore1/kickstart/ls-lR.lst
find / -name ks.cfg > /vmfs/volumes/datastore1/kickstart/ks.cfg.lst
# Copy the HPE GLM KICKSTART FILE
HPE_GLM_KICKSTART=$(awk '/INFO.*Using ScriptedInstall file:/ { print $NF }' /var/log/esxi_install.log | uniq)
if [ -f "$HPE_GLM_KICKSTART" ]; then
cp $HPE_GLM_KICKSTART /vmfs/volumes/datastore1/
fi
# All done power off the ESXi so that GLM will recognize that we are done deploying ESXi.
/bin/poweroff -n
########################################################################
# The following commands are run only once after installation is complete.
%firstboot --interpreter=busybox
sleep 30
keyboard us
lang en_US
langsupport --default
timezone America/Chicago
# Redirect serial console. This allows remote console access via
# HPE Metal Portal. Note that the serial console starts working after
# the 2nd boot following installation, so there will be a time where nothing
# comes out of the console after installation complete and before 2nd boot.
# Note: ESXi Shell is tty1Port. Haven't found a way to get
# both tty1Port and tty2Port on com2 at the same time.
esxcli system settings kernel set -s gdbPort -v none
esxcli system settings kernel set -s logPort -v none
esxcli system settings kernel set -s com2_baud -v 115200
esxcli system settings kernel set -s tty2Port -v com2
# Set up NTP based on the HPE Metal configured Host hostname
{{- $ntp := ""}}
{{- range .Connections }}
{{- if gt .UntaggedNet.VID 0 }}
{{- range .UntaggedNet.Ranges }}
{{- if .NTP}}
{{- $ntp = .NTP}}
{{- end}}
{{- end}}
{{- end}}
{{- range .Networks }}
{{- range .Ranges }}
{{- if .NTP}}
{{- $ntp = .NTP}}
{{- end}}
{{- end}}
{{- end}}
{{- end}}
{{- if $ntp}}
{{- range $ntp}}
echo "server {{.}}" >> /etc/ntp.conf
{{- end}}
{{- end}}
/sbin/chkconfig ntpd on
esxcli network firewall ruleset set --ruleset-id ntpClient --enabled yes
/etc/init.d/ntpd start
## NTP Synchronization
sed '$ a\tos maxdist 30' -i /etc/ntp.conf
/etc/init.d/lwsmd start
# Install HPE Metal SSH authorized keys for root user.
{{- if .SSHKeys }}
{{- range $key := .SSHKeys}}
echo "{{$key}}" >> /etc/ssh/keys-root/authorized_keys
{{- end}}
{{end}}
# enable ESXi Shell & SSH access.
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh
#Setup Network Configuration to select correct NIC when ESXi is installed
esxcli network vswitch standard uplink remove --uplink-name=vmnic0 --vswitch-name=vSwitch0
# get the Initiator IQN
{{- $host_iqn := .InitiatorName}}
{{- $chap_user := .CHAPUser}}
{{- $chap_secret := .CHAPSecret}}
{{- range $index, $conn := .Connections}}
# Add configured links
{{- range .Interfaces}}
esxcli network vswitch standard uplink add --uplink-name=$(esxcli network nic list | grep -i {{.HWAddr}} | awk -F " " '{ print $1 }') --vswitch-name=vSwitch0
{{- end}}
# Setup other Networks
{{- range $network := $conn.Networks}}
{{- if or (eq .Name "Public") (eq .Purpose "vmKernel")}}
esxcfg-vswitch -A "FS Mgmt" vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p "FS Mgmt"
{{- else if or (eq .Name "Storage-Client") (eq .Purpose "iSCSI-A")}}
esxcfg-vswitch -A "iSCSI-A" vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p "iSCSI-A"
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} -m 9000 {{$network.Purpose}}
{{- end}}
{{- end}}
# Enable software iSCSI adapter
esxcli iscsi software set --enabled=true
# Setup host iqn
hba=`esxcli iscsi adapter list | tail -n +3 | cut -d" " -f1`
esxcli iscsi adapter set -A $hba -n {{$host_iqn}}
# Setup adapter CHAP secret
esxcli iscsi adapter auth chap set --direction=uni --authname={{$chap_user}} --secret={{$chap_secret}} --level=preferred --adapter $hba
{{- else if (eq .Purpose "iSCSI-B")}}
esxcfg-vswitch -A {{.Purpose}} vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p {{.Purpose}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} -m 9000 {{$network.Purpose}}
{{- end}}
{{- end}}
{{- else if (eq .Purpose "External" "vCHA" "Backup")}}
esxcfg-vswitch -A {{.Purpose}} vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p {{.Purpose}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} {{$network.Purpose}}
{{- end}}
{{- end}}
{{- else if (eq .Purpose "vmFT")}}
esxcfg-vswitch -A {{.Purpose}} vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p {{.Purpose}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} {{$network.Purpose}}
{{- end}}
{{- end}}
nic=`esxcfg-vmknic -l | grep IPv4 | grep vmFT | cut -d" " -f1`
vim-cmd hostsvc/advopt/update FT.Vmknic string $nic
{{- else if (eq .Purpose "Telemetry")}} {{/* Looking for Purpose set to Telemetry */}}
esxcfg-vswitch -A {{.Purpose}} vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p {{.Purpose}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} {{$network.Purpose}}
PASSWD=$(esxcli hardware platform get | awk '/ Serial Number:/ { print "H" tolower($3) "P" toupper($3) "E!" }')
esxcli system account add -d "Telemetry" -i "vspherews" -p $PASSWD -c $PASSWD
esxcli system permission set -i "vspherews" -r ReadOnly
{{- end}}
{{- end}}
{{- end}}
{{- end}}
# Another loop for vMotion to avoid selecting different network stack
{{- range $network := $conn.Networks}}
{{- if (eq .Purpose "vMotion")}}
esxcfg-vswitch -A {{.Purpose}} vSwitch0
esxcfg-vswitch vSwitch0 -v {{.VID}} -p {{.Purpose}}
{{- range $index2, $range := .Ranges}} {{/* Only taking 1st IP Address (Base) */}}
{{- if eq $index2 0}}
esxcfg-vmknic -a -i {{.Base}} -n {{.Netmask}} {{$network.Purpose}}
{{- end}}
{{- end}}
nic=`esxcfg-vmknic -l | grep IPv4 | grep vMotion | cut -d" " -f1`
vim-cmd hostsvc/vmotion/vnic_set $nic
{{- end}}
{{- end}}
{{- end}}
# setup GW & DNS server, leveraged from Linux cloud-init network setup
{{ if .Connections}}
{{- range .Connections}}
{{- if gt .UntaggedNet.VID 0 }}
{{- $range_zero := index .UntaggedNet.Ranges 0}}
# set GW
esxcli network ip route ipv4 add --gateway {{$range_zero.Gateway}}
{{- if $range_zero.DNS}}
{{- range $range_zero.DNS}}
# set DNS server
esxcli network ip dns server add --server {{.}}
{{- end}}
{{- end}}
{{- if $range_zero.DNSSearchDomains}}
{{- range $range_zero.DNSSearchDomains}}
# set DNS search domain
esxcli network ip dns search add --domain {{.}}
{{- end}}
{{- end}}
{{- end}}
{{- if gt (len .Networks) 0 }}
{{- range .Networks}}
{{- $range_zero := index .Ranges 0}}
# set GW
{{- if $range_zero.Gateway}}
esxcli network ip route ipv4 add --gateway {{$range_zero.Gateway}}
{{- end}}
{{- if $range_zero.DNS}}
{{- range $range_zero.DNS}}
# set DNS server
esxcli network ip dns server add --server {{.}}
{{- end}}
{{- end}}
{{- if $range_zero.DNSSearchDomains}}
{{- range $range_zero.DNSSearchDomains}}
# set DNS search domain
esxcli network ip dns search add --domain {{.}}
{{- end}}
{{- end}}
{{- end}}
{{- end}}
{{- end}} {{/* range .Connections */}}
{{- end}} {{/* end if .Connections */}}
# collect ntp info from BMaaS host definition
# ----------------------------------------------------
{{- /* extract ntp info from HostDef struct */}}
{{- $ntp := ""}}
{{- range .Connections }}
{{- if gt .UntaggedNet.VID 0 }}
{{- range .UntaggedNet.Ranges }}
{{- if .NTP}}
{{- $ntp = .NTP}}
{{- end}}
{{- end}}
{{- end}}
{{- range .Networks }}
{{- range .Ranges }}
{{- if .NTP}}
{{- $ntp = .NTP}}
{{- end}}
{{- end}}
{{- end}}
{{- end}}
# write the /etc/ntp.conf file based on our NTP server(s)
{{- if $ntp}}
echo "restrict 127.0.0.1" > /etc/ntp.conf
echo "restrict default kod nomodify notrap" >> /etc/ntp.conf
{{- range $ntp}}
echo "server {{.}}" >> /etc/ntp.conf
{{- end}}
echo "driftfile /etc/ntp.drift" >> /etc/ntp.conf
{{- end}}
# Enable time synchronization via NTP.
services --enabled="chronyd"
{{- if .VolumeAttachments}}
esxcli iscsi adapter discovery sendtarget add --address={{.ISCSIDiscoveryAddress}} --adapter=$hba
esxcli iscsi adapter discovery rediscover -A $hba
#esxcli storage core adapter rescan -A $hba
{{- end}}
{{- if .UserData }}
# run the UserData commands in the HPE Metal host definition
{{.UserData}}
{{end}}
reboot