Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)

2010/11/13

VMware VAAI Certification Test Summary

Filed under: virtualization — Tags: , , , , , , , — iben @ 17:47

VMware VAAI Certification Test Summary

Based on the VMware VAAI Certification Guide Revision date: 20101011

This guide is intended for VMware partners who want to certify VAAI storage with ESX to claim compatibility in the VMware HCLs.

The vStorage API calls off load certain storage operations to the storage array and optimize the storage operation. They are the new application programming interfaces in the VMKernel. Using a small set of primitives or fundamental operations that can be issued to an array supporting these interfaces, ESX can improve the performance on certain storage operations such as cloning, snapshotting, mirroring, zeroing blocks, and replication.

You certify these offload operations with your storage arrays and use this certification to obtain a listing in the VMware compatibility guide:

  • Atomic Test and Set (ATS) also known as Hardware Assisted Locking: a mechanism to modify a disk sector to improve the performance of ESX updating metadata.
  • Full Copy: given a source range of LBAs, copies them into the given destination range of LBAs.
  • Block Zeroing or Write Same: zeroes out the given range of LBAs.

VAAI Certification Test Process List

  1. BlockZeroDiskTest
    1. This test verifies that when ESX uses the VAAI BlockZero primitive, an eager‐zeroed‐thick vmdk volume is created faster.
    2. The operation compares execution time with and without enabling the VAAI BlockZero primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 30 minutes
  2. BlockZeroRDMTests
    1. This test verifies that zeroing a vmdk volume on an RDM disk is performed correctly when ESX uses the VAAI BlockZero primitive. The test is run on both a non‐pass‐through RDM as well as a pass‐through RDM disk.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 5 minutes to 3 hours
  3. BlockZeroMultiOffloadTests
    1. This test verifies that simultaneous creation of virtual disks on a shared datastore from two ESX hosts with VAAI BlockZero primitive enabled functions properly.
    2. The operation is conducted with and without enabling the VAAI BlockZero primitive. The test logs note the execution times with and without the VAAI BlockZero primitive, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 10‐20 minutes
  4. FullCopyDiskTest
    1. This test verifies that when ESX uses the VAAI FullCopy primitive, a vmdk volume clones faster.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 36 hours, with a majority of the time spent verifying cloned volume contents.
  5. FullCopyRDMTests
    1. This test verifies that cloning a vmdk volume to an RDM disk is done correctly when ESX host uses the VAAI FullCopy primitive. The test is run with both a non‐pass‐through RDM as well as a pass‐through RDM disk as the destination disk.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 18 hours, with a majority of the time spent verifying cloned volume contents.
  6. FullCopyCloneVMTests
    1. This test verifies that virtual machine cloning operations function properly with the VAAI FullCopy primitive enabled.
    2. The test clones a virtual machine to both the same datastore as the source virtual machine as well as to a different datastore.
    3. The operation compares execution time with and without enabling the VAAI FullCopy primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    4. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    5. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    6. Estimated test time: 1 hour
  7. FullCopyCloneVMRDMTests
    1. This test verifies that virtual machine cloning operation from a non‐pass‐through RDM LUN to a pass‐through RDM LUN functions properly with the VAAI FullCopy primitive enabled.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times with and without the VAAI FullCopy primitive, but the time does not determine test passing or failing.
    3. The test is conducted with continuous I/O to the array under test from four virtual machines running on the ESX host.
    4. Estimated test time: 32 minutes
  8. FullCopyMultiOffloadTests
    1. This test verifies that the VAAI feature improves concurrent Full Copy from two ESX hosts.
    2. The operation is conducted with and without enabling the VAAI FullCopy primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 20 minutes
  9. ATSFileOpTests
    1. This test verifies that when ESX enables the VAAI ATS primitive, the file create, delete, read and write operations perform faster with simultaneous access to the LUN from two ESX hosts.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The test passes only if the execution time with VAAI enabled is less than with VAAI disabled.
    3. This test is conducted with no I/O to the array under test.
    4. IMPORTANT Do not run any extraneous workloads on the storage array under test during the first 30 minutes of this test to avoid the possibility of non‐constant workloads skewing the test times and causing a test failure.
    5. Estimated test time: 12‐20 minutes
  10. ATSMultiLengthFileTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, simultaneous file modifications from two ESX hosts function properly.
    2. The operation compares execution time with and without enabling the VAAI ATS primitive. The operation is conducted with and without enabling the VAAI ATS primitive. The test logs note the execution times, but the time does not determine test passing or failing.
    3. This test is conducted with no I/O to the array under test.
    4. Estimated test time: 3‐10 minutes
  11. ATSReserveTests
    1. This test verifies that when ESX hosts use the VAAI ATS primitive, file locking and unlocking modifications from two ESX hosts function properly.
    2. This test is conducted with no I/O to the array under test.
    3. Estimated test time: 3‐5 minutes

2010/03/30

Using Cryptographic Hashes to verify file download integrity

Filed under: virtualization — Tags: , , , , , , , , , , — iben @ 10:58

The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.

Vendors provide a sha-1 hash for software downloads. This enables you to verify that your downloaded files are unaltered from the original.

To confirm file integrity, use an sha-1 utility on your computer to calculate your own hash for files downloaded from the VMware web site.

If your calculated hash matches the message digest we provide, you are assured that the file was downloaded intact.

sha-1 utilities are available for Windows and Linux and Mac. Most UNIX installations provide a sha1sum command for sha-1 hashes. You may need a newer linux kernel to calculate the checksums for larger files.

The File Checksum Integrity Verifier (FCIV) can be used on Windows based products to verify sha-1 values. Please see http://support.microsoft.com/kb/841290 for details on FCIV.

Mac OS X: How to Verify a SHA-1 Digest http://support.apple.com/kb/HT1652

Instructions on checking an sha-1 checksum on a Mac:
In Finder, browse to /Applications/Utilities.
Double-click on the Terminal icon. A Terminal window will appear.
In the Terminal window, type: “openssl sha1 ” (sha1 followed by a space).
Drag the downloaded file from the Finder into the Terminal window.
Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on the vendor’s download page.

From TechNet

Windows Server 2008 R2 Standard, Enterprise, Datacenter, and Web (x64) – DVD (English)
File Name: en_windows_server_2008_r2_standard_enterprise_datacenter_web_x64_dvd_x15-50365.iso
Size: 2,858 (MB)
Date Published (UTC): 8/31/2009 10:22:24 AM
Last Updated (UTC): 1/11/2010 4:31:40 PM
SHA1: A548D6743129F2A02C907D2758773A1F6BB1BCD7
 ISO/CRC: 8F94460B

About MD5

MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity.

US-CERT says MD5 “should be considered cryptographically broken and unsuitable for further use,”and most U.S. government applications now require the SHA-2 family of hash functions.

2010/03/26

Host Profiles N1KV VDS

Filed under: virtualization — Tags: , , , , , , , , , , , — iben @ 06:21

Background to Using Host Profiles

The vDS UI also allows a phased migration of vmnics from vSS to vDS without disruption to an operational environment. VMs can be migrated from a vSS to a vDS on the fly so long as the vDS and vSS have connectivity to the same network at the same time and the origin Port Group on the vSS and destination DV Port Group on the vDS are configured to the same VLAN.

Host Profiles provide a way to migrate multiple hosts at one time. Host Profiles use a golden profile from a migrated host to propagate a configuration to a number of other hosts.

When applying a Host Profile to a host, the host must be in Maintenance Mode. This requires VMs to be either powered down or migrated to another host.

Host Profiles are most appropriate for new installations of similarly configured hosts (i.e. same number of vmnics, same vmnic to physical switch configuration, no active VMS).

The table below summarizes the deployment situations and suggested methods for migration from vSS to vDS. Note: These are suggestions only; both methods will work within the guidelines mentioned above.

Summary of Migration Methods

Table 1 – Summary of vSS to vDS Migration Methods

DeploymentSituation SuggestedMethod Details
New servers, same vmnic config, no active VMs vDS UI + HP Migrate first host with vDS UI. Take host profile and apply to remaining hosts
<5 Existing Servers, no active VMs vDS UI Small number of servers. Can use host profiles, but possibly easier to continue with vDS UI
>5 Existing servers, same vmnic configs, no active VMs vDS UI + HP Larger number of servers with similar vmnic configuration. No active VMs so can enter maintenance mode and use Host Profiles
Existing Servers, active/operational VMs vDS UI Cannot use Maintenance Mode as VMs active. Phased vmnic migration suggested to ensurecontinuity of VM communications
 Existing Servers, dissimilar vmnic configurations vDS UI Enables per host tailoring of vmnic to dvUplink PortGroup mapping
Ongoing Compliance Checking HP Non-disruptively check network settings are compliant with approved “golden” configuration

Note: vDS UI = Use vDS UI; HP = use Host Profiles; vDS + HP = use vDS UI to deploy first host and Host Profiles for remaining hosts.

Applying NIC Teaming Policies to DV Port Groups With a vSS, NIC teaming policies are defined on the virtual switch with an optional override on each Port Group definition.  With vDS, NIC teaming policies are only defined on the DV Port Groups and apply to dvUplinks, not vmnics.  The vmnics are mapped to the dvUplinks on a per host basis.  This enables each host to have a different vmnic to physical host configuration and yet use the same NIC teaming policy over all hosts spanned by the vDS.

Monitoring Hash vmnic Selection in NIC Teams

The esxtop command from the ESX console can reveal the physical NIC (vmnic) used by virtual port or VM within a NIC team.

Use esxtop to see the following information:

  • PORT-ID represents an internal port number on the virtual switch
  • USED-BY column shows what that port number is used by (e.g. VMkernel, VM, etc)
  • TEAM-PNIC column shows what physical nic (vmnic) is being used for traffic from that virtual port (the result of the hash within the NIC team)
  • The remaining columns indicate the Receive and Transmit traffic rates on those ports.

To use esxtop, type esxtop from the ESX console and then type n.

A list of commands for the ESX command line interface is published in Chapter 6 of the ESX 4.0 Configuration Guide (available at http://www.vmware.com/support/pubs/). To control console output to one page at a time by adding the | more suffix to the commands. For example:
esxcfg-vswitch –l | more

 Reference: http://vmware.com/files/pdf/vsphere-vnetwork-ds-migration-configuration-wp.pdf 

(See page 8)

2010/03/25

List of log files VMware vSphere ESX Classic version 4

Filed under: virtualization — Tags: , , , , , , , , — iben @ 11:02
The following log files contain information that needs to be track on a VMware vSphere ESX 4 Classic Host to be in compliance with many security standards and best practices such as CIS Benchmark, PCI-DSS, SOX section 404, HIPPA, CPNI, COSO, ISO 20001, COBIT, and so on.
You can use syslog or splunk lightweight forwarders for this purpose.

/var/log/vmkernel

/var/log/secure

/var/log/vmkwarning

/var/log/vmksummary

/var/log/vmksummary.txt

/var/log/messages

/var/log/vmware/*.log

/var/log/vmware/aam/*.log

/var/log/vmware/aam/*.err

/var/log/vmware/webAccess/*.log

/var/log/vmware/vpx/vpxa.log

/vmfs/volumes/*/*/*.log

 

Table with Explanation of files to log for VMware vSphere ESX Classic version 4

Component

Location

Purpose

 VMkernel

 /var/log/vmkernel

 Records activities related to the virtual machines and ESX

VMkernel warnings

/var/log/vmkwarning

Records activities with the virtual machines

VMkernel summary

/var/log/vmksummary

Used to determine uptime and availability statistics for ESX; comma separated

VMkernel summary human readable

/var/log/vmksummary.txt

Used to determine uptime and availability statistics for ESX; human‐readable summary

ESX host agent log

/var/log/vmware/hostd.log

Contains information on the agent that manages and configures the ESX host and its virtual machines

vCenter agent

 

/var/log/vmware/vpx/vpxa.log

Contains information on the agent that communicates with vCenter

Web access

Log all the files in the directory /var/log/vmware/webAccess/*.log
client.log, proxy.log, unitTest.log, viewhelper.log, objectMonitor.log, timer.log, updateThread.log

Records information on Web-based access to ESX
(service vmware-webAccess start on ESX host to enable this)

Authentication log

/var/log/secure

Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd.

Service Console

/var/log/messages

Contain all general log messages used to troubleshoot virtual machines or ESX

Virtual machines

The same directory as the affected virtual machine’s configuration files; named vmware.log and vmware‐*.log

/vmfs/volumes/<DS>/<VM>/vmware.log

/vmfs/volumes/<DS>/<VM>/vmware-*.log

Contain Virtual Machine Power Events, system crashes, Tools status and activity, Time Sync, Virtual Hardware changes, VMotion Migrations, Machine Clones,

Table  – List of ESX Host Files to Log

 

 

2009/10/22

VMware-ESX-versus-ESXi

Filed under: virtualization — Tags: , , , , , , , , — iben @ 12:06

From http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf <— look on page 98 or the VMware ESXi Configuration Guide

Network Attached Storage

ESX supports using NAS through the NFS protocol. The NFS protocol enables communication between an NFS client and an NFS server.

The NFS client built into ESX lets you access the NFS server and use NFS volumes for storage. ESX supports only NFS Version 3 over TCP.

You use the vSphere Client to configure NFS volumes as datastores. Configured NFS datastores appear in the vSphere Client, and you can use them to store virtual disk files in the same way that you use VMFS-based datastores.

*** NOTE: ESXi does not support the delegate user functionality that enables access to NFS volumes using non- root credentials.

Also see these links for more info on read only capabilities for different licenses.

http://partnerweb.vmware.com/comp_guide/docs/vSphere_Comp_Matrix.pdf

On the ViOPs site there is a comparison matrix of ESXi/ESX in case we’re asked ‘which one should I use?’.

VMware ESX and ESXi 4.0 Comparisonhttp://kb.vmware.com/kb/1015000

VMware ESX and ESXi 3.5 Comparison – http://kb.vmware.com/kb/1006543

RCLI is limited to read-only access for the free version of VMware ESXi. To enable full functionality of RCLI on a VMware ESXi host, the host must be licensed with VI Foundation, VI Standard, or VI Enterprise.

http://www.vmware.com/products/vsphere/buy/editions_comparison.html

Comparison of product offerings for vSphere 4.0 and VMware Infrastructure 3.X – http://kb.vmware.com/kb/1010579

2009/04/16

VMware ESX host command line configuration script

Filed under: Uncategorized — Tags: , , , , — iben @ 14:46

#customize esxXX by IR Date YYYYMMDD
# ESX host configuration script for company.com
# configure as needed for esxXX by changing IP addresses below…
# configure 4 nics for nfs storage
# nic 1 and 3 – cos1, vms, vmotion
# nic 2 and 4 – vmkernel for nfs storage
#

#configure SYSLOG
echo “*.* @syslog.site.company.com” >> /etc/syslog.conf
service syslog restart

# List current config
/usr/sbin/esxcfg-nics -l
/usr/sbin/esxcfg-vswitch -l

#creating virtual switches
/usr/sbin/esxcfg-vswitch -a vSwitch1
/usr/sbin/esxcfg-vswitch -L vmnic1 vSwitch1
/usr/sbin/esxcfg-vswitch -L vmnic3 vSwitch1
/usr/sbin/esxcfg-vswitch -L vmnic2 vSwitch0
#enable CDP advertise and listen mode
/usr/sbin/esxcfg-vswitch -b vSwitch0
/usr/sbin/esxcfg-vswitch -b vSwitch1
/usr/sbin/esxcfg-vswitch -B both vSwitch0
/usr/sbin/esxcfg-vswitch -B both vSwitch1
/usr/sbin/esxcfg-vswitch -b vSwitch0
/usr/sbin/esxcfg-vswitch -b vSwitch1

#creating portgroups
/usr/sbin/esxcfg-vswitch -A “ITG-VLAN2” vSwitch0
/usr/sbin/esxcfg-vswitch -A “PUBLIC-VLAN4” vSwitch0
/usr/sbin/esxcfg-vswitch -A “VMkVMotion-VLAN209” vSwitch0
/usr/sbin/esxcfg-vswitch -A “VMkStorage-VLAN207” vSwitch1
#/usr/sbin/esxcfg-vswitch -A “Service Console” vSwitch0
/usr/sbin/esxcfg-vswitch -A “Service Console 2” vSwitch0
/usr/sbin/esxcfg-vswif -a -i 10.102.8.111 -n 255.255.255.0 -p “Service Console 2” vswif1
/usr/sbin/esxcfg-vswitch -A “ESX-VLAN208” vSwitch0
/usr/sbin/esxcfg-vmknic -a -i 10.102.7.211 -n 255.255.255.0 VMkStorage-VLAN207
/usr/sbin/esxcfg-vmknic -a -i 10.102.9.211 -n 255.255.255.0 VMkVMotion-VLAN209
/usr/sbin/esxcfg-route -a 0.0.0.0/0 10.102.7.1
/usr/sbin/esxcfg-vswif -l
/usr/sbin/esxcfg-vmknic -l

vmware-vim-cmd hostsvc/net/vswitch_setpolicy –nicteaming-policy=loadbalance_ip vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –nicteaming-policy=loadbalance_ip vSwitch1
vmware-vim-cmd /hostsvc/net/vswitch_setpolicy –failurecriteria-check-beacon 0 vSwitch0
vmware-vim-cmd /hostsvc/net/vswitch_setpolicy –failurecriteria-check-beacon 0 vSwitch1
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-promisc=false vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-macchange=false vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-forgedxmit=false vSwitch0
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-promisc=false vSwitch1
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-macchange=false vSwitch1
vmware-vim-cmd hostsvc/net/vswitch_setpolicy –securepolicy-forgedxmit=false vSwitch1

#configuring vlans
/usr/sbin/esxcfg-vswitch -l
/usr/sbin/esxcfg-vswitch -v 2 -p “ITG-VLAN2” vSwitch0
/usr/sbin/esxcfg-vswitch -v 4 -p “PUBLIC-VLAN4” vSwitch0
/usr/sbin/esxcfg-vswitch -v 207 -p “VMkStorage-VLAN207” vSwitch1
/usr/sbin/esxcfg-vswitch -v 209 -p “VMkVMotion-VLAN209” vSwitch0
/usr/sbin/esxcfg-vswitch -v 208 -p “Service Console” vSwitch0
/usr/sbin/esxcfg-vswitch -v 208 -p “Service Console 2” vSwitch0
/usr/sbin/esxcfg-vswitch -v 208 -p “ESX-VLAN208” vSwitch0
/usr/sbin/esxcfg-vswitch -l

#delete vmnic1 from vSwitch0 (run these if necessary)
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “ITG-VLAN2” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “PUBLIC-VLAN4” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “VMkStorage-VLAN207” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “VMkVMotion-VLAN209” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “Service Console” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “Service Console 2” vSwitch0
#/usr/sbin/esxcfg-vswitch -N vmnic1 -p “ESX-VLAN208” vSwitch0

#add vmnics to each port group
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “ITG-VLAN2” vSwitch0
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “PUBLIC-VLAN4” vSwitch0
/usr/sbin/esxcfg-vswitch -M vmnic1 -p “VMkStorage-VLAN207” vSwitch1
/usr/sbin/esxcfg-vswitch -M vmnic3 -p “VMkStorage-VLAN207” vSwitch1
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “VMkVMotion-VLAN209” vSwitch0
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “Service Console” vSwitch0
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “Service Console 2” vSwitch0
/usr/sbin/esxcfg-vswitch -M vmnic2 -p “ESX-VLAN208” vSwitch0
/usr/sbin/esxcfg-vswitch -l

sleep 10

#setup vmotion on the first vmk network
#vmware-vim-cmd “hostsvc/vmotion/netconfig_get” (check config)
vmware-vim-cmd hostsvc/vmotion/vnic_set vmk1

#/usr/sbin/esxcfg-vswitch -l

vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-active=vmnic0 vSwitch0 “Service Console”
vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-standby=vmnic2 vSwitch0 “Service Console”
vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-active=vmnic0 vSwitch0 “Service Console 2”
vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-standby=vmnic2 vSwitch0 “Service Console 2”
vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-active=vmnic0 vSwitch0 “VMkVMotion-VLAN209”
vmware-vim-cmd /hostsvc/net/portgroup_set –nicorderpolicy-standby=vmnic2 vSwitch0 “VMkVMotion-VLAN209”

#adding Network Attached data store
/usr/sbin/esxcfg-nas -l
/usr/sbin/esxcfg-nas -a -o NAS1-ip -s /vol/vmw_datastore1 vmw_datastore1
/usr/sbin/esxcfg-nas -a -o NAS2-ip -s /vol/vmw_datastore2 vmw_datastore2
#/usr/sbin/esxcfg-nas -a -o NAS3-ip -s /vol/vol3_vmware_test nfs_vol_netapp
/usr/sbin/esxcfg-nas -l

#configure resolv.conf
/bin/cat /dev/null > /etc/resolv.conf
echo “nameserver ns1-ip” >> /etc/resolv.conf
echo “nameserver ns2.ip” >> /etc/resolv.conf
echo “search site.company.com” >> /etc/resolv.conf
cat /etc/resolv.conf

#configure hostname
vmware-vim-cmd hostsvc/net/dns_set –dns-hostname=esxXX
vmware-vim-cmd hostsvc/net/dns_set –dns-domainname=site.company.com

#configure NTP
/usr/sbin/esxcfg-firewall -e ntpClient
/usr/sbin/ntpdate -u ntp1.site.company.com
chkconfig –list ntpd
chkconfig –level 35 ntpd on
chkconfig –list ntpd
echo “restrict ntp1-ip mask 255.255.255.255 nomodify notrap noquery” >> /etc/ntp.conf
echo “server ntp1.site.company.com” >> /etc/ntp.conf
echo “restrict ntp2-ip mask 255.255.255.255 nomodify notrap noquery” >> /etc/ntp.conf
echo “server ntp2.site.company.com” >> /etc/ntp.conf
echo “restrict ntp3-ip mask 255.255.255.255 nomodify notrap noquery” >> /etc/ntp.conf
echo “server ntp3.site.company.com” >> /etc/ntp.conf
echo “driftfile /var/lib/ntp/drift” >> /etc/ntp.conf
echo “ntp1-ip” > /etc/ntp/step-tickers
echo “ntp2-ip” >> /etc/ntp/step-tickers
echo “ntp3-ip” >> /etc/ntp/step-tickers
service ntpd restart
hwclock –systohc

#configure SUDO

esxcfg-boot -g
esxcfg-boot -b

esxcfg-advcfg -s 32 /NFS/MaxVolumes

# make sure that NFS locks are not disabled
esxcfg-advcfg -s 0 /NFS/LockDisable

# this should already be set correctly, but just to make sure
esxcfg-advcfg -s 12 /NFS/HeartbeatFrequency

# this should also be set correctly already
esxcfg-advcfg -s 10 /NFS/HeartbeatMaxFailures

# increase the heap size. Default is 9.
esxcfg-advcfg -s 30 /Net/TcpIpHeapSize

# increase heap max. Default is 30.
esxcfg-advcfg -s 120 /Net/TcpIpHeapMax

#configure AD
/usr/sbin/esxcfg-auth –enablead –addomain=site.company.com –addc=DC-NAME.site.company.com
useradd IT1
useradd IT2
#useradd Administrator

#configure SNMP
/bin/cat /dev/null > /etc/snmp/snmpd.conf
echo “syscontact IT-TEAM-DL@company.com” >> /etc/snmp/snmpd.conf
echo “syslocation Company-Location” >> /etc/snmp/snmpd.conf
echo “rocommunity RO-String” >> /etc/snmp/snmpd.conf
echo “trapcommunity RO-String” >> /etc/snmp/snmpd.conf
echo “trapsink DELL-IT-Assistant-Server.site.company.com RO-String” >> /etc/snmp/snmpd.conf
echo “dlmod SNMPESX /usr/lib/vmware/snmp/libSNMPESX.so” >> /etc/snmp/snmpd.conf
echo “smuxpeer .1.3.6.1.4.1.674.10892.1” >> /etc/snmp/snmpd.conf

#install Dell OpenManage Agent
esxcfg-firewall -o 80,tcp,out,http
/usr/bin/lwp-download http://DELL-IT-Assistant-Server.site.company.com/OM_5.5.0_ManNode_A00.targz
tar -xvf OM_5.5.0_ManNode_A00.tar.gz
cd linux/supportscripts/
./srvadmin-install.sh -b -w -r -s
srvadmin-services.sh start
esxcfg-firewall -o 1311,tcp,in,OpenManageRequest

#test by going to https://esxXX.site.company.com:1311

# service mgmt-vmware restart # if needed

#end of script

Powered by WordPress