WilliamLam.com

Search Results for: kickstart

Easily automate ESXi 6.0 Active Directory join using domainjoin-cli

by // 9 Comments

A nice little enhancement that I recently came across in ESXi 6.0 is the inclusion of the Likewise utility called domainjoin-cli which allows you to join a system to an Active Directory Domain. Previously, if you wanted to automate the process of joining an ESXi host to an Active Directory Domain, you had to either manually configure it using the vSphere Web/Client, using Host Profiles or creating an external script using the vSphere APIs.

All of these options were mostly executed during the post-provisioning process and if you wanted to include Active Directory configuration as part of the provisioning process, you may have had to resort to something like calling into the vSphere MOB within a Kickstart script as I had shown back in 2011 in this article here. The solution I came up with was not ideal but it worked for those that did not want to have additional steps after initial provisioning.

With the domainjoin-cli utility now included in the ESXi Shell of ESXi 6.0, you easily automate the joining an Active Directory Domain with just a couple of lines added to your Kickstart or provisioning scripts. Before you can use the command-line utility, you will need to ensure the Likewise Service Manager Daemon is running by running the following two commands which will start the service and also ensure the service automatically starts up:

/etc/init.d/lwsmd start
chkconfig lwsmd on

esxi6_active_domain_join_1
Next, to join to your Active Directory Domain, you will need to specify the following 3 parameters:

  1. join - Specifying the operation is a join versus a leave
  2. AD Domain Name - Active Directory Domain to join
  3. AD Username - Active Directory username to join to the domain
  4. AD Password - Active Directory password to join to the domain (optional as you will be prompted if it is not specified)

Here is an example of what the command looks like joining my Active Directory Domain in my lab:

/usr/lib/vmware/likewise/bin/domainjoin-cli join primp-industries.com administrator [PASSWORD]

esxi6_active_domain_join_2
You should see a success message if the ESXi host was successfully joined to the Active Directory Domain and you will want to reboot your ESXi host for the changes to take full effect. This is definitely a simpler method to include into an ESXi Kickstart script to automate the joining of an Active Directory Domain and hopefully you will find this handy when using ESXi 6.0.

Quick Tip - vSphere MOB is disabled by default in ESXi 6.0

by // 9 Comments

Yesterday, I noticed an interesting error when trying to connect directly to the vSphere MOB on an ESXi 6.0 host. The following error message was displayed on the browser:

503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x4bf02038] _serverNamespace = /mob _isRedirect = false _pipeName =/var/run/vmware/proxy-mob)

vsphere-6.0-mob-disable-0
This was the first time I had noticed this as I normally use the vSphere MOB for debugging purposes or exploring the vSphere API. The vSphere MOB is also a quick an handy way to unregister vSphere Plugins when connecting to vCenter Server.

I did some further investigation and it turns out that in vSphere 6.0, the vSphere MOB will be disabled by default on an ESXi 6.0 host. The reason for this is to provide security hardening out of the box for ESXi versus having an administrator harden after the fact. If you are familiar with the vSphere Security Hardening Guides, you will recall one of the guidelines is to disable the vSphere MOB on an ESXi host and with vSphere 6.0, this is now done automatically for you. This information will also be documented as part of the vSphere 6.0 documentation when it GAs.

If you still need to access the vSphere MOB on an ESXi how, this of course can be re-enabled from the default. There is also a new ESXi Advanced Setting called Config.HostAgent.plugins.solo.enableMob which easily controls whether the vSphere MOB is enabled or disabled as seen in the screenshot below.

vsphere-6.0-mob-disable-1
You have the option of using either the vSphere C# Client as shown in the screenshot above or the vSphere Web Client to configure the ESXi Advanced Setting:

vsphere-6.0-mob-disable-3
You can also configure this property using the vim-cmd in the ESXi Shell.

Listing the ESXi Advanced Setting using vim-cmd:

vim-cmd hostsvc/advopt/view Config.HostAgent.plugins.solo.enableMob

vsphere-6.0-mob-disable-2
Configuring the ESXi Advanced Setting to true:

vim-cmd hostsvc/advopt/update Config.HostAgent.plugins.solo.enableMob bool true

If you prefer to automate this using PowerCLI or vSphere API, this can also be done. Below are two examples using the Get-VmHostAdvancedConfiguration and Set-VMHostAdvancedConfiguration PowerCLI cmdlets.

Listing the ESXi Advanced Setting using PowerCLI:

Get-VMHost 192.168.1.200 | Get-VmHostAdvancedConfiguration -Name Config.HostAgent.plugins.solo.enableMob | Format-List

vsphere-6.0-mob-disable-4.png
Configuring the ESXi Advanced Setting to true:

Get-VMHost 192.168.1.200 | Set-VMHostAdvancedConfiguration -Name Config.HostAgent.plugins.solo.enableMob  -Value True

If you rely on using the vSphere MOB on ESXi and would like this to be your default, I would recommend you update either your ESXi Kickstart or Host Profile to include this additional configuration so that you do not get like I did 🙂 If you only need to use the vSphere MOB on occasion or do not have a use for it at all, then leaving the default is sufficient.

Fun end of the year facts on virtuallyGhetto

by // Leave a Comment

I woke up at 6am this past Sunday for no apparent reason. Perhaps my body is preparing me for parenthood? In any case, I could not go back to sleep and started to think about some of the blogs I have written this past year on virtuallyGhetto (finishing its 5th year). With the year almost ending, I thought it would be cool to check out some of the statistics on virtuallyGhetto for this past year and share some of the fun facts with my readers. The data below is gathered by a WordPress plugin called Jetpack which is a must have for any bloggers using WordPress and the WP Statistics Plugin.

I would also like to take this moment and say thank you to all my sponsors for supporting virtuallyGhetto and most importantly I would like to say thank you to my readers. Thank you for your engagement whether that is a comment on my blog, a discussion on Twitter, an email describing a problem or just saying hi at a conference. Thank you to everyone who has shared interesting stories, challenges and unique use cases on how you use VMware products and continuing to help us improve our products. 2014 has been an amazing year and I look forward to all the exciting things coming in 2015 as well as continuing to share and contribute back to the community through my blog. If there are any topics that you would like to see me explore further or continue to explore next year, feel free to leave a comment or send me an email. I wish you a Happy Holidays tand have a fun and safe Happy New Years, see you all in 2015!

[Read more...]