Of particular interest would be around this area, where we temporarily unload the firewall so that updateflag can proceed.
# tell xCAT management server we are done installing
# have to put in the IP address instead of the hostname because VMware
# ESXi 4.1 can not resolve IP addresses...
cp /etc/resolv.conf.xcat /etc/resolv.conf
localcli network firewall unload
for param in `vsish -e cat /system/bootCmdLine|grep weasel`; do
if [ ${param%=*} = "ks" ]; then
param=${param#*//}
param=${param%%/*}
xcatd=$param
fi
done
echo -e "<xcatrequest>\n<command>nextdestiny</command>\n</xcatrequest>" | /bin/openssl s_client -quiet -connect $xcatd:3001 2>&1 | tee /tmp/foo.log
-----Dmitri Chebotarov <[email protected]> wrote: -----
To: xCAT Users Mailing list <[email protected]>
From: Dmitri Chebotarov <[email protected]>
Date: 09/28/2012 01:29PM
Subject: Re: [xcat-user] ESXi 5.1 with xCAT
From: Dmitri Chebotarov <[email protected]>
Date: 09/28/2012 01:29PM
Subject: Re: [xcat-user] ESXi 5.1 with xCAT
Hi
I'm not sure I can set/check firewall in %post steps.
hostd is not running on this step and 'esxcli network' commands fail (unable to connect).
I've found workaround (using wget and monitoring httpd access log on master to see when node finished installing) and I'll suffice for now.
If it's know that ESXi 5.1 works OK then I'll keep looking for a reason why openssl cannot connect.
This is KS script for ESXi 5.1, which fails on %post steps.
# kickstart script for esxi51
vmaccepteula
rootpw --iscrypted #CRYPT:passwd:key=vmware,username=root:password#
clearpart --alldrives --overwritevmfs
install --firstdisk --overwritevmfs
network --bootproto=static --addvmportgroup=false --device=#COMMAND:echo #TABLE:noderes:$NODE:primarynic#|sed s/eth/vmnic/g# --ip=#TABLE:hosts:$NODE:ip# --netmask=255.255.255.0 --gateway=<X> --nameserver=<X> --hostname=#TABLE:noderes:$NODE:node#
reboot
%post --interpreter=busybox --ignorefailure=false
echo "<xcatrequest>\n<command>nextdestiny</command>\n</xcatrequest>" | /bin/openssl s_client -connect #TABLE:noderes:$NODE:xcatmaster#:3001
%firstboot --interpreter=busybox
<... 1st boot steps...>
Thanks
On Sep 25, 2012, at 4:13 , Hans-Joachim Ehlers <[email protected]> wrote:
> Could it be a firewall issue on the ESX host ?
>
> Can you execute something like "esxcfg-firewall --allowOutgoing" within your kickstart file ?
>
> Cheers
> Hajo
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
--
Thank you,
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
I'm not sure I can set/check firewall in %post steps.
hostd is not running on this step and 'esxcli network' commands fail (unable to connect).
I've found workaround (using wget and monitoring httpd access log on master to see when node finished installing) and I'll suffice for now.
If it's know that ESXi 5.1 works OK then I'll keep looking for a reason why openssl cannot connect.
This is KS script for ESXi 5.1, which fails on %post steps.
# kickstart script for esxi51
vmaccepteula
rootpw --iscrypted #CRYPT:passwd:key=vmware,username=root:password#
clearpart --alldrives --overwritevmfs
install --firstdisk --overwritevmfs
network --bootproto=static --addvmportgroup=false --device=#COMMAND:echo #TABLE:noderes:$NODE:primarynic#|sed s/eth/vmnic/g# --ip=#TABLE:hosts:$NODE:ip# --netmask=255.255.255.0 --gateway=<X> --nameserver=<X> --hostname=#TABLE:noderes:$NODE:node#
reboot
%post --interpreter=busybox --ignorefailure=false
echo "<xcatrequest>\n<command>nextdestiny</command>\n</xcatrequest>" | /bin/openssl s_client -connect #TABLE:noderes:$NODE:xcatmaster#:3001
%firstboot --interpreter=busybox
<... 1st boot steps...>
Thanks
On Sep 25, 2012, at 4:13 , Hans-Joachim Ehlers <[email protected]> wrote:
> Could it be a firewall issue on the ESX host ?
>
> Can you execute something like "esxcfg-firewall --allowOutgoing" within your kickstart file ?
>
> Cheers
> Hajo
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
--
Thank you,
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
