Deploying ESX 3.0.0 with RDP 3.00

Deploying VMware ESX Server 3.0.0 in RDP 3.00

Updated June 29th, 2006. Future updates may be found at http://www.brianshouse.net/hp/.

This HOWTO will describe the steps necessary to set up VMware ESX Server 3.0.0 in HP's Rapid Deployment Pack 3.00. By following the steps outlined here, you should be able to successfully deploy any number of statically-configured ESX installs to ProLiant servers using the automated deployment framework provided by the Rapid Deployment Pack, including unique hostnames, IP addresses, and licensing configuration for each server.

NOTE: Due to the delayed release of VMware's Virtual Infrastructure 3.0, the RDP product development team did not have sufficient time to develop full support for ESX 3.0.0 as a deployed OS. This document provides a temporary workaround for deploying ESX 3.0 using RDP 3.00, until such time as Altiris and HP provide official support for ESX 3.0 deployment in a future release of Rapid Deployment Pack. I have tried to keep as close as possible to the syntax and methods the product team are either currently using for ESX 2.x deployments, or are likely to use in future releases, but this method is still highly customized, and should only be attempted by customers with a high level of comfort with Rapid Deployment Pack.

Some things you should be aware of:

Due to the changes in the Service Console architecture in ESX 3, the Altiris Deployment Linux Agent, adlagent, does not properly discover and report the MAC address of the primary physical NIC of the host server (exposed to the new Service Console as vmnic0). In fact, it doesn't report any MAC address at all. This has the side effect of not enabling the Deployment Server to instruct the PXE Server to listen to a specific MAC address to trigger the target to boot into the correct automation environment. You will need to interact with the console and catch the PXE boot F8 prompt, selecting the "Linux Managed" option, to rebuild a server.
The default ESX firewall configuration will not allow the adlagent service to connect to the deployment server or transfer files, unless explicitly configured to do so (see the %post section of the example kickstart file below). In addition, the Deployment Server must be configured to use a specific known port for file transfers, instead of the default dynamically-chosen port. This port will need to be referenced in the kickstart file.
The Altiris Deployment Server's capability to query a VirtualCenter server for information about VMs does not support VirtualCenter 2 in native mode. You might have better luck if you select the option to support legacy VirtualCenter connections during VC2 installation.
VMware's support for unattended scripted installation of ESX 3.0.0, to put it politely, needs additional refinement. Certain things that used to work properly in ESX 2.5.3 kickstarts don't in ESX 3.0.0 (like VMFS filesystem creation), some things that should be allowed aren't (like creating non-root user accounts and changing the Service Console memory size), and some things that should be simple (like NIC assignments to vSwitches) are far from it. This necessitates some rather irritating scripted workarounds in the post-installation section. Here's hoping that VMware eventually makes this easier.

This document could not have existed this quickly without the efforts and assistance of Shawn K. from the HP Alliance Engineering team, and Chris G. from the RDP product development team.

OBLIGATORY DISCLAIMERS:
This is NOT an official HP or Altiris publication.
This is not intended to replace the installation guides or manuals, so if you're not sure about something referenced here, RTFM.
I make no guarantees that any of this will work for you, as your mileage may vary according to your particular needs.
Some of the modifications contained in this HOWTO may not be officially supported by HP or Altiris, so don't say you weren't warned.
The opinions expressed in this document are entirely my own, and do not reflect those of HP, Altiris, VMware, or the product development teams thereof.
I don't write the software itself, nor am I on the development team, so please don't write to me for bug reports, support or product feature requests - I'm busy enough figuring this stuff out already.
There's a nice RDP knowledgebase here, and support forum here if you need additional assistance.

1. What You Will Need:

An HP Rapid Deployment Pack 3.00 deployment server, and a sufficient number of licenses for target systems, configured during installation to include the stock VMware ESX Server 2.5.3 deployment support.
A working PXE environment. Automation doesn't work too well if you have to do the floppy shuffle every time you need to build a server.
An HP Systems Insight Manager 4.2 or higher central management server (if you don't use SIM, start using it. It's free, and without it, you don't always know if something is wrong in your hardware environment.)
Some ProLiant ML/DL 300, 500, or 700 series or BL p-Class or c-Class servers to deploy to (make sure they are on the ESX 3 system compatibility list on VMware's website before you buy them!)
You will need either direct control over the zoning and storage presentation of SAN storage to your hosts, or collaboration with a SAN administration team. This is necessary to make sure that no existing LUNs are presented to the target hosts during deployment.

WARNING! - WARNING! - WARNING!

DO NOT connect, or leave connected, any SAN volumes to any server while being deployed or redeployed by Rapid Deployment Pack.

Both the Linux and WinPE pre-boot environments will enumerate the SAN volumes ahead of any on-board drives, with the result that the default behavior of the Altiris RDeploy client to drop an image on the primary drive will result in the complete loss of the partition table and file system on the first SAN volume! The only way to avoid this is to know exactly how many SAN volumes will be presented to your target system, and to modify the Distribute Disk Image tasks to reference the correct logical drive number of the first locally-attched drive. Since this is impossible to predict, there is no way to provide a "fail-safe" configuration for the stock jobs included with RDP.

So, make sure to un-zone or un-present any SAN volumes to any server you will deploy or redeploy with RDP.

You have been warned.

A decent text editing program for Windows that understands UNIX text formatting. I recommend Notepad++, available from http://notepad-plus.sourceforge.net.
An SSH (secure shell) client for Windows. I recommend PuTTY. Also, a Windows graphical SCP (secure copy, which uses SSH to transfer files between hosts) client like WinSCP is helpful.
An archive utility (like WinRAR) which can understand .tgz (or "tarball") compression formats.
A general clue about how VMware ESX Server works, as well as the RedHat kickstart process, which ESX server network installation is based on.
An existing deployed ESX Server machine will help to provide an encrypted password string for the config file, but this is not critical.
A spreadsheet program (Excel or similar) that will allow you to easily edit CSV files will aid greatly in populating the data base for mass deployments.

2. Prepare the eXpress share for ESX 3.0.0 Deployment

The deployment server must be set up to provide access to the ESX 3.0.0 OS installation files.

Create a directory named "vmesx300" under the lib\osdist directory under the eXpress share, and make sure that the IUSR_COMPUTERNAME user account has read access to it.
Copy the contents of the ESX Server 3.0.0 installation CD-ROM into this directory.

3. Configure the Kickstart File

We now need to create a kickstart file with appropriate syntax for ESX 3.0.0 that will be used for our deployments. We will use some of the syntax conventions used for the existing ESX 2.5.3 kickstart file, combined with syntax from VMware's VI3 Installation and Upgrade Guide.

NOTE: When editing text files that will be parsed by Linux-based scripting or deployment utilities like the installation programs for Linux and VMware ESX Server, the files must be saved with the correct UNIX-style text formatting style to prevent the parsing program from choking on extra escape characters present in MS-DOS-style text formatting. None of the editors included with Windows will properly save these files. Find a Windows text editor (no, not Word - think outside the box, will you?) that will understand and preserve UNIX text formatting. A good one (which I sometimes use to edit this HOWTO) is Notepad++, a free, open source editor with language syntax highlighting and many other nice features, available from http://notepad-plus.sourceforge.net.

Create a directory named "vmesx300" under the lib\osconfig directory under the eXpress share, and make sure that the IUSR_COMPUTERNAME user account has read access to it.

OPTIONAL: To provide the proper root account password and have it encrypted within the kickstart file, you can obtain the existing root password from a previously-built ESX server by running an SSH session (PuTTY is your friend...) to the ESX Server and copying the encrypted password string from the /etc/shadow file, like so (the command to input is in bold below):

login as: root
root@esxserver's password:
Last login: Mon Aug 8 01:34:33 2005
[root@esxserver root]# cat /etc/shadow | grep root
root:$1$9AhIo0QH$U4.lMEa4KBB/Q5kGXyV2F9:12884:0:99999:7:::
[root@esxserver root]#

The string of gibberish text between the first and second colon in the output from the /etc/shadow file (bold and highlighted in red in the example above) is the MD5 hash of the root user's password on the ESX server. Copy the string to the clipboard from your SSH session, and paste it into your config file (see below) to replace "password" in the rootpw directive line. To signify to anaconda that the string is the actual encrypted hash of the plaintext password, and not the plaintext itself, you will need to add "--iscrypted" to the line before the value, as illustrated in this example:
rootpw --iscrypted $1$9AhIo0QH$U4.lMEa4KBB/Q5kGXyV2F9

NOTE: The default security settings in ESX Server 3.0.0 will not allow the root user to log in via SSH. There are two workarounds for this: The first, and most secure, is to create a normal user account that can be used for the initial SSH access, and use "su" to then gain root access once the session is established. The second, less secure, method is to log in at a physical console (with an Alt-F1), and change the following line in the /etc/ssh/sshd_config file to look like this: PermitRootLogin yes

Create a new UNIX-formatted text file called "default.cfg" under the newly-created <eXpress share>\lib\osconfig\vmesx300 directory, with syntax similar to the following (The embedded comments in red text below are not required, but provided for additional explanation):

#ESX 3.0.0 Kickstart File

# Installation Method
# This follows the syntax from the existing ESX 2.5.3 kickstart file in RDP
# The SQL query in the % symbols will evaluate to the RDP server's IP address during Altiris token replacement
url --url ftp://anonymous:rdp@%#*"select tcp_addr from aclient_prop where computer_id=0"%/dslib/osdist/vmesx300

# root password
# either Encrypted (use "mkpasswd -H md5 " on a Linux system, 
# or pull from an existing ESX server's /etc/shadow file between colons) - 
# The MD5-encrypted string below is for "password":
#rootpw --iscrypted $1$MRMN1nFH$PAHncVeTgCrI0GXVUdBiJ0
# or Plaintext:
rootpw password

# Authentication config
# Turns on shadow suite and uses long encrypted passwords
auth --enableshadow --enablemd5

# BootLoader ( ESX uses 'grub' )
# Runs from within the master boot record of the boot drive
bootloader --location=mbr

# Timezone
# See /usr/share/zoneinfo for complete list
# Common US timezone names can be used, e.g.:
# US/Hawaii, US/Alaska, US/Pacific, US/Mountain, US/Central, US/Eastern
# Special US timezones for US/Arizona, US/East-Indiana, US/Indiana-Starke, US/Michigan
# Always use the "--utc" option, so the hardware clock uses UTC, preventing double-shifts for DST
timezone --utc US/Pacific

# X windowing System - not used in ESX
skipx

# Install or Upgrade
install

# Text Mode setup wizard
text

# Network install type
# Create a default network for Virtual Machines
# This will use hijacked Netware configuration fields populated for the host in the Altiris database to provide a static address
# The DNS hostname is provided via token replacement of the SQL query
network --bootproto static --ip=%NWSERVER% --gateway=%NWTREE% --netmask=%NWCONTEXT% --nameserver= --hostname %#*"select replace([name],' ','') from computer where computer_id={ID}"% --addvmportgroup=1 --vlanid=0

# Language
lang en_US

# Language Support
langsupport --default en_US

# Keyboard layout
keyboard us

# Mouse
mouse none

# Reboot after install ?
reboot

# Firewall settings
firewall --disabled

# Clear partitions
clearpart --all --initlabel --drives=%hddevice%

# Partitioning
# Warning, the order of these lines determines placement on the disk!
# Based on best practice recommendations
# %hddevice% will be defined by the lib\bin32\linux\vmesx.sh script prior to file placement
# 100MiB boot partition first
part /boot --size 100 --fstype ext3 --ondisk %hddevice%
# Root filesystem partition - default is ~5GiB, can be made larger if desired
part / --size 5000 --fstype ext3  --ondisk %hddevice%
# Swap partition (~2x Service Console RAM allocation, Linux kernel maximum of 2048MiB)
part swap --size 1024 --fstype swap  --ondisk %hddevice%
# System log partition - always break out.
part /var/log --size 2000 --fstype ext3 --ondisk %hddevice%
# /tmp partition - always break out.
part /tmp --size 2000 --fstype ext3 --ondisk %hddevice%
# Local VMFS partition (not used much in shared SAN environments)
# First argument must be "None" or install will halt
# Minimum size for a VMFS3 volume is 1200MiB
# This only creates the partition, you must create the filesystem later
part None --size 10000 --grow --fstype vmfs3  --ondisk %hddevice%
# vmkernel core dump partition - must be 100MiB
# First argument must be "None" or install will halt
# Must keep this as the last line in partitioning section, to place at the end of the disk
part None --size 100 --fstype vmkcore  --ondisk %hddevice%

# VMware-specific licensing commands
# must accept EULA, or install will halt
vmaccepteula
# Using served licenses from VI3 License Server
vmlicense --mode=server --server=27000@192.168.1.30 --edition=esxFull --features=vsmp,backup


%packages
@base


%post

# Download the altiris agent binaries during post
# FTP server evaluates to RDP server's IP address during token replacement
ftpip=%#*"select tcp_addr from aclient_prop where computer_id=0"%
# Transfer Altiris Linux agent, adlagent
mkdir /tmp/altiris
cd /tmp/altiris
# Perform ftp transfer
ftp -n <<EOF2
open $ftpip
user anonymous rdp
cd /dslib/osoem/altiris
binary
prompt
# Download x86 adlagent
mget altiris*.i386.bin
# Download custom adlagent config if it exists
mget adlagent.conf.custom
exit
EOF2

# create script to install adlagent (called by rc.local)
cat > /tmp/altiris/hpinstall.sh <<\EOF1
#!/bin/bash
# Script to install adlagent.  Is called from rc.local.
export AltirisConfDir=/opt/altiris/deployment/adlagent/conf
cd /tmp/altiris
chmod +x altiris-adlagent*.bin
./altiris-adlagent*.i386.bin 1>>/root/install.rdp.log 2>>/root/install.rdp.log
# Install adlagent custom configuration
if [ -e adlagent.conf.custom ]; then
   mv $AltirisConfDir/adlagent.conf $AltirisConfDir/adlagent.conf.bak
   cp -f adlagent.conf.custom $AltirisConfDir/adlagent.conf
fi
mv -f /etc/rc.d/rc.local.sav /etc/rc.d/rc.local
/etc/init.d/adlagent restart
EOF1

# make hpinstall.sh executable
chmod +x /tmp/altiris/hpinstall.sh

#####################################################
### Create script to configure ESX at first boot  ###
#####################################################
cat > /tmp/esxcfg.sh <<\EOF3
#!/bin/sh
# Configure ESX Server

# Create new vmfs3 volume on designated partition
# First, determine the partition number (assumes SmartArray)
export VMFS_PARTITION=`fdisk -l /dev/cciss/c0d0 | grep fb | sed -e "s/\/dev\/cciss\/c0d0p\(.\).*/\1/"`
# Now we make a VMFS3 volume on that partition
vmkfstools -C vmfs3 -S localvmfs vmhba0:0:0:$VMFS_PARTITION

### Firewall configuration
# We need to enable adlagent port and file transfer port
# You need to set a static port ("4321" in this example) for file transfer in the deployment
# console under Tools->Options->Global
esxcfg-firewall --openPort 402,tcp,out,adlagent
esxcfg-firewall --openPort 4321,tcp,out,adlagentFileTransfer

### Configuration Examples
# Uncomment and/or modify the example lines below to use in your configuration

# Setup your VMkernel and Virtual Machine networking:

# EXAMPLE: Add VMotion portgroup
esxcfg-vswitch --add-pg=VMotion vSwitch0

# EXAMPLE: Make VMotion portgroup part of VMKernel stack
# Remember to enable VMotion on this interface using the VI Client!
# IP address can be obtained from the Windows licensing user field during token replacement
#esxcfg-vmknic --add --ip %#!computer@lic_os_user% --netmask 255.255.255.0 VMotion

# EXAMPLE: Setup the VMkernel IP Stack default gateway
# GW address can be obtained from the Windows licensing organization field during token replacement
#esxcfg-route %#!computer@lic_os_org%

# EXAMPLE: Create production vSwitch using remaining physical NICs and default portgroup(s)
#esxcfg-vswitch --add prodSwitch
#export VMNICS=`esxcfg-nics --list | sed -e '1d' -e '/vmnic0/d' | awk '{print $1}'`
#for i in $VMNICS; do esxcfg-vswitch --link=$i prodSwitch; done
#esxcfg-vswitch --add-pg=defaultProd prodSwitch
# or
#esxcfg-vswitch --vlan=1 -p defaultProd prodSwitch

# EXAMPLE: Create private vSwitch and default portgroup
#esxcfg-vswitch --add privateSwitch
#esxcfg-vswitch --add-pg=defaultPrivate privateSwitch
# or
#esxcfg-vswitch --vlan=11 -p defaultPrivate privateSwitch

# SSH Access:

# EXAMPLE: Create additional user account for SSH access
# The encrypted password is 'password'
useradd -p '$1$MLsmTO/Q$A8QI139I.QqRVVjXPYfDU1' -c "Guest Account" guest

# EXAMPLE: Enable root login via SSH
# WARNING: This is not the most secure course of action!
#sed -e 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new
#mv -f /etc/ssh/sshd_config.new /etc/ssh/sshd_config
#/etc/init.d/ sshd restart

EOF3

# make configuration script executable
chmod +x /tmp/esxcfg.sh

#####################################################

# save a copy of rc.local
cp /etc/rc.d/rc.local /etc/rc.d/rc.local.sav

# add hpinstall.sh and esxcfg.sh to rc.local
cat >> /etc/rc.d/rc.local <<EOF
cd /tmp
/tmp/esxcfg.sh
cd /tmp/altiris
/tmp/altiris/hpinstall.sh
EOF

A note about Altiris token replacement

Altiris eXpress Deployment Server has the ability to search through text files and replace custom tokens with information from its database. By specifying the tokens listed above, we can have the deployment server pre-populate the kickstart file with the appropriate values from the database for that target server. The reason I am using the NetWare- and Windows licensing- specific tokens instead of the default IP configuration tokens is that when the target system is brought up in DOS/Linux/WinPE prior to OS deployment, these fields are often overwritten with the current values obtained from the Bootworks client, e.g., a DHCP-assigned address, while the NetWare-specific tokens are normally applied to Windows hosts after the OS is installed. Since the Altiris client cannot tweak NetWare or Windows Licensing settings on a Linux or ESX host, we can safely hijack these fields in the database for our own purposes, and they will remain in the database after deployment.

4. Modify the Altiris Jobs

Now that we have a customized kickstart file with tokens for Altiris to replace, we will need to make copies of the existing ESX 2.5.3 Altiris jobs from the ProLiant Integration Module, and modify them to deploy ESX 3.0.0.

In the Jobs pane of the Deployment Server console, expand the "Server Deployment Toolbox / 2B - OS Installation (Scripted)" folder tree.
Right-click and copy the "Deploy VMware ESX 2.5.3 (ProLiant ML/DL/BL) {LinuxPE}" job.
Right-click the parent folder, "2B - OS Installation (Scripted)", and paste the job. It will be pasted as "Copy of <job name>".
Rename the new copy of the job as "Deploy VMware ESX 3.0.0 (ProLiant ML/DL/BL) {LinuxPE}".
Select the new job to edit its properties:
- Select and modify the "Create Boot Environment" Run Script task.
- Replace each of the three references to "vmesx253" with "vmesx300", so that the resulting syntax looks like:
  # Create Boot Environment # replacetokens .\lib\osconfig\vmesx300\default.cfg .\lib\osconfig\vmesx300\%ID%.cfg export dist=vmesx300 export unattendfile=%ID%.cfg /mnt/ds/lib/bin32/linux/vmesx.sh
In the Jobs pane of the Deployment Server console, expand the "Server Deployment" folder.
Right-click and copy the "Deploy ProLiant ML/DL/BL + VMware ESX 2.5.3 + PSP{LinuxPE}" job.
Right-click the parent folder, "Server Deployment", and paste the job. It will be pasted as "Copy of <job name>".
Rename the new copy of the job as "Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE}".
Select the new job to edit its properties:
- Select and modify the "Create Boot Environment" Run Script task.
- Replace each of the three references to "vmesx253" with "vmesx300", so that the resulting syntax looks like:
  # Create Boot Environment # replacetokens .\lib\osconfig\vmesx300\default.cfg .\lib\osconfig\vmesx300\%ID%.cfg export dist=vmesx300 export unattendfile=%ID%.cfg /mnt/ds/lib/bin32/linux/vmesx.sh

5. Download and Configure the Management Agents

In order to provide ProLiant hardware monitoring and instrumentation, we will need to download and configure the ProLiant Management Agents version 7.51a for VMware ESX.

Download the HP Insight Manager Agents for VMware ESX Server version 7.51a tarball from http://h18023.www1.hp.com/support/files/server/us/download/24882.html.
Create a directory under the <eXpress share>\lib\software\ directory, named "ProLiant Support Pack Z.ZZ for VMware ESX 3.0", and extract the files from the .tgz tarball into this directory.
Copy the rdpinstall.sh file from the <eXpress share>\lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 2.5 directory to the new ProLiant Support Pack Z.ZZ for VMware ESX 3.0 directory.
Open the <eXpress share>\lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0\hpmgmt.conf.example file in a UNIX-savvy text editor, and edit the values for the variables to reflect the correct SNMP community strings, management station IP addresses, and trap destinations. Save the file as "rdpinstall.dat"
Copy the ".dtfSshKey.pub" file from the C:\Program Files\HP\Systems Insight Manager\config\sshtools directory on your HPSIM CMS, and place it into the lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0\ directory as a file named "authorized_keys2". This is the SSH host public key that is used for Distributed Task Facility connections (e.g., VMM agent deployments).

OPTIONAL: If you use any custom settings for the System Management Homepage in the 7.20 and higher agents (including additional OS security groups as Administrator-level logins to the homepage, for example), create a new file named "smhpd.xml" in the same directory that will eventually be copied during the job into the /opt/hp/hpsmh/conf directory on the target system, with the following syntax:
<?xml version="1.0" encoding="UTF-8"?> <system-management-homepage> <admin-group></admin-group>  <operator-group></operator-group>  <user-group></user-group>  <allow-default-os-admin>true</allow-default-os-admin> <anonymous-access>false</anonymous-access> <localaccess-enabled>false</localaccess-enabled> <localaccess-type>Anonymous</localaccess-type>  <trustmode>TrustByCert</trustmode>  <xenamelist></xenamelist>  <ip-binding>false</ip-binding> <ip-binding-list></ip-binding-list>  <ip-restricted-logins>false</ip-restricted-logins> <ip-restricted-include></ip-restricted-include>  <ip-restricted-exclude></ip-restricted-exclude>  </system-management-homepage>

OPTIONAL: The HP Insight Management Agents and HP Systems Insight Manager will allow you the option of automatically importing the HP SIM central management server's trusted SSL key into the managed node's System Management Homepage upon the first single-signon attempt from the HP SIM console to the managed node's SMH. However, if you wish to pre-populate the Systems Insight Manager central management server's trusted SSL key during deployment of the new managed node, then you can do the following: In your HPSIM web console, go to Options -> Security -> Certificates -> Server Certificate, and export the desired certificate as "<servername>.pem" into the lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0\ directory.
In the Jobs pane of the Deployment Server console, expand the "Server Deployment Toolbox / 3 - Post-OS Configuration" folder tree.
Right-click and copy the "Install VMware ESX 2.5.3 ProLiant Support Pack (latest)" job.
Right-click the parent folder, "3 - Post-OS Configuration", and paste the job. It will be pasted as "Copy of <job name>".
Rename the new copy of the job as "Deploy VMware ESX 3.0.0 ProLiant Support Pack (latest)".
Select the new job to edit its properties:
- Select and modify the "Copy File to" task.
- Change the Source path to ".lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0".
- Add a Run Script task (Linux-based!) immediately after the "Copy File to" task, with the following syntax: # Populate HPSIM Trust Certificate and SSH Key cd /opt/altiris/deployment/adlagent/tmp/lsp mkdir -p /opt/hp/hpsmh/certs cp *.pem /opt/hp/hpsmh/certs/ chown -R 79:79 /opt/hp/hpsmh/ mkdir -p /root/.ssh/ cp authorized_keys2 /root/.ssh/ chmod 700 /root/.ssh/
In the Jobs pane of the Deployment Server console, expand the Server Deployment folder, and select the Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE} job to edit its properties:
- Select and modify the "Copy File to" task.
- Change the Source path to ".lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0".
- Add a Run Script task (Linux-based!) immediately after the "Copy File to" task, with the following syntax: # Populate HPSIM Trust Certificate and SSH Key cd /opt/altiris/deployment/adlagent/tmp/lsp mkdir -p /opt/hp/hpsmh/certs cp *.pem /opt/hp/hpsmh/certs/ chown -R 79:79 /opt/hp/hpsmh/ mkdir -p /root/.ssh/ cp authorized_keys2 /root/.ssh/ chmod 700 /root/.ssh/

6. (Optional) Set Up Lights-Out Configuration

We can piggyback on the deployment job that deploys ESX Server and the ProLiant Support Pack to provide configuration of the iLO as well:

Download the HP Lights-Out Online Configuration Utility for Linux, and save the .rpm file in the <eXpress share>\lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0 directory.
Add a Run Script task (Linux-based!) to the end of the task list in the Server Deployment / Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE} job, with the following syntax:
#Install iLO Configuration Utility cd /opt/altiris/deployment/adlagent/tmp/lsp rpm -Uvh --nopre hponcfg-*.rpm >/root/hponcfg_install.log 2>/root/hponcfg_install.log
Download the latest iLO Online ROM Flash component for Linux, and save the .scexe file in the <eXpress share>\lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0 directory.
Add a Run Script task (Linux-based!) to the end of the task list in the Server Deployment / Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE} job, with the following syntax (change the version number and the name of the .scexe file to reflect the ones you have):
#Upgrade iLO Firmware 1.84 cd /opt/altiris/deployment/adlagent/tmp/lsp chmod +x CP*.scexe ./CP006488.scexe -s -f >/root/iLOfirmware.log 2>/root/iLOfirmware.log sleep 60s
Using the Integrated Lights-Out Management Processor Scripting & Command Line Resource Guide as a reference, create a custom XML file to configure the desired settings on new iLO management processors, and save that file in the <eXpress share>\lib\software\ProLiant Support Pack Z.ZZ for VMware ESX 3.0 directory.
Add a Run Script task (Linux-based!) to the end of the task list in the Server Deployment / Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE} job, with the following syntax (change the name of the XML file to reflect the one you have):
#Configure iLO cd /opt/altiris/deployment/adlagent/tmp/lsp hponcfg -f iLOconfig.xml -m 1.80 -l /root/iLOconfig.log -v

You might want to rename the job to "Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP + iLO{LinuxPE}", since now it includes configuring the iLO as well.

7. Preparing For A New Server Deployment (Single Or Few Servers)

Before booting up one (or a few) new server(s) for ESX server deployment, create an entry in the database for it pre-populated with the various information required for the deployment:

In the Deployment Server console, select File -> New -> Computer...
Click the Add... button to add a new entry for each computer.
Fill in the following info into the following fields in their respective screens:

General
- Name: fill in the first part of the desired DNS host name for the new server, e.g., "esx01"
- Serial Number: Provide the serial number of the physical target server to become this ESX host
- Computer Name: Provide the same string as in the "Name" field
NetWare Client
- Uncheck "Ignore NetWare settings"
- Preferred Server: IP address of the target system
- Preferred Tree: IP address of the default gateway machine for the target host's subnet
- NDS Context: Subnet mask for the target host's subnet
OS Licensing
- Registered User: The vmkernel IP address for this host (only needed if referenced in the kickstart file)
- Organization: The vmkernel's default gateway address for this host (only needed if referenced in the kickstart file)

Click OK to save the system.
Add more systems if desired.
Click OK at the computer list screen to add the record to the database.
Drag-and-drop the Server Deployment / Deploy ProLiant ML/DL/BL + VMware ESX 3.0.0 + PSP{LinuxPE} job onto the new computer icon(s) in the deployment console.

When the system is booted for the first time, it will PXE boot and register with the Altiris server (provided you set up everything properly with your PXE configuration), and start running the deployment job.

8. Preparing For Mass Deployments (Many Servers)

Using a spreadsheet program, open the template CSV text file <eXpress share>\Samples\ImportComputer55.txt.

Create a new line for each machine to be deployed, filling in the values for the following columns:

Name (DNS short hostname)
Serial Number (Actual serial number of the target)
Computer Name (same value as Name)
Preferred Server (IP address)
Preferred Tree (Default gateway)
NDS Context (Subnet mask)
User (vmkernel IP address)
Organization (vmkernel default gateway address)

Save the file, and use the following steps to import the data:

In the Deployment Server console, select File -> New -> Computer...
Click the Import button to browse to the location of the CSV file.
The CSV import should result in a list of new machines obtained from the file. Click OK to finalize the import of all of the new computers.

Drag and drop the deployment job onto the new systems in the same manner as the single-computer import described above.