We are looking to update our customer offices to WG7. This comprises of about 400 sites. Is there some sort of automated deployment guide available? We are going to be using a generic config on all of the servers, and would like to have some way we can automaticly deploy these servers set things like the IP address, subnet, Gateway, DNS servers, root password, SSH access and pull a basic config on to them. The servers will be running ESXi4 and the customer will have no access to this.
Thanks for any suggestions,
When you say 400 Sites, do you mean 400 different ESXi servers?
Or will there be multiple MWG instances on fewer ESXi servers?
There may be a couple of approaches you can take. One would be the use of a PXE server, the other would be the use of a config.zip file.
With both, you can create a unique configuration file that is read in during the first boot to assign IP addresses, DNS, etc.
This would be 400 seprate ESXi instances. I think the config.zip would be the bettrer approch for us as we do not have the infrastructure in place to support PXE (we dont control DHCP in any of the 400 sites and it is unrealistic to get them all to conform to somethgin we could depend on)
Can you provide more info as to how I would do the config.zip approch?
Mount USB during boot of the instance. Thumbdrive shall contain a file named config.zip, which contains two files:
The config.zip supplied by netconfig or by placing it onto the USB stick is applied is extracted on first boot into the initial configuration folder of coordinater's storage.
The contents might look like this:
<?xml version='1.0' encoding='UTF-8'?>
<globalConfiguration name="Network" defaultRights="2" id="com.scur.engine.appliance.network.configuration" templateId="com.scur.template.engine.appliance.network" targetId="com.scur.engine.appliance.network">
<configurationProperty type="com.scur.type.string" key="network.interfaces" value="
<list version="1.0" systemList="false" structuralList="false" defaultRights="2">
<configurationProperty type="com.scur.type.string" key="name" value="eth0"/>
<configurationProperty type="com.scur.type.string" key="settingsV4" value="static"/>
<configurationProperty type="com.scur.type.string" key="enabled" value="true"/>
<configurationProperty type="com.scur.type.string" key="settingsV6" value="disabled"/>
<configurationProperty type="com.scur.type.string" key="gatewayV4" value="YOUR GATEWAY IP HERE"/>
<configurationProperty type="com.scur.type.string" key="gatewayV6" value=""/>
<configurationProperty type="com.scur.type.string" key="addressV4" value="YOUR IP HERE"/>
<configurationProperty type="com.scur.type.string" key="subnetMaskV4" value="YOUR MASK HERE"/>
<configurationProperty type="com.scur.type.string" key="addressV6" value=""/>
<configurationProperty key="network.hostname" type="com.scur.type.string" value="YOUR HOSTNAME HERE"/>
<?xml version='1.0' encoding='UTF-8'?>
<globalConfiguration name="DNS" defaultRights="2" id="com.scur.engine.appliance.dns.configuration" templateId="com.scur.template.engine.appliance.dns" targetId="com.scur.engine.appliance.dsn">
<configurationProperty key="network.dns.server1" type="com.scur.type.string" value="YOUR DNS IP HERE"/>
Alternatively, you could simply use DHCP for the initial boot and then setup options by hand! You should be able to get the info out of the VSphere console in terms of IP.
You mention that the config can be supplied by netconfig, can you elaborate further on this? I’m hoping this is a way to pull it down from a web server as USB sticks in the servers are not going to be practical.
The project requires that we can hand the customer a DVD that will boot up and leave them with a running, fully configured, server.
To do this our plan is to install a clone of ESXi 4, this will have a bare, thin provisioned WG7 VM contained with in it.
The WG7 will, on first boot, find it’s self via DHCP and then talk to our web server to pull down its config file. To determine the config file it should get can the WG7 be made to request a specific file based on its gateway? If not the our plan would be to use URL rewriting on our Apache back end to chose the file depending on the subnet the request comes from. The server would then do its stuff with the config to get its self on to the correct address.
Looking at the XML example you provided Michael, does this have the ability to set the SSH settings, root password and a default policy config? With WW6, we used RHEL so the things like SSH were easy to control and for the config what we did was to untar a copy of /opt/webwasher-cmf/config via a script. With the changes in 7 though I don’t this is possible any more.
Thanks for all your help,
NetConfig is the PXE boot that Erik was referencing previously.
MWg 7 will not accept the deployment methid you mentioned any longer . It will either require the USB, PXE or direct touch on the shell.
But as a thought - you could create the VM with the following method:
crate a default VM (can be done on workstaton):
Mount ISO. When being prompted for 1 or 2 at the very beginning, enter 2w <- this is not a typo!
Then install the rpms.
At the end, when being asked : (s)hell, (r)eboot, (h)alt selected (h). Then shutdown.
You have now created a master VM.
This can be copied to all VMServers. Upon 1st boot it will ciretcly go into the wizard and stay there until you configure it with the wizard. You now can configure it via VSpehere client.
Would this be an option?
I concur with Michael.
The best method would be to deploy the virtual appliance in its saved state right after imaging but before reboot. Then logon to the virtual console and run the wizard manually.
Unfortunately, the config.zip will not install SSH root password or license, so you have to do that via the console anyway. (there is a feature request already for that)
If you want to go the config.zip route, the only additional step I could suggest is to create a virtual floppy image and place the config.zip on that virtual floppy that has the configuration in it. Then deploy the virtual appliance with the virtual floppy mounted so it reads it on first boot. But it seems that would be much harder than just doing it on the vSphere console.
The config.zip method is most useful on a hardware appliance that has no CRT/KB. And even with that, the DRAC card on the latest appliances is a better option.
Ok, If thats the case then I'm not sure we can use WG7 for what we need. The requirement is for the process to be hands off, as the end users can not have any config access and we dont have the man power to manualy configure 400+ servers. With WW6 it is failry simple to automate its config deployment, and as such I think will will for now we will stay with that, and just refresh the hardware.
I'll submit a feature request for better deployment tools as we would still like to move to 7 as it does offer advantages to us in what we can off load to the edge of the network.
Thanks for all your help,
Well maybe we aren't understanding the scope of the deployment model.
When you use ESXi you still need access to the vSphere console through the network to image the VM, even if it's just to mount the virtual floppy or USB where the config.xml resides. MWG6 or MWG7 aren't any different in that respect.
With physical appliances, you also need to connect it to the network and the newer appliances have DRAC cards that let you do the full reimage remotely and have remote console access once an IP is setup on the DRAC itself. But that, too, is the same in version 6 vs. 7.
So the only chasm between the two versions is the ability to set a root password and PermitRootLogon yes in the config.xml file, whereas MWG7 can't do that yet. Everything else is the same.
Is this the main issue?
The benifits I see with WW6 are that we can deploy an image of ESXi and on first boot I can have WW6 pick up a DHCP address, it can then use this to identify its default gateway, from that it can work out what site it is located at and, using cgctrl set the ipaddress setting to those specific to the site. As I can do this in a post install state I will already know the root password, and I'll have a preconfigured config with things like the parent proxys setup and the licence key installed. ESXi will be setup from kickstart and will be doing something similer to find its IP address and set it's self up.
I'm not as familier with the inner working's of WG7 so I cant easily get that to work. I know that if I manualy change the IP address on reboot something is changing it back.
An ideal setup for us though would be something like kickstart. This would allow us to have a basic script that the server folllows to build its self from scratch to a fully opperational proxy with zero interaction.