The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Password encryption in the Kickstart configuration template file is supported. The root password is not encrypted if the OS template in the BMA does not support password encryption. Password encryption is supported only for ESXi, RHEL OS, and CentOS catalogs.
This section includes the sample configuration template files for different operating systems.
 Important |
The sample configuration files included in this guide may not suite all the deployment scenarios. Review and modify the configurations based on your deployment environment. |
Sample Linux Configuration Template Files
The following example shows the Kickstart configuration template file with password encryption (ks.cfg) that is required for Linux operating system images:
auth --useshadow --enablemd5
bootloader --append="rhgb quiet" --location=mbr --driveorder=sda
clearpart --all --initlabel
zerombr
ignoredisk --only-use=sda
text
firewall --disabled
firstboot --disable
keyboard us
lang en_US
logging --level=info
url --url=http://$PXE_NATIVE_WEBSERVER/IMAGECATALOGNAME
reboot
$PXE_DHCP_IP_TYPE network --bootproto=dhcp --device=eth0 --hostname=$PXE_NAME --onboot=on
$PXE_STATIC_IP_TYPE network --bootproto=static --device=eth0 --ip=$PXE_IP --netmask=$PXE_NETMASK --gateway=$PXE_GATEWAY --vlanid=$PXE_MGMTVLAN --hostname=$PXE_NAME --onboot=on
rootpw $ENCRYPTED $PXE_PASSWD
selinux --disabled
timezone --isUtc $PXE_TIMEZONE
install
part biosboot --fstype=biosboot --size=1 --ondisk=sda
part / --fstype="ext3" --size=8000
%packages --nobase
wget
%end
%post
## Notifying back to Cisco UCS Director once the blade is up ##
wget http://$PXE_WEBSERVER/$PXEID/notify.html
%end
~ The following example shows the Kickstart configuration template file with password encryption (ks-uefi.cfg) that is required for Linux operating system images:
auth --useshadow --enablemd5
bootloader --append="rhgb quiet" --location=mbr --driveorder=sda
clearpart --all --initlabel
zerombr
ignoredisk --only-use=sda
text
firewall --disabled
firstboot --disable
keyboard us
lang en_US
logging --level=info
url --url=http://$PXE_NATIVE_WEBSERVER/IMAGECATALOGNAME
reboot
$PXE_DHCP_IP_TYPE network --bootproto=dhcp --device=eth0 --hostname=$PXE_NAME --onboot=on
$PXE_STATIC_IP_TYPE network --bootproto=static --device=eth0 --ip=$PXE_IP --netmask=$PXE_NETMASK --gateway=$PXE_GATEWAY --vlanid=$PXE_MGMTVLAN --hostname=$PXE_NAME --onboot=on
rootpw $ENCRYPTED $PXE_PASSWD
selinux --disabled
timezone --isUtc $PXE_TIMEZONE
install
part /boot/efi --fstype=efi --grow --maxsize=200 --size=50
part /boot --fstype=ext3 --size=500
part swap --fstype="swap" --size=1024
part pv.01 --size=10240
volgroup vg0 pv.01
logvol /home --vgname=vg0 --size=500 --name=home
logvol / --vgname=vg0 --grow --size=1 --name=root
%packages --nobase
wget
%end
%post
## Notifying back to Cisco UCS Director once the blade is up ##
wget http://$PXE_WEBSERVER/$PXEID/notify.html
%end
The following example shows the PXE configuration template file (pxe.cfg) that is required for Linux operating system images:
default linux
label linux
kernel vmlinuz
append initrd=initrd.img ramdisk_size=9216 noapic acpi=off ip=dhcp ks=$PXE_KS_URL
prompt 0
timeout 0
The following example shows the iPXE configuration template file (ipxe.cfg) that is required for Linux operating system images:
default linux
label linux
kernel http://$PXE_NATIVE_WEBSERVER/$PXE_OS/isolinux/vmlinuz
append initrd=http://$PXE_NATIVE_WEBSERVER/$PXE_OS/isolinux/initrd.img ramdisk_size=9216 noapic acpi=off ip=dhcp ks=$PXE_KS_URL ksdevice=eth0 inst.repo=http://$PXE_NATIVE_WEBSERVER/$PXE_OS net.ifnames=0 biosdevname=0
prompt 0
timeout 0Sample VMware vSphere ESXi Configuration Template Files
The following example shows the Kickstart configuration template file with password encryption (ks.cfg) that is required for VMware vSphere ESXi operating system images:
vmaccepteula
rootpw $ENCRYPTED $PXE_PASSWD
#for Local boot
install --firstdisk --overwritevmfs
#for SAN boot
#install --firstdisk=remote --overwritevmfs
$PXE_DHCP_IP_TYPE network --bootproto=dhcp --vlanid=$PXE_MGMTVLAN
$PXE_STATIC_IP_TYPE network --bootproto=static --ip=$PXE_IP --netmask=$PXE_NETMASK --gateway=$PXE_GATEWAY --vlanid=$PXE_MGMTVLAN --nameserver=$PXE_NS --hostname=$PXE_NAME
#we poweroff ourselves in the 'post' section, and ucs will later power us on after changing the service profile
#reboot
%pre --interpreter=busybox
hwclock -d %LIVE_VAR_DATE_1% -t %LIVE_VAR_TIME_UTC_1%
date -s %LIVE_VAR_DATE_TIME_UTC_1%
cd /tmp
%firstboot --interpreter=busybox
cd /tmp
esxcfg-vswitch -A 'VM Network' vSwitch0
###############################
# enable & start remote ESXi Shell (SSH)
###############################
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh
###############################
# enable & start ESXi Shell (TSM)
###############################
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell
$PXE_DHCP_IP_TYPE esxcli system hostname set --host=$PXE_NAME
%post --interpreter=busybox --ignorefailure=true
cd /tmp
localcli network firewall set --default-action true
localcli network firewall set --enabled false
## Notifying back to Cisco UCS Director once the blade is up ##
wget http://$PXE_WEBSERVER_MGMT_VLAN_IP/$PXEID/notify.html -O /tmp/notify.html
localcli network firewall set --default-action false
localcli network firewall set --enabled true
# Let us poweroff/shutdown our selves.
Poweroff
The following example shows the PXE configuration template file (pxe.cfg) that is required for VMware vSphere ESXi operating system images.
Important |
You can customize the configuration based on your requirements. |
default image_name/menu.c32
menu title PXE Boot Home
timeout 70
label image_name
menu label Install VMware image_name
kernel image_name/mboot.c32
append -c /web/ks-repository/$PXE_ID/boot.cfg +++
IPAPPEND 1
The following example shows the iPXE configuration template file (ipxe.cfg) that is required for VMware vSphere ESXi operating system images:
default 1
timeout 100
prompt 1
label 1
KERNEL ipxe.lkrn
Append dhcp && chain http://$PXE_NATIVE_WEBSERVER/$PXE_WINDOWS_OS_REPOSITORY_LINK/boot.ipxeThe following example shows the iPXE UEFI configuration template file (ipxe-uefi.cfg) that is required for windows:
#!ipxe
kernel ../wimboot
initrd ../Boot/BCD BCD
initrd ../Boot/boot.sdi boot.sdi
initrd ../Boot/WinPE.wim WinPE.wim
bootThe following is an example of a Windows answer file, named AUTOUNATTEND.XML, that can be used to set up a Windows Server 2008 R2 OS image for use with Cisco UCS Director Bare Metal Agent.
<unattend>
<servicing>
<package action="configure">
<assemblyIdentity name="Microsoft-Windows-Foundation-Package" version="6.1.7600.16385"
processorArchitecture="amd64" publicKeyToken="xxxf3856ad364xxx" language=""/>
<selection name="IIS-WebServerRole" state="false"/>
<selection name="IIS-WebServer" state="false"/>
<selection name="Microsoft-Hyper-V" state="true"/>
<selection name="Microsoft-Hyper-V-Management-Clients" state="true"/>
<selection name="Microsoft-Hyper-V-Management-Clients" state="true"/>
<selection name="MultipathIo" state="true"/>
<selection name="TelnetClient" state="true"/>
</package>
</servicing>
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64"
publicKeyToken="xxxf3856ad364xxx" language="neutral" versionScope="nonSxS">
<ComplianceCheck>
<DisplayReport>OnError</DisplayReport>
</ComplianceCheck>
<Display>
<VerticalResolution>600</VerticalResolution>
<RefreshRate>60</RefreshRate>
<HorizontalResolution>800</HorizontalResolution>
<ColorDepth>32</ColorDepth>
</Display>
<EnableFirewall>false</EnableFirewall>
<UserData>
<ProductKey>
<WillShowUI>Never</WillShowUI>
<Key>XXXXX-XXXXX-KQT8W-PMXWJ-XXXXX</Key>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Cisco</FullName>
<Organization>CiscoUCSD</Organization>
</UserData>
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>40000</Size>
</CreatePartition>
</CreatePartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Extend>false</Extend>
<Format>NTFS</Format>
<Label>OS</Label>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
</ModifyPartitions>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
<WillShowUI>Never</WillShowUI>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows Server 2008 R2 SERVERDATACENTER</Value>
</MetaData>
<Path>\\000.00.90.31\bits\sources\install.wim</Path>
</InstallFrom>
</OSImage>
</ImageInstall>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<UserLocale>en-US</UserLocale>
<UILanguage>en-US</UILanguage>
<SystemLocale>en-US</SystemLocale>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager"
processorArchitecture="amd64" publicKeyToken="nnnf3856ad364nnn"
language="neutral" versionScope="nonSxS">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364nnn" language="neutral" versionScope="nonSxS">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Description>Disable IPv6</Description>
<Path>reg add HKLM\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters /v DisabledComponents /t
REG_DWORD /d 255 /f</Path>
<Order>1</Order>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Description>Disable Shutdown Tracker</Description>
<Path>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t
REG_DWORD /d 0 /f</Path>
<Order>2</Order>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
<PrivateProfile_EnableFirewall>false</PrivateProfile_EnableFirewall>
<PublicProfile_EnableFirewall>false</PublicProfile_EnableFirewall>
</component>
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component name="Microsoft-Windows-powercpl" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<PreferredPlan>8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c</PreferredPlan>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<ComputerName>*</ComputerName>
<ProductKey>XXXXX-XXXXX-KQT8W-PMXWJ-XXXXX</ProductKey>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<Display>
<ColorDepth>32</ColorDepth>
<HorizontalResolution>800</HorizontalResolution>
<VerticalResolution>600</VerticalResolution>
<RefreshRate>60</RefreshRate>
</Display>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<VisualEffects>
<FontSmoothing>ClearType</FontSmoothing>
</VisualEffects>
<WindowsFeatures>
<ShowInternetExplorer>true</ShowInternetExplorer>
</WindowsFeatures>
<TimeZone>Pacific Standard Time</TimeZone>
<RegisteredOrganization/>
<ShowWindowsLive>false</ShowWindowsLive>
<UserAccounts>
<AdministratorPassword>
<Value>987654321abc???=</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
</UserAccounts>
<AutoLogon>
<Password>
<Value>123456abc???</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>Administrator</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd /c winrm quickconfig -quiet -transport:HTTP</CommandLine>
<Description>Enable WinRS over HTTP to communicate with CPA</Description>
<Order>1</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd /c winrm set winrm/config/client @{TrustedHosts="*"}</CommandLine>
<Description>Adding trusted hosts value for winrm client</Description>
<Order>2</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd /c net use R: \\000.00.90.31\bits /user:smbuser cisco123</CommandLine>
<Description>Mapping the share to save the notification file</Description>
<Order>3</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd /c ipconfig /all | findstr "Physical" >> R:\notifications\completed.html</CommandLine>
<Description>Writing the completed notification log with MAC address at
Share mapped in previous step</Description>
<Order>4</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd /c R:\notifications\completed.bat</CommandLine>
<Description>executing powershell batch file like as wget</Description>
<Order>5</Order>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64"
publicKeyToken="nnnf3856ad364nnn" language="neutral" versionScope="nonSxS">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:D:/win2k8r2x64sp1/sources/install.wim#Windows
Server 2008 R2 SERVERDATACENTER"/>
</unattend>
Feedback