December | 2015 | rnelson0

1 of 4

https://rnelson0.com/2015/12/

rnelson0
Infrastructure, Virtualization, Security

Monthly Archives: December 2015

POSTED BY
RNELSON0
POSTED ON
DECEMBER 10, 2015
POSTED UNDER
VSPHERE
COMMENTS
1 COMMENT

Deploying Windows Images with KMS keys

Im not all that familiar with Windows licensing models, so I stumbled into a bit of surprise with
KMS keys recently. If you are using a central KMS server that you do not maintain, and someone
gives you a KMS key, you can ignore it! Thats for the KMS Host, which is where the licensing
happens. Your nodes will be KMS Clients and they will use a Generic Volume License Key for
activation. The Client communicates with the Host, which tells the client if it is activated and
provides all the necessary information for that to happen (I dont know how the Host does that,
thats the beauty of le ing someone else run that service!). In this case, you are often given media to
use for the Windows install that includes the GVLK, so you dont need to do anything but
communicate with the KMS Host. Its a pre y nice setup, all considering.
However, IF you do something silly like put the KMS Host key on your Clients, you wont get far.
The Host key can only be activated 10 times on 6 hosts, so very soon youll run into trouble, if not
immediately. You have to switch back over to the GVLK and activate using that. Microsoft maintains
a list of GVLKs for each edition of Windows (h ps://technet.microsoft.com/en-us/library
/jj612867.aspx). The lookup of the KMS Host is done by DNS, but you can manually congure the
KMS Client (h ps://technet.microsoft.com/en-us/library/793406.aspx) as well. Once the GVLK is in
place, activate the key. Here are the three commands you will need, using Windows 2012R2
14-08-2016 01:51

December | 2015 | rnelson0

2 of 4

https://rnelson0.com/2015/12/

Datacenter as the GVLK:

cscript c:\windows\system32\slmgr.vbs /ipk W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
cscript c:\windows\system32\slmgr.vbs /skms kms.example.com:1688
cscript c:\windows\system32\slmgr.vbs /ato

These commands need to be run from an administrator-privilege command prompt or PowerShell

session.
If you are using templates, run the rst command on the template. Ensure the deployment process is
not adding license information. In vCenter, this means removing all options from the License
Information portion of the Customization Specications in ALL customization specs. Add the /skms and
/ato commands to the existing commands in the Run Once section:

(h ps://rnelson0.les.wordpress.com/2015/12/kms-g-1.png)

(h ps://rnelson0.les.wordpress.com/2015/12/kms-g-2.png)

14-08-2016 01:51

December | 2015 | rnelson0

3 of 4

https://rnelson0.com/2015/12/

When you deploy a VM, it should now automatically activate itself! If you run into issues, ensure
that the Client can communicate with the Host and no rewalls are blocking the communication. Ive
found that a global any/<KMS Server>/<kms port> rule in your rewalls is handy to ensure that
random networks arent blocked from activation.
If youre interested in learning more about Windows Licensing, Microsoft has a great amount of
documentation. I suggest starting with Learn About Product Activation
(h ps://technet.microsoft.com/en-us/library/793423.aspx) and then moving through the relevant
sections.

POSTED BY
RNELSON0
POSTED ON
DECEMBER 4, 2015
POSTED UNDER
DEVOPS, LINUX, PUPPET
COMMENTS
2 COMMENTS

Kickstart your CentOS Template, EL7 Edition

I wrote an article on kickstarting your CentOS Template (h ps://rnelson0.com/2014/04/18/kickstartyour-centos-template/) in early 2014 that focused on Enterprise Linux 6. Later in the year, RHEL7
was announced and CentOS 7 soon followed. Its well past time to refresh the kickstart article. To
keep this more of a moving target, Ive created a github repo to host the kickstart les at
puppetinabox/centos-kickstart (h ps://github.com/puppetinabox/centos-kickstart), so you can turn
there for updates or submit your own PRs. Im also toying with an existing puppet module
danzilio/kickstart (h ps://forge.puppetlabs.com/danzilio/kickstart) that generates kickstart les, and
I plan to contribute some PRs to it to manage the kickstart service itself. In the meantime, Ill show a
small prole that will do the same thing, since its just apache and a few les.

Kickstart Configuration
The new EL7 le (h ps://github.com/puppetinabox/centos-kickstart
/blob/3d401e2110ccd713aafc715ce1d1513b159b9d9f/el7/el7-dhcp.ks) was based o the EL6 version. I
simply changed the package list (h ps://github.com/puppetinabox/centos-kickstart
/blob/3d401e2110ccd713aafc715ce1d1513b159b9d9f/el7/el7-dhcp.ks#L34-L48) as some were no longer
available and the open-vm-tools are now the preferred method of VMware tools management. That
section was removed from the bo om. In the additional steps section, I changed the yum repo
(h ps://github.com/puppetinabox/centos-kickstart/blob/3d401e2110ccd713aafc715ce1d1513b159b9d9f
14-08-2016 01:51

December | 2015 | rnelson0

4 of 4

https://rnelson0.com/2015/12/

/el7/el7-dhcp.ks#L80) for puppet from Puppet 3 to Puppet Collections 1 (h ps://yum.puppetlabs.com

/el/7/PC1/x86_64/puppetlabs-release-pc1-1.0.0-1.el7.noarch.rpm) for Puppet 4. I also removed the
banner setup, thats easy enough to add in if you like.

Kickstart Service Management

The kickstart service itself is pre y simple. You can use puppetlabs-apache to install apache and then
place your les in its default root of /var/www/html. Take the kickstart les and add them to
dist/prole/les with any modications you require. Then create a prole that includes apache plus
the kickstart les. That would look something like this:

Blog at WordPress.com.

14-08-2016 01:51