Tag Archive for AutoDeploy

Using PowerCLI Image Builder CLI to build a new ESXi 7.0U1c image

February 14, 2021 AutoDeploy No comments

What do we need to build a custom image?

  • An ESXi image (Download from myvmware.com) and use the depot zip
  • VMware PowerCLI and the ESXi Image Builder module

For more information on setting this up, see this blog. Thanks to Michelle Laverick.

  • Other software depots

The vSphere ESXi depot is the main software depot you will need but there are other depots provided by vendors who create collections of VIBs specially packaged for distribution. Depots can be Online and Offline. An online software depot is accessed remotely using the HTTP protocol. An offline software depot is downloaded and accessed locally. These depots have the vendor specific VIBs that you will need to combine with the vSphere ESXi depot in order to create your custom installation image. An example could be HP’s depot on this link

What are VIBS?

VIB actually stands for vSphere Installation Bundle. It is basically a collection of files packaged into a single archive to facilitate distribution. It is composed of 3 parts

  • A file archive (The files which will be installed on the host)
  • An xml descriptor file (Describes the contents of the VIB. It contains the requirements for installing the VIB and identifies who created the VIB and the amount of testing that’s been done including any dependencies, any compatibility issues, and whether the VIB can be installed without rebooting.)
  • A signature file (Verifies the acceptance level of the VIB) There are 4 acceptance levels. See next paragraph

Acceptance levels

Each VIB is released with an acceptance level that cannot be changed. The host acceptance level determines which VIBs can be installed to a host.

VMwareCertfied

The VMwareCertified acceptance level has the most stringent requirements. VIBs with this level go through thorough testing fully equivalent to VMware in-house Quality Assurance testing for the same technology. Today, only I/O Vendor Program (IOVP) program drivers are published at this level. VMware takes support calls for VIBs with this acceptance level.

VMwareAccepted

VIBs with this acceptance level go through verification testing, but the tests do not fully test every function of the software. The partner runs the tests and VMware verifies the result. Today, CIM providers and PSA plug-ins are among the VIBs published at this level. VMware directs support calls for VIBs with this acceptance level to the partner’s support organization.

PartnerSupported

VIBs with the PartnerSupported acceptance level are published by a partner that VMware trusts. The partner performs all testing. VMware does not verify the results. This level is used for a new or nonmainstream technology that partners want to enable for VMware systems. Today, driver VIB technologies such as Infiniband, ATAoE, and SSD are at this level with nonstandard hardware drivers. VMware directs support calls for VIBs with this acceptance level to the partner’s support organization.

CommunitySupported

The CommunitySupported acceptance level is for VIBs created by individuals or companies outside of VMware partner programs. VIBs at this level have not gone through any VMware-approved testing program and are not supported by VMware Technical Support or by a VMware partner.

Steps to create an custom ESXi image

  1. I have an ESXI 7.0U1c software depot zip file and I am going to use an Intel VIB which I will add into the custom image

2. Open PowerCLI and connect to your vCenter

Connect-VIServer <vCenterServer>

3. Next I add my vSphere ESXi and Intel software depot zips

Add-EsxSoftwareDepot c:\Users\rhian\Downloads\VMware-ESXi-7.0U1c-17325551-depot.zip

Add-EsxSoftwareDepot c:\Users\rhian\Downloads\intel-nvme-vmd-en_2.5.0.1066-1OEM.700.1.0.15843807_17238162.zip

4. If you want to check what packages are available once the software depots have been added.

Get-EsxSoftwarePackage

5. Next we can check what image profiles are available. We are going to clone one of these profiles

Get-EsxImageProfile

6. There are two ways to create a new image profile, you can create an empty image profile and manually specify the VIBs you want to add, or you can clone an existing image profile and use that. I have cloned an existing image profile

New-EsxImageProfile -CloneProfile ESXi-7.0U1c-17325551-standard -name esxi701c-imageprofile -vendor vmware -AcceptanceLevel PartnerSupported

If I do a Get-EsxImageProfile now, I can see the new image profile I created

7. Next, I’ll use the Add-EsxSoftwarePackage to add and remove VIBs to/from the image profile. First of all I’ll check my extra Intel package to get the driver name then I will add the software package

Get-EsxSoftwarePackage | where {$_.Vendor -eq “INT”}

Add-EsxSoftwarePackage -ImageProfile esxi701c-imageprofile -SoftwarePackage intel-nvme-vmd -Force

8. We now have the option to export the profile as a zip or an iso.

Export-EsxImageProfile -ImageProfile esxi701c-imageprofile -FilePath c:\Users\rhian\Downloads\esxi701c-imageprofile.zip -ExportToBundle -Force -NoSignatureCheck

Export-EsxImageProfile -ImageProfile esxi701c-imageprofile -FilePath c:\Users\rhian\Downloads\esxi701c-imageprofile.iso -ExportToIso -Force -NoSignatureCheck

9. Just as a note, If you need to change the acceptance level, then you can do so by running the following command before creating the iso or zip. The example below shows changing the imageprofile to the PartnerSupport acceptance level.

Set-EsxImageProfile -AcceptanceLevel PartnerSupported –ImageProfile esxi701c-imageprofile

Useful tip

Typing history in PowerCLI will show you all the commands you have typed. Very handy to check mistakes or save the commands for future use.

Customising an ESXi Image Profile (v6.5U2)

July 10, 2019 AutoDeploy No comments

Within AutoDeploy, we sometimes need to update our base ESXi image and this blog will go through the process to do this. We use the HPE Custom Image for VMware ESXi 6.5 U2 Offline Bundle currently but what if we want to add a security patch?

Steps

a) Download the VMware-ESXi-6.5.0-Update2-10719125-HPE-Gen9plus-650.U2.10.4.0.29-Apr2019-depot from myvmware.com

This image has an empty alt attribute; its file name is Customise3-1024x536.png

b) Click the icon to add a new Software depot and add a name

We now see our Software Depot named VMware ESXi 6.5U2 including Patches

Click the green up arrow to upload the VMware-ESXi-6.5.0-Update2-10719125-HPE-Gen9plus-650.U2.10.4.0.29-April2019-depot into the Software Depots within AutoDeploy.

d) Log into VMware’s Patch portal

https://my.vmware.com/group/vmware/patch#search

There are filters which allow you to select the type of update and severity including information about the patch

We will download the latest critical security patch

It downloads as a zip file

Upload this file into AutoDeploy. On the Software Depots tab and click the green up arrow to upload the patch zip file

f) We are now going to clone the VMware-ESXi-6.5.0-Update2-10719125-HPE-Gen9plus-650.U2.10.4.0.29-Apr2019-depot

Click on the VMware-ESXi-6.5.0-Update2-10719125-HPE-Gen9plus-650.U2.10.4.0.29-Apr2019-depot. Under Image Profiles select the vendor image and click Clone. We are cloning the vendor image to replace the updated VIBs.

Fill in the Name, Vendor and description. Choose your newly created software depot

Choose Partner Supported from the drop-down

g) Leave this box for a minute as we need to check the bulletins associated with the security patch we downloaded – Link below for reference

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html

What we see in this bulletin is the vibs which are updated

h) Use the search function in the clone wizard to find each of the updated VIBs. Un-select the existing version and select the new version to add it to the build. In the example below I have unticked the older version and ticked the newer version

Do the same for the other 3 affected VIBs. Uncheck the older one and tick the newer one

Check the final screen and click Finish

You should now be able to click on your software depot – VMware ESXi 6.5U2 including patches and see the Cloned Image Profile which contains the security patch

i) Now we can add our patched Image Profile into an AutoDeploy Rule

I’m not going to go through the whole process of creating a rule but as you can see below, I can now edit the deploy rule (must be deactivated to edit)

You can then select the software depot which will contain the patched ESXi image with the security patch

j) If you are updating an existing Deploy Rule then you will need to use PowerCLI to connect to the vCenter and run the below command to refresh the Autodeploy cache before rebooting a host and testing the image applies correctly

You can either do a single command on a host you want to test or run a command which updates all the hosts at once. In order to repair a single host to do a test we can use the below piped command. If you get an empty string back then the cache is correct and ready to use the new image

Test-DeployRuleSetCompliance lg-spsp-cex03.lseg.stockex.local | Repair-DeployRuleSetCompliance

Or you can use the piped command below runs the same command on all hosts

foreach ($esx in get-vmhost) {$esx | test-deployrulesetcompliance | repair-deployrulesetcompliance}

k) Reboot a host and test the image applies correctly

Configure an Auto Deploy Reference Host

March 16, 2013 Objective 9 Advanced vSphere Installation No comments

Cloud

Introduction

In an environment where no state is stored on the host, a reference host helps you set up multiple hosts with the same configuration. You configure the reference host with the logging, coredump, and other settings that you want, save the host profile, and write a rule that applies the host profile to other hosts as needed.

You can configure the storage, networking, and security settings on the reference host and set up services such as syslog and NTP. The exact setup of your reference host depends on your environment, but you might consider the following customization.

custom

Auto Deploy Reference Host Setup

custom

Configuring an Auto Deploy Reference Host

  • vSphere Client

The vSphere Client supports setup of networking, storage, security, and most other aspects of an ESXi host. You can completely set up your environment and export the host profile for use by Auto Deploy.

  • vSphere Command Line Interface

You can use vCLI commands for setup of many aspects of your host. vCLI is especially suitable for configuring some of the services in the vSphere environment. Commands include vicfg-ntp (set up an NTP server), esxcli system syslog (set up a syslog server), and vicfg-route (set up the default route).

  • Host Profile Interface

You can either set up a host with vSphere Client or vCLI and save the host profile for that host, or you can configure the host profiles directly with the Host Profiles interface in the vSphere Client

Provision/Reprovision ESXi Hosts using AutoDeploy

March 15, 2013 Objective 9 Advanced vSphere Installation No comments

index

Provisioning and Reprovisioning

Provisioning a host that has never been provisioned with Auto Deploy (first boot) differs from subsequent boot processes. You must prepare the host, define the image using the Image Builder PowerCLI, and fulfill all other prerequisites before you can provision the host.

vSphere Auto Deploy supports multiple reprovisioning options. You can perform a simple reboot or reprovision with a different image or a different host profile.

Provisioning for the first time

Capture2

Subsequent boot of an AutoDeployed ESXi Host

depot

Reprovisoning

vSphere Auto Deploy supports multiple reprovisioning options. You can perform a simple reboot or reprovision with a different image or a different host profile.

The following reprovisioning operations are available.

  • Simple reboot.
  • Reboot of hosts for which the user answered questions during the boot operation.
  • Reprovision with a different image profile.
  • Reprovision with a different host profile.

Test and Repair Rule Compliance

  • When you add a rule to the Auto Deploy rule set or make changes to one or more rules, unprovisioned hosts that you boot are automatically provisioned according to the new rules. For all other hosts, Auto Deploy applies the new rules only when you test their rule compliance and perform remediation.
    This task assumes that your infrastructure includes one or more ESXi hosts provisioned with Auto Deploy, and that the host on which you installed VMware PowerCLI can access those ESXi hosts.

Prerequisites

  • Install VMware PowerCLI and all prerequisite software.
  • If you encounter problems running PowerCLI cmdlets, consider changing the execution policy.

Procedure changing the host profile used in the rule

  • Check which Auto Deploy rules are currently available. The system returns the rules and the associated items and patterns
  • Get-DeployRule
  • Make a change to one of the available rules, for example, you might change the image profile and the name of the rule. You cannot edit a rule already added to a rule set. Instead, you copy the rule and replace the item you want to change.
  • Copy-DeployRule -DeployRule testruleimageprofile -ReplaceItem DACVESX002_Host_Profile
  • Verify that the host that you want to test rule set compliance for is accessible.
    Get-VMHost -Name 10.1.1.100
  • Test the rule set compliance for that host and bind the return value to a variable for later use.
  • $tr = Test-DeployRuleSetCompliance 10.1.1.100
  • Examine the differences between what is in the rule set and what the host is currently using $tr.itemlist The system returns a table of current and expected items.
  • Remediate the host to use the revised rule set the next time you boot the host.
  • Repair-DeployRuleSetCompliance $tr

deployrulescompliance

What to do next

If the rule you changed specified the inventory location, the change takes effect immediately. For all other changes, boot your host to have Auto Deploy apply the new rule and to achieve compliance between the rule set and the host.

Please see Pages 81-85 of the vSphere Installation and Setup Guide

Utilise AutoDeploy cmdlets to deploy ESXi Hosts

March 13, 2013 Objective 9 Advanced vSphere Installation No comments

index

Introduction

When you start a physical host set up for Auto Deploy, Auto Deploy uses a PXE boot infrastructure in conjunction with vSphere host profiles to provision and customize that host. No state is stored on the host itself, instead, the Auto Deploy server manages state information for each host.

  • The ESXi host’s state and configuration is run in memory
  • When the host is shutdown the state information is cleared from memory
  • Based on PXE Boot environments
  • Works with Image Buillder, vCenter Server and Host Profiles
  • Eliminates the need for a boot device
  • Common image across all hosts

With Autodeploy the previous boot device information is stored on the host and managed by vCenter

Image

Autodeploy Architecture

Capture

What does what?

Capture

 Rules engine

You specify the behavior of the Auto Deploy server by using a set of rules written in Power CLI. The Auto Deploy rule engine checks the rule set for matching host patterns to decide which items (image profile, host profile, or vCenter Server location) to provision each host with.

PowerCLI cmdlets are used to set, evaulate and update image profile and host profile rules

The Rules engine maps software images and host profiles to hosts based on the attributes of the host. For example

  • Rules can be based on IP or MAC Address
  • The -AllHosts option can be used for every host

What’s in the Rules engine?

Capture

What else is required?

req

Boot Process

process

AutoDeploy First Boot Process

Capture

AutoDeploy cmdlets

cmdlets

 Procedure

  • Log into PowerCLI and follow the below steps
  • Note to be careful with syntax and case sensitivity

Capture2

Demo

  • Log into PowerCLI
  • Type add-esxsoftwaredepot E:\Depot\VMware-ESXi-5.1.0-799733-depot.zip
  • Type get-esximageprofile
  • Type new-deployrule -name testruleimageprofile – item VMware-ESXi-5.1.0-799733-standard -allhosts

The above commands will add a software depot, get the ESXi image profiles then create a deployment rule named “testruleimageprofile” and will use the “VMware-ESXi-5.1.0-799733-standard” image profile or type in the customprofile you have created and will apply the rule to “Allhosts” or any ESXi host boots from it.

depot

  • Or
  • Log into PowerCLI
  • Type add-esxsoftwaredepot E:\Depot\VMware-ESXi-5.1.0-799733-depot.zip
  • Type get-esximageprofile
  • Type new-deployrule -name testruleimageprofile – item “ESXi-5.1.0-799733-standard”,”Cluster”,”DACVESX001 Host Profile” -pattern “ipv4=10.1.1.100-10.1.1.105”

The above commands will add a software depot, get the ESXi image profiles then create a deployment rule named “testruleimageprofile” and will use the “VMware-ESXi-5.1.0-799733-standard” image profile,  The Cluster Name “Cluster” and the Host Profile Name DACVESX001 Host Profile with a pattern to apply this to the IP range 10.1.1.100-10.1.1.105

autodeploynewrule

  • Click Enter and you should see the following screen appear

Capture

  • Add the second cluster rule

depot3

  • Once the deployment rules have been created successfully, add them to the working rule set by using the Add-DeployRule cmdlet. The following example adds the two deployment rules created previously to the working rule set
  • Add the Rules to the Working Rule Set
  • By default deploy rules are added to the active rule set. You add rules to the working rule set by including the -NoActivate flag when using the Add-DeployRule cmdlet.

depot2

  • Use the Get-DeployRuleSet to verify the rules were created

depot4

  • When the deployment rules have been added to the working rule set successfully, vSphere Auto Deploy will commence copying VIBs to the Auto Deploy server as required. In our case the VIBs associated with Brocade will be copied
  • Type Exit to Quit PowerCLI

Install the Auto Deploy Server

March 12, 2013 Objective 9 Advanced vSphere Installation No comments

robot

What is Auto Deploy?

vSphere Auto Deploy can provision hundreds of physical hosts with ESXi software. You can specify the image to deploy and the hosts to provision with the image. Optionally, you can specify host profiles to apply to the hosts, and a vCenter Server folder or cluster for each host.

When a physical host set up for Auto Deploy is turned on, Auto Deploy uses a PXE boot infrastructure in conjunction with vSphere host profiles to provision and customize that host. No state is stored on the host itself. Instead, the Auto Deploy server manages state information for each host

Auto Deploy stores the information for the ESXi hosts to be provisioned in different locations. Information about the location of image profiles and host profiles is initially specified in the rules that map machines to image profiles and host profiles. When a host boots for the first time, the vCenter Server system creates a corresponding host object and stores the information in the database.

AutoDeploy Requirements

  • DHCP
  • DHCP Option 66: FQDN or IP Address of TFTP Server
  • DHCP Option 67: udionly.kpxe.vmw-hardwired – Name of GPXE Config file which we need the TFTP Server to direct the host to
  • Router Configuration – A setting to allow the DHCP
  • PXE
  • TFTP

Installation Instructions

  • Attach the vCenter ISO
  • Select AutoDeploy

Autodeploy1

  • Click Next

Autodeploy2

  • Click Next to the End User Patent Agreement

Autodeploy3

  • Click I accept to the Licensing agreement

Autodeploy4

  • Check Auto Deploy repository directory and repository maximum size

Autodeploy5

  • Put in vCenter Information

Autodeploy6

  • Trust the SSL Certificate

Autodeploy7

  • Check the ports

Autodeploy8

  • Check how your server is identified on the network

Autodeploy9

  • nn

Autodeploy10

  • Finish