auto deploy deep dive – vbrownbag style
DESCRIPTION
vBrownBag Auto Deploy Deep Dive Podcast Live session recorded and available at http://professionalvmware.comTRANSCRIPT
AUTO DEPLOY DEEP DIVE – VBROWNBAG STYLE
Rob Nelson – VCP5-DCVTwitter: @rnelson0Blog: http://rnelson0.comhttp://rnelson0.com/auto-deploy-deep-dive-series/
AGEN
DAWhat is Auto Deploy?
Requirements
Lab Setup
Auto Deploy VM
DHCP Settings
Host Profiles
PowerCLI + Image Builder
DHCP Reservations
PXE Boot
Increased Automation
Troubleshooting
Bonus Points – VCSA and Linux Only
WH
AT IS AUTO
DEPLO
Y?“VMware vSphere® Auto Deploy™ facilitates rapid server deployment and provisioning of vSphere hosts by leveraging the network boot capabilities of x86 servers together with the small footprint of the VMware® ESXi™ hypervisor.” - VMware• Automated, network-booted hypervisor provisioning and
configuration.• Bare metal provisioning – rack, stack, run VMs with low/no
touch.• Required reading for VCP/VCAP certifications.
Our Focus• Use the vSphere Web Client exclusively – Way of the future.• Mostly discrete Single Service VMs.
o Can be combined if desired.• Troubleshooting – What if it doesn’t work?
REQU
IREMEN
TS• Enterprise Plus License, or 60 Day vCenter Eval License.
o Included in every vCenter installation, use it!• Host Profiles.• DHCP – Microsoft (Win) or ISC DHCP (Linux).• TFTP – Solarwinds (Win) or ISC TFTP (Linux).• PowerCLI + Image Builder cmdlets.• EFI systems must be switched to BIOS compatibility mode.• Initial boot requires IPv4.• Network, security, storage (350MB per image), administrative
access, etc., as otherwise required for vCenter.• See more in vSphere Install And Setup Guide, section
“Installing ESXi Using vSphere Auto Deploy”, http://bit.ly/1jCQ60B
LAB SETUP
• Fortigate-VM – Segregates inner/production labs• Lab-server-1 – RDP gateway between inner/production labs• Lab-server-2 – Domain Controller• Lab-server-3 – vCenter• Lab-server-4 – Auto Deploy + TFTP• Lab-unix-1 – DHCP + TFTP, CentOS 6.5• test – Test DHCP availability, CentOS 6.5• vESXi01 – vPhysical VMHost, already configured• vESXi02, vESXi03 – vPhysical VMHost, not configured
AUTO
DEPLO
Y VMSame OS requirements as vCenter.• Install Windows Server 2008 R2 per your standards.• Configure RDP.• Install .NET 3.5.1 and pre-reqs.• Install Solarwinds TFTP Server.• Add firewall rule to allow inbound TFTP (69/udp).• Install Auto Deploy from vCenter media.
o Use [email protected] or service acct.
DH
CP SETTING
S PART 1/2View Auto Deploy configuration of vCenter and copy settings for use with DHCP server.• Launch vSphere Web Client.• Home -> vCenter -> <vCenter Object> -> Manage -> Settings -
> Auto Deploy• Copy the BIOS DHCP File Name (option 67) and iPXE Boot
URL (option 66) values.• Download the TFTP Boot Zip. Uncompress in TFTP Root
o Don’t need the zip, can discard.o URL is not password protected, can bookmark for later.
DH
CP SETTING
S PART 2/2Modify DHCP scope:• Option 66 – “next-server <ip>”
o Optional: “option tftp-server-name <ip>”, did not need• Option 67 – “option bootfile-name <filename>”• Restart service.
HO
ST PROFILES - D
ESCRIPTION
• Requires Enterprise Plus license.• Useful for attaching consistent settings across devices,
ensuring compliance over time.• Profiles reliant on similar hardware (machine specific).• Answer file provides host specific information.• Tricky and time-consuming! May take multiple attempts to
generate a profile that satisfies your needs.• Not for the faint of heart.• Could be a vBrownBag of its own!
HO
ST PROFILES – STATEFU
L CREATION
Create a “stateful” profile:• There is no editor, must extract from an existing VMHost.• Use vESXi01 as the reference host.• Uncheck everything except:
Advanced Configuration Settings -> System Image Cache Configuration ->
System Image Cache Configuration -> System Image Cache Settings ->
Enable stateful installs on hosts• Could also include root’s password, syslog and ntp settings,
and other hardware independent configuration.• If your hardware is all the same, use the full profile.• Always test with one device, don’t mass produce crap.
HO
ST PROFILE – W
HY STATEFU
L?I used a stateful install for simplicity. When should you use it?
Use Stateful:• Small system or management cluster – Physical hosts cannot
be dependent on VMs to provide the hypervisor.• Don’t have Enterprise Plus and want VMHosts to work 61
days later.• Can’t afford to wait extra 10+ minutes for PXE boot + install.
Use Stateless:• Deploying similar hardware en mass – With a single rule,
deploy a large number of hosts with zero touch.• Can upgrade/downgrade images or VIBs with a single change
to Auto Deploy rule and a reboot.
POW
ERCLI + IMAG
E BUILD
ERCommands:• Connect-VIServer• Get-Cluster – Cluster to add VMHost to.• Get-VMHostProfile – Find our stateful profile.• $HostRangePattern – http://bit.ly/1eTgfnO for other patterns.• Add-EsxSoftwareDepot – Remote or offline.• Get-EsxImageProfile – Select profile from the depot.• New-DeployRule – Create a new rule.• Set-DeployRuleSet – Overwrite existing rules, or…• Add-DeployRule – Add to existing rules.
Customize with:• New-EsxImageProfile – Clone existing image.• Add-EsxSoftwarePackage – Additional VIBs, see
http://bit.ly/1eBmIne• Export-EsxImageProfile – Create a zip bundle or ISO.
POW
ERCLI + IMAG
E BUILD
ER SCRIPTConnect-VIServer vcenter.insidelab.nelson.va$Cluster = Get-Cluster$HostProfile = Get-VMHostProfile stateful$HostRangePattern = "ipv4=172.19.0.241-172.19.0.249"
Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
#New-EsxImageProfile -CloneProfile ESXi-5.5.0-20131201001s-standard -Name Lab-5.5-Standard -Vendor Nelson# Add VIBs here with Add-EsxSoftwarePackage# Export to a bundle or an ISO if necessary#Export-EsxImageProfile -ImageProfile Lab-5.5-Standard -ExportToISO C:lab-5.5-standard.iso
$ImageProfile = Get-EsxImageProfile -Name "ESXi-5.5.0-20140302001-standard"New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePatternSet-DeployRuleSet -DeployRule vBrownBagDeployGet-DeployRuleSet
POW
ERCLI + IMAG
E BUILD
ER – HO
W IT W
ORKS
How it works:
• PoSH uses Objects.• New-DeployRule applies objects intelligently.
o Auto Deploy Rules Engine determines what should happen.
o Auto Deploy Server serves images and profiles to clients.• Our rules apply an image, a host profile, and a cluster at
once.o Host Profiles are attached for compliance, but failures do
not abort the process.• SoftwareDepot “goes away” once PoSH session ends, still
remembered in Rules Engine. Save your script for future editing.
POW
ERCLI + IMAG
E BUILD
ER – REMO
TE SOFTW
ARE DEPO
TUsing a remote software depot causes the contents to be downloaded on first use.
If your vCenter network is restricted, use an offline bundle!
PS C:\Users\rnelson0> New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePatternDownloading misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 10,904 bytes...Download finished, uploading to AutoDeploy...Upload finished.Downloading scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 163,840 bytes...Downloaded 410,516 bytes...Download finished, uploading to AutoDeploy...Upload finished....
DH
CP RESERVATION
SCreate DHCP reservations:• One per VMHost.• Must be in the correct scope AND in the range defined in
your Auto Deploy rules.• Restart service.
host vesxi02 { hardware ethernet 00:50:56:9a:7b:ce; fixed-address 172.19.0.242; option host-name vesxi02; }
PXE BOO
T• Power on your (v)hardware and initiate a PXE boot.• sudo make me a sandwich• Return to a VMHost running the image you specified, with a
stateful install and in the cluster.• Take it out of maintenance mode and start using it!
SUM
MARY
One-time steps:• Created an Auto Deploy VM.• Installed/configured TFTP.
Repeated steps:• Update DHCP configuration.• Select/Create a host profile.• Create Image Builder images and rules.• Deploy hosts.• Make a sandwich.
This is just the start of your SDDC – bare metal hypervisor provisioning with manual touch.
INCREASED
AUTO
MATIO
NWhat’s next:• Apply a more complete host profile.• Automate DNS configuration, DHCP reservations, Host
Profiles and Image Builder.• Tie it all into a single workflow.• Receive MACs from your vendor before devices ship and
configure auto deploy. On-site racks and stacks and powers on. 60 minutes later your DC is up and running.
• Take small steps, continue pushing toward the end goal!
TROU
BLESHO
OTIN
G – PXE &
SWITCH
CON
FIG, TFTP
What do you do when things don’t work? Start with the physical layer and work your way up the stack.
PXE & Switch Configurations:• PXE & vSphere DHCP clients can act differently. Beware VLAN
configuration!• Not all switch providers are equal. Know how they handle
native vs. tagged vs. access port configuration.• VLAN tagged (trunked) boot NICs not recommended, but if
it’s all you have…
TFTP:• Install a client and try it yourself.
TROU
BLESHO
OTIN
G – D
HCP O
PTION
SDHCP Options:• Always make sure DHCP was restarted after making changes.• Check that the DHCP server is providing addresses in the
correct scope/VLAN. Stand up a VM and make sure it gets an address – that’s the only reason the test VM exists.
• Use tcpdump to see packets on the wire and ensure options 66 and 67 are set.
• More details at http://rnelson0.com/2014/04/07/auto-deploy-deep-dive-part-4/
TROU
BLESHO
OTIN
G – H
OST PRO
FILES 1/2Host Profiles:• Applied profile for compliance is not the profile used by Auto
Deploy. If a profile is applied to a cluster, it will override the profile you attempted to attach to the VMHost. Unattach the profile from the cluster. Useful in clusters with mixed hardware VMHosts.
• If it’s not applying properly, uncheck all suspect items in the profile and re-enable one at a time until error occurs. Very specific, may take many iterations.
TROU
BLESHO
OTIN
G – H
OST PRO
FILES 2/2Host Profiles:• Always check KB for known bugs. Examples:
o vMotion not enabled on vmkernel ports.o Default GW lost after reboot.
• Can enhance with PowerCLI and other tools – don’t need to use Host Profiles exclusively.
BON
US PO
INTS – LIN
UX O
NLY
If you’re using the VCSA, perhaps you want to be as Windows-free as possible (damn you, VUM!). The VCSA can provide Auto Deploy, use ISC DHCP and ISC TFTP to avoid Windows dependencies.
Can fit in 4.5 GB RAM!
• Install tftp-server package (CentOS).• Un-disable tftpd in /etc/xinetd.d/tftp.• Start and enable xinetd.• Download the deploy-tftp.zip files to /var/lib/tftproot.• Change next-server in DHCP scope.
o Be explicit, it’s self-documenting.
ACKNO
WLED
GEM
ENTS
Acknowledgements:
Vladan Seget, https://twitter.com/@vladan, http://www.vladan.fr/vmware-vsphere-autodeploy/
VMware docs, http://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.install.doc/GUID-9A827220-177E-40DE-99A0-E1EB62A49408.html
#vBrownBag communityYou guys rock!