AUTO DEPLOY DEEP DIVE – VBROWNBAG STYLE

Rob Nelson – VCP5-DCVTwitter: @rnelson0Blog: http://rnelson0.comhttp://rnelson0.com/auto-deploy-deep-dive-series/

AGEN

DAWhat is Auto Deploy?

Requirements

Lab Setup

Auto Deploy VM

DHCP Settings

Host Profiles

PowerCLI + Image Builder

DHCP Reservations

PXE Boot

Increased Automation

Troubleshooting

Bonus Points – VCSA and Linux Only

WH

AT IS AUTO

DEPLO

Y?“VMware vSphere® Auto Deploy™ facilitates rapid server deployment and provisioning of vSphere hosts by leveraging the network boot capabilities of x86 servers together with the small footprint of the VMware® ESXi™ hypervisor.” - VMware• Automated, network-booted hypervisor provisioning and

configuration.• Bare metal provisioning – rack, stack, run VMs with low/no

touch.• Required reading for VCP/VCAP certifications.

Our Focus• Use the vSphere Web Client exclusively – Way of the future.• Mostly discrete Single Service VMs.

o Can be combined if desired.• Troubleshooting – What if it doesn’t work?

REQU

IREMEN

TS• Enterprise Plus License, or 60 Day vCenter Eval License.

o Included in every vCenter installation, use it!• Host Profiles.• DHCP – Microsoft (Win) or ISC DHCP (Linux).• TFTP – Solarwinds (Win) or ISC TFTP (Linux).• PowerCLI + Image Builder cmdlets.• EFI systems must be switched to BIOS compatibility mode.• Initial boot requires IPv4.• Network, security, storage (350MB per image), administrative

access, etc., as otherwise required for vCenter.• See more in vSphere Install And Setup Guide, section

“Installing ESXi Using vSphere Auto Deploy”, http://bit.ly/1jCQ60B

LAB SETUP

• Fortigate-VM – Segregates inner/production labs• Lab-server-1 – RDP gateway between inner/production labs• Lab-server-2 – Domain Controller• Lab-server-3 – vCenter• Lab-server-4 – Auto Deploy + TFTP• Lab-unix-1 – DHCP + TFTP, CentOS 6.5• test – Test DHCP availability, CentOS 6.5• vESXi01 – vPhysical VMHost, already configured• vESXi02, vESXi03 – vPhysical VMHost, not configured

AUTO

DEPLO

Y VMSame OS requirements as vCenter.• Install Windows Server 2008 R2 per your standards.• Configure RDP.• Install .NET 3.5.1 and pre-reqs.• Install Solarwinds TFTP Server.• Add firewall rule to allow inbound TFTP (69/udp).• Install Auto Deploy from vCenter media.

o Use administrator@vsphere.local or service acct.

DH

CP SETTING

S PART 1/2View Auto Deploy configuration of vCenter and copy settings for use with DHCP server.• Launch vSphere Web Client.• Home -> vCenter -> <vCenter Object> -> Manage -> Settings -

> Auto Deploy• Copy the BIOS DHCP File Name (option 67) and iPXE Boot

URL (option 66) values.• Download the TFTP Boot Zip. Uncompress in TFTP Root

o Don’t need the zip, can discard.o URL is not password protected, can bookmark for later.

DH

CP SETTING

S PART 2/2Modify DHCP scope:• Option 66 – “next-server <ip>”

o Optional: “option tftp-server-name <ip>”, did not need• Option 67 – “option bootfile-name <filename>”• Restart service.

HO

ST PROFILES - D

ESCRIPTION

• Requires Enterprise Plus license.• Useful for attaching consistent settings across devices,

ensuring compliance over time.• Profiles reliant on similar hardware (machine specific).• Answer file provides host specific information.• Tricky and time-consuming! May take multiple attempts to

generate a profile that satisfies your needs.• Not for the faint of heart.• Could be a vBrownBag of its own!

HO

ST PROFILES – STATEFU

L CREATION

Create a “stateful” profile:• There is no editor, must extract from an existing VMHost.• Use vESXi01 as the reference host.• Uncheck everything except:

Advanced Configuration Settings -> System Image Cache Configuration ->

System Image Cache Configuration -> System Image Cache Settings ->

Enable stateful installs on hosts• Could also include root’s password, syslog and ntp settings,

and other hardware independent configuration.• If your hardware is all the same, use the full profile.• Always test with one device, don’t mass produce crap.

HO

ST PROFILE – W

HY STATEFU

L?I used a stateful install for simplicity. When should you use it?

Use Stateful:• Small system or management cluster – Physical hosts cannot

be dependent on VMs to provide the hypervisor.• Don’t have Enterprise Plus and want VMHosts to work 61

days later.• Can’t afford to wait extra 10+ minutes for PXE boot + install.

Use Stateless:• Deploying similar hardware en mass – With a single rule,

deploy a large number of hosts with zero touch.• Can upgrade/downgrade images or VIBs with a single change

to Auto Deploy rule and a reboot.

POW

ERCLI + IMAG

E BUILD

ERCommands:• Connect-VIServer• Get-Cluster – Cluster to add VMHost to.• Get-VMHostProfile – Find our stateful profile.• $HostRangePattern – http://bit.ly/1eTgfnO for other patterns.• Add-EsxSoftwareDepot – Remote or offline.• Get-EsxImageProfile – Select profile from the depot.• New-DeployRule – Create a new rule.• Set-DeployRuleSet – Overwrite existing rules, or…• Add-DeployRule – Add to existing rules.

Customize with:• New-EsxImageProfile – Clone existing image.• Add-EsxSoftwarePackage – Additional VIBs, see

http://bit.ly/1eBmIne• Export-EsxImageProfile – Create a zip bundle or ISO.

POW

ERCLI + IMAG

E BUILD

ER SCRIPTConnect-VIServer vcenter.insidelab.nelson.va$Cluster = Get-Cluster$HostProfile = Get-VMHostProfile stateful$HostRangePattern = "ipv4=172.19.0.241-172.19.0.249"

Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

#New-EsxImageProfile -CloneProfile ESXi-5.5.0-20131201001s-standard -Name Lab-5.5-Standard -Vendor Nelson# Add VIBs here with Add-EsxSoftwarePackage# Export to a bundle or an ISO if necessary#Export-EsxImageProfile -ImageProfile Lab-5.5-Standard -ExportToISO C:lab-5.5-standard.iso

$ImageProfile = Get-EsxImageProfile -Name "ESXi-5.5.0-20140302001-standard"New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePatternSet-DeployRuleSet -DeployRule vBrownBagDeployGet-DeployRuleSet

POW

ERCLI + IMAG

E BUILD

ER – HO

W IT W

ORKS

How it works:

• PoSH uses Objects.• New-DeployRule applies objects intelligently.

o Auto Deploy Rules Engine determines what should happen.

o Auto Deploy Server serves images and profiles to clients.• Our rules apply an image, a host profile, and a cluster at

once.o Host Profiles are attached for compliance, but failures do

not abort the process.• SoftwareDepot “goes away” once PoSH session ends, still

remembered in Rules Engine. Save your script for future editing.

POW

ERCLI + IMAG

E BUILD

ER – REMO

TE SOFTW

ARE DEPO

TUsing a remote software depot causes the contents to be downloaded on first use.

If your vCenter network is restricted, use an offline bundle!

PS C:\Users\rnelson0> New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePatternDownloading misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 10,904 bytes...Download finished, uploading to AutoDeploy...Upload finished.Downloading scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 163,840 bytes...Downloaded 410,516 bytes...Download finished, uploading to AutoDeploy...Upload finished....

DH

CP RESERVATION

SCreate DHCP reservations:• One per VMHost.• Must be in the correct scope AND in the range defined in

your Auto Deploy rules.• Restart service.

host vesxi02 { hardware ethernet 00:50:56:9a:7b:ce; fixed-address 172.19.0.242; option host-name vesxi02; }

PXE BOO

T• Power on your (v)hardware and initiate a PXE boot.• sudo make me a sandwich• Return to a VMHost running the image you specified, with a

stateful install and in the cluster.• Take it out of maintenance mode and start using it!

SUM

MARY

One-time steps:• Created an Auto Deploy VM.• Installed/configured TFTP.

Repeated steps:• Update DHCP configuration.• Select/Create a host profile.• Create Image Builder images and rules.• Deploy hosts.• Make a sandwich.

This is just the start of your SDDC – bare metal hypervisor provisioning with manual touch.

INCREASED

AUTO

MATIO

NWhat’s next:• Apply a more complete host profile.• Automate DNS configuration, DHCP reservations, Host

Profiles and Image Builder.• Tie it all into a single workflow.• Receive MACs from your vendor before devices ship and

configure auto deploy. On-site racks and stacks and powers on. 60 minutes later your DC is up and running.

• Take small steps, continue pushing toward the end goal!

TROU

BLESHO

OTIN

G – PXE &

SWITCH

CON

FIG, TFTP

What do you do when things don’t work? Start with the physical layer and work your way up the stack.

PXE & Switch Configurations:• PXE & vSphere DHCP clients can act differently. Beware VLAN

configuration!• Not all switch providers are equal. Know how they handle

native vs. tagged vs. access port configuration.• VLAN tagged (trunked) boot NICs not recommended, but if

it’s all you have…

TFTP:• Install a client and try it yourself.

TROU

BLESHO

OTIN

G – D

HCP O

PTION

SDHCP Options:• Always make sure DHCP was restarted after making changes.• Check that the DHCP server is providing addresses in the

correct scope/VLAN. Stand up a VM and make sure it gets an address – that’s the only reason the test VM exists.

• Use tcpdump to see packets on the wire and ensure options 66 and 67 are set.

• More details at http://rnelson0.com/2014/04/07/auto-deploy-deep-dive-part-4/

TROU

BLESHO

OTIN

G – H

OST PRO

FILES 1/2Host Profiles:• Applied profile for compliance is not the profile used by Auto

Deploy. If a profile is applied to a cluster, it will override the profile you attempted to attach to the VMHost. Unattach the profile from the cluster. Useful in clusters with mixed hardware VMHosts.

• If it’s not applying properly, uncheck all suspect items in the profile and re-enable one at a time until error occurs. Very specific, may take many iterations.

TROU

BLESHO

OTIN

G – H

OST PRO

FILES 2/2Host Profiles:• Always check KB for known bugs. Examples:

o vMotion not enabled on vmkernel ports.o Default GW lost after reboot.

• Can enhance with PowerCLI and other tools – don’t need to use Host Profiles exclusively.

BON

US PO

INTS – LIN

UX O

NLY

If you’re using the VCSA, perhaps you want to be as Windows-free as possible (damn you, VUM!). The VCSA can provide Auto Deploy, use ISC DHCP and ISC TFTP to avoid Windows dependencies.

Can fit in 4.5 GB RAM!

• Install tftp-server package (CentOS).• Un-disable tftpd in /etc/xinetd.d/tftp.• Start and enable xinetd.• Download the deploy-tftp.zip files to /var/lib/tftproot.• Change next-server in DHCP scope.

o Be explicit, it’s self-documenting.

ACKNO

WLED

GEM

ENTS

Acknowledgements:

Vladan Seget, https://twitter.com/@vladan, http://www.vladan.fr/vmware-vsphere-autodeploy/

VMware docs, http://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.install.doc/GUID-9A827220-177E-40DE-99A0-E1EB62A49408.html

#vBrownBag communityYou guys rock!