== This entry is a work in progress ==
This post will describe how to automatically configure and image a clean PowerEdge (or generic vendor) for ESXi deployment:
Step 1: Automation Process
Step 2: DHCP
DHCP will be used to perform the following activities:
- Initially provision the iDRAC with a (fixed) DHCP IP address
- DHCP process is expanded to force system to boot an ESXi installation imag
Install DHCP Service on the automation host:
# mkdir /data/binaries/staging
Configure a basic DHCP file:
# scp <image-file> root@vrslcm.local.domain:/data/binaries/staging
Step 3: Ansible
Ansible will be used to configure basic iDRAC parameters on the host:
ddd
Step 4: Kickstart Web Server
Generate a new root password, of course we will one-way encrypt this so its unreadable two options for this:
Option 1 – Using OpenSSL which returns a SHA512 password:
# openssl passwd -6 <password>
Option 2 – Using Python you can use the following code:
import hashlib
def hash_password(password):
# Convert the password to bytes and create SHA-512 hash
sha512_hash = hashlib.sha512(password.encode()).hexdigest()
return sha512_hash
# Example usage
password = input("Enter password to hash: ")
hashed_password = hash_password(password)
print(f"SHA-512 hash: {hashed_password}")Generate the kickstart file /var/lib/www/ks.cfg this file will be generic for all nodes deployed, specific node configuration items are defined in sub-configuration files:
# Sample ks.cfg for automated ESXi deployment
# Accept the VMware EULA
vmaccepteula
# Set the root password
rootpw VMware123!
# Install on the first disk, overwrite any existing VMFS datastore
install --firstdisk --overwritevmfs
# Configure network (temporary DHCP for fetching config)
network --bootproto=dhcp
# Keyboard layout
keyboard US
# Reboot after installation
reboot
# Post-installation script to fetch and apply host-specific configuration
%post --interpreter=busybox
# Get the hostname (set during PXE boot or manually)
HOSTNAME=$(esxcli system hostname get | grep "Host Name" | awk '{print $3}')
# Fetch host-specific configuration from web server
wget http://192.168.1.100/configs/${HOSTNAME}.cfg -O /tmp/host.cfg
# Source the configuration file
if [! -f /tmp/host.cfg ]; then
echo "Failed to fetch config file for $HOSTNAME" > /var/log/config_error.log
exit 1
fi
. /tmp/host.cfg
# Create a new standard vSwitch (vSwitch0) if it doesn't exist
esxcli network vswitch standard add --vswitch-name=vSwitch0
# Add the specific Host Management NIC to the vSwitch0
esxcli network vswitch standard uplink add --uplink-name=$VMKERNEL_IFACE --vswitch-name=vSwitch0
# Apply vmkernel IP configuration for vmk0
esxcli network vswitch standard portgroup add --portgroup-name=Management --vswitch-name=vSwitch0
esxcli network vswitch standard portgroup set --portgroup-name=Management --vlan-id=$VMKERNEL_VLAN
# assign vmk0 to the Management PortGroup
esxcli network ip interface add --interface-name=vmk0 --portgroup-name=Management
# set static IP for vmk0
esxcli network ip interface ipv4 set -i vmk0 -t static -I $VMKERNEL_IP -N $VMKERNEL_MASK -g $VMKERNEL_GW
# Configure DNS (optional, can be in host.cfg if needed)
esxcli network ip dns server add --server=8.8.8.8
esxcli network ip dns server add --server=4.4.4.4
# Configure DNS search domain
esxcli network ip dns search add --domain=example.com
# Configure NTP servers
echo "server 0.pool.ntp.org" >> /etc/ntp.conf
echo "server 1.pool.ntp.org" >> /etc/ntp.conf
/sbin/chkconfig ntpd on
# Set hostname
esxcli system hostname set --fqdn=$HOSTNAME
# Clean up
rm /tmp/host.cfg
# Enable and start SSH
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh
# Make sure ESXi shell is disabled (Audit & Compliance)
vim-cmd hostsvc/disable_esx_shell
vim-cmd hostsvc/disable_esx_shell
# Disable IPv6
esxcli network ip set --ipv6-enabled=false
# Restart network services to apply changes
/etc/init.d/hostd restart
/etc/init.d/vpxa restart
Create unique files for each ESXi host. For example, create for host1 a file /var/lib/www/host1.cfg this file will contain the basic configuration parameters for this host :
# Configuration for esxi-host1
VMKERNEL_IFACE=vmnic0
VMKERNEL_VLAN=800
VMKERNEL_IP=192.168.10.10
VMKERNEL_MASK=255.255.255.0
VMKERNEL_GW=192.168.1.1Step 5: TFTP Service
Install TFTP package:
# sudo apt install -y tftpd-hpa
Configure the tftp repository and configuration settings in file /etc/default/tftpd-hpa this file will be generic for all nodes deployed, specific node configuration items are defined in sub-configuration files:
# /etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" TFTP_ADDRESS=":69" TFTP_OPTIONS="--secure --verbosity 4"
Restart the service after configuraiton change:
# systemctl enable tftpd-hpa # systemctl restart tftpd-hpa
Step 5: ESXi Image
Download the ESXi image and extract it to the tftp location
# mount -o loop ESXi-8.0u3.iso /mnt # mkdir /var/lib/tftpboot/ESXi-8.0u3 # rsync -a /mnt/ /var/lib/tftpboot/ESXi-8.0u3/
Define (copy) the boot files for legacy BIOS:
# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ # cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot/
Define (copy) the boot files for UEFI BIOS:
# cp /var/lib/tftpboot/ESXi-8.0u3/efi/boot/bootx64.efi /var/lib/tftpboot/ # cp /var/lib/tftpboot/ESXi-8.0u3/efi/boot/cryto64.efi /var/lib/tftpboot/
Create a PXELINUX directory:
# mkdir -p /var/lib/tftpboot/pxelinux.cfg
Edit the PXELINUX default configuration file /var/lib/tftpboot/pxelinux.cfg/default:
DEFAULT menu.c32 MENU TITLE ESXi 8.0 Boot Menu LABEL install KERNEL ESXi-8.0u3/mboot.c32 APPEND -c ESXi-8.0u3/boot.cfg
Modify the /var/lib/tftpboot/ESXi-8.0u3/boot.cfg file to include some details and also a kickstart location:
prefix=ESXi-8.0u3 kernelopts=ks:http://<your-server-ip>/ks.cfg