Automating vSphere Network Configuration
Recently I was configuring a customer’s IaaS VMware Cloud and one of the first things I noticed were some inconsistencies in the Port Group configuration across the 6 ESXi Hosts in the cluster. This is easy to see in vCenter, from the Networks view of Inventory and the Networks tab, simply compare the names of the configured Port Groups and the number of ESXi hosts assigned to each.
When you see vLAN520 assigned to 5 Hosts and vLAM520 assigned to 1 Host, it’s pretty obvious that somebody made a mistake manually entering the Port Group names:
One thing you could do to prevent inconsistencies is manually configure the first ESXi Host and all Port Groups, then use Host Profiles to apply the profile created from that reference Host to all of the other Hosts. Problem with Host Profiles is that feature is only licensed on vSphere Enterprise Plus, and you need vCenter to create/apply Host Profiles.
A much simpler way of guaranteeing consistency in the ESXi Host configuration is by applying a simple script right after the host is installed from ISO and has an IP address. Truth be told, you can actually script the entire installation of ESXi, but a much more pragmatic approach is to install from ISO, because it’s so simple, then run a script right afterword.
Here is an example script that my team and I have come up with during the installation of, literally, tens of thousands of ESXi Hosts over the years:
#!/bin/ash # By: John Borhek # https://www.johnborhek.com #Runs in ESXi shell # Add a NIC to vSwitch0 and set as active (vmnic1) esxcli network vswitch standard uplink add --uplink-name=vmnic1 --vswitch-name=vSwitch0 esxcli network vswitch standard policy failover set --active-uplinks vmnic0,vmnic1 --vswitch-name vSwitch0 #The following lines creates a Portgroup for a Virtual Router to 'trunk' multiple VLANs to the switch which is useful if there are more than 10 connections required esxcli network vswitch standard portgroup add --portgroup-name VLAN-ALL --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-ALL --vlan-id 4095 # The followng lines create WAN interfaces for a Virtual Router esxcli network vswitch standard portgroup add --portgroup-name WAN-Centurylink --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name WAN-Centurylink --vlan-id 4090 esxcli network vswitch standard portgroup add --portgroup-name WAN-Altice --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name WAN-Altice --vlan-id 4091 # The following lines configure portgroups for Virtual Machine Networking. Try to make Portgroup names using no spaces and no "--" double dashes esxcli network vswitch standard portgroup add --portgroup-name VLAN-100 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-100 --vlan-id 100 esxcli network vswitch standard portgroup add --portgroup-name VLAN-009 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-009 --vlan-id 9 esxcli network vswitch standard portgroup add --portgroup-name VLAN-011 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-011 --vlan-id 11 esxcli network vswitch standard portgroup add --portgroup-name VLAN-046 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-046 --vlan-id 46 esxcli network vswitch standard portgroup add --portgroup-name VLAN-047 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-047 --vlan-id 47 esxcli network vswitch standard portgroup add --portgroup-name VLAN-048 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-048 --vlan-id 48 esxcli network vswitch standard portgroup add --portgroup-name VLAN-050 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-050 --vlan-id 50 esxcli network vswitch standard portgroup add --portgroup-name VLAN-060 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-060 --vlan-id 60 esxcli network vswitch standard portgroup add --portgroup-name VLAN-061 --vswitch-name vSwitch0 esxcli network vswitch standard portgroup set --portgroup-name VLAN-061 --vlan-id 61 # Add vSwitch 1 esxcli network vswitch standard add --vswitch-name=vSwitch1 # Add NIC's to vSwitch1 (vmnic2,vmnic3) esxcli network vswitch standard uplink add --uplink-name=vmnic4 --vswitch-name=vSwitch1 esxcli network vswitch standard uplink add --uplink-name=vmnic5 --vswitch-name=vSwitch1 esxcli network vswitch standard policy failover set --active-uplinks vmnic4,vmnic5 --vswitch-name vSwitch1 # configure MTU for vSwitch1 esxcli network vswitch standard set --mtu 9000 --vswitch-name vSwitch1 # Add VMkernel-iSCSI01 Portgroup to vSwitch1 esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-iSCSI01 --vswitch-name=vSwitch1 # Add a VMkernel NIC to the VMkernel-iSCSI01 Portgroup created in the previous step esxcli network ip interface add --interface-name=vmk1 --mtu 9000 --portgroup-name=VMkernel-iSCSI01 # Set the IP address of the vmk1 VMkernel NIC that we added to the portgropu VMkernel-iSCSI01 esxcli network ip interface ipv4 set --interface-name=vmk1 --ipv4=10.0.100.103 --netmask=255.255.0.0 --type=static #Set failover policy for VMkernel-iSCSI01 Protgroup so that only one NIC is active esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic4 --portgroup-name=VMkernel-iSCSI01 # Add VMkernel-iSCSI02 Portgroup to vSwitch1 esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-iSCSI02 --vswitch-name=vSwitch1 # Add a VMkernel NIC to the VMkernel-iSCSI02 Portgroup created in the previous step esxcli network ip interface add --interface-name=vmk2 --mtu 9000 --portgroup-name=VMkernel-iSCSI02 # Set the IP address of the vmk2 VMkernel NIC that we added to the portgroupVMkernel-iSCSI02 esxcli network ip interface ipv4 set --interface-name=vmk2 --ipv4=10.0.100.123 --netmask=255.255.0.0 --type=static #Set failover policy for the VMkernel-iSCSI02 Portgroup so that only one NIC is active esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic5 --portgroup-name=VMkernel-iSCSI02 # Enable Software iSCSI esxcli iscsi software set --enabled 1 #Since in ESXi 6.7, the Software iSCSI Initiator is always vmhba64, it's possible to set Port Binding here reliably esxcli iscsi networkportal add -A vmhba64 -n vmk1 esxcli iscsi networkportal add -A vmhba64 -n vmk2 # Add Dynamic Discovery for an iSCSI SAN esxcli iscsi adapter discovery sendtarget add --adapter vmhba64 --address=10.0.0.23:3260 esxcli storage core adapter rescan --adapter vmhba64 #Add NFS Storage # esxcli storage nfs41 add -H "172.20.0.97" -s "/var/nfs/" -v "NFS" # Add vMotion Portgroup to vSwitch1 and create a VMkernel interface esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-vMotion --vswitch-name=vSwitch1 esxcli network ip interface add --interface-name=vmk3 --mtu 9000 --portgroup-name=VMkernel-vMotion esxcli network ip interface ipv4 set --interface-name=vmk3 --ipv4=10.0.100.143 --netmask=255.255.0.0 --type=static esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic4 --standby-uplinks vmnic5 --portgroup-name=VMkernel-vMotion # Add FT Portgroup to vSwitch1 and create a VMkernel interface esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-FT --vswitch-name=vSwitch1 esxcli network ip interface add --interface-name=vmk4 --mtu 9000 --portgroup-name=VMkernel-FT esxcli network ip interface ipv4 set --interface-name=vmk4 --ipv4=10.0.100.163 --netmask=255.255.0.0 --type=static esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic5 --standby-uplinks vmnic4 --portgroup-name=VMkernel-FT
Thanks John. Your script helped me figure out how to add the VLAN ID (the other scripts I saw just showed querying VLAN IDs, not tagging the VLAN, or using PowerCLI.
Very welcome, I love to hear that I am helping!