Revisiting scripted installation for ESXi 6.5
I thought I would revisit scripted ESXi installation for my lab. It’s been since 5.0 or prior since I actually went into depth on this and there are some significant changes for 6.5. The example script draws heavily from other sources and it is now working.
Goals are:
- Install ESXi, set password, IP, hostname, etc.
- enable shess/ssh
- set logfile location
- add NIC to vSwitch0
- add portgroup(s)
- configure VLANs
- add vSwitch for iSCSI
- set MTU for vSwitch
- create vmkernel NICs
- set MTU for vmkernel NICs
- set failover policy for vmkernel compliant with iSCSI port binding
- Enable software iSCSI
- Execute port binding
- add iSCSI discovery
- add NFS 4.1
- configure NTP
- Set password policy
# Accept the VMware End User License Agreement
vmaccepteula# Set the root password for the DCUI and ESXi Shell
rootpw P@ssw0rd# Install on the first local disk available on machine
install –firstdisk –overwritevmfs# Set the network to Static on the first network adapater, use the specified hostname and do not create a portgroup for the VMs
network –bootproto=static –addvmportgroup=true –device=vmnic0 –ip=172.20.100.103 –netmask=255.255.0.0 –gateway=172.20.0.1 –nameserver=172.20.200.10 –hostname=esx103.mydomain.com# reboots the host after the scripted installation is completed
reboot%firstboot –interpreter=busybox
# The following commands MAY BE specific to esxXYZ.mydomain.com. Customize the hostname and IP specific for your installation
# Set the network to static on the first network adapter, specifies network properties, sets hostname, must replace network from above script# enable & start remote ESXi Shell (SSH)
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh# enable & start ESXi Shell (TSM)
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell# supress ESXi Shell shell warning – from YellowBricks (http://www.yellow-bricks.com/2011/07/21/esxi-5-suppressing-the-localremote-shell-warning/)
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1# Set logfile location for ESXi to SAN (volume must exist) (https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003322)
esxcli system syslog config set –logdir=/vmfs/volumes/103/host-logfiles/esx103# Add an extra nic to vSwitch0 and set as active (vmnic1)
esxcli network vswitch standard uplink add –uplink-name=vmnic1 –vswitch-name=vSwitch0
esxcli network vswitch standard policy failover set –active-uplinks vmnic0,vmnic1 –vswitch-name vSwitch0# configure portgroups
esxcli network vswitch standard portgroup add –portgroup-name Production –vswitch-name vSwitch0
esxcli network vswitch standard portgroup set –portgroup-name Production –vlan-id 24# Add vSwitch 1
esxcli network vswitch standard add –vswitch-name=vSwitch1# Add NIC’s to vSwitch1 (vmnic2,vmnic3)
esxcli network vswitch standard uplink add –uplink-name=vmnic4 –vswitch-name=vSwitch1
esxcli network vswitch standard uplink add –uplink-name=vmnic5 –vswitch-name=vSwitch1
esxcli network vswitch standard policy failover set –active-uplinks vmnic4,vmnic5 –vswitch-name vSwitch1# configure mtu for vSwitch1
esxcli network vswitch standard set –mtu 9000 –vswitch-name vSwitch1# Add iSCSI01 Portgroup to vSwitch1 and create a VMkernel interface
esxcli network vswitch standard portgroup add –portgroup-name=VMkernel-iSCSI01 –vswitch-name=vSwitch1# Add a virtual NIC to the Portgroup created in the previous step
esxcli network ip interface add –interface-name=vmk1 –mtu 9000 –portgroup-name=VMkernel-iSCSI01# Set the IP address of the iSCSI01 Portgroup to: 10.0.0.XYZ
esxcli network ip interface ipv4 set –interface-name=vmk1 –ipv4=10.0.100.103 –netmask=255.255.0.0 –type=static#Set failover policy for iSCSI01 Protgroup so that only one NIC is active
esxcli network vswitch standard portgroup policy failover set –active-uplinks vmnic4 –portgroup-name=VMkernel-iSCSI01# Add iSCSI02 Portgroup to vSwitch1 and create a VMkernel interface
esxcli network vswitch standard portgroup add –portgroup-name=VMkernel-iSCSI02 –vswitch-name=vSwitch1# Add a virtual NIC to the Portgroup created in the previous step
esxcli network ip interface add –interface-name=vmk2 –mtu 9000 –portgroup-name=VMkernel-iSCSI02# Set the IP address of the iSCSI02 Portgroup to: 10.0.0.ABC
esxcli network ip interface ipv4 set –interface-name=vmk2 –ipv4=10.0.100.123 –netmask=255.255.0.0 –type=static#Set failover policy for iSCSI01 Portgroup so that only one NIC is active
esxcli network vswitch standard portgroup policy failover set –active-uplinks vmnic5 –portgroup-name=VMkernel-iSCSI02# Enable Software iSCSI
esxcli iscsi software set –enabled 1#Port Binding
esxcli iscsi networkportal add -A vmhba64 -n vmk1
esxcli iscsi networkportal add -A vmhba64 -n vmk2# Add iSCSI SAN
esxcli iscsi adapter discovery sendtarget add –adapter vmhba64 –address=10.0.0.23:3260
esxcli storage core adapter rescan –adapter vmhba64#NFS Storage
# esxcli storage nfs41 add -H “172.20.0.97” -s “/var/nfs/” -v “NFS”# Add vMotion Portgroup to vSwitch1 and create a VMkernel interface
esxcli network vswitch standard portgroup add –portgroup-name=VMkernel-vMotion –vswitch-name=vSwitch1esxcli network ip interface add –interface-name=vmk3 –mtu 9000 –portgroup-name=VMkernel-vMotion
esxcli network ip interface ipv4 set –interface-name=vmk3 –ipv4=10.0.100.143 –netmask=255.255.0.0 –type=static
esxcli network vswitch standard portgroup policy failover set –active-uplinks vmnic4 –standby-uplinks vmnic5 –portgroup-name=VMkernel-vMotion# Add FT Portgroup to vSwitch1 and create a VMkernel interface
esxcli network vswitch standard portgroup add –portgroup-name=VMkernel-FT –vswitch-name=vSwitch1esxcli network ip interface add –interface-name=vmk4 –mtu 9000 –portgroup-name=VMkernel-FT
esxcli network ip interface ipv4 set –interface-name=vmk4 –ipv4=10.0.100.163 –netmask=255.255.0.0 –type=static
esxcli network vswitch standard portgroup policy failover set –active-uplinks vmnic5 –standby-uplinks vmnic4 –portgroup-name=VMkernel-FT
### NTP CONFIGURATIONS ###
cat > /etc/ntp.conf << __NTP_CONFIG__
restrict default kod nomodify notrap noquerynopeer
restrict 127.0.0.1
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
__NTP_CONFIG__
/sbin/chkconfig –level 345 ntpd on### PASSWORD CONFIGURATIONS ###
cat > /etc/pam.d/passwd << __PAM.D_CONFIG__
#%PAM-1.0password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=2,2,2,2,2
password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
password required /lib/security/$ISA/pam_deny.so
__PAM.D_CONFIG__# enter maintenance mode
vim-cmd hostsvc/maintenance_mode_enter# Needed for configuration changes that could not be performed in esxcli (thanks VMware)
reboot
