WilliamLam.com

Search Results for: kickstart

How to create a custom Tanzu Kubernetes Grid (TKG) Node OVA based on Photon OS Real Time Kernel?

by // 7 Comments

One really cool feature of Tanzu Kubernetes Grid (TKG) is the ability to bring your custom images (BYOI) which can then be used to deploy TKG Workload Clusters. To do so, customers will need to use Kubernetes (K8s) Image Builder tool to author new OVA images and then make TKG aware by updating the Tanzu Kubernetes Release (TKR) Build of Materials (BOM) configuration.

I had played around with Image Builder awhile back during the TKG 1.2 release and it definitely was not very easy to use. I have been meaning to kick the tires on Image Builder again as I know with the latest 1.3.x release, there have been a number of improvements. This week I saw an inquiry from my buddy Alan Renouf who was looking to see if there was a way to use the new Photon OS Real Time Kernel as a base image for a K8s-based application that he was working with that had requirements for the real time kernel.

Interestingly enough, there was another inquiry with a similiar customer request for their edge deployment and I thought this would be a good opportunity to try out Image Builder again, which has been overhauled and the build process can be completely consumed as a Docker container, which definitely made things much easier than before. I also had never played with real time version of Photon OS, so this gave me a reason to try that out which was initially introduced with Photon OS 4.0 but it also looks like real time kernel was added to 3.0 recently, which is the version I had used to test.

Note: vSphere with Tanzu currently does not support the ability to bring your own image like TKG, I know this is something that has been asked about and is being considered in the future.

The BYOI process for TKG is comprised of two steps:

  • Create Custom TKG OVA
  • Update TKG with new TKR BOM

Although there are detailed documentation for this process, I still ran into a number of issues which I think the documentation could be improved with a complete working example rather than using generic values which lead to some interpretation, which I did not interpret correctly the first time through. After posting some questions in the Image Builder Slack Channel, I was able to finally connect the dots with the help from Scott Rosenberg, who I also knew, as a customer of our VMware Event Broker Appliance (VEBA) Fling. Putting everything together, I figure it would be useful to document the process I took and hopefully this can benefit other customers looking to build and consume their own OVA images with TKG.

[Read more...]

Using Packer vsphere-iso provider with VMware Cloud on AWS

by // 1 Comment

I am a huge fan of HashiCorp Packer, which makes automating Virtual Machine images for vSphere including OVF, OVA and vSphere Content Library Templates extremely easy. Packer supports two vSphere Providers, the first being vmware-iso which requires SSH access to an ESXi host and the second called vsphere-iso which does not require ESXi access but instead connects to vCenter Server using the vSphere API, which is the preferred method for vSphere Automation.

I started working with Packer and the vmware-iso several years ago and because there is not 100% parity between the two vSphere providers, I have not really looked at the vsphere-iso provider or even attempted to transition over. I was recently working on some automation within my VMware Cloud on AWS(VMConAWS) SDDC and since this is a VMware managed service, customers do not have access to the underlying ESXi hosts nor SSH access. I thought this would be a good time to explore the vsphere-iso provider and see if I can make it work in a couple of different networking scenarios.

For customers that normally establish either a Direct Connect (DX) or VPN (Policy or Route-based) from their on-premises environment to their SDDC, there is nothing special that needs to be setup to use Packer. However, if you are like me who may not always have these types of connectivity setup or if you wish to use Packer directly over the internet to your SDDC, then some additional configurations will be needed.

UPDATE (04/12/22) - A floppy option can now be used with Photon OS to host the kickstart file, see this Github issue for an example.

Packer Connectivity Scenarios

In both scenarios below, DX/VPN is not configure or relied upon to the VMConAWS SDDC.

[Read more...]

Simplified Nested ESXi installation in ESXi 7.0 Update 2 using HTTP Boot over VirtualEFI

by // 19 Comments

Deploying an ESXi scripted installation aka Kickstart running within a VM (Nested ESXi) has a number of benefits, especially for testing and development purposes. This was something I did regularly as a customer, especially with new releases of ESXi to ensure our existing automation scripts and processes continued to work before rolling out into production. ESXi kickstart itself is pretty straight forward, but the required supporting infrastructure (PXE Server, DHCP, TFTP, etc) that needs to be configured, especially for a greenfield deployment can often be challenging for new comers.

Even with an existing PXE infrastructure, it can often be difficult to configure or troubleshoot depending on your level of access which does not add any value in actually testing or automating the ESXi scripted installation process. In ESXi 7.0 Update 2, an enhancement was made to the Virtual Machine's UEFI firmware called VirtualEFI that would enable ESXi to perform an HTTP Boot given the ESXi bootloader URL and without requiring any of the traditional PXE infrastructure.

To take advantage of this new capability, you just need to have a physical server running ESXi 7.0 Update 2 and a VM that is configured with the latest vHW19 compatibility. To configure HTTP boot, you will need to add the following two VM Advanced Settings:

  • networkBootProtocol - httpv4 or httpv6
  • networkBootUri - HTTP URL to the ESXi bootloader (bootx64.efi)

Disclaimer: Nested ESXi and Nested Virtualization is not officially supported by VMware

[Read more...]