WilliamLam.com

Automated VMware Cloud Foundation (VCF) host commission using ESXi Kickstart

by // 1 Comment

ESXi Scripted Installation (Kickstart) has been my go-to method for achieving zero-touch provisioning of ESXi hosts at scale, which I had started using back in the ESX 2.5 days when I was a customer! Having worked at some very larger enterprises, I got the opportunity to experience and manage a variety of environments for automated ESXi provisioning.

For more than a decade, I have written hundreds of articles about ESXi kickstart and how it can help solve a variety of use cases stemming from my own background to some of the unique requirements that have come up from some of our largest VMware customers.Β To date, some of my favorite ESXi kickstart solutions includes my 2014 blog post in automating VM deployments using a USB device which became the basis for my USB to SDDC project in 2017.

While playing with the latest VMware Cloud Foundation (VCF) 5.1 Holodeck release (currently in Beta), I was thinking about the current VCF host commissioning workflow, which is a multi-step process after an ESXi host has been provisioned where you need to manually (or using automation) to add the hosts to SDDC Manager before they can be consumed for either expanding and/or deploying a new workload domain.

I thought, why could we not just skip this step all together and that was when I had the idea of just incorporating the VCF host commissioning workflow automatically as part of an ESXi Kickstart installation! πŸ˜€

[Read more...]

Automated ESXi Installation with a USB Network Adapter using Kickstart

by // 4 Comments

I have been working with the Project Keswick team for quite some time now, which is an OCTO project is lead by my good friend Alan Renouf, who is doing some really innovative work with ESXi at the edge and application deployment using a desired state engine.

Recently I had met with the team to discuss some of the options for their automated deployment which uses the tried and true ESXi scripted installation aka ESXi Kickstart. One thing that I had shared was just how powerful the %pre section within the kickstart is and can be used to redefine or update the original kickstart based on your installation criteria. For example, you could pull down external configuration files and determine at runtime to decide how you want to configure your networking to even fully bootstrapping a local vSAN datastore and this would all happen prior to ESXi installer starting. I have used the %pre section numerous times as a customer and also demonstrated in my USB-to-SDDC project which has also been an inspiration for the Project Keswick team.

One very cool capability that Project Keswick is enabling is the integration of the popular USB Network Native Driver for ESXi and one challenge they had faced with automating an ESXi installation when only a USB network adapter was available is additional configuration that must be setup before the installer can begin. They shared their solution and thought this would be a good blog post topic, especially as I know many folks use the USB Network Native Driver for ESXi in their homelab and if you wish to automate the installation, the solution shared from the team could help.

[Read more...]

Quick Tip - Automating ESXi local user passwords using SHA512 encrypted hashes

by // Leave a Comment

For those that automate their ESXi installations using Kickstart aka ESXi scripted installation should be quite familiar with the ability to configure the root password as part of the installation. As described in the official ESXi documentation, the --rootpw option can either contain a plain text password (not recommended) or with the use of the additional --iscrypted option, a SHA512 hash of the password can also be used, which is definitely recommended and more secure.

However, when managing additional local users via ESXCLI system account, which I recently blogged about here, I noticed that you can only provide a plain text password either on the command-line (not recommended) or interactively, which prevents this process from being automated. As mentioned in the blog post, you could store the password and the commands into another script file and this will at least hide the password from being stored in the ESXi Shell log file (/var/log/shell.log) but this is far from ideal.

While sharing this feedback with Engineering as part of a feature enhancement request, I came to learn about a nice little utility that can be used with both ESXi 7.x and 8.x that can update local user by simply providing the encrypted SHA512 hash.

[Read more...]