Your SlideShare is downloading. ×
Auto Deploy Deep Dive – vBrownBag Style
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Auto Deploy Deep Dive – vBrownBag Style


Published on

vBrownBag Auto Deploy Deep Dive Podcast …

vBrownBag Auto Deploy Deep Dive Podcast
Live session recorded and available at

Published in: Technology

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • What is Auto Deploy? Vmware has a very chewy definition, but it’s a fancy way of saying automated vSphere provisioning. You’ll be interested in Auto Deploy if you’re building out data centers at scale, or just studying for your VCP/VCAP certifications.Most tutorials use the C# Client, but I’m going to use the vSphere Web Client. I’m also using discrete VMs and will cover troubleshooting.
  • Eval license – use it, Vmware encourages it. Just get everything done in 60 days!!Default Auto Deploy repository is 2GB, should be able to fit 5-6 images
  • Everyone should be familiar with their own vCenter design. Here’s the lab setup I’m using for this session. The VMs we’re going to configure are highlighted in red.
  • .NET 3.5.1 pre-reqs include some IIS features – but NOT IIS, you don’t need to install a web server to have a tftp server.
  • The optional option was referenced in some ISC documentation, but didn’t help. Perhaps only certain clients need it.DEMO – vCenter Auto Deploy settings and DHCP config
  • DEMO – Show how to extract a profile, the settings of the hardware dependent vESXI01 profile, and the simpler settings of the stateful profile.
  • I’ll show you the effective difference between a remote and offline software depot in a few slides.If you need to add VIBs, Chris Wahl’s blog has a great article on the process.
  • Here’s the script.Connect, grab and store some info.Add a remote depot – easier in my lab, but requires connectivity to the depot.The middle section is where you would customize VIBsSelect the Image to use and apply the rule.
  • DEMO – Show the output from ISE of applying the script, and the output of Get-EsxSoftwareDepot in a new ISE session.
  • Security is important, always sudo!DEMO - Show vESXi02 already running with a failed PXE boot - Restart vESXi02 and watch the PXE boot begin – takes about 5 and a half minutes in my lab. - Restart vESXi03, which was PXE booted, and show that it works without initiating PXE.
  • What are the steps we followed, and which ones need repeated?
  • EMC VIPR is another bare metal provisioning systemDC in 60 minutes! Not counting the hundreds of man-hours of prep-work, of course…Iterative designs win. Don’t just jump to the end state and expect great success.
  • A lot of us will use nested ESXi and everything is quick, but physical servers sometimes take 10+ minutes just to get TO the PXE boot sequence. Save yourself some time by knowing how to debug the different components.
  • Show the tcpdump packets in the blog post
  • You can get caught in reboot loops and other weirdness.
  • Host profiles are not perfect. There are bugs, and other tools that can be simpler to debug.
  • DEMO – chkconfig and xinetd settings
  • Transcript

    • 1. AUTO DEPLOY DEEP DIVE – VBROWNBAG STYLE Rob Nelson – VCP5-DCV Twitter: @rnelson0 Blog:
    • 2. AGENDA What is Auto Deploy? Requirements Lab Setup Auto Deploy VM DHCP Settings Host Profiles PowerCLI + Image Builder DHCP Reservations PXE Boot Increased Automation Troubleshooting Bonus Points – VCSA and Linux Only
    • 3. WHATISAUTODEPLOY? “VMware vSphere® Auto Deploy™ facilitates rapid server deployment and provisioning of vSphere hosts by leveraging the network boot capabilities of x86 servers together with the small footprint of the VMware® ESXi™ hypervisor.” - VMware • Automated, network-booted hypervisor provisioning and configuration. • Bare metal provisioning – rack, stack, run VMs with low/no touch. • Required reading for VCP/VCAP certifications. Our Focus • Use the vSphere Web Client exclusively – Way of the future. • Mostly discrete Single Service VMs. o Can be combined if desired. • Troubleshooting – What if it doesn’t work?
    • 4. REQUIREMENTS • Enterprise Plus License, or 60 Day vCenter Eval License. o Included in every vCenter installation, use it! • Host Profiles. • DHCP – Microsoft (Win) or ISC DHCP (Linux). • TFTP – Solarwinds (Win) or ISC TFTP (Linux). • PowerCLI + Image Builder cmdlets. • EFI systems must be switched to BIOS compatibility mode. • Initial boot requires IPv4. • Network, security, storage (350MB per image), administrative access, etc., as otherwise required for vCenter. • See more in vSphere Install And Setup Guide, section “Installing ESXi Using vSphere Auto Deploy”,
    • 5. LABSETUP • Fortigate-VM – Segregates inner/production labs • Lab-server-1 – RDP gateway between inner/production labs • Lab-server-2 – Domain Controller • Lab-server-3 – vCenter • Lab-server-4 – Auto Deploy + TFTP • Lab-unix-1 – DHCP + TFTP, CentOS 6.5 • test – Test DHCP availability, CentOS 6.5 • vESXi01 – vPhysical VMHost, already configured • vESXi02, vESXi03 – vPhysical VMHost, not configured
    • 6. AUTODEPLOYVM Same OS requirements as vCenter. • Install Windows Server 2008 R2 per your standards. • Configure RDP. • Install .NET 3.5.1 and pre-reqs. • Install Solarwinds TFTP Server. • Add firewall rule to allow inbound TFTP (69/udp). • Install Auto Deploy from vCenter media. o Use administrator@vsphere.local or service acct.
    • 7. DHCPSETTINGSPART1/2 View Auto Deploy configuration of vCenter and copy settings for use with DHCP server. • Launch vSphere Web Client. • Home -> vCenter -> <vCenter Object> -> Manage -> Settings -> Auto Deploy • Copy the BIOS DHCP File Name (option 67) and iPXE Boot URL (option 66) values. • Download the TFTP Boot Zip. Uncompress in TFTP Root o Don’t need the zip, can discard. o URL is not password protected, can bookmark for later.
    • 8. DHCPSETTINGSPART2/2 Modify DHCP scope: • Option 66 – “next-server <ip>” o Optional: “option tftp-server-name <ip>”, did not need • Option 67 – “option bootfile-name <filename>” • Restart service.
    • 9. HOSTPROFILES-DESCRIPTION • Requires Enterprise Plus license. • Useful for attaching consistent settings across devices, ensuring compliance over time. • Profiles reliant on similar hardware (machine specific). • Answer file provides host specific information. • Tricky and time-consuming! May take multiple attempts to generate a profile that satisfies your needs. • Not for the faint of heart. • Could be a vBrownBag of its own!
    • 10. HOSTPROFILES–STATEFULCREATION Create a “stateful” profile: • There is no editor, must extract from an existing VMHost. • Use vESXi01 as the reference host. • Uncheck everything except: Advanced Configuration Settings -> System Image Cache Configuration -> System Image Cache Configuration -> System Image Cache Settings -> Enable stateful installs on hosts • Could also include root’s password, syslog and ntp settings, and other hardware independent configuration. • If your hardware is all the same, use the full profile. • Always test with one device, don’t mass produce crap.
    • 11. HOSTPROFILE–WHYSTATEFUL? I used a stateful install for simplicity. When should you use it? Use Stateful: • Small system or management cluster – Physical hosts cannot be dependent on VMs to provide the hypervisor. • Don’t have Enterprise Plus and want VMHosts to work 61 days later. • Can’t afford to wait extra 10+ minutes for PXE boot + install. Use Stateless: • Deploying similar hardware en mass – With a single rule, deploy a large number of hosts with zero touch. • Can upgrade/downgrade images or VIBs with a single change to Auto Deploy rule and a reboot.
    • 12. POWERCLI+IMAGEBUILDER Commands: • Connect-VIServer • Get-Cluster – Cluster to add VMHost to. • Get-VMHostProfile – Find our stateful profile. • $HostRangePattern – for other patterns. • Add-EsxSoftwareDepot – Remote or offline. • Get-EsxImageProfile – Select profile from the depot. • New-DeployRule – Create a new rule. • Set-DeployRuleSet – Overwrite existing rules, or… • Add-DeployRule – Add to existing rules. Customize with: • New-EsxImageProfile – Clone existing image. • Add-EsxSoftwarePackage – Additional VIBs, see • Export-EsxImageProfile – Create a zip bundle or ISO.
    • 13. POWERCLI+IMAGEBUILDERSCRIPT Connect-VIServer $Cluster = Get-Cluster $HostProfile = Get-VMHostProfile stateful $HostRangePattern = "ipv4=" Add-EsxSoftwareDepot index.xml #New-EsxImageProfile -CloneProfile ESXi-5.5.0-20131201001s-standard -Name Lab-5.5-Standard -Vendor Nelson # Add VIBs here with Add-EsxSoftwarePackage # Export to a bundle or an ISO if necessary #Export-EsxImageProfile -ImageProfile Lab-5.5-Standard -ExportToISO C:lab- 5.5-standard.iso $ImageProfile = Get-EsxImageProfile -Name "ESXi-5.5.0-20140302001- standard" New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePattern Set-DeployRuleSet -DeployRule vBrownBagDeploy Get-DeployRuleSet
    • 14. POWERCLI+IMAGEBUILDER–HOWITWORKS How it works: • PoSH uses Objects. • New-DeployRule applies objects intelligently. o Auto Deploy Rules Engine determines what should happen. o Auto Deploy Server serves images and profiles to clients. • Our rules apply an image, a host profile, and a cluster at once. o Host Profiles are attached for compliance, but failures do not abort the process. • SoftwareDepot “goes away” once PoSH session ends, still remembered in Rules Engine. Save your script for future editing.
    • 15. POWERCLI+IMAGEBUILDER–REMOTESOFTWAREDEPOT Using a remote software depot causes the contents to be downloaded on first use. If your vCenter network is restricted, use an offline bundle! PS C:Usersrnelson0> New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePattern Downloading misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820 Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 10,904 bytes...Download finished, uploading to AutoDeploy... Upload finished. Downloading scsi-lpfc820 Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 163,840 bytes...Downloaded 410,516 bytes...Download finished, uploading to AutoDeploy... Upload finished. ...
    • 16. DHCPRESERVATIONS Create DHCP reservations: • One per VMHost. • Must be in the correct scope AND in the range defined in your Auto Deploy rules. • Restart service. host vesxi02 { hardware ethernet 00:50:56:9a:7b:ce; fixed-address; option host-name vesxi02; }
    • 17. PXEBOOT • Power on your (v)hardware and initiate a PXE boot. • sudo make me a sandwich • Return to a VMHost running the image you specified, with a stateful install and in the cluster. • Take it out of maintenance mode and start using it!
    • 18. SUMMARY One-time steps: • Created an Auto Deploy VM. • Installed/configured TFTP. Repeated steps: • Update DHCP configuration. • Select/Create a host profile. • Create Image Builder images and rules. • Deploy hosts. • Make a sandwich. This is just the start of your SDDC – bare metal hypervisor provisioning with manual touch.
    • 19. INCREASEDAUTOMATION What’s next: • Apply a more complete host profile. • Automate DNS configuration, DHCP reservations, Host Profiles and Image Builder. • Tie it all into a single workflow. • Receive MACs from your vendor before devices ship and configure auto deploy. On-site racks and stacks and powers on. 60 minutes later your DC is up and running. • Take small steps, continue pushing toward the end goal!
    • 20. TROUBLESHOOTING–PXE&SWITCHCONFIG,TFTP What do you do when things don’t work? Start with the physical layer and work your way up the stack. PXE & Switch Configurations: • PXE & vSphere DHCP clients can act differently. Beware VLAN configuration! • Not all switch providers are equal. Know how they handle native vs. tagged vs. access port configuration. • VLAN tagged (trunked) boot NICs not recommended, but if it’s all you have… TFTP: • Install a client and try it yourself.
    • 21. TROUBLESHOOTING–DHCPOPTIONS DHCP Options: • Always make sure DHCP was restarted after making changes. • Check that the DHCP server is providing addresses in the correct scope/VLAN. Stand up a VM and make sure it gets an address – that’s the only reason the test VM exists. • Use tcpdump to see packets on the wire and ensure options 66 and 67 are set. • More details at deploy-deep-dive-part-4/
    • 22. TROUBLESHOOTING–HOSTPROFILES1/2 Host Profiles: • Applied profile for compliance is not the profile used by Auto Deploy. If a profile is applied to a cluster, it will override the profile you attempted to attach to the VMHost. Unattach the profile from the cluster. Useful in clusters with mixed hardware VMHosts. • If it’s not applying properly, uncheck all suspect items in the profile and re-enable one at a time until error occurs. Very specific, may take many iterations.
    • 23. TROUBLESHOOTING–HOSTPROFILES2/2 Host Profiles: • Always check KB for known bugs. Examples: o vMotion not enabled on vmkernel ports. o Default GW lost after reboot. • Can enhance with PowerCLI and other tools – don’t need to use Host Profiles exclusively.
    • 24. BONUSPOINTS–LINUXONLY  If you’re using the VCSA, perhaps you want to be as Windows-free as possible (damn you, VUM!). The VCSA can provide Auto Deploy, use ISC DHCP and ISC TFTP to avoid Windows dependencies.  Can fit in 4.5 GB RAM! • Install tftp-server package (CentOS). • Un-disable tftpd in /etc/xinetd.d/tftp. • Start and enable xinetd. • Download the files to /var/lib/tftproot. • Change next-server in DHCP scope. o Be explicit, it’s self-documenting.
    • 25. ACKNOWLEDGEMENTS Acknowledgements: Vladan Seget,, VMware docs, 55/index.jsp#com.vmware.vsphere.install.doc/GUID- 9A827220-177E-40DE-99A0-E1EB62A49408.html #vBrownBag community You guys rock!