Your SlideShare is downloading. ×
Auto Deploy Deep Dive – vBrownBag Style
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Auto Deploy Deep Dive – vBrownBag Style

5,588
views

Published on

vBrownBag Auto Deploy Deep Dive Podcast …

vBrownBag Auto Deploy Deep Dive Podcast
Live session recorded and available at http://professionalvmware.com

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,588
On Slideshare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • What is Auto Deploy? Vmware has a very chewy definition, but it’s a fancy way of saying automated vSphere provisioning. You’ll be interested in Auto Deploy if you’re building out data centers at scale, or just studying for your VCP/VCAP certifications.Most tutorials use the C# Client, but I’m going to use the vSphere Web Client. I’m also using discrete VMs and will cover troubleshooting.
  • Eval license – use it, Vmware encourages it. Just get everything done in 60 days!!Default Auto Deploy repository is 2GB, should be able to fit 5-6 images
  • Everyone should be familiar with their own vCenter design. Here’s the lab setup I’m using for this session. The VMs we’re going to configure are highlighted in red.
  • .NET 3.5.1 pre-reqs include some IIS features – but NOT IIS, you don’t need to install a web server to have a tftp server.
  • The optional option was referenced in some ISC documentation, but didn’t help. Perhaps only certain clients need it.DEMO – vCenter Auto Deploy settings and DHCP config
  • DEMO – Show how to extract a profile, the settings of the hardware dependent vESXI01 profile, and the simpler settings of the stateful profile.
  • I’ll show you the effective difference between a remote and offline software depot in a few slides.If you need to add VIBs, Chris Wahl’s blog has a great article on the process.
  • Here’s the script.Connect, grab and store some info.Add a remote depot – easier in my lab, but requires connectivity to the depot.The middle section is where you would customize VIBsSelect the Image to use and apply the rule.
  • DEMO – Show the output from ISE of applying the script, and the output of Get-EsxSoftwareDepot in a new ISE session.
  • Security is important, always sudo!DEMO - Show vESXi02 already running with a failed PXE boot - Restart vESXi02 and watch the PXE boot begin – takes about 5 and a half minutes in my lab. - Restart vESXi03, which was PXE booted, and show that it works without initiating PXE.
  • What are the steps we followed, and which ones need repeated?
  • EMC VIPR is another bare metal provisioning systemDC in 60 minutes! Not counting the hundreds of man-hours of prep-work, of course…Iterative designs win. Don’t just jump to the end state and expect great success.
  • A lot of us will use nested ESXi and everything is quick, but physical servers sometimes take 10+ minutes just to get TO the PXE boot sequence. Save yourself some time by knowing how to debug the different components.
  • Show the tcpdump packets in the blog post
  • You can get caught in reboot loops and other weirdness.
  • Host profiles are not perfect. There are bugs, and other tools that can be simpler to debug.
  • DEMO – chkconfig and xinetd settings
  • Transcript

    • 1. AUTO DEPLOY DEEP DIVE – VBROWNBAG STYLE Rob Nelson – VCP5-DCV Twitter: @rnelson0 Blog: http://rnelson0.com http://rnelson0.com/auto-deploy-deep-dive-series/
    • 2. AGENDA What is Auto Deploy? Requirements Lab Setup Auto Deploy VM DHCP Settings Host Profiles PowerCLI + Image Builder DHCP Reservations PXE Boot Increased Automation Troubleshooting Bonus Points – VCSA and Linux Only
    • 3. WHATISAUTODEPLOY? “VMware vSphere® Auto Deploy™ facilitates rapid server deployment and provisioning of vSphere hosts by leveraging the network boot capabilities of x86 servers together with the small footprint of the VMware® ESXi™ hypervisor.” - VMware • Automated, network-booted hypervisor provisioning and configuration. • Bare metal provisioning – rack, stack, run VMs with low/no touch. • Required reading for VCP/VCAP certifications. Our Focus • Use the vSphere Web Client exclusively – Way of the future. • Mostly discrete Single Service VMs. o Can be combined if desired. • Troubleshooting – What if it doesn’t work?
    • 4. REQUIREMENTS • Enterprise Plus License, or 60 Day vCenter Eval License. o Included in every vCenter installation, use it! • Host Profiles. • DHCP – Microsoft (Win) or ISC DHCP (Linux). • TFTP – Solarwinds (Win) or ISC TFTP (Linux). • PowerCLI + Image Builder cmdlets. • EFI systems must be switched to BIOS compatibility mode. • Initial boot requires IPv4. • Network, security, storage (350MB per image), administrative access, etc., as otherwise required for vCenter. • See more in vSphere Install And Setup Guide, section “Installing ESXi Using vSphere Auto Deploy”, http://bit.ly/1jCQ60B
    • 5. LABSETUP • Fortigate-VM – Segregates inner/production labs • Lab-server-1 – RDP gateway between inner/production labs • Lab-server-2 – Domain Controller • Lab-server-3 – vCenter • Lab-server-4 – Auto Deploy + TFTP • Lab-unix-1 – DHCP + TFTP, CentOS 6.5 • test – Test DHCP availability, CentOS 6.5 • vESXi01 – vPhysical VMHost, already configured • vESXi02, vESXi03 – vPhysical VMHost, not configured
    • 6. AUTODEPLOYVM Same OS requirements as vCenter. • Install Windows Server 2008 R2 per your standards. • Configure RDP. • Install .NET 3.5.1 and pre-reqs. • Install Solarwinds TFTP Server. • Add firewall rule to allow inbound TFTP (69/udp). • Install Auto Deploy from vCenter media. o Use administrator@vsphere.local or service acct.
    • 7. DHCPSETTINGSPART1/2 View Auto Deploy configuration of vCenter and copy settings for use with DHCP server. • Launch vSphere Web Client. • Home -> vCenter -> <vCenter Object> -> Manage -> Settings -> Auto Deploy • Copy the BIOS DHCP File Name (option 67) and iPXE Boot URL (option 66) values. • Download the TFTP Boot Zip. Uncompress in TFTP Root o Don’t need the zip, can discard. o URL is not password protected, can bookmark for later.
    • 8. DHCPSETTINGSPART2/2 Modify DHCP scope: • Option 66 – “next-server <ip>” o Optional: “option tftp-server-name <ip>”, did not need • Option 67 – “option bootfile-name <filename>” • Restart service.
    • 9. HOSTPROFILES-DESCRIPTION • Requires Enterprise Plus license. • Useful for attaching consistent settings across devices, ensuring compliance over time. • Profiles reliant on similar hardware (machine specific). • Answer file provides host specific information. • Tricky and time-consuming! May take multiple attempts to generate a profile that satisfies your needs. • Not for the faint of heart. • Could be a vBrownBag of its own!
    • 10. HOSTPROFILES–STATEFULCREATION Create a “stateful” profile: • There is no editor, must extract from an existing VMHost. • Use vESXi01 as the reference host. • Uncheck everything except: Advanced Configuration Settings -> System Image Cache Configuration -> System Image Cache Configuration -> System Image Cache Settings -> Enable stateful installs on hosts • Could also include root’s password, syslog and ntp settings, and other hardware independent configuration. • If your hardware is all the same, use the full profile. • Always test with one device, don’t mass produce crap.
    • 11. HOSTPROFILE–WHYSTATEFUL? I used a stateful install for simplicity. When should you use it? Use Stateful: • Small system or management cluster – Physical hosts cannot be dependent on VMs to provide the hypervisor. • Don’t have Enterprise Plus and want VMHosts to work 61 days later. • Can’t afford to wait extra 10+ minutes for PXE boot + install. Use Stateless: • Deploying similar hardware en mass – With a single rule, deploy a large number of hosts with zero touch. • Can upgrade/downgrade images or VIBs with a single change to Auto Deploy rule and a reboot.
    • 12. POWERCLI+IMAGEBUILDER Commands: • Connect-VIServer • Get-Cluster – Cluster to add VMHost to. • Get-VMHostProfile – Find our stateful profile. • $HostRangePattern – http://bit.ly/1eTgfnO for other patterns. • Add-EsxSoftwareDepot – Remote or offline. • Get-EsxImageProfile – Select profile from the depot. • New-DeployRule – Create a new rule. • Set-DeployRuleSet – Overwrite existing rules, or… • Add-DeployRule – Add to existing rules. Customize with: • New-EsxImageProfile – Clone existing image. • Add-EsxSoftwarePackage – Additional VIBs, see http://bit.ly/1eBmIne • Export-EsxImageProfile – Create a zip bundle or ISO.
    • 13. POWERCLI+IMAGEBUILDERSCRIPT Connect-VIServer vcenter.insidelab.nelson.va $Cluster = Get-Cluster $HostProfile = Get-VMHostProfile stateful $HostRangePattern = "ipv4=172.19.0.241-172.19.0.249" Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot- index.xml #New-EsxImageProfile -CloneProfile ESXi-5.5.0-20131201001s-standard -Name Lab-5.5-Standard -Vendor Nelson # Add VIBs here with Add-EsxSoftwarePackage # Export to a bundle or an ISO if necessary #Export-EsxImageProfile -ImageProfile Lab-5.5-Standard -ExportToISO C:lab- 5.5-standard.iso $ImageProfile = Get-EsxImageProfile -Name "ESXi-5.5.0-20140302001- standard" New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePattern Set-DeployRuleSet -DeployRule vBrownBagDeploy Get-DeployRuleSet
    • 14. POWERCLI+IMAGEBUILDER–HOWITWORKS How it works: • PoSH uses Objects. • New-DeployRule applies objects intelligently. o Auto Deploy Rules Engine determines what should happen. o Auto Deploy Server serves images and profiles to clients. • Our rules apply an image, a host profile, and a cluster at once. o Host Profiles are attached for compliance, but failures do not abort the process. • SoftwareDepot “goes away” once PoSH session ends, still remembered in Rules Engine. Save your script for future editing.
    • 15. POWERCLI+IMAGEBUILDER–REMOTESOFTWAREDEPOT Using a remote software depot causes the contents to be downloaded on first use. If your vCenter network is restricted, use an offline bundle! PS C:Usersrnelson0> New-DeployRule -Name vBrownBagDeploy -Item $HostProfile,$ImageProfile,$Cluster -Pattern $HostRangePattern Downloading misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820 Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 10,904 bytes...Download finished, uploading to AutoDeploy... Upload finished. Downloading scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820 Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 0 bytes...Downloaded 163,840 bytes...Downloaded 410,516 bytes...Download finished, uploading to AutoDeploy... Upload finished. ...
    • 16. DHCPRESERVATIONS Create DHCP reservations: • One per VMHost. • Must be in the correct scope AND in the range defined in your Auto Deploy rules. • Restart service. host vesxi02 { hardware ethernet 00:50:56:9a:7b:ce; fixed-address 172.19.0.242; option host-name vesxi02; }
    • 17. PXEBOOT • Power on your (v)hardware and initiate a PXE boot. • sudo make me a sandwich • Return to a VMHost running the image you specified, with a stateful install and in the cluster. • Take it out of maintenance mode and start using it!
    • 18. SUMMARY One-time steps: • Created an Auto Deploy VM. • Installed/configured TFTP. Repeated steps: • Update DHCP configuration. • Select/Create a host profile. • Create Image Builder images and rules. • Deploy hosts. • Make a sandwich. This is just the start of your SDDC – bare metal hypervisor provisioning with manual touch.
    • 19. INCREASEDAUTOMATION What’s next: • Apply a more complete host profile. • Automate DNS configuration, DHCP reservations, Host Profiles and Image Builder. • Tie it all into a single workflow. • Receive MACs from your vendor before devices ship and configure auto deploy. On-site racks and stacks and powers on. 60 minutes later your DC is up and running. • Take small steps, continue pushing toward the end goal!
    • 20. TROUBLESHOOTING–PXE&SWITCHCONFIG,TFTP What do you do when things don’t work? Start with the physical layer and work your way up the stack. PXE & Switch Configurations: • PXE & vSphere DHCP clients can act differently. Beware VLAN configuration! • Not all switch providers are equal. Know how they handle native vs. tagged vs. access port configuration. • VLAN tagged (trunked) boot NICs not recommended, but if it’s all you have… TFTP: • Install a client and try it yourself.
    • 21. TROUBLESHOOTING–DHCPOPTIONS DHCP Options: • Always make sure DHCP was restarted after making changes. • Check that the DHCP server is providing addresses in the correct scope/VLAN. Stand up a VM and make sure it gets an address – that’s the only reason the test VM exists. • Use tcpdump to see packets on the wire and ensure options 66 and 67 are set. • More details at http://rnelson0.com/2014/04/07/auto- deploy-deep-dive-part-4/
    • 22. TROUBLESHOOTING–HOSTPROFILES1/2 Host Profiles: • Applied profile for compliance is not the profile used by Auto Deploy. If a profile is applied to a cluster, it will override the profile you attempted to attach to the VMHost. Unattach the profile from the cluster. Useful in clusters with mixed hardware VMHosts. • If it’s not applying properly, uncheck all suspect items in the profile and re-enable one at a time until error occurs. Very specific, may take many iterations.
    • 23. TROUBLESHOOTING–HOSTPROFILES2/2 Host Profiles: • Always check KB for known bugs. Examples: o vMotion not enabled on vmkernel ports. o Default GW lost after reboot. • Can enhance with PowerCLI and other tools – don’t need to use Host Profiles exclusively.
    • 24. BONUSPOINTS–LINUXONLY  If you’re using the VCSA, perhaps you want to be as Windows-free as possible (damn you, VUM!). The VCSA can provide Auto Deploy, use ISC DHCP and ISC TFTP to avoid Windows dependencies.  Can fit in 4.5 GB RAM! • Install tftp-server package (CentOS). • Un-disable tftpd in /etc/xinetd.d/tftp. • Start and enable xinetd. • Download the deploy-tftp.zip files to /var/lib/tftproot. • Change next-server in DHCP scope. o Be explicit, it’s self-documenting.
    • 25. ACKNOWLEDGEMENTS Acknowledgements: Vladan Seget, https://twitter.com/@vladan, http://www.vladan.fr/vmware-vsphere-autodeploy/ VMware docs, http://pubs.vmware.com/vsphere- 55/index.jsp#com.vmware.vsphere.install.doc/GUID- 9A827220-177E-40DE-99A0-E1EB62A49408.html #vBrownBag community You guys rock!