Revisiting scripted ESXi Installs - now working in ESXi 6.5

I thought I would revisit scripted ESXi installation for my lab. It's been since 5.0 or prior since I actually went into depth on this and there are some significant changes for 6.5. The example script draws heavily from other sources and it is now working.

Goals are:

1. Install ESXi, set password,  IP, hostname, etc.
2. enable shess/ssh
3. set logfile location
4. add NIC to vSwitch0
5. add portgroup(s)
6. configure VLANs
7. add vSwitch for iSCSI
8. set MTU for vSwitch
9. create vmkernel NICs
10. set MTU for vmkernel NICs
11. set failover policy for vmkernel compliant with iSCSI port binding
12. Enable software iSCSI
13. Execute port binding
14. add iSCSI discovery
15. add NFS 4.1
16. configure NTP
17. Set password policy

Hope it is useful!

# Accept the VMware End User License Agreement

vmaccepteula

 

 

# Set the root password for the DCUI and ESXi Shell

rootpw P@ssw0rd

 

 

# Install on the first local disk available on machine

install --firstdisk --overwritevmfs

 

 

# Set the network to Static on the first network adapater, use the specified hostname and do not create a portgroup for the VMs

network --bootproto=static --addvmportgroup=true --device=vmnic0 --ip=172.20.100.103 --netmask=255.255.0.0 --gateway=172.20.0.1 --nameserver=172.20.200.10 --hostname=esx103.mydomain.com

 

 

# reboots the host after the scripted installation is completed

reboot

 

%firstboot --interpreter=busybox

 

 

# The following commands MAY BE specific to esxXYZ.mydomain.com. Customize the hostname and IP specific for your installation

# Set the network to static on the first network adapter, specifies network properties, sets hostname, must replace network from above script

 

 

# enable & start remote ESXi Shell  (SSH)

vim-cmd hostsvc/enable_ssh

vim-cmd hostsvc/start_ssh

 

 

# enable & start ESXi Shell (TSM)

vim-cmd hostsvc/enable_esx_shell

vim-cmd hostsvc/start_esx_shell

 

 

# supress ESXi Shell shell warning - from YellowBricks (http://www.yellow-bricks.com/2011/07/21/esxi-5-suppressing-the-localremote-shell-warning/)

esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1

 

 

# Set logfile location for ESXi to SAN (volume must exist) (https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003322)

esxcli system syslog config set --logdir=/vmfs/volumes/103/host-logfiles/esx103

 

 

# Add an extra nic to vSwitch0 and set as active (vmnic1)

esxcli network vswitch standard uplink add --uplink-name=vmnic1 --vswitch-name=vSwitch0

esxcli network vswitch standard policy failover set --active-uplinks vmnic0,vmnic1 --vswitch-name vSwitch0

 

 

# configure portgroups

esxcli network vswitch standard portgroup add --portgroup-name Production --vswitch-name vSwitch0

esxcli network vswitch standard portgroup set --portgroup-name Production --vlan-id 24

 

 

# Add vSwitch 1

esxcli network vswitch standard add --vswitch-name=vSwitch1

 

 

# Add NIC's to vSwitch1 (vmnic2,vmnic3)

esxcli network vswitch standard uplink add --uplink-name=vmnic4 --vswitch-name=vSwitch1

esxcli network vswitch standard uplink add --uplink-name=vmnic5 --vswitch-name=vSwitch1

esxcli network vswitch standard policy failover set --active-uplinks vmnic4,vmnic5 --vswitch-name vSwitch1

 

 

# configure mtu for vSwitch1

esxcli network vswitch standard set --mtu 9000 --vswitch-name vSwitch1

 

 

# Add iSCSI01 Portgroup to vSwitch1 and create a VMkernel interface

esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-iSCSI01 --vswitch-name=vSwitch1

 

 

# Add a virtual NIC to the Portgroup created in the previous step

esxcli network ip interface add --interface-name=vmk1 --mtu 9000 --portgroup-name=VMkernel-iSCSI01

 

 

# Set the IP address of the iSCSI01 Portgroup to: 10.0.0.XYZ

esxcli network ip interface ipv4 set --interface-name=vmk1 --ipv4=10.0.100.103 --netmask=255.255.0.0 --type=static

 

 

#Set failover policy for iSCSI01 Protgroup so that only one NIC is active

esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic4 --portgroup-name=VMkernel-iSCSI01

 

 

# Add iSCSI02 Portgroup to vSwitch1 and create a VMkernel interface

esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-iSCSI02 --vswitch-name=vSwitch1

 

 

# Add a virtual NIC to the Portgroup created in the previous step

esxcli network ip interface add --interface-name=vmk2 --mtu 9000 --portgroup-name=VMkernel-iSCSI02

 

 

# Set the IP address of the iSCSI02 Portgroup to: 10.0.0.ABC

esxcli network ip interface ipv4 set --interface-name=vmk2 --ipv4=10.0.100.123 --netmask=255.255.0.0 --type=static

 

 

#Set failover policy for iSCSI01 Portgroup so that only one NIC is active

esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic5 --portgroup-name=VMkernel-iSCSI02

 

 

# Enable Software iSCSI

esxcli iscsi software set --enabled 1

 

 

#Port Binding

esxcli iscsi networkportal add -A vmhba64 -n vmk1

esxcli iscsi networkportal add -A vmhba64 -n vmk2

 

 

# Add iSCSI SAN

esxcli iscsi adapter discovery sendtarget add --adapter vmhba64 --address=10.0.0.23:3260

esxcli storage core adapter rescan --adapter vmhba64

 

 

#NFS Storage

# esxcli storage nfs41 add -H "172.20.0.97" -s "/var/nfs/" -v "NFS"

 

 

# Add vMotion Portgroup to vSwitch1 and create a VMkernel interface

esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-vMotion --vswitch-name=vSwitch1

 

 

esxcli network ip interface add --interface-name=vmk3 --mtu 9000 --portgroup-name=VMkernel-vMotion

esxcli network ip interface ipv4 set --interface-name=vmk3 --ipv4=10.0.100.143 --netmask=255.255.0.0 --type=static

esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic4 --standby-uplinks vmnic5 --portgroup-name=VMkernel-vMotion

 

 

# Add FT Portgroup to vSwitch1 and create a VMkernel interface

esxcli network vswitch standard portgroup add --portgroup-name=VMkernel-FT --vswitch-name=vSwitch1

 

 

esxcli network ip interface add --interface-name=vmk4 --mtu 9000 --portgroup-name=VMkernel-FT

esxcli network ip interface ipv4 set --interface-name=vmk4 --ipv4=10.0.100.163 --netmask=255.255.0.0 --type=static

esxcli network vswitch standard portgroup policy failover set --active-uplinks vmnic5 --standby-uplinks vmnic4 --portgroup-name=VMkernel-FT

 

 

 

 

### NTP CONFIGURATIONS ###

cat > /etc/ntp.conf << __NTP_CONFIG__

restrict default kod nomodify notrap noquerynopeer

restrict 127.0.0.1

server 0.us.pool.ntp.org

server 1.us.pool.ntp.org

server 2.us.pool.ntp.org

__NTP_CONFIG__

/sbin/chkconfig --level 345 ntpd on

 

 

### PASSWORD CONFIGURATIONS ###

cat > /etc/pam.d/passwd << __PAM.D_CONFIG__

#%PAM-1.0

 

 

password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=2,2,2,2,2

password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512

password   required     /lib/security/$ISA/pam_deny.so

__PAM.D_CONFIG__

 

 

# enter maintenance mode

vim-cmd hostsvc/maintenance_mode_enter

 

 

# Needed for configuration changes that could not be performed in esxcli (thanks VMware)

reboot