Recently I was involved in a project with the goal of completely automating the creation and configuration of a VMware cluster. Basically we wanted to point a script at an empty vCenter server & a UCS manager and 30 minutes later have a fully configured cluster ready to add to our cloud.
One of the hurdles we had implementing this automation was getting a host profile to apply automatically to a newly AutoDeployed ESXi host. This was mostly related to automatically generating an answer file for a particular host. Here are the lessons learned.
Configuring MAC Addresses for VMKs
When working with host profiles in the past I wouldn’t pay too much attention to the process when I applied a host profile to a host. I would get to the screen that asked for the MAC address for a VMK and would mindless hit next. ESX always generated the MAC just fine and I never gave it much thought. Unfortunately you can’t ignore this when trying to setup the answer file via PowerCLI.
The default for this settings is Prompt the user for the MAC Address if no default is available, but this seems to always need input. Luckily Paul Whitman had posted over at his blog that if you change this setting for each of your VMKs to User must explicily choose the policy option then the system will automatically generate the MAC addresses. This has to be a bug (at least in 5.0.0/441354), the wording of the option just doesn’t make any sense to me and they didn’t even spell explicitly correctly!
When editing your Host Profile the MAC address specification for your VMKs can be found in one of two places.
- Networking configuration –> Host Port Group –> Port-Group Name –> Determine how MAC address for vmknic should be decided
- Networking configuration –> Host virtual NIC –> vDS Name : Port-Group Name -> Determine how MAC address for vmknic should be decided
Specifying the IP Addresses in the Answer File
It doesn’t seem like there is a way to create an answer file with any of the defined cmdlets. The Apply-VMHostProfile cmdlet has a way to “Specify a hash table object that provides values for the host profile required variables.” by using -Variable. As far as I can tell this allows you to specify the answers the host profile needs to apply the profile, but it doesn’t create an answer file. This may not be too big of a deal for a stateful boot-from-disk ESXi server, since the config changes made by the host profile stick around, but for a stateless AutoDeployed ESXi server which needs the answers everytime, its no good.
So get-view to the rescue. Again, as luck would have it, most of the leg work was done by someone else and I found this script in the Vmware PowerCLI community that pointed me in the right direction.
I’ve adapted that script for my own needs. The community script provided the info from a CSV file, but I already had all the info in Arrays in my script. Here is the meat as something stand alone.
$targetHost = Get-VMHost -Name "ESXiHost" $hostProfileManagerView = Get-View "HostProfileManager" $answerFileCreateSpec = New-Object VMware.Vim.AnswerFileOptionsCreateSpec $propPath = New-Object VMware.Vim.ProfilePropertyPath $propPath.ProfilePath = 'network.dvsHostNic["key-vim-profile-host-DvsHostVnicProfile-vDS-PG"].ipConfig' $propPath.PolicyId = "IpAddressPolicy" $addr = New-Object VMware.Vim.KeyAnyValue $addr.key = "address" $addr.value = "X.X.X.X" $mask = New-Object VMware.Vim.KeyAnyValue $mask.key = "subnetmask" $mask.value = "255.255.255.0" $param = New-Object VMware.Vim.ProfileDeferredPolicyOptionParameter $param.InputPath = $propPath $param.Parameter += $addr $param.Parameter += $mask $answerFileCreateSpec.UserInput += $param $hostProfileManagerView.UpdateAnswerFile($targetHost.ExtensionData.MoRef, $answerFileCreateSpec)
Lines 1 -3: Get the host object and create some needed objects to create the answer file. Replace the name on line 1 with the name of your host.
Lines 5-7: Define the path to the info in the answer file that you are going to provide. You will need to replace the vDS and PG with the information from your vDS. See below for info on how to get this information.
Lines 9 -14: Provide the IP information, make sure to update lines 11 and 14 with the correct IP and subnet information.
Lines 16 – 20: finish constructing the details for the answer file, no changes are needed in this section.
Line 22: Creates the answer file based on the provided information.
Obviously you would need to do this for every VMK you need to provide IP information.
You can also use the HostProfileManager object (stored in $hostProfileManagerView in the example above) to check the host profile.
PS>$hostProfileManagerView.CheckAnswerFileStatus($targetHost.ExtensionData.MoRef) CheckedTime : 7/30/2012 1:05:37 AM Host : HostSystem-host-5239 Status : valid Error : LinkedView : DynamicType : DynamicProperty :
You are looking for the Status of valid. If it’s invalid, then the answer file is not complete.
You can use the Get-VMHostProfileRequiredInput cmdlet to get the profile paths that you need to specify (i.e. what goes into line 6 of the above script) for the answer file configuration.
PS>Get-VMHostProfileRequiredInput -VMHost $VMHost -Profile $HostProfile | fl Key : network.dvsHostNic["key-vim-profile-host-DvsHostVnicProfile-vDS-PG"].ipConfig.IpAddressPolicy.address Type : Required VMHost : esx-2.domain.com VMHostProfile : HostProfile Key : network.dvsHostNic["key-vim-profile-host-DvsHostVnicProfile-vDS-PG"].ipConfig.IpAddressPolicy.subnetmask Type : Required VMHost : esx-2.domain.com VMHostProfile : HostProfile
Specifying the Root Password in the Answer File
The last part of the puzzle was setting the root password in the host profile. Since we were importing the host profile the root password is stripped from the host profile and it defaults to leaving the root password unchanged, which would be blank for the AutoDeployed host.
And for the third lucky find, it turns out LucD had already written a function called Set-VMHostProfileExtended that updates the root password stored in a host profile. Running this function against our imported host profile set the profile to update the root password and the password to the desired value.
When I started this post I thought it would be nice to share a solution to a problem I was having. I didn’t realize it would mostly be just putting together solutions from three different people. But I guess that is what the Internet is all about and I’m glad they shared. Hopefully this post will save someone else the time it took for me to find and put these different components together.