ESXi Bare Metal Single Touch Provisioning

This Project is my effort to create a single touch method for provisioning ESXi hosts from bare metal/powered off to production ready in vCenter. This was built using HPE hardware, however, there is no reason you can't modify this to work with Dell hosts. I made some effort to make this repo hardware-agnostic.

Getting Started

Clone the repo using the usual methods and alter the yml to fit your environment. Not everything is parameterized, so you might consider setting some of what I have hard-coded here to variables so they are easier to alter long term.

These playbooks were built to run locally, but can be easily altered to run from a Media Server, for example.

Requirements and Considerations

Required Folder Directories

The machine staging/copying/sharing/manipulating the ISO files will need the following directories, but you can create your own if these are not your cup of tea. The fullmetalbuild references these locations in the playbook. You will only need to do this once:

/opt/esxiisosrc  
/opt/baremetal  

You will also need to setup nginx (or webserver of your choice), that will be the webserver allowing access to the customized iso. I made a directory called "isos" under the default location in the verison of nginx I am running:

/usr/share/nginx/html/isos/

Ansible/Python Version:

ansible 2.9.2  
python version 3.7.3    

It is recommended to run all Ansible playbooks in a virtualenv for flexibility.

Additional pip3 required installations:

ansible==2.9.5  
certifi==2019.11.28  
cffi==1.14.0  
chardet==3.0.4  
cryptography==2.8  
idna==2.9  
Jinja2==2.11.1  
MarkupSafe==1.1.1  
pycparser==2.19  
python-hpilo==4.3  
pyvmomi==6.7.3  
PyYAML==5.3  
requests==2.23.0  
six==1.14.0  
urllib3==1.25.8   

Additional Software Required

• mkisofs on the machine manipulating the files for the iso.

• nginx or the webserver app of your choice on the webserver hosting the iso, if you are using the url version of remote boot.

• openssl to encrypt the esxi root password that goes into the kickstart file. Example:

  openssl -1 "foo"

The Resources in this Repo Were Tested On:

vCenter/ESXi Versions were 6.5 GA and above, however, according to William Lam's post on kickstart, the method for kickstart file use in ESXi goes at least as far back as ESXi 5.0.

HPE Hardware/Firmware versions tested:

HPE Proliant BL460c G9 - iLO Verions 2.7x   
HPE Synergy BL480 G9 - iLO Version 2.72  

The automated kickstart injection process will prepare the customized ISO for both Legacy and UEFI boot, however, it is highly recommended that you use UEFI Boot, as that method was more rigorously tested.

IMPORTANT!!! Use of this Repo and new ESXi Releases

At the top of the fullmetalbuild.yml file, there are instructions for new ESXi host releases. With every new ISO release, you will need to place the new ISO into the directory specified in the playbook (within the vars codeblock).

The second thing you will need to do is extract and customize the following files from that new release:

boot.cfg  
efi/boot/boot.cfg  

You will need to edit them to include the kickstart file and the bmks.tgz file (created at playbook runtime), and copy both boot.cfg files into the files directory in the repo under a directory named after the ESXi Build Number. Please see the examples in the files directory of this repo for more information. A short how to:

You can extract and edit these files on any Windows machine. That should work. However, I do this using a Linux machine. You will only need to do this once per release:

mkdir /mnt/esxibuildnumber # <-- Use the ACTUAL build number of the ESXi ISO. Temp location for the extracted iso files.
mkdir -p rootofrepo/files/esxibuildnumber/efi/boot
mount -o loop -t iso9660 /path/to/new/esxi/iso /mnt/esxibuildnumber
cp /mnt/esxibuildnumber/boot.cfg rootofrepo/files/esxibuildnumber
cp /mnt/esxibuildnumber/efi/boot/boot.cfg rootofrepo/files/esxibuildnumber/efi/boot/
umount /mnt/esxibuildnumber

Use the text editor or IDE of your choice to edit both boot files to include three changes:

1. Comment out the kernelopt=cdromBoot runweasel line.
2. Add the kernelopt=ks=file://etc/vmware/weasel/ks.cfg line in its place.
3. Append the --- /bmks.tgz at the end of the modules line.

Should look like the following. You may have to scroll over to see the end of the modules line:

bootstate=0  
title=Loading ESXi installer  
timeout=5  
prefix=  
kernel=/b.b00  
# Comment out the following line:  
# kernelopt=cdromBoot runweasel  
# Add this line:  
kernelopt=ks=file://etc/vmware/weasel/ks.cfg  
modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /uc_hygon.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /lsi_mr3.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /scsi_hpd.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /sut.v00 --- /testeven.v00 --- /i40en.v00 --- /igbn.v00 --- /ixgben.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedf.v00 --- /qedi.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nfnic.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /sfvmk.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /esxupdt.v00 --- /weaselin.t00 --- /lsu_hp_h.v00 --- /lsu_inte.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /lsu_lsi_.v04 --- /lsu_smar.v00 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz # <--- Add this here.    
build=  
updated=0  

DO NOT simply use the same boot.cfg files through new releases, as each new release may have different modules defined and it may fail. It certainly did for me when I tried that. (DOH!)

Thank Yous and Contributors

• Could not have done this without William Lam's post about kickstart.
• HPE Hardware and their donation(s) of time.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

• Bryan Sullins - Initial work - bryansullins