«
»

Some More PowerShell – Configuring an ESXi host – Sample PS1 file

Well, last week I set myself the task of trying to do everything I would do with PowerShell that would I normally do the %post script on kickstart install of an ESX host. I’ve made quite a bit of progress mainly on my own, but occasionally with help from google. I discovered a couple of things. The main one being this. Whilst there is a method with ESX “Classic” to crated a second Service Console port for HA, there doesn’t seem to be a corresponding method with ESX4i. In ESX4i under-neath the enable VMotion tick-box, there’s also a tickbox for enabling a VMkernel port for management. It appears that there’s no method for carrying on this task for ESX4i.

The main reason for using PowerShell for this kind of post-configuration rides on a number of conditions:

  • Your using ESX4i instead of ESX “Classic”
  • You don’t have access to the new “Host Profiles” feature because you not a Enterprize+ customer

Anyway, below is my .ps1 file I use for configuring ESX4i… What I really struggle with in PowerShell is the whole get-view command, and navigating the API/SDK environment. Trying to find the right object and attributes using either the MOB (virtualcenter.corp.com/mob) or the online referrence (http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/index.html) is actually quite difficult if you a novice (like me). For example I was looking for a method to license an ESX host (although a cmd-let exists to add a host, you have to wrestle with the SDK to find the way to assign a license to an ESX host). I manage to find someone who had already worked out how to enable SW iSCSI on host, but I couldn’t get my script to set my IQN…

Anyway, for what its worth – here’s my post-configuration .ps1 file.

ConfigureESXi.ps1

Update 01:

You know what its like just as post to the internet you can’t do something – sods, law dictates you find the option you were looking for sometime. So I have found a method of setting the IQN. And it was dead easy… I added a variable to the ps1 file called - $swiscsiiqn = “iqn.2008-10.com.vi4book:$vmhost” and then call out the storageSystem to UpdateInternetScsiName.

$VMhost = "esx4.vi4book.com"
$iscsiHba = "vmhba34"
$swiscsiiqn = "iqn.2008-10.com.vi4book:$vmhost"
$h = Get-VMHost $VMhost

Foreach ($hostView in ( Get-View -VIObject $h))
{
$storageSystem = Get-View $hostView.configManager.storageSystem
$storageSystem.UpdateInternetScsiName($iscsihba,$swiscsiiqn)
}

Update 02: Added Firewall Configuration

Added to the .ps1 file a method for changing the firewall with:

Foreach ($hostView in ( Get-View -VIObject $h))
{
$firewallSystem = Get-View $hostView.configManager.firewallSystem
$firewallSystem.EnableRuleset("sshClient")
}

Update 03: Added Licensing Process to the Script…

$vmhost = "esx4.vi4book.com"
$targethostMoRef = (get-VMHost $vmhost  | get-view).MoRef
$si = Get-View ServiceInstance
$LicManRef=$si.Content.LicenseManager
$LicManView=Get-View $LicManRef
$licassman = Get-View $LicManView.LicenseAssignmentManager
$licassman.UpdateAssignedLicense($targethostMoRef.value,"YOUR LIC KEY","vSphere4 Enterprise Plus (1-12 cores per CPU")

Update 04: Added Configuring DPM to the Script…

$vmhost = "esx4.vi4book.com"
$login = "vmware_dpm_user"
$password = "password"
$hostview = get-vmhost $vmhost | % {Get-View $_.Id}
$IpmiInfo = New-Object Vmware.Vim.HostIpmiInfo
$IpmiInfo.BmcIpAddress = "192.168.3.204"
$IpmiInfo.BmcMacAddress = "00:16:35:37:F8:02"
$IpmiInfo.Login = $login
$IpmiInfo.Password = $password
$hostview.UpdateIpmi($IpmiInfo)

Update 05: Added Setting the Root password on ESXi Hosts & Creating Local User Accounts

You might notice that the connect-viserver -password field is missing. That’s because all cleanly “installed” or “factory reset” ESXi host default to having no password. So initially I authenticate without a password, and the first thing I do is set a password.

$esxhost = Connect-VIServer $vmhost -username root
Set-VMHostAccount -UserAccount root -password password
New-VMHostAccount -ID lavericm-admin -Password password -UserAccount

Update 06: Enable FT Logging on a VMkernel Port

This uses the data object virtualNicManager to set the VMKernal Port (vmk2) to be enabled for “FaultTolerenceLogging”

$FTlogging = New-VirtualPortGroup -VirtualSwitch $vs3 -Name FT-Logging
New-VMHostNetworkAdapter -PortGroup FT-Logging -VirtualSwitch $vs3 -IP $FTloggingIP -SubnetMask 255.255.255.0
$h = Get-VMHost $vmhost | Get-View -Property configManager
$nicManager = Get-View $h.configManager.virtualNicManager
$nicManager.SelectVnicForNicType("faultToleranceLogging", "vmk3")

Update 07: Enable “Management Traffic” on VMkernel Port for the HA Heartbeat

This uses the data object virtualNicManager to set the VMKernal Port (vmk2) to be enabled for “Management Traffic”

New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs3 -IP $HAheartbeatIP -SubnetMask 255.255.255.0
$h = Get-VMHost $vmhost | Get-View -Property configManager
$nicManager = Get-View $h.configManager.virtualNicManager
$nicManager.SelectVnicForNicType("management", "vmk2")

This entry was posted on Monday, August 17th, 2009 at 3:13 pm and is filed under ESX, PowersHell. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “Some More PowerShell – Configuring an ESXi host – Sample PS1 file”

  1. Alan Renouf Says:
    August 17th, 2009 at 3:46 pm

    Nice work Mike, I am working on a script that will basically copy all the config from an existing host, the starts of which are here: http://www.virtu-al.net/2009/06/29/powercli-vprofiles/

  2. Mike Laverick Says:
    August 26th, 2009 at 12:46 pm

    Alan. I tell what I love one of your PS gurus to do – is to essentially make a free, powershell based process – that essentially does everything that VMware “Host Profiles” do. And then maybe they would see to be a enterprise+ feature!!!

  3. Chris Castaneda Says:
    October 22nd, 2009 at 10:35 am

    I’m curious as to why you have created a separate HA-Heartbeat VMKernel Port for the management traffic. Why not just use the default “Management Network” VMKernel port off the install? Is that not what it’s for?

  4. Mike Laverick Says:
    October 22nd, 2009 at 11:33 am

    Here’s why…

    If you only have 1 management port connected to one vSwitch – then a condition called “split brain” could occur. I’m sure you know this already. :-)

    Of course there a number of different ways to do this….

    2xVMNICs behind vSwitch0
    a 2nd Service Console connection on the same vSwitch that host the VMotion traffic
    and in ESXi enabling the VMotion VMkernel Port for BOTH VMotion and Management.

    It’s a little bit tricky to show ALL of these configurations in one PS script. Also I wanted to and make my PS script work on BOTH an ESX “Classic” host with the “Service Console” and with ESXi… I actually run BOTH flavours of ESX in my environment for test/validation purposes.

    Try to see my PS script as merely a “sample” which you could rip-off and re-engineer for your own environment based on your design and company standards. After all one size, does not fit all.

    Does that make it clearer?

  5. Chris Castaneda Says:
    October 22nd, 2009 at 12:05 pm

    So then, if you are not enabling “Management traffic” on the default “Management Network” VMKernel port, then what is used for?

    Wouldn’t you be better off having “Management traffic” from separate vSwitches? If for some reason you lost the nic(s)/switch(es) that support the vSwitch you have the 2 system consoles or VMotion/Management traffic on, then it truly wasn’t redundant, right?

    Just trying to make sure I understand the logic as I am using your code for my environment. A lot of good stuff on your site, thank you.

  6. Mike Laverick Says:
    October 27th, 2009 at 8:15 am

    Well, there are number of methods offer up the redundency need for HA – often referred to the HA-Heartbeat.

    By default the ESXi “Management Traffic” port group is already enabled for management – and this vSwitch is used for the default management traffic on vmnic0 in most cases.

    In my scripts I create 2nd Management Port on the VMotion vSwitch – often serviced by different NIC – and could theoretically be plugged into a different physical switch – which is desirable from a HA perspective, but not required for VMotion to work.

    In ESXi, the “VMotion” network could also be enabled for Management Traffic if your using ESXi. If your using ESX “Classic” then second service console port “vswif1″ could be created instead.

    Not sure if that is any clearer!

  7. Chris Castaneda Says:
    October 27th, 2009 at 10:08 am

    Okay, I’m clear now. But let me regurgitate… so it relates to ESXi, your recommending that there be at least two “Management Traffic” enabled VMKernel ports (offering some form of physical redundancy of course). In your example, you’ve labeled your second one “HA-Heartbeat”, but technically, the VMotion designated port could also be used for this as well.

    BTW, my recent installs of ESXi 4 don’t have the Management traffice enabled by default for Management Network. Maybe in 3.5?

    Thanks for your help. I’ll be sure to post my provisioing script on you site somewhere? Working on drop-down menus and such.

    -C

  8. Mike Laverick Says:
    October 27th, 2009 at 10:20 am

    Yes, whether it be ESX “classic” or ESX4i. Two management ports connected to two vSwitches with one nic each plugged into two different physical switches will off the greatest redundancy. Unless you make vSwitch0 have two vmnic plugged into two different physical switches.

    VMware has never enforced this configuration, but do recommend it. In ESX 3.5 the change HA to produce a warning if an ESX host lack redundancy on the management network…

    I’d be very interested in your provisioning script – and you want to post it here your welcome. I make a brand new blog post just for it…

Leave a Reply

 


Podcast

LinkedIn

If you want to add Mike Laverick on LinkedIn, click on this button:

Mike Laverick

Categories

My Pages

Archives

Other VMware Bloggers