In this exercise we will automate the installation of VMware ESXi.
In order to achieve this we need:
- a bastion host with a http-server
- ansible access to that http-server
- root priviledges to that http-server as we want to loop mount iso-images
- a VMware installation iso residing on that http-server
- A server to install onto
- This server needs to have ILO in place, which can mount and boot from the iso
HINT: connecting an http-accessible file as CDROM image in ILO always seems successfull, independent of the existence of the file or reachability of the webserver. We suggest to first try to mount unalterd VMware iso installation image manualy and boot via one-time boot options from this device. Only if the manual boot into untampered install iso is working, an automated approach will be successful.
We already prepared somewhere else:
- inventory
- project
VMware explains the steps needed to isntall VMware ESXi unattanded quite well. I also used some additional Infromation for reference. Here are the links to deep dive on that subject:
Create an Installer ISO Image with a Custom Installation or Upgrade Script
About the Default ks.cfg Installation Script
Installation and Upgrade Script Commands
You find following playbooks which need to be integrated into Ansible Tower:
-
vmware_iso_prep.yml
This playbook takes the original ISO image unpacks it, creates a additional, tailored kickstart file, assures that this kickstart file is used by adding certain bootparameters to boot.cfg and repacks all this into a new iso-file which get's placed into the webserver directory. -
vmware_iso_boot.yml
This playbook boots from the customized iso image by connecting it as CDrom via ILO. -
vmware_iso_cleanup.yml
This playbook cleans up some temporary files and directories created by vmware_iso_prep.yml. It helps assure you don't have any leftovers from older attempts in your newly created iso.
All the prepared playbooks rely on
- inventory/hosts
file, which needs to be adopted to your environment. Don't change the names for bastion_host, oneview_host or esxi_hosts. the playbooks rely on these names. - group_vars/all/vars.yml
file, which also nees to be adopted to your setup.
After local change of these files do not forget to swicht to the root-directory of the repository and:
''' git add . git commit -m "some meaningful explanation" git push '''
see git documentation elsewhere in this repo
We need the following 3 credentials, which we will create in the following paragraphs.
To execute the iso preparation on the bastion host, we need to asure to have machine credentials which work for the bastion host and also allow to become root.
We inject the later ESXi root password into the kickstart file. As this injection use case is not related to "machine credentials" we once again need a custom credential type.
We need to reach out to ILO and need a ILO Credential. Similar to the HPE Oneview credential this will be a custom credential type
As outlined we need 2 custom credential types. They are created in a similar way:
In Tower (Controller) UI
- Navigate to Credentials Types
- Create a New Credential Type
- NAME : HPE ILO Credentials
- INPUT CONFIGURATION :
fields:
- id: username
type: string
label: HPE ILO username
- id: password
type: string
label: HPE ILO password
secret: true
- INJECTOR CONFIGURATION :
extra_vars:
ilo_password: '{{ password }}'
ilo_username: '{{ username }}'
- NAME : ESXi root user credential type
- INPUT CONFIGURATION :
fields:
- id: username
type: string
label: ESXi root username
- id: password
type: string
label: ESXi password
secret: true
- INJECTOR CONFIGURATION :
extra_vars:
esxi_password: '{{ password }}'
esxi_username: '{{ username }}'
Having all credential types needed in place now we can create needed credentials:
In Tower (Controller) UI
- Navigate to Credentials
- Create a New Credential by pressing + button
This will look similar to:
- NAME : Ansible User - Machine credential
- CREDENTIAL TYPE : Machine
- USERNAME : ansible
- PASSWORD : We injected a password via bastion host preparation which need to nbe put here
- NAME : ESXI root user
- CREDENTIAL TYPE : ESXi root user credential type
- USERNAME : root
- PASSWORD : a password to your choosing
- NAME : HPE ILO Credential
- CREDENTIAL TYPE : HPE ILO Credentials
- USERNAME : Administrator
- HPE ILO USERNAME : YOUR_HPE_ILO_ADMIN
- HPE ILO PASSWORD : YOUR_HPE_ILO_ADMIN_PASSWD
We will now create 3 job-templates. One for each of the playbooks mentioned earler in this text:
In Tower (Controller) UI
- Navigate to Templates
- Create a New Job Template by pressing + button and choosing Job Template
- NAME : ESXi : Customize boot ISO
- JOB TYPE : Run
- INVENTORY : Workshop Inventory from GitHub
- PROJECT : HPE OneView Workshop
- PLAYBOOK : vmware_iso_prep.yml # Hint: If this does not show up, sync your inventory source first
- CREDENTIALS : Ansible User - Machine credential; ESXi root user
- VERBOSITY : 0
- ANSIBLE ENVIRONMENT : /var/lib/awx/venv/ansible
- ENABLE PRIVILEGE ESCALATION
- NAME : ESXi : Cleanup ISO creation
- JOB TYPE : Run
- INVENTORY : Workshop Inventory from GitHub
- PROJECT : HPE OneView Workshop
- PLAYBOOK : vmware_iso_cleanup.yml # Hint: If this does not show up, sync your inventory source first
- CREDENTIALS : Ansible User - Machine credential
- VERBOSITY : 0
- ANSIBLE ENVIRONMENT : /var/lib/awx/venv/ansible
- ENABLE PRIVILEGE ESCALATION
- NAME : ESXi : Boot from ISO via ILO
- JOB TYPE : Run
- INVENTORY : Workshop Inventory from GitHub
- PROJECT : HPE OneView Workshop
- PLAYBOOK : vmware_iso_boot.yml # Hint: If this does not show up, sync your inventory source first
- CREDENTIALS : HPE ILO Credential
- VERBOSITY : 0
- ANSIBLE ENVIRONMENT : /var/lib/awx/venv/
- ENABLE PRIVILEGE ESCALATION