search

nmammadov / Nested-ESXi

Nested ESXi rollout with NSX-T
12 stars 14 forks source link

Support vsca automated installation #1

Open tdr2d opened 4 years ago

tdr2d commented 4 years ago

Hello,

Thank you very much for these 4 incredible workflows. I am trying to automate the creation of a nested vsphere environment using a single ansible role. I am greatly inspired by your work here.

I just have one thing missing : I can't manage to automate the creation of a vsca plateforme from the ova inside of the official iso. It seems possible to do it with powershell (see: https://github.com/lamw/vghetto-vsphere-with-kubernetes-external-nsxt-automated-lab-deployment/blob/master/vghetto-vsphere-with-kubernetes-external-nsxt-lab-deployment.ps1) but I need to do it with linux. My goal is to create a vcsa template from which I can automatically clone and install the plateform. So the creation of this template is a pre-requisite (done manually), this is what I do to create this template :

# 1. Get iso
mount -t  nfs 192.168.145.53:/volume1/Software /mnt
cp /mnt/Software/VMware\ vSphere\ 7.0/VMware-VCSA-all-7.0.0-15952498.iso ~/
umount /mnt

# 2. Get OVA inside iso
mount -o loop VMware-VCSA-all-7.0.0-15952498.iso /mnt
mkdir -p ~/vcsa7
cp /mnt/vcsa/VMware-vCenter-Server-Appliance-7.0.0.10100-15952498_OVF10.ova ~/vcsa7/
umount /mnt
tar -xvf  ~/vcsa7/VMware-vCenter-Server-Appliance-7.0.0.10100-15952498_OVF10.ova -C ~/vcsa7

# 3. Build Template vm
mv ~/vcsa /var/www/html # expose ova to http server
chown -R apache:apache /var/www/html/vcsa7/
restorecon -r /var/www/html/vcsa7/ # selinux
echo "http://$(hostname -I | awk '{print $1}')/vcsa7/VMware-vCenter-Server-Appliance-7.0.0.10100-15952498_OVF10.ova"

# Create template vm from ova
# leave all properties blank

Then I clone the template with ansible like so :

---
- hosts: localhost
  gather_facts: no
  tasks:
    - name: VCSA | Get parent vcsa's thumbprint
      shell: |
        openssl s_client -connect 192.168.145.10:443 < /dev/null 2>/dev/null | \
        openssl x509 -fingerprint -noout -in /dev/stdin | cut -d= -f 2 | \
        awk '{print tolower($0)}' | sed 's/://g'
      register: thumbprint

    - name: VCSA | Provision vm from template
      vmware_guest:
        hostname: "{{ vsphere_vcenter }}"
        username: "{{ vsphere_user }}"
        password: "{{ vsphere_password }}"
        datacenter: "{{ vsphere_datacenter }}"
        validate_certs: no
        folder: "{{ vsphere_folder }}"
        resource_pool: "{{ vsphere_resource_pool.split('/')[-1] }}"
        name: "{{ nested_env }}-vcenter"
        state: poweredon
        template: "{{ vcsa_template }}"
        networks:
        - name: "{{ vsphere_network }}"
        vapp_properties:
        - { "id": "guestinfo.cis.appliance.net.addr.family",          "value": "ipv4" } # Network IP address family (i.e., 'ipv4' or 'ipv6').
        - { "id": "guestinfo.cis.appliance.net.mode",                               "value": "static" } # Network mode (i.e., 'static', 'dhcp', or 'autoconf' (IPv6 only).
        - { "id": "guestinfo.cis.appliance.net.addr",                               "value": "{{ vcsa_ip }}" } # Network IP address.  Only provide this when mode is 'static'.  Can be IPv4 or IPv6 based on specified address family.
        - { "id": "guestinfo.cis.appliance.net.prefix",                 "value": "24" } # Network prefix length.  Only provide this when mode is 'static'.  0-32 for IPv4.  0-128 for IPv6.
        - { "id": "guestinfo.cis.appliance.net.gateway",                  "value": "{{ gateway }}" } # IP address of default gateway.  Can be 'default' when using IPv6.
        - { "id": "guestinfo.cis.appliance.net.dns.servers",                    "value": "{{ dns1 }},{{ dns2 }}" } # Comma separated list of IP addresses of DNS servers.
        - { "id": "guestinfo.cis.appliance.net.pnid",                               "value": "vcenter.{{ nested_env }}.{{ dnsearch }}" } # Network identity (IP address or fully-qualified domain name) services should use when advertising themselves.
        - { "id": "guestinfo.cis.vmdir.password",                                     "value": "VMware1!VMware1!" } # For the first instance of the identity domain, this is the password given to the Administrator account.  Otherwise, this is the password of the Administrator account of the replication partner.
        - { "id": "guestinfo.cis.appliance.root.passwd",                            "value": "VMware1!VMware1!" } # Password to assign to root account.  If blank, password can be set on the console.
        - { "id": "guestinfo.cis.vpxd.ha.management.addr",                      "value": "{{ vsphere_vcenter }}" } # FQDN or IP address of the vCenter Server managing that target appliance. Used when upgrading a source appliance in VCHA cluster.
        - { "id": "guestinfo.cis.vpxd.ha.management.port",                      "value": "443" } # Https port of the vCenter Server managing that target appliance. Used when upgrading a source appliance in VCHA cluster. If not specified, port 443 will be used by default.
        - { "id": "guestinfo.cis.vpxd.ha.management.user",                      "value": "{{ vsphere_user }}" } # User able to authenticate in vCenter Server managing that target appliance. The user must have the privilege Global.VCServer. Used when upgrading a source appliance in VCHA cluster.
        - { "id": "guestinfo.cis.vpxd.ha.management.password",              "value": "{{ vsphere_password }}" } # Password for administrator user authenticating to the vCenter Server managing target appliance. Used when upgrading a source appliance in VCHA cluster.
        - { "id": "guestinfo.cis.vpxd.ha.management.thumbprint",            "value": "{{ thumbprint.stdout }}" } # Thumbprint for the SSL certificate of the host that manages the appliance to upgrade. Used when upgrading a source appliance in VCHA cluster.
        - { "id": "guestinfo.cis.vpxd.ha.placement",                                    "value": "{{ vsphere_resource_pool }}" } # Path to host/cluster/resource pool where target appliance will be deployed on management vCenter Server. Used when upgrading a source appliance in VCHA cluster. Example: /my_datacenter/my_folder/my_host_or_cluster/my_resource_pool
        - { "id": "guestinfo.cis.ceip_enabled",                                         "value": "True" } # VMware’s Customer Experience Improvement Program ("CEIP") provides VMware with information that enables VMware to improve its products and services, to fix problems, and to advise you on how best to deploy and use our products. As part of the CEIP, VMware collects technical information about your organization’s use of VMware products and services on a regular basis in association with your organization’s VMware license id(s). This information does not personally identify any individual. For more details about the Program and how VMware uses the information it collects through CEIP, please see the product documentation at http://www.vmware.com/info?id=1399. If you want to participate in VMware’s CEIP for this product, set this property to True. You may join or leave VMware’s CEIP for this product at any time.
        - { "id": "vami.domain.VMware-vCenter-Server-Appliance",            "value": "vcenter.{{ nested_env }}.{{ dnsearch }}" } # The domain name of this VM. Leave blank if DHCP is desired.
        - { "id": "vami.searchpath.VMware-vCenter-Server-Appliance",    "value": "{{ dnsearch }}"} # The domain search path (comma or space separated domain names) for this VM. Leave blank if DHCP is desired.
      delegate_to: localhost

This works but then I have to do manual action to finish the install on https://vsca-ip:5480 image

Do you maybe know a way to automate this action ?

nmammadov commented 3 years ago

@Thomas-Webber Inside of the installer there should be json template files ( \vcsa-cli-installer\templates\install). Use for example embedded.vCSA_on_ESXi.json. Modify as needed. You will need OVF tools installed as well. Then you just launch it and it should install it for you unattended.