Automate ESXi host provisioning

My last blog post was about automation of adding VMkernel adapters in a specific TCP/IP netstack. As I already mentioned in that post I was working on a script that will automate the whole process  of adding a host in vCenter, configure all the necessary stuff and bring it up to date with the configured VUM baseline(s).

The script itself containts PowerCLI commands and esxcli (v2) commands via the PowerCLI module. I tested this script successfully with the following versions:


OS: Windows 10, Windows Server 2016
Powershell version:
PSVersion                      5.1.14393.1715
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
BuildVersion                   10.0.14393.1715
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

PowerCLI versions:
ModuleType Version    Name
———- ——-    —-
Manifest   6.5.3.6… VMware.PowerCLI
Manifest   6.5.2.6… VMware.PowerCLI

You will find the script and a recording of the script in action below. Maybe this can be very usefull for someone who is looking for such kind of automation. With some little adjustments you can use it in your own environment*.

Download the answer (csv) file (change extension from *.xls to *.csv): host-info

Get-Module -ListAvailable VMware* | Import-Module

##Importing Sheet##

$CSV = Import-csv ‘C:\VCenter_scripts\V2 Automated Host Provisioning\host-info.csv’

##Infra-Info##

foreach ($item in $CSV)

{

$vsanip = $item.vsanip

$vmotionip = $item.vmotionip

$provisioningip = $item.provip

$NTP1 = $item.ntp1

$NTP2 = $item.ntp2

$vcenterserver = $item.vcenter

$vcenteradmin = $item.vcenteradmin

$vcenteradminpw = $item.vcenteradminpw

$esxiserver = $item.esxiserver

$esxiuser = $item.esxiuser

$esxiuserpw = $item.esxiuserpw

$vmwaredatacenter = $item.vmwaredatacenter

$cluster = $item.cluster

$dvSwitch = $item.dvswitch

$vmotionpg = $item.vmotionpg

$vmotionmask = $item.vmotionmask

$vmotiongw = $item.vmotiongw

$vsanmask = $item.vsanmask

$provisioningmask = $item.provmask

$vsanpg = $item.vsanpg

$managementpg = $item.mgmtpg

$DNS1 = $item.dns1

$DNS2 = $item.dns2

$ibmesxuser = $item.localuserfordeletion

$domain = $item.domain

$megaraidbaseline = $item.vumbaseline

$aduser = $item.aduser

$aduserpw = $item.aduserpw

$datastorename = $item.datastorename

}

##Connect to vCenter##

write-host Connecting to vCenter Server instance $vcenterserver -ForegroundColor Yellow

Connect-VIServer $vcenterserver -User $vcenteradmin -Password $vcenteradminpw -Force

##Add Hosts to vCenter##

write-host Start adding ESXi hosts to the vCenter Server instance $vcenterserver -ForegroundColor Yellow

Add-VMHost $esxiserver -Location $vmwaredatacenter -User $esxiuser -Password $esxiuserpw -Force

##Put Host in Maintenance Mode##

write-host Put $esxiserver in Maintenance mode

Set-VMhost $esxiserver -State Maintenance

##ESXCLI##

$esxcli = Get-EsxCli -VMhost (Get-VMHost $esxiserver) -V2

##Create netstack and add VMkernel adapters##

write-host Create Provisioning and vMotion TCP/IP stack and add vMotion and Provisioning VMkernel ports -ForegroundColor Yellow

$esxcli.network.ip.netstack.add.Invoke(@{netstack = ‘vmotion’})

$esxcli.network.ip.netstack.add.Invoke(@{netstack = ‘vSphereProvisioning’})

$esxcli.network.ip.interface.add.Invoke(@{interfacename = ‘vmk1’; portgroupname = ‘Management Network’; netstack = ‘vmotion’})

$esxcli.network.ip.interface.add.Invoke(@{interfacename = ‘vmk2’; portgroupname = ‘Management Network’; netstack = ‘vSphereProvisioning’})

##Set vMotion VMkernel Port##

write-host Setting IP address on the vMotion VMkernel adapter on the $esxiserver -ForegroundColor Yellow

$esxcli.network.ip.interface.ipv4.set.Invoke(@{interfacename = ‘vmk1’; ipv4 = $vmotionip; netmask = $vmotionmask; gateway = $vmotiongw; type = ‘static’})

#Get-VMHostNetworkAdapter -VMHost $esxiserver -Name ‘vmk1’ | Set-VMHostNetworkAdapter -IP $vmotionip -Subnetmask $vmotionmask -Confirm:$false | Out-Null

##Set Provisioning VMkernel Port##

write-host Setting IP address on the Provisioning VMkernel adapter on the $esxiserver -ForegroundColor Yellow

$esxcli.network.ip.interface.ipv4.set.Invoke(@{interfacename = ‘vmk2’; ipv4 = $provisioningip; netmask = $vmotionmask; gateway = $vmotiongw; type = ‘static’})

#Get-VMHostNetworkAdapter -VMHost $esxiserver -Name ‘vmk2’ | Set-VMHostNetworkAdapter -IP $provisioningip -Subnetmask $provisioningmask -Confirm:$false | Out-Null

##Add Host to Distributed Switch##

Write-host adding $esxiserver to the $dvSwitch -ForegroundColor Yellow

Get-VDSwitch -Name $dvSwitch | Add-VDSwitchVMHost -VMHost $esxiserver

##Add 2nd NIC to Distributed Switch##

$vmhostnetworkadapter2 = Get-VMhost $esxiserver | Get-VMHostNetworkAdapter -Physical -Name vmnic2

Write-host adding $vmhostnetworkadapter2 to $dvSwitch -ForegroundColor Yellow

Get-VDSwitch -Name $dvSwitch | Add-VDSwitchPhysicalNetworkAdapter -VMHostPhysicalNic $vmhostnetworkadapter2 -Confirm:$false | Out-Null

##Migrate MGMT vmk to Distibuted Portgroup##

$destinationmgmtpg = Get-VDPortgroup -Name “vmk_Management”

write-host Migrate Management Network to $dvSwitch -ForegroundColor Yellow

$dvportgroup = Get-VDPortgroup -Name $destinationmgmtpg -VDSwitch $dvSwitch

$vmk = Get-VMHostNetworkAdapter -Name vmk0 -VMHost $esxiserver

Set-VMHostNetworkAdapter -PortGroup $dvportgroup -VirtualNic $vmk -Confirm:$false | Out-Null

##Migrate vMotion vmk to Distibuted Portgroup##

$destinationvmotionpg = Get-VDPortgroup -Name “vmk_vMotion”

write-host Migrate vMotion VMkernel to $dvSwitch -ForegroundColor Yellow

$dvportgroup = Get-VDPortgroup -Name $destinationvmotionpg -VDSwitch $dvSwitch

$vmk = Get-VMHostNetworkAdapter -Name vmk1 -VMHost $esxiserver

Set-VMHostNetworkAdapter -PortGroup $dvportgroup -VirtualNic $vmk -Confirm:$false | Out-Null

##Migrate Provisioning vmk to Distibuted Portgroup##

$destinationprovisioningpg = Get-VDPortgroup -Name “vmk_vMotion”

write-host Migrate Provisioning VMkernel to $dvSwitch -ForegroundColor Yellow

$dvportgroup = Get-VDPortgroup -Name $destinationprovisioningpg -VDSwitch $dvSwitch

$vmk = Get-VMHostNetworkAdapter -Name vmk2 -VMHost $esxiserver

Set-VMHostNetworkAdapter -PortGroup $dvportgroup -VirtualNic $vmk -Confirm:$false | Out-Null

##Add first NIC to Distibuted Switch##

$vmhostnetworkadapter1 = Get-VMhost $esxiserver | Get-VMHostNetworkAdapter -Physical -Name vmnic0

Write-host adding $vmhostnetworkadapter1 to $dvSwitch -ForegroundColor Yellow

Get-VDSwitch -Name $dvSwitch | Add-VDSwitchPhysicalNetworkAdapter -VMHostPhysicalNic $vmhostnetworkadapter1 -Confirm:$false | Out-Null

##Remove Virtual Standard Switch##

Write-Host Removing the Virtual Standard Switch -ForegroundColor Yellow

Get-VirtualSwitch -VMHost $esxiserver -Name vSwitch0 | Remove-VirtualSwitch -Confirm:$false

##Add vSAN VMkernel Port##

write-host Creating vSAN VMkernel port -ForegroundColor Yellow

New-VMHostNetworkAdapter -VMhost $esxiserver -PortGroup $vsanpg -VirtualSwitch $dvswitch -IP $vsanip -SubnetMask $vsanmask -VsanTrafficEnabled:$true

##Remove local ESXi user (non-root)##

write-host Remove useraccount $ibmesxuser from $esxiserver -ForegroundColor Yellow

Disconnect-VIServer $vcenterserver -Confirm:$false

Connect-VIServer $esxiserver -User $esxiuser -Password $esxiuserpw -Force

Get-VMHostAccount -Name $ibmesxuser | Remove-VMHostAccount -Confirm:$false -ErrorAction SilentlyContinue

Disconnect-VIServer $esxiserver -Confirm:$false

Connect-VIServer $vcenterserver -User $vcenteradmin -Password $vcenteradminpw -Force

##Configure DNS on default TCP/IP Stack##

write-host Configure DNS servers -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Get-VMhostnetwork | Set-VMHostNetwork -DnsAddress $DNS1, $DNS2 -WarningAction SilentlyContinue

##Configure searchdomain for ESXi host##

write-host Configure searchdomain for $esxiserver -ForegroundColor Yellow

Get-VMhost $esxiserver | Get-VMHostNetwork | Set-VMHostNetwork -SearchDomain $domain -WarningAction SilentlyContinue

##Change local datastore name and move to datastore folder##

Write-Host Changing the name of the local datastore on $esxiserver -ForegroundColor Yellow

Get-VMhost $esxiserver | Get-Datastore -Name “datastore1” | Set-Datastore -Name $datastorename

Write-Host Moving $datastorename into datastore folder Local -ForegroundColor Yellow

Get-VMHost $esxiserver | Get-Datastore $datastorename | Move-Datastore -Destination ‘Local’

##Set NTP Server##

write-host Configuring NTP server and enable NTP service on $esxiserver -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Add-VMHostNtpServer -NtpServer $NTP1, $NTP2

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “ntpd”} | Set-VMHostService -Policy “on”

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “ntpd”} | Start-VMHostService

##Disable SSH service on ESXi host#

Write-Host Disable SSH service and adjust policy on $esxiserver -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “TSM-SSH”} | Set-VMHostService -Policy “off”

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “TSM-SSH”} | Stop-VMHostService -Confirm:$false

##Disable ESXi Shell on ESXi host#

Write-Host Disable ESXi shell and adjust policy on $esxiserver -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “TSM”} | Set-VMHostService -Policy “off”

Get-VMhost -Name $esxiserver | Get-VMHostService | Where-Object {$_.key -eq “TSM”} | Stop-VMHostService -Confirm:$false

##Set ESXi host security compliance settings##

Write-Host Settings Host Security Compliance settings on $esxiserver -ForegroundColor Yellow

Get-AdvancedSetting -Entity $esxiserver -Name ‘UserVars.ESXiShellTimeOut’ | Set-AdvancedSetting -Value ‘900’ -Confirm:$false

Get-AdvancedSetting -Entity $esxiserver -Name ‘UserVars.ESXiShellInteractiveTimeOut’ | Set-AdvancedSetting -Value ‘900’ -Confirm:$false

Get-AdvancedSetting -Entity $esxiserver -Name ‘UserVars.HostClientCEIPOptIn’| Set-AdvancedSetting -Value ‘1’ -Confirm:$false

##Set Syslog Server to Log Insight##

Write-Host Setting syslogserver on $esxiserver -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Set-VMHostSysLogServer -Syslogserver ‘ip of syslogserver’

##Add Static Route to default TCP/IP Stack## (Only use this with an vSAN Stretched Cluster)

#write-host Adding static routes to default TCP/IP stack## -ForegroundColor Yellow

#Get-VMhost -Name $esxiserver | New-VMHostRoute -Destination 192.168.55.0 -PrefixLength 24 -Gateway 192.168.88.254 -Confirm:$false

##Join domain for ESXi host##

write-host joining $esxiserver to $domain domain -ForegroundColor Yellow

Get-VMhost -Name $esxiserver | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain $domain -Username $aduser -Password $aduserpw -Confirm:$false -ErrorAction SilentlyContinue

##Add host to Cluster#

Write-Host Adding $esxiserver to cluster $cluster in datacenter $vmwaredatacenter in vCenter Server instance $vcenterserver -ForegroundColor Yellow

Move-VMHost $esxiserver -Location $cluster

write-host “Wait for vTEP and vxlan installation on the host to be ready. Then hit the space bar to continue this script” -ForegroundColor Yellow

[void][System.Console]::ReadKey($true)

##Disable ESXi Firewall Temporary##

write-host Disable firewall on $esxiserver temporary for vSphere Update Manager -ForegroundColor Yellow

$esxcli.network.firewall.set.Invoke(@{enabled= ‘false’})

##Update Manager, Attach Baseline and Remediate##

$baseline = Get-Baseline -Name $megaraidbaseline

#Write-Host Attaching the VUM $baseline baseline to $esxiserver -ForegroundColor Yellow

#Get-VMhost $esxiserver | Attach-Baseline -Baseline $baseline

Write-Host Checking VUM baseline $baseline compliance with $esxiserver -ForegroundColor Yellow

Test-Compliance -Entity $esxiserver

Write-Output Get-Compliance -Entity $esxiserver -Baseline $baseline

Write-Host Stage Patches on $esxiserver -ForegroundColor Yellow

Stage-Patch -Entity $esxiserver

Write-host Remediate $esxiserver -foregroundcolor yellow

Update-Entity -Baseline $baseline -Entity $esxiserver -Confirm:$False

Test-Compliance -Entity $esxiserver

Write-Output Get-Compliance -Entity $esxiserver -Baseline $baseline

#Get-VMHost $esxiserver | Detach-Baseline -Baseline $baseline

##Enable ESXi Firewall##

write-host Turn firewall back on on $esxiserver -ForegroundColor Yellow

$esxcli.network.firewall.set.Invoke(@{enabled= ‘true’})

##Finalizing Stuff##

write-host Please assign the appropriate license manually to $esxiserver -ForegroundColor Yellow

write-host “Apply license to ESXi host $esxiserver and then press the space bar to continue” -ForegroundColor Green

[void][System.Console]::ReadKey($true)

write-host This is the end of the script. $esxiserver has been successfully added to $vcenterserver with all the needed configuration. And is now going to reboot one more time due to installation of the Megaraid Driver -ForegroundColor Yellow

##Load Module + Reboot host##

write-host Loading megaraid module + reboot host -ForegroundColor Yellow

$esxcli.system.module.set.Invoke(@{enabled = ‘false’; module = “lsi_mr3”})

$esxcli.system.shutdown.reboot.Invoke(@{reason = ‘Enabled MegaRAID SAS’})

*use this script at your own risk in production environments

sources: vmware.com, virten.net

One comment

Leave a comment