virtuallyGhetto

image profile

Easily create custom ESXi Images from patch releases using vSphere Image Builder UI

by 5 Comments

Creating a custom ESXi Image Profile that incorporates additional ESXi drivers such as the recently released Community Networking Driver for ESXi Fling or Community NVMe Driver for ESXi Fling is a pretty common workflow. Due to the infrequency of this activity, many new and existing users sometime struggle with the process to quickly construct a new custom ESXi Image Profile. I personally prefer to use the Image Builder UI that is built right into the vSphere UI as part of vCenter Server.

There are a couple of ways to create a custom new ESXi Image Profile using the Image Builder UI, but the easiest method is to use the Clone workflow, which is especially helpful when you are selecting an ESXi patch release as your base image.

With a regular major release, you only have to deal with two image profiles: standard (includes VMware Tools) and no-tools (does not include VMware Tools).

With an ESXi patch release, you actually have four image profiles: standard (includes VMware Tools + all bug/security fixes), security standard (includes VMware Tools + security fixes only), security no-tools (does not include VMware Tools + security fixes only) and no-tools (does not include VMware Tools + all bug fixes)

If you start with an empty custom image profile and then select your ESXi base image, you will notice there are multiple VIB version packages to select from since patch release you had imported earlier actually contains four different ESXi image profiles. Below are a step by step instructions on using the cloning workflow since this is a question I get from users who run into package conflicts not realizing they have selected the same package multiple times.

[Read more…] about Easily create custom ESXi Images from patch releases using vSphere Image Builder UI

Deploying NSX-T VIBs and/or creating custom NSX-T Image Profile

by Leave a Comment

Similiar to its earlier predecessor, NSX-T also provides complete lifecycle management (LCM) of its underlying NSX components (Controllers, Edges and Managers) including the Fabric Nodes (e.g. ESXi and/or KVM hosts). Additionally, a new Upgrade Coordinator is now part of NSX-T which greatly simplifies the patching and updating of the network virtualization platform. However, for existing vSphere customers who already have a process for distributing VMware VIBs using vSphere Update Manager (VUM) and/or custom Image Profiles, being able to leverage their existing methods is quite important. This is especially true for customers or system integrators who wish to slipstream all necessary VIBs as part of their base ESXi image for initial deployment which may come in the form of an automated installation via Kickstart and/or even manual install using an ISO image.

The good news is that like NSX-V, NSX-T also supports the same set of deployment methods that customers are already familiar with. I had recently looked into this due to a few questions that I and a few other folks had during our NSX-T Bootcamp training a couple of weeks back. I also did not see anything in the existing NSX-T documentation and figure it would be useful to outline the specific steps for each of the installation methods, especially when creating a custom ESXi Image Profile using PowerCLI which requires a particular order.

Note: Auto Deploy is currently not supported with NSX-T.

[Read more…] about Deploying NSX-T VIBs and/or creating custom NSX-T Image Profile

Quick Tip – Listing Image Profiles From an ESXi Patch Using ESXCLI

by 5 Comments

I was cleaning out a few of my to-do items (list just keeps getting longer everyday) this morning and there was a question that I received a few weeks back asking how to retrieve the list of Image Profiles for a given ESXi patch. This is actually quite easy and you will want to use ESXCLI.

Note: The examples shown below is using ESXCLI on the ESXi Shell, but these commands can be execute remotely as well using ESXCLI or through PowerCLI with Get-EsxCli cmdlet.

To list the available Image Profiles for an ESXi patch, run the following command (ensure you substitute the full path to your ESXi patch):

esxcli software sources profile list -d /vmfs/volumes/datastore1/ESXi510-201212001.zip

To get more details on a particular Image Profile, run the following command and specify the -p for the specific Image Profile:

esxcli software sources profile get -d /vmfs/volumes/datastore1/ESXi510-201212001.zip -p ESXi-5.1.0-20121204001-no-tools

To install/update a specific Image Profile, run the following command with the Image Profile name:

esxcli software profile update -d /vmfs/volumes/datastore1/ESXi510-201212001.zip -p ESXi-5.1.0-20121204001-no-tools

If you just want to install the ESXi patch, run the following command which will install the esx-base Image Profile by default which will include everything:

esxcli software vib update -d /vmfs/volumes/datastore1/ESXi510-201212001.zip

To check for the Image Profile you have installed on your ESXi host, run the following command:

esxcli software profile get

Here are some additional resources for ESXi patch management that may also be useful:

Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling

by 37 Comments

VMware Labs just released a really cool new Fling called VIB Author which is a tool that allows you to easily create custom VIBs for your ESXi 5.x hosts. If you have tried to create custom ESXi firewall rules or add custom scripts to your ESXi host, you may have noticed they are not persisted after a system reboot and you had to play all sorts of games to get the files to persist. The VIB Author tool now solves that problem and you can even take your custom VIB and integrate them into an Auto Deploy Image Profile using Image Builder. Before you jump right in, be sure to read over the important note in the documentation before getting started.

So how does the VIB Author tool work?

You will need to provide two pieces of input: payload which is set of files you wish to include in your VIB and the descriptor.xml which contains the metadata for your files. From that, VIB Author can produce either a VIB and/or an offline bundle (can be used with Image Builder).

VIB Author is distributed only as an RPM and you will need to install the VIB Author tool on a 32-bit Linux system (sorry, no 64-bit support). In my home setup, I went with CentOS 6.2 i386 as it was free to download & easy to setup or you may choose go with SUSE Linux Enterprise 11 SP2 which is the recommended platform per the documentation.

To install the RPM, run the following command:

rpm -ivh vmware-esx-vib-author-5.0.0-0.0.844296.i386.rpm

In the example below, I will show you how to create a custom VIB that contains several different configurations:

  • Custom Firewall Rule
  • Custom Startup script (adds a static route)
  • Custom Files (ghettoVCB)

Disclaimer: The example below is not officially supported by VMware, please thoroughly test this in a development environment before using in production.

Here is the directory structure for the example that we will be going through:

Step 1 – Create your stage directory structure which we will then populate with your payload files as well as the descriptor.xml file.

mkdir -p stage/payloads/payload1 

Step 2 – Create your descriptor.xml file which should be placed in the stage directory. For more details on the parameters within the descriptor.xml, please take a look at the documentation.

Here is an example of my descriptor.xml file:

Step 3 – Create the directory structure and store the files you wish to include under payload1. Ensure the the directory structure matches the absolute path of how you want the files to appear on the ESXi host. For example, if you wish to create a file call foo in /etc/vmware/foo then your directory structure should look like stage/payloads/payload1/etc/vmware/foo

Note: In the documentation, there is a list of default supported paths, if you venture off of this supported list, then you will need to issue the -f flag when creating your VIB as well as installing your VIB on your ESXi host

So for our examples we have the following files:

stage/payloads/payload1/etc/vmware/firewall/virtuallyghetto.xml
This one should be pretty straight forward, we are just creating a custom ESXi firewall rule and you will need to place your configuration file under /etc/vmware/firewall, please take a look at this article for more details on creating your own firewall rules.

stage/payloads/payload1/etc/rc.local.d/999.addStaticRoute.sh
This is a custom shell script that adds a static route to an ESXi host upon bootup under /etc/rc.local.d. There maybe other startup scripts that could be executed and you do not want to conflict with any system defaults. I recommend you label yours with a high number such as 999 to ensure it is one of the last scripts to execute.

stage/payloads/payload1/opt/ghettoVCB/{ghettoVCB.conf,ghettoCB-restore.sh,ghettoVCB.sh}
This is a custom set of files that I would like to store in ESXi under /opt directory and the files are my free ghettoVCB backup script.

Here is a copy of my directory structure (stage.zip) which can be used as a reference.

Step 4 – Now we ready to create our VIB and/or offline bundle by specifying our stage directory as input. In this example, we will generate both a VIB as well as an offline bundle containing the same contents. Run the following command:

vibauthor -C -t stage -v virtuallyghetto.vib -O virtuallyghetto-offline-bundle.zip -f

Note: Since we added some files outside of the default supported paths, we also need to specify the -f flag to force the creation.

We can also extract information about our VIB by using the -i option in VIB Author, to do so, run the following command:

vibauthor -i -v virtuallyghetto.vib

Finally, we are now ready to copy the VIB over to our ESXi host and install our custom VIB.

To install VIB run the following command:

esxcli software vib install -v /vmfs/volumes/[datastore-name]/virtuallyghetto.vib -f

To install the offline bundle run the following command:

esxcli software vib install -d /vmfs/volumes/[datastore-name]/virtuallyghetto-offline-bundle.zip -f

Note: You need to specify the -f flag to force the installation since we created files in an unsupported path. I have been able to test the VIB and offline bundle installation on both ESXi 5.0 as well as ESXi 5.1

To confirm we have succesfully installed our custom VIB, we can query it by running the following command:

esxcli software vib list | grep virtuallyghetto

So there you have it, in just a few steps, you can create your own custom VIBs!

A Pretty Cool Method of Upgrading to ESXi 5.1

by 40 Comments

I recently came across an interesting article by Andreas Peetz which shows you how to patch an ESXi host using an image profile that is directly available on VMware’s online depot within the ESXi shell. I knew that VMware had online depots for use with VUM and Auto Deploy but I was not aware of this particular method, especially directly from the host.

Disclaimer: This method assumes you can install the default ESXi Image Profile with no additional drivers or packages, else you may have connectivity issue after the upgrade. If you still need to customize the ESXi Image Profile before installation, you will still need to use something like Image Builder and then upload that to your online depot.

Note: There are many ways that you can patch/upgrade your ESXi hosts, here is another article that provides more details for command-line only methods.

Before you get started, you will need to make sure that your ESXi host has the httpClient firewall rule enabled, else you will not be able to connect to VMware’s online depot. To enable this, run the following ESXCLI command:

esxcli network firewall ruleset set -e true -r httpClient

Also make sure that your ESXi host can reach the following URL (you can specify a proxy if needed):

https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

To view the available ESXi Image Profiles, run the following ESXCLI command (use the –proxy if you need to specify a proxy to reach VMware’s online depot):

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

If you are able to successfully connect to the online depot, you see a list of all the ESXi Image Profiles that are available to you. You will see two ESXi 5.1 Image Profiles (these were recently published), one with VMware Tools and one without VMware Tools.

Note: Before you begin, make sure you do not have any running VMs and put your host into maintenance mode.

Let’s go ahead and upgrade our ESXi 5.0 Update 1 host to latest ESXi 5.1. To install the new Image Profile, run the following command:

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.1.0-799733-standard

This can take a few minutes to complete depending on how fast you can pull down the Image Profile. Once it is done, you will see all the new VIBs that have been updated and you will be asked to reboot for the changes to go into effect and then you will be running ESXi 5.1! Pretty cool IMO!