Last week I wrote a post on Auto deploy configuration in vSphere 6 and deployed on Esxi host using Auto Deploy. In this post we will learn about using host profiles with Auto Deploy for customizing Esxi hosts that will be installed via Auto Deploy.
But before we begin with creating Host Profiles lets have a brief introduction of what is Host Profile and what challenges we are solving by using it.
What is Host Profile and why to use it?
Host profile is nothing but a configuration templates designed to ensure that VMware hosts are configured in a consistent manner across your infrastructure. When an Esxi host is deployed in a infrastructure, there are dozens of configurations that an administrator has to configure. These configurations include (but not limited to):
1: Configuring host networking: This includes creating VMKernel/VM port groups, assigning IP’s to VMkernel portgroups, deciding which portgroup will have which kind of functionality etc.
2: Configuring host Storage: This includes adding software iSCSI adapters (if using iSCSI storage),iSCSI target configuration, Port Bindings, CHAP etc.
3: Configuring NTP server settings on host.
4: Adding Esxi host to domain.
5: Enabling services like ssh,ntp etc.
6: Adding ports for specific services etc.
If you have a small environment (say of 10-15 Esxi hosts) then doing this repetitive tasks is not very hard as you might be adding a new host per month or per quarter. But what if your infrastructure is huge and have 100’s or 1000’s of hosts and every day you have been given tasks to deploy new hosts.
Doing these repetitive tasks manually have some caveats. Manual effort might cause human errors like assigning an incorrect IP to one of the VMKernel portgroup, mapping wrong physical NIC to a VMKernel portgroup and many other such mis-configuration.
Also it consumes a lot of man hours and which is not optimal solution for big environments.
For working in such environments we have this wonderful feature of VMware vSphere i.e. Host Profiles, which ensures a consistent configuration of Esxi hosts across a cluster/vCenter/pod/datacenter. Also man hours is reduced significantly.
How Host Profile Works?
If you are setting up a new environment from scratch, then typical workflow of using host profile can be outlined as below:
1: Deploy your first Esxi host using Auto Deploy
2: Properly configure your first esxi host (manually or via any script)
3: Create a host profile from the configured host.
4: Edit host profile and add any desired configuration feature which you want to be configured on all your hosts.
5: Create answer file for the first host and apply the newly created profile and remediate Esxi host and confirm its showing complaint.
For those who are new to Host profiles and do not knows what is an answer file, I recommend reading this Article from vmware.
6: Deploy the additional Esxi hosts and apply the host profile and remediate them and ensure the newly deployed hosts are also compliant.
For more info on host profile, please read this blogpost from Brien Posey.
Let’s jump into lab now and go through the steps outlined above.
Note: Please ignore the name/IP of the Esxi hosts in screenshots as I did not got host profile to work right for first time and had to delete and redeploy first host 2-3 times and each time it was picking different IP from DHCP server.
1: I deployed my First Esxi hosts and configured all necessary configuration settings and then I extracted a profile out of it by right clicking on Esxi host > Host Profiles > Extract Host profile.
2: Provide a name and optional description for the host profile.
3: Finish export of profile.
4: Edit the newly created profile to add any extra configuration which was not configured on the host, out of which this profile is extracted.
I am listing a few configuration settings which came out of the first deployed Esxi host.
I am using software iSCSI for storage connectivity and using a software adapter for target connection. By default when you add a software iSCSI adapter to an Esxi host, it gets vmhba33 as a default name.
If you wish to use some other name you can modify this in the host profile in below section by clicking on Edit button.
Each of my Esxi host is going to be deployed with 4 physical NIC (One for Management network, one for vMotion network and 2 for storage connectivity).
I verified that host profile was showing 4 Physical NIC.
My first Esxi host was added to dvSwitch and I verified that host profile have got the information of to which vDS host is connected and name of the management portgroup.
You can modify settings (if you forgot to configure these on first host) like adding a VLAN ID for your portgroups, Changing Active/Standby uplink configuration, Load balancing algorithm used etc.
Also I verified that VMkernel portgroups <-> Uplink mappings were exported right.
Also for IP Address’s assignment for the VMkernel portgroup, I chose that option which prompts user for an input while applying the profile. You can also use option “Use DHCP provided IP” here.
My NTP server info was also exported right.
I configured a fixed password for all my Esxi host that will be deployed and will use this host profile. If your organization policy states to have a unique password for each host,then you can use another option from dropdown which prompts user to supply a password while applying host profile on individual hosts.
Also if you have enabled SSH and want to suppress the warning, you can set the value of User.vars.SupressShellWarnings to 1.
If on the first configured host you forgot to set the value but still wants to suppress the warnings, then you have to add this sub-profile separately. Steps for doing so are listed here
This setting is important. By default this policy is set to stateless boot as your first auto deployed host has booted in stateless mode and do not have a persistent storage and Esxi is loaded into Memory.
If you want to change the host booting from stateless to stateful, then you have to select “Enable stateful installs on the host” and provide the arguments for the first disk (Esxi will be installed on this disk).
For more information on other available options bot host boot, please refer this Article.
Note: If you enable stateful install, then when you apply the host profile for the first time on hosts, it will show non-complaint and will throw a warning that “This host do not appears to boot in stateful mode”. To get the host complaint against the profile, you have to reboot the Esxi host and apply profile again and again check for compliance.
Finally I verified that NTPD and SSHD service setting was configured for “start and stop with host”
After reviewing all configuration settings, I applied the host profile on my first host and waited for it to show complaint against the host profile.
Now before deploying my second Esxi host, I had to modify my auto deploy rules as when I initially created it, I did not had a host profile with me. Now I want that all subsequent hosts that will be deployed should attach themselves against the newly created host profile.
I modified my rules as shown below
New-DeployRule -Name "Esxi6.0U3" -Item "New_Profile" -Pattern "ipv4=-192.168.109.110
Note: Name of the host profile is New-HP
New-DeployRule –Name "Esxi6.0U3" –Item "New_Profile", "Staging", "New-HP" –Pattern "ipv4=192.168.109.100-192.168.109.110"
I booted my New host and verified that it was attached to the newly created profile. It was showing Non-Complaint initially.
I completed the answer file of this host and applied the profile, rebooted host, apply profile again.
Now when I checked compliance, both my Esxi hosts were showing compliant.
Also on navigating to Esxi Host > Configuration > Storage, I was able to see presence of local storage which was clear indication of my host has now booted in stateful mode.
I had few issues with my host profile and my hosts were sowing complaint but cluster was showing non-compliant.
One such issue was regarding FT is not supported and I was seeing this error.
Solution for this issue is explained in my previous Blogpost.
The other issue was about no isolation address defined for HA.
This issue was fixed by adding das.isolationaddress My-GW-IP to HA advanced settings.
Working with host profile is a bit tough for first timers but if you keep your calm and understand clearly about the errors/warnings you get at the time of applying profile to host or when you run compliance check against host, then fixing those is not a big deal.
I always believe what’s the fun if a job is not challenging 😉
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂