# Set Variables: $vmhost = "esx4.vi4book.com" $VMotionIP = "10.0.0.204" $HAheartbeatIP = "10.0.0.104" $FTloggingIP = "172.168.4.104" $IPstorageIP = "172.168.3.104" $localvolname = "esx4_local" $vcname = "virtualcenter4.vi4book.com" # Authenticate User to ESX Host... # This assumes it is a new ESXi host where no password has been set for the root account # SO the first thing I do is connect anonmyously - and set up the root password # I also create a local user account for myself. $esxhost = Connect-VIServer $vmhost -username root Set-VMHostAccount -UserAccount root -password password New-VMHostAccount -ID lavericm-admin -Password password -UserAccount $esxhost = Connect-VIServer $vmhost # This first puts the ESX host into maintenance mode... Set-VMHost -State maintenance # Creates an internal vSwitch called internal-hostname.fqdn.com $vs1 = New-VirtualSwitch -Name vSwitch1 New-VirtualPortGroup -VirtualSwitch $vs1 -Name internal-$vmhost # Creates a teamed vSwitch using vmnic1/2 and creates two portgroups with called VLAN20/21 $vmnics = "vmnic1","vmnic2" $vs2 = New-VirtualSwitch -Name vSwitch2 -nic $vmnics $vlan20 = New-VirtualPortGroup -VirtualSwitch $vs2 -Name vlan20 -VLanId 20 $vlan21 = New-VirtualPortGroup -VirtualSwitch $vs2 -Name vlan21 -VLanId 21 # In this case the policy scrip - Sets High Security and IP Load Balancing on vSwitch2 # Many thanks to LucD - http://communities.vmware.com/message/1067056#1067056 $vSwitch = "vSwitch2" $esxhost = Get-VMHost $vmhost $hostview = $esxhost | Get-View $ns = Get-View -Id $hostview.ConfigManager.NetworkSystem $vsSpec = New-Object VMware.Vim.HostVirtualSwitchSpec $vsSPec.Bridge = New-Object VMware.Vim.HostVirtualSwitchBondBridge $vsSPec.Bridge.Beacon = New-Object VMware.Vim.HostVirtualSwitchBeaconConfig $vsSPec.Bridge.Beacon.Interval = 1 $vsSPec.Bridge.NicDevice = ("vmnic2","vmnic1") $vsSpec.Mtu = 0 $vsSpec.numPorts = 64 $vsSpec.Policy = New-Object VMware.Vim.HostNetworkPolicy $vsSpec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy $vsSpec.Policy.NicTeaming.FailureCriteria = New-Object VMware.Vim.HostNicFailureCriteria $vsSpec.Policy.NicTeaming.FailureCriteria.checkBeacon = $false $vsSpec.Policy.NicTeaming.FailureCriteria.checkDuplex = $false $vsSpec.Policy.NicTeaming.FailureCriteria.checkErrorPercent = $false $vsSpec.Policy.NicTeaming.FailureCriteria.checkSpeed = "minimum" $vsSpec.Policy.NicTeaming.FailureCriteria.fullDuplex = $false $vsSpec.Policy.NicTeaming.FailureCriteria.Percentage = 0 $vsSpec.Policy.NicTeaming.FailureCriteria.Speed = 10 $vsSpec.Policy.NicTeaming.NicOrder = New-Object VMware.Vim.HostNicOrderPolicy $vsSpec.Policy.NicTeaming.NicOrder.ActiveNic = ("vmnic1","vmnic2") $vsSpec.Policy.NicTeaming.NotifySwitches = $true $vsSpec.Policy.NicTeaming.Policy = "loadbalance_ip" $vsSpec.Policy.NicTeaming.ReversePolicy = $true $vsSpec.Policy.NicTeaming.RollingOrder = $false $vsSpec.Policy.OffloadPolicy = New-Object VMware.Vim.HostNetOffloadCapabilities $vsSpec.Policy.OffloadPolicy.CsumOffload = $true $vsSpec.Policy.OffloadPolicy.TcpSegmentation = $true $vsSpec.Policy.OffloadPolicy.ZeroCopyXmit = $true $vsSpec.Policy.Security = New-Object VMware.Vim.HostNetworkSecurityPolicy $vsSpec.Policy.Security.AllowPromiscuous = $false $vsSpec.Policy.Security.ForgedTransmits = $false $vsSpec.Policy.Security.MacChanges = $false $vsSpec.Policy.ShapingPolicy = New-Object VMware.Vim.HostNetworkTrafficShapingPolicy $vsSpec.Policy.ShapingPolicy.AverageBandwidth = 0 $vsSpec.Policy.ShapingPolicy.BurstSize = 0 $vsSpec.Policy.ShapingPolicy.Enabled = $false $vsSpec.Policy.ShapingPolicy.PeakBandwidth = 0 $ns.UpdateVirtualSwitch($vSwitch,$vsSpec) # In this case the policy script - sets vSwitch2 to be in a Explicit Failover Order mode, # with vmnic1 being the Active Adapter, and vmnic2 being the standby adapter. # Additionally the number of ports was increase to 128 (sic 120) and rigious security settings #$vSwitch = "vSwitch2" #$esxhost = Get-VMHost $vmhost #$hostview = $esxhost | Get-View #$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem #$vsSpec = New-Object VMware.Vim.HostVirtualSwitchSpec #$vsSPec.Bridge = New-Object VMware.Vim.HostVirtualSwitchBondBridge #$vsSPec.Bridge.Beacon = New-Object VMware.Vim.HostVirtualSwitchBeaconConfig #$vsSPec.Bridge.Beacon.Interval = 1 #$vsSPec.Bridge.NicDevice = ("vmnic2","vmnic1") #$vsSpec.Mtu = 0 #$vsSpec.numPorts = 128 #$vsSpec.Policy = New-Object VMware.Vim.HostNetworkPolicy #$vsSpec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy #$vsSpec.Policy.NicTeaming.FailureCriteria = New-Object VMware.Vim.HostNicFailureCriteria #$vsSpec.Policy.NicTeaming.FailureCriteria.checkBeacon = $false #$vsSpec.Policy.NicTeaming.FailureCriteria.checkDuplex = $false #$vsSpec.Policy.NicTeaming.FailureCriteria.checkErrorPercent = $false #$vsSpec.Policy.NicTeaming.FailureCriteria.checkSpeed = "minimum" #$vsSpec.Policy.NicTeaming.FailureCriteria.fullDuplex = $false #$vsSpec.Policy.NicTeaming.FailureCriteria.Percentage = 0 #$vsSpec.Policy.NicTeaming.FailureCriteria.Speed = 10 #$vsSpec.Policy.NicTeaming.NicOrder = New-Object VMware.Vim.HostNicOrderPolicy #$vsSpec.Policy.NicTeaming.NicOrder.ActiveNic = ("vmnic1") #$vsSpec.Policy.NicTeaming.NicOrder.standbyNic = ("vmnic2") #$vsSpec.Policy.NicTeaming.NotifySwitches = $true #$vsSpec.Policy.NicTeaming.Policy = "failover_explicit" #$vsSpec.Policy.NicTeaming.ReversePolicy = $true #$vsSpec.Policy.NicTeaming.RollingOrder = $false #$vsSpec.Policy.OffloadPolicy = New-Object VMware.Vim.HostNetOffloadCapabilities #$vsSpec.Policy.OffloadPolicy.CsumOffload = $true #$vsSpec.Policy.OffloadPolicy.TcpSegmentation = $true #$vsSpec.Policy.OffloadPolicy.ZeroCopyXmit = $true #$vsSpec.Policy.Security = New-Object VMware.Vim.HostNetworkSecurityPolicy #$vsSpec.Policy.Security.AllowPromiscuous = $false #$vsSpec.Policy.Security.ForgedTransmits = $false #$vsSpec.Policy.Security.MacChanges = $false #$vsSpec.Policy.ShapingPolicy = New-Object VMware.Vim.HostNetworkTrafficShapingPolicy #$vsSpec.Policy.ShapingPolicy.AverageBandwidth = 0 #$vsSpec.Policy.ShapingPolicy.BurstSize = 0 #$vsSpec.Policy.ShapingPolicy.Enabled = $false #$vsSpec.Policy.ShapingPolicy.PeakBandwidth = 0 #$ns.UpdateVirtualSwitch($vSwitch,$vsSpec) # Creates a vSwitch for VMotion $vs3 = New-VirtualSwitch -Name vSwitch3 -nic vmnic3 $VMotion = New-VirtualPortGroup -VirtualSwitch $vs3 -Name VMotion New-VMHostNetworkAdapter -PortGroup VMotion -VirtualSwitch $vs3 -IP $VMotionIP -SubnetMask 255.255.255.0 -VMotionEnabled: $true # Create a HA Heartbeat network # This method will create a vswif interface. -ConsoleNIC ONLY works with ESX "Classic". # $HAheartbeat = New-VirtualPortGroup -VirtualSwitch $vs3 -Name HA-Heartbeat # New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs3 -IP $HAheartbeatIP -SubnetMask 255.255.255.0 -ConsoleNic # This bit works for ESXi putting a tick in the box next "Management Traffic" for the VMKernel Port # Note: Be careful with this option, as ESX "Classic and ESXi will count the number of vmkernel ports differently # So in ESXi the Management Network on vSwitch0 is the 1st vmkernel port (vmk0), # In my script VMotion is configured before FT so it is (vmk1) # ESXi counts my HA-Heartbeat as vmkernel port (vmk2) New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs3 -IP $HAheartbeatIP -SubnetMask 255.255.255.0 $h = Get-VMHost $vmhost | Get-View -Property configManager $nicManager = Get-View $h.configManager.virtualNicManager $nicManager.SelectVnicForNicType("management", "vmk2") # Create the FT Logging VMKerneal Port Group (vmk3) # Note: Be careful with this option, as ESX "Classic and ESXi will count the number of vmkernel ports differently # So in ESXi the Management Network on vSwitch0 is the 1st vmkernel port (vmk0), # In my script VMotion is configured before FT so it is (vmk1) # ESXi counts my HA-Heartbeat as vmkernel port (vmk2) # Which makes my ft-logging port vmk3... $FTlogging = New-VirtualPortGroup -VirtualSwitch $vs3 -Name FT-Logging New-VMHostNetworkAdapter -PortGroup FT-Logging -VirtualSwitch $vs3 -IP $FTloggingIP -SubnetMask 255.255.255.0 $h = Get-VMHost $vmhost | Get-View -Property configManager $nicManager = Get-View $h.configManager.virtualNicManager $nicManager.SelectVnicForNicType("faultToleranceLogging", "vmk3") # This mounts a NFS Share (Read-Only) on the ESX Host New-Datastore -Nfs -VMHost $vmhost -Name nfs-isos -Path /iso -NfsHost nfs.vi4book.com -readonly: $true # This sets up the ESX Software isCSI Initator # With many thanks too - http://doitsmarter.blogspot.com/2009/02/esx-iscsi-enable-script-using-vi.html # The # in front of the CHAP options - stop CHAP being enabled on the SW iSCSI interface # I've left examples in case you do wish to enable CHAP on the SW iSCSI interface $iscsiHba = "vmhba34" $iscsiServer = "172.168.3.100" $iscsiPort = 3260 $swiscsiiqn = "iqn.2008-10.com.vi4book:$vmhost" $target = New-Object VMware.Vim.HostInternetScsiHBASendTarget $target.address = $iscsiServer $target.port = $iscsiPort $iscsiauthprop = New-Object VMware.Vim.HostInternetScsiHbaAuthenticationProperties #$iscsiauthprop.ChapAuthEnabled = "true" #$iscsiauthprop.ChapName = "$swiscsiiqn" #$iscsiauthprop.ChapSecret = "ChapSecret" $h = Get-VMHost $vmhost Foreach ($hostView in ( Get-View -VIObject $h)) { $storageSystem = Get-View $hostView.configManager.storageSystem # Enable software iSCSI controller $storageSystem.UpdateSoftwareInternetScsiEnabled($true) # Set IQN $storageSystem.UpdateInternetScsiName($iscsihba,$swiscsiiqn) # Add iSCSI Server for dynamic discovery $storageSystem.AddInternetScsiSendTargets($iscsiHba, $target) # $storageSystem.UpdateInternetScsiAuthenticationProperties($iscsiHba,$iscsiauthprop) # Scan for iSCSI devices $storageSystem.RescanHba($iscsiHba) } # Removes "VM Network" from the vSwitch0 get-VirtualPortGroup | where { $_.Name -like "VM Network"} | Remove-VirtualPortGroup -Confirm:$false # Set-up the NTP Configuration Add-VmHostNtpServer -NtpServer "0.uk.pool.ntp.org","1.uk.pool.ntp.org" # Enable SSH on the Host (ESX "Classic" only. Does NOT apply to ESX4i Foreach ($hostView in ( Get-View -VIObject $h)) { $firewallSystem = Get-View $hostView.configManager.firewallSystem $firewallSystem.EnableRuleset("sshClient") } # Disconnect from ESX host and add the ESX host into the DataCenter/Cluster Disconnect-VIServer -Confirm:$False # Next Connect to My VC... and the ESX host... get-vc $vcname add-vmhost $vmhost -location (get-datacenter -name 'SanFran DataCenter' | get-folder -name 'AMD Hosts' | get-cluster -name 'AMD Cluster 2') -user root -password password -force: $true # License ESX host $targethostMoRef = (get-VMHost $vmhost | get-view).MoRef $si = Get-View ServiceInstance $LicManRef=$si.Content.LicenseManager $LicManView=Get-View $LicManRef $licassman = Get-View $LicManView.LicenseAssignmentManager $licassman.UpdateAssignedLicense($targethostMoRef.value,"6M01H-MLK42-18C39-09C24-C8A70","vSphere4 Enterprise Plus (1-12 cores per CPU") # Enable DPM on the ESX host # An ESX host must be first joined to the vCenter environment before you can enable it... $login = "vmware_dpm_user" $password = "password" $hostview = get-vmhost $vmhost | % {Get-View $_.Id} $IpmiInfo = New-Object Vmware.Vim.HostIpmiInfo $IpmiInfo.BmcIpAddress = "192.168.3.204" $IpmiInfo.BmcMacAddress = "00:16:35:37:F8:02" $IpmiInfo.Login = $login $IpmiInfo.Password = $password $hostview.UpdateIpmi($IpmiInfo) # Rename the default datastore Get-Datastore -Name "datastore1" | Set-Datastore -Name $localvolname # Leave maintenance mode: Set-VMHost -VMhost $vmhost -State connected # Disconnect from vCenter Disconnect-VIServer -Confirm:$False