ESXi: Silent Installation by iPXE HTTP boot

Hi,

this post describes the silently installing of a ESXi server by a iPXE HTTP remote boot.

Installserver Debian 11 (10.10.220.10):

root@debdev ~ # apt install gnupg2 git
root@debdev ~ # wget https://nginx.org/keys/nginx_signing.key
root@debdev ~ # apt-key add nginx_signing.key
root@debdev ~ # vi /etc/apt/sources.list.d/nginx.list


deb https://nginx.org/packages/mainline/debian/ bullseye nginx
deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx

root@debdev ~ # apt update 
root@debdev ~ # apt install nginx isc-dhcp-server

nginx root to /var/www/html and restrict access, allow access to /esxi and /esxi-ks for the whole subnet.

root@debdev ~ # vi /etc/nginx/conf.d/default.conf


...
location / {
# root /usr/share/nginx/html;
root /var/www/html;
deny all;
index index.html index.htm;
}
location ~ ^/esxi/ {
autoindex off;
root /var/www/html;
allow 10.10.220.0/24;
deny all;
}
location ~ ^/esxi-ks/ {
autoindex off;
root /var/www/html;
allow 10.10.220.0/24;
deny all;
}
...

Copy ESXi ISO to Installaserver

pscp D:\Install\VMware-ESXi-7.0.3.update03-19193900-Fujitsu-v530-1.iso root@10.10.220.10:/root

Extract files

root@debdev ~ # mkdir /mnt/loop
root@debdev ~ # mount -o loop /root/VMware-ESXi-7.0.3.update03-19193900-Fujitsu-v530-1.iso /mnt/loop

Create folder in html root/esxi with version and build number

root@debdev ~ # mkdir -p /var/www/html/esxi/ESXi-7.0.3-19193900
root@debdev ~ # mkdir -p /var/www/html/esxi-ks/

Copy files from iso

root@debdev ~ # cp -r /mnt/loop/* /var/www/html/esxi/ESXi-7.0.3-19193900

Copy the bootloader. Copy bootx64.efi from the latest ESXi installationfiles. The bootloader has backward compatibility.

root@debdev ~ # cp /var/www/html/esxi/ESXi-7.0.3-19193900/efi/boot/bootx64.efi /var/www/html/esxi/mboot.efi

Modify boot.cfg, edit module pathes, kernel parameters, set prefix URL to your webserver server…

root@debdev ~ # chmod u+w /var/www/html/esxi/ESXi-7.0.3-19193900/boot.cfg
root@debdev ~ # vi /var/www/html/esxi/ESXi-7.0.3-19193900/boot.cfg

Remove all leading slashes from the filenames at parameters kernel= and modules=. Example

kernel=/b.b00 to kernel=b.b00
modules=/jumpstrt.gz --- /useropts.gz --- /features.gz... to modules=jumpstrt.gz --- useropts.gz --- features.gz

Usually / are only used by these both options so you can simply replace them

root@debdev ~ # sed -e's/\///g'  /var/www/html/esxi/ESXi-7.0.3-19193900/boot.cfg --in-place=.bak

Then add URL of the installation source

prefix=http://10.10.220.10/esxi/ESXi-7.0.3-19193900

From the kernelopt= option remove cdromBoot

kernelopt=runweasel

To use a silent/scripted installation add the ks= option to kernelopt= option and created the file (see above, later in the post)

kernelopt=runweasel ks=http://10.10.220.10/esxi-ks/ks.cfg

root@debdev ~ # touch /var/www/html/esxi-ks/ks.cfg

Setup Boot with UEFI, iPXE and http


The boot with iPXE has two steps. First iPXE must be booted by UEFI PXE from the computer, the second step iPXE sends also PXEboot request to the DHCP Serverwith a Userclass iPXE, dnsmasq recognize these requests and initiate the boot of mboot.efi.

Install dnsmasq and build tools.

root@debdev ~ # apt install dnsmasq build-essential

Get and build iPXE

michael@debdev ~ # git clone https://github.com/ipxe/ipxe.git
michael@debdev ~ # cd ipxe/src
michael@debdev ~/ipxe/src # make bin-x86_64-efi/snponly.efi
...
  [LD] bin-x86_64-efi/snponly.efi.tmp
  [FINISH] bin-x86_64-efi/snponly.efi

Create a /tftpboot folder and copy the file to

root@debdev ~ # mkdir /tftpboot
root@debdev ~ # cp /home/michael/ipxe/src/bin-x86_64-efi/snponly.efi /tftpboot 

also copy the ESXi boot loader bootx64.efi to mboot.efi

root@debdev ~ # cp /var/www/html/esxi/ESXi-7.0.3-19193900/efi/boot/bootx64.efi /tftpboot/mboot.efi

Create a dnsmasq config /etc/dnsmasq.conf


# Disable DNS Server
port=0

# Enable DHCP logging
log-dhcp
log-debug
log-facility=/tmp/dns.log

# Set the root directory for files available via FTP.
enable-tftp
tftp-root=/tftpboot
dhcp-no-override
# Respond to PXE requests for the specified network;
# run as DHCP proxy
dhcp-range=10.10.220.0,proxy,255.255.255.0

dhcp-match=set:efi-ipxe-http,option:client-arch,7
dhcp-match=set:efi-ipxe-http,option:client-arch,9

# set tag "iPXEBoot" if request comes from iPXE ("iPXE" user class)
dhcp-userclass=set:iPXEBoot,iPXE
# The boot filename, Server name, Server Ip Address
# BIOS
# dhcp-boottag:=bios-ipxe-http,undionly.kpxe,,10.10.220.10
# UEFI
# dhcp-boot=tag:efi-ipxe-http,snponly.efi
# If no server is specified then the PXE is used to search for the files, also http
# boot iPXE first
dhcp-boot=tag:!iPXEBoot,snponly.efi
pxe-service=tag:!iPXEBoot,BC_EFI, "Network boot", snponly.efi
pxe-service=tag:!iPXEBoot,X86-64_EFI, "Network boot", snponly.efi
# when iPXE has booted, boot mboot.efi as second stage
dhcp-boot=tag:iPXEBoot,mboot.efi -> boots http
pxe-service=tag:iPXEBoot,BC_EFI, "Network boot",mboot.efi
pxe-service=tag:iPXEBoot,X86-64_EFI, "Network boot",mboot.efi

There is an option to boot all Hosts from the same installer. Then copy boot.cfg and mboot.efi to the same directory

root@debdev ~ # cp /var/www/html/esxi/ESXi-7.0.3-19193900/boot.cfg /tftpboot

Or if want to create a boot directory for each host individually: Create an directory with the MAC Address and copy the boot.cfg file to it. Note the leading 01 prefix right before the MAC address in the folder name.

root@debdev ~ # mkdir /tftpboot/01-11-22-33-44-55-66
root@debdev ~ # cp /var/www/html/esxi/ESXi-7.0.3-19193900/boot.cfg  /tftpboot/01-11-22-33-44-55-66

Then create a default ks script: /var/www/html/esxi-ks/ks.cfg.


# Accept the VMware End User License Agreement
vmaccepteula

# Set the root password for the DCUI and Tech Support Mode
rootpw myp@ssw0rd

# Install on the first local disk available on machine
install --firstdisk=local --overwritevmfs

keyboard German

# Set the network to DHCP on the first network adapter
network --bootproto=dhcp --device=vmnic0

To execute an individual ks script per host the script has to be created and the boot.cfg must modified. See dnsmasg log which file is requested. Folder name is usually 01-MACAddress

root@debdev ~ # vi grep dnsmasq-tftp /tmp/dns.log
dnsmasq-tftp[1103]: File /tftpboot/01-11-22-33-44-55-66/boot.cfg not found
root@debdev ~ # vi /tftpboot/01-11-22-33-44-55-66/boot.cfg


...
kernelopt=runweasel ks=http://10.10.220.10/esxi-ks/01-11-22-33-44-55-66/ks.cfg
...

root@debdev ~ # mkdir /var/www/html/esxi-ks/01-11-22-33-44-55-66
root@debdev ~ # vi /var/www/html/esxi-ks/01-11-22-33-44-55-66/ks.cfg



# Accept the VMware End User License Agreement
vmaccepteula

# Set the root password for the DCUI and Tech Support Mode
rootpw myp@ssw0rd

# Install on the first local disk available on machine
install --firstdisk=local --overwritevmfs

keyboard German

# Set the network to DHCP on the first network adapter
network --bootproto=dhcp --device=11:22:33:44:55:66
reboot

Michael

Advertisment to support michlstechblog.info

2 thoughts on “ESXi: Silent Installation by iPXE HTTP boot”

  1. Thanks for the article Michls – I tried all the steps provided for but I get below error message –

    Please help to resolve the issue.

    TFTP prefix:
    Trying to load: pxelinux.cfg/ec5db4c0-74fe-d511-b9e7-3d9235afe5a1
    Trying to load: pxelinux.cfg/01-00-17-31-b6-5e-a8
    Trying to load: pxelinux.cfg/0A64491E
    Trying to load: pxelinux.cfg/0A64491
    Trying to load: pxelinux.cfg/0A6449
    Trying to load: pxelinux.cfg/0A644
    Trying to load: pxelinux.cfg/0A64
    Trying to load: pxelinux.cfg/0A6
    Trying to load: pxelinux.cfg/0A
    Trying to load: pxelinux.cfg/0
    Trying to load: pxelinux.cfg/default
    Unable to locate configuration file
    Boot failed: press a key to retry or wait for reset

  2. I tried the same with ESXi 8, but it just won’t like my prefix for some reasons. It still looks for the files via TFTP:

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.