├── inventory └── hosts ├── .gitignore ├── vars ├── creds.yml └── vcentervars.yml ├── CHANGELOG.md ├── LICENSE.md ├── files ├── 9484548 │ ├── boot.cfg │ └── efi │ │ └── boot │ │ └── boot.cfg └── 15160138 │ ├── boot.cfg │ └── efi │ └── boot │ └── boot.cfg ├── README.md ├── fullmetalbuild.yml └── ansible.cfg /inventory/hosts: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /vars/creds.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Vaulted Creds go here . . . 3 | 4 | -------------------------------------------------------------------------------- /vars/vcentervars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vcenter_hostname: "" 3 | datacenter_name: "" 4 | syslog_host: "" 5 | vcenter_switch_name: "" 6 | vlan_id: "" 7 | net_mask: "" 8 | gate_way: "" 9 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.0.1] - Documentation update 03-12-2020 8 | 9 | ### Added 10 | - Added information to README about using nginx. 11 | 12 | ## [1.0.0] - Initial Release 02-23-2020 13 | 14 | - Initial Release by [bryansullins](https://github.com/bryansullins) 15 | - See README.md for more information on the initial release. 16 | 17 | ### Added 18 | 19 | ### Changed 20 | 21 | ### Removed -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # Released under MIT License 2 | 3 | Copyright (c) 2020 Bryan Sullins. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /files/9484548/boot.cfg: -------------------------------------------------------------------------------- 1 | bootstate=0 2 | title=Loading ESXi installer 3 | timeout=5 4 | prefix= 5 | kernel=/b.b00 6 | # kernelopt=runweasel cdromBoot 7 | kernelopt=ks=file://etc/vmware/weasel/ks.cfg 8 | modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /testeven.v00 --- /scsi_hpd.v00 --- /i40en.v00 --- /ixgben.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /igbn.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_mr3.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_igb.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /weaselin.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /lsu_hp_h.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz 9 | build= 10 | updated=0 11 | -------------------------------------------------------------------------------- /files/9484548/efi/boot/boot.cfg: -------------------------------------------------------------------------------- 1 | bootstate=0 2 | title=Loading ESXi installer 3 | timeout=5 4 | prefix= 5 | kernel=/b.b00 6 | # kernelopt=runweasel cdromBoot 7 | kernelopt=ks=file://etc/vmware/weasel/ks.cfg 8 | modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /testeven.v00 --- /scsi_hpd.v00 --- /i40en.v00 --- /ixgben.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /igbn.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_mr3.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_igb.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /weaselin.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /lsu_hp_h.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz 9 | build= 10 | updated=0 11 | -------------------------------------------------------------------------------- /files/15160138/boot.cfg: -------------------------------------------------------------------------------- 1 | bootstate=0 2 | title=Loading ESXi installer 3 | timeout=5 4 | prefix= 5 | kernel=/b.b00 6 | # kernelopt=cdromBoot runweasel 7 | kernelopt=ks=file://etc/vmware/weasel/ks.cfg 8 | modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /uc_hygon.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /lsi_mr3.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /scsi_hpd.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /sut.v00 --- /testeven.v00 --- /i40en.v00 --- /igbn.v00 --- /ixgben.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedf.v00 --- /qedi.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nfnic.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /sfvmk.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /esxupdt.v00 --- /weaselin.t00 --- /lsu_hp_h.v00 --- /lsu_inte.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /lsu_lsi_.v04 --- /lsu_smar.v00 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz 9 | build= 10 | updated=0 11 | -------------------------------------------------------------------------------- /files/15160138/efi/boot/boot.cfg: -------------------------------------------------------------------------------- 1 | bootstate=0 2 | title=Loading ESXi installer 3 | timeout=5 4 | prefix= 5 | kernel=/b.b00 6 | # kernelopt=cdromBoot runweasel 7 | kernelopt=ks=file://etc/vmware/weasel/ks.cfg 8 | modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /uc_hygon.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /lsi_mr3.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /scsi_hpd.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /sut.v00 --- /testeven.v00 --- /i40en.v00 --- /igbn.v00 --- /ixgben.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedf.v00 --- /qedi.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nfnic.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /sfvmk.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /esxupdt.v00 --- /weaselin.t00 --- /lsu_hp_h.v00 --- /lsu_inte.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /lsu_lsi_.v04 --- /lsu_smar.v00 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz 9 | build= 10 | updated=0 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ESXi Bare Metal Single Touch Provisioning 2 | 3 | This Project is my effort to create a single touch method for provisioning ESXi hosts from bare metal/powered off to production ready in vCenter. This was built using HPE hardware, however, there is no reason you can't modify this to work with Dell hosts. I made some effort to make this repo hardware-agnostic. 4 | 5 | ## Getting Started 6 | 7 | Clone the repo using the usual methods and alter the yml to fit your environment. Not everything is parameterized, so you might consider setting some of what I have hard-coded here to variables so they are easier to alter long term. 8 | 9 | These playbooks were built to run locally, but can be easily altered to run from a Media Server, for example. 10 | 11 | ### Requirements and Considerations 12 | 13 | **Required Folder Directories** 14 | 15 | The machine staging/copying/sharing/manipulating the ISO files will need the following directories, but you can create your own if these are not your cup of tea. The fullmetalbuild references these locations in the playbook. You will only need to do this once: 16 | 17 | /opt/esxiisosrc 18 | /opt/baremetal 19 | 20 | You will also need to setup nginx (or webserver of your choice), that will be the webserver allowing access to the customized iso. I made a directory called "isos" under the default location in the verison of nginx I am running: 21 | 22 | /usr/share/nginx/html/isos/ 23 | 24 | **Ansible/Python Version:** 25 | 26 | ansible 2.9.2 27 | python version 3.7.3 28 | 29 | It is recommended to run all Ansible playbooks in a `virtualenv` for flexibility. 30 | 31 | **Additional pip3 required installations:** 32 | 33 | ansible==2.9.5 34 | certifi==2019.11.28 35 | cffi==1.14.0 36 | chardet==3.0.4 37 | cryptography==2.8 38 | idna==2.9 39 | Jinja2==2.11.1 40 | MarkupSafe==1.1.1 41 | pycparser==2.19 42 | python-hpilo==4.3 43 | pyvmomi==6.7.3 44 | PyYAML==5.3 45 | requests==2.23.0 46 | six==1.14.0 47 | urllib3==1.25.8 48 | 49 | **Additional Software Required** 50 | 51 | - `mkisofs` on the machine manipulating the files for the iso. 52 | - `nginx` or the webserver app of your choice on the webserver hosting the iso, if you are using the url version of remote boot. 53 | - `openssl` to encrypt the esxi root password that goes into the kickstart file. Example: 54 | 55 | `openssl -1 "foo"` 56 | 57 | 58 | **The Resources in this Repo Were Tested On:** 59 | 60 | vCenter/ESXi Versions were 6.5 GA and above, however, according to [William Lam's post on kickstart](https://www.virtuallyghetto.com/2012/03/how-to-create-bootable-esxi-5-iso.html), the method for kickstart file use in ESXi goes at least as far back as ESXi 5.0. 61 | 62 | **HPE Hardware/Firmware versions tested:** 63 | 64 | HPE Proliant BL460c G9 - iLO Verions 2.7x 65 | HPE Synergy BL480 G9 - iLO Version 2.72 66 | 67 | The automated kickstart injection process will prepare the customized ISO for both Legacy and UEFI boot, however, it is highly recommended that you use UEFI Boot, as that method was more rigorously tested. 68 | 69 | ### IMPORTANT!!! Use of this Repo and new ESXi Releases 70 | 71 | At the top of the `fullmetalbuild.yml` file, there are instructions for new ESXi host releases. With every new ISO release, you will need to place the new ISO into the directory specified in the playbook (within the `vars` codeblock). 72 | 73 | The second thing you will need to do is extract and customize the following files from that new release: 74 | 75 | boot.cfg 76 | efi/boot/boot.cfg 77 | 78 | You will need to edit them to include the kickstart file and the `bmks.tgz` file (created at playbook runtime), and copy both `boot.cfg` files into the `files` directory in the repo under a directory named after the ESXi Build Number. Please see the examples in the `files` directory of this repo for more information. A short how to: 79 | 80 | You can extract and edit these files on any Windows machine. That should work. However, I do this using a Linux machine. *You will only need to do this once per release*: 81 | 82 | mkdir /mnt/esxibuildnumber # <-- Use the ACTUAL build number of the ESXi ISO. Temp location for the extracted iso files. 83 | mkdir -p rootofrepo/files/esxibuildnumber/efi/boot 84 | mount -o loop -t iso9660 /path/to/new/esxi/iso /mnt/esxibuildnumber 85 | cp /mnt/esxibuildnumber/boot.cfg rootofrepo/files/esxibuildnumber 86 | cp /mnt/esxibuildnumber/efi/boot/boot.cfg rootofrepo/files/esxibuildnumber/efi/boot/ 87 | umount /mnt/esxibuildnumber 88 | 89 | Use the text editor or IDE of your choice to edit *both* boot files to include three changes: 90 | 91 | 1. Comment out the `kernelopt=cdromBoot runweasel` line. 92 | 2. Add the `kernelopt=ks=file://etc/vmware/weasel/ks.cfg` line in its place. 93 | 3. Append the `--- /bmks.tgz` at the end of the `modules` line. 94 | 95 | Should look like the following. You may have to scroll over to see the end of the `modules` line: 96 | 97 | bootstate=0 98 | title=Loading ESXi installer 99 | timeout=5 100 | prefix= 101 | kernel=/b.b00 102 | # Comment out the following line: 103 | # kernelopt=cdromBoot runweasel 104 | # Add this line: 105 | kernelopt=ks=file://etc/vmware/weasel/ks.cfg 106 | modules=/jumpstrt.gz --- /useropts.gz --- /features.gz --- /k.b00 --- /chardevs.b00 --- /user.b00 --- /procfs.b00 --- /uc_intel.b00 --- /uc_amd.b00 --- /uc_hygon.b00 --- /vmx.v00 --- /vim.v00 --- /sb.v00 --- /s.v00 --- /lsi_mr3.v00 --- /bnxtnet.v00 --- /bnxtroce.v00 --- /elx_esx_.v00 --- /brcmfcoe.v00 --- /elxiscsi.v00 --- /elxnet.v00 --- /lpfc.v00 --- /amsd.v00 --- /bootcfg.v00 --- /conrep.v00 --- /cru.v00 --- /fc_enabl.v00 --- /hponcfg.v00 --- /ilo.v00 --- /oem_buil.v00 --- /scsi_hpd.v00 --- /smx_prov.v00 --- /ssacli.v00 --- /sut.v00 --- /testeven.v00 --- /i40en.v00 --- /igbn.v00 --- /ixgben.v00 --- /nmlx5_co.v00 --- /nmlx5_rd.v00 --- /nmst.v00 --- /smartpqi.v00 --- /nhpsa.v00 --- /qcnic.v00 --- /qedentv.v00 --- /qedf.v00 --- /qedi.v00 --- /qedrntv.v00 --- /qfle3.v00 --- /qfle3f.v00 --- /qfle3i.v00 --- /qlnative.v00 --- /ata_liba.v00 --- /ata_pata.v00 --- /ata_pata.v01 --- /ata_pata.v02 --- /ata_pata.v03 --- /ata_pata.v04 --- /ata_pata.v05 --- /ata_pata.v06 --- /ata_pata.v07 --- /block_cc.v00 --- /char_ran.v00 --- /ehci_ehc.v00 --- /hid_hid.v00 --- /iavmd.v00 --- /ima_qla4.v00 --- /ipmi_ipm.v00 --- /ipmi_ipm.v01 --- /ipmi_ipm.v02 --- /iser.v00 --- /lpnic.v00 --- /lsi_msgp.v00 --- /lsi_msgp.v01 --- /lsi_msgp.v02 --- /misc_dri.v00 --- /mtip32xx.v00 --- /ne1000.v00 --- /nenic.v00 --- /net_cdc_.v00 --- /net_e100.v00 --- /net_e100.v01 --- /net_enic.v00 --- /net_fcoe.v00 --- /net_forc.v00 --- /net_libf.v00 --- /net_mlx4.v00 --- /net_mlx4.v01 --- /net_nx_n.v00 --- /net_tg3.v00 --- /net_usbn.v00 --- /net_vmxn.v00 --- /nfnic.v00 --- /nmlx4_co.v00 --- /nmlx4_en.v00 --- /nmlx4_rd.v00 --- /ntg3.v00 --- /nvme.v00 --- /nvmxnet3.v00 --- /nvmxnet3.v01 --- /ohci_usb.v00 --- /pvscsi.v00 --- /qflge.v00 --- /sata_ahc.v00 --- /sata_ata.v00 --- /sata_sat.v00 --- /sata_sat.v01 --- /sata_sat.v02 --- /sata_sat.v03 --- /sata_sat.v04 --- /scsi_aac.v00 --- /scsi_adp.v00 --- /scsi_aic.v00 --- /scsi_fni.v00 --- /scsi_ips.v00 --- /scsi_isc.v00 --- /scsi_lib.v00 --- /scsi_meg.v00 --- /scsi_meg.v01 --- /scsi_meg.v02 --- /scsi_mpt.v00 --- /scsi_mpt.v01 --- /scsi_mpt.v02 --- /scsi_qla.v00 --- /sfvmk.v00 --- /shim_isc.v00 --- /shim_isc.v01 --- /shim_lib.v00 --- /shim_lib.v01 --- /shim_lib.v02 --- /shim_lib.v03 --- /shim_lib.v04 --- /shim_lib.v05 --- /shim_vmk.v00 --- /shim_vmk.v01 --- /shim_vmk.v02 --- /uhci_usb.v00 --- /usb_stor.v00 --- /usbcore_.v00 --- /vmkata.v00 --- /vmkfcoe.v00 --- /vmkplexe.v00 --- /vmkusb.v00 --- /vmw_ahci.v00 --- /xhci_xhc.v00 --- /btldr.t00 --- /esx_dvfi.v00 --- /esx_ui.v00 --- /esxupdt.v00 --- /weaselin.t00 --- /lsu_hp_h.v00 --- /lsu_inte.v00 --- /lsu_lsi_.v00 --- /lsu_lsi_.v01 --- /lsu_lsi_.v02 --- /lsu_lsi_.v03 --- /lsu_lsi_.v04 --- /lsu_smar.v00 --- /native_m.v00 --- /rste.v00 --- /vmware_e.v00 --- /vsan.v00 --- /vsanheal.v00 --- /vsanmgmt.v00 --- /tools.t00 --- /xorg.v00 --- /imgdb.tgz --- /imgpayld.tgz --- /bmks.tgz # <--- Add this here. 107 | build= 108 | updated=0 109 | 110 | **DO NOT** simply use the same `boot.cfg` files through new releases, as each new release may have different modules defined and it may fail. It certainly did for me when I tried that. (DOH!) 111 | 112 | ## Thank Yous and Contributors 113 | 114 | * Could not have done this without [William Lam's post about kickstart](https://www.virtuallyghetto.com/2012/03/how-to-create-bootable-esxi-5-iso.html). 115 | * HPE Hardware and their donation(s) of time. 116 | 117 | ## Versioning 118 | 119 | We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags). 120 | 121 | ## Authors 122 | 123 | * **Bryan Sullins** - *Initial work* - [bryansullins](https://github.com/bryansullins) 124 | -------------------------------------------------------------------------------- /fullmetalbuild.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | gather_facts: false 4 | become: yes 5 | vars_files: 6 | - vars/creds.yml 7 | - vars/vcentervars.yml 8 | vars: 9 | - ansible_python_interpreter: python3 10 | - ansible_host_key_checking: false 11 | - validate_certs: false 12 | # Source ISO location on webserver is /opt/esxiisosrc/ - copy the desired installation version there and 13 | # change the below variables to the exact filename of the desired ESXi Version and build. 14 | # Long term use requires you to add the build directories from the extracted boot.cfg files from the original iso 15 | # and add them to the files/ directory. Please see README.md for more information, or inspect the files directory for examples. 16 | - src_iso_file: "VMware-ESXi-6.7.0-9484548-HPE-Gen9plus-670.10.3.5.6-Sep2018.iso" 17 | - esxi_build: "15160138" 18 | - encrypted_root_password: "" # <- Use openssl to create this. You can also vault the encrypted string for more protection. 19 | vars_prompt: 20 | - name: "esxi_hostname" 21 | prompt: "Enter the ESXi Hostname" 22 | private: no 23 | - name: "host_management_ip" 24 | prompt: "Enter the host Management IP" 25 | private: no 26 | - name: "vmotion_ip" 27 | prompt: "Enter the vMotion IP" 28 | private: no 29 | - name: "ilo_ip" 30 | prompt: "Enter ilo IP" 31 | private: no 32 | - name: "cluster_name" 33 | prompt: "Enter the Cluster Name" 34 | private: no 35 | no_log: true 36 | 37 | tasks: 38 | 39 | ## /opt/baremetal is the staging directory. 40 | - name: Mounting source directory from official production ESXi ISO . . . copying over build files . . . backing up defaults . . . 41 | shell: | 42 | mkdir /mnt/{{ esxi_hostname }} 43 | mount -o loop -t iso9660 /opt/esxiisosrc/{{ src_iso_file }} /mnt/{{ esxi_hostname }}/ 44 | mkdir /opt/baremetal/{{ esxi_hostname }} 45 | mkdir /opt/baremetal/temp/{{ esxi_hostname }} 46 | mkdir -p /opt/baremetal/temp/{{ esxi_hostname }}/etc/vmware/weasel 47 | cp -r /mnt/{{ esxi_hostname }}/* /opt/baremetal/{{ esxi_hostname }}/ 48 | umount /mnt/{{ esxi_hostname }} 49 | mv /opt/baremetal/{{ esxi_hostname }}/boot.cfg /opt/baremetal/{{ esxi_hostname }}/boot.cfg.orig 50 | mv /opt/baremetal/{{ esxi_hostname }}/efi/boot/boot.cfg /opt/baremetal/{{ esxi_hostname }}/efi/boot/boot.cfg.orig 51 | 52 | ## The following two tasks will make the custom iso bootable by both legacy and UEFI implementations: 53 | - name: Copying custom boot.cfg to root directory . . . 54 | copy: 55 | src: files/{{ esxi_build }}/boot.cfg 56 | dest: /opt/baremetal/{{ esxi_hostname }} 57 | owner: root 58 | group: root 59 | mode: '0744' 60 | 61 | - name: Copying custom UEFI boot.cfg to root efi directory . . . 62 | copy: 63 | src: files/{{ esxi_build }}/efi/boot/boot.cfg 64 | dest: /opt/baremetal/{{ esxi_hostname }}/efi/boot 65 | owner: root 66 | group: root 67 | mode: '0744' 68 | 69 | ## Additional options can be appened after the "reboot" at the end of the content section, such as scripted esxcli commands, etc. 70 | - name: Creating kickstart file with proper automation contents . . . 71 | copy: 72 | force: true 73 | dest: /opt/baremetal/temp/{{ esxi_hostname }}/etc/vmware/weasel/ks.cfg 74 | content: | 75 | vmaccepteula 76 | clearpart --firstdisk=local --overwritevmfs 77 | install --firstdisk=local --overwritevmfs 78 | rootpw --iscrypted {{ encrypted_root_password }} 79 | network --bootproto=static --addvmportgroup=1 --vlanid={{ vlan_id }} --ip={{ host_management_ip }} --netmask={{ net_mask }} --gateway={{ gate_way }} --nameserver="#.#.#.#,#.#.#.#" --hostname={{ esxi_hostname }} 80 | reboot 81 | 82 | - name: Scripting commands to tarball the kickstart file and make the proper iso . . . 83 | shell: | 84 | chmod ugo+x /opt/baremetal/temp/{{ esxi_hostname }}/etc/vmware/weasel/ks.cfg 85 | cd /opt/baremetal/temp/{{ esxi_hostname }} 86 | tar czvf bmks.tgz * 87 | chmod ugo+x /opt/baremetal/temp/{{ esxi_hostname }}/bmks.tgz 88 | cp /opt/baremetal/temp/{{ esxi_hostname }}/bmks.tgz /opt/baremetal/{{ esxi_hostname }}/ 89 | cd /opt/baremetal/{{ esxi_hostname }} 90 | 91 | - name: Creating bootable iso from all files . . . 92 | shell: > 93 | mkisofs 94 | -relaxed-filenames 95 | -J 96 | -R 97 | -b isolinux.bin 98 | -c boot.cat 99 | -no-emul-boot 100 | -boot-load-size 4 101 | -boot-info-table 102 | -eltorito-alt-boot 103 | -e efiboot.img 104 | -boot-load-size 1 105 | -no-emul-boot 106 | -o /opt/baremetal/{{ esxi_hostname }}.iso 107 | /opt/baremetal/{{ esxi_hostname }}/ 108 | 109 | - name: Moving created iso to webserver . . . 110 | shell: | 111 | mv /opt/baremetal/{{ esxi_hostname }}.iso /usr/share/nginx/html/isos/ 112 | 113 | # Can also use the Dell/EMC iDRAC Repo . . . 114 | - name: Booting once using the custom built iso . . . 115 | hpilo_boot: 116 | host: "{{ ilo_ip }}" 117 | login: admin 118 | password: "{{ ilo_password }}" 119 | media: cdrom 120 | image: http://#.#.#.#/isos/{{ esxi_hostname }}.iso # <- Your webserver url should go here. 121 | delegate_to: localhost 122 | 123 | - name: Waiting for custom installation to complete . . . 124 | wait_for: 125 | delay: 120 126 | sleep: 3 127 | host: "{{ host_management_ip }}" 128 | timeout: 840 129 | delegate_to: localhost 130 | 131 | - name: Deleting all related files from staging location and web server . . . 132 | shell: | 133 | rm -rf {{ esxi_hostname }} 134 | rm -rf temp/{{ esxi_hostname }} 135 | rm -f /usr/share/nginx/html/isos/{{ esxi_hostname }}.iso 136 | rm -rf /mnt/{{ esxi_hostname }} 137 | args: 138 | chdir: /opt/baremetal 139 | 140 | ## vCenter and ESXi configuration follows here: 141 | - name: Adding ESXi host "{{ esxi_hostname }}.yourdomain.here" to vCenter . . . 142 | vmware_host: 143 | hostname: "{{ vcenter_hostname }}" 144 | username: "administrator@vsphere.local" 145 | password: "{{ vcenter_password }}" 146 | datacenter_name: "{{ datacenter_name }}" 147 | cluster_name: "{{ cluster_name }}" 148 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 149 | esxi_username: "root" 150 | esxi_password: "{{ esxi_password }}" 151 | state: present 152 | validate_certs: false 153 | delegate_to: localhost 154 | 155 | - name: Adding ESXi license and assigning to ESXi Host "{{ esxi_hostname }}.yourdomain.here" . . . 156 | vcenter_license: 157 | hostname: "{{ vcenter_hostname }}" 158 | username: "administrator@vsphere.local" 159 | password: "{{ vcenter_password }}" 160 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 161 | license: "{{ esxi_license }}" 162 | state: present 163 | validate_certs: false 164 | delegate_to: localhost 165 | 166 | - name: Adding vmnic1 to vSwitch0 . . . 167 | vmware_vswitch: 168 | hostname: "{{ vcenter_hostname }}" 169 | username: "administrator@vsphere.local" 170 | password: "{{ vcenter_password }}" 171 | esxi_hostname: "{{esxi_hostname }}.yourdomain.here" 172 | switch: vSwitch0 173 | nics: 174 | - vmnic1 175 | validate_certs: false 176 | delegate_to: localhost 177 | 178 | - name: Changing Advanced Settings . . . Core Dump Warning Disable . . . Set Syslog Server 179 | vmware_host_config_manager: 180 | hostname: "{{ vcenter_hostname }}" 181 | username: "administrator@vsphere.local" 182 | password: "{{ vcenter_password }}" 183 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 184 | options: 185 | 'UserVars.SuppressCoredumpWarning': '1' 186 | 'Syslog.global.logHost': '{{ syslog_host }}' 187 | validate_certs: false 188 | delegate_to: localhost 189 | 190 | - name: Setting the Power Management Policy to high-performance . . . 191 | vmware_host_powermgmt_policy: 192 | hostname: "{{ vcenter_hostname }}" 193 | username: "administrator@vsphere.local" 194 | password: "{{ vcenter_password }}" 195 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 196 | policy: high-performance 197 | validate_certs: false 198 | delegate_to: localhost 199 | 200 | - name: Adding vmkernel Portgroup with all settings defined . . . 201 | vmware_portgroup: 202 | hostname: "{{ vcenter_hostname }}" 203 | username: "administrator@vsphere.local" 204 | password: "{{ vcenter_password }}" 205 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 206 | switch: "vSwitch0" 207 | portgroup: "vMotion" 208 | vlan_id: 125 209 | validate_certs: false 210 | delegate_to: localhost 211 | 212 | - name: Adding vMotion vmkernel port with default TCP/IP stack . . . 213 | vmware_vmkernel: 214 | hostname: "{{ vcenter_hostname }}" 215 | username: "administrator@vsphere.local" 216 | password: "{{ vcenter_password }}" 217 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 218 | vswitch_name: "vSwitch0" 219 | portgroup_name: "vMotion" 220 | network: 221 | type: "static" 222 | ip_address: "{{ vmotion_ip }}" 223 | subnet_mask: 255.255.255.0 224 | tcpip_stack: default 225 | state: present 226 | enable_vmotion: true 227 | validate_certs: false 228 | delegate_to: localhost 229 | 230 | - name: Configuring NTP servers for host "{{ esxi_hostname }}.yourdomain.here" . . . 231 | vmware_host_ntp: 232 | hostname: "{{ vcenter_hostname }}" 233 | username: "administrator@vsphere.local" 234 | password: "{{ vcenter_password }}" 235 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 236 | ntp_servers: 237 | - time.nist.gov 238 | validate_certs: false 239 | delegate_to: localhost 240 | 241 | - name: Starting NTP Service and set to start at boot. 242 | vmware_host_service_manager: 243 | hostname: '{{ vcenter_hostname }}' 244 | username: "administrator@vsphere.local" 245 | password: "{{ vcenter_password }}" 246 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 247 | validate_certs: false 248 | service_name: ntpd 249 | service_policy: on 250 | state: start 251 | delegate_to: localhost 252 | 253 | - name: Restarting Syslog Service since settings have changed and set to start at boot . . . 254 | vmware_host_service_manager: 255 | hostname: '{{ vcenter_hostname }}' 256 | username: "administrator@vsphere.local" 257 | password: "{{ vcenter_password }}" 258 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 259 | validate_certs: false 260 | service_name: vmsyslogd 261 | service_policy: on 262 | state: restart 263 | delegate_to: localhost 264 | 265 | - name: Adding host "{{ esxihostname }}.yourdomain.here" to VDS . . . 266 | vmware_dvs_host: 267 | hostname: "{{ vcenter_hostname }}" 268 | username: "administrator@vsphere.local" 269 | password: "{{ vcenter_password }}" 270 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 271 | switch_name: "{{ vcenter_switch_name }}" 272 | vmnics: 273 | - vmnic2 274 | - vmnic3 275 | state: present 276 | validate_certs: False 277 | delegate_to: localhost 278 | 279 | - name: Stopping ESXi Shell Service and setting to disable at boot . . . 280 | vmware_host_service_manager: 281 | hostname: '{{ vcenter_hostname }}' 282 | username: "administrator@vsphere.local" 283 | password: "{{ vcenter_password }}" 284 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 285 | validate_certs: false 286 | service_name: TSM 287 | service_policy: off 288 | state: stop 289 | delegate_to: localhost 290 | 291 | - name: Stopping SSH Service and setting to disable at boot. 292 | vmware_host_service_manager: 293 | hostname: '{{ vcenter_hostname }}' 294 | username: "administrator@vsphere.local" 295 | password: "{{ vcenter_password }}" 296 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 297 | validate_certs: false 298 | service_name: TSM-SSH 299 | service_policy: off 300 | state: stop 301 | delegate_to: localhost 302 | 303 | - name: Taking host out of maintenance mode. Last task! . . . 304 | vmware_maintenancemode: 305 | hostname: '{{ vcenter_hostname }}' 306 | username: "administrator@vsphere.local" 307 | password: "{{ vcenter_password }}" 308 | esxi_hostname: "{{ esxi_hostname }}.yourdomain.here" 309 | timeout: 3600 310 | state: absent 311 | validate_certs: false 312 | delegate_to: localhost 313 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- https://ansible.com/ 2 | # =============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | 12 | # some basic default values... 13 | 14 | #inventory = /etc/ansible/hosts 15 | #library = /usr/share/my_modules/ 16 | #module_utils = /usr/share/my_module_utils/ 17 | #remote_tmp = ~/.ansible/tmp 18 | #local_tmp = ~/.ansible/tmp 19 | #plugin_filters_cfg = /etc/ansible/plugin_filters.yml 20 | #forks = 5 21 | #poll_interval = 15 22 | #sudo_user = root 23 | #ask_sudo_pass = True 24 | #ask_pass = True 25 | #transport = smart 26 | #remote_port = 22 27 | #module_lang = C 28 | #module_set_locale = False 29 | 30 | # plays will gather facts by default, which contain information about 31 | # the remote system. 32 | # 33 | # smart - gather by default, but don't regather if already gathered 34 | # implicit - gather by default, turn off with gather_facts: False 35 | # explicit - do not gather by default, must say gather_facts: True 36 | #gathering = implicit 37 | 38 | # This only affects the gathering done by a play's gather_facts directive, 39 | # by default gathering retrieves all facts subsets 40 | # all - gather all subsets 41 | # network - gather min and network facts 42 | # hardware - gather hardware facts (longest facts to retrieve) 43 | # virtual - gather min and virtual facts 44 | # facter - import facts from facter 45 | # ohai - import facts from ohai 46 | # You can combine them using comma (ex: network,virtual) 47 | # You can negate them using ! (ex: !hardware,!facter,!ohai) 48 | # A minimal set of facts is always gathered. 49 | #gather_subset = all 50 | 51 | # some hardware related facts are collected 52 | # with a maximum timeout of 10 seconds. This 53 | # option lets you increase or decrease that 54 | # timeout to something more suitable for the 55 | # environment. 56 | # gather_timeout = 10 57 | 58 | # Ansible facts are available inside the ansible_facts.* dictionary 59 | # namespace. This setting maintains the behaviour which was the default prior 60 | # to 2.5, duplicating these variables into the main namespace, each with a 61 | # prefix of 'ansible_'. 62 | # This variable is set to True by default for backwards compatibility. It 63 | # will be changed to a default of 'False' in a future release. 64 | # ansible_facts. 65 | # inject_facts_as_vars = True 66 | 67 | # additional paths to search for roles in, colon separated 68 | #roles_path = /etc/ansible/roles 69 | 70 | # uncomment this to disable SSH key host checking 71 | host_key_checking = False 72 | 73 | # change the default callback, you can only have one 'stdout' type enabled at a time. 74 | #stdout_callback = skippy 75 | 76 | 77 | ## Ansible ships with some plugins that require whitelisting, 78 | ## this is done to avoid running all of a type by default. 79 | ## These setting lists those that you want enabled for your system. 80 | ## Custom plugins should not need this unless plugin author specifies it. 81 | 82 | # enable callback plugins, they can output to stdout but cannot be 'stdout' type. 83 | #callback_whitelist = timer, mail 84 | 85 | # Determine whether includes in tasks and handlers are "static" by 86 | # default. As of 2.0, includes are dynamic by default. Setting these 87 | # values to True will make includes behave more like they did in the 88 | # 1.x versions. 89 | #task_includes_static = False 90 | #handler_includes_static = False 91 | 92 | # Controls if a missing handler for a notification event is an error or a warning 93 | #error_on_missing_handler = True 94 | 95 | # change this for alternative sudo implementations 96 | #sudo_exe = sudo 97 | 98 | # What flags to pass to sudo 99 | # WARNING: leaving out the defaults might create unexpected behaviours 100 | #sudo_flags = -H -S -n 101 | 102 | # SSH timeout 103 | #timeout = 10 104 | 105 | # default user to use for playbooks if user is not specified 106 | # (/usr/bin/ansible will use current user as default) 107 | #remote_user = root 108 | 109 | # logging is off by default unless this path is defined 110 | # if so defined, consider logrotate 111 | #log_path = /var/log/ansible.log 112 | 113 | # default module name for /usr/bin/ansible 114 | #module_name = command 115 | 116 | # use this shell for commands executed under sudo 117 | # you may need to change this to bin/bash in rare instances 118 | # if sudo is constrained 119 | #executable = /bin/sh 120 | 121 | # if inventory variables overlap, does the higher precedence one win 122 | # or are hash values merged together? The default is 'replace' but 123 | # this can also be set to 'merge'. 124 | #hash_behaviour = replace 125 | 126 | # by default, variables from roles will be visible in the global variable 127 | # scope. To prevent this, the following option can be enabled, and only 128 | # tasks and handlers within the role will see the variables there 129 | #private_role_vars = yes 130 | 131 | # list any Jinja2 extensions to enable here: 132 | #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 133 | 134 | # if set, always use this private key file for authentication, same as 135 | # if passing --private-key to ansible or ansible-playbook 136 | #private_key_file = /path/to/file 137 | 138 | # If set, configures the path to the Vault password file as an alternative to 139 | # specifying --vault-password-file on the command line. 140 | #vault_password_file = /path/to/vault_password_file 141 | 142 | # format of string {{ ansible_managed }} available within Jinja2 143 | # templates indicates to users editing templates files will be replaced. 144 | # replacing {file}, {host} and {uid} and strftime codes with proper values. 145 | #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 146 | # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence 147 | # in some situations so the default is a static string: 148 | #ansible_managed = Ansible managed 149 | 150 | # by default, ansible-playbook will display "Skipping [host]" if it determines a task 151 | # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 152 | # messages. NOTE: the task header will still be shown regardless of whether or not the 153 | # task is skipped. 154 | #display_skipped_hosts = True 155 | 156 | # by default, if a task in a playbook does not include a name: field then 157 | # ansible-playbook will construct a header that includes the task's action but 158 | # not the task's args. This is a security feature because ansible cannot know 159 | # if the *module* considers an argument to be no_log at the time that the 160 | # header is printed. If your environment doesn't have a problem securing 161 | # stdout from ansible-playbook (or you have manually specified no_log in your 162 | # playbook on all of the tasks where you have secret information) then you can 163 | # safely set this to True to get more informative messages. 164 | #display_args_to_stdout = False 165 | 166 | # by default (as of 1.3), Ansible will raise errors when attempting to dereference 167 | # Jinja2 variables that are not set in templates or action lines. Uncomment this line 168 | # to revert the behavior to pre-1.3. 169 | #error_on_undefined_vars = False 170 | 171 | # by default (as of 1.6), Ansible may display warnings based on the configuration of the 172 | # system running ansible itself. This may include warnings about 3rd party packages or 173 | # other conditions that should be resolved if possible. 174 | # to disable these warnings, set the following value to False: 175 | #system_warnings = True 176 | 177 | # by default (as of 1.4), Ansible may display deprecation warnings for language 178 | # features that should no longer be used and will be removed in future versions. 179 | # to disable these warnings, set the following value to False: 180 | #deprecation_warnings = True 181 | 182 | # (as of 1.8), Ansible can optionally warn when usage of the shell and 183 | # command module appear to be simplified by using a default Ansible module 184 | # instead. These warnings can be silenced by adjusting the following 185 | # setting or adding warn=yes or warn=no to the end of the command line 186 | # parameter string. This will for example suggest using the git module 187 | # instead of shelling out to the git command. 188 | # command_warnings = False 189 | 190 | 191 | # set plugin path directories here, separate with colons 192 | #action_plugins = /usr/share/ansible/plugins/action 193 | #cache_plugins = /usr/share/ansible/plugins/cache 194 | #callback_plugins = /usr/share/ansible/plugins/callback 195 | #connection_plugins = /usr/share/ansible/plugins/connection 196 | #lookup_plugins = /usr/share/ansible/plugins/lookup 197 | #inventory_plugins = /usr/share/ansible/plugins/inventory 198 | #vars_plugins = /usr/share/ansible/plugins/vars 199 | #filter_plugins = /usr/share/ansible/plugins/filter 200 | #test_plugins = /usr/share/ansible/plugins/test 201 | #terminal_plugins = /usr/share/ansible/plugins/terminal 202 | #strategy_plugins = /usr/share/ansible/plugins/strategy 203 | 204 | 205 | # by default, ansible will use the 'linear' strategy but you may want to try 206 | # another one 207 | #strategy = free 208 | 209 | # by default callbacks are not loaded for /bin/ansible, enable this if you 210 | # want, for example, a notification or logging callback to also apply to 211 | # /bin/ansible runs 212 | #bin_ansible_callbacks = False 213 | 214 | 215 | # don't like cows? that's unfortunate. 216 | # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 217 | #nocows = 1 218 | 219 | # set which cowsay stencil you'd like to use by default. When set to 'random', 220 | # a random stencil will be selected for each task. The selection will be filtered 221 | # against the `cow_whitelist` option below. 222 | #cow_selection = default 223 | #cow_selection = random 224 | 225 | # when using the 'random' option for cowsay, stencils will be restricted to this list. 226 | # it should be formatted as a comma-separated list with no spaces between names. 227 | # NOTE: line continuations here are for formatting purposes only, as the INI parser 228 | # in python does not support them. 229 | #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ 230 | # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ 231 | # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www 232 | 233 | # don't like colors either? 234 | # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 235 | #nocolor = 1 236 | 237 | # if set to a persistent type (not 'memory', for example 'redis') fact values 238 | # from previous runs in Ansible will be stored. This may be useful when 239 | # wanting to use, for example, IP information from one group of servers 240 | # without having to talk to them in the same playbook run to get their 241 | # current IP information. 242 | #fact_caching = memory 243 | 244 | #This option tells Ansible where to cache facts. The value is plugin dependent. 245 | #For the jsonfile plugin, it should be a path to a local directory. 246 | #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 247 | 248 | #fact_caching_connection=/tmp 249 | 250 | 251 | 252 | # retry files 253 | # When a playbook fails by default a .retry file will be created in ~/ 254 | # You can disable this feature by setting retry_files_enabled to False 255 | # and you can change the location of the files by setting retry_files_save_path 256 | 257 | #retry_files_enabled = False 258 | #retry_files_save_path = ~/.ansible-retry 259 | 260 | # squash actions 261 | # Ansible can optimise actions that call modules with list parameters 262 | # when looping. Instead of calling the module once per with_ item, the 263 | # module is called once with all items at once. Currently this only works 264 | # under limited circumstances, and only with parameters named 'name'. 265 | #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper 266 | 267 | # prevents logging of task data, off by default 268 | no_log = True 269 | 270 | # prevents logging of tasks, but only on the targets, data is still logged on the master/controller 271 | #no_target_syslog = False 272 | 273 | # controls whether Ansible will raise an error or warning if a task has no 274 | # choice but to create world readable temporary files to execute a module on 275 | # the remote machine. This option is False by default for security. Users may 276 | # turn this on to have behaviour more like Ansible prior to 2.1.x. See 277 | # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user 278 | # for more secure ways to fix this than enabling this option. 279 | #allow_world_readable_tmpfiles = False 280 | 281 | # controls the compression level of variables sent to 282 | # worker processes. At the default of 0, no compression 283 | # is used. This value must be an integer from 0 to 9. 284 | #var_compression_level = 9 285 | 286 | # controls what compression method is used for new-style ansible modules when 287 | # they are sent to the remote system. The compression types depend on having 288 | # support compiled into both the controller's python and the client's python. 289 | # The names should match with the python Zipfile compression types: 290 | # * ZIP_STORED (no compression. available everywhere) 291 | # * ZIP_DEFLATED (uses zlib, the default) 292 | # These values may be set per host via the ansible_module_compression inventory 293 | # variable 294 | #module_compression = 'ZIP_DEFLATED' 295 | 296 | # This controls the cutoff point (in bytes) on --diff for files 297 | # set to 0 for unlimited (RAM may suffer!). 298 | #max_diff_size = 1048576 299 | 300 | # This controls how ansible handles multiple --tags and --skip-tags arguments 301 | # on the CLI. If this is True then multiple arguments are merged together. If 302 | # it is False, then the last specified argument is used and the others are ignored. 303 | # This option will be removed in 2.8. 304 | #merge_multiple_cli_flags = True 305 | 306 | # Controls showing custom stats at the end, off by default 307 | #show_custom_stats = True 308 | 309 | # Controls which files to ignore when using a directory as inventory with 310 | # possibly multiple sources (both static and dynamic) 311 | #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo 312 | 313 | # This family of modules use an alternative execution path optimized for network appliances 314 | # only update this setting if you know how this works, otherwise it can break module execution 315 | #network_group_modules=eos, nxos, ios, iosxr, junos, vyos 316 | 317 | # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as 318 | # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain 319 | # jinja2 templating language which will be run through the templating engine. 320 | # ENABLING THIS COULD BE A SECURITY RISK 321 | #allow_unsafe_lookups = False 322 | 323 | # set default errors for all plays 324 | #any_errors_fatal = False 325 | 326 | [inventory] 327 | # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' 328 | #enable_plugins = host_list, virtualbox, yaml, constructed 329 | 330 | # ignore these extensions when parsing a directory as inventory source 331 | #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry 332 | 333 | # ignore files matching these patterns when parsing a directory as inventory source 334 | #ignore_patterns= 335 | 336 | # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. 337 | #unparsed_is_failed=False 338 | 339 | [privilege_escalation] 340 | #become=True 341 | #become_method=sudo 342 | #become_user=root 343 | #become_ask_pass=False 344 | 345 | [paramiko_connection] 346 | 347 | # uncomment this line to cause the paramiko connection plugin to not record new host 348 | # keys encountered. Increases performance on new host additions. Setting works independently of the 349 | # host key checking setting above. 350 | #record_host_keys=False 351 | 352 | # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this 353 | # line to disable this behaviour. 354 | #pty=False 355 | 356 | # paramiko will default to looking for SSH keys initially when trying to 357 | # authenticate to remote devices. This is a problem for some network devices 358 | # that close the connection after a key failure. Uncomment this line to 359 | # disable the Paramiko look for keys function 360 | #look_for_keys = False 361 | 362 | # When using persistent connections with Paramiko, the connection runs in a 363 | # background process. If the host doesn't already have a valid SSH key, by 364 | # default Ansible will prompt to add the host key. This will cause connections 365 | # running in background processes to fail. Uncomment this line to have 366 | # Paramiko automatically add host keys. 367 | #host_key_auto_add = True 368 | 369 | [ssh_connection] 370 | 371 | # ssh arguments to use 372 | # Leaving off ControlPersist will result in poor performance, so use 373 | # paramiko on older platforms rather than removing it, -C controls compression use 374 | #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s 375 | 376 | # The base directory for the ControlPath sockets. 377 | # This is the "%(directory)s" in the control_path option 378 | # 379 | # Example: 380 | # control_path_dir = /tmp/.ansible/cp 381 | #control_path_dir = ~/.ansible/cp 382 | 383 | # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, 384 | # port and username (empty string in the config). The hash mitigates a common problem users 385 | # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. 386 | # In those cases, a "too long for Unix domain socket" ssh error would occur. 387 | # 388 | # Example: 389 | # control_path = %(directory)s/%%h-%%r 390 | #control_path = 391 | 392 | # Enabling pipelining reduces the number of SSH operations required to 393 | # execute a module on the remote server. This can result in a significant 394 | # performance improvement when enabled, however when using "sudo:" you must 395 | # first disable 'requiretty' in /etc/sudoers 396 | # 397 | # By default, this option is disabled to preserve compatibility with 398 | # sudoers configurations that have requiretty (the default on many distros). 399 | # 400 | #pipelining = False 401 | 402 | # Control the mechanism for transferring files (old) 403 | # * smart = try sftp and then try scp [default] 404 | # * True = use scp only 405 | # * False = use sftp only 406 | #scp_if_ssh = smart 407 | 408 | # Control the mechanism for transferring files (new) 409 | # If set, this will override the scp_if_ssh option 410 | # * sftp = use sftp to transfer files 411 | # * scp = use scp to transfer files 412 | # * piped = use 'dd' over SSH to transfer files 413 | # * smart = try sftp, scp, and piped, in that order [default] 414 | #transfer_method = smart 415 | 416 | # if False, sftp will not use batch mode to transfer files. This may cause some 417 | # types of file transfer failures impossible to catch however, and should 418 | # only be disabled if your sftp version has problems with batch mode 419 | #sftp_batch_mode = False 420 | 421 | # The -tt argument is passed to ssh when pipelining is not enabled because sudo 422 | # requires a tty by default. 423 | #use_tty = True 424 | 425 | # Number of times to retry an SSH connection to a host, in case of UNREACHABLE. 426 | # For each retry attempt, there is an exponential backoff, 427 | # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). 428 | #retries = 3 429 | 430 | [persistent_connection] 431 | 432 | # Configures the persistent connection timeout value in seconds. This value is 433 | # how long the persistent connection will remain idle before it is destroyed. 434 | # If the connection doesn't receive a request before the timeout value 435 | # expires, the connection is shutdown. The default value is 30 seconds. 436 | #connect_timeout = 30 437 | 438 | # Configures the persistent connection retry timeout. This value configures the 439 | # the retry timeout that ansible-connection will wait to connect 440 | # to the local domain socket. This value must be larger than the 441 | # ssh timeout (timeout) and less than persistent connection idle timeout (connect_timeout). 442 | # The default value is 15 seconds. 443 | #connect_retry_timeout = 15 444 | 445 | # The command timeout value defines the amount of time to wait for a command 446 | # or RPC call before timing out. The value for the command timeout must 447 | # be less than the value of the persistent connection idle timeout (connect_timeout) 448 | # The default value is 10 second. 449 | #command_timeout = 10 450 | 451 | [accelerate] 452 | #accelerate_port = 5099 453 | #accelerate_timeout = 30 454 | #accelerate_connect_timeout = 5.0 455 | 456 | # The daemon timeout is measured in minutes. This time is measured 457 | # from the last activity to the accelerate daemon. 458 | #accelerate_daemon_timeout = 30 459 | 460 | # If set to yes, accelerate_multi_key will allow multiple 461 | # private keys to be uploaded to it, though each user must 462 | # have access to the system via SSH to add a new key. The default 463 | # is "no". 464 | #accelerate_multi_key = yes 465 | 466 | [selinux] 467 | # file systems that require special treatment when dealing with security context 468 | # the default behaviour that copies the existing context or uses the user default 469 | # needs to be changed to use the file system dependent context. 470 | #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p 471 | 472 | # Set this to yes to allow libvirt_lxc connections to work without SELinux. 473 | #libvirt_lxc_noseclabel = yes 474 | 475 | [colors] 476 | #highlight = white 477 | #verbose = blue 478 | #warn = bright purple 479 | #error = red 480 | #debug = dark gray 481 | #deprecate = purple 482 | #skip = cyan 483 | #unreachable = red 484 | #ok = green 485 | #changed = yellow 486 | #diff_add = green 487 | #diff_remove = red 488 | #diff_lines = cyan 489 | 490 | 491 | [diff] 492 | # Always print diff when running ( same as always running with -D/--diff ) 493 | # always = no 494 | 495 | # Set how many context lines to show in diff 496 | # context = 3 497 | 498 | --------------------------------------------------------------------------------