vSphere Auto Deploy + NSX

There are many blogs and KB’s detailing vSphere Auto Deploy – For larger vSphere environments, it is pretty much a requirement to help manage large scale hypervisor host deployment. The great news is Auto Deploy can also be used with NSX although there are a couple of small “gotchas” associated with Auto Deploy itself…

Screen Shot 2014-08-30 at 9.06.13 PM

To begin, Auto Deploy requires all software components to be in place (image profile) and uses a host profile to assist with the customization of the new host…

So, the first gotcha is that NSX (and VXLAN) install VIB’s to extend the Hypervisors core capabilities after the Hypervisor has loaded, and Auto Deploy does not provide for post VIB installation.

This is “old news” to anyone who has worked with Auto Deploy hardware and software VIB’s… A prerequisite for NSX is to preinstall it’s VIB’s. As noted in an earlier blog post, NSX VIB’s can be found at: https://nsx_manager_ip/bin/vdn/vibs/5.5/vxlan.zip 

The second gotcha is a little more interesting in that that a host profile should be taken before NSX has been configured.

Worst case, if a host profile is taken after the host is configured with NSX and applied, the recipient would end up with a duplicate host configuration of the host the profile was taken from. You can edit a host profile and “remove” the NSX bits if needed to ensure duplicate configuration does not occur.

The third gotcha is a feature of Auto Deploy itself – NSX configuration on an Auto Deploy host will create new VXLAN Tunnel End Point (VTEP) VMKernel ports. Given this activity, the host is now “different” from the host profile and as such, Auto Deploy can flag this as a compliance issue…

Detailed steps as follows which will be the basis of a new KB from VMware in the very near term:

  • Initial host profile is created after the ESXi host has booted with an image profile containing the NSX VIBs.
  • Once new hostsarepreparedforNSXwithVXLAN configured, you must update the host profile from reference host. Right click on the host profile and select “Enable/Disable Profile Configuration”
    • Under Networking configuration -> Host Virtual NIC unselect the VXLAN vmkernel interface to ensure that NSX Manager always creates the VTEP on boot. Adjust this based on the environment – 1 VTEP, 2 VTEP’s, or 4 VTEP’s etc.
    • Under Networking configuration -> NetStack Instance -> vxlan unselect ipRouteConfig
    • Under Advanced configuration option unselect all UserVars.Rmq* variables as these are also pushed to the host by NSX Manager
    • With these changes you will be able to refresh the host profile as required, and the NSX parameters will be ignored when the host profile is applied.
  • Host profile has to be captured a second time after VXLAN configuration. After the second capture (from a host has been configured with VXLAN and RMQ* and stuff), You have to DISABLE and not DELETE: Host vitual NICs (VXLAN vmk),  IP route config from VXLAN,  adv config options rmq* I believe this step will resolve the profile compliance warnings.

If you add the Host to Cluster AND Prep for NSX and THEN create the Host Profile it will get populated with all the Host Specific RabbitMQ settings. You can still make this work, but you will have to edit the Profile–Go to Advanced settings, and strip out all the settings containing “rmq.” THEN apply the profile to the Hosts. This is actually pretty easy to resolve so, IMO, probably an easy way to get the job done.

At the end of the day, all of the above is a 10 minute process and ideally if you contact your favorite VMware NSBU Systems Engineer, they will assist you with this activity.


Note: Updated KB detailing NSX Auto Deploy Configuration… KB 2092871

Related Posts
Installing or Upgrading to ESXi 5.5 Best Practices
Stateful Firewall and NSX
NSX L2VPN within the Data Center