重要前提:会使用ipmi管理服务器,ipmi正常使用不失联
〇、下载地址:
esxi下载地址我用的是7.0U3,其他版本自行测试
openwrt vmdk下载地址.你也可以去openwrt官网下载img文件自己转vmdk
其他的系统镜像自己解决。我下载镜像较多的一个网站镜像网站
一、安装esxi系统
1、杜甫在ipmi挂载netboot.xyz.iso文件
2、从cd/dvd启动
3、根据邮件的IP地址配置上你的服务器IP
4、到了netboot linux往下翻找到esxi,这一步最好需要找一个美国的vps把esxi镜像复制过去作为镜像服务器
4.1、把镜像复制到vps并挂载镜像并放到网站目录
mkdir -p /var/www/html/esxi7
mount VMware-VMvisor-Installer-7.0U3f-20036589.x86_64.iso /mnt
cp -r /mnt/* /var/www/html/esxi7/
复制
4.2、更改boot.cfg配置文件
cd /var/www/html/esxi7/
vim boot.cfg
复制
把prefix这个后面改成你自己vps的IP
prefix=http://123.123.123.123/esxi7
kernel=/k.b00 把/去掉
kernel=k.b00
modules= 这一行所有的/都去掉
当然,也可以直接复制,当然IP改成你vps的
cp -a boot.cfg boot.cfg.bak.$(date +%F-%H%M%S)
cat > boot.cfg <<'EOF'
prefix=http://123.111.111.212:18080/esxi7
bootstate=0
title=Loading ESXi installer
timeout=5
kernel=b.b00
kernelopt=runweasel
modules=jumpstrt.gz --- useropts.gz --- features.gz --- k.b00 --- uc_intel.b00 --- uc_amd.b00 --- uc_hygon.b00 --- procfs.b00 --- vmx.v00 --- vim.v00 --- tpm.v00 --- sb.v00 --- s.v00 --- atlantic.v00 --- bnxtnet.v00 --- bnxtroce.v00 --- brcmfcoe.v00 --- elxiscsi.v00 --- elxnet.v00 --- i40en.v00 --- iavmd.v00 --- icen.v00 --- igbn.v00 --- ionic_en.v00 --- irdman.v00 --- iser.v00 --- ixgben.v00 --- lpfc.v00 --- lpnic.v00 --- lsi_mr3.v00 --- lsi_msgp.v00 --- lsi_msgp.v01 --- lsi_msgp.v02 --- mtip32xx.v00 --- ne1000.v00 --- nenic.v00 --- nfnic.v00 --- nhpsa.v00 --- nmlx4_co.v00 --- nmlx4_en.v00 --- nmlx4_rd.v00 --- nmlx5_co.v00 --- nmlx5_rd.v00 --- ntg3.v00 --- nvme_pci.v00 --- nvmerdma.v00 --- nvmetcp.v00 --- nvmxnet3.v00 --- nvmxnet3.v01 --- pvscsi.v00 --- qcnic.v00 --- qedentv.v00 --- qedrntv.v00 --- qfle3.v00 --- qfle3f.v00 --- qfle3i.v00 --- qflge.v00 --- rste.v00 --- sfvmk.v00 --- smartpqi.v00 --- vmkata.v00 --- vmkfcoe.v00 --- vmkusb.v00 --- vmw_ahci.v00 --- bmcal.v00 --- crx.v00 --- elx_esx_.v00 --- btldr.v00 --- esx_dvfi.v00 --- esx_ui.v00 --- esxupdt.v00 --- tpmesxup.v00 --- weaselin.v00 --- esxio_co.v00 --- loadesx.v00 --- lsuv2_hp.v00 --- lsuv2_in.v00 --- lsuv2_ls.v00 --- lsuv2_nv.v00 --- lsuv2_oe.v00 --- lsuv2_oe.v01 --- lsuv2_oe.v02 --- lsuv2_sm.v00 --- native_m.v00 --- qlnative.v00 --- trx.v00 --- vdfs.v00 --- vmware_e.v00 --- vsan.v00 --- vsanheal.v00 --- vsanmgmt.v00 --- tools.t00 --- xorg.v00 --- gc.v00 --- imgdb.tgz --- basemisc.tgz --- resvibs.tgz --- imgpayld.tgz
build=7.0.3-0.50.20036589
updated=0
EOF
然后回到/var/www/html
cd /var/www/html
然后
python3 -m http.server 8080
然后可以访问试试 http://vpsip:8080/esxi7/ 能列出那些文件就没问题了
回到ipmi的netboot界面继续安装,esxi的url 就写http://vpsip:8080/esxi7/
然后安装esxi的步骤我就不说了
二、esxi配置
esxi把IP地址改成ccs邮件发给你的地址掩码网关什么的,然后https://ccsip就可以访问你的esxi了,
在网络里面应该可以看到两个交换机和两个端口组,交换机我们不动他,端口组为了防止混淆,我们自己建立两个端口组,一个命名为wan ,虚拟交换机接到 vSwitch0,安全什么的都选择接受,另一个lan ,接到 [vSwitch-vm]交换机。
然后就是安装openwrt了
先是上传镜像到esxi,网页传会很慢,可以把esxi的ssh打开,然后找个美区vps scp过去就快得多。
这里的镜像还不能直接用,因为默认是厚置备的,需要设置为精简置备
ssh到镜像所在位置,然后转换一下
vmkfstools -i *.vmdk openwrt-64-bit.vmdk -d thin
然后openwrt就应该可以正常安装了,安装的时候,给openwrt分配两个网卡,第一块选择wan,第二块选择lan然后先给他分配一块银盘,然后后面给他删掉,选择现有硬盘为刚才那个vmdk
openwrt就应该可以正常开机了
然后先简单给openwrt配个临时IP(先不要配ccs的IP,以免失联)
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd10:1234:5678::/48'
option packet_steering '1'
config interface 'wan'
option proto 'static'
option ipaddr '10.0.0.2'
option gateway '10.0.0.1'
option device 'eth0'
list dns '8.8.8.8'
option force_link '0'
option netmask '255.255.255.252'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option device 'eth1'
然后/etc/init.d/network restart 重启一下网卡
正常情况下openwr就应该有IP了,ip addr看一下IP地址,没问题的话我们就继续往下走
我们需要开放wan口访问openwrt的权限
uci show firewall | grep "=zone"
正常会有两个 一个zone0 一个zone1
然后我们分别查一下这两个zone是lan还是wan
uci show firewall.@zone[0]
uci show firewall.@zone[1]
我这里可以看出zone1是wan口
然后放开22端口,80端口 443端口的wan口访问
# 允许 SSH
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-WAN-SSH'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].target='ACCEPT'
# 允许 HTTP
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-WAN-HTTP'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='80'
uci set firewall.@rule[-1].target='ACCEPT'
# 允许 HTTPS
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-WAN-HTTPS'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall
/etc/init.d/firewall restart
然后改好了就去把wan口的IP改成ccs的IP,并且加一个和esxi互通的IP
我的配置如下
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd10:1234:5678::/48'
option packet_steering '1'
config interface 'wan'
option proto 'static'
option gateway '111.222.333.444'#这里改成ccs给你的网关
option device 'eth0'
list dns '8.8.8.8'
option force_link '0'
list ipaddr '111.222.333.444'#这里改成ccs给你的地址
list ipaddr '10.0.0.2'#与esxi互通的地址
option netmask '255.255.255.252'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option device 'eth1'
然后重启网卡
/etc/init.d/network restart
这里不出意外的话你已经失联了
然后去到ipmi界面,找到esxi配置IP的地方,把esxi的地址改成10.0.0.1 网关10.0.0.2 掩码255.255.255.0或者252都可以
然后重启esxi的网络
不出意外的话,你用浏览器访问你的ccsip 就能访问到openwrt了
那问题来了,怎么访问esxi呢
首先把 esxi的端口443映射到公网IP的10443(假如是这个),你想要其他的自己改配置
uci add firewall redirect
uci set firewall.@redirect[-1].name='ESXi-HTTPS-10443'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].src_dport='10443'
uci set firewall.@redirect[-1].proto='tcp'
uci set firewall.@redirect[-1].dest='wan'
uci set firewall.@redirect[-1].dest_ip='10.0.0.1'
uci set firewall.@redirect[-1].dest_port='443'
uci commit firewall
默认 OpenWrt 不允许 wan→wan forward,必须加一条。
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-WAN-to-ESXi-443'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest='wan'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].dest_ip='10.0.0.1'
uci set firewall.@rule[-1].dest_port='443'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall
这样你的openwrt和esxi就能愉快的访问了;
其他的虚拟机你就接到lan口就ok ,默认会自动给你dhcp
当然,我还安装了vcenter 虽然没有什么用,但是看起来更专业一些,嘿嘿
BD
支持
好文,谢谢
Dell7.0U3的UI和公版的不一样
mark