Deploying Vmware ESXI with ssh enabled by editing vmware-esxi-ks.cfg

As you may know, the default ESXI Image on MAAS has SSH disabled. We can only enable on UI by activating the service.

Have you guys tried to deploy VMWare ESXI with SSH enabled by editing vmware-esxi-ks.cfg ?

I did it but it just doesn’t work. Below you can see the config file:

vmaccepteula

# The root password for the deployed image. If changed be sure to update
# the vcenter script below.
rootpw password123!

install --firstdisk

# Sets VMware ESXi licensing key. If not included installs in
# evaluation mode.
# serialnum --esx=XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

network --bootproto=dhcp

%post --interpreter=busybox
# The install reboots by default, when creating an image halt so Packer can
# run post-processors and finish.
halt

%firstboot --interpreter=busybox
# Log all output.
exec &> /var/log/maas.log

# Allow script to continue even if something fails to get as much configuration
# done as possible.
set +e

# Enable SSH
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh

# Enable ESXi shell
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell

# Track whether any network configuration failed.
failed=0

# Apply network configuration
/altbootbank/maas/netplan-esxi -c /altbootbank/maas/curtin.cfg apply || failed=1

# Apply the storage configuration
/altbootbank/maas/storage-esxi -c /altbootbank/maas/curtin.cfg || failed=1

# Temporarily disable firewall so we can communicate with MAAS
esxcli network firewall set --enabled=false || failed=1

MAAS_MD_GET="/altbootbank/maas/maas-md-get -c /altbootbank/maas/curtin.cfg"

# Copy SSH keys from MAAS
$MAAS_MD_GET latest/meta-data/public-keys >> /etc/ssh/keys-root/authorized_keys || failed=1

# Get the FQDN for the machine from MAAS and set it.
esxcli system hostname set --fqdn=$($MAAS_MD_GET latest/meta-data/local-hostname) || failed=1

$MAAS_MD_GET latest/meta-data/vendor-data | /altbootbank/maas/vendor-data-esxi || failed=1

# Tell MAAS deployment has finished by retrieving user-data. user-data is executed if it
# uses an interrupter found on the system(/bin/sh, /usr/bin/env python,
# or /usr/bin/env python3)
$MAAS_MD_GET latest/user-data > /altbootbank/maas/user-data || failed=1
chmod +x /altbootbank/maas/user-data || failed=1
/altbootbank/maas/user-data || failed=1

# Try to join vCenter first using the FQDN then iterating over IP addresses.
for addr in \
        $(hostname) \
	$(esxcli network ip interface ipv4 address list | awk '/vmk/ { print($2) }') \
	$(esxcli network ip interface ipv6 address list | awk '/vmk/ { print($2) }'); do
    # If defined as a global configuration option MAAS and deployed by an administrator
    # MAAS will send the vCenter server, username, password, and datastore which will be
    # stored in vcenter.yaml. You can define these options here if you don't want them
    # stored in MAAS however vcenter.yaml will override any option here.
    /altbootbank/maas/vcenter \
        --config=/altbootbank/maas/vcenter.yaml \
	--datacenter=Datacenter \
	--host=$addr \
	--esxi-username=root \
	--esxi-password='password123!'
        # --server=vCenter FQDN or IP \
	# --username='administrator@vsphere.local' \
	# --password='Password123!' \

    # If registration succeeds or not enough information was given to join
    # vCenter stop trying.
    if [ $? -eq 0 -o $? -eq 64 ]; then
        break
    fi
done

# Reenable firewall
esxcli network firewall set --enabled=true || failed=1

# Cleanup MAAS first boot files.
if [ $failed -eq 0 ]; then
    rm -rf /altbootbank/maas
fi

I have fixed it.
The problem wasn’t on the file but on the image instead.
Every time I built the image using Packer, send it to Maas and re-import it didn’t overwrite the image thus I built again on Packer, send it to Maas and copy the file vmware-esxi.dd.gz to /var/lib/maas/boot-resources/current/esxi/amd64/generic/6.7/uploaded/ overwriting the root-dd.gz created by importing process. Bum, it worked.