« Previous -
Version 37/69
(diff) -
Next » -
Current version
Corey Osman, 10/18/2011 02:24 pm
ESX Integration¶
Preface¶
This topic is a work in progress. I have not made foreman work with ESX server 100% but I wanted to at least copy my notes here for others to hack away at.
Although ESX and ESXi are different products they should be considered identical when it comes to working with the Vmware SDK.
Furthermore, vSphere is almost identical to ESX SDK with the exception that vSphere has additional objects and actions available to choose from when using the SDK.
All of these "ESX" products implement the Vsphere SDK through Https
I'll update this as I find out more information. If your able to get it working please edit this document and submit any needed patches.
Requirements¶
- libvirt 0.8.3+ (not totally sure on this) but I know it doesn't work with 0.8.1
- ruby-libvirt 0.4.0
- ESX, ESXi, vsphere server, VMware Server (ESX 5 may not be supported)
- A CA (Certificate Authority) to sign new certificates (psst, use your puppet CA or other CA you might have)
- RHEL6 or CentOS6 (not required but its what I use)
Summary¶
- Install libvirt
- Install ruby-libvirt gem
- Create ssl key
- Sign key with CA cert and CA key
- Transfers these keys to your ESX or Vsphere server
- Copy CA cert and client cert
- Start libvirtd
- Test with virsh
- Setup hypervisor in foreman
Detail Instructions¶
Install libvirt¶
I tried various versions. The latest has too many dependancies so I stuck with 0.9.1 which is perfect for what I need.
I have compiled some RPMs to make it easier to install but you may need to resolve some additional dependancies.
This shouldn't be too bad if you have the EPEL repo.
http://www.logicminds.biz/rpms/libvirt-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-client-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-devel-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-python-0.9.1-1.el6.x86_64.rpm
You will need to use the following to install all the rpms once downloaded.
yum -y --nogpgcheck localinstall libvirt-*
or
rpm -Uvh libvirt-*
Install libvirt gem¶
gem install ruby-libvirt
Create SSL Key¶
certtool --generate-privkey > pdxesx.logicminds.corp-key.pem
Sign key with CA cert and CA key¶
[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem --load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem Generating a signed certificate...
# Server.info organization = Logic Minds Corp cn = pdxesx.logicminds.corp tls_www_server encryption_key signing_key
Transfer these keys to your ESX or Vsphere server¶
You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.
You may need to enable ssh on your esx server. Not sure what to do for vsphere since its windows.
scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt
Copy CA cert¶
Since I used puppet as my CA and client I can just reuse the keys and certs I already have.
ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem
Start he libvirtd Service¶
service libvirtd start
Test with virsh¶
I created a foreman user on my esx server
[root@puppet ~]# virsh
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh # connect esx://foreman@pdxesx?no_verify=1
Enter foreman's password for pdxesx:
virsh # version
Compiled against library: libvir 0.9.1
Using library: libvir 0.9.1
Using API: ESX 0.9.1
Running hypervisor: ESX 4.1.0
virsh # list
Id Name State
----------------------------------
16 puppetagent1 running
Setup hypervisor in Foreman¶
URI
esx://foreman@pdxesx
Currently I get the following error:
1 error prohibited this hypervisor from being saved There were problems with the following fields: Unable to connect to Hypervisor: private method `open' called for Libvirt:Module
I think one issue with foreman is that there is now way to enter in authentication information.
http://libvirt.org/ruby/examples/open_auth.rb
I have changed the foreman code below since it needs to use openauth instead of open
However, there still seems to be some issues. Not to mention this is a horrible implementation.
The create hypervisor view should include fields for credentials to be passed into this connection method.
As you can see I have hardcode my esx credentials into the code itself.
I haven't had enough time to mess with this yet, and I am not sure if other hypervisors can also use the open_auth method.
${FOREMANHOME}/plugins/virt/lib/virt/connection.rb
require 'libvirt'
module Virt
class Connection
attr_reader :connection
def initialize uri
raise("Must provide a guest to connect to") unless uri
@connection = Libvirt::open_auth("esx://pdxesx.logicminds.corp?no_verify=1",
[Libvirt::CRED_AUTHNAME, Libvirt::CRED_PASSPHRASE],
"my data") do |cred|
if cred["type"] == Libvirt::CRED_AUTHNAME
res = "foreman"
elsif cred["type"] == Libvirt::CRED_PASSPHRASE
res = "changeme"
else
raise "Unsupported credential #{cred['type']}"
end
end
# @connection = Libvirt::open uri
end
def closed?
connection.closed?
end
def secure?
connection.encrypted?
end
def version
connection.libversion
end
def disconnect
connection.close
end
def host
Host.new
end
end
end
Foreman needs to support open_auth which I don't think it currently does.
Reference Material¶
http://libvirt.org/remote.html#Remote_TLS_server_certificates
http://libvirt.org/drvesx.html#auth
http://www.vmware.com/support/developer/vc-sdk/
-- cosman2001
