History

« Previous - Version 38/69 (diff) - Next » - Current version
Corey Osman, 10/29/2011 11:45 pm

ESX Integration

Preface

This topic is a work in progress. I have not made foreman work with ESX server 100% but I wanted to at least copy my notes here for others to hack away at.
Although ESX and ESXi are different products they should be considered identical when it comes to working with the Vmware SDK.
Furthermore, vSphere is almost identical to ESX SDK with the exception that vSphere has additional objects and actions available to choose from when using the SDK.
All of these "ESX" products implement the Vsphere SDK through Https

I'll update this as I find out more information. If your able to get it working please edit this document and submit any needed patches.

Requirements

  1. libvirt 0.9.1+ (not totally sure on this) but I know it doesn't work with 0.8.1
  2. ruby-libvirt 0.4.0
  3. ESX, ESXi, vsphere server, VMware Server (ESX 5 may not be supported)
  4. A CA (Certificate Authority) to sign new certificates (don't need if you use no_verify=1 option)
  5. RHEL6 or CentOS6 (not required but its what I use)

Summary

  1. Install libvirt and libvirt-devel
  2. Install ruby-libvirt gem
  3. Start libvirtd
  4. Test with virsh
  5. Setup hypervisor in foreman

Use these steps if not using the no_verify=1 option
  1. Create ssl key
  2. Sign key with CA cert and CA key
  3. Transfers these keys to your ESX or Vsphere server
  4. Copy CA cert and client cert

Detail Instructions

Install libvirt

I tried various versions. The latest has too many dependancies so I stuck with 0.9.1 which is perfect for what I need.
I have compiled some RPMs to make it easier to install but you may need to resolve some additional dependancies.
This shouldn't be too bad if you have the EPEL repo.

http://www.logicminds.biz/rpms/libvirt-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-client-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-devel-0.9.1-1.el6.x86_64.rpm
http://www.logicminds.biz/rpms/libvirt-python-0.9.1-1.el6.x86_64.rpm

You will need to use the following to install all the rpms once downloaded.

yum -y --nogpgcheck localinstall libvirt-*

or
 rpm -Uvh libvirt-*

Install libvirt gem

gem install ruby-libvirt

Create SSL Key (Not needed if using no_verify=1)

certtool --generate-privkey > pdxesx.logicminds.corp-key.pem

Sign key with CA cert and CA key (Not needed if using no_verify=1)

[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem
 --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem 
--load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem
Generating a signed certificate...

# Server.info
organization = Logic Minds Corp
cn = pdxesx.logicminds.corp
tls_www_server
encryption_key
signing_key

Transfer these keys to your ESX or Vsphere server (Not needed if using no_verify=1)

You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.

You may need to enable ssh on your esx server. Not sure what to do for vsphere since its windows.

scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key
scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt

Copy CA cert (Not needed if using no_verify=1)

Since I used puppet as my CA and client I can just reuse the keys and certs I already have. 

ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem
ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem
ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem

Start he libvirtd Service

 service libvirtd start

Test with virsh

I created a foreman user on my esx server

[root@puppet ~]# virsh
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # connect esx://foreman@pdxesx?no_verify=1
Enter foreman's password for pdxesx: 

virsh # version
Compiled against library: libvir 0.9.1
Using library: libvir 0.9.1
Using API: ESX 0.9.1
Running hypervisor: ESX 4.1.0

virsh # list
 Id Name                 State
----------------------------------
 16 puppetagent1         running

Setup hypervisor in Foreman

URI
esx://foreman@pdxesx?no_verify=1

Reference Material

http://libvirt.org/remote.html#Remote_TLS_server_certificates
http://libvirt.org/drvesx.html#auth
http://www.vmware.com/support/developer/vc-sdk/

-- cosman2001

Screen_Shot_2011-10-29_at_9.32.42_PM.png (167.9 KB) Corey Osman, 10/30/2011 12:33 am

Screen_Shot_2011-10-29_at_9.32.19_PM.png (50.9 KB) Corey Osman, 10/30/2011 12:33 am

0001-Feature-955-vmware-provisioning-support.patch (9.6 KB) Corey Osman, 11/15/2011 03:52 pm

Also available in: HTML TXT