This topic is a work in progress. I have not made foreman work with ESX server 100%25 but I wanted to at least copy my notes here for others to hack away at.
Although ESX and ESXi are different products they should be considered identical when it comes to working with the Vmware SDK.
Furthermore, vSphere is almost identical to ESX SDK with the exception that vSphere has additional objects and actions available to choose from when using the SDK.
All of these "ESX" products implement the Vsphere SDK through Https
I'll update this as I find out more information. If your able to get it working please edit this document and submit any needed patches.
- libvirt 0.9.1+ (not totally sure on this) but I know it doesn't work with 0.8.1
- ruby-libvirt 0.4.0
- ESX, ESXi, vsphere server, VMware Server (ESX 5 may not be supported)
- A CA (Certificate Authority) to sign new certificates (don't need if you use no_verify=1 option)
- RHEL6 or CentOS6 (not required but its what I use)
- Install libvirt and libvirt-devel
- Install ruby-libvirt gem
- Start libvirtd
- Test with virsh
- Setup hypervisor in foreman
Use these steps if not using the no_verify=1 option
- Create ssl key
- Sign key with CA cert and CA key
- Transfers these keys to your ESX or Vsphere server
- Copy CA cert and client cert
I tried various versions. The latest has too many dependancies so I stuck with 0.9.1 which is perfect for what I need.
I have compiled some RPMs to make it easier to install but you may need to resolve some additional dependancies.
This shouldn't be too bad if you have the EPEL repo.
You will need to use the following to install all the rpms once downloaded.
yum -y --nogpgcheck localinstall libvirt-*
rpm -Uvh libvirt-*
Install libvirt gem¶
gem install ruby-libvirt
Create SSL Key (Not needed if using no_verify=1)¶
certtool --generate-privkey > pdxesx.logicminds.corp-key.pem
Sign key with CA cert and CA key (Not needed if using no_verify=1)¶
[root@puppet ~]# certtool --generate-certificate --load-privkey pdxesx.logicminds.corp-key.pem --load-ca-certificate /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem --load-ca-privkey /etc/puppetlabs/puppet/ssl/ca/ca_key.pem --template server.info --outfile pdxesx.logicminds.corp.pem Generating a signed certificate...
# Server.info organization = Logic Minds Corp cn = pdxesx.logicminds.corp tls_www_server encryption_key signing_key
Transfer these keys to your ESX or Vsphere server (Not needed if using no_verify=1)¶
You don't need to transfer your keys if you always use the no_verify=1 option in the connection URI.
You may need to enable ssh on your esx server. Not sure what to do for vsphere since its windows.
scp pdxesx.logicminds.corp-key.pem root@pdxesx:/etc/vmware/ssl/rui.key scp pdxesx.logicminds.corp.pem root@pdxesx:/etc/vmware/ssl/rui.crt
Copy CA cert (Not needed if using no_verify=1)¶
Since I used puppet as my CA and client I can just reuse the keys and certs I already have.
ln -s /etc/puppetlabs/puppet/ssl/private_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/private/clientkey.pem ln -s /etc/puppetlabs/puppet/ssl/public_keys/puppet.logicminds.corp.pem /etc/pki/libvirt/clientcert.pem ln -s /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem /etc/pki/CA/cacert.pem
Start he libvirtd Service¶
service libvirtd start
Test with virsh¶
I created a foreman user on my esx server
[root@puppet ~]# virsh Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # connect esx://foreman@pdxesx?no_verify=1 Enter foreman's password for pdxesx: virsh # version Compiled against library: libvir 0.9.1 Using library: libvir 0.9.1 Using API: ESX 0.9.1 Running hypervisor: ESX 4.1.0 virsh # list Id Name State ---------------------------------- 16 puppetagent1 running
Setup hypervisor in Foreman¶