VMware Labs just released a really cool new Fling called VIB Author which is a tool that allows you to easily create custom VIBs for your ESXi 5.x hosts. If you have tried to create custom ESXi firewall rules or add custom scripts to your ESXi host, you may have noticed they are not persisted after a system reboot and you had to play all sorts of games to get the files to persist. The VIB Author tool now solves that problem and you can even take your custom VIB and integrate them into an Auto Deploy Image Profile using Image Builder. Before you jump right in, be sure to read over the important note in the documentation before getting started.
So how does the VIB Author tool work?
You will need to provide two pieces of input: payload which is set of files you wish to include in your VIB and the descriptor.xml which contains the metadata for your files. From that, VIB Author can produce either a VIB and/or an offline bundle (can be used with Image Builder).
VIB Author is distributed only as an RPM and you will need to install the VIB Author tool on a 32-bit Linux system (sorry, no 64-bit support). In my home setup, I went with CentOS 6.2 i386 as it was free to download & easy to setup or you may choose go with SUSE Linux Enterprise 11 SP2 which is the recommended platform per the documentation.
UPDATE (07/25/23) - To create custom VIBs for ESXi 8.x or later, please see the update process HERE.
To install the RPM, run the following command:
rpm -ivh vmware-esx-vib-author-5.0.0-0.0.844296.i386.rpm
In the example below, I will show you how to create a custom VIB that contains several different configurations:
- Custom Firewall Rule
- Custom Startup script (adds a static route)
- Custom Files (ghettoVCB)
Disclaimer: The example below is not officially supported by VMware, please thoroughly test this in a development environment before using in production.
Here is the directory structure for the example that we will be going through:
Step 1 - Create your stage directory structure which we will then populate with your payload files as well as the descriptor.xml file.
mkdir -p stage/payloads/payload1
Step 2 - Create your descriptor.xml file which should be placed in the stage directory. For more details on the parameters within the descriptor.xml, please take a look at the documentation.
Here is an example of my descriptor.xml file:
<vib version="5.0"> <type>bootbank</type> <name>virtuallyghetto</name> <version>5.0.0-0.0.1</version> <vendor>virtuallyGhetto</vendor> <summary>Custom VIB from virtuallyGhetto</summary> <description>Adds custom firewall rule, ghettoVCB script and static routes to ESXi host</description> <relationships> <depends> </depends> <conflicts/> <replaces/> <provides/> <compatibleWith/> </relationships> <software-tags> </software-tags> <system-requires> <maintenance-mode>false</maintenance-mode> </system-requires> <file-list> </file-list> <acceptance-level>community</acceptance-level> <live-install-allowed>true</live-install-allowed> <live-remove-allowed>true</live-remove-allowed> <cimom-restart>false</cimom-restart> <stateless-ready>true</stateless-ready> <overlay>false</overlay> <payloads> <payload name="payload1" type="vgz"></payload> </payloads> </vib>
Step 3 - Create the directory structure and store the files you wish to include under payload1. Ensure the the directory structure matches the absolute path of how you want the files to appear on the ESXi host. For example, if you wish to create a file call foo in /etc/vmware/foo then your directory structure should look like stage/payloads/payload1/etc/vmware/foo
Note: In the documentation, there is a list of default supported paths, if you venture off of this supported list, then you will need to issue the -f flag when creating your VIB as well as installing your VIB on your ESXi host
So for our examples we have the following files:
stage/payloads/payload1/etc/vmware/firewall/virtuallyghetto.xml
This one should be pretty straight forward, we are just creating a custom ESXi firewall rule and you will need to place your configuration file under /etc/vmware/firewall, please take a look at this article for more details on creating your own firewall rules.
stage/payloads/payload1/etc/rc.local.d/999.addStaticRoute.sh
This is a custom shell script that adds a static route to an ESXi host upon bootup under /etc/rc.local.d. There maybe other startup scripts that could be executed and you do not want to conflict with any system defaults. I recommend you label yours with a high number such as 999 to ensure it is one of the last scripts to execute.
stage/payloads/payload1/opt/ghettoVCB/{ghettoVCB.conf,ghettoCB-restore.sh,ghettoVCB.sh}
This is a custom set of files that I would like to store in ESXi under /opt directory and the files are my free ghettoVCB backup script.
Here is a copy of my directory structure (stage.zip) which can be used as a reference.
Step 4 - Now we ready to create our VIB and/or offline bundle by specifying our stage directory as input. In this example, we will generate both a VIB as well as an offline bundle containing the same contents. Run the following command:
vibauthor -C -t stage -v virtuallyghetto.vib -O virtuallyghetto-offline-bundle.zip -f
Note: Since we added some files outside of the default supported paths, we also need to specify the -f flag to force the creation.
We can also extract information about our VIB by using the -i option in VIB Author, to do so, run the following command:
vibauthor -i -v virtuallyghetto.vib
Finally, we are now ready to copy the VIB over to our ESXi host and install our custom VIB.
To install VIB run the following command:
esxcli software vib install -v /vmfs/volumes/[datastore-name]/virtuallyghetto.vib -f
To install the offline bundle run the following command:
esxcli software vib install -d /vmfs/volumes/[datastore-name]/virtuallyghetto-offline-bundle.zip -f
Note: You need to specify the -f flag to force the installation since we created files in an unsupported path. I have been able to test the VIB and offline bundle installation on both ESXi 5.0 as well as ESXi 5.1
To confirm we have succesfully installed our custom VIB, we can query it by running the following command:
esxcli software vib list | grep virtuallyghetto
So there you have it, in just a few steps, you can create your own custom VIBs!
Andreas Peetz says
Good to see this ... but please note that the new VIB author is not the first tool that allows creating CommunitySupported VIB files and Offline bundles. See my ESXi5 Community Packaging Tools (http://esxi5-cpt.v-front.de) and my blog post here: http://v-front.blogspot.de/2012/09/vmware-labs-latest-fling-vib-author-and.html.
- Andreas
Anonymous says
Using this tool I have been trying to get an .sh to load during an AutoDeploy boot that will run the script to set a few RDM LUNs to perennial and speed up the boot time as mentioned in this kb http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1016106&sliceId=1&docTypeID=DT_KB_1_1&dialogID=218399559&stateId=0%200%20218397548
I can see the file load during boot and after ESXi is up and running the file is located in the /etc/rc.local.d directory (so I know that is working), however, it does not appear that the script is running as the boot time is still 40-45 minutes. I have tried naming the script file with 999. and 50. and even 1. I know that the script itself works because I can run it from an SSH session after the server is loaded it runs (i can then restart agents and they restart in seconds instead of 30+ minutes). Any idea why it would not load during boot? Here is what the script looks like:
#!/bin/sh
esxcli storage core device setconfig -d --perennially-reserved=true
esxcli storage core device setconfig -d --perennially-reserved=true
esxcli storage core device setconfig -d --perennially-reserved=true
esxcli storage core device setconfig -d --perennially-reserved=true
esxcli storage core device setconfig -d --perennially-reserved=true
Anonymous says
After installing this VIB I can't use update manager for ESXi. In logs I see "Element vib failed to validate content".
Before installing I use "esxcli software acceptance set --level=CommunitySupported"
Anyone knows how resolve this problem? (without deleting problem VIB)
Anonymous says
Thanks... I resolve problem xD
Jau-Ling Chou says
how?
tom loftus says
FYI : I just downloaded latest authoring tool from vmware, vmware-esx-vib-author-5.0.0-0.0.847598.i386.
Got dependency hell on centos32 bit VM, complaining about 64 bit libs.
Re-installed on centos 6.3 64 bit, worked just fine.
Anonymous says
How did you resolve the "Element vib failed to validate content" problem?
Anonymous says
I'm also interested to know if/how VUM VIB Validate error can be resolved for unsigned partner/community supported VIBs. Anyone tried importing their own VIB into VUM?
William says
It looks within VUM, there is a check to prevent VIBs that contains files outside of the supported paths which is a clue from the error as it points to the start of the section of the descriptor.xml. To confirm, I created a custom VIB and adding a file in the supported path and I was able to stage & remediate. Looks like you may need to script any custom VIBs OR integrate that into a base ESXi ISO image and import that into VUM (hopefully that'll work but I've not tested)
v-front.de says
You can avoid the "Element vib failed to validate content" error by assigning the Acceptance Level "VMwareAccepted" (instead of "CommunitySupported") to your VIB package. This is of course unsuported, and you then need to install the package with the --no-sig-check option.
For details see http://www.v-front.de/2012/11/a-daemons-vib-part-3-building-software.html
- Andreas
William says
Andreas,
That only works if you're using ESXCLI to install the custom VIB which you need to change the acceptance level. The question in the above thread is regarding VUM and from what I can tell, even if you set the proper acceptance level on the ESXi host and use "community" within the custom VIB, the error is thrown as it looks like VUM is not allowing CommunitySupported VIBs to be staged to ESXi host
Anonymous says
It seems like this error appears only when packing the offline bundle using Vib Auther from VMWARE.
Download this pack of VIB tools and use VIB2ZIP windows script inside to create the offline bundle.
http://www.v-front.de/p/esxi5-community-packaging-tools.html
Works like a charm.
Brian Caldwell says
Is there a way to edit a VIB already installed in the bootbank on a ESXi 5.0 host, or modify the VIB before its installed? There is a IBM CIM provider that generates a line in cron, and I want to remove the line from the file in the bootbank.
William says
It'll depend on what was installed, you could edit the changes but since it was installed via a VIB, the change would persist. So you would probably have to do some work to ensure it does not persist. You could edit an existing VIB, but once you bundle it backup it will require you to change your acceptance on the ESXi host since it has been modified from the original source (no longer signed by the vendor). From the sounds of it, you may want to contact IBM and ask them for a FR instead
Anonymous says
Is there a way to have a post-install script automatically run after a vib is installed (e.g. to add a cron entry)?
Steven says
I'm looking for the same method. I created a VIB which creates a folder under /opt. In this folder /opt/myVIB there is a file called "configureSNMP.sh".
I want to execute that script "configureSNMP.sh" during the install process, or during post-install process.
Is there any method to achieve this?
Regards,
Steven
Assaf says
Hi Steven,
did you find a way to do it?
Vijay Srivastava says
Hi Steven,
If you add your script configureSNMP.sh in the folder /etc/init.d/
then it would be executed during VIB installation/removal
Regards,
Vijay
Anonymous says
Has this been tested on 5.5 yet? Any updates? I tried to upgrade a 5.1 instance to 5.5 a couple of days ago and this VIB bombed the install. I was thinking of removing it, upgrading and then re-installing. Any thought?
Timothy Garay says
I have been unsuccessful at compiling a simple vib. I keep getting this message:
[root@CentOS65 /]# vibauthor -C -t stage -v test.vib -O test.zip
Traceback (most recent call last):
File "/usr/bin/vibauthor", line 9, in
vibauthorImpl.main()
File "/build/mts/release/bora-847598/bora/build/esx/beta/vibauthor-stage/vibauthorImpl.py", line 1436, in main
File "/build/mts/release/bora-847598/bora/build/esx/beta/vibauthor-stage/vibauthorImpl.py", line 303, in CreateVIB_RT
KeyError: 'version'
I've tried changing settings. The only thing in here is a firewall rule.
I've tried looking for older versions of the vibauthor but can only find the one currently available from VMware.
William Lam says
Are you using the exact same stage example I have? I assume you're centOS build is the same, it should work on newer versions but I've not tested it. You can always post on the Flings page for additional help
Robert Graham says
Is there anything against creating a VIB and marking it as accepted, and just having people install it using 'esxcli software vib install -v --no-sig-check' ??? I want to mark it as community acceptance level, but i need to add some file to the /etc/init.d/ folder. Is there are terms or conditions that say something marked as 'accepted' has to be signed by VMware ???
lamw says
Not sure I understand the question. If you're building a custom VIB and you're not a VMware Certified Partner, then you MUST set the acceptance level of your ESXi host to lowest security level which is "Community Level" for the VIB to be successfully installed.
Robert Graham says
I was more so referring to creating VIBs that install files to non-default directories. I have a VIB that is community supported, that installs files to /etc/init.d/. Only way to install it is via the '-f' flag. This works, however, now every VIB after this has to be installed with the '-f' flag. Any suggestions?
Steve Furniss says
I have installed the InfiniBand Open Subnet Manager vib manually from the CLI and had to set the software acceptance level to "Community Supported".... what I have noticed now is that I am now unable to install any patches using VUM unless I first remove the "Community Supported" vib.
William Lam says
I believe this is a known issue as others have reported it as VUM does not support "Community Support" packages
Assaf says
Hi Steven,
did you find a way to do it?
Patrick says
It was recently (January 2018), I found VIB Author will run on the 64-bit SUSE Linux 11 Enterprise. The 32-bit distro was too hard to find. This Veeam link was also handy though I had to zypper a couple other libs after error messages told me those were missing. Then, the vib-author bit ran good.
Good words to you!
rapitharian says
William, the vib-author fling is no longer available at https://labs.vmware.com/flings/vib-author is there a new location to get this file?
lamw says
No, but you can use my Docker Image https://williamlam.com/2015/05/a-docker-container-for-building-custom-esxi-vibs.html
rapitharian says
Thanks for the info. I pulled the container.