WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / ESXi / Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling

Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling

09.28.2012 by William Lam // 40 Comments

VMware Labs just released a really cool new Fling called VIB Author which is a tool that allows you to easily create custom VIBs for your ESXi 5.x hosts. If you have tried to create custom ESXi firewall rules or add custom scripts to your ESXi host, you may have noticed they are not persisted after a system reboot and you had to play all sorts of games to get the files to persist. The VIB Author tool now solves that problem and you can even take your custom VIB and integrate them into an Auto Deploy Image Profile using Image Builder. Before you jump right in, be sure to read over the important note in the documentation before getting started.

So how does the VIB Author tool work?

You will need to provide two pieces of input: payload which is set of files you wish to include in your VIB and the descriptor.xml which contains the metadata for your files. From that, VIB Author can produce either a VIB and/or an offline bundle (can be used with Image Builder).

VIB Author is distributed only as an RPM and you will need to install the VIB Author tool on a 32-bit Linux system (sorry, no 64-bit support). In my home setup, I went with CentOS 6.2 i386 as it was free to download & easy to setup or you may choose go with SUSE Linux Enterprise 11 SP2 which is the recommended platform per the documentation.

To install the RPM, run the following command:

rpm -ivh vmware-esx-vib-author-5.0.0-0.0.844296.i386.rpm

In the example below, I will show you how to create a custom VIB that contains several different configurations:

  • Custom Firewall Rule
  • Custom Startup script (adds a static route)
  • Custom Files (ghettoVCB)

Disclaimer: The example below is not officially supported by VMware, please thoroughly test this in a development environment before using in production.

Here is the directory structure for the example that we will be going through:

Step 1 - Create your stage directory structure which we will then populate with your payload files as well as the descriptor.xml file.

mkdir -p stage/payloads/payload1 

Step 2 - Create your descriptor.xml file which should be placed in the stage directory. For more details on the parameters within the descriptor.xml, please take a look at the documentation.

Here is an example of my descriptor.xml file:

<vib version="5.0">
  <type>bootbank</type>
  <name>virtuallyghetto</name>
  <version>5.0.0-0.0.1</version>
  <vendor>virtuallyGhetto</vendor>
  <summary>Custom VIB from virtuallyGhetto</summary>
  <description>Adds custom firewall rule, ghettoVCB script and static routes to ESXi host</description>
  <relationships>
    <depends>
    </depends>
    <conflicts/>
    <replaces/>
    <provides/>
    <compatibleWith/>
  </relationships>
  <software-tags>
  </software-tags>
  <system-requires>
    <maintenance-mode>false</maintenance-mode>
  </system-requires>
  <file-list>
  </file-list>
  <acceptance-level>community</acceptance-level>
  <live-install-allowed>true</live-install-allowed>
  <live-remove-allowed>true</live-remove-allowed>
  <cimom-restart>false</cimom-restart>
  <stateless-ready>true</stateless-ready>
  <overlay>false</overlay>
  <payloads>
    <payload name="payload1" type="vgz"></payload>
  </payloads>
</vib>

Step 3 - Create the directory structure and store the files you wish to include under payload1. Ensure the the directory structure matches the absolute path of how you want the files to appear on the ESXi host. For example, if you wish to create a file call foo in /etc/vmware/foo then your directory structure should look like stage/payloads/payload1/etc/vmware/foo

Note: In the documentation, there is a list of default supported paths, if you venture off of this supported list, then you will need to issue the -f flag when creating your VIB as well as installing your VIB on your ESXi host

So for our examples we have the following files:

stage/payloads/payload1/etc/vmware/firewall/virtuallyghetto.xml
This one should be pretty straight forward, we are just creating a custom ESXi firewall rule and you will need to place your configuration file under /etc/vmware/firewall, please take a look at this article for more details on creating your own firewall rules.

stage/payloads/payload1/etc/rc.local.d/999.addStaticRoute.sh
This is a custom shell script that adds a static route to an ESXi host upon bootup under /etc/rc.local.d. There maybe other startup scripts that could be executed and you do not want to conflict with any system defaults. I recommend you label yours with a high number such as 999 to ensure it is one of the last scripts to execute.

stage/payloads/payload1/opt/ghettoVCB/{ghettoVCB.conf,ghettoCB-restore.sh,ghettoVCB.sh}
This is a custom set of files that I would like to store in ESXi under /opt directory and the files are my free ghettoVCB backup script.

Here is a copy of my directory structure (stage.zip) which can be used as a reference.

Step 4 - Now we ready to create our VIB and/or offline bundle by specifying our stage directory as input. In this example, we will generate both a VIB as well as an offline bundle containing the same contents. Run the following command:

vibauthor -C -t stage -v virtuallyghetto.vib -O virtuallyghetto-offline-bundle.zip -f

Note: Since we added some files outside of the default supported paths, we also need to specify the -f flag to force the creation.

We can also extract information about our VIB by using the -i option in VIB Author, to do so, run the following command:

vibauthor -i -v virtuallyghetto.vib

Finally, we are now ready to copy the VIB over to our ESXi host and install our custom VIB.

To install VIB run the following command:

esxcli software vib install -v /vmfs/volumes/[datastore-name]/virtuallyghetto.vib -f

To install the offline bundle run the following command:

esxcli software vib install -d /vmfs/volumes/[datastore-name]/virtuallyghetto-offline-bundle.zip -f

Note: You need to specify the -f flag to force the installation since we created files in an unsupported path. I have been able to test the VIB and offline bundle installation on both ESXi 5.0 as well as ESXi 5.1

To confirm we have succesfully installed our custom VIB, we can query it by running the following command:

esxcli software vib list | grep virtuallyghetto

So there you have it, in just a few steps, you can create your own custom VIBs!

More from my site

  • Neat way of installing or updating any VIB using just the ESXi Embedded Host Client
  • New VMware Fling to improve Network/CPU performance when using Promiscuous Mode for Nested ESXi
  • Quick Tip - Listing Image Profiles From an ESXi Patch Using ESXCLI
  • PowerCLI 13.0 on Photon OS
  • Easily create custom ESXi Images from patch releases using vSphere Image Builder UI

Categories // ESXi, Not Supported Tags // auto deploy, esxi, esxi5, fling, image builder, image profile, tgz, vgz, vib

Comments

  1. Andreas Peetz says

    09/29/2012 at 7:20 pm

    Good to see this ... but please note that the new VIB author is not the first tool that allows creating CommunitySupported VIB files and Offline bundles. See my ESXi5 Community Packaging Tools (http://esxi5-cpt.v-front.de) and my blog post here: http://v-front.blogspot.de/2012/09/vmware-labs-latest-fling-vib-author-and.html.

    - Andreas

    Reply
  2. Anonymous says

    10/09/2012 at 4:48 pm

    Using this tool I have been trying to get an .sh to load during an AutoDeploy boot that will run the script to set a few RDM LUNs to perennial and speed up the boot time as mentioned in this kb http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1016106&sliceId=1&docTypeID=DT_KB_1_1&dialogID=218399559&stateId=0%200%20218397548
    I can see the file load during boot and after ESXi is up and running the file is located in the /etc/rc.local.d directory (so I know that is working), however, it does not appear that the script is running as the boot time is still 40-45 minutes. I have tried naming the script file with 999. and 50. and even 1. I know that the script itself works because I can run it from an SSH session after the server is loaded it runs (i can then restart agents and they restart in seconds instead of 30+ minutes). Any idea why it would not load during boot? Here is what the script looks like:

    #!/bin/sh

    esxcli storage core device setconfig -d --perennially-reserved=true
    esxcli storage core device setconfig -d --perennially-reserved=true
    esxcli storage core device setconfig -d --perennially-reserved=true
    esxcli storage core device setconfig -d --perennially-reserved=true
    esxcli storage core device setconfig -d --perennially-reserved=true

    Reply
  3. Anonymous says

    11/01/2012 at 11:08 am

    After installing this VIB I can't use update manager for ESXi. In logs I see "Element vib failed to validate content".

    Before installing I use "esxcli software acceptance set --level=CommunitySupported"

    Anyone knows how resolve this problem? (without deleting problem VIB)

    Reply
    • Anonymous says

      11/01/2012 at 1:10 pm

      Thanks... I resolve problem xD

      Reply
      • Jau-Ling Chou says

        10/30/2015 at 9:38 am

        how?

        Reply
    • tom loftus says

      12/11/2012 at 6:15 pm

      FYI : I just downloaded latest authoring tool from vmware, vmware-esx-vib-author-5.0.0-0.0.847598.i386.
      Got dependency hell on centos32 bit VM, complaining about 64 bit libs.
      Re-installed on centos 6.3 64 bit, worked just fine.

      Reply
    • Anonymous says

      12/18/2012 at 2:54 am

      How did you resolve the "Element vib failed to validate content" problem?

      Reply
    • Anonymous says

      12/27/2012 at 10:20 pm

      I'm also interested to know if/how VUM VIB Validate error can be resolved for unsigned partner/community supported VIBs. Anyone tried importing their own VIB into VUM?

      Reply
    • William says

      12/28/2012 at 1:27 am

      It looks within VUM, there is a check to prevent VIBs that contains files outside of the supported paths which is a clue from the error as it points to the start of the section of the descriptor.xml. To confirm, I created a custom VIB and adding a file in the supported path and I was able to stage & remediate. Looks like you may need to script any custom VIBs OR integrate that into a base ESXi ISO image and import that into VUM (hopefully that'll work but I've not tested)

      Reply
    • v-front.de says

      01/01/2013 at 10:56 am

      You can avoid the "Element vib failed to validate content" error by assigning the Acceptance Level "VMwareAccepted" (instead of "CommunitySupported") to your VIB package. This is of course unsuported, and you then need to install the package with the --no-sig-check option.
      For details see http://www.v-front.de/2012/11/a-daemons-vib-part-3-building-software.html

      - Andreas

      Reply
    • William says

      01/01/2013 at 6:19 pm

      Andreas,

      That only works if you're using ESXCLI to install the custom VIB which you need to change the acceptance level. The question in the above thread is regarding VUM and from what I can tell, even if you set the proper acceptance level on the ESXi host and use "community" within the custom VIB, the error is thrown as it looks like VUM is not allowing CommunitySupported VIBs to be staged to ESXi host

      Reply
    • Anonymous says

      04/27/2013 at 5:14 pm

      It seems like this error appears only when packing the offline bundle using Vib Auther from VMWARE.
      Download this pack of VIB tools and use VIB2ZIP windows script inside to create the offline bundle.
      http://www.v-front.de/p/esxi5-community-packaging-tools.html
      Works like a charm.

      Reply
  4. Brian Caldwell says

    01/29/2013 at 3:27 am

    Is there a way to edit a VIB already installed in the bootbank on a ESXi 5.0 host, or modify the VIB before its installed? There is a IBM CIM provider that generates a line in cron, and I want to remove the line from the file in the bootbank.

    Reply
    • William says

      01/29/2013 at 3:35 am

      It'll depend on what was installed, you could edit the changes but since it was installed via a VIB, the change would persist. So you would probably have to do some work to ensure it does not persist. You could edit an existing VIB, but once you bundle it backup it will require you to change your acceptance on the ESXi host since it has been modified from the original source (no longer signed by the vendor). From the sounds of it, you may want to contact IBM and ask them for a FR instead

      Reply
  5. Anonymous says

    03/27/2013 at 1:57 pm

    Is there a way to have a post-install script automatically run after a vib is installed (e.g. to add a cron entry)?

    Reply
    • Steven says

      01/22/2014 at 9:17 am

      I'm looking for the same method. I created a VIB which creates a folder under /opt. In this folder /opt/myVIB there is a file called "configureSNMP.sh".

      I want to execute that script "configureSNMP.sh" during the install process, or during post-install process.

      Is there any method to achieve this?

      Regards,
      Steven

      Reply
      • Assaf says

        04/08/2015 at 1:34 pm

        Hi Steven,
        did you find a way to do it?

        Reply
        • Vijay Srivastava says

          08/28/2018 at 10:39 pm

          Hi Steven,

          If you add your script configureSNMP.sh in the folder /etc/init.d/
          then it would be executed during VIB installation/removal

          Regards,
          Vijay

          Reply
  6. Anonymous says

    10/03/2013 at 12:55 pm

    Has this been tested on 5.5 yet? Any updates? I tried to upgrade a 5.1 instance to 5.5 a couple of days ago and this VIB bombed the install. I was thinking of removing it, upgrading and then re-installing. Any thought?

    Reply
  7. Timothy Garay says

    01/30/2014 at 7:35 pm

    I have been unsuccessful at compiling a simple vib. I keep getting this message:
    [[email protected] /]# vibauthor -C -t stage -v test.vib -O test.zip
    Traceback (most recent call last):
    File "/usr/bin/vibauthor", line 9, in
    vibauthorImpl.main()
    File "/build/mts/release/bora-847598/bora/build/esx/beta/vibauthor-stage/vibauthorImpl.py", line 1436, in main
    File "/build/mts/release/bora-847598/bora/build/esx/beta/vibauthor-stage/vibauthorImpl.py", line 303, in CreateVIB_RT
    KeyError: 'version'

    I've tried changing settings. The only thing in here is a firewall rule.
    I've tried looking for older versions of the vibauthor but can only find the one currently available from VMware.

    Reply
    • William Lam says

      01/31/2014 at 4:09 pm

      Are you using the exact same stage example I have? I assume you're centOS build is the same, it should work on newer versions but I've not tested it. You can always post on the Flings page for additional help

      Reply
  8. Robert Graham says

    03/01/2014 at 12:03 am

    Is there anything against creating a VIB and marking it as accepted, and just having people install it using 'esxcli software vib install -v --no-sig-check' ??? I want to mark it as community acceptance level, but i need to add some file to the /etc/init.d/ folder. Is there are terms or conditions that say something marked as 'accepted' has to be signed by VMware ???

    Reply
    • lamw says

      03/02/2014 at 1:12 am

      Not sure I understand the question. If you're building a custom VIB and you're not a VMware Certified Partner, then you MUST set the acceptance level of your ESXi host to lowest security level which is "Community Level" for the VIB to be successfully installed.

      Reply
      • Robert Graham says

        03/02/2014 at 7:22 pm

        I was more so referring to creating VIBs that install files to non-default directories. I have a VIB that is community supported, that installs files to /etc/init.d/. Only way to install it is via the '-f' flag. This works, however, now every VIB after this has to be installed with the '-f' flag. Any suggestions?

        Reply
  9. Steve Furniss says

    04/22/2014 at 6:23 pm

    I have installed the InfiniBand Open Subnet Manager vib manually from the CLI and had to set the software acceptance level to "Community Supported".... what I have noticed now is that I am now unable to install any patches using VUM unless I first remove the "Community Supported" vib.

    Reply
    • William Lam says

      04/23/2014 at 2:17 am

      I believe this is a known issue as others have reported it as VUM does not support "Community Support" packages

      Reply
  10. Assaf says

    04/08/2015 at 1:33 pm

    Hi Steven,
    did you find a way to do it?

    Reply
  11. Patrick says

    01/31/2018 at 10:03 am

    It was recently (January 2018), I found VIB Author will run on the 64-bit SUSE Linux 11 Enterprise. The 32-bit distro was too hard to find. This Veeam link was also handy though I had to zypper a couple other libs after error messages told me those were missing. Then, the vib-author bit ran good.
    Good words to you!

    Reply
  12. rapitharian says

    12/08/2021 at 9:20 am

    William, the vib-author fling is no longer available at https://labs.vmware.com/flings/vib-author is there a new location to get this file?

    Reply
    • lamw says

      12/08/2021 at 10:03 am

      No, but you can use my Docker Image https://williamlam.com/2015/05/a-docker-container-for-building-custom-esxi-vibs.html

      Reply
      • rapitharian says

        12/17/2021 at 7:26 am

        Thanks for the info. I pulled the container.

        Reply

Trackbacks

  1. The Custom ESXi STIG VIB – Is this approach viable for Federal? | VM Field Tips says:
    06/26/2014 at 1:04 am

    […] you can go take a look at the VIB Author Fling at VMware Labs and William Lam's article Creating a Custom VIB for ESXi.  Now, there are a couple of very important things to note from these […]

    Reply
  2. Cisco UCS and SolidFire ISCSI Boot | v-apprentice says:
    07/30/2014 at 9:31 am

    […] Create a custom VIB that opens firewall ports, you will find a good guide here, alternatively PM me for 5.1 firewall […]

    Reply
  3. Using Packer to deploy VM's in a Nested ESXi environment | metallic-badger.com says:
    09/24/2014 at 8:23 pm

    […] then created descriptor.xml in staging directory which looked as follows ( I got this layout from this site […]

    Reply
  4. Cisco UCS and SolidFire ISCSI Boot – v-apprentice says:
    01/24/2015 at 2:09 pm

    […] Create a custom VIB that opens firewall ports, you will find a good guide here, alternatively PM me for 5.1 firewall […]

    Reply
  5. How to creating a custom ESXi VIB to execute a script once? | virtuallyGhetto says:
    07/16/2015 at 3:55 pm

    […] more information on creating a custom VIB, be sure to check out my blog post here and you can even use this Docker image I created for building custom ESXi […]

    Reply
  6. Manually installing a (persistent) Firewall Rule to allow IPFIX on the ESX Host says:
    08/25/2016 at 1:33 pm

    […] I used Google again and I stumbled onto this and this […]

    Reply
  7. Custom script bundle is now possible with Auto Deploy in vSphere 6.5 | virtuallyGhetto says:
    12/06/2016 at 7:32 am

    […] For these cases, you either had to either hack it up using a method like this or to create a custom ESXi VIB which would then force customers to lower their ESXi's software acceptance level which was not […]

    Reply
  8. How to create persistent firewall rules on ESXi says:
    03/23/2017 at 3:17 am

    […] Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling […]

    Reply
  9. TIPS - Create a custom firewall rules in VMware ESXi - vDays.net says:
    05/16/2017 at 6:50 am

    […] /! Just a mention ! With this method, your rule will not persistent if you restart your server. /! If you want to persist, you can read this post /! […]

    Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • Changing the default HTTP(s) Reverse Proxy Ports on ESXi 8.0 03/22/2023
  • Quick Tip - How to download ESXi ISO image for all releases including patch updates? 03/15/2023
  • SSD with multiple NVMe namespaces for VMware Homelab 03/14/2023
  • Is my vSphere Cluster managed by vSphere Lifecycle Manager (vLCM) as a Desired Image or Baseline? 03/10/2023
  • Interesting VMware Homelab Kits for 2023 03/08/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023