Search Results for: content library

Using the new vSphere Guest OS Customization with cloud-init in vSphere 7.0 Update 3

06.27.2022 by William Lam // 11 Comments

In vSphere 7.0 Update 3, the vSphere Guest Operating System (OS) Customization Engine has added native support for using cloud-init, which is an industry standard for customizing Linux-based operating systems. This additional GuestOS customization option is currently only available when using the vSphere API, either vSphere SOAP API or vSphere REST API and is not available for consumption when using the vSphere UI.

As part of a recent project, I was exploring some of the customization options and since I had not played with this specific API before, I figured this would be a good exercise. I quickly found that it was not very user intuitive in getting started, especially with the lack of end-to-end examples since this can only be consumed using the vSphere API. I also came across a number of different VMware KBs (here, here and here) that outlined various requirements and constraints when using cloud-init which also added to the confusion.

The high level requirements for using the new vSphere Guest OS Customization with cloud-init is the following:

vSphere 7.0. Update 3 or later (vCenter and ESXi)
VMware Tools running 11.3 or later
cloud-init running 21.1 or later

Note: Although VMware PhotonOS does support cloud-init natively, it is not a supported operating system when using the new vSphere GuestOS Customization with cloud-init due to how cloud-init has been integrated. For customers that require customization via cloud-init with PhotonOS, should continue using either the seed ISO option or the GuestInfo OVF option.

In this blog post, I will explore the complete end-to-end workflow from preparing a GuestOS for customization to applying the actual vSphere customization spec using the new cloud-init option. In addition, I have also created a simple PowerShell script which demonstrates the use of the vSphere REST API on constructing the required specification for using the new cloud-init option and this should hopefully help folks understand how the underlying API works with a working example.

[Read more...]

Quick Tip - How to disable viewing of vSphere Tags?

01.26.2022 by William Lam // 3 Comments

I just answered an interesting inquiry that came from our field on how to prevent users in vCenter Server from viewing vSphere Tags? The use case here is that the data contained in the vSphere Tags may not be something administrators want general users to be able to see, especially if they contain sensitive information, which hopefully folks are not using to store things like credentials or secrets.

If you navigate to the vSphere Roles, you will see a number of vSphere Tagging privileges, but there is nothing that covers the ability to remove read only access.

One very important thing to understand about the authorization of vSphere Tags is that it is NOT controlled by standard vSphere Permissions that you would assign in the vSphere Inventory but that it is controlled via vSphere Global Permissions, which are outside of the vSphere Inventory, which also includes vSphere Content Library and other vCenter Servers.

If you wish to disable the ability to view vSphere Tags for a VM while still maintaining basic read only view for VM, you need to ensure there is not a read only role assignment for your user under Global Permissions. You can check by navigating to vSphere UI under Administrator->Global Permissions. If the user that you are logging in with does not have a Read Only Global Permission, they will not see any of the vSphere Tagging information nor vSphere Content Library, which is another side affect.