WilliamLam.com

Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling

by // 41 Comments

VMware Labs just released a really cool new Fling called VIB Author which is a tool that allows you to easily create custom VIBs for your ESXi 5.x hosts. If you have tried to create custom ESXi firewall rules or add custom scripts to your ESXi host, you may have noticed they are not persisted after a system reboot and you had to play all sorts of games to get the files to persist. The VIB Author tool now solves that problem and you can even take your custom VIB and integrate them into an Auto Deploy Image Profile using Image Builder. Before you jump right in, be sure to read over the important note in the documentation before getting started.

So how does the VIB Author tool work?

You will need to provide two pieces of input: payload which is set of files you wish to include in your VIB and the descriptor.xml which contains the metadata for your files. From that, VIB Author can produce either a VIB and/or an offline bundle (can be used with Image Builder).

VIB Author is distributed only as an RPM and you will need to install the VIB Author tool on a 32-bit Linux system (sorry, no 64-bit support). In my home setup, I went with CentOS 6.2 i386 as it was free to download & easy to setup or you may choose go with SUSE Linux Enterprise 11 SP2 which is the recommended platform per the documentation.

UPDATE (07/25/23) - To create custom VIBs for ESXi 8.x or later, please see the update process HERE.

To install the RPM, run the following command:

rpm -ivh vmware-esx-vib-author-5.0.0-0.0.844296.i386.rpm

In the example below, I will show you how to create a custom VIB that contains several different configurations:

  • Custom Firewall Rule
  • Custom Startup script (adds a static route)
  • Custom Files (ghettoVCB)

Disclaimer: The example below is not officially supported by VMware, please thoroughly test this in a development environment before using in production.

Here is the directory structure for the example that we will be going through:

Step 1 - Create your stage directory structure which we will then populate with your payload files as well as the descriptor.xml file.

mkdir -p stage/payloads/payload1

Step 2 - Create your descriptor.xml file which should be placed in the stage directory. For more details on the parameters within the descriptor.xml, please take a look at the documentation.

Here is an example of my descriptor.xml file:

<vib version="5.0">
  <type>bootbank</type>
  <name>virtuallyghetto</name>
  <version>5.0.0-0.0.1</version>
  <vendor>virtuallyGhetto</vendor>
  <summary>Custom VIB from virtuallyGhetto</summary>
  <description>Adds custom firewall rule, ghettoVCB script and static routes to ESXi host</description>
  <relationships>
    <depends>
    </depends>
    <conflicts/>
    <replaces/>
    <provides/>
    <compatibleWith/>
  </relationships>
  <software-tags>
  </software-tags>
  <system-requires>
    <maintenance-mode>false</maintenance-mode>
  </system-requires>
  <file-list>
  </file-list>
  <acceptance-level>community</acceptance-level>
  <live-install-allowed>true</live-install-allowed>
  <live-remove-allowed>true</live-remove-allowed>
  <cimom-restart>false</cimom-restart>
  <stateless-ready>true</stateless-ready>
  <overlay>false</overlay>
  <payloads>
    <payload name="payload1" type="vgz"></payload>
  </payloads>
</vib>

Step 3 - Create the directory structure and store the files you wish to include under payload1. Ensure the the directory structure matches the absolute path of how you want the files to appear on the ESXi host. For example, if you wish to create a file call foo in /etc/vmware/foo then your directory structure should look like stage/payloads/payload1/etc/vmware/foo

Note: In the documentation, there is a list of default supported paths, if you venture off of this supported list, then you will need to issue the -f flag when creating your VIB as well as installing your VIB on your ESXi host

So for our examples we have the following files:

stage/payloads/payload1/etc/vmware/firewall/virtuallyghetto.xml
This one should be pretty straight forward, we are just creating a custom ESXi firewall rule and you will need to place your configuration file under /etc/vmware/firewall, please take a look at this article for more details on creating your own firewall rules.

stage/payloads/payload1/etc/rc.local.d/999.addStaticRoute.sh
This is a custom shell script that adds a static route to an ESXi host upon bootup under /etc/rc.local.d. There maybe other startup scripts that could be executed and you do not want to conflict with any system defaults. I recommend you label yours with a high number such as 999 to ensure it is one of the last scripts to execute.

stage/payloads/payload1/opt/ghettoVCB/{ghettoVCB.conf,ghettoCB-restore.sh,ghettoVCB.sh}
This is a custom set of files that I would like to store in ESXi under /opt directory and the files are my free ghettoVCB backup script.

Here is a copy of my directory structure (stage.zip) which can be used as a reference.

Step 4 - Now we ready to create our VIB and/or offline bundle by specifying our stage directory as input. In this example, we will generate both a VIB as well as an offline bundle containing the same contents. Run the following command:

vibauthor -C -t stage -v virtuallyghetto.vib -O virtuallyghetto-offline-bundle.zip -f

Note: Since we added some files outside of the default supported paths, we also need to specify the -f flag to force the creation.

We can also extract information about our VIB by using the -i option in VIB Author, to do so, run the following command:

vibauthor -i -v virtuallyghetto.vib

Finally, we are now ready to copy the VIB over to our ESXi host and install our custom VIB.

To install VIB run the following command:

esxcli software vib install -v /vmfs/volumes/[datastore-name]/virtuallyghetto.vib -f

To install the offline bundle run the following command:

esxcli software vib install -d /vmfs/volumes/[datastore-name]/virtuallyghetto-offline-bundle.zip -f

Note: You need to specify the -f flag to force the installation since we created files in an unsupported path. I have been able to test the VIB and offline bundle installation on both ESXi 5.0 as well as ESXi 5.1

To confirm we have succesfully installed our custom VIB, we can query it by running the following command:

esxcli software vib list | grep virtuallyghetto

So there you have it, in just a few steps, you can create your own custom VIBs!

vInception #NotSupported Slides Posted

by // 4 Comments

I was pinged by a few folks asking if my #NotSupported session that I presented at VMworld US would be available online, so here is the slide deck to my vInception presentation.

I would also like to thank everyone that attended my session! I had a lot of fun and hopefully you did too!  

UPDATE: I just realized the livestream recording videos are online, but they are not very clear. Apologies for that. I heard the better records from the vBrownbag crew should be up shortly, so once those are up, I will replace them on the site.

Part 1:

Watch live streaming video from vmwarecommunitytv at livestream.com

Part 2:

Project Nanosphere

by // 5 Comments

The #NotSupported event at the VMworld Community Lounge ended with a very special presentation by our very own Randy Keener about a project that a few VMware engineers have been working on called Nanosphere. For those of you who could not make the session or attend VMworld this year, here is some additional information about what Project Nanosphere is all about.

What is Nanosphere?

First off, Nanosphere is not a product, it is a proof-of-concept. The idea is to make ESXi easier to deploy and manage for non-technical users in small environments (SOHO, remote/branch office, family) to get the same benefits of virtualization that enterprises have. Nanosphere provides an ultra-lightweight management layer on top of an ESXi host that will offer a basic set of features including self-configuration, VM provisioning, VM lifecycle management, and console access.Today, connecting to a VM console typically requires both server-side dependencies (a VDI broker, a Windows stack, or specialized guest customization) and client side dependencies (installing a special ActiveX browser plugin that works only on Windows, and only in IE or Firefox browsers). By deploying WSX on ESXi, it makes it possible to connect to any VM (any guest OS) with any modern browser (e.g. including iPad) without any special software.

What can Nanosphere do?

  • Network auto-configuration
    • Automatic network configuration without ever typing an IP address
  • Web Management Interface
    • Provision, Delete, Power On/Off Virtual Machines with pure HTML5 interface
  • Console access without special apps or plugins
  • Dead-simple installation
    • Just install a tiny VIB onto any ESXi host and you’re good to go. The VIB can also be integrated into a vanilla ESXi ISO image
During Randy’s session, a demo of the network autoconfiguration of Nanosphere and its web interface was given and here is how it works.Assuming you have a simple cable-model-like setup:

  1. The physical host has ESXi and Nanosphere installed.
  2. You "unbox" it (take it home from Staples) and plug it in on your home LAN, headless.
  3. It gets DHCP but you have no idea what the address is because it's headless.
  4. Nanosphere "phones home" to a broker running at nanosphere.cloudfoundry.com (custom application written on Cloudfoundry) to report its local LAN address (e.g. '192.168.0.4') and its UUID. The broker also records the WAN address.
  5. You use a plain browser on any device on the same LAN - we used an iPad - to connect to the same broker. It matches the WAN addresses and redirects the browser to the Nanosphere’s LAN address.
Here are a few screenshots of the Nanosphere web interface:

What's next for Nanosphere?

As mentioned earlier, nanosphere is still a proof-of-concept but the VMware engineers have some interesting ideas on where it could go and would love to get your feedback if the following use cases interests you.

  • Early adopters and hobbyists playing with ESXi for fun
  • VARs delivering Nanosphere-based servers in selected vertical markets
  • Nanosphere-based appliances delivering NAS and media streaming
  • Nanosphere-based servers for developing markets and nonprofit organizations
  • Hybrid public/Nanosphere clouds with bidirectional app portability
  • OEMs delivering Nanosphere-based servers through a retail channel
  • Value-added services like cloud backup and remote admin (including VMware GO)
Other work includes tracking ongoing WSX improvements. If any of these use cases interests you, please leave a comment below or if you have other ideas/feedback for Nanosphere, feel free to leave a comment as well.I think the Nanosphere project is a really cool initiative and hopefully we will get to see more in the future. I wanted to also give a big thanks to folks who worked on the Nanosphere project and made it possible to show off at the #NotSupported event: Steve Strassmann (VMware Staff Engineer), Shivam Tiwari (VMware Intern) and of course Randy Keener (VMware TechOps) for presenting on Project Nanosphere!