This is the official Chef Knife plugin VMware's vCloud Hybrid Service (vcair). This plugin gives knife the ability to create, bootstrap and manage instances on vcair-based public and private clouds.
Please refer to the CHANGELOG for version history and known issues.
This plugin is distributed as a Ruby Gem. To install it, run:
$ gem install knife-vcair
If you are using the Chef Development Kit (Chef DK), to install it run:
$ chef gem install knife-vcair
In order to communicate with an vcair API you will need to tell Knife
your vcair API endpoint, username, password and organization. The
easiest way to accomplish this is to create these entries in your
knife.rb
file:
knife[:vcair_api_host] = 'vcair.example.com'
knife[:vcair_username] = 'Your vcair username'
knife[:vcair_password] = 'Your vcair password'
knife[:vcair_org] = 'Your vcair organization'
If your knife.rb file will be checked into a SCM system (ie readable by others) you may want to read the values from environment variables.
knife[:vcair_api_host] = ENV['VCAIR_API_URL']
knife[:vcair_username] = ENV['VCAIR_USERNAME']
knife[:vcair_password] = ENV['VCAIR_PASSWORD']
knife[:vcair_org] = ENV['VCAIR_ORG']
If you are using VMware's hosted vcair the API URL is found by logging
into the https://vchs.vmware.com, and clicking on your Dashboard's
Virtual Data Center. On the right under "Related Links" click on the
"vCloud Director API URL" and copy that value. It should look
something like
https://p3v11-vcd.vchs.vmware.com:443/cloud/org/M511664989-4904/
From this we will take our base API URL p3v11-vcd.vchs.vmware.com
and get our organization M511664989-4904
that is appended to our
https://vchs.vmware.com login, giving us the values:
knife[:vcair_api_host] = 'p3v11-vcd.vchs.vmware.com'
knife[:vcair_username] = 'user@somedomain.com
knife[:vcair_password] = 'VCAIRSECRET'
knife[:vcair_org] = 'M511664989-4904'
Your Org ID is commonly a UUID-formatted string and can be found in the URL after you log in to vCloud Air OnDemand (for example: https://us-virginia-1-4....?orgName=SOME_UUID_HERE) or it will be displayed next to your name in the upper-left corner of the vCloud Director web UI. You can also ascertain your Org ID by following these instructions.
Additionally, you will need to override the API path as the API path between
the subscription service and the OnDemand service are different. You will need
to set the following entry in your knife.rb
file:
knife[:vcair_api_path] = '/api/compute/api'
... or you may pass it in on the CLI using --vcair-api-path
.
This plugin provides the following Knife subcommands. Specific command
options can be found by invoking the subcommand with a --help
option.
Instanciate a new VApp+VM from a Template from one of the available Catalogs.
NOTE: If --vcair-net NETWORK
is not provided, the first non-isolated (i.e. natRouted or bridged) network is chosen
Windows example:
knife vcair server create \
--winrm-password Password1 \
--image W2K12-STD-64BIT \
--bootstrap-protocol winrm \
--customization-script ./install-winrm-vcair.bat \
--cpus 4 \
--memory 4096 \
--node-name windows2012 \
--vcair-net M511664989-4904-default-routed
The windows example requires a custom install script to setup winrm, and set/change the initial password without using the web console. A working example ./install-winrm-vcair-example.bat is included in this repo.
Linux example:
knife vcair server create \
--ssh-password Password1 \
--image "CentOS64-64bit" \
--customization-script ./install-linux-vcair.sh \
--cpus 4 \
--memory 4096 \
--node-name centos64 \
--vcair-net M511664989-4904-default-routed
The Linux example requires a custom script to set DNS servers for obtaining chef-client via omnibus. This also includes a workaround for Ubuntu images to allow password authentication via SSH. The Linux images require you pass the ssh-password. Ssh public keys are not supported yet.
Assumptions:
- each VApp will only contain one VM.
- a routed network with a default SNAT rule allowing internet and DNS
- a firewall rule allowing that network to reach internet
TODO
- Allow specifying (possibly multiple) networks in server create
- Rather than just searching for one that ends in 'routed'
- Allow specifying nat setup / external IPs
- Allow specifying catalog item by name OR id, public or private
- Automatically image_os_type / bootstrap_protocol default basode on template default to linux/ssh
- See if windows images can be updated to set password correctly when set via the vchs API
- See if Linux images / API can be updated to use ssh keys
- Add support for
admin_auto_logon_*
to fog, and get windows/linux images updated to respect - Support IP allocation modes other than DHCP, including manual
Delete a vcair vAPP. knife vcair vm delete
is the same command if
the term 'vm' is preferred over 'server'. PLEASE NOTE - this does
not delete the associated node and client objects from the Chef server
without using the -P
option to purge the client.
List the currently deployed vcair servers by their vAPP. knife vcair vm list
is the same command if the term 'vm' is preferred over 'server'.
List the available vcair templates or images that may be used for deploying VMs.
Lists the networks available to the current vcair organization.
- The 20140619 Ubuntu images seems to not use customizaton (script nor setting password) and default to not allowing ssh w/ password even if known.
template = public_catalog.catalog_items.get_by_name('Ubuntu Server 12.04 LTS (amd64 20140619)'
- An example of a custom bootstrap template (distro) from @jicowan
Author:: Matt Ray (matt@chef.io)
Author:: Seth Thomas (sthomas@chef.io)
Author:: Chris McClimans (c@vulk.co)
Copyright:: Copyright (c) 2015 Chef Software, Inc.
License:: Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.