How to Create Manifest File for OVF Signing

While browsing the VMTN forums the other day, I just learned that you can sign your own OVF files using VMware's ovftool. To sign your OVF files, you will need the .ovf, .vmdk files and an X.509 certificate. Though not mandatory, you should also have a manifest file that includes a hash of the files to be signed. ovftool will still allow you to sign the OVF files, but a warning will be thrown if the manifest file is not included.

If you export a virtual machine/vApp using the vSphere Client or the ovftool, the manifest file is automatically generated for you and it ends with .mf extension.

If you have some OVF files that you want to sign but do not have the manifest file or somehow lost it, it is actually quite easy to re-create using the openssl utility.

To create the manifest file, run the following command for all files to be signed:

openssl sha1 *.vmdk *.ovf > MyVM.mf

You can use cat utility to view the contents of the manifest file:

To sign your OVF files, run the following command which will include the path to your X.509 certificate and the new signed OVF name:

ovftool --privateKey=ghetto.pem MyVM.ovf MyVM-Signed.ovf

Note: There is no space between --privateKey= and the path to X.509 certifcate, else you may get an odd error message.

If the signing was successful, you should not see any errors:

To view the newly signed OVF files, you can run the following command:

ovftool MyVM-Signed.ovf

You will find that the OVF has been signed under the "Manifest Info" section:

Now when you import the OVF back into your environment using either the vSphere Client or ovftool, you should now see the certificate information:

For more details and examples of using the ovftool, take a look at the user guide here.

Vote For Ghetto

It is that time of the year again, Eric Siebert who runs the popular vSphere-land.com website has just opened up the polls for the Top 25 VMware Virtualization Blogs. This year the voting is not only for the top 25 blogs, but Eric has also introduced categories for best storage, scripting, news information blog, etc. that you can also vote for. I already have a few that I will definitely be voting for such as Steve Jin, Duncan Epping, Frank Denneman and Alan Renouf but also new comers like Chris Colotti.

Here are the top 10 popular posts on virtuallyGhetto for 2011 to help make your decision and vote for virtuallyGhetto!

1. Automating ESXi 4.1 Kickstart Tips & Tricks
2. Getting started with vMA 
3. New vSphere Health Check 5.0 & ghettoVCB Script
4. How to Enable Support for Nested 64bit & Hyper-V VMs in vSphere 5
5. How to Run Windows 8 on vSphere 5
6. Automating ESXi 5 Kickstart Tips & Tricks 
7. How to Enable Nested vFT (virtual Fault Tolerance) in vSphere 5
8. When Can I Run Apple OSX on vSphere 5?
9. How to inject custom drivers into an ESXi 4.1 image using vibddi?
10. vSphere Tagging Feature Not So Invisible

Vote For Ghetto! Thanks for your support

Extracting GuestOS IDs From vCloud Director

There was an interesting question on the VMTN forums last week on capturing the list of supported guest operating systems using the vCloud APIs. This feature is currently not available today using the vCloud API, as it there is no way to extract the list of supported guestOS identifiers. If you take a look at the vCloud Director User Guide, you can get a list of supported guestOSes, but it does not translate to the API identifiers that is needed when provisioning a VM in vCloud Director.

The list of supported guestOS types are stored in the vCloud Director database and you can extract the guestOS IDs if you have access to the database or a DBA that manages the database. Using the following SQL query, you can get the list of supported guestOSes that includes the API ID and description. Since the list of guestOSes are inserted upon installation, I have already captured the output for a default vCloud Director 1.5 instance for your reference.

Disclaimer: This SQL query is not supported by VMware nor should you directly access the vCloud Database as a best practice without the consent of VMware Support.

In this example, I am querying the list of default guestOSes from a vCloud Director 1.5 instance that was installed on Oracle XE database.

First you need to set several environmental variables for your respective ORACLE_HOME, ORACLE_SID and update your PATH variable (your paths will vary based on your installation + OS):

[root@vcd ~]# export ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
[root@vcd ~]# export ORACLE_SID=XE
[root@vcd ~]# export PATH=$ORACLE_HOME/bin

Next we will login using sqlplus and you will need to know the username and password of the vCloud Director database that was configured during installation:

[root@vcd ~]# sqlplus "vcloud/vcloud"

SQL*Plus: Release 11.2.0.2.0 Production on Tue Nov 1 19:30:24 2011

Copyright (c) 1982, 2011, Oracle. All rights reserved.


Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production

Before we execute the query, we need to set a few parameters to help with the readability of the output:

SET ECHO OFF
SET WRAP OFF
SET FEEDBACK OFF
SET PAGESIZE 0
SET HEADING OFF

Now we are ready to execute the SQL statement:

SQL> select internal_name||' == '||display_name from guest_os_type order by display_name;

Note: I am not a SQL expert nor DBA, I am sure there are other variations of formatting.

Here is a screenshot of the execution above:

The list of supported default guestOS types in vCloud Director 1.5 is 80:

guestOS Identifier	guestOS Descriptioin
asianux3Guest	Asianux 3 (32-bit)
asianux3_64Guest	Asianux 3 (64-bit)
asianux4Guest	Asianux 4 (32 bit)
asianux4_64Guest	Asianux 4 (64 bit)
centosGuest	CentOS 4/5/6 (32-bit)
centos64Guest	CentOS 4/5/6 (64-bit)
dosGuest	DOS
debian4Guest	Debian GNU/Linux 4 (32-bit)
debian4_64Guest	Debian GNU/Linux 4 (64-bit)
debian5Guest	Debian GNU/Linux 5 (32-bit)
debian5_64Guest	Debian GNU/Linux 5 (64-bit)
debian6Guest	Debian GNU/Linux 6 (32 bit)
debian6_64Guest	Debian GNU/Linux 6 (64 bit)
freebsdGuest	FreeBSD (32-bit)
freebsd64Guest	FreeBSD (64-bit)
win2000AdvServGuest	Microsoft Windows 2000 Advanced Server
win2000ProGuest	Microsoft Windows 2000 Professional
win2000ServGuest	Microsoft Windows 2000 Server
win31Guest	Microsoft Windows 3.1
windows7Guest	Microsoft Windows 7 (32-bit)
windows7_64Guest	Microsoft Windows 7 (64-bit)
win95Guest	Microsoft Windows 95
win98Guest	Microsoft Windows 98
winNTGuest	Microsoft Windows NT 4
winNetDatacenterGuest	Microsoft Windows Server 2003, Datacenter Edition (32-bit)
winNetDatacenter64Guest	Microsoft Windows Server 2003, Datacenter Edition (64-bit)
winNetEnterpriseGuest	Microsoft Windows Server 2003, Enterprise Edition (32-bit)
winNetEnterprise64Guest	Microsoft Windows Server 2003, Enterprise Edition (64-bit)
winNetStandardGuest	Microsoft Windows Server 2003, Standard Edition (32-bit)
winNetStandard64Guest	Microsoft Windows Server 2003, Standard Edition (64-bit)
winNetWebGuest	Microsoft Windows Server 2003, Web Edition
winLonghornGuest	Microsoft Windows Server 2008 (32-bit)
winLonghorn64Guest	Microsoft Windows Server 2008 (64-bit)
windows7Server64Guest	Microsoft Windows Server 2008 R2 (64-bit)
winNetBusinessGuest	Microsoft Windows Small Business Server 2003
winVistaGuest	Microsoft Windows Vista (32-bit)
winVista64Guest	Microsoft Windows Vista (64-bit)
winXPProGuest	Microsoft Windows XP Professional (32-bit)
winXPPro64Guest	Microsoft Windows XP Professional (64-bit)
netware5Guest	Novell NetWare 5.1
netware6Guest	Novell NetWare 6.x
os2Guest	OS/2
oesGuest	Open Enterprise Server
oracleLinuxGuest	Oracle Linux 4/5/6 (32 bit)
oracleLinux64Guest	Oracle Linux 4/5/6 (64 bit)
otherGuest	Other (32-bit)
otherGuest64	Other (64-bit)
other24xLinuxGuest	Other 2.4x Linux (32-bit)
other24xLinux64Guest	Other 2.4x Linux (64-bit)
other26xLinuxGuest	Other 2.6x Linux (32-bit)
other26xLinux64Guest	Other 2.6x Linux (64-bit)
otherLinuxGuest	Other Linux (32-bit)
otherLinux64Guest	Other Linux (64-bit)
rhel2Guest	Red Hat Enterprise Linux 2
rhel3Guest	Red Hat Enterprise Linux 3 (32-bit)
rhel3_64Guest	Red Hat Enterprise Linux 3 (64-bit)
rhel4Guest	Red Hat Enterprise Linux 4 (32-bit)
rhel4_64Guest	Red Hat Enterprise Linux 4 (64-bit)
rhel5Guest	Red Hat Enterprise Linux 5 (32-bit)
rhel5_64Guest	Red Hat Enterprise Linux 5 (64-bit)
rhel6Guest	Red Hat Enterprise Linux 6 (32-bit)
rhel6_64Guest	Red Hat Enterprise Linux 6 (64-bit)
openServer5Guest	SCO OpenServer 5
openServer6Guest	SCO OpenServer 6
unixWare7Guest	SCO UnixWare 7
eComStationGuest	Serenity eComStation 1
eComStation2Guest	Serenity eComStation 2
solaris10Guest	Sun Solaris 10 (32-bit)
solaris10_64Guest	Sun Solaris 10 (64-bit)
solaris11_64Guest	Sun Solaris 11 (64 bit)
solaris8Guest	Sun Solaris 8 (experimental)
solaris9Guest	Sun Solaris 9 (experimental)
sles10Guest	Suse Linux Enterprise 10 (32-bit)
sles10_64Guest	Suse Linux Enterprise 10 (64-bit)
sles11Guest	Suse Linux Enterprise 11 (32-bit)
sles11_64Guest	Suse Linux Enterprise 11 (64-bit)
slesGuest	Suse Linux Enterprise 8/9 (32-bit)
sles64Guest	Suse Linux Enterprise 8/9 (64-bit)
ubuntuGuest	Ubuntu Linux (32-bit)
ubuntu64Guest	Ubuntu Linux (64-bit)

If you have ever worked with the vSphere API, you will notice the guestOS API IDs are exactly the same as the guestOS Identifiers found in the vSphere API. vSphere 5 supports a total of 105 guestOSes and 80 of those are supported in vCloud Director.

A feature request has already been submitted to be able to query for the list of supported guestOSes using the vCloud API. For now, this is another way of retrieving API guestOS identifier without having to manually create each guestOS type through the web interface and query for the identifier.

vCloud Director Report 1.0.0

Over the winter holiday I started to explore the vCloud API and one of our SDKs, vCloud SDK for PHP. VMware provides two additional vCloud SDKs: Java and .NET. I had used Java in college and I wanted to stay away from anything Windows related, so I thought I give PHP a try and it was the closest thing to Perl ;)

Since this was my first time using the vCloud API and SDK, I thought what better way to learn than to create a script similar to my vSphere Health Check Report for vCloud Director? This not only helped me to understand the objects in vCloud Director from an API perspective but no such reporting tool exists today for administrators and end users of vCloud Director.

Here is an example of what a report could look like: vCloudDirectorReport.html

To use the script, you will need the following per-requiste:

• Install vCloud SDK for PHP, take a look at article on how to get setup. 
• Running vCloud Director 1.5 (Script uses the new API Query Service) 
• Download both config.php which includes configuration parameters for the script and vmwarevCloudDirectorReport.php script. 

To get a list of the available commandline options, just type "php vmwarevCloudDirectorReport.php":

lamw@ubuntudev:~$ php vmwarevCloudDirectorReport.php
Error: missing required parameters
Usage:

[Script]
VMware vCloud Director Report v1.0.0

[Description]
This script provides a detail report of your VMware vCloud Director system

[Usage]
# php vCloudReport.php -s -u -p [Options]

-s|--server [req] IP or hostname of the vCloud Director.
-u|--user [req] User name in the form user@organization for the vCloud Director instance.
-p|--pswd [req] Password for user.
-t|--type [req] Type of report [system|orgadmin|orguser].

[Options]
-r|--report [opt*] Name of html output file (e.g. vCloudReport.html).

[Examples]
# php query.php -s 127.0.0.1 -u admin@system -p password -t system
# php query.php -s 127.0.0.1 -u admin@coke -p password -t orgadmin
# php query.php -s 127.0.0.1 -u admin@pepsi -p password -t orguser

The config.php can be used to store the vCloud URL and credentials or you may specify it via the commandline using -s, -u and -p arguments. In addition, you will also need to specify -t flag which is based on the type of user you are logging into whether that is system (administrator), orgadmin or orguser.

The report can easily be customized by toggling parameters in config.php which includes the following parameters:

Depending on the report type, certain flags will be applicable. By default, all flags are enabled but you my disable ones you do not wish to see.

Here is an example of the script logging into vCloud Director instance with the administrator account in the System organization:

This is the first iteration of the script, I plan on adding additional information and if you have any feedback/suggestions, please leave a comment below.

Using a VNC Client to Connect to VMs in ESXi 5

The ability to connect to a virtual machine using a VNC client has been available since the early days of VMware GSX as described by this VMware KB article. The required .vmx configuration can also be applied to virtual machines running on ESX(i), but is not officially supported by VMware. With ESXi 5, this continues to work but there is one additional caveat users should to be aware of, which is the new firewall that has been introduced in ESXi 5.

In addition to the three .vmx configurations:

• RemoteDisplay.vnc.enabled = [true|false]
• RemoteDisplay.vnc.port = [port #]
• RemoteDisplay.vnc.password = [optional]

Users need to also enable the ports selected for each virtual machine on the ESXi firewall. Here is an example of a firewall rule that needs to be created:

Take a look at this blog post for details on configuring custom firewall rules including persisting the custom rules upon a system reboot.

Here are a few screenshots of configuring the .vmx configurations and using a VNC client to connect to the powered on virtual machine.

Only the first two .vmx configurations are required, if you do not set a password, anyone can connect to the virtual machine as long as they know the hostname/IP Address of your ESX(i) host and port.

To connect to a specific virtual machine, you will specify the hostname/IP Address of the ESX(i) host and port for the given virtual machine. If you set a password, you will need to also provide that before you can connect.

Please be aware of the limitations and security concerns of using VNC. VMware Remote Console or standard RDP/SSH should still be considered for virtual machine remote access.