govc

Record and Replay vSphere Inventory using govc and vcsim

01/04/2021 by William Lam 2 Comments

Happy New Year! 🥳

I wanted kick off 2021 with something I had just learned about right at the end of 2020 which I think this will be useful going into the new year for a number of different use cases. Back in 2017, I wrote about a new and lighter weight version of the vCenter Simulator (vcsim) which had been developed as part of the govmomi (vSphere SDK for Go) project. Since then, the govmomi project has grown exponentially and is now integral to a number of popular open source projects such as Packer builder for vSphere, Terraform provider for vSphere and Kubernetes Cluster API for vSphere (CAPV) to just name a few.

Govmomi is also heavily used internally by VMware for both development and testing purposes. In fact, it has been used to build a number of new VMware features such as the vSphere Integrated Containers (VIC) solution and most recently the vSphere with Tanzu capability that was introduced in vSphere 7.0.

Getting back to vcsim, this has been an invaluable tool for both our VMware developers but also the general VMware community. The ability to "simulate" a mocked vSphere environment with a basic inventory can be extremely useful for learning about the vSphere API and interacting with this endpoint using any vSphere SDK including PowerCLI. For automation folks, this can be useful for designing and creating your scripts in an offline mode before testing it against a real environment. For folks building 3rd party solutions that includes a visual interface, this is an easy way to test out your UI and ensure that there are no issues for large vSphere inventories which can be difficult to validate in a development environment.

Simulating a fake vSphere inventory is great, but it also has its limitations. There are so many unrealized use cases if you could capture a real vSphere inventory and then replay that back using vcsim. Just think about a bug reproduction use case and being able to share a real vSphere inventory with a development or QA team without needing to provide them direct access to the production environment?

In my opinion, this was the missing key feature from the original vcsim. To my surprise, this functionality was actually added to govc/vcsim earlier last year and I was quite happy with its implementation! Let's now take a closer look at how the record and replay functionality of govc/vcsim works.

Integrating Github Actions with vSphere and VMware Cloud on AWS

04/01/2019 by William Lam 2 Comments

I have always been a fan of event-driven automation, the idea where you can automatically trigger a workflow or an operation based on a specific event. In the consumer world, the most popular example is the If This, Then That (IFTTT) service, which I use on a regular basis to automate the sharing of new articles from virtuallyGhetto to different Social Media channels.

For the Enterprise, this is also not a new idea and many folks including myself have been doing this for years in vSphere using vCenter Server Alarms. In fact, one example I still reference on a regular basis is from 2012 where you automatically apply a set of vSphere Security Hardening configurations to a Virtual Machine when a new VM Create Event is published by vCenter.

There are countless more examples of this concept beyond VMware but the general idea is to be able to subscribe to specific events and then automatically do something when a given event occurs. When Github Actions (Beta) was announced last year, I was really interested as I think this could open the door for a ton of interesting possibilities, especially from a VMware perspective around Continuous Integration/Development (CI/CD). I quickly registered for the Beta but did not get access until the start of this year. If you want to know what Github Actions can do, check out some of these demos that have been built by various folks from the community. The really exciting thing about Github Actions is that you can literally execute any workflow as long as you can containerized your business logic within a Docker Container. This means, you can use any language or tool that you are familiar with and make this work with Github Actions, pretty powerful stuff!

It was only recently while working on a personal project, which I hope will make its way to VMworld, that I finally got a chance to dig into Github Actions. I noticed in many of the online Github Action examples, that it included ways to deploy applications and containers to a Public Cloud but there was nothing that I found related to VMware. I figured, this would be a good learning opopournity for myself and I could even learn how to build my own Actions which can be useful for others to use or extend further.

Running sk8s (Simple Kubernetes) on VMC with an AWS Elastic Load Balancer

02/27/2019 by William Lam Leave a Comment

Last week I wrote about a really nifty Virtual Appliance called sk8s which can be used to quickly setup a Kubernetes (k8s) cluster for development and testing purposes. If you have not checked out that article, be sure to give that a read first to get the full context. As mentioned in the previous article, sk8s runs great on any vSphere deployment but it can also run on VMware Cloud on AWS (VMC) which adds an additional capability where an AWS Elastic Load Balancer (ELB) can automatically be provisioned and configured to front-end the k8s control plane as part of the deployment for external access.

The nice benefit of this is that you only need to configure access to the ELB and not directly to the underlying VMs running within the SDDC, both simplifying the setup but also reducing the need to expose the VMs directly to the internet. The write-up below is similar to that of the previous article, but it does expand into greater detail when deploying to VMC and all the required configuration changes within the VPC using the AWS Console and the Network and Security changes using the VMC Console.

Note: If you decide to use the integrated AWS ELB integration, please be aware that you will be charged for the consumption. For pricing, please see the AWS documentation here.

Prerequisites:

Access to the VMC Console and VMC SDDC
NSX-T Logical Network with DHCP enabled
AWS Access & Secret Key for automatically creating ELB (Optional)
govc

Step 1 - Install govc on your local desktop which has access to your VMC vSphere environment. If you have not installed govc, the quickest way is to simply download the latest binary, below is an example of installing the latest MacOS version:

curl -L https://github.com/vmware/govmomi/releases/download/v0.20.0/govc_darwin_amd64.gz | gunzip > /usr/local/bin/govc
chmod +x /usr/local/bin/govc

Step 2 - We need to verify a few settings in the AWS Console to ensure that the VPC that is connected to your SDDC is properly configured so that the provisioning of the ELB will be successful.

sk8s – Simple Kubernetes (k8s) Virtual Appliance

02/22/2019 by William Lam 18 Comments

I recently had a need for a for a basic Kubernetes (k8s) Cluster which I also needed to have running locally in my vSphere Home Lab for testing purposes. I know there are a number of great blog articles out there that shows you how to setup your own k8s from scratch, including a recent blog series from Myles Gray. However, I was looking for something quick that I could consume without requiring any setup. To be honest, installing your own k8s from scratch is so 2017 😉

If you ask most people, they simply just want to consume k8s as an integrated solution that just works and not have to worry about installing and managing the underlying components that make up k8s. VMware PKS and PKS Cloud are two great examples of this where Pivotal and VMware provides a comprehensive solution (including Software Defined Networking) for managing the complete lifecycle (Day 0 to Day N) for running Enterprise K8s, whether that is within your own datacenter or running as a public cloud service. For my exploratory use case, PKS was overkill and I also did not have the required infrastructure setup in this particular environment, so I had to rule that out for now.

While searching online, I accidentally stumbled onto a recent VMware Open Source project called sk8s, short for Simple Kubernetes (k8s) which looked really interesting. At first glance, a few things stood out to me immediately. This project was created by none other than Andrew Kutz, for those not familiar with Andrew's work, he famously created the Storage vMotion UI plugin for the vSphere C# Client before VMware had native UI for the feature. He was also the creator of the first vCenter Simulator back in the day called simDK that was also widely used by a number of customers including myself. I knew Andrew had joined our Cloud Native Business Unit (CNABU), but I was not sure what he was up to these days, guess I now know 🙂 and is helping both VMware and the OSS community in k8s development.

govcsim – Neat incubation project (vCenter Server & ESXi API based simulator)

04/21/2017 by William Lam 10 Comments

I know many of my readers have inquired about VCSIM (vCenter Server Simulator) which was a really useful tool that served a variety of use cases, but unfortunately it had stopped working with the VCSA 6.0 release. VCSIM is another topic that is near and dear to me and it is something I continue to push and advocate for internally at VMware. Earlier this week, I came to learn about a cool new incubation project that Doug MacEachern had been working on for some time now. Doug is an awesome VMware developer working on the vSphere Integrated Containers (vIC) project and he is also well known for his active contributions to both govmomi (vSphere SDK for Go) and govc CLI.

As you can probably guess from the title, the name of the project is called govcsim and it is a vCenter Server and ESXi API based simulator written using govmomi. It creates a vCenter Server model with a datacenter, hosts, cluster, resource pools, networks and a datastore. The naming of the objects is similar to that of the original VCSIM mode that was included with the VCSA. The number of resources can be increased or decreased using the various resource type flags. Resources can also be created and removed using the API. Doug had developed the tool to provide an easy way for their team to test some of the work they are doing with vIC. The tool is still under incubation but continues to received enhancements. In fact, the other day when I had used it for the first time, I had found a couple of issues which Doug resolved immediately.

I got a chance to give govcsim a spin the other day and currently you can connect to it using govmomi, govc, pyvomi (vSphere SDK for Python) or rbvmomi (vSphere SDK for Ruby). It currently does not work with PowerCLI (connects but no inventory), I know this is something Doug is currently looking into. You might also be able to connect using other vSphere SDKs but these are the ones that Doug and I have tried so far.

Slick way of deploying OVF/OVA directly to ESXi & vCenter Server using govc CLI

04/08/2016 by William Lam 9 Comments

I have been meaning to write about this neat little feature that was added to the govc CLI late last year that allows you to easily deploy any OVF/OVA without the need of ovftool. You might ask, why not use ovftool? Well, if you just need to perform a very basic OVF/OVA deploy and prefer not to install anything on your desktop, this can be a nice alternative. govc is provided as a simple binary that is platform agnostic and supports Windows, Linux & Mac OS X. govc is built using govmomi which is also known as the vSphere SDK for Go and this also means you can consume this capablitity beyond just the CLI but also programmatically if you wish. Obviously, the CLI is the easiest method which I will demonstrate below.

Just to be clear, there is still a huge amount of value in using ovftool as it contains a large mount of functionality that is not found any where else. It is still the recommended tool for deploying OVF/OVA across all VMware based Hypervisors and is extensively used by other VMware's products for general OVF/OVA deployment.

Here are the steps on using govc to deploy an OVF/OVA:

Step 1 - Download the latest govc binary for your platform which can be found here. In this example, I will be running govc on my Mac OS X system and you can easily download it by running the following commands:

curl -L https://github.com/vmware/govmomi/releases/download/v0.5.0/govc_darwin_amd64.gz | gunzip -d > /usr/local/bin/govc
chmod +x /usr/local/bin/govc

Step 2 - To verify that govc is working, go ahead and run the following command to retrieve the version which should display v0.5.0:

govc version

Note: If you are new to govc and want a quick primer on how it works, please head over to this article here for more details.

Step 3 - Next, we need to setup a couple of GOVC environmental variables which will define the vSphere environment (ESXi or VC) you plan to deploy to. You also have the option to specify this in the command-line using the --help option for more details. In this example, I will just set them as environmental variables. Below is an example of my environment which is going to be deploying directly to an ESXi host, you will want to update these variables based on your environment.

export GOVC_INSECURE=1
export GOVC_URL=nuc.primp-industries.com
export GOVC_USERNAME=root
export GOVC_PASSWORD=vmware123
export GOVC_DATASTORE=vsanDatastore
export GOVC_NETWORK="VM Network"
export GOVC_RESOURCE_POOL='*/Resources'

Note: If you are new to govc and want a quick primer on how it works, please head over to this article here for more details.

Step 4 - To ensure that govc can properly communicate with your vSphere enviornment, you can run the following command which should return details about the system you are connected to:

govc about

Step 5 - To deploy an OVF/OVA, we first need to create a spec file by inspecting the actual OVF/OVA using the import.spec command which will output in a JSON format. To make it easier to read, we will format the output using python. To do so, run the following command (replace with the OVF/OVA you wish to deploy):

govc import.spec /Volumes/Storage/Images/Current/VMware-VCSA-all-6.0.0-3634788/vcsa/vmware-vcsa | python -m json.tool

As you can see from the screenshot above, we are inspecting the OVA for the latest vCenter Server Appliance (VCSA) 6.0 and it has automatically generated all the OVF properties that can be specified for this OVA. We then just need to re-direct the output to a file in which we can then edit the properties and pass that configuration when we deploy. We can do so by running the following command:

govc import.spec /Volumes/Storage/Images/Current/VMware-VCSA-all-6.0.0-3634788/vcsa/vmware-vcsa | python -m json.tool > vcsa.json

Step 6 - Now, we just need to open up the JSON file we saved and edit the values before we can use it in our deployment. You may have also noticed that there is an InjectOvfEnv param which means you can use govc to also inject OVF properties when deploying directly to ESXi host 🙂

Here is an example of the vcsa.json for deploying an Embedded VCSA:

{

 "Deployment": "tiny",

 "DiskProvisioning": "thin",

 "IPAllocationPolicy": "dhcpPolicy",

 "IPProtocol": "IPv4",

 "InjectOvfEnv": true,

 "Name": "VCSA-60u2-Embedded",

 "PowerOn": true,

 "PropertyMapping": [

 {

 "Key": "guestinfo.cis.appliance.net.addr.family",

 "Value": "ipv4"

 },

 {

 "Key": "guestinfo.cis.appliance.net.mode",

 "Value": "static"

 },

 {

 "Key": "guestinfo.cis.appliance.net.addr",

 "Value": "192.168.1.40"

 },

 {

 "Key": "guestinfo.cis.appliance.net.prefix",

 "Value": "24"

 },

 {

 "Key": "guestinfo.cis.appliance.net.gateway",

 "Value": "192.168.1.1"

 },

 {

 "Key": "guestinfo.cis.appliance.net.dns.servers",

 "Value": "192.168.1.1"

 },

 {

 "Key": "guestinfo.cis.appliance.net.pnid",

 "Value": "192.168.1.40"

 },

 {

 "Key": "guestinfo.cis.vmdir.password",

 "Value": "VMware1!"

 },

 {

 "Key": "guestinfo.cis.vmdir.domain-name",

 "Value": "vghetto.local"

 },

 {

 "Key": "guestinfo.cis.vmdir.site-name",

 "Value": "virtuallyGhetto"

 },

 {

 "Key": "guestinfo.cis.vmdir.first-instance",

 "Value": "True"

 },

 {

 "Key": "guestinfo.cis.appliance.root.passwd",

 "Value": "VMware1!"

 },

 {

 "Key": "guestinfo.cis.appliance.root.shell",

 "Value": "False"

 },

 {

 "Key": "guestinfo.cis.appliance.ssh.enabled",

 "Value": "False"

 },

 {

 "Key": "guestinfo.cis.appliance.ntp.servers",

 "Value": "pool.ntp.org"

 },

 {

 "Key": "guestinfo.cis.deployment.node.type",

 "Value": "embedded"

 },

 {

 "Key": "guestinfo.cis.ceip_enabled",

 "Value": "False"

 }

 ],

 "WaitForIP": false

}

view raw
vcsa-embed.json
hosted with ❤ by GitHub

Note: There is a known bug currently in which the "Deployment" pararm is always generated. You will need to delete this if you have an OVA that does not use this parameter. I have already been reported here.

Step 7 - Finally, we just need to use the import.ova command and specify the path to our JSON configuration file as well as the path to our OVA. To do so, run the following command:

govc import.ova -options=vcsa.json /Volumes/Storage/Images/Current/VMware-VCSA-all-6.0.0-3634788/vcsa/vmware-vcsa

Note
Note: There is known bug in which you will see a warning about Invalid value for the network which you can ignore. I have already reported the issue here.

Once the VM powers on, the OVF properties will automatically be injected into the VM and in a few minutes, you will have a fully configured VM. Pretty cool right!? What I really love about this solution beyond its simplicity is that the tool allows you to easily generate the OVF property spec file. This is much easier than having to manually inspect an OVF/OVA and then extract the params by hand which can be very error prone. Lastly, I want to give a big shoutout to Pieter Noordhuis who was the Engineer who had implemented this awesome feature and is also one of the Engineers who created govmomi. Thanks Peter!