SaltStack & VMWareAn Automation and Orchestration

Solution for VMWare Esxi 6.0

The problemA considerable amount of time was spent on commissioning virtual machines and customizing existing ones

Development needed a fast CLI based method for provisioning vms with a non domain restricted syntaxChart: Average approximates 2013-2015

600sec

Salt-Time

1h 40m

Manually

1h 30m

Manually

The solutionAutomation

Select a tool that is easy to implement , extensible and rewarding to learn.Help us provide a rapid response that matches the requirement. Compatible with Ansible but much more powerful

How it worksStep 1

Capture Specification into a templateClients specification needs to be verified and confirmed, it will then be translated into a virtual machine template.

Step 2

LinkCreate a saltstack ‘salt-cloud’ configuration fileConnects to the

‘vmware-template’

Step 3

Build implement the SaltStack command line to spin the new virtual machine.

Why SaltStack !

implements the most up to date APIs with

‘pyVmomi’, these are compatible with our target environment.

Active communityOur trial proved to us that

the community support was very good and

helped us overcome issues.

DocumentationExcellent documentation,

this was found to be organised and containing material or high quality

versatilityA well designed tool

relying on the richness of Python, can server the IT-

Team in different implementations.

Compatibility API

Salt General StructureStandard

MasterOwn comms

protocol, scalable can also use ssh.

MinionImplement

instructions

Multi Master

Many Master (Nodes)Resilience

Have master of masters case in complex structures.

Masterless

Minion only.

Minion delegate as master for multiple nodes, (Special cases).

Salt-Cloud: Elements SaltStack has several elements that are required by salt-cloudIn the instal several elements are needed on CentOS6:Ensure EPEL repository and salt repositories are includedyum -y install updateyum -y install python-pippip install pyVimomiyum -y install zlib-devel bzip2-devel openssl-devel xz-libs wget sqlite-devel python-devel- libxml2-devel libxslt-devel salt-master salt-minion salt-cloud

Please remember that salt-cloud should not be installed via pip as it was detected to cause compatibility issues.

Salt Virtual machines (Masters)

Salt Targets (Minions)

SaltStack Files

Salt-Standard

Standard files are meant for standard functions. Configuration that impacts the nodes controlled by SaltStack, similar to the way playbooks in Ansible impact the target nodes.

These are located at ‘/srv/salt’. These files are details next page.

Salt-Cloud:

Additional files that in our case come with installing the ‘salt-cloud’ API specific to SaltStack’s interface with Cloud providers, those include in our case VMware & Amazon, they are not limited to those but include RackSpace, digital ocean, KVM and much more.

Located @ /etc/salt/: cloud.providers.d, cloud.profiles.d

Salt Cloud folder components

Salt Cloud structure After installing ‘Salt-Cloud’ one would notice the following components added. The two that are important for the basic interaction of SaltStack with vmware Esxi are

1. cloud.providers.d

2. cloud.profiles.d

Salt-Cloud files Purpose!

Looking at the newly generated ‘salt cloud’ folders & files to verify their purposes

cloud.providers.d: vmware.conf, contains the login credentials to vmware vcenter, typical login and password for an account that has sufficient rights to create and delete virtual machines or whatever operations this setup is expected to execute.

cloud.profiles.d: Specifications for the vms to be created.

Other Important components: ‘vmware.py’ is an important python script, it uses pyVimomi, the salt system will not function without it, it was found that it will be added by the repos on Centos but not Ubuntu, so Ununtu users can add this manually and download it from github. The locations for it are:

On Ubuntu 14.04: /usr/lib/python2.7/dist-packages/salt/cloud/clouds/ On CentOS7: /usr/lib/python2.6/site-packages/sos/plugins/

Salt Cloud Provider and profiles relation

/etc/salt/cloud.providers.d/vmware.conf

vcenter6:user: ‘saltstack@example.com’password: $ecreturl: ‘vcenter6.example.com’protocol: ‘https’port: 443

VM01_Profile: provider: vcenter6 num_cpus: 1 memory: 1GB devices: disk: Hard disk 1: size: 20 network: adapter type: vmxnet3 name: “vm network” switch_type: standard ip: 10.194.70.31 gateway: 10.194.70.1 subnet_mask: 255.255.255.0 domain: example.com dns_servers: - 10.194.0.33 - 10.194.0.44 resourcepool: devops cluster: DevopsCluster minion: master: salt03.example.com deploy: True power_on: True ssh_username: root password: SaltAccess extra_config: guestinfo.ipaddress: 10.194.70.31 guestinfo.netmast: 255.255.255.0 guestinfo.gateway: 10.194.70.1 guestinfo.hostname: vm01.example.com file_map: /srv/salt/map/vm01/etc/hosts: /etc/hosts

Salt-cloud For VMWARE Interaction

SALT-CLOUD: Administrative Commands

The command used to create the virtual machines is as below:

tttthihsss

after the -p one would specify the profile used , this line for the profile comes from the first line in the configuration file that specify the vm specification and is included in ‘/etc/salt/cloud.profiles,d/ The first line from that configuration file is below, it highlight where the line has come from:

After that comes the name we intend to give to the virtual machine. ‘dev01.example.com’ that will show on vcenter as the machine is being built, that will also be given to the folder where is will sit. Please note this will not impact the name of the vm within its own operating system as that will need to be specified within the configuration file. The ‘-lL’ flag will be very useful to include, it will enable one to be capture the errors . It’s essential to restart the ‘salt-master’ service upon making changes to refresh.

Useful commands:

salt-cloud --query # This will give details about the vms created salt-cloud -p dev01 dev02 # One can create several vms with one commandsalt-cloud -d dev01 dev02 # One can also destroy several vms at the same timesalt-cloud -F # List all vms and templates on all configured providers

Dependencies

VMWARE-Tools has a number of related packages. This used to enable the customization of a virtual machine. This involves taking a vm or a template, cloning a new one from it the giving the new one a name, network configuration files and packages.

It’s important to know that after reading the api for ‘vmware’ that we cannot so far create a vm from scratch, so far we can only clone from a vm or a template.

Traditionally vmware provided the vmware-tools, this has now been handed over to the open source community and is provided in the following packages:

Remove the network adapter configuration from the gold image and implement the changes below on it:(On CentOS 6): install libmspack open-vm-toolsopen-vm-tools-developen-vm-tools-desktopopen-vm-tools-debuginfoopen-vm-tools-deploypkg (released by vmware and is essential ) change /etc/udev/rules.d/70-persistent-net.rules remove the reference related to the mac address completely, the line will look as below:SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”VMXNET3”, ATTR{type}==”1”, KERNEL==”eth*”, NAME=”eth0”chkconfig vmtoolsd enableservice vmtoolsd start

Dependencies ‘VMWARE-Tools

CentOS 7 & Ubuntu 14.04On the gold image, (VM or template one will clone from):Will rely on %100 open source packages, ‘open-vm-tools’ in the case of CentOS, RHEL, Oracle Linux, Scientific Linux and Fedora, one needs to ensure they have added the ‘EPEL’ repositories. It’s recommended that one keeps a golden image with a working version of ‘open-vm-tools’ and experiment with the latest ‘open-vm-tools’ separately as it’s likely to show some compatibility issues.

remove the network adapter configuration In the location ‘/etc/udev/70-persistent-net.rules’

The line should be as such:

SUBSYSTEM=”net”, ACTION==”add”, DRIVERS==”vmxnet3”, ATTR{type}==”1”, KERNEL==”eth*”, NAME==”eth0”

One can add this line as many times as they have network adapters on the vm. The driver ‘VMXNET3’ is the latest in vmware and the most recommended. The older network driver “e1000” may still be used and needs to be referenced appropriately.

systemctl enable vmtoolsdsystemctl start vmtoolsd