search

IBM-Security / ibmsecurity

Idempotent functions for IBM Security Appliance REST APIs. Currently covering ISAM and ISDS Appliances.
Apache License 2.0
47 stars 73 forks source link

Ability to create Virtual Machine #1

Closed jaredpage-ibm closed 5 years ago

jaredpage-ibm commented 7 years ago

Currently, this library does not contain a mechanism to create and boot a VM using the Metadata method on VMware or ESXI Servers.

ram-ibm commented 7 years ago

@jaredpage-ibm - I looked at the "Silent Configuration" APIs and am thinking about how to implement them. In the meantime, I was wondering what other APIs would be required for your use case?

jaredpage-ibm commented 7 years ago

@ram-ibm The VMWare SDK / API page (https://www.vmware.com/support/pubs/sdk_pubs.html) is probably a good place to start for this. I'll give some examples from an existing script below. You'll need to use vmkfstools and then just run the scripts provided on the ESXI box. 

# Create disk with vmkfstools
vmkfstools -c "${SIZE}"G -a lsilogic "$VMDIR/$VMNAME.vmdk"
# Add to VM register
echo "Registering VM with command: vim-cmd solo/registervm ${VMDIR}/${VMNAME}.vmx ${VMNAME} ${ESXIRESOURCEPOOLID}"
MYVM=`vim-cmd solo/registervm ${VMDIR}/${VMNAME}.vmx ${VMNAME} ${ESXIRESOURCEPOOLID}`

# Boot it
vim-cmd vmsvc/power.on $MYVM

# Wait till the product iso installs and the VM shuts down
echo -n "Waiting for VM to install product iso and shutdown ."
while ( vim-cmd vmsvc/power.getstate ${MYVM} | grep -q "Powered on" )
...

# Update cd image to point at bootstrap iso. Presumes ${VMROOTDIR}/${VMNAME}.iso is the bootstrap iso and has already been created and uploaded
echo "Updating VMX to use silent configuration iso"
VMROOTESC=`echo "$VMROOTDIR" | sed -e 's/\//\\\\\//g'`
sed -i -e "s/ide1:0.fileName = .*/ide1:0.fileName = \"${VMROOTESC}\/${VMNAME}.iso\"/" "${VMDIR}/${VMNAME}.vmx"

# Boot it again and we're done
vim-cmd vmsvc/power.on $MYVM

In addition, there are some scripts provided on the ISAM appliance under Manage System Settings -> File Downloads -> Common -> samples -> deploy -> deploy_isam_to_vsphere.py

I also can see there may be an opportunity to use an API from an external client on the VMWare documentation page that may be of interest.

mlu-ibm commented 7 years ago

I have some code that can provision vmware on ESXi or local (vmware or fusion required), but I think it is more for devtest purpose. In production environment, normally the infrastructure team provisions vmware and network for you.

mlu-ibm commented 7 years ago

@jaredpage-ibm I have checked in a bootstrap_local role and it will bootstrap an ISAM appliance on a Linux or OS X machine with VMWare workstation or Fusion.

For ESXi support you need to run a Shell script on the server side, I do have another playbook that can do that (ssh to ESXi, scp the shell script to create the images, etc.) I may add it later but for production environment I still believe it is better handled by the infrastructure team.

ram-ibm commented 5 years ago

FYI - Ansible supports setting up an ISO file and we have all the REST APIs covered to execute Silent Configuration. alternately we could also query an appliance for DHCP address and make REST API calls for initial config. Closing for now.