Monday, 21 December 2015

Creating vApp Templates for Automation

First thing I'll need in order to automate any infrastructure build-out is a vApp Template. These are the basic VM building blocks on vCloud Director, the equivalent to an AWS AMI or OpenStack Machine Image. While I could upload an install ISO image to vCloud and step through a manual OS installation, in the spirit of automation, I decided to make use of a tool called Packer to create my vApp Template.

Packer is an open source tool for creating identical machine images for multiple platforms from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel. Packer does not replace configuration management like Chef or Puppet. In fact, when building images, Packer is able to use tools like Chef or Puppet to install software onto the image.

Packer has out of the box support for VMware, utilising VMware Workstation or a remote ESXi server as a virtualisation platform, and has a post-processor service to upload the subsequent machine template to a VMware vCenter server. It does not however have built-in support for creating a vApp Template on vCloud Director.  Options for uploading vApp Templates are very limited, and usually come down to using VMware's ovftool CLI.

Some members of the Open Source community have written plugins extensions to Packer, wrapping up the ovftool functionality into another post-processor service, however for the purpose of this exercise I think it is acceptable to trigger the ovftool CLI as a follow on step after the Packer run and will show you the command line options required to upload the vApp Template.

So, to get started you will want to clone the Automation Examples +Skyscape Cloud Services  github repository to your local workstation. You will also need to download and install the following tools:

  • VMware Workstation - you can use it with a 30 day evaluation license.
  • Packer - download from https://packer.io/downloads.html
  • OvfTool - download from https://www.vmware.com/support/developer/ovf/
Make sure that Packer and OvfTool are installed in a directory that is in your path. 

TLDR;

If all you want to do is generate your new vApp Template, all you should need to do now is change to the packer sub-directory in the github clone, and run the command:

packer build centos71.json

Once packer completes, you will have an output-centos71-vmware-iso directory with a centos71.vmx file in it. You will need to remove the reference to "nat" networking (see the README.md file) and use ovftool to upload the vm template to vCloud Director.

Packer In More Detail

The packer tool works by completely automating the creation of a virtual machine, either from installation ISO media, or from and existing machine image, and then applying further customisation to the machine by using provisioning scripts or configuration management tools like Chef and Puppet. 

The configuration of the virtual machine is held in a JSON format file and supports multiple 'input' formats, and multiple 'output' formats, spawning processes in parallel to efficiently create consistent machine images across multiple virtualisation platforms. The JSON file lists one or more 'builder' configurations that define the combinations of input/output formats. For this post, I am only going to use the 'vmware-iso' builder to generate a VMware template from an ISO installation CD-Rom. If multiple builders are specified, they all run in parallel.

The start of the process (at least for Redhat-based Linux distributions) is an ISO install media and a 'kickstart' script that answers all the questions and Next, Next, Next button clicks you would perform from a manual installation. Packer also supports the creation of Windows servers, using an equivalent Autounattend.xml file for a hands-off installation from a Windows ISO install. Packer will even download the ISO file for you from a specified URL, confirming its validity with a file checksum.

Having downloaded the ISO file, Packer will create a new VM using VMware Workstation using the CPU count, memory size and disk allocation specified in the JSON file, and configure the VM to mount the ISO file as a CD-ROM to boot from when the VM is powered on.

Start of a Packer run

The kickstart script is shared with the VM via a simple HTTP server run by the packer process, and when the VM is powered on, it 'types' the necessary Linux kernel parameters to start the installation and retrieve the kickstart script from it's temporary HTTP server. Packer then waits in the background for the CentOS installation to complete and SSH to become available.

Once packer can create an SSH connection to the newly installed VM, it works through each 'provisioner' in the JSON file sequentially to further customise the VM. There are a large number of provisioner steps supported by Packer, ranging from uploading a file to the VM, to uploading a script file (or even a script written in-line in the JSON) to the VM and executing it.

For this post, I am using a single provisioner step that uploads a number of scripts, sets up some environment variables in the remote shell, and then executes the uploaded scripts in that shell.

Packer process completing successfully

After all the provisioner steps have completed, packer will shutdown the new VM, compress the .vmdk files that define the VM's disk, and if any optional 'post-processor' steps are defined it will run them. We are not using any post-processor steps since uploading to vCloud Director is not supported at this time.

Uploading the vApp Template

There is one manual step to be performed before the packer-generated VM template can be uploaded. When packer uses VMware Workstation locally, it uses a 'NAT' network type. The generated centos71.vmx file references the 'NAT' network, and if uploaded as-is, vCloud Director will be unable to create new VMs from the template as the 'NAT' network does not exist. Using a text editor, you need to change the referenced 'nat' network to 'none'.

In vCloud Director, the vApp Templates are held in one of your organisation's catalogs. I have created a catalog in my vCloud account called 'DevOps'. I want to upload my new VM template to the DevOps catalog, giving it the name 'centos71'. After changing to the output-centos71-vmware-iso subdirectory, run the following command to create your new vApp Template:

ovftool --vCloudTemplate --acceptAllEulas --overwrite centos71.vmx "vcloud://%VCAIR_USERNAME%@api.vcd.portal.skyscapecloud.com:443?org=%VCAIR_ORG%&vappTemplate=centos71&catalog=DevOps"

This command pulls your vCloud organisation and username from environment variables and will prompt you for your password. The vApp Template name and catalog name are specified as part of the vcloud:// url, and the --overwrite option allows the replacement of an existing vApp Template with the new one being uploaded.

And that is that. I now have a new vApp Template called 'centos71' all ready to be used with my evaluation of different provisioning tools. It has a minimal OS installation, as defined by the kickstart script, with specific customisations applied to it to ensure that the necessary VMware Tools are installed and ready to be triggered by the VM customisation process when the template is used to launch new VMs.

My next post in this series will start to make use of this template to automatically provision my simple web application.

Monday, 14 December 2015

Evaluating vCloud Director API tools

In order to evaluate the different tools available for interacting with the +Skyscape Cloud Services / vCloud Director API, I am setting myself the following challenge - To fully automate the creation of a simple Web Application:

  • The website should be hosted inside a vDC on the Skyscape Cloud Services infrastructure.
  • It will have 2 web servers behind a load-balancer.
  • The web servers will be backed by a single database server.
  • The vDC should have a separate jump-box server accessible via SSH to provide remote access to other servers in the vDC.
Over the next series of posts I shall review a number of options for representing this simple Web Application using Infrastructure-as-Code tools. Any scripts generated as part of the evaluations will be shared on Github for you to download and try out for yourself.

These are some of the tools I shall be taking a look at. It is not exhaustive, so if there are others you think are worth reviewing, please add a comment.

Wednesday, 9 December 2015

New Job, New Blog



Well, 4 weeks into the new job at +Skyscape Cloud Services  and I'm setting up my first blog in preparation for lots of goodness to come.

Keep an eye on this space for all sorts of updates about the DevOps related activities I get up to on the Skyscape Cloud platform.