Creating a Custom VIB - VMware Blogs - VMware Blogs



Creating a Custom VIBThis paper shows how to use the vibauthor fling () to create a VIB to add a custom firewall rule to your vSphere hosts.Install the vibauthor ToolDownload the vibauthor tool and instructions from . Use RPM to install:# rpm -ihv vmware-esx-vib-author-5.0.0-0.0.783903.i386.rpm Preparing... ########################################### [100%] 1:vmware-esx-vib-author ########################################### [100%]The vibauthor tool should run on pretty much any Linux distribution so long as the prerequisite packages are installed. I’m using CentOS 6.2. VMware recommends SLES 11 SP2. Note that there are a few package requirements so be sure to check the accompanying documentation for the prerequisites. Once installed you are ready to go as there is no additional setup required. There are four basic steps to creating a custom VIB:Create a payload directoryAdd files to the payload directoryCreate a VIB descriptor.xml fileUse vibauthor to create the VIB Setup The Payload DirectoryCreate a staging directory where you will copy the files that will make up the payload of your VIB. # mkdir /stagedirInside this directory create a subdirectory called “payloads”:# cd /stagedir# mkdir payloadsInside the /stagedir/payloads directory create a directory with the name of the VIB. In this example I’m calling the VIB “MyRule”. # cd /stagedir/payloads# mkdir MyRuleInside the /stagedir/payloads/MyRule directory create a directory structure that reflects the full path where the files are to be installed on the vSphere host. As firewall rules are stored in /etc/vmware/firewall I will create this same directory structure underneath the /stagedir/payload/MyRule folder:# cd /stagedir/payload/MyRule# mkdir –p etc/vmware/firewallThe final directory structure looks like this:# /stagedir/payloads/MyRule/etc/vmware/firewallCreate The Custom Firewall Rule DefinitionIn the “/stagedir/payloads/MyRule/etc/vmware/firewall” directory create an XML file for the custom firewall rule definition. Here I’m using a slightly modified example from the vSphere Security guide. This example creates a firewall rule, called “MyRule” that will allow inbound connections over port 7777.# cd /stagedir/payloads/MyRule/etc/vmware/firewall/MyRule# vi MyRule.xml<ConfigRoot><service id='0000'> <id>MyRule</id> <rule id = '0000'> <direction>inbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>7777</port> </rule> <enabled>true</enabled> <required>false</required> </service></ConfigRoot>Create the VIB Descriptor FileThe next step is to create the VIB’s descriptor.xml file. The descriptor.xml file contains information about the payload (files included in the VIB) along with any dependencies, conflicts, or installation requirements. There is a sample descriptor file included with the vibauthor tool in the /opt/vmware/vibtools/sample directory that you can use as a template.Tip: rather than create a new descriptor.xml from scratch you can extract the descriptor.xml from an existing VIB and edit it. To extract a VIB’s payload use the command: # vibauthor –e –v <vib> -o <output directory># cd /stagedir# vi descriptor.xml<vib version="5.0"><name>MyRule</name> <version>5.0.0-1.0</version> <vendor>None</vendor> <summary>Custom VIB Definition</summary> <description>Adds a Custom Firewall Rule</description> <urls/> <relationships> <depends> </depends> <conflicts/> <replaces/> <provides/> <compatibleWith/> </relationships> <software-tags> <tag>driver</tag> <tag>module</tag> </software-tags> <system-requires> <maintenance-mode>false</maintenance-mode> </system-requires> <file-list> <file>/etc/vmware/firewall/</file> </file-list> <acceptance-level>community</acceptance-level> <live-install-allowed>true</live-install-allowed> <live-remove-allowed>true</live-remove-allowed> <cimom-restart>false</cimom-restart> <stateless-ready>true</stateless-ready> <overlay>false</overlay> <payloads> <payload name="MyRule" type="vgz"> </payload> </payloads></vib>Create the VIB Finally, use the vibauthor tool to create the VIB . The options used to create the VIB are:-C = compose-t = staging directory-v = name of the VIB-O = name of the depot# cd /stagedir# vibauthor -C -t /stagedir -v MyRule.vib -O MyRlule.zipSuccessfully created CustomVIB.vib.Successfully created CustomVIB.zip.The output of the above command will be two files:MyRule.vib: This is the actual VIB. You can use this file to add the VIB to a running ESXi hosts using the “esxcli” command.MyRule.zip: This file is a software depot that contains the VIB. You also can use this file to add the VIB to a running ESXi host with the “esxcli” command, but you can also use this file with the Image Builder CLI to add the VIB to an ESXi Image Profile.Installing the VIB to a Running ESXi HostTo install the custom VIB to a running ESXi host follow these steps:Copy the depot to the vSphere host:# scp MyRule.ZIP root:/tmpSet the host’s Acceptance Level to CommunitySupported# esxcli -s pany.local software acceptance \ set –level=CommunitySupportedInstall the VIB# esxcli -s pany.local software vib install \ -d /tmp/MyRule.ZIP -n MyRuleAdding the Custom VIB to an Image ProfileUse the ESXi Image Builder CLI to add the custom VIB to a custom image profile. Copy the MyRule.zip depot to a host where you have PowerCLI installed.Start PowerCLI and connect to the vCenter Server:PowerCLI C:\> Connect-VIServer <ip>Import the ESXi 5.0 software depot (from the ESXi 5.0 bundle): PowerCLI C:\> Add-EsxSoftwareDepot C:\ESXi-Depot\VMware-ESXi5.0.0-469512-depot.zipImport the MyRule.zip software depot:PowerCLI C:\> Add-EsxSoftwareDepot C:\ESXi-Depot\MyRule.zipCreate a new image profile. In this example I am creating a new image profile by cloning one of the default image profiles included with the ESXi 5.0 offline depot. Note that because I’m adding a custom VIB I need to set the acceptance level to “CommunitySupported”.PowerCLI C:\> New-EsxImageProfile –CloneProfile ESXi-5.0.0-469512-standard –Name MyCustomProfile –Vendor Custom –AcceptanceLevel “CommunitySupported”Add the custom VIB:PowerCLI C:\> Add-EsxSoftwarePackage –ImageProfile MyCustomProfile –SoftwarePackage MyCustomRuleAt this point the image profile is complete. You can now export the image as an offline depot (.zip) or as a bootable ISO (.iso). .ZIPPowerCLI C:\> Export-EsxImageProfile –ImageProfile MyCustomProfile –ExportToBundle –FilePath C:\ESXi-Depot\CustomImage.zip.ISOPowerCLI C:\> Export-EsxImageProfile –ImageProfile MyCustomProfile –ExportToISO –FilePath C:\ESXi-Depot\CustomImage.zipYou can now use the custom image profile to install your ESXi hosts. When the host is installed the “/etc/vmware/firewall/MyRule.xml” file will be installed on the host.Verify the Custom Rule “MyRule”You can verify the custom firewall rule has been added to a host using the esxcli command:# esxcli -s pany.local software vib listIn addition you can view the custom rule in vCenter by selecting the host and choosing “Configuration -> Security Profile and in the Firewall section verify the custom firewall rule named “MyRule” exists. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download