Proxy Minion interface module for managing VMWare vCenters.
Rod McKenzie (firstname.lastname@example.org)
Alexandru Bleotu (email@example.com)
pyVmomi Python Module
PyVmomi can be installed via pip:
pip install pyVmomi
Version 6.0 of pyVmomi has some problems with SSL error handling on certain versions of Python. If using version 6.0 of pyVmomi, Python 2.6, Python 2.7.9, or newer must be present. This is due to an upstream dependency in pyVmomi 6.0 that is not supported in Python versions 2.7 to 2.7.8. If the version of Python is not in the supported range, you will need to install an earlier version of pyVmomi. See Issue #29537 for more information.
Based on the note above, to install an earlier version of pyVmomi than the version currently listed in PyPi, run the following:
pip install pyVmomi==188.8.131.524.1.1
The 184.108.40.2064.1.1 is a known stable version that this original ESXi State Module was developed against.
To use this proxy module, please use on of the following configurations:
proxy: proxytype: vcenter vcenter: <ip or dns name of parent vcenter> username: <vCenter username> mechanism: userpass passwords: - first_password - second_password - third_password proxy: proxytype: vcenter vcenter: <ip or dns name of parent vcenter> username: <vCenter username> domain: <user domain> mechanism: sspi principal: <host kerberos principal>
proxytype key and value pair is critical, as it tells Salt which
interface to load from the
proxy directory in Salt's install hierarchy,
/srv/salt/_proxy on the Salt Master (if you have created your
own proxy module, for example). To use this Proxy Module, set this to
The location of the VMware vCenter server (host of ip). Required
The username used to login to the vcenter, such as
Required only for userpass.
The mechanism used to connect to the vCenter server. Supported values are
A list of passwords to be used to try and login to the vCenter server. At least
one password in this list is required if mechanism is
The proxy integration will try the passwords listed in order.
User domain. Required if mechanism is
Kerberos principal. Rquired if mechanism is
If the vCenter is not using the default protocol, set this value to an
alternate protocol. Default is
If the ESXi host is not using the default port, set this value to an
alternate port. Default is
After your pillar is in place, you can test the proxy. The proxy can run on any machine that has network connectivity to your Salt Master and to the vCenter server in the pillar. SaltStack recommends that the machine running the salt-proxy process also run a regular minion, though it is not strictly necessary.
On the machine that will run the proxy, make sure there is an
file with at least the following in it:
master: <ip or hostname of salt-master>
You can then start the salt-proxy process with:
salt-proxy --proxyid <id of the cluster>
You may want to add
-l debug to run the above in the foreground in
debug mode just to make sure everything is OK.
Next, accept the key for the proxy on your salt-master, just like you would for a regular minion:
salt-key -a <id you gave the vcenter host>
You can confirm that the pillar data is in place for the proxy:
salt <id> pillar.items
And now you should be able to ping the ESXi host to make sure it is responding:
salt <id> test.ping
At this point you can execute one-off commands against the vcenter. For example, you can get if the proxy can actually connect to the vCenter:
salt <id> vsphere.test_vcenter_connection
Note that you don't need to provide credentials or an ip/hostname. Salt knows to use the credentials you stored in Pillar.
It's important to understand how this particular proxy works.
Salt.modules.vsphere is a
standard Salt execution module.
If you pull up the docs for it you'll see that almost every function in the
module takes credentials and a targets either a vcenter or a host. When
credentials and a host aren't passed, Salt runs commands through
against the local machine. If you wanted, you could run functions from this
module on any host where an appropriate version of
pyVmomi is installed,
and that host would reach out over the network and communicate with the ESXi
Cycle through all the possible credentials and return the first one that works.
Function that returns the cached details
This function gets called when the proxy starts up. For login the protocol and port are cached.
salt vcenter test.ping
Shutdown the connection to the proxy device. For this proxy, shutdown is a no-op.