salt.proxy.vcenter

Proxy Minion interface module for managing VMWare vCenters.

codeauthor:

Rod McKenzie (roderick.mckenzie@morganstanley.com)

codeauthor:

Alexandru Bleotu (alexandru.bleotu@morganstanley.com)

Dependencies

  • pyVmomi Python Module

pyVmomi

PyVmomi can be installed via pip:

pip install pyVmomi

Note

Version 6.0 of pyVmomi has some problems with SSL error handling on certain versions of Python. If using version 6.0 of pyVmomi, Python 2.6, Python 2.7.9, or newer must be present. This is due to an upstream dependency in pyVmomi 6.0 that is not supported in Python versions 2.7 to 2.7.8. If the version of Python is not in the supported range, you will need to install an earlier version of pyVmomi. See Issue #29537 for more information.

Based on the note above, to install an earlier version of pyVmomi than the version currently listed in PyPi, run the following:

pip install pyVmomi==5.5.0.2014.1.1

The 5.5.0.2014.1.1 is a known stable version that this original ESXi State Module was developed against.

Configuration

To use this proxy module, please use on of the following configurations:

proxy:
  proxytype: vcenter
  vcenter: <ip or dns name of parent vcenter>
  username: <vCenter username>
  mechanism: userpass
  passwords:
    - first_password
    - second_password
    - third_password

proxy:
  proxytype: vcenter
  vcenter: <ip or dns name of parent vcenter>
  username: <vCenter username>
  domain: <user domain>
  mechanism: sspi
  principal: <host kerberos principal>

proxytype

The proxytype key and value pair is critical, as it tells Salt which interface to load from the proxy directory in Salt's install hierarchy, or from /srv/salt/_proxy on the Salt Master (if you have created your own proxy module, for example). To use this Proxy Module, set this to vcenter.

vcenter

The location of the VMware vCenter server (host of ip). Required

username

The username used to login to the vcenter, such as root. Required only for userpass.

mechanism

The mechanism used to connect to the vCenter server. Supported values are userpass and sspi. Required.

passwords

A list of passwords to be used to try and login to the vCenter server. At least one password in this list is required if mechanism is userpass

The proxy integration will try the passwords listed in order.

domain

User domain. Required if mechanism is sspi

principal

Kerberos principal. Rquired if mechanism is sspi

protocol

If the vCenter is not using the default protocol, set this value to an alternate protocol. Default is https.

port

If the ESXi host is not using the default port, set this value to an alternate port. Default is 443.

Salt Proxy

After your pillar is in place, you can test the proxy. The proxy can run on any machine that has network connectivity to your Salt Master and to the vCenter server in the pillar. SaltStack recommends that the machine running the salt-proxy process also run a regular minion, though it is not strictly necessary.

On the machine that will run the proxy, make sure there is an /etc/salt/proxy file with at least the following in it:

master: <ip or hostname of salt-master>

You can then start the salt-proxy process with:

salt-proxy --proxyid <id of the cluster>

You may want to add -l debug to run the above in the foreground in debug mode just to make sure everything is OK.

Next, accept the key for the proxy on your salt-master, just like you would for a regular minion:

salt-key -a <id you gave the vcenter host>

You can confirm that the pillar data is in place for the proxy:

salt <id> pillar.items

And now you should be able to ping the ESXi host to make sure it is responding:

salt <id> test.ping

At this point you can execute one-off commands against the vcenter. For example, you can get if the proxy can actually connect to the vCenter:

salt <id> vsphere.test_vcenter_connection

Note that you don't need to provide credentials or an ip/hostname. Salt knows to use the credentials you stored in Pillar.

It's important to understand how this particular proxy works. Salt.modules.vsphere is a standard Salt execution module.

If you pull up the docs for it you'll see that almost every function in the module takes credentials and a targets either a vcenter or a host. When credentials and a host aren't passed, Salt runs commands through pyVmomi against the local machine. If you wanted, you could run functions from this module on any host where an appropriate version of pyVmomi is installed, and that host would reach out over the network and communicate with the ESXi host.

salt.proxy.vcenter.find_credentials()

Cycle through all the possible credentials and return the first one that works.

salt.proxy.vcenter.get_details()

Function that returns the cached details

salt.proxy.vcenter.init(opts)

This function gets called when the proxy starts up. For login the protocol and port are cached.

salt.proxy.vcenter.ping()

Returns True.

CLI Example:

salt vcenter test.ping
salt.proxy.vcenter.shutdown()

Shutdown the connection to the proxy device. For this proxy, shutdown is a no-op.