DevOps – SimplyGeek.co.uk

Deploying NSX-T Using Ansible – Part 3: Running The Playbook

April 10, 2019April 10, 2019 Gavin Stephens Leave a comment

In this post I am going to cover the running of the Ansible NSX-T playbook, so that you can get NSX-T deployed in your environment(s). In case you missed them, in my previous posts, I detailed how to set up your Ansible environment and configure the playbook in preparation for deploying NSX-T.

If you arrived here and want to figure it out for yourself, you can download my playbooks here: https://github.com/nmshadey/Ansible-NSXT

Playbook Overview

The main playbook that you will need to run is called ‘nsxt_create_environment.yml‘, which is located in the root of the Ansible-NSXT folder.

---
## Deploys an NSX-T environment
- hosts: nsxt_managers_controllers
  connection: local
  become: yes
  gather_facts: False
  vars:
    nsxt_deployment_vcenter: "{{ mgmt_vcenter_server }}"
    nsxt_deployment_vcenter_username: "{{ mgmt_vcenter_admin_username }}"
    nsxt_deployment_vcenter_password: "{{ mgmt_vcenter_admin_password }}"
    nsxt_deployment_datacenter: "{{ mgmt_vcenter_datacenter }}"
    nsxt_deployment_cluster: "{{ mgmt_vcenter_cluster }}"
    nsxt_deployment_datastore: "{{ nsxt_datastore }}"
    nsxt_deployment_portgroup: "{{ nsxt_portgroup }}"
    nsxt_deployment_size: "{{ nsxt_default_deployment_size }}"
    nsxt_role: "{{ nsxt_default_role }}"

    compute_managers:
    - name: "{{ nsxt_compute_manager_name }}"
      host: "{{ nsxt_compute_manager_host }}"
      transport_clusters: "{{ nsxt_transport_clusters }}"

    ip_pools:
    - display_name: "{{ nsxt_transport_switch_ip_pool_name }}"
      subnets:
      - allocation_ranges:
        - start: "{{ nsxt_transport_switch_ip_pool_start }}"
          end: "{{ nsxt_transport_switch_ip_pool_end }}"
        cidr: "{{ nsxt_transport_switch_ip_pool_cidr }}"

    transport_zones:
    - display_name: "{{ nsxt_transport_zone_name }}"
      description: "{{ nsxt_transport_zone_desc }}"
      transport_type: "OVERLAY"
      transport_switch_name: "{{ nsxt_transport_switch_name }}"

    uplink_profiles:
    - display_name: "{{ nsxt_transport_switch_uplink_profile_name }}"
      teaming:
        active_list:
        - uplink_name: "{{ nsxt_transport_switch_uplink_1 }}"
          uplink_type: PNIC
        - uplink_name: "{{ nsxt_transport_switch_uplink_2 }}"
          uplink_type: PNIC
        policy: "{{ nsxt_transport_switch_uplink_profile_policy }}"
      transport_vlan: "{{ nsxt_transport_switch_uplink_profile_vlan }}"

    transport_node_profiles:
    - display_name: "{{ nsxt_transport_node_profile_name }}"
      description: "{{ nsxt_transport_switch_profile_desc }}"
      host_switches:
      - host_switch_profiles:
        - name: "{{ nsxt_transport_switch_uplink_profile_name }}"
          type: UplinkHostSwitchProfile
        host_switch_name: "{{ nsxt_transport_switch_name }}"
        pnics:
        - device_name: "{{ nsxt_transport_switch_pnic_1 }}"
          uplink_name: "{{ nsxt_transport_switch_uplink_1 }}"
        - device_name: "{{ nsxt_transport_switch_pnic_2 }}"
          uplink_name: "{{ nsxt_transport_switch_uplink_2 }}"
        ip_assignment_spec:
          resource_type: StaticIpPoolSpec
          ip_pool_name: "{{ nsxt_transport_switch_ip_pool_name }}"
      transport_zone_endpoints:
      - transport_zone_name: "{{ nsxt_transport_zone_name }}"
    
  roles:
    - nsxt_deploy_ova
    - nsxt_apply_license
    - nsxt_add_compute_managers
    - nsxt_create_ip_pools
    - nsxt_create_transport_zones
    - nsxt_create_uplink_profiles
    - nsxt_create_transport_profiles
    - nsxt_configure_transport_clusters

---

## Deploys an NSX-T environment

- hosts: nsxt_managers_controllers

connection: local

become: yes

gather_facts: False

vars:

nsxt_deployment_vcenter: "{{ mgmt_vcenter_server }}"

nsxt_deployment_vcenter_username: "{{ mgmt_vcenter_admin_username }}"

nsxt_deployment_vcenter_password: "{{ mgmt_vcenter_admin_password }}"

nsxt_deployment_datacenter: "{{ mgmt_vcenter_datacenter }}"

nsxt_deployment_cluster: "{{ mgmt_vcenter_cluster }}"

nsxt_deployment_datastore: "{{ nsxt_datastore }}"

nsxt_deployment_portgroup: "{{ nsxt_portgroup }}"

nsxt_deployment_size: "{{ nsxt_default_deployment_size }}"

nsxt_role: "{{ nsxt_default_role }}"

compute_managers:

- name: "{{ nsxt_compute_manager_name }}"

host: "{{ nsxt_compute_manager_host }}"

transport_clusters: "{{ nsxt_transport_clusters }}"

ip_pools:

- display_name: "{{ nsxt_transport_switch_ip_pool_name }}"

subnets:

- allocation_ranges:

- start: "{{ nsxt_transport_switch_ip_pool_start }}"

end: "{{ nsxt_transport_switch_ip_pool_end }}"

cidr: "{{ nsxt_transport_switch_ip_pool_cidr }}"

transport_zones:

- display_name: "{{ nsxt_transport_zone_name }}"

description: "{{ nsxt_transport_zone_desc }}"

transport_type: "OVERLAY"

transport_switch_name: "{{ nsxt_transport_switch_name }}"

uplink_profiles:

- display_name: "{{ nsxt_transport_switch_uplink_profile_name }}"

teaming:

active_list:

- uplink_name: "{{ nsxt_transport_switch_uplink_1 }}"

uplink_type: PNIC

- uplink_name: "{{ nsxt_transport_switch_uplink_2 }}"

uplink_type: PNIC

policy: "{{ nsxt_transport_switch_uplink_profile_policy }}"

transport_vlan: "{{ nsxt_transport_switch_uplink_profile_vlan }}"

transport_node_profiles:

- display_name: "{{ nsxt_transport_node_profile_name }}"

description: "{{ nsxt_transport_switch_profile_desc }}"

host_switches:

- host_switch_profiles:

- name: "{{ nsxt_transport_switch_uplink_profile_name }}"

type: UplinkHostSwitchProfile

host_switch_name: "{{ nsxt_transport_switch_name }}"

pnics:

- device_name: "{{ nsxt_transport_switch_pnic_1 }}"

uplink_name: "{{ nsxt_transport_switch_uplink_1 }}"

- device_name: "{{ nsxt_transport_switch_pnic_2 }}"

uplink_name: "{{ nsxt_transport_switch_uplink_2 }}"

ip_assignment_spec:

resource_type: StaticIpPoolSpec

ip_pool_name: "{{ nsxt_transport_switch_ip_pool_name }}"

transport_zone_endpoints:

- transport_zone_name: "{{ nsxt_transport_zone_name }}"

roles:

- nsxt_deploy_ova

- nsxt_apply_license

- nsxt_add_compute_managers

- nsxt_create_ip_pools

- nsxt_create_transport_zones

- nsxt_create_uplink_profiles

- nsxt_create_transport_profiles

- nsxt_configure_transport_clusters

Deploying NSX-T Using Ansible – Part 2: Setting Up The Playbook

April 10, 2019April 11, 2019 Gavin Stephens Leave a comment

In my previous post I covered how to prepare your Ansible environment and install the VMware NSX-T modules. I also provided the details on how to install my Ansible playbooks for deploying NSX-T in your environments.

In this post I am going to detail how to configure these playbooks to meet your environment/requirements. I have chosen to break out my variables into multiple files. This gives me the flexibility to assign values specific to a group of hosts, inherit values from a parent group and to store usernames, passwords and license information more securely, in their own Ansible Vault encrypted file.

The deployment examples that I will demonstrate include 2 sites, that each include the following:

A management environment at each site. This includes a vCenter Server instance with a single management cluster.
A compute resource (CMP) environment at each site. This includes a vCenter Server instance with a single resource cluster.

I will deploy an NSX-T instance at each management cluster. These NSX-T instances will be used to provide SDN capabilities to the compute resource clusters (when I get time I’ll create a diagram!).

An overview of the playbook tree:

├── ansible.cfg
├── nsxt_create_environment.yml
├── nsxt_example_add_compute_manager.yml
├── nsxt_example_apply_license.yml
├── nsxt_example_create_ip_pools.yml
├── nsxt_example_create_transport_profiles.yml
├── nsxt_example_create_transport_zones.yml
├── nsxt_example_create_uplink_profiles.yml
├── nsxt_example_deploy_ova.yml
├── group_vars
│   ├── all
│   ├── nsxt_managers_controllers
│   ├── site_a
│   ├── site_a_cmp_nsxt
│   ├── site_b
│   └── site_b_cmp_nsxt
├── inventory
│   └── hosts
├── roles
│   ├── nsxt_add_compute_managers
│   ├── nsxt_apply_license
│   ├── nsxt_check_manager_status
│   ├── nsxt_configure_transport_clusters
│   ├── nsxt_create_ip_pools
│   ├── nsxt_create_transport_profiles
│   ├── nsxt_create_transport_zones
│   ├── nsxt_create_uplink_profiles
│   └── nsxt_deploy_ova
├── ssh_config

├── ansible.cfg

├── nsxt_create_environment.yml

├── nsxt_example_add_compute_manager.yml

├── nsxt_example_apply_license.yml

├── nsxt_example_create_ip_pools.yml

├── nsxt_example_create_transport_profiles.yml

├── nsxt_example_create_transport_zones.yml

├── nsxt_example_create_uplink_profiles.yml

├── nsxt_example_deploy_ova.yml

├── group_vars

│ ├── all

│ ├── nsxt_managers_controllers

│ ├── site_a

│ ├── site_a_cmp_nsxt

│ ├── site_b

│ └── site_b_cmp_nsxt

├── inventory

│ └── hosts

├── roles

│ ├── nsxt_add_compute_managers

│ ├── nsxt_apply_license

│ ├── nsxt_check_manager_status

│ ├── nsxt_configure_transport_clusters

│ ├── nsxt_create_ip_pools

│ ├── nsxt_create_transport_profiles

│ ├── nsxt_create_transport_zones

│ ├── nsxt_create_uplink_profiles

│ └── nsxt_deploy_ova

├── ssh_config

Deploying NSX-T Using Ansible – Part 1: Setting Up The Environment

April 10, 2019April 10, 2019 Gavin Stephens Leave a comment

When I saw the release of NSX-T 2.4, I decided that I would upgrade my compute clusters to utilise this new version. Since I manage the compute NSX managers mostly through the API, I figured this would provide me with some good experience and also allow me to understand how this is deployed.

In my lab I run vRealize Automation with a management cluster (CMP stack), 2 nested vCenter Servers and ESXi Clusters (compute) that mimic two geographically dispersed data centres. Until now I had deployed a dedicated NSX-V instance for each of my three vCenter deployments, that provides the logical switching and routing required for my lab.

I didn’t want to create yet another ‘how to’ guide on how to do this using the GUI, so instead, I am going to attempt to accomplish this using Ansible. VMware have handily made available Ansible modules for NSX-T, which are supported for the 2.4 release and above (note that these are still in preview). I will attempt to make use of these modules, but if I discover broken or missing functionality, then I will revert to using the NSX-T Rest API.

Link to the VMware Github repository for Ansible NSX-T: https://github.com/vmware/ansible-for-nsxt

Link to my Github Ansible NSX-T Deployment Playbooks: https://github.com/nmshadey/Ansible-NSXT

I am going to provide a series of posts that will cover the set up of the Ansible environment, how to install the VMware NSX-T modules and use the playbooks and roles that I have created to deploy NSX-T in your environments. Read More

Install phpVirtualBox on CentOS 7.x

January 27, 2018February 9, 2019 Gavin Stephens 3 Comments

I have to say, I have been bursting with some excitement to recently discover this gem. phpVirtualBox is going to make a great addition to my server by allowing me to create and manage VirtualBox VM’s direct from my web browser. So just a small guide, sticking with the theme, on getting phpVirtualBox installed and running on CentOS 7.x.

Install required packages

Install Apache Web Server

# sudo yum install httpd

1	# sudo yum install httpd

Start Apache and ensure it starts automatically on boot.

# sudo systemctl start httpd
# sudo systemctl enable httpd

1 2	# sudo systemctl start httpd # sudo systemctl enable httpd

Finally, add an exception in the firewall so that you can access Apache over HTTP and HTTPS.

# sudo firewall-cmd --zone=public --add-service=http
# sudo firewall-cmd --zone=public --permanent --add-service=http
# sudo firewall-cmd --zone=public --add-service=https
# sudo firewall-cmd --zone=public --permanent --add-service=https

# sudo firewall-cmd --zone=public --add-service=http

# sudo firewall-cmd --zone=public --permanent --add-service=http

# sudo firewall-cmd --zone=public --add-service=https

# sudo firewall-cmd --zone=public --permanent --add-service=https

Test that Apache is running and accessible by opening a browser and navigating to http://server_ip_address.

Install PHP

# sudo yum install php php-gd php-common php-soap

1	# sudo yum install php php-gd php-common php-soap

Restart Apache.

# sudo systemctl restart httpd

1	# sudo systemctl restart httpd

Test that PHP is working by creating a PHP test file that will display the PHP information page (watch out for the quotes if copy/pasting).

# sudo echo "<?php phpinfo(); ?>" > /var/www/html/test.php

1	# sudo echo "<?php phpinfo(); ?>" > /var/www/html/test.php

Verify that the PHP information page loads by opening a browser and navigating to http://server_ip_address/test.php. Read More

Importing Existing VMs/OVA’s Into VirtualBox

November 21, 2017January 23, 2018 Gavin Stephens Leave a comment

Before I decided to run a Linux based, headless installation of VirtualBox, I had been running all my virtual machines in VMware Workstation. When it was time to switch I exported a number of virtual machines that I had already built to OVF format. These were servers like Windows with Active Directory, GIT, Ansible, that I didn’t want to go through the hassle of building again from scratch. This post is dedicated to my experience of doing this and some of the post migration work that needs to be performed, such as removing VMware Tools, etc.

Import Existing Virtual Machine Image

Before you get started

One tip before you start. When you import the VM into VirtualBox, it’s possible that the network adaptor information will change. This was definitely the case for me when I migrated from Workstation that used the VMXNET3 driver. My interface was configured as ‘ens33‘ and when I switched to the virtio driver in VirtualBox the device came up as eth0. I was therefore unable to connect to my headless VM. My solution was to fire up the source VM again and copy the ‘ifcfg-ens33‘ in /etc/sysconfig/network-scripts/ to ‘ifcfg-eth0‘ and change any references from ens33 to eth0. Finally, I commented out the UUID line. When I re-imported, I was able to connect the my VM.

Import Virtual Machine

To perform the import I am going to use the VBoxManage import command. This command allows the –dry-run flag to be supplied and will provide details of how the virtual machine will look once it has been imported into VirtualBox. This is useful as it allows us to ensure that the configuration is how we want it to be. The dry run will also provide any optional flags that can be used to influence the import. There are also the global options keepallmacs, keepnatmacs, and importtovdi.

I have some virtual machines that have been exported to OVF format:

# ls *.ovf

SG1-ADC001.ovf  SG1-ANS001.ovf  SG1-GIT001.ovf  SG1-PFW001.ovf

# ls *.ovf

SG1-ADC001.ovf SG1-ANS001.ovf SG1-GIT001.ovf SG1-PFW001.ovf

So let’s take a look at my Ansible (SG1-ANS001) virtual machine that is running on CentOS 7.x.

# VBoxManage import SG1-ANS001.ovf --dry-run

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Interpreting /mnt/vm2/ovf/vm/SG1-ANS001.ovf...
OK.
Disks:
  vmdisk1       20      2290810880      http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized       SG1-ANS001-disk1.vmdk   896100352       -1

Virtual system 0:
 0: Suggested OS type: "RedHat_64"
    (change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all possible values)
 1: Suggested VM name "vm"
    (change with "--vsys 0 --vmname <name>")
 2: Number of CPUs: 1
    (change with "--vsys 0 --cpus <n>")
 3: Guest memory: 2048 MB
    (change with "--vsys 0 --memory <MB>")
 4: USB controller
    (disable with "--vsys 0 --unit 4 --ignore")
 5: Network adapter: orig custom, config 5, extra type=Bridged
 6: CD-ROM
    (disable with "--vsys 0 --unit 6 --ignore")
 7: SCSI controller, type LsiLogic
    (change with "--vsys 0 --unit 7 --scsitype {BusLogic|LsiLogic}";
    disable with "--vsys 0 --unit 7 --ignore")
 8: IDE controller, type PIIX4
    (disable with "--vsys 0 --unit 8 --ignore")
 9: Hard disk image: source image=SG1-ANS001-disk1.vmdk, target path=/mnt/vm2/vbox/vm/vm/SG1-ANS001-disk1.vmdk, controller=7;channel=0
    (change target path with "--vsys 0 --unit 9 --disk path";
    disable with "--vsys 0 --unit 9 --ignore")

# VBoxManage import SG1-ANS001.ovf --dry-run

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Interpreting /mnt/vm2/ovf/vm/SG1-ANS001.ovf...

OK.

Disks:

vmdisk1 20 2290810880 http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized SG1-ANS001-disk1.vmdk 896100352 -1

Virtual system 0:

0: Suggested OS type: "RedHat_64"

(change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all possible values)

1: Suggested VM name "vm"

(change with "--vsys 0 --vmname <name>")

2: Number of CPUs: 1

(change with "--vsys 0 --cpus <n>")

3: Guest memory: 2048 MB

(change with "--vsys 0 --memory <MB>")

4: USB controller

(disable with "--vsys 0 --unit 4 --ignore")

5: Network adapter: orig custom, config 5, extra type=Bridged

6: CD-ROM

(disable with "--vsys 0 --unit 6 --ignore")

7: SCSI controller, type LsiLogic

(change with "--vsys 0 --unit 7 --scsitype {BusLogic|LsiLogic}";

disable with "--vsys 0 --unit 7 --ignore")

8: IDE controller, type PIIX4

(disable with "--vsys 0 --unit 8 --ignore")

9: Hard disk image: source image=SG1-ANS001-disk1.vmdk, target path=/mnt/vm2/vbox/vm/vm/SG1-ANS001-disk1.vmdk, controller=7;channel=0

(change target path with "--vsys 0 --unit 9 --disk path";

disable with "--vsys 0 --unit 9 --ignore")

The dry run feature represents the virtual machine image as a Virtual system followed by an index. As this image only contains a single virtual machine, only index 0 is present. The VM hardware configuration is listed as units. Therefore, I can go through each unit in turn and ensure that the target machine is configured correctly. From the dry run output there are a number of units that need to be modified. I will build out the command as I go along.

1: Suggested VM name “vm” (change with “–vsys 0 –vmname <name>”)

This will need to be changed to the actual name of the VM, which in this case is SG1-ANS001. I can use the options –vsys 0 –vmname <name> to accomplish this.

# VBoxManage import SG1-ANS001.ovf --vsys 0 --vmname "SG1-ANS001"

1	# VBoxManage import SG1-ANS001.ovf --vsys 0 --vmname "SG1-ANS001"

5: Network adapter: orig custom, config 5, extra type=Bridged

The original VM was using a custom host-only network interface on the previous hypervisor which is not understood by VirtualBox. The import command is therefore defaulting to a suggestion of a Bridged interface, which is not correct. I need connect the virtual network card to my vboxnet0 host-only interface on VirtualBox. Unfortunately, the import command does not provide an option that I can see which can make this change. I will therefore need to modify the VM once it has been imported.

9: Hard disk image: source image=SG1-ANS001-disk1.vmdk, target path=/mnt/vm2/vbox/vm/vm/SG1-ANS001-disk1.vmdk, controller=7;channel=0

The source disk image is a VMDK, the format used by VMware. Although VirtualBox uses the VDI disk image format, it has defaulted to continue using VMDK. This will still work but as my goal is to move to a fully Open Source solution, converting to VDI makes more sense. The global option importtovdi can be used to achieve this. My command now looks like:

# VBoxManage import SG1-ANS001.ovf --options importtovdi --vsys 0 --vmname "SG1-ANS001"

1	# VBoxManage import SG1-ANS001.ovf --options importtovdi --vsys 0 --vmname "SG1-ANS001"

VirtualBox will default to re-initialising the MAC address of all network cards on the VM. I am not interesting in making post configuration changes because of this and my preference would be to preserve the existing MAC addresses that was allocated to the original VM. There is no real reason not to do this. The global option keepallmacs can be used to achieve this. My final command now looks like this:

# VBoxManage import SG1-ANS001.ovf --options keepallmacs,importtovdi --vsys 0 --vmname "SG1-ANS001"

1	# VBoxManage import SG1-ANS001.ovf --options keepallmacs,importtovdi --vsys 0 --vmname "SG1-ANS001"

If we issue another –dry-run against the new command we can see most of the changes have taken effect.

# VBoxManage import SG1-ANS001.ovf --options keepallmacs,importtovdi --vsys 0 --vmname "SG1-ANS001" --dry-run

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Interpreting /mnt/vm2/ovf/vm/SG1-ANS001.ovf...
OK.
Disks:
  vmdisk1       20      2290810880      http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized       SG1-ANS001-disk1.vmdk   896100352       -1

Virtual system 0:
 0: Suggested OS type: "RedHat_64"
    (change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all possible values)
 1: VM name specified with --vmname: "SG1-ANS001"
 2: Number of CPUs: 1
    (change with "--vsys 0 --cpus <n>")
 3: Guest memory: 2048 MB
    (change with "--vsys 0 --memory <MB>")
 4: USB controller
    (disable with "--vsys 0 --unit 4 --ignore")
 5: Network adapter: orig custom, config 5, extra type=Bridged
 6: CD-ROM
    (disable with "--vsys 0 --unit 6 --ignore")
 7: SCSI controller, type LsiLogic
    (change with "--vsys 0 --unit 7 --scsitype {BusLogic|LsiLogic}";
    disable with "--vsys 0 --unit 7 --ignore")
 8: IDE controller, type PIIX4
    (disable with "--vsys 0 --unit 8 --ignore")
 9: Hard disk image: source image=SG1-ANS001-disk1.vmdk, target path=/mnt/vm2/vbox/vm/vm/SG1-ANS001-disk1.vdi, controller=7;channel=0
    (change target path with "--vsys 0 --unit 9 --disk path";
    disable with "--vsys 0 --unit 9 --ignore")

# VBoxManage import SG1-ANS001.ovf --options keepallmacs,importtovdi --vsys 0 --vmname "SG1-ANS001" --dry-run

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Interpreting /mnt/vm2/ovf/vm/SG1-ANS001.ovf...

OK.

Disks:

vmdisk1 20 2290810880 http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized SG1-ANS001-disk1.vmdk 896100352 -1

Virtual system 0:

0: Suggested OS type: "RedHat_64"

(change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all possible values)

1: VM name specified with --vmname: "SG1-ANS001"

2: Number of CPUs: 1

(change with "--vsys 0 --cpus <n>")

3: Guest memory: 2048 MB

(change with "--vsys 0 --memory <MB>")

4: USB controller

(disable with "--vsys 0 --unit 4 --ignore")

5: Network adapter: orig custom, config 5, extra type=Bridged

6: CD-ROM

(disable with "--vsys 0 --unit 6 --ignore")

7: SCSI controller, type LsiLogic

(change with "--vsys 0 --unit 7 --scsitype {BusLogic|LsiLogic}";

disable with "--vsys 0 --unit 7 --ignore")

8: IDE controller, type PIIX4

(disable with "--vsys 0 --unit 8 --ignore")

9: Hard disk image: source image=SG1-ANS001-disk1.vmdk, target path=/mnt/vm2/vbox/vm/vm/SG1-ANS001-disk1.vdi, controller=7;channel=0

(change target path with "--vsys 0 --unit 9 --disk path";

disable with "--vsys 0 --unit 9 --ignore")

We can now re-issue the command with the –dry-run omitted to perform the import of this virtual machine into VirtualBox. The progress will be displayed and a message if the import was successful:

Post-Import Configuration

Let’s check that we can see the VM in the VirtualBox inventory:

# VBoxManage list vms

"SG1-ANS001" {bb8bf5ab-d33b-4e3d-a3c6-19cd620d4a80}

# VBoxManage list vms

"SG1-ANS001" {bb8bf5ab-d33b-4e3d-a3c6-19cd620d4a80}

Configure Networking

If you recall from the previous section, we were not able to change the network card binding during the import. We can do this now that the VM has been imported using the VBoxManage modifyvm command. I need to bind to a host-only interface called vboxnet0.

# VBoxManage modifyvm SG1-ANS001 --nic1 hostonly --hostonlyadapter1 vboxnet0

1	# VBoxManage modifyvm SG1-ANS001 --nic1 hostonly --hostonlyadapter1 vboxnet0

I also want to use the paravirtualized Network Adaptor using the virtio driver for better performance.

# VBoxManage modifyvm SG1-ANS001 --nictype1 virtio

1	# VBoxManage modifyvm SG1-ANS001 --nictype1 virtio

The VBoxManage showvminfo command can be used to view the VMs configuration, which can be used to confirm any changes that have been made.

# VBoxManage showvminfo SG1-ANS001
...
NIC 1:           MAC: 0800279E9F01, Attachment: Host-only Interface 'vboxnet0', Cable connected: on, Trace: off (file: none), Type: 82545EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2:           disabled
NIC 3:           disabled
NIC 4:           disabled
...

# VBoxManage showvminfo SG1-ANS001

...

NIC 1: MAC: 0800279E9F01, Attachment: Host-only Interface 'vboxnet0', Cable connected: on, Trace: off (file: none), Type: 82545EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none

NIC 2: disabled

NIC 3: disabled

NIC 4: disabled

...

Disable Audio

I noticed from my VBoxManage showvminfo output that an Audio card was enabled.

Audio: enabled (Driver: ALSA, Controller: AC97, Codec: STAC9700)

I do not require this so the card can be disabled:

# VBoxManage modifyvm SG1-ANS001 --audio none

1	# VBoxManage modifyvm SG1-ANS001 --audio none

Set VM Description

While we’re at it, it would probably be a good idea to give this VM a small description.

# VBoxManage modifyvm SG1-ANS001 --description "Ansible Server"

1	# VBoxManage modifyvm SG1-ANS001 --description "Ansible Server"

Virtual Machine Power Operations

Start VM

Since we’re going to be running this VM in headless mode, the alternative binary VBoxHeadless will be used instead of VBoxManage. The VBoxHeadless interface accepts the same start parameters. If you see the copyright information after you have run the command then the VM will have been started successfully.

# VBoxHeadless --startvm SG1-ANS001

Oracle VM VirtualBox Headless Interface 5.2.0
(C) 2008-2017 Oracle Corporation
All rights reserved.

# VBoxHeadless --startvm SG1-ANS001

Oracle VM VirtualBox Headless Interface 5.2.0

Use the VBoxManage list runningvms command to verify that the VM process is actually running.

# VBoxManage list runningvms

"SG1-ANS001" {b4cf5620-f029-408f-af53-2eac520a9d55}

# VBoxManage list runningvms

"SG1-ANS001" {b4cf5620-f029-408f-af53-2eac520a9d55}

Stop VM

You can gracefully stop the running VM using the VBoxManage controlvm <vm> acpipowerbutton command.

# VBoxManage controlvm SG1-ANS001 acpipowerbutton

1	# VBoxManage controlvm SG1-ANS001 acpipowerbutton

Troubleshooting

If you aren’t able to connect to the VM after it has been started then it may have failed to boot or a network configuration issue. As the VMs are running in headless mode it can be difficult to diagnose. There are a couple of decent ways to help diagnose the issue.

Screenshot

This option is simple and takes a screenshot of the console. You can specify the filename to save (in PNG format) then download this via SCP from the VirtualBox host.

# VBoxManage controlvm "SG1-ANS001" screenshotpng screen.png

1	# VBoxManage controlvm "SG1-ANS001" screenshotpng screen.png

Serial Port (console redirect)

I will follow up with an additional post on how the display output can be redirected to the serial port and some cool ways that we can view and interact with this session.

If there is some other configuration that I could apply to my VMs or vbox installation, then please let me know.

CentOS running VirtualBox (headless mode)

November 19, 2017March 9, 2018 Gavin Stephens 2 Comments

Today I started work on something that has peeked my interest for a while, switching my server to CentOS running VirtualBox in headless mode.

I had long been a fan of VMware Workstation, back in the day, it was more feature rich than Vbox and provided better memory management features. Alas, that is not the case today and with VirtualBox’s powerful ‘VBoxManage‘ CLI, it really fits in well where I can write all my infrastructure in code (and yes, I’ll most likely layer Vagrant on top of this). VirtualBox also provides an alternative headless interface ‘VBoxHeadless‘, which means there is no requirement to run a GUI on my server.

As I am starting out on this new journey I felt that it would be great to blog about and hopefully help others that want to do this.

All I have from the start is a minimal installation of CentOS 7.4 (Core). I am using the following as a guide for the VirtualBox installation: https://wiki.centos.org/HowTos/Virtualization/VirtualBox.

VirtualBox Installation

Install Dependencies

Install Extra Packages for Enterprise Linux (EPEL)

# sudo yum install epel-release wget -y

1	# sudo yum install epel-release wget -y

Install Dynamic Kernel Module Support (DKMS)

# sudo yum --enablerepo=epel install dkms -y

1	# sudo yum --enablerepo=epel install dkms -y

This will install quite a few packages:

Install Development Tools

I want my server to have access to a basic development environment so we’ll install the group packages for this. This will install packages such as gcc, make, binutils, etc. Use ‘yum groupinfo “Development Tools“‘ to view the entire list of packages installed in this group.

# sudo yum groupinstall "Development Tools" -y

1	# sudo yum groupinstall "Development Tools" -y

Install Kernel Development

# sudo yum install kernel-devel -y

1	# sudo yum install kernel-devel -y

Install VirtualBox

Add the VirtualBox package repository

# cd /etc/yum.repos.d
# sudo wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

1 2	# cd /etc/yum.repos.d # sudo wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

Install VirtualBox

# sudo yum install VirtualBox-5.2 -y

1	# sudo yum install VirtualBox-5.2 -y

This will also install a number of dependencies.

Install VirtualBox Extension Pack

The VirtualBox Extension Pack will add support for the following:

USB 2.0 and USB 3.0 Host Controller
Host Webcam
VirtualBox RDP
PXE ROM
Disk Encryption
NVMe

Download the extension pack:

# sudo wget http://download.virtualbox.org/virtualbox/5.2.6/Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

1	# sudo wget http://download.virtualbox.org/virtualbox/5.2.6/Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

Once downloaded, install the extension pack:

# sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

1	# sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

OR, if you are upgrading from a previous version of the extension pack, then you will need to add the ‘–replace’ option to uninstall the old version first.

# sudo VBoxManage extpack install --replace Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

1	# sudo VBoxManage extpack install --replace Oracle_VM_VirtualBox_Extension_Pack-5.2.6-120293.vbox-extpack

Agree to the license terms and conditions.

Do you agree to these license terms and conditions (y/n)? y

1	Do you agree to these license terms and conditions (y/n)? y

The extension will be installed.

Verify that the extension pack has been installed successfully.

# sudo VBoxManage list extpacks

1	# sudo VBoxManage list extpacks

You should see output like the following:

Add Users to ‘vboxusers’ Group

When VirtualBox is installed a new group ‘vboxusers’ is created. Users that are a member of this group will be allowed to run VirtualBox. I will add my non-privileged user to this group.

# sudo usermod -a -G vboxusers stephensg

1	# sudo usermod -a -G vboxusers stephensg

Verify Installation

VirtualBox Linux kernel module (vboxdrv)

Check that the vboxdrv service has installed correctly and is running.

# sudo systemctl status vboxdrv

1	# sudo systemctl status vboxdrv

You should see output like the following:

The status should be ‘loaded‘ and ‘active‘. If you see a ‘Kernel driver not installed‘ message then try running the following command:

sudo /usr/lib/virtualbox/vboxdrv.sh setup

1	sudo /usr/lib/virtualbox/vboxdrv.sh setup

VirtualBox Web Service (vboxweb)

Check that the vboxweb service is running:

# sudo systemctl status vboxweb-service

1	# sudo systemctl status vboxweb-service

You should see output like the following:

Configure VirtualBox

Configure Networking

I have some basic network requirements for my lab to start out with. I will use a host-only interface, which will be the management network and a NAT interface, which can be useful for VMs that I want to access the Internet without going through the virtual firewall. I will also need to bridge one of my virtual firewall’s network interfaces to the servers physical interface (so that I can do some additional routing on my physical network).

I can see what network interfaces are currently available using nmcli.

Create the Host-Only Interface

# VBoxManage hostonlyif create

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Interface 'vboxnet0' was successfully created

# VBoxManage hostonlyif create

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Interface 'vboxnet0' was successfully created

We can confirm that the Host-Only interface was successfully created using nmcli.

Assign Network to Host-Only Interface

# VBoxManage hostonlyif ipconfig vboxnet0 --ip 10.1.10.1 --netmask 255.255.255.0

1	# VBoxManage hostonlyif ipconfig vboxnet0 --ip 10.1.10.1 --netmask 255.255.255.0

To confirm that the IP address has been assigned, use the ip command.

# ip address show dev vboxnet0

3: vboxnet0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 10.1.10.1/24 brd 10.1.10.255 scope global vboxnet0
       valid_lft forever preferred_lft forever

# ip address show dev vboxnet0

3: vboxnet0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff

inet 10.1.10.1/24 brd 10.1.10.255 scope global vboxnet0

valid_lft forever preferred_lft forever

Create NAT Interface

I want to create a NAT network on 192.168.15.0/24 and have IP addresses allocated to clients automatically using DHCP.

# VBoxManage natnetwork add --netname natnet0 --network "192.168.15.0/24" --enable --dhcp on

1	# VBoxManage natnetwork add --netname natnet0 --network "192.168.15.0/24" --enable --dhcp on

To confirm that the NAT network has been created use the following command.

# VBoxManage natnetwork list

NAT Networks:

Name:        natnet0
Network:     192.168.15.0/24
Gateway:     192.168.15.1
IPv6:        No
Enabled:     Yes

1 network found

# VBoxManage natnetwork list

NAT Networks:

Name: natnet0

Network: 192.168.15.0/24

Gateway: 192.168.15.1

IPv6: No

Enabled: Yes

1 network found

We can see that the network has been created and an IP address has been allocated automatically for the gateway (uses the first available address). This should be enough to provide outbound Internet access to any VM NICs attached to this interface.

Global Settings

I also like to configure some global settings so that I do not need to keep specifying these when creating new virtual machines.

Default Virtual Machine Folder

I actually have 2 large SSDs that I spread the VMs across for IO reasons. I will default to one of these and manually specificity my second disk when required.

# VBoxManage setproperty machinefolder /mnt/vm1/vbox/vm

1	# VBoxManage setproperty machinefolder /mnt/vm1/vbox/vm

Exclusive Hardware Virtualization

VirtualBox will be given exclusive use of the hardware virtualization extensions (Intel VT-x or AMD-V). I think this defaults to on but let’s set it anyway.

# VBoxManage setproperty hwvirtexclusive on

1	# VBoxManage setproperty hwvirtexclusive on

Default Front End

I am not running a GUI on this server so all virtual machines will be running in headless mode.

# VBoxManage setproperty defaultfrontend headless

1	# VBoxManage setproperty defaultfrontend headless

That concludes my initial setup and now I am ready to start deploying my virtual machines. I will provide posts on my new virtual machine deployments as I build out my new infrastructure using VirtualBox. I also have a number of OVF’s that I exported from my old environment that I’ll be importing and will document the steps along the way.

Top 5 vRealize Automation Resources to get you started

September 8, 2016September 8, 2016 Gavin Stephens Leave a comment

OK, so everyone loves a top 5 so here is a list of my top 5 resources for learning and deploying vRealize Automation.

1. VMware Hands on Labs.

Take ‘HOL-SDC-1633 vRealize Automation 7: What’s New‘. – Despite the name this is a really in depth tutorial and you will want to complete the entire lab. This will give you a good feel about what vRA is capable of and how you can extend the platform. There are some really good examples of how the event broker is used to integrate with ITSM CMDB software for change control (iTop is used). The lab also dives into vRO and gives you a taste of just how powerful this product really is.

Next, take ‘HOL-SDC-1632 vRealize Automation Advanced: Integration and Extensibility‘. – Yes, this lab is based on vRA 6.2 so is a little older but most of the fundamentals are there and again provides some good examples of how the platform can be extended with vRO. Examples of extensibility with Infoblox IPAM, Puppet Enterprise and NSX (although slightly depreciated) are used.

2. vRealize Automation Reference Architecture

Once you have had some experience and insight from doing the hands on Labs you will be eager to begin planning and designing your new vRA platform. This document will provide you with a lot of details such as all of the components that are involved and how best to deploy and scale these. Also included are firewall and load balancing requirements. I cannot emphasis enough the importance of planning your vRA deployment properly from the get go as this will ultimately determine the success of the project.

3. Open902.com

I am really happy that I discovered this site before starting my vRA 7 implementation. Michael Rudloff has done a fantastic job of documenting the enterprise installation and configuring the IaaS platform so that you get some decent functionality out of it. These guides really took away a lot of the pain during the installation and covers topics such as replacing certificates, configuring an endpoint, approval policies, business groups, fabric groups, etc and has an awesome guide on Custom Property Relationships. I also like how has turned his private archive public and reminds me a lot of my private Confluence site.

A Virtualization Engineer’s Journey into the World of DevOps with vRealize Automation

September 5, 2016September 6, 2016 Gavin Stephens Leave a comment

Before I start this post I want to put it into perspective. Up until now I have been working in infrastructure roles for a number of years, specialising in virtualization (mostly VMware), servers, storage and networking. A lot has changed recently and we can’t go a day without hearing or reading about “DevOps”. I don’t want to get into what DevOps is and isn’t as there is plenty on Google for that but what is clear is that the role of the system admin / virtual engineer / [insert infrastructure role here] is changing and fast.

I had actually planned for this to be just two paragraphs long and the post was meant to have a slightly different focus. However, that didn’t quite go as planned, so happy reading!

We are now at the age of ‘Cloud Computing’ and the need for applications that are cloud native and can be moved around cloud providers with ease. As we’re in a state of transition and it may take some time to get there but until then everything is moving towards a ‘hybrid’ cloud model. As part of this, as infrastructure engineers, we need to be able to deliver infrastructure and services quickly and efficiently. Doing things manually, following a run book or similar is no longer desirable and we need to find a way to automate the end to end delivery of these services. As engineers we need to bridge the gap between operations and development. I’m not suggesting that we need to be developers but we need to be more closely aligned and have a much better understanding of the development life cycle and delivery model.

The Virtualization model allowed us to deliver Infrastructure as a Service (Iaas), Platform as a Service (PaaS), Software as a Service (SaaS) and so on. In the cloud model this has been extended to Everything as a Service (XaaS) and even serverless architectures! Now, the possibilities are endless and we need to start delivering hybrid IT services under this new model. Here are some examples (and no where near limited to):

Database as a Service;
Email as a Service;
Security as a Service;
Docker as a Service;
Operation services (user creation, mailbox creation, 3rd party application authorisation);
Enhancing IaaS and PaaS delivery with tighter integration into IPAM software (i.e. SolarWinds IPAM), ITSM CMDB (i.e. ServiceNow) and monitoring systems;

There are also a lot of tools out there today, typically referred to as ‘Continuous Delivery’ applications that can help us on our journey, such as (again not limited to):

Puppet
Chef
Ansible
Salt

These applications allow us to treat our infrastructure as code and automate the delivery of IT infrastructure with a touch of a button. Whilst these applications are extremely powerful and useful they do not by themselves solve all the problems of delivering hybrid IT services.