WillUsher
Contributor
Contributor

Using the vSphere 5 API's for guest control (VcGuestOperationsManager)

Hi all,

Because VMware integrated the functions of the VIX API's into v5 of the vSphere API, I was looking to use vCO with the vSphere API's to interact with the guest OS.

However, I'm new to Orchestrator, and so far as I can tell, none of the prebuilt workflows leverage these new function (I have the VC 5.0 plugin installed).

I was wondering if anyone has used this before, and if you have any example workflows that I can reference. I'm looking to execute scripts within the guest OS, but any workflow that uses the VcGuestOperationsManager object attributes should give me everything I need.

http://www.vmware.com/support/orchestrator/doc/vco_vsphere50_api/html/VcGuestOperationsManager.html#...

Any help would be greatly appreciated. Thanks!

0 Kudos
13 Replies
tschoergez
Leadership
Leadership

Hi!

Unfortunately I don't have access to a 5er-environment right now. But THEORETICAL you could use the GuestOperationsManager in this way:

var sdkCon = vm.sdkConnection;
var gom = sdkCon.guestOperationsManager;
var procman = gom.processManager;

var programSpec = new VcGuestProgramSpec();
programSpec.programPath = "c:/myscripts/anyscript.bat";

//authentication stuff....
var vga = gom.authManager.acquireCredentialsInGuest(vm, ........);

var result = procman.startProgramInGuest(vm,vga,programSpec);

Disclaimer :smileysilly: : That's only a from-mind-script, I have not even executed once!

For further "investigation" you can try to "translate" William Lam's perl-stuff to vCO (good read anyway):

http://www.virtuallyghetto.com/2011/07/automating-new-integrated-vixguest.html

His script:

http://vghetto.svn.sourceforge.net/viewvc/vghetto/scripts/guestOpsManagement.pl?revision=159&view=ma...

Good luck :smileylaugh:!

Regards,

Joerg

WillUsher
Contributor
Contributor

Hi Joerg,

Thanks, that's helpful to get the idea of what I need to do.

Now my question is about how to do the authentication. The documentation for acquireCredentialsInGuest is confusing to me.

http://www.vmware.com/support/orchestrator/doc/vco_vsphere50_api/html/VcGuestAuthManager.html#acquir...

It states the requestAuth parameter should be of type VcSSPIAuthentication, but then in the table states it should be VcGuestAuthentication.

It seems like it should be VcSSPIAuthentication (just guessing), but as part of that I need to define an SSPI token (encoded base64) and I can't find any example code on how to do that.

Thanks 🙂

EDIT: Spelling

0 Kudos
lamw
Community Manager
Community Manager

I don't have any expereience with vCO, but it looks like as part of the vCO SDK to vSphere 5 API, NamePasswordAuthentication (using standard username/password) is not available or documentation is missing which extends GuestAuthentication just like SSPIAuthentication which looks like the only type of auth supported in vCO per the documentation.

You may want to see if someone from vCO team can comment on this

0 Kudos
tschoergez
Leadership
Leadership

I don't have any official information, but:

Just give it a try!

In the past there were some lacks in the documentation, so if you're lucky, in this case the objects and methods are implemented in vCO via the vCEnter5-plugin, but just not documented yet.

Regards,

Joerg

0 Kudos
admin
Immortal
Immortal

I work on the vSphere GuestOperationsManager APIs.

Let me try to explain the authentication APIs; the documentation doesn't do a great job of describing how they are used. I'm going to use the vSphere API terminology for data types since that's what I'm most familiar with; hopefully they map easily into vCO data types.

First of all, if you want to authenticate using a username and password for an account in the guest, then you do not need to use acquireCredentialsInGuest() at all. Just create a NamePasswordAuthentication data object, put the credentials into that, and then pass that as the GuestAuthentication parameter in the guest API call you wish to make.

Using username and password authentication is not great, since it often means putting a password into a script. However, it is simple.

For applications running on Windows, SSPI authentication can be more secure, since it uses the Windows credentials of the application that calls the API. To use SSPI, you would call acquireCredentialsInGuest() to perform a challenge and response authentication with the guest. It works very similarly to the vSphere API SessionManager.LoginBySSPI() to authenticate with vCenter Server.

The application that calls acquireCredentialsInGuest() will have to call Windows APIs to get the data to perform the challenge and response. Specifically you would have to use AcquireCredentialsHandle() and InitializeSecurityContext() to create the series of buffers used in the authentication.

MSDN has documentation and sample code for this. See:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380535%28v=vs.85%29.aspx

0 Kudos
Steve_Jin
Expert
Expert

0 Kudos
tschoergez
Leadership
Leadership

Hi Steve!

Thank you very much for your examples, GREAT WORK!

They should be transferable to vCO JavaScript as well...

(I'm working on some examples, stay tuned!)

Cheers,

Joerg

0 Kudos
Burke-
VMware Employee
VMware Employee

I had to read up on this and do a bit of testing, but have a simple script here that will allow you to list processes in the guest OS. This should be a good starting point to the other operations as it takes in all the other feedback in this thread and puts it into a working example - including the irritating authentication piece :smileysilly: The script below takes three inputs:
vm - VC:VirtualMachine

vmUsername - String

vmPassword - SecureString

var sdk = vm.sdkConnection;
var gom = sdk.guestOperationsManager;// return VcGuestOperationsManager
// Now get Guest Authentication:
var userCred = new VcNamePasswordAuthentication();
userCred.username = vmUsername;
userCred.password = vmPassword;
userCred.interactiveSession = false;
var gpm = gom.processManager; // return VcGuestProcessManager
var processes = gpm.listProcessesInGuest(vm , userCred);
System.log("Process count: "+processes.length);

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
remi_clouzeau
VMware Employee
VMware Employee

Hi Burke,

I've tried to create a workflow to test your vix script, but when I run it, it faills with the error :

[2012-05-18 21:28:32.411] [I] The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)

I'm using for VM a linux with the root account. Any idea how to troubleshoot this error.

here are the logs of the vco server

2012-05-18 21:28:31.787+0200 INFO  [Execution] Executing workflow 'test-vix'
2012-05-18 21:28:32.192+0200 INFO  [DatabaseManager] DatabaseManager created.
2012-05-18 21:28:32.411+0200 WARN  [VimSession] invokeWebServiceOperation() [root@https://rcu-esx1.psolab.local:443/sdk/Main#71abf2d1].listProcessesInGuest --> GuestPermissionDenied : The guest authentication being used does not have sufficient permissions to perform the operation.
2012-05-18 21:28:32.411+0200 INFO  [SCRIPTING_LOG] The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)
2012-05-18 21:28:32.411+0200 WARN  [WorkflowItemTaskRunner] Script execution error on workflow : test-vix / 'Scriptable task'(item0) : The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)

Regards

Rémi

0 Kudos
tschoergez
Leadership
Leadership

Hi!

Does the script you want to run have the proper permissions? (executable, for proper user...)

Which Linux Distri do you test?

(Maybe possible that root is not allowed to login, your rather forced to use a sudo environment)

For some further debugging see if you find something useful here:

http://communities.vmware.com/thread/331650?tstart=0

And for a workaround: Try the SSH plugin 🙂

Cheers,

Joerg

0 Kudos
remi_clouzeau
VMware Employee
VMware Employee

Hi Joerg,

I am using a Novell Suse Linux (v11, 32b) with the root account. I'm trying to list the linux process with the javascript given by Burke and run it in a vCO script task.

With the vix plugin for vco, i can execute successfully a script inside this VM, but now i'm trying to use the new : VcGuestOperationsManager API to remove the old vix plugin (no more supported).

Does someone know how to troubleshot the VIX call when we use the VcGuestOperationsManager calls ?

Regards

0 Kudos
tschoergez
Leadership
Leadership

You can try to find anything in the logs INSIDE the GuestOS, because vmware-tools are responsible for that.

As further research strategy try to figure out differences between how the old VIX API worked, and how the new GuestOperations work...

Cheers,

Joerg

0 Kudos
remi_clouzeau
VMware Employee
VMware Employee

I've just tried with a new CentOS 5 (64b), and it runs fine. So I will tried to reinstall my VMware tools inside the Suse11 (32b) VM, because I don't understant why the VIX plugin fo vco run well on it but not the direct VIX API?

Thanks for your help

Rémi

0 Kudos