Hi all,
Because VMware integrated the functions of the VIX API's into v5 of the vSphere API, I was looking to use vCO with the vSphere API's to interact with the guest OS.
However, I'm new to Orchestrator, and so far as I can tell, none of the prebuilt workflows leverage these new function (I have the VC 5.0 plugin installed).
I was wondering if anyone has used this before, and if you have any example workflows that I can reference. I'm looking to execute scripts within the guest OS, but any workflow that uses the VcGuestOperationsManager object attributes should give me everything I need.
Any help would be greatly appreciated. Thanks!
Hi!
Unfortunately I don't have access to a 5er-environment right now. But THEORETICAL you could use the GuestOperationsManager in this way:
var sdkCon = vm.sdkConnection;
var gom = sdkCon.guestOperationsManager;
var procman = gom.processManager;var programSpec = new VcGuestProgramSpec();
programSpec.programPath = "c:/myscripts/anyscript.bat";//authentication stuff....
var vga = gom.authManager.acquireCredentialsInGuest(vm, ........);var result = procman.startProgramInGuest(vm,vga,programSpec);
Disclaimer :smileysilly: : That's only a from-mind-script, I have not even executed once!
For further "investigation" you can try to "translate" William Lam's perl-stuff to vCO (good read anyway):
http://www.virtuallyghetto.com/2011/07/automating-new-integrated-vixguest.html
His script:
Good luck :smileylaugh:!
Regards,
Joerg
Hi Joerg,
Thanks, that's helpful to get the idea of what I need to do.
Now my question is about how to do the authentication. The documentation for acquireCredentialsInGuest is confusing to me.
It states the requestAuth parameter should be of type VcSSPIAuthentication, but then in the table states it should be VcGuestAuthentication.
It seems like it should be VcSSPIAuthentication (just guessing), but as part of that I need to define an SSPI token (encoded base64) and I can't find any example code on how to do that.
Thanks 🙂
EDIT: Spelling
I don't have any expereience with vCO, but it looks like as part of the vCO SDK to vSphere 5 API, NamePasswordAuthentication (using standard username/password) is not available or documentation is missing which extends GuestAuthentication just like SSPIAuthentication which looks like the only type of auth supported in vCO per the documentation.
You may want to see if someone from vCO team can comment on this
I don't have any official information, but:
Just give it a try!
In the past there were some lacks in the documentation, so if you're lucky, in this case the objects and methods are implemented in vCO via the vCEnter5-plugin, but just not documented yet.
Regards,
Joerg
I work on the vSphere GuestOperationsManager APIs.
Let me try to explain the authentication APIs; the documentation doesn't do a great job of describing how they are used. I'm going to use the vSphere API terminology for data types since that's what I'm most familiar with; hopefully they map easily into vCO data types.
First of all, if you want to authenticate using a username and password for an account in the guest, then you do not need to use acquireCredentialsInGuest() at all. Just create a NamePasswordAuthentication data object, put the credentials into that, and then pass that as the GuestAuthentication parameter in the guest API call you wish to make.
Using username and password authentication is not great, since it often means putting a password into a script. However, it is simple.
For applications running on Windows, SSPI authentication can be more secure, since it uses the Windows credentials of the application that calls the API. To use SSPI, you would call acquireCredentialsInGuest() to perform a challenge and response authentication with the guest. It works very similarly to the vSphere API SessionManager.LoginBySSPI() to authenticate with vCenter Server.
The application that calls acquireCredentialsInGuest() will have to call Windows APIs to get the data to perform the challenge and response. Specifically you would have to use AcquireCredentialsHandle() and InitializeSecurityContext() to create the series of buffers used in the authentication.
MSDN has documentation and sample code for this. See:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380535%28v=vs.85%29.aspx
Please feel free to try the new guest os management APIs which provides higher level abstraction than vSphere APIs:
http://www.doublecloud.org/2012/03/announcing-guest-operating-system-management-api-for-vsphere/
Many samples are provided as well:
http://www.doublecloud.org/2012/03/run-kill-and-list-programs-in-guest-operating-system-on-vmware/
http://www.doublecloud.org/2012/03/set-environment-variables-in-guest-operating-system-on-vmware/
http://www.doublecloud.org/2012/03/how-to-download-file-from-guest-operating-system-on-vmware/
http://www.doublecloud.org/2012/03/how-to-upload-file-to-guest-operating-system-on-vmware/
Hi Steve!
Thank you very much for your examples, GREAT WORK!
They should be transferable to vCO JavaScript as well...
(I'm working on some examples, stay tuned!)
Cheers,
Joerg
I had to read up on this and do a bit of testing, but have a simple script here that will allow you to list processes in the guest OS. This should be a good starting point to the other operations as it takes in all the other feedback in this thread and puts it into a working example - including the irritating authentication piece :smileysilly: The script below takes three inputs:
vm - VC:VirtualMachine
vmUsername - String
vmPassword - SecureString
var sdk = vm.sdkConnection;var gom = sdk.guestOperationsManager;// return VcGuestOperationsManager// Now get Guest Authentication:var userCred = new VcNamePasswordAuthentication();userCred.username = vmUsername;userCred.password = vmPassword;userCred.interactiveSession = false;var gpm = gom.processManager; // return VcGuestProcessManagervar processes = gpm.listProcessesInGuest(vm , userCred);System.log("Process count: "+processes.length);
Hi Burke,
I've tried to create a workflow to test your vix script, but when I run it, it faills with the error :
[2012-05-18 21:28:32.411] [I] The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)
I'm using for VM a linux with the root account. Any idea how to troubleshoot this error.
here are the logs of the vco server
2012-05-18 21:28:31.787+0200 INFO [Execution] Executing workflow 'test-vix'
2012-05-18 21:28:32.192+0200 INFO [DatabaseManager] DatabaseManager created.
2012-05-18 21:28:32.411+0200 WARN [VimSession] invokeWebServiceOperation() [root@https://rcu-esx1.psolab.local:443/sdk/Main#71abf2d1].listProcessesInGuest --> GuestPermissionDenied : The guest authentication being used does not have sufficient permissions to perform the operation.
2012-05-18 21:28:32.411+0200 INFO [SCRIPTING_LOG] The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)
2012-05-18 21:28:32.411+0200 WARN [WorkflowItemTaskRunner] Script execution error on workflow : test-vix / 'Scriptable task'(item0) : The guest authentication being used does not have sufficient permissions to perform the operation. (Workflow:test-vix / Scriptable task (item0)#10)
Regards
Rémi
Hi!
Does the script you want to run have the proper permissions? (executable, for proper user...)
Which Linux Distri do you test?
(Maybe possible that root is not allowed to login, your rather forced to use a sudo environment)
For some further debugging see if you find something useful here:
http://communities.vmware.com/thread/331650?tstart=0
And for a workaround: Try the SSH plugin 🙂
Cheers,
Joerg
Hi Joerg,
I am using a Novell Suse Linux (v11, 32b) with the root account. I'm trying to list the linux process with the javascript given by Burke and run it in a vCO script task.
With the vix plugin for vco, i can execute successfully a script inside this VM, but now i'm trying to use the new : VcGuestOperationsManager API to remove the old vix plugin (no more supported).
Does someone know how to troubleshot the VIX call when we use the VcGuestOperationsManager calls ?
Regards
You can try to find anything in the logs INSIDE the GuestOS, because vmware-tools are responsible for that.
As further research strategy try to figure out differences between how the old VIX API worked, and how the new GuestOperations work...
Cheers,
Joerg
I've just tried with a new CentOS 5 (64b), and it runs fine. So I will tried to reinstall my VMware tools inside the Suse11 (32b) VM, because I don't understant why the VIX plugin fo vco run well on it but not the direct VIX API?
Thanks for your help
Rémi