Building libvirt with ESXi driver

Submitted by abb on Wed, 03/30/2011 - 18:08

Libvirt is a toolkit to manage virtual infrastructures. It is supposed to support VMWare ESXi hypervisor, but the package in Ubuntu 10 repository is compiled without necessary drivers (as of time of writing). One can find libvirt compilation instructions here, but they are not Ubuntu-specific nor mention ESXi.

Below are steps necessary to build libvirt with ESXi drivers. Tested on Turnkey LAMP appliance 11.1 which is based on Ubuntu 10.04.1 LTS. Similar steps should work for other Debian-based distributions.

1. Download the sources from libvirt website. I took 0.9.0 rc2.

2. Unpack it and 'cd' to the directory.

3. Install dependencies, build and install

sudo apt-get install gcc make libxml2-dev libgnutls-dev libdevmapper-dev libcurl4-gnutls-dev
./configure --prefix=/usr/local/libvirt-0.9.0 --with-esx
sudo make install

4. Run a test tool (from the source directory):

First we skip TLS certificate verification:

examples/hellolibvirt/hellolibvirt 'esx://192.168.X.X/?no_verify=1'
Attempting to connect to hypervisor
Enter username for 192.168.X.X [root]:
Enter root's password for 192.168.X.X:
Connected to hypervisor at "esx://192.168.X.X:443/?no_verify=1"
Hypervisor: "ESX" version: 4.1.0
There are 4 active and 1 inactive domains
Inactive domains:
Disconnected from hypervisor

I have not managed to configure libvirt to accept self-signed certificate generated by ESXi server during installation. Apparently self-signed certs are not good. The certificate of ESXi server has to be signed by a CA, even if it is your own private CA.

Just to make it working as fast as possible, I used libvirt's instruction from "Setting up CA" and "Issuing Server certs" chapters from this web page to produce cacert.pem, serverkey.pem, and servercert.pem files. Will redo it later with TinyCA". On Ubuntu you have to install gnutls-bin package to get certtool program).

When creating server certificate, make sure you specify correct hostname of your ESXi server in CN. You will have to use exactly the same name in URLs later on.

Add your CA certificate to the list of approved CAs:

cat cacert.pem >> /etc/ssl/certs/ca-certificates.crt

Copy the server cert and key files to ESXi and reboot ESXi to make it use them:

scp serverkey.pem root@192.168.X.X:/etc/vmware/ssl/rui.key
scp servercert.pem root@192.168.X.X:/etc/vmware/ssl/rui.crt

Now you can rerun hellolibvirt with proper TLS certificate checking (replace 'myesxi' with the hostname of your ESXi server, the same you have specified when creating server certificate).

examples/hellolibvirt/hellolibvirt 'esx://myesxi/'

That's all, your libvirt should be working. I hope libvirt's support of ESXi is decent, will find out soon.


+32 (0) 2 215 53 58

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
VAT: BE 0821.897.133.