https://www.gremwell.com/ en https://www.gremwell.com/node/155 <span>Building libvirt with ESXi driver</span> <div><p><a href="http://libvirt.org/">Libvirt</a> is a toolkit to manage virtual infrastructures. It is supposed to support <a href="http://www.vmware.com/products/vsphere-hypervisor/overview.html">VMWare ESXi</a> hypervisor, but the package in Ubuntu 10 repository is compiled without necessary drivers (as of time of writing). One can find libvirt compilation instructions <a href="http://wiki.libvirt.org/page/FAQ#Where_can_I_get_the_source_code.3F_How_do_I_compile_and_install.3F">here</a>, but they are not Ubuntu-specific nor mention ESXi.</p> <p>Below are steps necessary to build libvirt with ESXi drivers. Tested on <a href="http://www.turnkeylinux.org/lamp">Turnkey LAMP appliance</a> 11.1 which is based on Ubuntu 10.04.1 LTS. Similar steps should work for other Debian-based distributions.</p> <p>1. Download the sources from <a href="http://www.libvirt.org/downloads.html#releases">libvirt website</a>. I took 0.9.0 rc2.</p> <p>2. Unpack it and 'cd' to the directory.</p> <p>3. Install dependencies, build and install<br /><code><b><br /> sudo apt-get install gcc make libxml2-dev libgnutls-dev libdevmapper-dev libcurl4-gnutls-dev<br /> ./configure --prefix=/usr/local/libvirt-0.9.0 --with-esx<br /> make<br /> sudo make install<br /></b></code></p> <p>4. Run a test tool (from the source directory):</p> <p>First we skip TLS certificate verification:<br /><code><br /><b>examples/hellolibvirt/hellolibvirt 'esx://192.168.X.X/?no_verify=1'</b><br /> Attempting to connect to hypervisor<br /> Enter username for 192.168.X.X [root]:<br /> Enter root's password for 192.168.X.X:<br /> Connected to hypervisor at "esx://192.168.X.X:443/?no_verify=1"<br /> Hypervisor: "ESX" version: 4.1.0<br /> There are 4 active and 1 inactive domains<br /> Inactive domains:<br /> U10-NESSUS<br /> Disconnected from hypervisor<br /></code></p> <p>I have not managed to configure libvirt to accept self-signed certificate generated by ESXi server during installation. Apparently self-signed certs are not good. The certificate of ESXi server has to be signed by a CA, even if it is your own private CA.</p> <p>Just to make it working as fast as possible, I used libvirt's instruction from "Setting up CA" and "Issuing Server certs" chapters from <a href="http://libvirt.org/remote.html#Remote_TLS_CA">this</a> web page to produce cacert.pem, serverkey.pem, and servercert.pem files. Will redo it later with <a href="http://tinyca.sm-zone.net/">TinyCA"</a>. On Ubuntu you have to install gnutls-bin package to get certtool program).</p> <p>When creating server certificate, make sure you specify correct hostname of your ESXi server in CN. You will have to use exactly the same name in URLs later on.</p> <p>Add your CA certificate to the list of approved CAs:<br /><code><br /><b>cat cacert.pem &gt;&gt; /etc/ssl/certs/ca-certificates.crt</b><br /></code></p> <p>Copy the server cert and key files to ESXi and reboot ESXi to make it use them:</p> <p><code><b><br /> scp serverkey.pem root@192.168.X.X:/etc/vmware/ssl/rui.key<br /> scp servercert.pem root@192.168.X.X:/etc/vmware/ssl/rui.crt<br /></b></code></p> <p>Now you can rerun hellolibvirt with proper TLS certificate checking (replace 'myesxi' with the hostname of your ESXi server, the same you have specified when creating server certificate).<br /><code><br /><b>examples/hellolibvirt/hellolibvirt 'esx://myesxi/'</b><br /></code></p> <p>That's all, your libvirt should be working. I hope libvirt's support of ESXi is decent, will find out soon.</p> </div> <span><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">abb</span></span> <span>Wed, 03/30/2011 - 18:08</span> Wed, 30 Mar 2011 16:08:32 +0000 abb 155 at https://www.gremwell.com