Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Full support for vmware_esxi provider #210

Open
wants to merge 15 commits into
base: main
Choose a base branch
from

Conversation

viris
Copy link

@viris viris commented Apr 2, 2024

Here our team created the necessary files to make the GOAD labs fully compatible with vmware_esxi for easy deployment on VMWare ESXi servers, this includes docs and the goad.sh script changes.

@viris
Copy link
Author

viris commented Apr 5, 2024

this supersedes #203

Mayfly277
Mayfly277 previously approved these changes Apr 9, 2024
@Mayfly277 Mayfly277 dismissed their stale review April 9, 2024 20:01

need test

;;
"proxmox")
if ! which qm >/dev/null; then
(echo >&2 "${ERROR} qm not found in your PATH")
exit 1
else
if [ -d "ad/$LAB/providers/$PROVIDER/terraform" ]; then
vms=$(cat ad/$LAB/providers/$PROVIDER/terraform/*.tf| grep -E 'name = ".*"'|cut -d '"' -f 2)
vms=$(cat ad/"$LAB"/providers/"$PROVIDER"/terraform/*.tf| grep -E 'name = ".*"'|cut -d '"' -f 2)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure on this one

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The quoting was done based on the shellcheck suggestions, It's meant to not allow spaces inside variable, meaning you could not inject commands that way, try running https://www.shellcheck.net/ on the original script.

It refers to https://www.shellcheck.net/wiki/SC2086 issue specifically, maybe could do canonical quoting instead. I think here it improves a bit on error handling and making sure nothing unexpected happens.

;;
"proxmox")
if ! which qm >/dev/null; then
(echo >&2 "${ERROR} qm not found in your PATH")
exit 1
else
if [ -d "ad/$LAB/providers/$PROVIDER/terraform" ]; then
vms=$(cat ad/$LAB/providers/$PROVIDER/terraform/*.tf| grep -E 'name = ".*"'|cut -d '"' -f 2)
vms=$(cat ad/"$LAB"/providers/"$PROVIDER"/terraform/*.tf| grep -E 'name = ".*"'|cut -d '"' -f 2)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same those quote seems weird

echo "${OK} restart start vms"
vagrant reload
cd -
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why removing the comeback to previous location ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was done referring to the https://www.shellcheck.net/wiki/SC2103 suggestion, using subshell scope to not have to cd back.

@Mayfly277
Copy link
Collaborator

really great work ! i have some remarks on the goad.sh scripts modification but no big deal.
Also i need to do tests, but i have no esxi to do it :(
I have to try to find one x)

@rebelinux
Copy link

I can test this!

What's the provider name? vmware_esxi?

@@ -421,6 +453,22 @@ main() {
;;
esac
;;
"vmware_esxi")
(echo >&2 "[+] Enumerating vmware_esxi")
check_vagrant_path

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing check_vagrant_env_plugin?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good eye, was thinking whether or not this would be required, I made env files the way they could be sourced via bash as well.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although vagrant-env is in the documentation defined as a requirement users usually use the ./goad.sh -t check to validate that they meet all the requirements.

Considering that users often don't read the documentation, it would be good to add the check for vagrant-env because otherwise the following error occurs:

PS /home/rebelinux/Projects/Development Projects/GOAD/GOAD> ./goad.sh -t install -l GOAD -p vmware_esxi -m local
[✓] Task: install
[✓] Lab: GOAD
[✓] Provider: vmware_esxi
[✓] Method: local
[✓] folder ad/GOAD/providers/vmware_esxi found
[✓] Launch installation for: GOAD / vmware_esxi / local
[✓] launch vagrant

/home/rebelinux/.vagrant.d/gems/3.0.6/gems/vagrant-vmware-esxi-2.5.5/lib/vagrant-vmware-esxi/action/esxi_password.rb:115:in `set_esxi_password': undefined method `gsub' for nil:NilClass (NoMethodError)
        from /home/rebelinux/.vagrant.d/gems/3.0.6/gems/vagrant-vmware-esxi-2.5.5/lib/vagrant-vmware-esxi/action/esxi_password.rb:17:in `call'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/action/warden.rb:38:in `call'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/action/builder.rb:183:in `call'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/action/runner.rb:104:in `block in run'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/util/busy.rb:22:in `busy'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/action/runner.rb:104:in `run'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:247:in `action_raw'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:216:in `block in action'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/environment.rb:649:in `lock'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:202:in `call'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:202:in `action'
        from /home/rebelinux/.vagrant.d/gems/3.0.6/gems/vagrant-vmware-esxi-2.5.5/lib/vagrant-vmware-esxi/provider.rb:24:in `state'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:544:in `state'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/machine.rb:159:in `initialize'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/vagrantfile.rb:86:in `new'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/vagrantfile.rb:86:in `machine'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/environment.rb:758:in `machine'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:184:in `block in with_target_vms'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:208:in `block in with_target_vms'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:190:in `each'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:190:in `with_target_vms'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/plugins/commands/up/command.rb:90:in `execute'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/cli.rb:67:in `execute'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/environment.rb:319:in `cli'
        from /opt/vagrant/embedded/gems/gems/vagrant-2.4.1/bin/vagrant:248:in `<main>'
[!] vagrant finish with error abort

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah makes sense, enabled the check now

@viris
Copy link
Author

viris commented Apr 10, 2024

I can test this!

What's the provider name? vmware_esxi?

Correct

@rebelinux
Copy link

rebelinux commented Apr 12, 2024

I performed tests and everything works fine. The problems that I have experienced are related to the windows image that I had to disable the firewall so that the provisioning with winrm continues but other than that everything seems to run fine. The creation of the VMs on the ESXi server runs smoothly.

Microsoft Active Directory As Built Report.pdf

@viris
Copy link
Author

viris commented Apr 16, 2024

I performed tests and everything works fine. The problems that I have experienced are related to the windows image that I had to disable the firewall so that the provisioning with winrm continues but other than that everything seems to run fine. The creation of the VMs on the ESXi server runs smoothly.

Microsoft Active Directory As Built Report.pdf

Hmm was this related to other image you used or these ones, I didn't have issues. Do you know where the issue lies? in Vagrant or Ansible? also does it affect all labs or specific ones?

@rebelinux
Copy link

I performed tests and everything works fine. The problems that I have experienced are related to the windows image that I had to disable the firewall so that the provisioning with winrm continues but other than that everything seems to run fine. The creation of the VMs on the ESXi server runs smoothly.
Microsoft Active Directory As Built Report.pdf

Hmm was this related to other image you used or these ones, I didn't have issues. Do you know where the issue lies? in Vagrant or Ansible? also does it affect all labs or specific ones?

I believe is a vagrant issue not related with your code!

#202

@viris
Copy link
Author

viris commented Apr 19, 2024

@Mayfly277 what else is needed here? should I make the quoting canonical in those cases?

- If you run ansible on docker
```bash
./goad.sh -t check -l GOAD -p vmware_esxi -m docker
```

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small correction, for the installation it will be :
./goad.sh -t install -l GOAD -p vmware_esxi -m local
./goad.sh -t install -l GOAD -p vmware_esxi -m docker

if Vagrant.has_plugin?("vagrant-env") then
config.env.enable # Enable vagrant-env(.env)
end

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given that the vagrant-env plugin is necessarily installed if you go through goad.sh and that the configuration will be missing if you go through vagrant up without the vagrant-env plugin, wouldn't it be better to replace this condition with an error directly if the plugin isn't present? (if this is the case, you'd have to make the change to the other files too)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could be, though it's not strictly necessary, I usually sourced the env file manually during testing, but made them compatible with the vagrant-env plugin, if env file is not modified and present in environment provisioning will fail anyhow. Maybe this needs to be documented more thoroughly?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

Thinking clearer error handling will suffice. Also will add this to docs.

@HermessNRJ
Copy link

Hello,
Thank you for the work @Mayfly277 @kripskroll (#203) @viris

On my side I made a test from an ubuntu 22.04 to an ESXI 8.0 and I have these errors:
image

I solved it by installing the ovf tool with this tuto
https://docs.vmware.com/en/VMware-Telco-Cloud-Operations/1.4.0/deployment-guide-140/GUID-95301A42-F6F6-4BA9-B3A0-A86A268754B6.html
the download page (pay attention to the vmtool version compared to the esxi version):
https://developer.vmware.com/web/tool/4.6.2/ovf-tool/

I think it might be interesting to add it to the documentation.

and speaking of documentation, there's no mention of these parameters in the documentation, wouldn't it be interesting to document them?

  • snapshot
  • reset
  • disablevagrant
  • enablevagrant

@viris
Copy link
Author

viris commented May 7, 2024

I guess we need to add a check for ovftool tool as well as it's a requirement for vagrant-vmware-esxi to work, as far as those handy params go will document them.

@viris
Copy link
Author

viris commented May 22, 2024

@Mayfly277 I have implemented the changes @HermessNRJ and @rebelinux mentioned, what else is required here? Maybe MINILAB support?

@zer0pwned
Copy link

zer0pwned commented Jul 1, 2024

@viris Hi, thanks for your hard work! I just tried your branch over my ESXI instance. I noticed that the ESXI password environment variable seems to be wrong in the Vagrant file. So does Vagrant file in other labs. Maybe you can take another look just in case I missed something?

https://github.com/viris/GOAD/blob/20f13567ebb5e8a14e62c8642a3ae77d101167b5/ad/GOAD/providers/vmware_esxi/Vagrantfile#L50C36-L50C65

@viris
Copy link
Author

viris commented Jul 15, 2024

@zer0pwned the variable name can be arbitrary, in this case I specifically changed the behavior for password variable to get proper error messaging in commit 50a9be1

@acanthusian
Copy link

Just deployed GOAD-Light on ESXi 6.7. Works great. Thank you for adding ESXi support!!

@fatmeat
Copy link

fatmeat commented Sep 26, 2024

@viris Hello, thank you for the ESXi support, I was using your fork to deploy GOAD however every time it will stuck at task "add srv02 as member server", I logon to DC02 as vagrant and check DC02 is not promo as DC yet. I try to remove all VM and do it again for three times, stuck at same task.

image
image

@viris
Copy link
Author

viris commented Oct 24, 2024

@fatmeat will try to retest it soon, but before didn't have those issues, there is a lot variables here, might be due to your hardware and timeouts

@Mayfly277 how is it looking with merging this stuff, should I try to reintegrate for v3, I saw some changes regarding bash script

@viris
Copy link
Author

viris commented Oct 29, 2024

@fatmeat was able to re-run the GOAD from this pull request today, but was unable to reproduce issue with domain join. Probably has to be issue with your ESXI setup.

Only issues I ran into today are Vagrant either not installing VMWare Tools properly, might be issue with used Windows 2019 boxes and Vagrant WinRM negotiation which I fixed by using hashicorp/vagrant#13242 (comment) basic, plaintext auth - for this might be useful to add option somewhere to the main script to turn this on if needed.

@Mayfly277
Copy link
Collaborator

if you can adapt it for v3 it will be super great ! (on a different pr please or it will be too painfull to merge)
ping me on discord if i can help you about v3 architecture, you will see it is easier to write providers ;)

@HayyanKhan98
Copy link

Hi @viris, thanks a bunch for the ESXi provider. I was deploying GOAD-Light on ESXi v6.7 but seem to be running into some undescribed error. Has anyone else faced this issue. I'm pretty sure that there's no issues with the versions. I also had to change the IP addresses since I could change the ESXi server's subnet.
image

@viris
Copy link
Author

viris commented Dec 2, 2024

Hi @HayyanKhan98,

I suggest upgrading to ESXi 7 if possible, since configuration was tested with ESXi-7.0U3q.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants