For my VMworld 2016 breakout sessions this year, I wanted to demonstrate new functionality that was added to Auto Deploy.  After exploring a few ideas, I settled on leveraging the new Script Bundle feature to send a post-boot tweet directly from stateless ESXi hosts.  I figured sending a tweet would be an effective way to highlight the ability to integrate with arbitrary REST-based services. Interestingly, I ran into someone recently who was part of a DevOps team that used a private Twitter account for posting various alerts for the group to see – so it’s not as far-fetched as it seems!

I heard you like tweeting about vSphere.

Below is a Python script that can send a tweet directly from the console of a VMware ESXi 6.0 host.  vCenter Server 6.5 with Auto Deploy supports multiple versions of ESXi, and I chose to use 6.0 here.  Note that ESXi 6.5 includes Python 3, so this script would need some modification to work with that release.  I got a head start on the functionality by taking some ideas from Chris Wood.

In order to authenticate with Twitter, it is first necessary to visit the Twitter App Management portal to generate a consumer key and access token.  Plug them into the script accordingly.

The script accepts one argument: a string, wrapped in quotes, that will be posted to your Twitter timeline.

./ "Sent from an ESXi host"

The demo I ran at the INF8920 breakout session was slightly different because scripts cannot accept arguments in that case. Hopefully the recording will eventually be posted on the VMworld site, but the fate is unclear at the moment.

For more information on the Script Bundle feature, check out William Lam’s recent post on the topic.

Tags: ,

VMware just hit the next milestone of Project Photon: Photon OS Technology Preview 2 (TP2).  There are numerous enhancements, especially around deployment and management.  One welcome feature is support for guest OS customization in vSphere – now it is possible to deploy by cloning a VM template or from the new Content Library. DHCP as well as static IP addressing are supported, along with the expected guest naming capabilities.

In addition to that, Photon OS TP2 supports network booting via PXE, which can be scripted. Let’s take a look.

Network Installation

First, download the TP2 ISO from the link above and extract the contents in a convenient location.  Files will need to be copied to a few different destinations, depending on how you have your PXE boot server set up.

The boot files, as with other Linux distributions, are served up via tftp.  Place initrd.img and vmlinuz in a suitable subdirectory of tftpboot.

The RPM package repository (the “RPMS” directory on the ISO) must be served through HTTP, typically in a location resembling /var/www/html/photontp2-RPMS/.

After those files are in place, edit the PXE menu (e.g., pxelinux.cfg/default) to add an entry reflecting the locations in your environment:

From there you can install manually over the network after booting an empty VM.  The full installation should take less than a minute, it’s very small!

Scripted Installation

Once the manual PXE installation is working in your environment, it’s easy enough to automate the process.  Photon OS TP2 supports a simple scripted install, kind of like kickstart.  There are a few differences, though.  The most obvious is the format – instead of a plain text file, TP2 uses JSON.  This is easy enough to edit by hand, but would also facilitate automation in the future if necessary for your use case.

The scripted install file must also be served through HTTP, so place it on an accessible server in a location such as: /var/www/html/ks/photon_tp2_crypt.cfg.

There are sample configuration files included with the distribution and below you see the various elements that can be customized.

Photon OS TP2 scripted installation file

The file above should be fairly self-explanatory, but let’s walk through the highlights:

  • The root password can be specified in plain text or via encryption hash
  • Install type can be minimal (includes Docker) or full
  • Additional packages can be specified by adding elements to that JSON array
  • Post install allows running of a simple script at the conclusion – add a comma and more elements as needed
    • Note that in this sample I am using the systemctl command that enables the Docker service on boot
  • Public key is for SSH root login

Create another entry on your PXE menu that points to the installation script, like so:

Generating a Password Hash

There are several ways to generate a password hash and multiple algorithms are supported. In my environment, SHA-512 with a random salt worked great.  Either copy an existing hash from another system or generate a new one.  One easy way to do this is to use the mkpasswd command, found in the whois package on Ubuntu systems.  If you want an easy way to try it, this Docker container should do the trick:


Photon OS is a small, fast, container runtime that is optimized for VMware vSphere infrastructure.  Paravirtualized drivers and VMware Tools are included and make setup a snap.  Enhancements in TP2, such as guest OS customization, make Photon OS even more attractive for your container needs.  Network installation and automation are other great additions for operationalizing this open source element of your cloud-native infrastructure.


Tags: , , ,

Project Photon from VMware is a small-footprint Linux container runtime.  Technology Preview 1, released on April 20, shipped with Docker 1.5 – but with a few simple commands it is easy to update to Docker 1.6.  This is done with the Photon package manager, TDNF.  For those that were not aware, Yum is Dead and being replaced by DNF.  TDNF is a VMware innovation that offers DNF-compatible package management without a massive Python footprint.

All that is needed to move up to the latest Docker is to verify that the Photon repository is accessible, update the docker package, and restart appropriate components.

Prepare the Repository

Photon comes configured with several RPM repositories, one of which is the ISO image that can be handy when Internet connectivity is not available.  However, if your Photon instance does have access to the net, it is more convenient to use the online repositories than to mount an ISO.  Regardless, since the goal here is to get a package that has been updated since the ISO was created, Internet access is required.

Disable the ISO repository with the following command:

After that, update the metadata cache:

Update Docker with TDNF

First, verify that an updated version of Docker is available:

Then, run the update command:

If everything goes according to plan, this should be the experience:

Update Docker with TDNF

Restart the Docker Daemon

Photon uses systemd, so use the following commands to restart the docker daemon and complete the update:

Now your Photon instance is on the current Docker release.  Use the hello-world container to verify:


Docker 1.6 Hello World

Easy as that. The procedure described above should work for future releases, too.


Tags: , ,

Project Lightwave is an open source identity and access management platform from VMware. One of the many capabilities offered is authentication of SSH logins, eliminating the need to manage local user accounts on Photon container runtime instances.  This article walks through the basic steps required to enable this feature — please see the quick start guide for instructions on how to set up a Lightwave server and join a client to the domain.

Once configured, it is possible to ssh into Photon using Lightwave directory credentials and even use sudo to run privileged commands:

SSH into Photon with your Lightwave directory credentials

Photon Configuration

After the Lightwave components and dependencies are installed, run these commands:

Enable SUDO for the Lightwave Account

This is an optional step.  If you would like the user logging in via Lightwave credentials to be able to run privileged commands, add the account to sudoers by doing the following:

Use SSH to log in from another system

In order to log into the Photon instance, the the Lightwave account must be specified by using one of the following variations:

Run your containers

After logging in, docker containers can be executed as needed:


Project Lightwave has much more to offer, so please stay tuned for more information on technical capabilities and feature demos.  Also be sure to check out the vSphere blog for an overview of Photon and Lightwave.


Tags: , ,

Last month, VMware held a launch event for Cloud-Native Applications and announced two open source projects in support of this initiative.  Project Photon and Project Lightwave are infrastructure components focused on running and securing apps that leverage Linux containers.

Project Lightwave source code was just released on GitHub, but binary RPMs are also available and quite easy to install on a Photon instance if you would like to take it for a spin.  In this post you will see how to add the Lightwave repositories to Photon and perform the initial configuration for a server and client.

Environment Preparation

You will need to create two Photon VMs.  There are several options, ranging from VMware Fusion with Vagrant to vSphere to public clouds.  Ensure that each VM has a unique name.  If necessary, the hostname of a Photon instance can be changed by editing these files:

Update the hostname value stored in /etc/hostname by running:

Verify by using the ‘hostnamectl’ command after rebooting.

Configure RPM Repositories

Lightwave binary RPMs are available for download, use the following procedure to enable the repositories on both the server and client Photon instances.  Log in as root or use sudo -i before executing the commands below.

First disable the Photon ISO repo if it is not connected to prevent errors during subsequent procedures:

Note that you will need to edit some files.  This can be done using the installed ‘nano’ text editor, which is installed by default, or by adding the ‘vim’ package with the following command:

Paste the following script into the terminal window to create two new RPM repositories on Photon:

Run the following command to verify four repositories are enabled:


Install Lightwave Server Components

There are several dependencies needed for Lightwave but the tdnf package manager will take care of installation. The vmware-lightwave-server package is actually a meta-RPM that pulls everything down with a single command.  Packages can also be installed individually if something interferes with the simplified process.


The next step is to promote this first server to become a domain controller:

Ensure the process is successful as shown above.


Install Lightwave Client Components and Join Domain

The client components are also covered by a single meta-RPM called vmware-lightwave-clients.  Jump over to the client Photon instance and execute the following command:

After installing the packages, one last step is needed to join the domain created in the previous step:



Next Steps

It’s easy enough to stand up a prototype Lightwave domain, but there are many more capabilities beyond this simple deployment, such as adding additional servers to the domain in order to enable multi-master replication.

Up next we will walk through enabling SSH authentication to log into the client using domain credentials.  Stay tuned.

Tags: , ,

« Older entries