27. 03. 2020 Andrea Avancini Business Service Monitoring, NetEye

NetEye Automatic Provisioning in vSphere — Part 3

In the previous blog post in our #devops series, we discussed how to automatically provision a NetEye cluster with virtually zero hassle. Thanks to Ansible, in fact, we dramatically reduced the amount of manual effort needed to generate a fully working cluster. This, in turn, opened up an opportunity to boost our cluster testing infrastructure and to quickly spot cluster-related issues.

One might ask: “Okay, it works well enough to automatically create a new cluster. But what about the time required to provision and test everything from scratch?”

The problem here is that bootstrapping and configuring a NetEye ISO from scratch in our vSphere environment can require more than 10 minutes when starting from the latest clean NetEye ISO. Depending on the packages to install and test, this time can increase even more. So how might we shorten all those collateral phases like provisioning and configuring the cluster in order to increase our ability to run tests?

The answer is: automate as much as you can!

Specifically, we identified two weak spots in our cluster testing pipeline that could be improved by automating certain manual tasks that we had in place:

  • Uploading the NetEye ISO to our vSphere
  • Bootstrapping a new VM from scratch

Uploading the ISO was mostly done manually, with the side effect of introducing a consistent slowdown in the whole process. Ansible, however, is great when interacting with vSphere, with a large number of VMWare modules available, giving us the possibility to fully automate this task as shown below:

# uploads the ISO to a datastore
 name: uploader | upload new ISO to datastore
  vsphere_copy:
    host: "{{ vsphere_host }}"
    login: "{{ vsphere_username }}"
    password: "{{ vsphere_password }}"
    datacenter: "{{ vsphere_datacenter }}"
    datastore: "{{ vsphere_datastore }}"
    src: "{{ neteye_iso }}"         
    dest: "[{{ vsphere_datastore }}] ISOS/{{ neteye_iso }}" 

We used the module vsphere_copy to upload our ISO to one of our datastores, making it available for the regular daily usage and completely removing the need for any manual intervention.

On the other hand, the bootstrap of a new VM in vSphere may take longer than 10 minutes. We thus decided to create a new VM template whenever a new NetEye ISO is uploaded to vSphere. Starting from a template instead of an ISO, the time needed to bootstrap a VM is dramatically reduced to 2.5 minutes, giving us the ability to test our NetEye cluster 4x faster than before.

We used Ansible to create a new NetEye VM, and then Python for converting it into a template. In Python, the interaction with vSphere can be done via pyVmomi, the Python SDK for the VMware vSphere API that allows interaction with vCenter.

Our Python script first deletes any existing template with a given name:

def delete_template(si, content, template_name):
    template = None
    template = get_obj(content, [vim.VirtualMachine], template_name)
    if template:
        task_template = template.Destroy_Task()
        while task_template.info.state not in [vim.TaskInfo.State.success, vim.TaskInfo.State.error]:
            time.sleep(1)
    else:
        print("Unable to locate template.")

Then, it creates a new template by converting an existing VM, found by UUID or by name:

def create_template_from_vm(si, content, vm_uuid, vm_name, new_name):
    vm = None
    if vm_uuid:
        search_index = si.content.searchIndex
        vm = search_index.FindByUuid(None, vm_uuid, True)
    elif vm_name:
        vm = get_obj(content, [vim.VirtualMachine], vm_name)

    if vm:
        if vm.runtime.powerState == vim.VirtualMachinePowerState.poweredOn:
            task_vm = vm.PowerOff()
            while task_vm.info.state not in [vim.TaskInfo.State.success, vim.TaskInfo.State.error]:
                time.sleep(1)

        vm.Rename(new_name)
        vm.MarkAsTemplate()
    else:
        raise SystemExit(
            "Unable to locate VirtualMachine."
        )

Once the templates have been successfully created, we can finally proceed to bootstrap a fresh NetEye cluster and test it.

Andrea Avancini

Andrea Avancini

DevOps Engineer at Würth Phoenix
Loving understanding of how things work, how things can be automated, and how to apply new technologies when needed. Passionate about technology, open-source software, and security. I found Würth Phoenix the right place for this. In the past, I co-founded a cybersecurity startup that produces security solutions for mobile apps and blockchain. Previously, I worked as researcher at Fondazione Bruno Kessler of Trento. My research was mainly focused on web and mobile app security and testing. I got my PhD in Computer Science at the University of Trento.

Author

Andrea Avancini

Loving understanding of how things work, how things can be automated, and how to apply new technologies when needed. Passionate about technology, open-source software, and security. I found Würth Phoenix the right place for this. In the past, I co-founded a cybersecurity startup that produces security solutions for mobile apps and blockchain. Previously, I worked as researcher at Fondazione Bruno Kessler of Trento. My research was mainly focused on web and mobile app security and testing. I got my PhD in Computer Science at the University of Trento.

Leave a Reply

Your email address will not be published.

Archive