Merge pull request #4365 from andrewtchin/4254/ova-webserver

Add OVA installer webserver
vmware · Mar 24, 2017 · 254aa95 · 254aa95
2 parents 2fb5c9f + d93638f
commit 254aa95
Show file tree

Hide file tree

Showing 6 changed files with 238 additions and 5 deletions.
diff --git a/installer/README.md b/installer/README.md
@@ -2,4 +2,100 @@
 
 This directory will host all the code that is going to be part of the VIC unified installer OVA.
 
-It is currently under heavy development and not suitable for any use except for development, this file will be updated to reflect the status of the installer as development progresses.
+It is currently under heavy development and not suitable for any use except for development, this file will be updated to reflect the status of the installer as development progresses.
+
+### Usage
+
+```
+esxcli system settings advanced set -o /Net/GuestIPHack -i 1
+esxcli network firewall set --enabled false
+```
+
+The machine that is running Packer (make ova-release) must be reachable from the launched VM and
+have `ovftool` installed
+```
+export PACKER_ESX_HOST=1.1.1.1
+export PACKER_USER=root
+export PACKER_PASSWORD=password
+export PACKER_LOG=1
+
+make ova-release
+```
+
+Deploy OVA with ovftool in a Docker container on ESX host
+```
+docker run -it --name test1 --net=host -v ~/go/src/github.com/vmware/vic/bin:/test-bin \
+  gcr.io/eminent-nation-87317/vic-integration-test:1.22 ovftool --acceptAllEulas --X:injectOvfEnv \
+  --X:enableHiddenProperties -st=OVA --powerOn --noSSLVerify=true -ds=datastore1 -dm=thin \
+  --net:Network="VM Network" --prop:appliance.email_from="[email protected]" \
+  --prop:appliance.root_pwd="VMware1" --prop:appliance.permit_root_login=true --prop:harbor.port=443 \
+  --prop:admiral.port=8282 --prop:harbor.admin_password="VMware1\!" \
+  --prop:harbor.db_password="VMware1\!" /test-bin/vic-1.1.0-a84985b.ova \
+  vi://root:[email protected]
+```
+
+### Troubleshooting
+
+#### ova-release failed
+
+```
+2017/03/16 10:26:25 packer: 2017/03/16 10:26:25 starting remote command: test -e
+/vmfs/volumes/datastore1/vic
+2017/03/16 10:26:25 ui error: ==> ova-release: Step "StepOutputDir" failed, aborting...
+==> ova-release: Step "StepOutputDir" failed, aborting...
+Build 'ova-release' errored: unexpected EOF
+
+==> Some builds didn't complete successfully and had errors:
+2017/03/16 10:26:25 ui error: Build 'ova-release' errored: unexpected EOF
+2017/03/16 10:26:25 Builds completed. Waiting on interrupt barrier...
+2017/03/16 10:26:25 machine readable: error-count []string{"1"}
+2017/03/16 10:26:25 ui error: 
+==> Some builds didn't complete successfully and had errors:
+2017/03/16 10:26:25 machine readable: ova-release,error []string{"unexpected EOF"}
+2017/03/16 10:26:25 ui error: --> ova-release: unexpected EOF
+2017/03/16 10:26:25 ui: 
+==> Builds finished but no artifacts were created.
+2017/03/16 10:26:25 waiting for all plugin processes to complete...
+2017/03/16 10:26:25 /usr/local/bin/packer: plugin process exited
+2017/03/16 10:26:25 /usr/local/bin/packer: plugin process exited
+2017/03/16 10:26:25 /usr/local/bin/packer: plugin process exited
+2017/03/16 10:26:25 /usr/local/bin/packer: plugin process exited
+--> ova-release: unexpected EOF
+
+==> Builds finished but no artifacts were created.
+2017/03/16 10:26:25 /usr/local/bin/packer: plugin process exited
+installer/vic-unified-installer.mk:31: recipe for target 'ova-release' failed
+make: *** [ova-release] Error 1
+```
+
+Solution: Cleanup datastore by removing the `vic` folder
+
+
+#### Connection refused
+
+```
+2017/03/16 12:48:46 ui: ==> ova-release: Connecting to VM via VNC
+==> ova-release: Connecting to VM via VNC
+2017/03/16 12:49:13 ui error: ==> ova-release: Error connecting to VNC: dial tcp 10.17.109.107:5900:
+getsockopt: connection refused
+==> ova-release: Error connecting to VNC: dial tcp 10.17.109.107:5900: getsockopt: connection
+refused
+```
+
+Solution: Disable firewall on ESX host `esxcli network firewall set --enabled false`
+
+#### No IP address ready
+
+```
+2017/03/23 12:03:45 packer: 2017/03/23 12:03:45 opening new ssh session
+2017/03/23 12:03:45 packer: 2017/03/23 12:03:45 starting remote command: esxcli --formatter csv
+network vm list
+2017/03/23 12:03:46 packer: 2017/03/23 12:03:46 opening new ssh session
+2017/03/23 12:03:46 packer: 2017/03/23 12:03:46 starting remote command: esxcli --formatter csv
+network vm port list -w 73094
+2017/03/23 12:03:46 packer: 2017/03/23 12:03:46 [DEBUG] Error getting SSH address: No interface on
+the VM has an IP address ready
+```
+
+Solution: Disable firewall on the build machine. The launched VM is unable to get the kickstart file
+from your build machine.
diff --git a/installer/fileserver/server.go b/installer/fileserver/server.go
@@ -0,0 +1,97 @@
+// Copyright 2016-2017 VMware, Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"crypto/tls"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"syscall"
+
+	log "github.com/Sirupsen/logrus"
+
+	"github.com/vmware/vic/pkg/certificate"
+)
+
+type config struct {
+	addr     string
+	certPath string
+	keyPath  string
+	cert     tls.Certificate
+	serveDir string
+}
+
+func Init(conf *config) {
+	ud := syscall.Getuid()
+	gd := syscall.Getgid()
+	log.Info(fmt.Sprintf("Current UID/GID = %d/%d", ud, gd))
+	/* TODO FIXME
+	if ud == 0 {
+		log.Error("Error: must not run as root.")
+		os.Exit(1)
+	}
+	*/
+
+	flag.StringVar(&conf.addr, "addr", ":9443", "Listen address - must include host and port (addr:port)")
+	flag.StringVar(&conf.certPath, "cert", "", "Path to server certificate in PEM format")
+	flag.StringVar(&conf.keyPath, "key", "", "Path to server certificate key in PEM format")
+	flag.StringVar(&conf.serveDir, "dir", "/data/fileserver", "Directory to serve")
+
+	flag.Parse()
+
+	if (conf.certPath == "" && conf.keyPath != "") || (conf.certPath != "" && conf.keyPath == "") {
+		log.Errorf("Both certificate and key must be specified")
+	}
+
+	var err error
+	if conf.certPath != "" {
+		log.Infof("Loading certificate %s and key %s", conf.certPath, conf.keyPath)
+		conf.cert, err = tls.LoadX509KeyPair(conf.certPath, conf.keyPath)
+		if err != nil {
+			log.Fatalf("Failed to load certificate %s and key %s: %s", conf.certPath, conf.keyPath, err)
+		}
+	} else {
+		log.Info("Generating self signed certificate")
+		c, k, err := certificate.CreateSelfSigned(conf.addr, []string{"VMware, Inc."}, 2048)
+		if err != nil {
+			log.Errorf("Failed to generate a self-signed certificate: %s. Exiting.", err.Error())
+			os.Exit(1)
+		}
+		conf.cert, err = tls.X509KeyPair(c.Bytes(), k.Bytes())
+		if err != nil {
+			log.Errorf("Failed to load generated self-signed certificate: %s. Exiting.", err.Error())
+			os.Exit(1)
+		}
+	}
+	log.Infof("Loaded certificate")
+}
+
+func main() {
+	var c config
+	Init(&c)
+
+	t := &tls.Config{}
+	t.Certificates = []tls.Certificate{c.cert}
+	s := &http.Server{
+		Addr:      c.addr,
+		Handler:   http.FileServer(http.Dir(c.serveDir)),
+		TLSConfig: t,
+	}
+
+	log.Infof("Starting server on %s", s.Addr)
+	log.Fatal(s.ListenAndServeTLS("", ""))
+}
diff --git a/installer/packer/packer-vic.json b/installer/packer/packer-vic.json
@@ -4,7 +4,7 @@
     "iso_sha1sum": "",
     "esx_host": "",
     "remote_username": "",
-    "remote_password": "",    
+    "remote_password": "",
     "root_password": "2RQrZ83i79N6szpvZNX6"
   },
   "builders": [
@@ -102,6 +102,16 @@
       "source": "../../bin/vic-ova-ui",
       "destination": "/usr/bin/vic-ova-ui"
     },
+    {
+      "type": "file",
+      "source": "../../bin/ova-webserver",
+      "destination": "/usr/local/bin/ova-webserver"
+    },
+    {
+      "type": "file",
+      "source": "../../bin/vic/",
+      "destination": "/data/fileserver"
+    },
     {
       "type": "file",
       "source": "scripts/systemd/docker.service",
@@ -190,6 +200,10 @@
       "type": "shell",
       "script": "scripts/provision_admiral.sh"
     },
+    {
+      "type": "shell",
+      "script": "scripts/provision_fileserver.sh"
+    },
     {
       "type": "file",
       "source": "scripts/systemd/admiral/admiral.service",

diff --git a/installer/packer/scripts/package_provisioning.sh b/installer/packer/scripts/package_provisioning.sh
@@ -37,4 +37,4 @@ tune2fs -L vic-data-v1 /dev/sdb1
 
 # Seed directories in /data
 mount /dev/sdb1 /data -t ext4
-mkdir -p /data/{admiral,harbor}
+mkdir -p /data/{admiral,harbor,fileserver}
diff --git a/installer/packer/scripts/provision_fileserver.sh b/installer/packer/scripts/provision_fileserver.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright 2017 VMware, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Move zip files to base directory, remove unneeded files from ui/
+cd /data/fileserver
+find . -name "*.zip" | xargs -t -I {} mv {} .
+rm -r ui/
diff --git a/installer/vic-unified-installer.mk b/installer/vic-unified-installer.mk
@@ -26,8 +26,11 @@ PHOTON_ISO_SHA1SUM := c4c6cb94c261b162e7dac60fdffa96ddb5836d66
 
 ovfenv := $(BIN)/ovfenv
 vic-ova-ui := $(BIN)/vic-ova-ui
+ova-webserver := $(BIN)/ova-webserver
 ovfenv: $(ovfenv)
 vic-ova-ui: $(vic-ova-ui)
+ova-webserver: $(ova-webserver)
+
 
 $(ovfenv): $$(call godeps,installer/ovatools/ovfenv/*.go)
 	@echo building ovfenv linux...
@@ -37,7 +40,7 @@ $(vic-ova-ui): $$(call godeps,installer/ovatools/vic-ova-ui/*.go)
 	@echo building vic-ova-ui
 	@GOARCH=amd64 GOOS=linux $(TIME) $(GO) build $(RACE) -ldflags "$(ldflags)" -o ./$@ ./$(dir $<)
 
-ova-release: $(ovfenv) $(vic-ova-ui)
+ova-release: $(ovfenv) $(vic-ova-ui) $(ova-webserver)
 	@echo building vic-unified-installer OVA using packer...
 	@cd $(BASE_DIR)installer/packer && $(PACKER) build \
 			-only=ova-release \
@@ -81,4 +84,8 @@ vagrant-local: $(ovfenv) $(vic-ova-ui)
 			-only=vagrant-local \
 			-var 'iso_sha1sum=$(PHOTON_ISO_SHA1SUM)'\
 			-var 'iso_file=$(PHOTON_ISO)'\
-			--on-error=abort packer-vic.json
+			--on-error=abort packer-vic.json
+
+$(ova-webserver): $$(call godeps,installer/fileserver/*.go)
+	@echo building ova-webserver
+	@GOARCH=amd64 GOOS=linux $(TIME) $(GO) build $(RACE) -ldflags "$(LDFLAGS)" -o ./$@ ./$(dir $<)