Professional Documents
Culture Documents
Creating A Custom VIB: Install The Vibauthor Tool
Creating A Custom VIB: Install The Vibauthor Tool
Creating A Custom VIB: Install The Vibauthor Tool
The vibauthor tool should run on pretty much any Linux distribution so long as the
prerequisite packages are installed. I’m using CentOS 6.2. VMware recommends
SLES 11 SP2. Note that there are a few package requirements so be sure to check
the accompanying documentation for the prerequisites.
Once installed you are ready to go as there is no additional setup required. There
are four basic steps to creating a custom VIB:
# mkdir /stagedir
# cd /stagedir
# mkdir payloads
Inside the /stagedir/payloads directory create a directory with the name of the VIB. In
this example I’m calling the VIB “MyRule”.
# cd /stagedir/payloads
# mkdir MyRule
# cd /stagedir/payload/MyRule
# mkdir –p etc/vmware/firewall
# /stagedir/payloads/MyRule/etc/vmware/firewall
This example creates a firewall rule, called “MyRule” that will allow inbound
connections over port 7777.
# cd /stagedir/payloads/MyRule/etc/vmware/firewall/MyRule
# vi MyRule.xml
<ConfigRoot>
<service id='0000'>
<id>MyRule</id>
<rule id = '0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>7777</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
Tip: rather than create a new descriptor.xml from scratch you can extract the
descriptor.xml from an existing VIB and edit it. To extract a VIB’s payload use the
command: # vibauthor –e –v <vib> -o <output directory>
# cd /stagedir
# vi descriptor.xml
<vib version="5.0">
<name>MyRule</name>
<version>5.0.0-1.0</version>
<vendor>None</vendor>
<summary>Custom VIB Definition</summary>
<description>Adds a Custom Firewall Rule</description>
<urls/>
<relationships>
<depends>
</depends>
<conflicts/>
<replaces/>
<provides/>
<compatibleWith/>
</relationships>
<software-tags>
<tag>driver</tag>
<tag>module</tag>
</software-tags>
<system-requires>
<maintenance-mode>false</maintenance-mode>
</system-requires>
<file-list>
<file>/etc/vmware/firewall/</file>
</file-list>
<acceptance-level>community</acceptance-level>
<live-install-allowed>true</live-install-allowed>
<live-remove-allowed>true</live-remove-allowed>
<cimom-restart>false</cimom-restart>
<stateless-ready>true</stateless-ready>
<overlay>false</overlay>
<payloads>
<payload name="MyRule" type="vgz">
</payload>
</payloads>
</vib>
-C = compose
-t = staging directory
-v = name of the VIB
-O = name of the depot
# cd /stagedir
# vibauthor -C -t /stagedir -v MyRule.vib -O MyRlule.zip
Successfully created CustomVIB.vib.
Successfully created CustomVIB.zip.
MyRule.vib:This is the actual VIB. You can use this file to add the VIB to a running
ESXi hosts using the “esxcli” command.
MyRule.zip: This file is a software depot that contains the VIB. You also can use this
file to add the VIB to a running ESXi host with the “esxcli” command, but you can
also use this file with the Image Builder CLI to add the VIB to an ESXi Image Profile.
Import the ESXi 5.0 software depot (from the ESXi 5.0 bundle):
Create a new image profile. In this example I am creating a new image profile by
cloning one of the default image profiles included with the ESXi 5.0 offline depot.
Note that because I’m adding a custom VIB I need to set the acceptance level to
“CommunitySupported”.
At this point the image profile is complete. You can now export the image as an
offline depot (.zip) or as a bootable ISO (.iso).
.ZIP
PowerCLI C:\> Export-EsxImageProfile –ImageProfile MyCustomProfile –ExportToBundle –FilePath C:\ESXi-
Depot\CustomImage.zip
.ISO
PowerCLI C:\> Export-EsxImageProfile –ImageProfile MyCustomProfile –ExportToISO –FilePath C:\ESXi-
Depot\CustomImage.zip
You can now use the custom image profile to install your ESXi hosts. When the host
is installed the “/etc/vmware/firewall/MyRule.xml” file will be installed on the host.
In addition you can view the custom rule in vCenter by selecting the host and
choosing “Configuration -> Security Profile and in the Firewall section verify the
custom firewall rule named “MyRule” exists.