vSphere¶
Type: vsphere
Artifact BuilderId: packer.post-processor.vsphere
This post-processor uploads an artifact to a vSphere endpoint.
The artifact must be a VMX, OVA, or OVF file.
Note
This post-processor is developed to maintain compatibility with VMware vSphere versions until their respective End of General Support dates. For detailed information, refer to the Broadcom Product Lifecycle.
Examples¶
- Examples are available in the examples directory of the GitHub repository.
Configuration Reference¶
The following configuration options are available for the post-processor.
Required:
-
cluster(string) - The cluster or ESX host to upload the virtual machine. This can be either the name of the vSphere cluster or the fully qualified domain name (FQDN) or IP address of the ESX host. -
datacenter(string) - The name of the vSphere datacenter object to place the virtual machine. This is not required ifresource_poolis specified. -
host(string) - The fully qualified domain name or IP address of the vCenter instance or ESX host. password(string) - The password to use to authenticate to the vSphere endpoint.username(string) - The username to use to authenticate to the vSphere endpoint.
Optional:
-
datastore(string) - The name of the vSphere datastore to place the virtual machine. Mutually exclusive withdatastore_cluster. -
datastore_cluster(string) - The name of the vSphere datastore cluster to place the virtual machine. When specified, Storage DRS will automatically select the optimal datastore. Mutually exclusive withdatastore. -
disk_mode(string) - The disk format of the target virtual machine. One ofthinorthick. -
esxi_host(string) - The fully qualified domain name or IP address of the ESX host to upload the virtual machine. This is not required ifhostis a vCenter instance. -
insecure(bool) - Skip the verification of the server certificate. Defaults tofalse. -
options([]string) - Options to send toovftoolwhen uploading the virtual machine. Useovftool --helpto list all the options available. -
overwrite(bool) - Overwrite existing files. Defaults tofalse. resource_pool(string) - The name of the resource pool to place the virtual machine.-
vm_folder(string) - The name of the virtual machine folder path where the virtual machine will be placed. -
vm_name(string) - The name of the virtual machine to be created on the vSphere endpoint. vm_network(string) - The name of the network in which to place the virtual machine.-
hardware_version(string) - The maximum virtual hardware version for the deployed virtual machine. It does not upgrade the virtual hardware version of the source VM. Instead, it limits the virtual hardware version of the deployed virtual machine to the specified version. If the source virtual machine's hardware version is higher than the specified version, the deployed virtual machine's hardware version will be downgraded to the specified version. If the source virtual machine's hardware version is lower than or equal to the specified version, the deployed virtual machine's hardware version will be the same as the source virtual machine's. This option is useful when deploying to vCenter instance or an ESX host whose version is different from the one used to create the artifact. Refer to KB 315655 for more information on supported virtual hardware versions. -
max_retries(int) - The maximum number of times to retry the upload operation if it fails. Defaults to5. -
keep_input_artifact(boolean) - Preserve the local virtual machines files, even after importing them to the vSphere endpoint. Defaults tofalse.
Optional:
Tags provide a flexible metadata system that allows you to attach key-value information to virtual machines and templates.
This plugin supports the following configuration formats:
tags([]string) - List of tag IDs to attach.tag([]TagConfig) - List of tag configuration blocks.
Tags consist of the following parts::
category(string) - The tag category name. Mutually exclusive withid.name(string) - The tag name within the category. Mutually exclusive withid.id(string) - The tag ID (URN). Mutually exclusive withcategoryandname.
Both formats can be used together, and all tags will be merged and applied to the virtual machine.
Warning
When using tag blocks with category and name, the tag category must already exist
in vSphere and be associable with virtual machines. The plugin will create tags within existing
categories if they do not exist and the account context used to run the build has the appropriate
privileges.
Example Usage¶
The following is an example of the post-processor used in conjunction with the null builder to
upload a VMX to a vSphere cluster. You can also use this post-processor with the VMX artifact from a
build.
An example is shown below, showing only the post-processor configuration:
source "null" "example" {
communicator = "none"
}
build {
sources = [
"source.null.example"
]
post-processors {
post-processor "vsphere"{
vm_name = "foo"
host = "vc01.example.com"
username = "administrator@vsphere.local"
password = "VMw@re1!"
datacenter = "dc-01"
cluster = "cluster-01"
datastore = "datastore-01"
vm_network = "VM Network"
keep_input_artifact = true
tags = [
"urn:vmomi:InventoryServiceTag:abcdefgh-1234-5678-90ab-cdef12345678:GLOBAL",
"urn:vmomi:InventoryServiceTag:bcdefghj-2345-6789-01bc-def123456789:GLOBAL"
]
tag {
category = "build-date"
name = "{{ timestamp }}"
}
tag {
category = "packer-version"
name = "{{ packer_version }}"
}
}
}
}
{
"builders": [
{
"type": "null",
"communicator": "none"
}
],
"post-processors": [
[
{
"type": "vsphere",
"vm_name": "foo",
"host": "vc01.example.com",
"username": "administrator@vsphere.local",
"password": "VMw@re1!",
"datacenter": "dc-01",
"cluster": "cluster-01",
"datastore": "datastore-01",
"vm_network": "VM Network",
"keep_input_artifact": true,
"tags": [
"urn:vmomi:InventoryServiceTag:abcdefgh-1234-5678-90ab-cdef12345678:GLOBAL",
"urn:vmomi:InventoryServiceTag:bcdefghj-2345-6789-01bc-def123456789:GLOBAL"
],
"tag": [
{
"category": "build-date",
"name": "{{ timestamp }}"
},
{
"category": "packer-version",
"name": "{{ packer_version }}"
}
]
}
]
]
}
Privileges¶
The post-processor uses ovftool and needs several privileges to be able to run ovftool.
Rather than giving Administrator access, you can create a role to give the post-processor the privileges necessary to run.
Below is an example role that will work. Please note that this is a user-supplied list so there may be a few extraneous privileges that are not strictly required.
For vSphere, the role needs the following privileges:
Datastore.AllocateSpaceHost.Config.AdvancedConfigHost.Config.NetServiceHost.Config.NetworkNetwork.AssignSystem.AnonymousSystem.ReadSystem.ViewVApp.ImportVirtualMachine.Config.AddNewDiskVirtualMachine.Config.AdvancedConfigVirtualMachine.Inventory.Delete
The role must be authorized on the:
- Cluster of the host.
- The destination folder.
- The destination datastore.
- The network to be assigned.
Additional Privileges for Tags¶
If using the tags configuration, the following additional privileges are required:
| Category | Privilege | Reference |
|---|---|---|
| Tagging | Assign or unassign tag | com.vmware.cis.tagging.TagAssociation.Attach. |
| ... | Create tag | com.vmware.cis.tagging.Tag.Create |
| ... | Read tag | com.vmware.cis.tagging.Tag.Read |
| ... | Read tag category | com.vmware.cis.tagging.Category.Read |
Note
Tag privileges are part of the vSphere REST API and are managed separately from traditional vSphere privileges. These privileges must be assigned at the Global level to work correctly with the tagging service.