Build a VMware Cloud on AWS Content Library using AWS S3

-
Gilles Chekroun
Lead NSX Systems Engineer - VMware Europe
---

What is a Content Library?

DISCLAIMER: External content libraries are not supported by VMware GSS !

 vSphere Content Library is a repository where you can store VM templates, vApp templates and other kind of files like ISO. Administrators can use the templates to deploy VMs and vApps. Each item library can contain multiple files. The basis is .ovf together with the description files like .mf and .vmdk
If you have .ova files, you can simply un-compress them using the linux command: 
tar -xvf SomeFile.ova

There are two kind of Libraries: Local and Subscribed.

Local Library

Local Library stores items in a single vCenter. VM and vApp templates are stored as OVF file format.

Subscribed Library

You can create a Subscribed Library in the same vCenter and to ensure the content is up-to-date, the library can automatically sync with the source on a regular basis.
You can also use the option to download content from the source immediately or only when you need. this will help to manage local storage.
You can also delete local content (look at it like un-sync) to save space as well.

In this article, we will build the content in AWS S3 and use that as the source for publication.

Build the source

NOTE: For this first release, I will build the source from local computer and duplicate to S3. Clearly the goal is to create the source in S3 directly but that will need a few tweaks in the python script that creates the metadata indexing. Stay tuned for some updates . . .

File structure

The Content Library uses Open Virtualization Format (OVF). An OVF package consists of several files placed in one directory. There is ONE .ovf file descriptor and typically one or more disk images, certificates and other auxilliary files.

Note the directory structure with sub-directories for each template.

Create the metadata indexes

The Content Library subscription needs a lib.json file that will be created using the following python script: make_vcsp_2015.py (Thanks to William Lam and Eric Cao).
Refer to William Blog here with full details.

We use pthyon 2.7 and the usage is:
python make_vcsp_2015.py ContentLib <path-to-your-ContentLib>
This creates the needed indexes.

Duplicate to AWS S3

Get the "lib.json" URL
Make the Content Library bucket public

Create the Content Library

Open vCenter and select Content Libraries
Add a Library
Give it a name and click NEXT
Use Subscribed Library and paste the S3 URL of lib.json.
Select Download content when needed to save disk space.
Select storage
Review and click FINISH
Note that the new Library has 3 templates but 0 Bytes size. The content will sync on demand.
Open the Library. Note the 0 Bytes size.

Deploy new VM from Template


Give it a name and chose the Workloads Folder
Continue on a classic VM deployment steps and click FINISH
The VM deployment has triggered the synchronisation of the specific content.
VM is deployed
From here, we can power it on and go ahead.

Save disk space and Delete Library item

To save some space on the local vSAN we can "un-sync" items from our library.
The items remain in S3 obviously for future deployments.
At this stage, we are back to a zero size Content Library.

Comments

Post a Comment

Populars

Egress VPC and AWS Transit Gateway (Part1)

-
Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Usually my blog posts are customer driven and recently I have been working on a design that would include an Egress VPC and AWS Transit Gateway. This customer is going to use both VMware Managed Transit Gateway and also AWS Transit Gateway. I will split this post in 3 parts: The Egress VPC - this article Adding a VMC SDDC to the Egress VPC here Adding VMware Managed Transit Gateway here Why do we need an Egress VPC? Numerous posts on AWS site  will describe how to build an Egress VPC and the subtleties of the various route tables of the TGW and the Egress VPC itself. The main goal is to have ONE Internet gateway only  that will allow workloads to go out to internet on the Egress VPC. One of the most important point is redundancy and multi-availability zones. Applications usually reside in private subnets, while NAT Gateways reside in a public subnet. NAT Gateways To focus the Internet access to a single point, we can cre
Read more

AWS Transitive routing with Transit Gateways in the same region

-
Image
Gilles Chekroun Lead VMware Cloud on AWS Specialist --- At the AWS Re:invent 2019 conference, the long waited TGW peering functionality was announced and available in a few AWS regions. This is an INTER-REGION peering only meaning that the Transit Gateways need to be in different regions. Hoping that AWS will soon release an INTRA-REGION capability I discussed with a few AWS Solutions Architects in Las Vegas, among them Tom Adamski , about using a VPC as a bridge between two TGWs in the same region. Tom assured me that it is possible opening for the first time the transitive routing capability in AWS networking. Well . . . I needed to test that and see by myself. Test bed For a simple test, I will use 2 TGWs in the same regions with 2 VPCs attached each and another VPC as "bridge" connected to both TGWs. Yes you can connect a VPC up to 5 TGWs . The whole idea is to use this "bridging VPC" and point the default route of the TGWs to it. To do that I c
Read more

Considerations on vTGW to TGW Peering Link

-
Image
   Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Recently I was talking with a Customer on designing their VMware Cloud on AWS environment and linking it to their existing AWS infrastructure. The idea was to have 2 SDDCs, Test and Prod, and link them with a VMware Managed TGW and peer it to their existing TGW. The customer requirements were: VMs in each SDDC should have internet access from the SDDC out VMs from Test should be able to talk to VMs in Prod VMs in any SDDC should be able to access their own vCenter but also the other one Some VMs any SDDC should have a Public IP and NAT rule to be accessible from outside VMware traffic should stay within VMware SDDCs Other traffic, like on-prem, should go via the Customer TGW Test Setup Step1 - Create SDDC Group Create an SDDC Group and attach the 2 SDDCs Prod and Test Make sure the proper FireWall rules are open in each SDDC Compute GW. Step 2 - Attach the Customer TGW In the SDDC Groups, under External TGW TAB, add t
Read more