Using Nutanix Calm & eScript

Introduction

In this article we’re going to look at something that often comes up in customer & partner conversations. To understand the requirement, let’s look at a question:

What if I don’t use DHCP in my environment? How can I call an external API that returns an IP address while creating a VM with Nutanix Calm?

At first, that might seem like an edge case, but it’s something that actually comes up quite often. The problem is essentially this:

  • Nutanix Calm requires VMs to have an IP address in order to run actions e.g. VM customisation after creation.
  • If a VM doesn’t have an IP address, Nutanix Calm can’t login via SSH and, therefore, can’t do that customisation.
  • In environments that don’t use common DHCP services like Active Directory or dhcpd, a third-party IPAM service can be used to manage IP address assignments

Note: This is part 1 in a 2 part mini-series covering the problem above. This part covers solving the problem using eScript only, while the second part will look into solving the same problem but using one of the newest Calm features. We’ll get to that, though. 🙂

Intended Audience

For those reading this article, I’m going to assume a basic knowledge of Nutanix Calm. For example, the Nutanix Calm terminology:

  • Blueprint
  • App
  • Action
  • Task

Requirements

For the walk-through referenced in this article, the following items are required. Note that most of these items, or items similar to them, will already be available in customer environments.

  • A CentOS Linux 7 VM image, pre-uploaded to the Nutanix Image Service.
  • Nutanix Acropolis 5.6.1 or later (the current version is 5.10.x).
  • Prism Central 5.7.0.1 or later (the current version is 5.10).
  • The IP address of an existing machine that can be used as “Jump Host”. No changes are made on this machine!
  • A free IP address that can be assigned to our new VM.
  • Nutanix Calm enabled and operational. Configuring Prism Central & Nutanix Calm is beyond the scope of this article.

eScript

This demo makes use of the “eScript” feature of Calm. eScript allows Python code to be run on the Prism Central in a controlled manner, exposing a selected subset of Python 2.7 modules. Please see the Calm Administration and Operations Guide on the Nutanix Portal for detailed information on which Python modules are supported.

Getting a third-party IP address

The steps below are a complete example of how to achieve our desired result. To summary before getting started, we are deploying a new VM based on CentOS 7 Linux and assigning an IP address to that VM from an external/third-party IPAM service. Note that the external/third-party IPAM service is simulated in this example, but would be handled in a similar way in production.

  1. Create a new Nutanix Calm blueprint. This blueprint can be named anything you like, although this article will named the blueprint “eScript-Demo-PC-API”.
  2. Add a single service to the new blueprint. Name the service “JumpHostService”, noting that the service name is important. The name will be referenced later in this article.
    • Configure the service as follows:
    • Cloud = Existing Machine. Note that the “Existing Machine” construct will consume 1x Nutanix Calm license. This is due to an Existing Machine, once added to a blueprint is considered “Calm-managed”.
    • OS = Linux.
    • IP address = The IP address of your Existing Machine, i.e. the machine acting as the “Jump Host”.
  3. Configure the credentials for the blueprint. These credentials must have permissions to login to your Jump Host VM via SSH. In Nutanix Calm, this can be via username/password or public/private key pair.
  4. On the “Service” pane, expand the “JumpHostService” and select the “Create” action.
  5. Add a new task and set the type to “Set Variable”. This article will refer to a task named ReturnIPAddress.
    • Set the script type to “eScript”.
    • Enter the following sample script. This demo script is for testing purposes only and will need to be heavily modified with appropriate error checking (etc.) before use in production. If you are running this demo on your own cluster, make sure to change the IP address below to an unused IP address in your environment!.
      print "IP_ADDRESS={0}".format('10.133.16.153')
    • Note: This script is for simulation purposes only. The “proof of concept” for this demo is receiving an IP address from eScript and returning it for later use. In a production or real environment this would likely be an API call to a third-party service such as InfoBlox or some other third-party IPAM service.
    • In the “Output” section, create a variable named IP_ADDRESS. This output is used by Calm to “watch” for information coming from an eScript.

  6. Add a second task to this service. This article refers to a task named “LogIPAddress” and will be used to show that the IP address has been received successfully.
    • Set the task type to “Execute”.
    • Set the “Script Type” to “Shell”.
    • Set the credentials to those configured earlier.
    • Enter the following sample script. This sample script is for testing purposes and will need to be heavily modified with appropriate exception handling (etc) before use in production.
      #!/bin/sh
      
      touch ~/ip_address.txt 
      echo "IP address @@{IP_ADDRESS}@@ passed back to Calm." | tee ~/ip_address.txt
  7. Add a second service to the blueprint, as follows:
    • Name = eScriptDestinationService
    • Cloud = Nutanix
    • OS = Linux
    • VM name = eScript-PC-API
    • Select your CentOS 7 VM Image
    • CPU and RAM can be any value that fits your environment. For small CentOS 7 tests, 1x vCPU and 0.5GB RAM is more than enough.
    • No Guest Customisation
    • Single NIC connected to your cluster’s guest VM network. This article refers to a VLAN named “vlan.0”. There is an important difference to note at this point. When using DHCP, the “Static IP” field would be left empty. However, because we are configuring the VM with an IP address being returned from eScript, this will be different.
    • In the “Static IP” field, enter the following Calm macro:
      @@{JumpHostService.IP_ADDRESS}@@

      . At this point you can see why the name of the Jump Host service was important.

    • Configure the VM credentials. These credentials must have permissions to connect to your CentOS 7 Linux VM via SSH.
    • On the “Service” pane, expand the new service and, under the new service, select the “Create” action.
    • Add a new task to the “Create” action.
      • Type = “Execute”
      • Script Type = “Shell”
      • Select the credentials that were configured during blueprint creation.
      • Enter the following sample script. As with previous samples, this script will need to be heavily modified before it can be used anywhere near production.
        #!/bin/sh

        touch ~/ip_address.txt
        echo "VM IP address set to @@{JumpHostService.IP_ADDRESS}@@" | tee ~/ip_address.txt

      • Note that all this script does is provide a message to the user informing them that the IP address has been set as requested. If this IP address came from a third party or external IPAM source, this is certainly a realistic use-case and demonstrates the concepts required for this demo.
  8. Save the blueprint.
  9. The blueprint can now be launched in the usual way. Click the "Launch" button at the top-right of the Nutanix Calm interface and follow the standard procedure by entering an application name, populating the runtime variables if you didn't pre-populate them earlier.
Note: If you receive warning while saving the blueprint (see screenshot below), it can be safely ignored.

Checking The Results

How do we make sure our blueprint does what we've told it to?

Within the Nutanix Calm interface, each App deployment will show a “Services” tab. For example:

Clicking the “Services” tab will allow us the services deployed by the blueprint. Clicking each service will show that service’s IP address on the right of the Calm UI.

In this demo, the script returned IP address 10.133.16.153. Checking the Services tab does indeed show that our new VM has been assigned IP address 10.133.16.153.

Hopefully this article has shown the extended (but simple) steps required to interact with external/third-party services via eScript. This is just a single use-case but can be extended to obtain information from any API, if required. The next article in this series will do the same thing but will utilise one of the newest Calm features.

Thanks for reading!

SSH PUBLIC KEY

Copy the SSH public key below.  In BASH shell environments, for example, this file could be saved to ~/.ssh/nutanix_demo.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCm+7N2tjmJw5jhPmD8MS6urZQJB42ABh73ffGQSJ0XUHgdEDfjUDFkLK0wyJCe0sF5QJnh07UQn0F0BUnBi+VwehPGeODh6S43OP5YS/14L0fyntFI06B9lckx/ygRNu82sHxXCX+6VVUFPOPC+sz6j1DQswKY9d4cEYnaMBGSzqRxrqAIf6aWIKTJTYKPFY0zaUZ6ow2iwS0Nlh5EqaXsEBWkqMmr7/auP9GV/adUgzFrGLJklYBdfH575SIK6/PZL6wNT0jE9LmFlEm7dI01ZWPclBuV16FzRyrnzmWr/ebY62A04vYBtR0vyfEfsW2ZgxgD6aAE6+ytj0v19y0elRtOaeTySN/HlXh7owKWCHnlXNpTUiSDP8SQ8LRARkhQu3KEDL0ppGCrSF87oFkp1gPzf92U+UK3LaNMMjZXMOy0zLoLEdLtbQo6S8iHggDoX4NI4sWWxcX0mtadvjy/nIOvskk9IXasQh0u0MT9ARQY5VXPluKDtEVdeow9UbvgJ1xxNkphUgsWjCiy+sjgapsuZvWqKM6TPT1i24XYaau+/Fa0vhjLb8vCMWrrtkRwGt4re243NDYcYWTzVZUFuUK0w1wqt77KgjCCeyJdsZNwrh15v780Fjqpec3EGVA0xyNbF0jn/tsnYy9jPh/6Cv767EratI97JhUxoB4gXw== no-reply@acme.com