Using Nutanix Calm & eScript: Update

Using Nutanix Calm & eScript Update

Introduction

Some time ago, we published an article titled “Using Nutanix Calm & eScript”. Since that article was published back in 2019, this one will take its place and use current Nutanix Calm UI examples & features.

We’ll still use the same customer requirement, so to understand the requirement, let’s look at a question:

What if I don’t use DHCP in my environment? How can I call an external API that returns an IP address while creating a VM with Nutanix Calm?

At first, that might seem like an edge case, but it’s something that actually comes up quite often. The problem is essentially this:

  • Nutanix Calm requires VMs to have an IP address in order to run actions e.g. VM customisation after creation.
  • If a VM doesn’t have an IP address, Nutanix Calm can’t login via SSH and, therefore, can’t do that customisation.
  • In environments that don’t use common DHCP services like Active Directory or dhcpd (to name just a few), a third-party IPAM service can be used to manage IP address assignments

Intended Audience

For those reading this article, I’m going to assume a basic knowledge of Nutanix Calm. For example, the Nutanix Calm terminology that will be used is as follows:

  • Blueprint: The application design containing how the virtual machines should be configured e.g. CPU, RAM, storage, network connectivity
  • App: The result of deploying the blueprint’s VMs i.e. the logical representation of all parts that make up the app
  • Action: A defined set of steps that run during a specific part of the deployment e.g. pre-create, after VM creation
  • Task: A defined set of steps that run as part of an action e.g. a deployment action can be made up of multiple tasks or script that install various packages

Requirements

For the walk-through referenced in this article, the following items are required. Note that most of these items, or items similar to them, will already be available in customer environments.

  • A CentOS Linux 7 VM image. In today’s article we’ll use an image made available via Nutanix download servers
  • The IP address of an existing machine that can be used as “Jump Host”. No changes are made on this machine!
  • A free IP address that can be assigned to our new VM
  • Nutanix Calm enabled and operational. Configuring Prism Central & Nutanix Calm is beyond the scope of this article

Our demo environment is configured as follows:

  • AOS version 6.0.2.4
  • Prism Central pc.2022.1
  • Nutanix Calm 3.4.0

eScript

This demo makes use of the “eScript” feature of Calm. eScript allows Python code to be run on the Prism Central in a controlled manner, exposing a selected subset of Python 2.7 modules. Please see the Calm Administration and Operations Guide on the Nutanix Portal for detailed information on which Python modules are supported.

Getting a third-party IP address

The steps below are a complete example of how to achieve our desired result. To summarise before getting started, we are deploying a new VM based on CentOS 7 Linux and assigning an IP address to that VM from an external/third-party IPAM service. Note that the external/third-party IPAM service is simulated in this example, but would be handled in a similar way in production.

Create Blueprint

  1. From the Nutanix Calm UI, create a new Multi VM/Pod blueprint. This blueprint can be named anything you like, although this article will named the blueprint “eScript-Demo-PC-API-2022”.

VM Base Image

  1. From the “Configuration” tab, click the plus sign next to “Downloadable Image Configuration” and configure the new image as follows:
    • Package Name: CentOSImage
    • Description: CentOS 7 Downloadable Disk Image
    • Image Name: CentOS-7.8-2003
    • Image Type: Disk Image
    • Architecture: X86_64
    • Source URI: https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2003.qcow2
    • Product Name: CentOS
    • Product Version: 7.8

Jump Host

In our example, the “Jump Host” is the VM responsible for generating the IP address assigned to our new VM. While this step is simulated here, this is equivalent to the VM responsible for getting an IP address from the IPAM service in production.

  1. Add a single service to the new blueprint. Name the service “JumpHostService”, noting that the service name is important. The name will be referenced later in this article.
    • Configure the service as follows:
    • Account: Existing Machine. Note that the “Existing Machine” construct will consume 1x Nutanix Calm license. This is due to an Existing Machine, once added to a blueprint is considered “Calm-managed”.
    • OS = Linux.
    • IP address = The IP address of your Existing Machine, i.e. the machine acting as the “Jump Host”.

Blueprint Credentials

  1. Configure the credentials for the blueprint. These credentials must have permissions to login to your Jump Host VM via SSH. In Nutanix Calm, this can be via username/password or public/private key pair.

Jump Host Tasks

  1. On the “Service” pane, expand the “JumpHostService” and select the “Create” action.
  2. Add a new task and set the type to “Set Variable”. This article will refer to a task named ReturnIPAddress. In production, this task would run the eScript that gets an IP address from the IPAM service.
    • Set the script type to “eScript”.
    • Enter the sample script seen in Appendix A below. This demo script is for testing purposes only and will need to be heavily modified with appropriate error checking (etc.) before use in production. If you are running this demo on your own cluster, make sure to change the IP address below to an unused IP address in your environment!.
    • Note: This script is for simulation purposes only. The “proof of concept” for this demo is receiving an IP address from eScript and returning it for later use. In a production or real environment this would likely be an API call to a third-party service such as InfoBlox or some other third-party IPAM service.
    • In the “Output” section, create a variable named IP_ADDRESS. This output is used by Calm to “watch” for information coming from an eScript (see figure A below)
  3. Add a second task to this service. This article refers to a task named “LogIPAddress” and will be used to show that the IP address has been received successfully.
    • Set the task type to “Execute”.
    • Set the “Script Type” to “Shell”.
    • Set the credentials to those configured earlier.
    • Enter the sample script seen in Appendix B below. This sample script is for testing purposes and will need to be heavily modified with appropriate exception handling (etc) before use in production.

New VM

In our demo, the “New VM” will be configured with the IP address returned by the Jump Host.

  1. Add a second service to the blueprint, as follows:
    • Name: eScriptDestinationService
    • Account: Nutanix as per already configured NTNX_LOCAL_AZ
    • OS: Linux
    • VM name = eScript-PC-API
    • Select your CentOSImage downloadable image as the clone source
    • CPU and RAM can be any value that fits your environment. For small CentOS 7 tests, 1x vCPU and 0.5GB RAM is more than enough.

New VM Customisation & Tasks

  1. Guest Customization checked and set to “Cloud-init”. Set the contents of the Cloud-init script to that shown in Appendix D below. Make sure to set the credential appropriately – the example shown assumes the credential is named “admin”.
    • Single NIC connected to your cluster’s guest VM network. This article refers to a VLAN named “vlan.0”. There is an important difference to note at this point. When using DHCP, the “Static IP” field would be left empty. However, because we are configuring the VM with an IP address being returned from eScript, this will be different.
    • Set the “Private IP” to Static and, in the “Static IP” field, enter the following Calm macro: @@{JumpHostService.IP_ADDRESS}@@. At this point you can see why the name of the Jump Host service was important.
    • Configure the VM credentials. These credentials must have permissions to connect to your CentOS 7 Linux VM via SSH.
    • On the “Service” pane, expand the new service and, under the new service, select the “Create” action.
    • Add a new task to the “Create” action.
      • Type = “Execute”
      • Script Type = “Shell”
      • Select the credentials that were configured during blueprint creation.
      • Enter the sample script seen in Appendix C below. As with previous samples, this script will need to be heavily modified before it can be used anywhere near production.
      • Note that all this script does is provide a message to the user informing them that the IP address has been set as requested. If this IP address came from a third party or external IPAM source, this is certainly a realistic use-case and demonstrates the concepts required for this demo.

Saving and Testing

  1. Save the blueprint.
  2. The blueprint can now be launched in the usual way. Click the “Launch” button at the top-right of the Nutanix Calm interface and follow the standard procedure by entering an application name, populating the runtime variables if you didn’t pre-populate them earlier.
  3. Note: If you receive warning while saving the blueprint (see Figure B below), it can be safely ignored.
ReturnIPAddress task
Warnings when saving blueprint – these can be safely ignored

Appendix A:

# Appendix A
print "IP_ADDRESS={0}".format('10.133.16.153')

Appendix B:

#!/bin/sh
# Appendix B
touch ~/ip_address.txt
echo "IP address @@{IP_ADDRESS}@@ passed back to Calm." | tee ~/ip_address.txt

Appendix C:

#!/bin/sh
# Appendix C
touch ~/ip_address.txt
echo "VM IP address set to @@{JumpHostService.IP_ADDRESS}@@" | tee ~/ip_address.txt

Appendix D:

#cloud-config
users:
  - name: @@{admin.username}@@
    ssh-authorized-keys:
      - @@{admin.public_key}@@
    sudo: ['ALL=(ALL) NOPASSWD:ALL']

Checking the Results

How do we make sure our blueprint does what we’ve told it to?

Within the Nutanix Calm interface, each App deployment will show a “Services” tab. For example:

Calm UI showing the services used in our demo app

Clicking the “Services” tab will allow us the services deployed by the blueprint. Clicking each service will show that service’s IP address on the right of the Calm UI.

In this demo, the script returned IP address 10.42.250.79. Checking the Services tab does indeed show that our new VM has been assigned IP address 10.42.250.79.

Confirmation our deployed VM received the IP address given to it via eScript

Hopefully this article has shown the extended (but simple) steps required to interact with external/third-party services via eScript. This is just a single use-case but can be extended to obtain information from any API, if required. The next article in this series will do the same thing but will utilise one of the newest Calm features.

Thanks for reading and have a great day! 🙂