Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Documentation

Skip to end of metadata
Go to start of metadata

 

Introduction to virtual appliance specs

The virtual appliance specifications (specs) feature enables administrators to save complex virtual appliance configurations and present them to users for simple, self-service deployment across their virtual datacenters. Administrators can select the locations where users can work with each spec, including datacenters (all versions) and public cloud regions (AWS and Azure in Abiquo 3.8.3+).

The process of creating a new virtual appliance from a spec is called the materialize process. When users materialize a spec, i.e. create a new virtual appliance based on a spec, the platform will automatically use existing virtual resources or create new ones for this virtual appliance.

Specs can save the configuration of virtual appliances including virtual machines, storage, networks, monitoring, Chef, firewalls, and load balancers.

Virtual machines created from specs contain the data on the VM template disks.
Specs do not support persistent system disks, and they do not save data from persistent volumes or secondary hard disks.
To create a spec with data that was stored on volumes, or on hard disks after deploy:

  1. Create a instances to save virtual machine data to disks in VM templates
  2. Use the VM templates to create virtual machines
  3. Configure the virtual machines with networks, etc
  4. Create your virtual appliance spec

In Abiquo 3.8 - 3.8.3 specs do not support:

  • External networks and NICs in private cloud
    • Azure external networks are supported as a special kind of INTERNAL network that corresponds to a private network in private cloud
  • Unmanaged networks and NICs

If you create a spec containing an external IP:

  • in Abiquo 3.8.2, the materialize process will ignore the external IP
  • in Abiquo 3.8.3, the materialize process will fail because the external IP is unsupported

In the virtual appliance pane, there is a new pull-down menu to create virtual appliance specs and versions.

And in the Virtual datacenters view and in the V. Appliances list, the + add button has a new option to Create virtual appliance based on spec.

In the Apps library, there is a new Virtual appliance specs tab for managing specs.

Who can use and manage specs?

By default, in Abiquo 3.8, the virtual appliance spec privileges are only assigned to the cloud administrator role. You can assign the privileges to manage and consume specs to users and administrators.

When an administrator creates a spec, it can be a local spec for the enterprise only, or an administrator can share it with other enterprises by adding scopes. For spec scopes, Abiquo only uses the Enterprise list, not the Datacenters list. The administrator can also set the locations where a spec can be used.

To create a virtual appliance from a shared spec, a user must have the privilege to consume specs and they must be logged in to an enterprise that is included in the spec scopes.

To manage a spec, the administrator must log in to the enterprise that created the spec.

To share a spec, an administrator can assign one or more scopes to it. If the administrator has a global scope, they can manage all scopes and add multiple scopes. If they have a limited scope which is greater than or equal to the current spec scope, they can manage their own scope only. If an administrator edits a spec and selects their own scope, it will replace the existing scope, but remember that the new scope will always include the existing scope.

To manage a shared spec, the administrator's scope must be greater than or equal to the spec scopes and the administrator must log in to the enterprise that created the spec.

A user can retrieve and use all the specs that belong to their enterprise, and all shared specs that have the user's enterprise in their spec scopes. Because Abiquo uses the user's enterpise with spec scope to control display and user scope with spec scope to control administration, it is possible that an administrator can switch enterprise and manage specs that they cannot display in one or more of the enterprises they administer.

To create a spec scope, go to Users view on the Scopes tab, in the same way as a standard administration scope. However, you assign the spec scope to a spec, not a user role.

This screenshot shows the Create scope dialog from Users / Scopes. See Manage Scopes and Manage resource scopes

Users create virtual appliance specs from virtual appliances in Virtual datacenters view and manage specs from the Apps library view, so users will also need the appropriate privileges to work in these views.

Spec tasks and privileges

The following table describes spec tasks and the required privileges and access rules.

Spec taskPrivileges and access requirements
  • Create virtual appliances based on specs:
    • Specs that belong to the user's own enterprise
    • Specs that list the user's enterprise in their spec scopes
Consume virtual appliance specs
  • In the virtual datacenter, create new specs in the current enterprise
Manage virtual appliance specs
  • In the Apps library, manage specs for user's own enterprise
    • User must have privileges to work in the Apps library
    • User cannot edit spec scope without additional privileges and scope
  • In the virtual datacenter, create spec versions
    (Note that the default enterprise administrator role has a global scope with access to all enterprises)

Manage virtual appliance specs +
Consume virtual appliance specs +

Administration scope for enterprises >= spec scope

  • When creating a or editing spec, optionally select scope(s) from a list of all scopes
    • If you do not select any scopes, only users of the enterprise that created the spec can work with the spec
    • Select 1 or more scopes to share a spec. Users from enterprises listed in the scope can work with the spec

Manage virtual appliance specs +
Consume virtual appliance specs +
Manage scopes +
Manage users of all enterprises +
Administration scope for enterprises = global scope
(=Use All enterprises)

  • When creating a spec, optionally select own scope
    • If you do not select any scopes, only users of the enterprise of the creation user can work with the spec
    • Users from all enterprises in the user's scope can work with the spec
  • When editing a spec, the user cannot view or edit spec scopes

Manage virtual appliance specs +
Consume virtual appliance specs +
Manage scopes +
Manage users of all enterprises +
Administration scope for enterprises < global scope
(Including selecting all current enterprises) 

  • Select locations where users can work with a spec
    • When editing a spec, select new locations or deselect locations for which you do not have access or scope to manage
      • After you deselect locations that you cannot manage, you cannot add them again
    • When creating a spec, select locations from the list of locations for which you have access and scope to manage

Manage virtual appliance specs +
Consume virtual appliance specs +

Administration scope for locations
Allowed datacenters (locations)

By default the tenant administrator roles will have a global administration scope. If you do not assign a limited administration scope to the tenant administrator role, this would mean that if you share a virtual appliance spec from a tenant to a group of other tenants, the tenant administrator may be able to edit the configuration or save a version of the spec, thereby affecting the configuration used by other tenants.

In contrast, a cloud administrator role with a lesser administration scope than the spec resource scope would not be able to edit or update this spec.

 

Resource scopes example

In the above example, the orange circles represent tenants and the user scopes are shown in black. We assume that all users have the required privileges and datacenters in scope.

  • Which users can retrieve and use the resource?
    • Users of the resource owner (G), which is the enterprise that created the resource
    • Users of enterprises listed in the scopes (ABCDE).
  • Which users can administer the resource and its scopes? 
    • An administrator from enterprise G can manage the resource, if their scope is greater than the resource’s scope.
    • The administrator with scope DEF cannot manage the resource because their scope is less than the resource’s scope.
    • The administrator with scope ABCDE can manage the resource and assign their own scope.
    • The administrator of enterprise F has unlimited global scope but they cannot directly retrieve and use the resource, because the capacity to retrieve and use resources depends on the user’s enterprise and the resource’s scope, not the user’s scope. However, the administrator of enterprise F has global scope and can switch to the resource's enterprise (G) to use and manage the resource.

What do virtual appliance specs save and create?

The following virtual machine configuration elements are saved and created by virtual appliance specs. Support for elements is marked for datacenters (DC) and public cloud regions (PCR) 

ElementDCPCRSave in SpecCreate in VApp

Virtual machines

(tick)(tick)General information CPU, RAM, remote access and descriptionCreates VM with same CPU and RAM and remote access as required
VM templates(tick)(tick)Template name is saved
  • The system matches the spec template name against the Apps library template name. The user selects from a list of templates with names that contain the spec template name. The match is done with an SQL %LIKE% command, so spec template "m0n0" will match with "m0n0" and "m0n0wall" in the Apps library. But spec template "m0n0wall" will not match with "m0n0" in the Apps library
Template hard disks(tick)(error)

Template system disks and other datastore hard disks and their tiers are saved

  • In Abiquo 3.8, the preview does not show the datastore tier of the system disk
  • In Abiquo 3.8.2+, the platform will create template disks in order as in the template with no gaps in the sequence. Then additional hard drives and volumes will be added in the same order as in the original Virtual Appliance
Persistent VMs(error)(error)Persistent virtual machines are not supported. To create a spec from a persistent VM, first create an instance, which is a non-persistent template 
Private network(tick)(tick)Save private network characteristics: network address and mask only

The materialize process will use an existing private network if there are enough IP addresses to hold the number required by the spec network address and mask. The materialize process does not match the addresses (e.g. a range of addresses in 192.168.1.x may be assigned from a 10.10.x.x network).

Otherwise, the process will create a private network with the same characteristics.

In Abiquo 3.8.3+, in public cloud, Abiquo will use an external network in providers that implement external networking (e.g. Azure)

Network gateways(tick)(tick)In Abiquo 3.8.3+, Abiquo will determine if a NIC has a gateway IP address and save this information in the spec
  • In Abiquo 3.8.3+, if a NIC has a gateway IP address, when using an existing network, the materialize process will attempt to assign the network's gateway address to the NIC
  • Abiquo will not assign the gateway IP address to a NIC that did not have this address in the original configuration
  • If the materialize process is creating a new network, it will attempt to assign the same gateway address from the spec to the gateway NIC in the new network
    • This process will fail in public cloud if the gateway address is in the reserved IP address range of the provider
      • Azure and AWS reserve the first 5 IP addresses in the range
Private IPs(tick)(tick)Number of private IPs is savedCreates the number of private IPs required
Public network(tick)(tick)Number of public IPs is saved

The materialize process will try to use public IPs that were already purchased by the enterprise. These public IPs will be momentarily quarantined during the materialization process.

If not, the materialize process will purchase new public IPs. The public networks will be used in the order returned by the API.

In Abiquo 3.8.3+ in public cloud, Abiquo will use floating IPs

External IPs(minus)(minus)Not supported in Abiquo 3.8.x

If you create a spec containing an external IP:

  • in Abiquo 3.8.2, the materialize process will ignore the external IP
  • in Abiquo 3.8.3, the materialize process will fail because the external IP is unsupported
Unmanaged IPs(minus)(minus)Not supported in Abiquo 3.8.x 
Volume (data)

(error)

 

(error)

Data on external storage volumes is not included. To use data on a volume, create an instance to save it to a template disk

  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID
Volume (specifications)(tick)(error)
  • In Abiquo 3.8, volume specifications are saved, not including disk controller types
  • In Abiquo 3.8.2+, the disk controller types of the volumes are saved 
  • Empty volumes with the same specifications as the attached volumes are created. Empty volumes are named vappName-UUID
  • In Abiquo 3.8.2+, volumes are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default
Storage tiers for volumes(tick)(error)

Storage tiers are saved

Matches tier names as for VM templates. If no storage tier is found, then the validate will fail. If the storage tier does not contain pools, then the volume create will fail.
Hard disk tiers(tick)(error)

Hard disk tiers are saved

Matches tier names as for VM templates. If no datastore tier is found, then the validate will fail. If the datastore tier does not contain datastores, then the deploy will fail.
Hard disk (data)(error)(error)

Data on hard disks attached to the virtual machine is not included. To use data on a hard disk, create an instance to save it to the template

Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID
Hard disk (specifications)(tick)(error)
  • In Abiquo 3.8, hard disk specifications are saved, not including disk controller types
  • In Abiquo 3.8.2+, the disk controller types of the hard disks are saved 
  • Empty hard disks with the same specifications as the attached hard disks are created. Empty disks are named Empty disk-UUID
  • In Abiquo 3.8.2+, hard disks are attached to the same disk controller type as in the original VM. If this controller type is not compatible with the target hypervisor, then the platform will use the hypervisor default
Backup configuration(tick)(error)Configured backups are storedBackups are configured
Firewalls(tick)(tick)

Firewalls attached to virtual machines or load balancers are saved

(warning) In some versions OSN firewalls only apply to load balancing traffic and NSX firewalls only apply to virtual machine traffic

Access to a firewall integration is required to create firewalls in the new virtual appliance
Load balancers(tick)(tick)Load balancers attached to virtual machines are saved, including health checks and so onAccess to a load balancer integration is required to create load balancers in the new virtual appliance
Monitoring (status)(tick)(tick)
  • Monitoring status of fetch metrics is saved
  • In Abiquo 3.8, the selected metrics are not saved
  • In Abiquo 3.8.2+, the selected metrics are saved
  • Access to a monitoring server is required to retrieve metrics
  • In Abiquo 3.8, the user must select the individual metrics to fetch
  • In Abiquo 3.8.2+, the materialize process:
    • Creates built-in metrics of the exact same name ONLY
    • Creates all custom metrics
Alarms and Alerts(tick)(tick)

(error) In Abiquo 3.8, alarms and alerts depend on metrics, which are not saved, so alarms cannot be saved
(tick) In Abiquo 3.8.2+, alarms and alerts are saved 

In Abiquo 3.8.2+ the materialize process:

  • Creates all existing alarms and alerts, regardless of the existence of their corresponding metrics
  • Allows the user to modify alert subscribers
VM variables(tick)(tick)VM variables are saved
  • The materialize process creates virtual machines with VM variables
  • In Abiquo 3.8.2+, during the materialize process, users can edit the VM variables
Chef(tick)(tick)

Chef status, runlist and attributes are stored

  • The materialize process sets the status and recipes
  • In Abiquo 3.8.2+, during the materialize process, users can edit the runlist and the attributes

Create and update virtual appliance specs in the virtual datacenter

The following topics describe how to work with virtual appliance specs in the Virtual datacenters view.

Create a spec to save a virtual appliance configuration

Before you begin:

  • Create or obtain a virtual appliance with virtual machine configuration. This can include: virtual machines, storage, networks, Chef, firewalls, load balancers
  • Remember that specs do not support persistent system disks or persistent volume content
    • If your virtual machine has persistent disks, create an instance of the virtual machine including these disks and store them in the Apps library as part of a template
    • Volumes will be represented as empty volumes
  • Remember that specs do not support external or unmanaged IPs or external or unmanaged networks in private cloud  

To create a virtual appliance spec to save a configuration:

  1. Open the virtual appliance and from the Virtual appliance spec menu, select Create new spec
  2. Enter spec details, including
    1. A description that will identify the spec version
    2. The URL of an icon to identify your spec to users
  3. Click Accept

The platform will create the new spec for your tenant. This spec will be the default, but you can change the default configuration later.

  • Users of this tenant can create virtual appliances from the spec
  • Administrators of the tenant can administer the spec and create versions

Screenshot: Create a new spec

General information

Share a virtual appliance configuration with multiple tenants

Before you begin:

  • Create or obtain a virtual appliance with virtual machine configuration. This can include virtual machines, storage, networks, Chef, firewalls, and load balancers
  • If you are a platform administrator with unlimited global scope, create scopes to share the spec with more enterprises. This will allow the users of other tenants in the scope list to use this spec. See Manage Scopes and Manage resource scopes

Remember the rules for updating specs when deciding where to create a new spec.

As a spec administrator, you can save changes to a spec:

  • As a new spec OR
  • As a new version of the same spec
    • If you have an administration scope that is greater than or equal to the spec scope AND
    • You are working with a virtual appliance created from the spec AND
    • The virtual appliance is in the enterprise that owns the spec

To share a virtual appliance configuration with multiple tenants

  1. Create a new spec from a virtual appliance OR if you are the platform administrator, edit an existing spec
    1. Enter or check spec details including the description to identify the spec version and the URL of an icon to identify your spec to users
  2. On the Scopes tab, select scope(s) to allow access to users of the enterprises included in the scopes
    1. If you do not select any scopes, only the users of the enterprise that owns the spec can create virtual appliances from it
  3. Click Accept

The platform will create the new spec for the current tenant with scope(s) assigned. This spec will be the default, but you can change the default configuration later.

  • Users of this tenant and users of tenants listed in the scopes can use the spec
  • Administrators of the tenant can manage the spec and create versions if their scope is greater than or equal to union of the scopes of the spec. They must log in to the enterprise that created the spec to manage it.

 

Select locations where a spec can be used

  

When you are creating a spec, you can select the locations where users can work with this spec. This will help to ensure that users only have access to specs that "work" because there may be different features and resources available in different cloud locations.

Users will be able to work with a virtual appliance spec in the locations:

  • that are allowed for their enterprise AND 
  • where the spec is allowed.

To edit spec locations, create or edit a spec and open the Locations tab.

Before allowing users to work with a spec in different location(s), check the virtual resources available, the spec save and create functionality table, and the cloud provider documentation

By default a virtual appliance spec is available in all locations. This means that users can work with the virtual appliance spec in all present and future locations that are allowed for their enterprise.

Or you can select individual location(s) in which to allow the spec. First deselect Use all locations. Then select individual locations. The platform will not add future locations.

 

Create a virtual appliance based on a spec

Before you begin:

  1. Check your cloud provider's support for the spec in your virtual datacenters

To create a configuration based on a spec:

  1. Click the + add button to add a virtual appliance and select Create virtual appliance based on spec

  2. Enter a unique virtual appliance name
  3. If you didn't select a virtual datacenter before, select one now
  4. Click on a spec icon and click Select
    • The platform will present the version of the spec designated by the administrators, which is either the default version or the latest version

    • The icons of specs that were not created in your tenant are marked with the shared symbol

  5. Enter the virtual appliance details and make any required changes. See Validate a virtual appliance spec for more details
  6. Click Accept

The platform will create the new virtual appliance based on the spec and including your changes.

 

Validate a virtual appliance spec

Before you begin:

  1. Click the + add button to add a virtual appliance and select Create virtual appliance based on spec

  2. Select a virtual appliance spec and click the Select button

To validate a virtual appliance spec:

  1. Move through the tabs and check or edit informaiton as required
    1. General information: Check the configuration. To display details, for example, firewalls and load balancers, click the Show links
    2. Templates: Select new templates to replace any templates that are not available in your environment
    3. Virtual machines: select and view, and if necessary, edit the virtual machine configuration, including: 
      1. Chef 
        1. run list 
        2. attributes
    4. VM variables: edit the variables that will be available after you deploy the virtual machine
    5. Alerts: edit the subscribers to monitoring alerts, by adding or deleting emails from the list
  2. After you have finished editing the virtual appliance, click Save.

The platform will create the new virtual appliance based on the spec and including your changes

Screenshots

 Click here to show or hide the screenshots

 

General information

Templates 

Virtual machines

VM variables

VM Chef runlist

VM Chef attributes

Alerts

 


Save changes to the configuration in a virtual appliance spec

As a spec administrator, you can save changes to a spec:

  • As a new spec OR
  • As a new version of the same spec
    • If you have an administration scope for enterprises that is greater than or equal to each of the spec's scopes AND
    • You are working with a virtual appliance created from the spec AND
    • The virtual appliance is in the enterprise that owns the spec

To create a new version of a spec:

  1. Inside the virtual appliance, from the Virtual appliance spec menu, select Create new spec version
  2. Enter a description of the spec version to identify it
  3. Optional: set this version of the spec as the default version
    • If no default version is set, the platform returns the latest version to users

 

Manage virtual appliance specs in the Apps library

If users have access to the Apps library, then virtual appliance spec privileges will enable them to manage specs in the Apps library. However, extra privileges will be required to manage spec scopes.

Display the details of a spec

A user with privileges to work in the Apps library view and to manage specs can use the Virtual appliance specs tab.

To display the details of a spec and its versions, on the spec's icon, click the option button and select Versions. The Manage spec versions dialog will open. Click on a version to display its details.

The cloud user can retrieve this information with the API. This will be available through the UI in future versions

 

Define the users who can work with a spec

Selecting a scope allows users of tenants listed in the scope to use the spec.

To define the users who can work with the spec, you can:

  • Choose not to assign a scope, so only users in your enterprise can use the spec
  • Assign your own scope, allowing users in all the enterprises of your scope to use the spec
  • If you are a platform administrator with unlimited scope, you can select any number of scopes (including none at all), when you are creating or editing the spec.

Define the locations where a spec can be used

To define where a spec can be used, you can select locations. Users of enterprises that are allowed to access a location can work with the specs allowed in the location.

  • Edit the spec and open the Locations tab
    • Another user may have already assigned locations that you cannot administer and access. In this case, you can maintain or deselect these locations. If you deselect them, you cannot add them again
  • If the spec should be available in all current and future locations, select Use all locations OR
  • If you want to restrict the spec to a group of current locations, deselect Use all locations and select the locations where the spec will be available for use
  • Click Accept

Spec Location Compatibility Notes

The following table provides some general guidelines about using Specs in hybrid cloud. You should consider these guidelines when designing a virtual appliance for use in more than one location.

ElementNotes
TemplatePrivate cloud may allow multiple disk templates. In public cloud, Abiquo templates always have a single disk
Additional disks

Private cloud may allow additional disks. In public cloud the user may not add external disks within Abiquo

Networks
  • Private networks in private cloud will be translated to external networks in providers supporting external networks (e.g. Azure) and vice versa
    • In public cloud, Abiquo will look for the default VLAN's globalNetwork in the target VDC to use or create an external network (subnet) of this network
  • Public networks in private cloud will be translated to floating IPs in public cloud and vice versa.

Network gateways

When creating an internal network for use in hybrid cloud specs, check that your network gateway address is not a reserved IP address in the public cloud provider. If the gateway address is reserved, the Spec will fail when the user tries to deploy it.

  • The default gateway in AWS and Azure is address 5, which is a reserved address in Neutron and NSX
  • The default gateway in Neutron and NSX is address 1, which is a reserved address in AWS and Azure
  • A gateway that is compatible with all providers and the default reserved addresses in SDN solutions is address 22
NICs
  • Note that some IP addresses may be reserved by the provider
    • Azure and AWS reserve the first 4 IP addresses and the last IP address of private networks (Azure external networks)
    • By default, Neutron and NSX reserve 20 IP addresses from address 1 to address 21 but this range is configurable by the system administrator
  • The number of NICs allowed per virtual machine may vary across different private and public cloud environments.

Define the version of a spec to use

When you create a virtual appliance spec, the platform automatically sets this first version as the default version.

When you create another version you can choose to make this version the default.

To update a spec configuration you can create a new version of a spec. Use a virtual appliance created from the spec and save a new version of the spec or save a new spec.

To change the default version of a spec:

  1. In the Apps library open the Virtual appliance specs tab
  2. On the spec's icon, click the option button and select Versions
  3. Click on the version you want users to work with
  4. On the top right hand side of the dialog, click Mark as default version

To unset the default, so that users will always work with the latest version:

  1. Edit the spec version
  2. Remove the mark of the default version


Delete virtual appliance specs or versions

When you delete a virtual appliance spec, the platform will also delete all its versions.

If you delete the default version, then the platform will return the latest version.

When you delete an enterprise, the platform will delete all its specs, regardless of their scopes.

To delete configurations saved in specs:

  1. Open the Apps library and open the Virtual appliance specs tab:
  2. To delete a version of a spec
    1. Select the version and click the delete button
      • If you delete the default version and don't set another version, the latest version will be used
  3. To delete a spec
    1. Select the spec and click the delete button. The platform will delete all versions of the spec, even shared versions

What virtual resources are required for creating a virtual appliance based on a spec?

A virtual appliance can be created from a spec in another virtual datacenter or datacenter. The administrator should prepare a compatible environment before allowing users to work with a spec. For example, the datacenters should have the same storage tiers

When creating the new virtual appliance based on the spec, the platform will:

  • Try to use the same template. If the same template is not available, the user can select from the list of suggested templates with matching names (based on a database LIKE match)
  • Automatically reuse:
    • private networks with the same specifications as the ones in the spec
  • Automatically create:
    • virtual machines in layers
    • storage 
      • in appropriate matching tiers
        • volumes in the available storage device
        • empty hard disks
    • networks:
      • private network
      • private IPs
      • public IPs (either tenant's pre-purchased or automatically purchased)
    • firewalls with available integration
    • load balancers with available integration

Remember that specs can only currently be used in private cloud datacenters. They do not save or configure:

  • persistent system disks or template volumes on external storage devices
  • IPs in external networks
  • IPs in unmanaged networks

 

  • No labels