Script Runtime Service for vSphere (SRS) enables vSphere users and services (clients) to manage PowerCLI instances and run PowerCLI scripts. SRS clients authenticate once with vSphere creadentials or access token. SRS clients are able to create PowerCLI instances and run scripts within. PowerCLI runs server-side and automatically connects to target vSphere servers. SRS tracks history of script ouputs.

• Central place with REST API endpoint for VI Admins in an organization to run VMware PowerCLI
• Run PowerCLI without having it installed on local machine
• Manage multiple PowerCLI instances and run commands and scripts within against vSphere infrastructure without calling Connect-VIServer
• Runs on Kubernetes

Script Runtime Service is a kubernetes application but since it is vSphere add-on service you can build and package it in a Photon OS OVF virtual machine from source code. Build uses Photon OS appliance templates from William Lam github repository photon os appliance modified with custom properties that take care to register SRS to desired vCenter Server on first boot. Thus, you can have SRS deployed and configured with simple ovf deploy.

Result appliance packages Photon OS, docker, kind kubernetes with NGINX Ingress Controller, and the Script Runtime Service for vSphere K8s appliaction deployed in script-runtime-service namespace.

If you login on the deployed result VM kubectl is availble to browse the kubernetes cluster.

• MacOS or Linux Desktop
• vCenter Server or Standalone ESXi host 6.x or greater
• dotnet sdk
• docker
• PowerShell 7.0
• VMware PowerCLI
• VMware OVFTool
• Packer

packer builds the OVF on a remote ESXi host via the vmware-iso builder. This builder requires the SSH service running on the ESXi host, as well as GuestIPHack enabled via the command below.

esxcli system settings advanced set -o /Net/GuestIPHack -i 1

1. Edit the photon-builder.json file to configure the vSphere endpoint for building the SRS appliance

{
  "builder_host": "192.168.30.10",
  "builder_host_username": "root",
  "builder_host_password": "VMware1!",
  "builder_host_datastore": "vsanDatastore",
  "builder_host_portgroup": "VM Network"
}

Note: If you need to change the initial root password on the SRS appliance, take a look at photon-version.json and http/photon-kickstart.json. When the OVF is produced, there is no default password, so this does not really matter other than for debugging purposes.

2. Start the build by running the build.sh script which builds Script Runtime Service containers and then calls packer and the respective build files

./build.sh <PowerCLI Modules path>

3. Deploy SRS from OVF on vSphere with deploy.ps1 PowerShell script which basically edits the OvfConfig settings by given parameters and deploys a VM from the OVA.

4. Test SRS API is available on https://<SRS VM IP>/swagger.

API definition is available on https://<SRS Address>/swagger. Swagger UI hosted here is the easiest way to try the API.

SRS uses VC SSO as Identity and Authentication Server. Two types of authentication are supported. SIGN and Basic. SIGN authentication is purposed for service to service access to SRS resources. For convenience of the end-users SRS supports basic authentication passing username and password which are used only to acquire HoK Saml token for SRS solution. When basic is used SRS uses usename and password to present them to SSO server and exchange them for SAML token. SRS uses the SAML token to Connect PowerCLI to VC services in further operations.
On successful authentication SRS issues its own Authorization token which MUST be used to authorize further SRS API calls.

POST https://<SRS IP>/api/auth/login

In Swagger UI use Authorize button to provide username and password for basic autentication, and then use the Try it out button of /api/auth/login to Execute login operation.

Example basic authentication request:

curl -X POST "https://10.23.81.245/api/auth/login" -H "accept: \*/\*" -H "Authorization: Basic YWRtaW5pc3RyYXRvckB2c3BoZXJlLmxvY2FsOkFkbWluITIz"

Response:

HTTP/1.1 200 OK
content-length: 0
date: Wed, 03 Jun 2020 11:49:50 GMT
server: nginx/1.17.10
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
x-srs-api-key: b3133982-93ea-4f92-ba03-2e122c1e0fd8

x-srs-api-key header contains the issued authorization token it shold be used for futher SRS API calls

In Swagger UI having the API KEY go Authorize to remove basicAuth and to provide apiKeyAuth with valude returned by login operation. After that you can try to create runspace and request script execution following guidelines below.

POST https://<SRS IP>/api/runspaces

Example:

curl -X POST "https://10.23.81.245/api/runspaces" -H "accept: application/json" -H "X-SRS-API-KEY: b3133982-93ea-4f92-ba03-2e122c1e0fd8" -H "Content-Type: application/json" -d "{\"name\":\"MyRunspace\",\"run_vc_connection_script\":true}"

Response:

content-length: 225
content-type: application/json; charset=utf-8
date: Wed, 03 Jun 2020 11:54:29 GMT
server: nginx/1.17.10
status: 202
strict-transport-security: max-age=15724800; includeSubDomains

{
  "name": "MyRunspace",
  "id": "pcli-3e21e354-e59a-4fcb-a355-0bab10908cd1",
  "state": "creating",
  "error_details": null,
  "run_vc_connection_script": true,
  "vc_connection_script_id": null,
  "creation_time": "2020-06-03T11:54:29.6271143+00:00"
}

GET https://<SRS IP>/api/runspaces/{id}

Example:

curl -X GET "https://10.23.81.245/api/runspaces/pcli-3e21e354-e59a-4fcb-a355-0bab10908cd1" -H "accept: application/json" -H "X-SRS-API-KEY: b3133982-93ea-4f92-ba03-2e122c1e0fd8"

Response:

 content-encoding: gzip
 content-type: application/json; charset=utf-8
 date: Wed, 03 Jun 2020 11:58:41 GMT
 server: nginx/1.17.10
 status: 200
 strict-transport-security: max-age=15724800; includeSubDomains
 vary: Accept-Encoding

{
  "name": "MyRunspace",
  "id": "pcli-3e21e354-e59a-4fcb-a355-0bab10908cd1",
  "state": "ready",
  "error_details": null,
  "run_vc_connection_script": true,
  "vc_connection_script_id": "51b3ee0e-8c66-49c3-a1e5-4b448024a581",
  "creation_time": "2020-06-03T11:58:07.4530423+00:00"
}

POST https://<SRS IP>/api/script-executions

{
    "runspase_id":"<runspace id>",
    "script":"Get-VIAccount"
}

Example:

curl -X POST "https://10.23.81.245/api/script-executions" -H "accept: application/json" -H "X-SRS-API-KEY: b3133982-93ea-4f92-ba03-2e122c1e0fd8" -H "Content-Type: application/json" -d "{\"runspace_id\":\"pcli-3e21e354-e59a-4fcb-a355-0bab10908cd1\",\"name\":\"get vi accounts\",\"script\":\"Get-VIAccount\"}"

Response:

 content-length: 256 <br/>
 content-type: application/json; charset=utf-8 <br/>
 date: Wed, 03 Jun 2020 12:01:28 GMT <br/>
 server: nginx/1.17.10 <br/>
 status: 202
 strict-transport-security: max-age=15724800; includeSubDomains

{
  "id": "c6927736-84db-4e53-8e72-e8d0c95dca2b",
  "name": "get vi accounts",   
  "output_objects_format": "text",
  "state": "running",
  "start_time": "2020-06-03T12:01:28.9273601+00:00"
}

GET https://<SRS IP>/api/script-executions/{script-id}

Example:

curl -X GET "https://10.23.81.245/api/script-executions/c6927736-84db-4e53-8e72-e8d0c95dca2b" -H "accept: application/json" -H "X-SRS-API-KEY: b3133982-93ea-4f92-ba03-2e122c1e0fd8"

Response:

 content-encoding: gzip
 content-type: application/json; charset=utf-8
 date: Wed, 03 Jun 2020 12:30:40 GMT
 server: nginx/1.17.10
 status: 200
 strict-transport-security: max-age=15724800; includeSubDomains
 vary: Accept-Encoding 

{
 "id": "c6927736-84db-4e53-8e72-e8d0c95dca2b",
 "runspace_id": null,
 "name": "get vi accounts",
 "script": null,
 "script_parameters": null,
 "output_objects_format": "text",
 "state": "success",
 "reason": null,
 "start_time": "2020-06-03T12:01:28.9273601+00:00",
 "end_time": "2020-06-03T12:01:29.9480608+00:00"
}

GET https://<SRS IP>/api/script-executions/{script-id}/output

Example:

curl -X GET "https://10.23.81.245/api/script-executions/c6927736-84db-4e53-8e72-e8d0c95dca2b/output?limit=20" -H "accept: application/json" -H "X-SRS-API-KEY: b3133982-93ea-4f92-ba03-2e122c1e0fd8"

Response:

 content-encoding: gzip
 content-type: application/json; charset=utf-8
 date: Wed, 03 Jun 2020 12:32:25 GMT
 server: nginx/1.17.10
 status: 200
 strict-transport-security: max-age=15724800; includeSubDomains
 vary: Accept-Encoding

[
  "Name                 Domain               Description        Server<br/>
  ----                 ------               -----------         ------<br/>
  sshd                                      sshd PrivSep       10.23.80.118<br/>
  eam                                       eam                10.23.80.118<br/>"
]

Swagger Codegen can be used to generate client side SDKs for different lnaguages.
Java and C# example client appliactions based on automatic generate client-side SDKs are available in OpenAPI Clients.

The script-runtime-service-for-vsphere project team welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. For more detailed information, refer to CONTRIBUTING.md.

The repo is in very early stage for contributors. A lot of documentation is pending to be created. Until it is done you can use the script-runtime-service-assist channel on VMware Code slack

1. Join VMware Code
2. Join the following channel:

   script-runtime-service-assist
   

Script Runtime Service for vSphere is distributed under the Apache 2.0.

For more details, please refer to the Apache 2.0 License File.