VMware: add VBS configuration support for Windows 10 (#48595)

* Fix space issue
* fix whitespaces issue
This commit is contained in:
Diane Wang 2018-12-21 01:17:35 -08:00 committed by Abhijeet Kasurde
parent d2446cbf0f
commit ebaeb1d8b4
2 changed files with 151 additions and 0 deletions

View file

@ -149,6 +149,8 @@ options:
version then no action is taken. version_added: 2.6'
- ' - C(boot_firmware) (string): Choose which firmware should be used to boot the virtual machine.
Allowed values are "bios" and "efi". version_added: 2.7'
- ' - C(virt_based_security) (bool): Enable Virtualization Based Security feature for Windows 10.
(Support from Virtual machine hardware version 14, Guest OS Windows 10 64 bit, Windows Server 2016)'
guest_id:
description:
@ -1142,6 +1144,33 @@ class PyVmomiHelper(PyVmomi):
# Don't fail if VM is already upgraded.
pass
if 'virt_based_security' in self.params['hardware']:
host_version = self.select_host().summary.config.product.version
if int(host_version.split('.')[0]) < 6 or (int(host_version.split('.')[0]) == 6 and int(host_version.split('.')[1]) < 7):
self.module.fail_json(msg="ESXi version %s not support VBS." % host_version)
guest_ids = ['windows9_64Guest', 'windows9Server64Guest']
if vm_obj is None:
guestid = self.configspec.guestId
else:
guestid = vm_obj.summary.config.guestId
if guestid not in guest_ids:
self.module.fail_json(msg="Guest '%s' not support VBS." % guestid)
if (vm_obj is None and int(self.configspec.version.split('-')[1]) >= 14) or \
(vm_obj and int(vm_obj.config.version.split('-')[1]) >= 14 and (vm_obj.runtime.powerState == vim.VirtualMachinePowerState.poweredOff)):
self.configspec.flags = vim.vm.FlagInfo()
self.configspec.flags.vbsEnabled = bool(self.params['hardware']['virt_based_security'])
if bool(self.params['hardware']['virt_based_security']):
self.configspec.flags.vvtdEnabled = True
self.configspec.nestedHVEnabled = True
if (vm_obj is None and self.configspec.firmware == 'efi') or \
(vm_obj and vm_obj.config.firmware == 'efi'):
self.configspec.bootOptions = vim.vm.BootOptions()
self.configspec.bootOptions.efiSecureBootEnabled = True
else:
self.module.fail_json(msg="Not support VBS when firmware is BIOS.")
if vm_obj is None or self.configspec.flags.vbsEnabled != vm_obj.config.flags.vbsEnabled:
self.change_detected = True
def get_device_by_type(self, vm=None, type=None):
if vm is None or type is None:
return None

View file

@ -0,0 +1,122 @@
- name: Wait for Flask controller to come up online
wait_for:
host: "{{ vcsim }}"
port: 5000
state: started
- name: kill vcsim
uri:
url: "{{ 'http://' + vcsim + ':5000/killall' }}"
- name: start vcsim with no folders
uri:
url: "{{ 'http://' + vcsim + ':5000/spawn?datacenter=1&cluster=1&folder=0' }}"
register: vcsim_instance
- name: Wait for Flask controller to come up online
wait_for:
host: "{{ vcsim }}"
port: 443
state: started
- name: get a list of Clusters from vcsim
uri:
url: "{{ 'http://' + vcsim + ':5000/govc_find?filter=CCR' }}"
register: clusterlist
- debug: var=vcsim_instance
- debug: var=clusterlist
- name: Create Windows 10 VM with VBS enabled
vmware_guest:
validate_certs: False
hostname: "{{ vcsim }}"
username: "{{ vcsim_instance['json']['username'] }}"
password: "{{ vcsim_instance['json']['password'] }}"
folder: "/{{ (clusterlist['json'][0]|basename).split('_')[0] }}/vm"
name: vbs-Test
datacenter: "{{ (clusterlist['json'][0]|basename).split('_')[0] }}"
cluster: "{{ clusterlist['json'][0] }}"
resource_pool: Resources
guest_id: windows9_64Guest
hardware:
memory_mb: 1024
num_cpus: 1
virt_based_security: True
version: 14
boot_firmware: efi
scsi: paravirtual
disk:
- size_mb: 128
type: thin
datastore: LocalDS_0
cdrom:
type: client
register: vbs_vm
- debug: var=vbs_vm
- name: assert the VM was created
assert:
that:
- "vbs_vm.failed == false"
- "vbs_vm.changed == true"
- name: Create Windows Server 2016 VM without VBS enabled
vmware_guest:
validate_certs: False
hostname: "{{ vcsim }}"
username: "{{ vcsim_instance['json']['username'] }}"
password: "{{ vcsim_instance['json']['password'] }}"
folder: "/{{ (clusterlist['json'][0]|basename).split('_')[0] }}/vm"
name: vbs-Test2
datacenter: "{{ (clusterlist['json'][0]|basename).split('_')[0] }}"
cluster: "{{ clusterlist['json'][0] }}"
resource_pool: Resources
guest_id: windows9Server64Guest
hardware:
memory_mb: 1024
num_cpus: 1
version: 14
boot_firmware: efi
scsi: paravirtual
disk:
- size_mb: 128
type: thin
datastore: LocalDS_0
cdrom:
type: client
register: vbs_vm
- debug: var=vbs_vm
- name: assert the VM was created
assert:
that:
- "vbs_vm.failed == false"
- "vbs_vm.changed == true"
- name: Enable VBS for Windows Server 2016 VM
vmware_guest:
validate_certs: False
hostname: "{{ vcsim }}"
username: "{{ vcsim_instance['json']['username'] }}"
password: "{{ vcsim_instance['json']['password'] }}"
folder: "/{{ (clusterlist['json'][0]|basename).split('_')[0] }}/vm"
name: vbs-Test2
datacenter: "{{ (clusterlist['json'][0]|basename).split('_')[0] }}"
disk:
- size_mb: 256
type: thin
datastore: LocalDS_0
hardware:
virt_based_security: True
state: present
register: vbs_vm
- debug: var=vbs_vm
- name: assert the VM was changed
assert:
that:
- "vbs_vm.failed == false"
- "vbs_vm.changed == true"