分类: 系统运维
2013-10-08 11:32:28
我介绍了如何更改虚拟机的VMX文件编程,并承诺将发布一个完整的样品在我的演讲在VMware的舞伴交易所2011。现在,发布会到此结束,现在是时候将它张贴。
The sample is based on guideline VMX03 in vSphere security hardening guide: disable copy/paste to remote console. To me, allowing copy and paste to remote console like vSphere Client is a nice feature which can save you a lot of time. When security is a concern, however, you may want to disable it.
I will not discuss when you should disable/enable it because it really depends on your requirements. In most cases, security and convenience contradict with each other. I leave it for you to decide the right balance, but show you how you can check the setting and change it here.
Like most samples I write, the sample code leverages the open source VI Java API which allows much clean and shorter code than using Apache AXIS. The program checks the vmx settings for copy/paste, and then reverses the settings – if you can copy/paste, then disable it; otherwise, enable it.
As I am a true believer in that code should be self-explanatory, I hope you find my code speaks for itself. If it’s your first time to try vSphere API, you may want to check out the VI Java API tutorial which shows you how to run your first sample in 5 minutes. When you run the following sample, you need to change the server URL, username/password, and the inventory path to a virtual machine you want to change.
package com.vmware.vim25.mo.samples;
import java.net.URL;
import java.util.*;
import com.vmware.vim25.*;
import com.vmware.vim25.mo.*;
public class VmxOps
{
private static final String SETGUIOPTIONS_ENABLE = "isolation.tools.setGUIOptions.enable";
private static final String PASTE_DISABLE = "isolation.tools.paste.disable";
private static final String COPY_DISABLE = "isolation.tools.copy.disable";
static final OptionValue[] disableCopyPaste = new OptionValue[]
{ newOptionValue(SETGUIOPTIONS_ENABLE, "false"),
newOptionValue(PASTE_DISABLE, "true"),
newOptionValue(COPY_DISABLE, "true") };
static final OptionValue[] allowCopyPaste = new OptionValue[]
{ newOptionValue(SETGUIOPTIONS_ENABLE, "true"),
newOptionValue(PASTE_DISABLE, "false"),
newOptionValue(COPY_DISABLE, "false") };
public static void main(String[] args) throws Exception
{
ServiceInstance si = new ServiceInstance(new URL(""), "sjin", "vmware", true);
SearchIndex searchIndex = si.getSearchIndex();
ManagedEntity me = searchIndex.findByInventoryPath("teardown-dc/vm/SteveJinTestVMX");
VirtualMachine vm = (VirtualMachine) me;
OptionValue[] ovs = (OptionValue[]) vm.getPropertyByPath("config.extraConfig");
Map ovm = convert2Map(ovs);
VirtualMachineConfigSpec vms = new VirtualMachineConfigSpec();
if("true".equalsIgnoreCase(ovm.get(COPY_DISABLE)))
{
System.out.println("This VM does not allow copy/paste to remote console. We will enable it.");
vms.extraConfig = allowCopyPaste;
}
else
{
System.out.println("This VM allows copy/paste to remote console. We will disable it.");
vms.extraConfig = disableCopyPaste;
}
vm.reconfigVM_Task(vms);
si.getServerConnection().logout();
}
private static OptionValue newOptionValue(String key, String value)
{
OptionValue ov = new OptionValue();
ov.setKey(key);
ov.setValue(value);
return ov;
}
private static Map convert2Map(OptionValue[] ovs)
{
HashMap hm = new HashMap();
for(OptionValue ov : ovs)
{
hm.put(ov.key, (String) ov.value);
}
return hm;
}
}