OPBOT — The story of a ChatOps Bot for VMware vSphere

We at Opvizor have used Bots for quite some time to access our different vSphere environments from anywhere in the world. While travelling, it became pretty annoying to connect to VPN, open either the VMware Web Client over a slow connection or even connect to a remote Windows desktop to open the VMware Client. All of that effort, just because we need to find out if a virtual machine has been deployed, is running or has a high CPU load. And that this is happening thousands or million times a day — what a time waste! We were determined to sped up and simplify these processes! Thus a new VMware vSphere interface is born: OpBot Download

OpBot says Hi!

We were very proud to release our first OpBot to the community last year, which can be used to read information with respect to your vSphere environment.

We started initially with a read-only Bot, or virtual assistant, but today that Bot cannot just check the cpu or disk utilization of a virtual machine, you can run PowerShell and PowerCLI commands in an easy way to restart VMs or run your favorite health and audit reports.

As always a picture says more as a thousand words:

How does that work

First, you import a virtual appliance in your environment that consists of a stripped down Ubuntu linux and includes the components for a ChatBot and a VMware vSphere API connection broker.

If you just wanna jump start into all functions, check out the full manual

The ChatBot, our OpBot, connects to the Slack API (or Rocket.Chat) and makes himself available as a Slack user waiting for commands via channels or private messages. Therefore, we recommend creating a separate Slack account just for the OpBot usage.

OpBot responds to predefined commands (available with the help command) using the read-only VMware vSphere account you created as a customer and publishes the output of these commands into the chat.

The cool thing is that OpBot is not only listening to commands, he also remembers the last entity selection that were shown by the last command. So you can run mem, table or raw commands on these systems to see details.

Benefits

We had our very own reason to start the OpBot development as we´re a very effective team at Opvizor and we can´t undergo the effort to run hundreds of virtual machines in several datacenters across the world wasting time on simple operations. In general we think that IT admins and IT consultants waste time every day waiting for vSphere Web client responses.

That´s already the case while sitting in the same LAN with 10Gbit connectivity. Changing the perfect LAN situation into the common situations of commuting, traveling and having low bandwidth access, results in significant wasted time and gets extremely annoying. Any Device, Any Place, Any … not really!

Why start a mobile hotspot, connect with your notebook to it, connect to VPN, open a remote desktop session (as all web clients are so slow, when connecting over low bandwidth), just to see if a virtual machine is running or the cpu usage is high?

Last but not least, you need other tools to track security and access to certain systems at certain times. That´s already done as the chat logs all in- and outputs. Btw. that is even more important if you have external consultants that need to check some environmental information. With OpBot, invite them to the slack private channel, let them do the tasks and disconnect them again. Win:Win for everyone.

In summary

• No VPN
• No RDP Session
• No Mobile Hotspot
• Any Device
• Any Place
• async commands
• Audit log in the chat
• Avoid annoying bandwidth issues using remote desktops or VMware Web client

What commands are available

Check out the full manual for a complete command list.

The OpBot memory (brain)

Whenever you are not sure of which commands to use, just type @opbot helpEntity memory

OpBot is designed to memorise the last list of entities as you typically want to search for a certain VM and get more information about that one without typing the name over and over again.

Whenever you read, that Entities are saved for the next command you can just type the attribute command and OpBot will use the stored entities. In this case I use power to see the power state of the saved entities.

FAQ

What about security?

When designing OpBot we always had security in mind as we are fully aware that the Bot listens to commands written into a Slack channel. Therefore, we decided to only implement read-only commands in our community edition.

1. Slack already offers security features like Teams (invite only) and private channels (invite only) — https://slack.com/security
2. OpBot only listens to predefined commands (white list approach)
3. OpBot is based on a VMware vSphere API integration that has no local shell access or system calls
4. OpBot commands are not executed in a shell, but a wrapper that ignores undefined commands
5. OpBot can work with a vSphere read-only account or a account with specific privileges for your needs (we encourage you to not configure an administrative account!!)
6. All chat messages are logged and Slack can be configured to deny message deletion (works like an audit log)
7. You can remove or shutdown the OpBot VM at any time and it will reconnect when powered on