Google Cloud VMware Engine provides a fully-managed VMware vSphere Software-Defined Data Center and comes with a preconfigured VMware Content Library, which is a convenient repository for storing various files that administrators use. Google Cloud Storage is a low-cost way to store and archive large files, making it a nice complement to the content library.
A content library can be populated either by pushing content into it from a client machine or by triggering a direct download from a remote location to the library. Both approaches are possible from the vSphere Client or with PowerCLI; in this article we will be focused on the scripted approach, looking at how to use a storage bucket as a central hub for ISO and OVA files that syncs to a content library.
Google Cloud Storage buckets feature various permissions models that enable administrators to specify whether authenticated or public access is allowed. Since the content library cannot authenticate against cloud storage, public access is required if you intend to directly pull from a bucket to the content library. If sensitive content must be protected using IAM permissions, then objects need to be downloaded temporarily to a machine that has appropriate rights and then subsequently uploaded to the content library.
In order to enable public access, go to the Permissions tab for the bucket on the Google Cloud Storage console page and set it to “Subject to object ACLs” and specify access control to be “fine-grained.” Individual objects in the bucket can be set to “not public” initially.
Content Sync PowerShell Script
A new PowerCLI module, GcveContentSync.psm1, on my GitHub repository demonstrates how to sync ISO and OVA objects from a storage bucket to the content library. It can either download to an intermediate system before pushing to the content library or it can trigger content to be pulled directly. If pulling directly, the ACL for individual objects will be temporarily set to allow public access, since the content library is not a principal that can authenticate to the bucket. The ACL manipulation or downloading is achieved using the Cloud Tools for PowerShell module. Be sure to initialize gcloud CLI beforehand, as the Google Cloud PowerShell tools rely on that underlying configuration for authentication. See the Quickstart for details.
When you move your existing applications to Google Cloud VMware Engine, you can take advantage of native cloud services to enhance your infrastructure operations. Cloud Storage is a low-cost way to maintain a central VM image repository that can be synchronized to one or more content libraries by using automation tools provided by VMware and Google Cloud.