VMware MCP Management Endpoint

This service functions as an intermediary management layer, architected around the Machine Control Protocol (MCP), designed to abstract and simplify interactions with VMware vCenter Server and direct ESXi hosts via a clean RESTful API structure.

Key Capabilities

• Connectivity support spanning both standalone ESXi instances and full vCenter deployments.
• Low-latency, bidirectional data transmission facilitated by Server-Sent Events (SSE).
• Standardized REST endpoint providing native JSON-RPC payload handling.
• Secure access control enforced via API Key mechanism.
• Comprehensive lifecycle management across all virtual machines.
• Continuous telemetry collection for real-time operational metrics.
• Mandatory security via SSL/TLS encryption for all communications.
• Configuration flexibility supporting YAML, JSON, or direct environment variable overrides.

Primary Operations

Virtual Machine Lifecycle Control

• Provisioning (Creation)
• Duplication (Cloning)
• Decommissioning (Deletion)
• State Transitions (Power Cycle: On/Off/Reset)
• Inventory Retrieval

Resource Telemetry

• Processor utilization statistics
• Working memory consumption metrics
• Data store capacity and utilization figures
• Network throughput measurements

Prerequisites

• Runtime environment: Python version 3.7 or newer.
• VMware SDK: pyvmomi library.
• Configuration parsing: PyYAML.
• Asynchronous web server: uvicorn.
• Protocol foundation: mcp-core library.

Deployment Guide

1. Dependency Installation:

bash pip install pyvmomi pyyaml uvicorn mcp-core

1. Configuration File Setup (settings.yml example):

yaml vcenter_endpoint: "192.168.1.100" login_credential: "svc_account@domain" secret_key: "super-secret-password" resource_datacenter: "DC01" # Target Datacenter resource_compute_pool: "ComputeClusterA" # Target Cluster resource_storage: "FastStorage01" # Primary Datastore default_port_group: "VM Traffic" # Standard Network Label verify_ssl_cert: false # Disable checks for self-signed certs access_token: "secure-app-token-123" logging_output: "/var/log/vmware_mgmt.log" logging_severity: "INFO"

1. Execution:

bash python application_entrypoint.py --config settings.yml

Programmatic Interface

Authorization Flow

All authenticated endpoints demand a valid token presented via the authorization header:

http POST /api/v1/auth/token_exchange Authorization: Bearer secure-app-token-123

Orchestration Endpoints

1. Virtual Machine Creation Request Body:

{ "vm_label": "new-web-server-01", "vcpus": 4, "ram_mib": 8192, "target_ds": "FastStorage01", "target_net": "VM Traffic" }

1. VM Duplication Request Body:

{ "source_identifier": "base-template-centos", "destination_label": "cloned-test-vm" }

1. Instance Termination Request Body:

{ "vm_identifier": "vm-to-remove" }

1. Power State Manipulation Request Body (For Power On/Off):

{ "vm_identifier": "vm-name-target", "desired_state": "POWER_ON" }

Metrics Endpoint

Query instantaneous performance metrics: http GET /metrics/v1/vm/{vm_name}/current

Configuration Parameters

Setting Key	Description	Mandatory	Default Value
vcenter_endpoint	FQDN or IP of the virtualization management server.	Yes	N/A
login_credential	User principal for API connection.	Yes	N/A
secret_key	Associated password or secret.	Yes	N/A
resource_datacenter	Specific Datacenter scope to operate within.	No	System Autodetection
resource_compute_pool	Target compute cluster resource allocation.	No	First Available Cluster
resource_storage	Default datastore for new deployments.	No	Largest Accessible Store
default_port_group	Network label to attach new NICs to.	No	VM Network
verify_ssl_cert	Flag to bypass certificate chain validation.	No	false
access_token	Token required for API authorization header.	No	N/A
logging_output	File path for persistent log records.	No	Standard Output
logging_severity	Minimum log verbosity level.	No	INFO

Environment Variable Mapping

Configuration parameters can be dynamically set via environment variables using a standardized prefix convention:

• VCENTER_ADDRESS (for vcenter_endpoint)
• VCENTER_USER (for login_credential)
• VCENTER_SECRET (for secret_key)
• VCENTER_DC (for resource_datacenter)
• VCENTER_CLUSTER (for resource_compute_pool)
• VCENTER_DATASTORE (for resource_storage)
• VCENTER_NETWORK_LABEL (for default_port_group)
• INSECURE_SKIP_SSL (for verify_ssl_cert)
• MCP_AUTH_TOKEN (for access_token)
• MCP_LOG_PATH (for logging_output)
• MCP_VERBOSITY (for logging_severity)

Operational Guidance

1. Production Deployments:
2. Ensure the use of trusted, issued X.509 certificates.
3. Mandate API Key usage for all management functions.
4. Configure logging to persist critical events to disk.

5. Implement network policies restricting external access to the management port.

6. Development/Testing Environments:

7. Utilize insecure: true to expedite setup against non-production endpoints.
8. Set logging verbosity to DEBUG for deep troubleshooting.

Licensing

Distributed under the terms of the MIT License.

Contribution Guidelines

We welcome feature suggestions, bug reports via Issues, and well-structured code submissions via Pull Requests.

Release History

Version 0.0.1 (Initial Release)

• Established core functionality for VM state control.
• Integrated MCP signaling via SSE.
• Implemented bearer token authentication.
• Initial framework for gathering system utilization stats.