Month: April 2017

vRA & SovLabs: Installing the plugin modules

/ johannstander / Leave a comment

As mentioned in my initial blog post on SovLabs, you would have to create custom code in vRO to support the automation of many of the additional steps like custom naming, IPAM, DNS, AD, Load Balancer, but with SovLabs software modules this is really easy. Below are my notes for the prerequisites and the initial installation of the SovLabs modules.

Some prerequisites needs to be completed before installing the plugin:

  1. Configure the vRO service accounting in vRA
    1. Login to the root vRA tenant
    2. Click Administration -> Users & Groups > Custom Groups
    3. Create a Custom Group
    4. Enter a group name and description.
      1. DO NOT put spaces in the group name.
    5. Select the following roles listed in the Add Roles to this Group box
      1.  Tenant Administrator
      2. XaaS Architect
      3. Screen Shot 2017-04-13 at 2.00.41 PM.png
    6. Click Next
    7. Type in the vRO service account or vRO service account group
      1. If this account does not appear make sure it is sync’d.
    8. Click Add
  2. Configure vRO endpoint in vRA
    1. I have an enterprise install with external vRO so I am assuming you already setup the external vRO server in vRA.
    2. Login to vRA tenant
    3. Click Infrastructure tab > Endpoints > Endpoints
    4. Click on New > Orchestration > vRealize Orchestrator
    5. Screen Shot 2017-04-13 at 2.11.58 PM.png
    6. Enter the information
    7. Click on New Custom Property.
    8. Name: VMware.VCenterOrchestrator.Priority
    9. Value: (number, 1 being highest priority)
    10. Click OK
  3. Configure extensibility message timeout in vRA
    1. Login to vRA tenant
    2. Click Infrastructure tab -> administration -> Global Settings
    3. Click the Extensibility lifecycle message timeout row
    4. Click the Edit button
    5. Screen Shot 2017-04-13 at 2.44.44 PM.png
    6. Input a value that will be greater than the longest event workflow subscription timeout (e.g. 04:00:00)
    7. For the timeout setting to take affect, restart the vCloud Automation Center Service first on the primary manager service server and then on secondary.
  4.  Execution permission in vRO
    1. This is necessary for vRO to execute external applications and perform actions like ping. 
    2. These steps also need to be performed on all vRO nodes.
    3. SSH/Putty vRO server as root
    4. Modify the vmo.properties file:
      1. vi /etc/vco/app-server/vmo.properties
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. com.vmware.js.allow-local-process=true
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    5. Modify the js-io-rights.conf file:
      1. vi /etc/vco/app-server/js-io-rights.conf
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. +rwx /tmp
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
    7. Restart the vRO server(s)
      1. service vco-server restart
  5. EMC and Kerberos configuration in vRO
    1. There are some additional steps that you need perform if you are using EMC FEHC 3 and 4, as well as Kerberos.
    2. I am not using these so will skip but documentation provides all the information needed.
    3. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
  6. Configure vRA Endpoints in vRO  (use vRO to create workflows in order to interact with vRA)
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select Design mode
    4. Click workflow tab
    5. Run workflow:  /Library/vRelease Automation/Configuration/Add a vRA host
      1. Screen Shot 2017-04-13 at 2.56.29 PM.png
      2. Enter vRA host name
      3. Host URL
      4. Automatically install Certs = yes
      5. Session mode = shared session
      6. Tenant name
      7. Username and password
        • username@domain.com
      8. Rest of fields not mentioned just leave default
    6. Click Submit
    7. If this fails make sure the service account is searchable in vRA directory users and groups.
  7. Add an IaaS host in vRO
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select the Design mode
    4. Click Workflow tab
    5. Run workflow:  /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
      1. Screen Shot 2017-04-13 at 3.41.47 PM.png
      2. Enter Host Name (IaaS Host FQDN)
      3. Enter Host URL (https://IaaS Host FQDN)
      4. Automatically install Certs = yes
      5. Use proxy = no
      6. Click Next
      7. Default connection settings = yes
      8. Click Next
      9. Host authentication type = NTLM
        • For the NTLM, is it a local user or an LDAP/AD user?
        • If it’s local, you use user@tenant
        • You can also use SSO
      10. Enter Username and password
        • for Username only specify the username and do not add the domain
      11. Workstation leave blank
      12. Enter domain name for NTLM authentication
    6. Click Submit
  8. Environment setup
    1. Review the documentation for additional setup configurations.
    2. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
      1. Firewall configurations provided in documentation
      2. WinRM setup for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
      3. Configuration of Windows member server when direct access to AD server is not permitted in the environment.

Continue reading

SovLabs: Extending vRealize Automation to achieve an automated end to end solution

/ johannstander / Leave a comment

All CMP solutions let you deploy a VM out of the box, but what then?
We all know that it takes way more than just a VM to get a fully functional system.
There are many steps to consider when deploying a VM and application, here are just to name a few but this list can get very long:

  • Computer name assignment base on company computer naming policy
  • IP address assignment
  • Register with DNS
  • Join Active Directory
  • Appropriate security permission applied
  • Server build runbook applied
  • Get a virtual IP address from Load Balancer
  • Create/Modify firewall rules
  • Install application

In most IT organizations these steps would normally require a handoff between different departments and this is where IT becomes too slow to provide services and resources to the business to get their products to market faster.  Cue in “Shadow IT“.

If you want this extensibility you have to either develop it yourself or reach out to some manufacturer for custom services.  This is very expensive and might work on day 1 but when vRA or an application gets updated, and API’s change then your custom code no longer works, ouch!

SovLabs solution is great because it provides you with software that you can own and pay support for and provide the automation for all the steps mentioned above.  This means you can get to that Day 1 much faster and don’t have to worry about Day 2. Awesome where do I sign up!

The list of SovLabs modules available are extensive which means the business applications you use today is probably supported so SovLabs will just tie in directly without many changes required.  The following modules are listed on the website and can also be review here:

Core Pack:

  • Custom naming
  • Microsoft AD
  • DNS
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
  • IPAM
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
    • Solarwinds
  • Notification
  • vSphere DRS
  • vSphere Snapshot management

Advanced bundle:

  • Configuration Management
    • Puppet Enterprise
    • Puppet OpenSource with Foreman
    • Ansible Tower
    • Red Had Satellite
  • Service Management
    • Servicenow (SNOW) CMDB

Container management:

  • Multi-cloud Docker

 

In my upcoming blogs I will be showing just how easy it easy to install and configure these modules.

 

 

vRA 7.2 Silent install: How To

/ johannstander / Leave a comment

Ever since the release of vRA 7.1 I have been trying to make time to test the new silent install.  My initial results were not very positive and I ended up spending hours with VMware GSS trying to figure out what is going with their scripts. In the end GSS pretty much gave up and asked me to wait for the release of 7.2.

Here is a my community post on the issue as well:

https://communities.vmware.com/message/2621224

So here we are today and I finally had some time to complete my tests with vRA 7.2. Spoiler alert! its works pretty well!

So since vRA 7.1 it provides an option for scripted, silent installations which uses executable that references a text-based answer file.

Where a silent unattended/scripted install makes sense is for repeatedly deploying multiple identical.
To start off with, the silent install does not install the appliance OVA (would be nice future enhancement) and this has been to deployed upfront, as well as the deployment and configuration of the Iaas Windows server.
The unattended silent install is then performed from the console of the vRealize Automation appliance utilizing the vra-command which was also introduced in 7.1.

Prerequisites for silent install:

  • Deploy the vRA appliance, but do not log in and start the installation wizard!
  • Deploy IaaS Windows servers . vRA prerequisites are NOT required since this is done through the silent install (this was broken in 7.1)
  • Verify network connectivity and DNS naming resolution.
  • Install vRA management agent on IAAS windows server.

My testing environment will consist of a simple install, but I will try to provide another blog for an enterprise silent install in near future.

1 x vRA 7.2 appliances [vratest.sov.com]
1 x IaaS server (windows)  [vraiaas.sov.com]

To make this silent install even more useful I am using some codes snippets from an awesome script that William Lam created, which allows me to automatically deploy the vRA appliance as well as the IaaS management agent.

There are 3 files required to run this.

  • vRA_simple_install.ps1
    • Script which runs all the tasks to complete. Only need to run this.
  • ha.properties
    • This is a answer file which need to filled out with your vRA deployment information.
  • VRA7-Iaas-Windows-MngtAgent-Install.ps1
    • Script installs the Management Agent on IaaS server.

So my additional requirements:

  • vRA IaaS server is running
  • Complete the ha.properties answer file with your vRA settings.
  • Update the vRA_simple_install script
    • make sure to update the folder location where the files reside
  • Update the VRA7-Iaas-Windows-MngtAgent-Install script

 

Now just run the vRA_simple_install script.ps1.  Steps performed in the Script:

  • Deploy vRA appliances
  • Install vRA Management Agents on IaaS server
  • Copy ha.properties to the vRA appliance server
  • Run vRA silent installer
    • Prerequisites installed and configured on the Windows IaaS servers. This is enabled in the answer file.
    • This take a long time, go make a cup of tea!
  • Review the logs on vRA appliance
    • /var/log/vcac/vra-ha-config.log

 

I am not a programmer so I am sure the scripts can probably be configured in a different/better way but here they are.  If you have any feedback to make this better please let me know.

vra_silent_install

 

Links:

https://pubs.vmware.com/vrealize-automation-72/topic/com.vmware.vrealize.automation.doc/GUID-A931A043-CCAA-48FE-9923-52DB394D050C.html

http://www.virtuallyghetto.com/2016/02/automating-vrealize-automation-7-minimal-install-part-1-vra-appliance-deployment.html