vRA & SovLabs: Installing the plugin modules

As mentioned in my initial blog post on SovLabs, you would have to create custom code in vRO to support the automation of many of the additional steps like custom naming, IPAM, DNS, AD, Load Balancer, but with SovLabs software modules this is really easy. Below are my notes for the prerequisites and the initial installation of the SovLabs modules.

Some prerequisites needs to be completed before installing the plugin:

  1. Configure the vRO service accounting in vRA
    1. Login to the root vRA tenant
    2. Click Administration -> Users & Groups > Custom Groups
    3. Create a Custom Group
    4. Enter a group name and description.
      1. DO NOT put spaces in the group name.
    5. Select the following roles listed in the Add Roles to this Group box
      1.  Tenant Administrator
      2. XaaS Architect
      3. Screen Shot 2017-04-13 at 2.00.41 PM.png
    6. Click Next
    7. Type in the vRO service account or vRO service account group
      1. If this account does not appear make sure it is sync’d.
    8. Click Add
  2. Configure vRO endpoint in vRA
    1. I have an enterprise install with external vRO so I am assuming you already setup the external vRO server in vRA.
    2. Login to vRA tenant
    3. Click Infrastructure tab > Endpoints > Endpoints
    4. Click on New > Orchestration > vRealize Orchestrator
    5. Screen Shot 2017-04-13 at 2.11.58 PM.png
    6. Enter the information
    7. Click on New Custom Property.
    8. Name: VMware.VCenterOrchestrator.Priority
    9. Value: (number, 1 being highest priority)
    10. Click OK
  3. Configure extensibility message timeout in vRA
    1. Login to vRA tenant
    2. Click Infrastructure tab -> administration -> Global Settings
    3. Click the Extensibility lifecycle message timeout row
    4. Click the Edit button
    5. Screen Shot 2017-04-13 at 2.44.44 PM.png
    6. Input a value that will be greater than the longest event workflow subscription timeout (e.g. 04:00:00)
    7. For the timeout setting to take affect, restart the vCloud Automation Center Service first on the primary manager service server and then on secondary.
  4.  Execution permission in vRO
    1. This is necessary for vRO to execute external applications and perform actions like ping. 
    2. These steps also need to be performed on all vRO nodes.
    3. SSH/Putty vRO server as root
    4. Modify the vmo.properties file:
      1. vi /etc/vco/app-server/vmo.properties
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. com.vmware.js.allow-local-process=true
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    5. Modify the js-io-rights.conf file:
      1. vi /etc/vco/app-server/js-io-rights.conf
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. +rwx /tmp
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
    7. Restart the vRO server(s)
      1. service vco-server restart
  5. EMC and Kerberos configuration in vRO
    1. There are some additional steps that you need perform if you are using EMC FEHC 3 and 4, as well as Kerberos.
    2. I am not using these so will skip but documentation provides all the information needed.
    3. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
  6. Configure vRA Endpoints in vRO  (use vRO to create workflows in order to interact with vRA)
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select Design mode
    4. Click workflow tab
    5. Run workflow:  /Library/vRelease Automation/Configuration/Add a vRA host
      1. Screen Shot 2017-04-13 at 2.56.29 PM.png
      2. Enter vRA host name
      3. Host URL
      4. Automatically install Certs = yes
      5. Session mode = shared session
      6. Tenant name
      7. Username and password
        • username@domain.com
      8. Rest of fields not mentioned just leave default
    6. Click Submit
    7. If this fails make sure the service account is searchable in vRA directory users and groups.
  7. Add an IaaS host in vRO
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select the Design mode
    4. Click Workflow tab
    5. Run workflow:  /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
      1. Screen Shot 2017-04-13 at 3.41.47 PM.png
      2. Enter Host Name (IaaS Host FQDN)
      3. Enter Host URL (https://IaaS Host FQDN)
      4. Automatically install Certs = yes
      5. Use proxy = no
      6. Click Next
      7. Default connection settings = yes
      8. Click Next
      9. Host authentication type = NTLM
        • For the NTLM, is it a local user or an LDAP/AD user?
        • If it’s local, you use user@tenant
        • You can also use SSO
      10. Enter Username and password
        • for Username only specify the username and do not add the domain
      11. Workstation leave blank
      12. Enter domain name for NTLM authentication
    6. Click Submit
  8. Environment setup
    1. Review the documentation for additional setup configurations.
    2. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
      1. Firewall configurations provided in documentation
      2. WinRM setup for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
      3. Configuration of Windows member server when direct access to AD server is not permitted in the environment.


Documented steps to install the SovLabs modules into vRA.

  1. Login to vRO control center.
    1. Username root and password
    2. Screen Shot 2017-04-13 at 12.27.08 PM.png
  2. Select Manage Plug-ins
  3. Browse for plug-in file.
  4. The file is available by requesting a trial here:
  5. https://sovlabs.com/trial/
  6. Click Install and wait some time for file to upload
  7. Verify the plug-in name appears
  8. Screen Shot 2017-04-13 at 12.33.03 PM.png
  9. Click Install
  10. You will now be prompted to restart the Orchestrator server for changes to take affect.
  11. Screen Shot 2017-04-13 at 12.34.17 PM.png
  12. Click Startup Options
  13. Click Restart
    1. This window can be misleading since it will quickly change to status running but keep refreshing the page until the yellow bar “server restart required” disappears.  Even thought status shows up it is still initializing on the back end.
  14. If you now go back to Manage Plug-ins you will see sovlabs listed.Screen Shot 2017-04-13 at 12.38.52 PM.png
  15. Important: If you are running a vRO clustered with multiple nodes, make sure to go to each Node and install the plugin (step 1 – 14), since the codebase at the plugin level does not sync. Hopefully we see this in a future release.

First install and configuration of module:

  1. The following process is only performed once for each Tenant in vRA.
  2. Login to vRO client
  3. Select Design mode
  4. Click Workflows tab
  5. Browse to : SovLabs/Configuration/
  6. Right click SovLabs Configuration and select run.
  7. Screen Shot 2017-04-13 at 1.25.46 PM.png
  8. Fill out the workflow
    1. Select Yes on agreement.
    2. Next
    3. Verify correct tenant from dropdown box
    4. Enter the correct Business Group Name
    5. Create SovLabs vRA Catalog Service? = Yes
    6. Security Group = vRA service account in UPN format
    7. Publish License Content? = yes
    8. Click Next
    9. Upgrade existing SovLabs vRA content? = no
    10. Apply Upgrade Transformations? = no
    11. Install or Update SovLabs lifecycle stubs (vRA6.x) or workflow subscriptions (vRA7.x)? = yes
    12. Click Submit
    13. Verify that the SovLabs Configuration workflow completed successfully

Verify the SovLabs plugins are installed correctly, which can done through both vRO and VRA:

  • vRO
    • Login to the vRO server
    • Select the Design mode
    • Click on the Inventory tab
    • Verify that the SovLabs vRA Extensibility Modules plugin exists
  • vRA
    • Login to the desired vRA tenant
    • Click on the Catalog tab
    • Verify that the Add License – SovLabs Modules catalog exists


Now lets license the modules

As mentioned before we don’t need to login to the Orchestrator client (yay!), to manage any of the SovLabs plugins so we can just login directly to our vRA tenant.

  1. Click Catalog tab
  2. Select SovLabs vRA Extensibility Modules
  3. Screen Shot 2017-04-13 at 4.42.01 PM.png
  4. Click Request on Add License – SovLabs Modules
  5. Screen Shot 2017-04-14 at 4.28.05 PM.png
  6. Enter the Product ID
    1. Copy and paste the license key’s file name
  7. Copy and paste ALL the information from within the file.
  8. Click Submit.
  9. Note:  If you install the DNS module, it will automatically be used on all blueprints. To disable it, create a custom property on blueprint with name “SovLabs_DisableDNS” and provide value “true.

If the execution is successful, you will see additional catalog item(s) associated to the module in the Catalog page.

Screen Shot 2017-04-17 at 2.03.37 PM



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s