vRA & SovLabs: Installing the plugin modules

As mentioned in my initial blog post on SovLabs, you would have to create custom code in vRO to support the automation of many of the additional steps like custom naming, IPAM, DNS, AD, Load Balancer, but with SovLabs software modules this is really easy. Below are my notes for the prerequisites and the initial installation of the SovLabs modules.

Some prerequisites needs to be completed before installing the plugin:

  1. Configure the vRO service accounting in vRA
    1. Login to the root vRA tenant
    2. Click Administration -> Users & Groups > Custom Groups
    3. Create a Custom Group
    4. Enter a group name and description.
      1. DO NOT put spaces in the group name.
    5. Select the following roles listed in the Add Roles to this Group box
      1.  Tenant Administrator
      2. XaaS Architect
      3. Screen Shot 2017-04-13 at 2.00.41 PM.png
    6. Click Next
    7. Type in the vRO service account or vRO service account group
      1. If this account does not appear make sure it is sync’d.
    8. Click Add
  2. Configure vRO endpoint in vRA
    1. I have an enterprise install with external vRO so I am assuming you already setup the external vRO server in vRA.
    2. Login to vRA tenant
    3. Click Infrastructure tab > Endpoints > Endpoints
    4. Click on New > Orchestration > vRealize Orchestrator
    5. Screen Shot 2017-04-13 at 2.11.58 PM.png
    6. Enter the information
    7. Click on New Custom Property.
    8. Name: VMware.VCenterOrchestrator.Priority
    9. Value: (number, 1 being highest priority)
    10. Click OK
  3. Configure extensibility message timeout in vRA
    1. Login to vRA tenant
    2. Click Infrastructure tab -> administration -> Global Settings
    3. Click the Extensibility lifecycle message timeout row
    4. Click the Edit button
    5. Screen Shot 2017-04-13 at 2.44.44 PM.png
    6. Input a value that will be greater than the longest event workflow subscription timeout (e.g. 04:00:00)
    7. For the timeout setting to take affect, restart the vCloud Automation Center Service first on the primary manager service server and then on secondary.
  4.  Execution permission in vRO
    1. This is necessary for vRO to execute external applications and perform actions like ping. 
    2. These steps also need to be performed on all vRO nodes.
    3. SSH/Putty vRO server as root
    4. Modify the vmo.properties file:
      1. vi /etc/vco/app-server/vmo.properties
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. com.vmware.js.allow-local-process=true
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    5. Modify the js-io-rights.conf file:
      1. vi /etc/vco/app-server/js-io-rights.conf
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. +rwx /tmp
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
    7. Restart the vRO server(s)
      1. service vco-server restart
  5. EMC and Kerberos configuration in vRO
    1. There are some additional steps that you need perform if you are using EMC FEHC 3 and 4, as well as Kerberos.
    2. I am not using these so will skip but documentation provides all the information needed.
    3. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
  6. Configure vRA Endpoints in vRO  (use vRO to create workflows in order to interact with vRA)
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select Design mode
    4. Click workflow tab
    5. Run workflow:  /Library/vRelease Automation/Configuration/Add a vRA host
      1. Screen Shot 2017-04-13 at 2.56.29 PM.png
      2. Enter vRA host name
      3. Host URL
      4. Automatically install Certs = yes
      5. Session mode = shared session
      6. Tenant name
      7. Username and password
        • username@domain.com
      8. Rest of fields not mentioned just leave default
    6. Click Submit
    7. If this fails make sure the service account is searchable in vRA directory users and groups.
  7. Add an IaaS host in vRO
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select the Design mode
    4. Click Workflow tab
    5. Run workflow:  /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
      1. Screen Shot 2017-04-13 at 3.41.47 PM.png
      2. Enter Host Name (IaaS Host FQDN)
      3. Enter Host URL (https://IaaS Host FQDN)
      4. Automatically install Certs = yes
      5. Use proxy = no
      6. Click Next
      7. Default connection settings = yes
      8. Click Next
      9. Host authentication type = NTLM
        • For the NTLM, is it a local user or an LDAP/AD user?
        • If it’s local, you use user@tenant
        • You can also use SSO
      10. Enter Username and password
        • for Username only specify the username and do not add the domain
      11. Workstation leave blank
      12. Enter domain name for NTLM authentication
    6. Click Submit
  8. Environment setup
    1. Review the documentation for additional setup configurations.
    2. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
      1. Firewall configurations provided in documentation
      2. WinRM setup for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
      3. Configuration of Windows member server when direct access to AD server is not permitted in the environment.

Continue reading

SovLabs: Extending vRealize Automation to achieve an automated end to end solution

All CMP solutions let you deploy a VM out of the box, but what then?
We all know that it takes way more than just a VM to get a fully functional system.
There are many steps to consider when deploying a VM and application, here are just to name a few but this list can get very long:

  • Computer name assignment base on company computer naming policy
  • IP address assignment
  • Register with DNS
  • Join Active Directory
  • Appropriate security permission applied
  • Server build runbook applied
  • Get a virtual IP address from Load Balancer
  • Create/Modify firewall rules
  • Install application

In most IT organizations these steps would normally require a handoff between different departments and this is where IT becomes too slow to provide services and resources to the business to get their products to market faster.  Cue in “Shadow IT“.

If you want this extensibility you have to either develop it yourself or reach out to some manufacturer for custom services.  This is very expensive and might work on day 1 but when vRA or an application gets updated, and API’s change then your custom code no longer works, ouch!

SovLabs solution is great because it provides you with software that you can own and pay support for and provide the automation for all the steps mentioned above.  This means you can get to that Day 1 much faster and don’t have to worry about Day 2. Awesome where do I sign up!

The list of SovLabs modules available are extensive which means the business applications you use today is probably supported so SovLabs will just tie in directly without many changes required.  The following modules are listed on the website and can also be review here:

Core Pack:

  • Custom naming
  • Microsoft AD
  • DNS
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
  • IPAM
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
    • Solarwinds
  • Notification
  • vSphere DRS
  • vSphere Snapshot management

Advanced bundle:

  • Configuration Management
    • Puppet Enterprise
    • Puppet OpenSource with Foreman
    • Ansible Tower
    • Red Had Satellite
  • Service Management
    • Servicenow (SNOW) CMDB

Container management:

  • Multi-cloud Docker

 

In my upcoming blogs I will be showing just how easy it easy to install and configure these modules.