vRealize Automation with Infrastructure Blueprint – Configuring Multi-developer Environment

vRealize Automation with Infrastructure Blueprint – Configuring Multi-developer Environment

This post was originally published on this site ---

This blog is dedicated to step-by-step instructions on how to quickly configure a vRealize Automation content development environment using vRealize Automation blueprint that is available with the recent 7.4 release.  This blueprint deploys a vRealize Automation instance which is fully governed by vRA placement and governance including approvals and leases with the smallest footprint possible.  This footprint gives the reader room to grow and improvise on their own.

It walks through basic download, installation, configuration steps and gives an example of provisioning request.  More details can be found in the companion ReadMe file.

The blueprint that we’ll use for this is bundled with the vRealize Automation 7.4 appliance, and can be downloaded and imported into the tenant of your choice.  This feature requires vRealize Suite or vRealize Automation Enterprise edition because it makes extensive use of software components for the application installation and configuration

Once the blueprint is imported, some configuration of the environment is needed to make sure its ready to deploy and spin up developer instances of vRA that are appropriate for content development, trying out new features or functional testing.  This is how we do it ourselves in Project Cava

1 – Infrastructure Configuration

  1. Users should configure vRealize Automation environment to use network profiles to control static IP ranges for deployments.
  2. Configure an external network profile using the supplied IPAM endpoint within vRealize Automation is required. For information about how to create and configure network profiles, see the Creating a Network Profile documentation topic.

Verify that the following values are populated for your network profile:

  • Primary DNS
  • Secondary DNS (can be same as a.)
  • DNS suffix

C:bcc8557d59c0ea913da7b6a2b718616c

  1. Host names must be assigned in the DNS controller database for each of the reserved static IP addresses that you use in the above network profiles.
  2. Reverse lookup, for each static IP used in the above network profile, must also be pre-configured.
  3. DNS lookup (running nslookup <IP Address>), for each static-IP used in the network profile, must also be resolvable by your vRealize Automation environment and by each deployed machine.
  • Deploy the VM templates to be used for cloning in the vRealize Automation with infrastructure blueprint to target your vCenter.
  • vRealize Automation virtual appliance:

a.  Deploy your vRealize Automation 7.4 Virtual Appliance OVF with your required password, and SSH session-enabled settings into your vCenter. These values are not updated by the blueprint.Once the OVF is deployed, power on the machine. Allow the machine 15 minutes to power on.

b.  Connect to the machine console by using an SSH session and log in as root. Run the following command to remove the wget utility, if it is installed:

                rm $(which wget)

c. Open the Install the Guest Agent on a Linux Reference Machine documentation topic and install the guest agent and software bootstrap agent. When finished, you can shut down the VM OS by using the following shell command: shutdown -h now. Do not use the power off option

d. Edit the VM settings for your Virtual Appliance. Under vApp options > Application, set the following values:

Enable SSH service in the appliance: check according to preference.

Host name must be set to localhost.

Initial root password: Set this to your preferred password.

Leave all other vApp properties, including networking properties, blank.

The virtual appliance can be converted to a template for cloning.

The vRealize Automation template in the blueprint does not use or need a customization spec. Do not provide a customization spec.

  •   IaaS Windows VM:

a. Verify that all IaaS prerequisites are met for your Windows template, as outlined in the IaaS Windows Servers documentation topic

b. If you plan to provision an IaaS VM as a standalone computer (not part of a domain), verify that the local Administrator user has Log on as Service rights in Local Security Policies Local Policies User Rights Assignment. However, if you plan to provision an IaaS VM as a computer in a domain, verify that the domain user account for running IaaS services has the above assigned rights.

c. VMware Tools must be installed on your IaaS Windows machine. See KB 2004754 for instructions on how to install VMware Tools on a Windows machine.

d. When installing Microsoft SQL Server on your IaaS machine, configure a SQL authentication user (sa), and a password for that user. SQL authentication is an IaaS install requirement. If you plan to provision an IaaS VM as a computer in a domain, use a domain user account for accessing vRA SQL Database. Join the IaaS VM to a target domain, add new domain account in Security => Logins and assign that user public and sysadmin SQL server roles, then disjoin from that domain.

e. Install the http://support.microsoft.com/kb/816042 KB on your Windows template. Also install recommended Microsoft security patches.

f. Verify that there are no virus scanner or protection programs running on the IaaS machine. These programs can interfere with the vRealize Automation installation.

g. Follow the instructions on the https://<vRA server FQDN>/software/index.html page for downloading and running the following PowerShell script on your IaaS template VM: prepare_vra_template_windows

Example instructions are provided below.

C:a3dc857de8209f9329cc978ab91bacf8

h. Create or update a vCenter Customization Specification in Customization Specification Manager. Use this spec for customizing the Windows (IaaS) VM. This spec is used in the blueprint to set VM parameters such as administrator password, Windows license, and domain membership. Values other than the hostname are not updated by the blueprint.

– Your Windows VM must join a workgroup or a domain.

– Set an Administrator password and cannot leave it blank. This value will be used in the deployment blueprint, and does not get set later.

– Select the UTC option. Only UTC is currently supported.

– If you are using linked cloning with snapshots, shut down your VMs and take snapshots.

– If you are not using linked cloning, shut down your VMs and convert them to templates for cloning.

2 – IaaS Manager Service Configuration

 

If you expect to use vRealize Orchestrator extensibility workflows (such as the MachineProvisoned workflow used in this content package) to run longer than the default setting of 30 minutes to avoid requests timing out, update the following setting: *Infrastructure => Administration => Global Settings => Group: Extensibility => Extensibility lifecycle message timeout{*}:

C:9501bd2e93cccd237b075705962c3a21
Note: If you update the timeout setting, restart the IaaS Manager Service for it to take effect

3 – Import Blueprint & Software Component Contents

 

Use vRealize CloudClient 4.x to import the vRAIaaSAppForvSphere.zip file that you downloaded from the vRealize appliance into your vRealize Automation tenant. The zip file contains the out-of-the-box vRA blueprint and several software components that are used in the blueprint.
The blueprint name is vRealize Automation with Infrastructure. The blueprint ID is vRealizeAutomationwithInfrastructure.
You can download CloudClient at https://code.vmware.com/tool/cloudclient. When you download CloudClient, also download the CloudClient documentation.
See the CloudClient documentation for information about using the vRA content import command to validate and then import the blueprint and software component contents into your environment.
Example of importing vRA blueprint is shown below:

cloudclient>vra content import –path “<folder>vRAIaaSAppForvSphere.zip” –dry-run NO –resolution OVERWRITE –precheck WARN
`————

Notification

————

Performing import precheck for [<folder>vRAIaaSAppForvSphere.zip]. Note this operation does not import any content.
———————-

Import Precheck Result

———————-
WARNING : Import precheck finished with warnings.

  • 10 content(s) were validated with warnings.
  • Nothing was imported.
  • Run command with ‘–verbose’ option to see details.

————

Notification

————

  • Importing [<folder>vRAIaaSAppForvSphere.zip]. Note this operation will import the given content unless it encounters failures.

————-

Import Result

————-
WARNING : Import finished with warnings.

  • 10 content(s) were imported successfully.

The above message from Cloud Client command confirms that the Blueprint and its related software components were successfully imported into the target vRealize Automation tenant.

4 – vRealize Orchestrator Configuration

  1. One-time setup of the Event Broker extensibility package for vRealize Orchestrator:
    • Import the supplied com.vmware.ctoa.ebs.extensibility.package file as described in the Import a Package topic in the vRealize Orchestrator documentation.
    • Configure vRealize Automation host settings for vRealize Orchestrator plug-ins as described in the Add a vRealize Automation Host topic in the vRealize Orchestrator documentation.
    • Configure the vRealize Automation IaaS host as described in the Add an IaaS Host topic in the vRealize Orchestrator documentation. Sample configurations for vRealize Automation and the IaaS plug-ins are shown below:

C:4077d5152922b308ace9411976fa421f

  • Run the Setup EBS Extensibility workflow located in the EBS Extensibility – Configuration folder.Select the vRAHost instance that corresponds to the target tenant, as in the following example:

C:c2eb9b0aa983c28b5dc218c44785e24c

Select All for machine properties:

C:ec1e0d0b6e72a62255d7125de1d787ba

Click Submit and then monitor the vRO log in the vRO development client to check for messages confirming your EBS extensibility setup.

[2018-01-16 16:56:00.171] [I] Creating workflow subscription…
[2018-01-16 16:56:00.738] [I] Workflow subscription EBS Extensibility – Provision created.
[2018-01-16 16:56:00.993] [I] Creating workflow subscription…
[2018-01-16 16:56:01.334] [I] Workflow subscription EBS Extensibility – Lifecycle created.
[2018-01-16 16:56:01.446] [I] EBS Property group with ID ‘EBSExtensibility’ will be created
[2018-01-16 16:56:01.830] [I]
[2018-01-16 16:56:01.872] [I] The following property can be used if the property group ‘EBS Extensibility’ is assigned to the blueprint:
EBS.BuildingMachine
EBS.MachineProvisioned
EBS.UnprovisionMachine
EBS.DisposingPre
EBS.DisposingPost
EBS.MachineCloned
EBS.InitialPowerOn
EBS.On
EBS.Off
EBS.Reboot
EBS.Requested
EBS.Expired
——————————————————————————————————————————————

2.  Configure the connection to a vCenter server as described in the documented in the Configure the Connection to a vCenter Server Instance topic in vRealize Orchestrator documentation.

3.  Import the supplied com.vmware.cse.vrarelease.package file as described in the Import a Package topic in vRealize Orchestrator documentation.
4.  Update the vRealize Orchestrator configuration element (vCACCava ==> Server) settings to match the host names in the target vRealize Automation environment as described in the Configuration Elements topic in vRealize Orchestrator documentation.

Select Design from the vRealize Orchestrator client drop-down menu.

– Select the Configurations view.

– Expand the *vCAC Cava ==> Server* element, click Edit and configure the following properties:

– Specify the FQDN for the following elements in the Attributes tab.

          vcacHostname – FQDN of your vRealize Automation server
iaasHostname – IaaS of your vRealize Manager Service server

An example of these configuration attributes is shown below:

C:7be674bbf2f78f7575dc61e7b68faa29

– Click Save and Close to save your configuration settings.

(OPTIONAL if using custom e-mail notifications) Change vRealize Orchestrator configuration element (vCACCava Notifications) settings to specify settings such as company SMTP server, user name, and password. You can also specify the fromAddress and fromName values to display the sender e-mail address and sender name in messages.

An example is shown below:

C:fef490b928562124f1c758c653b4b884

  5 – vRealize Automation Tenant Configuration

  • Run inventory data collection on the compute resource corresponding to your vCenter to collect the template and VM changes that you have made.
  • Create a vRO endpoint as described in the Create a vRealize Orchestrator Endpoint topic in vRealize Automation documentation.
  • Configure the vRO endpoint to enable Event Broker subscriptions-based extensibility as described in the Configure the Embedded vRealize Orchestrator Server topic in vRealize Automation documentation.
  • Create a reservation as described in the Create a Reservation topic in vRealize Automation documentation, being sure to use a resource pool and assign the network profile that you created in section 1 (Infrastructure Configuration). An example reservation is shown below:

C:55d182ee764df728bd66e95ffdde06ca

(OPTIONAL If using custom e-mail notifications). Click *Administration => Events => Subscriptions* and create a non-blocking subscription for the blueprint to the Catalog item request completed event by using the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow as a target. Base your subscription on conditions as shown in the following example. Use the BlueprintID value for the conditions as shown in the following screenshot:

C:77cc7dd52a6ece33c4669835f32b9a0b

  • Use the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow as a target for the non-blocking subscription as shown in the following illustration:

C:c55bcf195f5f37ed35c90daf1e0d07c4

  • Publish the newly created subscription and verify that its status appears as Published by selecting Administration > Events > Subscriptions as shown in the following example.

For information about Event Broker Subscription publishing, see Working with Provisioning and Life Cycle Workflow Subscriptions and Scenario: Create a Post-Provisioning Snapshot Workflow Subscription in vRealize Automation documentation.

C:b2195e67f4fafcafdaea2c52d627c772
NOTE: You can customize the content of notification e-mails by changing the Get VM properties part of deployment and use them for SUCCESS E-mail generations script operator in the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow.

6 – Blueprint Level Configuration Updates

  • In vRealize Automation, open the vRealize Automation blueprint in each VM and select a Clone or Linked Clone build information action for each VM. Verify that the correct VM template for each component is selected as a Clone From source and, in the case of LinkedClone, that its latest snapshot corresponds to a state in which all the previous prerequisites are configured. For the IaaS Windows machine, add the desired customization specification as shown in the following example:

C:a74a67b968b5569cfd1a80594f1dab2d

  • Click the Storage tab for each VM and, if present, delete the 1 GB drive that contains the DELETE THIS label.
  • Customize any necessary reservation policies, machine prefixes, and lease settings.
  • Modify or verify custom property settings in the overall blueprint as described below.
  • Open the Custom Properties or Property Groups UI page In vRealize Automation, click Design > Blueprints and select the blueprint that you want to open from the list.
  • Click the Blueprint Properties icon and then click Properties > Property Groups or Custom Properties.C:357e9ad77c0f266c4665585084afcb13C:3e38b8425834e035b9e36491e3619f9c

        NOTE: All custom properties that are not listed below can be left as is.

Custom Properties for vRA – vSphere Machine:

  • vcac_va_license_key – enter your vRealize Automation developer license key.
  • Verify that the EBS Extensibility custom property group, which was created automatically in section 4 (vRealize Orchestrator Configuration) is listed in the Property Groups list for your open blueprint.

C:61eac84eb272c4042071d6b15f6e0419

  • EBS.MachineProvisioned – Verify that the Global ID of the Release – Machine Provisioned activities EBS vRealize Orchestrator workflow is entered. That ID can be found by selecting the workflow in the Orchestrator client. See the following image as an example.

C:f5d9a47b957fd60b6238f7d3e031b01a

  • vcac_va_root_password – The root password for the vRealize Automation virtual appliance should match the one configured in section 1 (Infrastructure Configuration) for the corresponding VM template.

Custom Properties IaaS – vSphere Machine

  • iaas_va_admin_password – Specifies the Windows VM Administrator user password (for Administrator user if local, for Domain user if IaaS VM joins a domain).
  • iaas_va_admin_user – Specifies the Windows VM Administrator user – (for Administrator user if local, for Domain user if IaaS VM joins a domain).
  • Verify that the custom property group EBS Extensibility, created in section 1 (vRealize Orchestrator Configuration) appears in the Property Groups list.
  • EBS.MachineProvisioned – Verify that the Global ID of the Release – MachineProvisioned – Set VM Hostname vRealize Orchestrator workflow is listed. You can find the global ID value by selecting the workflow in the Orchestrator client.

Custom properties – Common software component:

  • ntp_servers – Specifies the NTP server(s) address or hostname for the network where VMs will be deployed
  • OPTIONAL. If the IaaS VM joins a domain, specify values for the following properties for Domain user with rights to rename computers on the Domain used in the Standalone-VMware-IaaS-Server-7.2_and_Higher_1 component.
    • ad_domain – Specifies the domain name (for example company.com).
    • ad_password – Specifies the domain administrator user password.
    • ad_username – Specifies the domain administrator user name.

Custom properties – Standalone-vRA-Server-7.2_and_Higher_1 software component

  • cert_sign – Specifies the SHA2 value for self-signed certificate. Default (sha256) can be used.
  • certificate_country_code– Specifies the self-signed certificate country code. Default (US) can be used.
  • certificate_organisation_name– Specifies the self-signed certificate organization name. Default (Organisation) can be used.
  • certificate_organisation_unit– Specifies the self-signed certificate organization unit. Default (CMBU) can be used.
  • days_valid– Specifies the self-signed certificate validity range. Default (1825) can be used.
  • horizonpass– Specifies the Administrator user password for the default vRA tenant (administrator@vsphere.local).
  • iaas_db_name– Specifies the IaaS database name. Default (vra) can be used.
  • iaas_db_windows_auth– Specifies the flag whether to use Windows authorization for connection to SQL database. Default (false) can be used if default user (sa) is used for connection, otherwise need to be changed to true.
  • iaaspassphrase– Specifies the IaaS database encryption passphrase, secured string value. Non-default value recommended.
  • mssql_user– Specifies the IaaS database username used for connection to SQL database. Default (sa) can be used or, in case when IaaS VM joins a Domain and has a pre-defined domain service account added, a domain user account.
  • mssql_pass– Specifies the IaaS database password for SQL Server authentication user above. Should match password for default sa user or password for domain user service account if that is used on the IaaS VM template.
  • vsphere_agent_endpoints– Specifies the Name of vSphere endpoint to configure for vRealize Automation vSphere proxy agent. The name of the endpoint that gets created later in the product must match this value. One agent must be installed. Default value (vCenter) can be used.
  • vsphere_agent_names– Specifies the name of vRealize Automation vSphere proxy agent service that gets installed on IaaS machine. One agent must be installed. Default value (vCenter) can be used.
  • web_site_name– Specifies the name of the default IIS Web site for IaaS components. Default (Default Web Site) can be used.

An example of some of these property values is shown on the screenshot below:

C:1b51480d0e56fd4f6de0c330318b1bb8

After making changes to custom properties and property groups settings, click OK. Click Save to save blueprint changes and click Finish to exit out of the saved blueprint.

7 – Catalog Management

  • Publish the blueprint that you just updated and saved in section 6 (Blueprint Level Configuration Updates) by selecting the blueprint from the Blueprints view and clicking Publish.

For information about publishing, see Publishing a Blueprint in vRealize Automation documentation.

C:b40af86d2502b183b6c33b36f1d7a94

The blueprint is published to the vRealize Automation services catalog.

An example of catalog item configuration is shown below:

C:e63444b8ce94790a3921caa23f569634

For more information about the catalog and managing catalog items, services, and entitlements, see the Managing the Service Catalog topic in vRealize Automation documentation.

8 – Blueprint Provisioning and Deployment

  • Request provisioning of the published blueprint and verify its progress.

In vRealize Automation user interface, click Catalog.
Locate the published blueprint, click Request and respond to prompts, then submit a request.

  • An example of a successful vRealize Automation blueprint provisioning request is shown below:

C:b08c818f666df0ffd4ce8847c7688bd3

 

  •   If provisioning request fails or is only partially successful, examine the failed tasks by clicking the circled button with the ellipses. Make any necessary adjustments or configuration changes in the blueprint, based on the exceptions, then request provisioning again.

C:f4f326524acbde260fa8c1d6ff253c06

  • In case of either Success or Failure of vRA blueprint provisioning (if Event Broker subscription workflow is configured as illustrated in Section 5) , there should be a notification e-mail with a content like following:

        Thank you for your vRealize Automation Content request!

        Your Request status for deployment of Blueprint vRealize Automation with Infrastructure Updated into tenant: qe is below:

        Deployment name: vRealize Automation with Infrastructure Updated-51881796, description: Now requesting standalone IaaS

  • vRA VM Name: oem-vra-0011
  • Build Type-Number: ob-4660246
  • Hardware capacity: CPU count: 4, RAM (Mb): 18432, Total Disk Usage(Mb): 143360
  • Management/API/Other URL: https://dz-vra-oem-5.sqa.local:5480, login: root, password: VMware1!
  • Hostname: dz-vra-oem-5.sqa.local
  • IP address: 10.145.154.10
  • Default Tenant URL: https://dz-vra-oem-5.sqa.local/vcac
  • Default Tenant Admin credentials (administrator@vsphere.local) – VMware1!
  • Lease Days: 10
  • IaaS VM Name: oem-iaas-0013
  • Hardware capacity: CPU count: 2, RAM (Mb): 8192, Total Disk Usage(Mb): 92160
  • Management/API/Other URL: (RDP) mstsc /v:dz-vra-oem-6.sqa.local, login: Administrator, password: VMware1!
  • Hostname: dz-vra-oem-6.sqa.local
  • IP address: 10.145.154.11
  • Lease Days: 10

Follow up

Now that you can spin up developer instances of vRA for every developer in your team we’ll show how to use the Lifecycle Manager Content Management features to put a end to end DevOps workflow behind content development.  The best part is developers get to work independently without stepping on each other, content is properly tested before being pushed to Production and velocity goes up because people are working in clean environments.

While we get that post ready, get started here and let us know how it goes.

 

The post vRealize Automation with Infrastructure Blueprint – Configuring Multi-developer Environment appeared first on VMware Cloud Management.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.