vRealize Automation with Infrastructure Blueprint – Configuring Multi-developer Environment

This blog is dedicated to step-by-step instructions on how to quickly configure a vRealize Automation content development environment using vRealize Automation blueprint that is available with the recent 7.4 release.

By deploying this blueprint, you can get your IaaS content development environment set up quickly so you can start creating/editing content and share it with other developers. We will  walk through basic download, installation, configuration steps and gives an example of provisioning request.  More details can be found in the companion ReadMe file.

The blueprint that we’ll use for this is bundled with the vRealize Automation 7.4 appliance, and can be downloaded and imported into the tenant of your choice.  This feature requires vRealize Suite or vRealize Automation Enterprise edition because it makes extensive use of software components for the application installation and configuration. Once the blueprint is imported, some configuration of the environment is needed to make sure it’s ready to deploy and spin up instances of vRealize Automation that are appropriate for content development, trying out new features or functional testing.  This is how we do it ourselves in CMBU Project Cava.

1 – Infrastructure Configuration

1. Users should configure vRealize Automation environment to use network profiles to control static IP ranges for deployments.
2. Configure an external network profile using the supplied IPAM endpoint within vRealize Automation is required. For information about how to create and configure network profiles, see the Creating a Network Profile documentation topic.

Verify that the following values are populated for your network profile:

• Primary DNS
• Secondary DNS (can be same as a.)
• DNS suffix

• Host names must be assigned in the DNS controller database for each of the reserved static IP addresses that you use in the above network profiles.
• Reverse lookup, for each static IP used in the above network profile, must also be pre-configured.
• DNS lookup (running nslookup <IP Address>), for each static-IP used in the network profile, must also be resolvable by your vRealize Automation environment and by each deployed machine.

3.  Deploy the VM templates to be used for cloning in the vRealize Automation with infrastructure blueprint to target your vCenter.

4.  vRealize Automation virtual appliance:

• Deploy your vRealize Automation 7.4 Virtual Appliance OVF with your required password, and SSH session-enabled settings into your vCenter. These values are not updated by the blueprint. Once the OVF is deployed, power on the machine. Allow the machine 15 minutes to power on.
• Connect to the machine console by using an SSH session and log in as root. Run the following command to remove the wget utility (if it is installed), since it is not used during provisioning of blueprint:   

                 rm $(which wget)

• Follow the Install the Guest Agent on a Linux Reference Machine documentation topic and install the guest agent and software bootstrap agent. When finished, you can shut down the VM OS by using the following shell command: shutdown -h now. Do not use the power off option
• Edit the VM settings for your Virtual Appliance. Under vApp options > Application, set the following values:

– Enable SSH service in the appliance: check according to preference.

– Host name must be set to localhost. – Initial root password: Set this to your preferred password.

– Leave all other vApp properties, including networking properties, blank. The virtual appliance can be converted to a template for cloning.

The vRealize Automation template in the blueprint does not use or need a customization specification – do not provide it in the blueprint.

5. IaaS Windows VM:

• Verify that all IaaS prerequisites are met for your Windows template, as outlined in the IaaS Windows Servers documentation topic
• If you plan to provision an IaaS VM as a standalone computer (not part of a domain), verify that the local Administrator user has Log on as Service rights in Local Security Policies => Local Policies => User Rights Assignment. However, if you plan to provision an IaaS VM as a computer in a domain, verify that the domain user account for running IaaS services has the above assigned rights.
• VMware Tools must be installed on your IaaS Windows machine. See KB 2004754 for instructions on how to install VMware Tools on a Windows machine.
• When installing Microsoft SQL Server on your IaaS machine, configure a SQL authentication user (sa), and a password for that user. SQL authentication is an IaaS install requirement. If you plan to provision IaaS VM as a computer in a domain, use a domain user account for accessing vRA SQL Database. Join the IaaS VM to a target domain, add new domain account in Security => Logins and assign that user public and sysadmin SQL server roles, then dis-join from that domain.
• Install the http://support.microsoft.com/kb/816042 KB on your Windows template. Also install recommended Microsoft security patches.
• Verify that there are no virus scanner or protection programs running on the IaaS machine. These programs can interfere with the vRA installation.
• Follow the instructions on the https://<vRA server FQDN>/software/index.html page for downloading and running the following PowerShell script on your IaaS template VM: prepare_vra_template_windows Example instructions are shown below
• Create or update a vCenter Customization Specification in Customization Specification Manager. Use this spec for customizing the Windows (IaaS) VM in the blueprint to set VM parameters such as administrator password, Windows license, and domain membership. Values other than the hostname are not updated by the blueprint.

                – IaaS Windows VM must join a workgroup or a domain.

                – Set an Administrator password and cannot leave it blank. This value will be used in the deployment blueprint, and does not get set later.

                – Select the UTC time zone option. Only UTC is currently supported.

                – If you are using linked cloning with snapshots, shut down your VMs and take snapshots.

6. If you are not using linked cloning, shut down your VMs and convert them to templates for cloning.

2 – IaaS Manager Service Configuration

If you expect to use vRealize Orchestrator extensibility workflows (such as the MachineProvisoned workflow used in this content package) to run longer than the default setting of 30 minutes to avoid requests timing out, update the following setting: Infrastructure => Administration => Global Settings => Group: Extensibility => Extensibility lifecycle message timeout:

Note: If you update the timeout setting, restart the IaaS Manager Service for it to take effect.

3 – Import Blueprint & Software Component Contents

Use vRealize CloudClient 4.x to import the vRAIaaSAppForvSphere.zip file that you downloaded from the vRealize appliance into your vRealize Automation tenant. The zip file contains the out-of-the-box vRA blueprint and several software components that are used in the blueprint. The blueprint name is vRealize Automation with Infrastructure. The blueprint ID is vRealizeAutomationwithInfrastructure. You can download CloudClient at https://code.vmware.com/tool/cloudclient. When you download CloudClient, also download the CloudClient documentation. See the CloudClient documentation for information about using the vra content import command to validate and then import the blueprint and software component contents into your environment. Example of import vRA blueprint command is shown below:

cloudclient>vra content import --path "<folder>\vRAIaaSAppForvSphere.zip" --dry-run NO --resolution OVERWRITE
 --precheck WARN
`+------------+
|Notification|
+------------+
 * Performing import precheck for [<folder>\vRAIaaSAppForvSphere.zip]. Note this operation does not 
import any content.
+----------------------+
|Import Precheck Result|
+----------------------+
WARNING : Import precheck finished with warnings.
 * 10 content(s) were validated with warnings.
 * Nothing was imported.
 * Run with '--verbose' option to see details.
+------------+
|Notification|
+------------+
 * Importing [<folder>\vRAIaaSAppForvSphere.zip]. Note this operation will import the given content
 unless it encounters failures.
+-------------+
|Import Result|
+-------------+
WARNING : Import finished with warnings.
 * 10 content(s) were imported successfully.

The above message confirms that the vRealize Automation blueprint and its related software components
 were successfully imported into the target vRealize Automation tenant.

 4 – vRealize Orchestrator Configuration

1. One-time setup of the Event Broker extensibility package for vRealize Orchestrator:
   • Import the supplied com.vmware.ctoa.ebs.extensibility.package file as described in the Import a Package topic in the vRealize Orchestrator documentation.
   • Configure vRealize Automation host settings for vRealize Orchestrator plug-ins as described in the Add a vRealize Automation Host topic in the vRealize Orchestrator documentation.
   • Configure the vRealize Automation IaaS host as described in the Add an IaaS Host topic in the vRealize Orchestrator documentation. Sample configurations for vRealize Automation and the IaaS plug-ins are shown below:

Run the Setup EBS Extensibility workflow located in the EBS Extensibility – Configuration folder. Select the vRA Host instance that corresponds to the target tenant, as shown in the following example:

Select All for machine properties on the next screen.  Click Submit and monitor the vRO log in the vRO development client to check for messages confirming your EBS extensibility setup.

[2018-01-16 16:56:00.171] [I] Creating workflow subscription... 
[2018-01-16 16:56:00.738] [I] Workflow subscription EBS Extensibility - Provision created.   
[2018-01-16 16:56:00.993] [I] Creating workflow subscription...
[2018-01-16 16:56:01.334] [I] Workflow subscription EBS Extensibility - Lifecycle created. 
[2018-01-16 16:56:01.446] [I] EBS Property group with ID 'EBSExtensibility' will be created
[2018-01-16 16:56:01.872] [I] The following property can be used if the property group 
'EBS Extensibility' is assigned to the blueprint:   
EBS.BuildingMachine  
EBS.MachineProvisioned
EBS.UnprovisionMachine
EBS.DisposingPre
EBS.DisposingPost
EBS.MachineCloned
EBS.InitialPowerOn
EBS.On 
EBS.Off 
EBS.Reboot  
EBS.Requested 
EBS.Expired
 -------------------------------------------------------------------------------------------------------------------------------------------

2.  Configure plugin connection to a vCenter server as described in the documented in the Configure the Connection to a vCenter Server Instance topic in vRealize Orchestrator documentation.

3.  Import the supplied com.vmware.cse.vrarelease.package file as described in the Import a Package topic in vRealize Orchestrator documentation.

4.  Update the vRealize Orchestrator configuration element (vCACCava => Server) settings to match the host names in the target vRealize Automation environment as described in the Configuration Elements topic in vRealize Orchestrator documentation.

– Select Design from the vRealize Orchestrator client drop-down menu.

– Select the Configurations view.

– Expand the ‘vCAC Cava => Server’ element, click Edit and configure the following properties:

– Specify the FQDN for the following elements in the Attributes tab.

           vcacHostname – FQDN of your vRealize Automation server, iaasHostname – FQDN of your vRealize IaaS Manager  Service server.

An example of these configuration attributes is shown below:

(OPTIONAL if using custom e-mail notifications)

Change vRealize Orchestrator configuration element (vCACCava -> Notifications) settings to specify settings such as company SMTP server, user name, and password. You can also specify the fromAddress and fromName values to display the sender e-mail address and sender name in message, as show in the example below:

 5 – vRealize Automation Tenant Configuration

• Run inventory data collection on the compute resource corresponding to your vCenter to collect the template and VM changes that you have made.
• Create a vRO endpoint as described in the Create a vRealize Orchestrator Endpoint topic in vRealize Automation documentation.
• Configure the vRO endpoint to enable Event Broker subscriptions-based extensibility as described in the Configure the Embedded vRealize Orchestrator Server topic in vRealize Automation documentation.
• Create a reservation as described in the Create a Reservation topic in vRealize Automation documentation, being sure to use a resource pool and assign the network profile that you created in section 1 (Infrastructure Configuration). An example reservation is shown below:

(OPTIONAL If using custom e-mail notifications). Navigate to ‘Administration => Events => Subscriptions‘ and create a non-blocking subscription for the blueprint to the ‘Catalog item request completed’ event using the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow as a target. Base your subscription on conditions using the BlueprintID value (Equals or Contains clause) for the subscription conditions.

An example is shown in the following screenshot:

Use the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow as a target for a non-blocking subscription with its input and output parameters,  as shown in the following example:

Publish the newly created subscription and verify that its status appears as Published in the  Administration => Events => Subscriptions as shown in the following example.

For more information about Event Broker Subscription publishing, see Working with Provisioning and Life Cycle Workflow Subscriptions and Scenario: Create a Post-Provisioning Snapshot Workflow Subscription in vRealize Automation documentation.

NOTE: You can customize the content of notification e-mails by changing the Get VM properties part of deployment and use them for SUCCESS E-mail generations script operator in the Get Payload Properties – Blueprint or Catalog requests – send E-mail notification vRO workflow.

6 – Blueprint Level Configuration Updates

• In vRealize Automation, open the vRealize Automation blueprint in each VM and select a Clone or Linked Clone build information action for each VM. Verify that the correct VM template for each component is selected as a Clone From source and, in the case of LinkedClone, that its latest snapshot corresponds to a state in which all the previous prerequisites are configured. For the IaaS Windows machine, add the desired customization specification as shown in the following example:

• Click the Storage tab for each VM and, if present, delete the 1 GB drive that contains the DELETE THIS label.
• Customize any necessary reservation policies, machine prefixes, and lease settings.
• Modify or verify custom property settings in the overall blueprint as described below.
• Open the Custom Properties or Property Groups UI page In vRealize Automation, click Design > Blueprints and select the blueprint that you want to open from the list.
• Click the Blueprint Properties icon and then click Properties > Property Groups or Custom Properties.

        NOTE: All custom properties that are not listed below can be left as is.

      Custom Properties for vRA – vSphere Virtual Machine:

• vcac_va_license_key – enter your vRealize Automation developer license key.
• Verify that the EBS Extensibility custom property group, which was created automatically in section 4 (vRealize Orchestrator Configuration) is listed in the Property Groups list for your open blueprint.

• EBS.MachineProvisioned – Verify that the Global ID of the Release – Machine Provisioned activities EBS vRealize Orchestrator workflow is entered. That ID can be found by selecting the workflow in the vRO client. See the following image as an example.

• vcac_va_root_password – The root password for the vRealize Automation virtual appliance should match the one configured in section 1 (Infrastructure Configuration) for the corresponding VM template.

       Custom Properties for IaaS – vSphere Virtual Machine:

• iaas_va_admin_password – Specifies the Windows VM Administrator user password (for Administrator user if local, for Domain user if IaaS VM joins a domain).
• iaas_va_admin_user – Specifies the Windows VM Administrator user – (for Administrator user if local, for Domain user if IaaS VM joins a domain).
• Verify that the custom property group EBS Extensibility, created in section 1 (vRealize Orchestrator Configuration) appears in the Property Groups list.
• EBS.MachineProvisioned – Verify that the Global ID of the Release – MachineProvisioned – Set VM Hostname vRealize Orchestrator workflow is listed. You can find the global ID value by selecting the workflow in the Orchestrator client.

      Custom properties – Common Software component:

• ntp_servers – Specifies the NTP server(s) address or hostname for the network where VMs will be deployed
• OPTIONAL. If the IaaS VM joins a domain, specify values for the following properties for Domain user with rights to rename computers on the Domain used in the Standalone-VMware-IaaS-Server-7.2_and_Higher_1 component.
  • ad_domain – Specifies the domain name (for example company.com).
  • ad_password – Specifies the domain administrator user password.
  • ad_username – Specifies the domain administrator user name.

     Custom properties – Standalone-vRA-Server-7.2_and_Higher_1 Software component:

• cert_sign – Specifies the SHA2 value for self-signed certificate. Default (sha256) can be used.
• certificate_country_code– Specifies the self-signed certificate country code. Default (US) can be used.
• certificate_organisation_name– Specifies the self-signed certificate organization name. Default (Organisation) can be used.
• certificate_organisation_unit– Specifies the self-signed certificate organization unit. Default (CMBU) can be used.
• days_valid– Specifies the self-signed certificate validity range. Default (1825) can be used.
• horizonpass– Specifies the Administrator user password for the default vRA tenant ([email protected]).
• iaas_db_name– Specifies the IaaS database name. Default (vra) can be used.
• iaas_db_windows_auth– Specifies the flag whether to use Windows authorization for connection to SQL database. Default (false) can be used if default user (sa) is used for connection, otherwise need to be changed to true.
• iaaspassphrase– Specifies the IaaS database encryption passphrase, secured string value. Non-default value recommended.
• mssql_user– Specifies the IaaS database username used for connection to SQL database. Default (sa) can be used or, in case when IaaS VM joins a Domain and has a pre-defined domain service account added, a domain user account.
• mssql_pass– Specifies the IaaS database password for SQL Server authentication user above. Should match password for default sa user or password for domain user service account if that is used on the IaaS VM template.
• vsphere_agent_endpoints– Specifies the Name of vSphere endpoint to configure for vRealize Automation vSphere proxy agent. The name of the endpoint that gets created later in the product must match this value. One agent must be installed. Default value (vCenter) can be used.
• vsphere_agent_names– Specifies the name of vRealize Automation vSphere proxy agent service that gets installed on IaaS machine. One agent must be installed. Default value (vCenter) can be used.
• web_site_name– Specifies the name of the default IIS Web site for IaaS components. Default (Default Web Site) can be used.

An example of some of these property values is shown below:

After making changes to custom properties and property groups settings, click OK. Click Save to save blueprint changes and click Finish to exit out of the blueprint editing.

7 – Catalog Management

• Publish the blueprint that you just updated and saved in Section 6 (Blueprint Level Configuration Updates) by selecting the blueprint from the Blueprints view and clicking Publish.

For information about publishing, see Publishing a Blueprint in vRealize Automation documentation.

The blueprint is published to the vRealize Automation services catalog.

• Configure the published blueprint catalog item with the appropriate entitlements as described in Creating Entitlements and Configure a Catalog Item topics in vRealize Automation documentation.

An example of catalog item configuration is shown below:

For more information about the catalog and managing catalog items, services, and entitlements, see the Managing the Service Catalog topic in vRealize Automation documentation.

8 – Blueprint Provisioning and Deployment

• Request provisioning of the published blueprint from vRA catalog and monitor its progress.

In vRealize Automation user interface, click Catalog. Locate the published blueprint, click Request and respond to prompts, then submit a request.

• An example of a successful vRealize Automation blueprint provisioning request is shown below:

If provisioning request fails or is ‘partially successful’ (meaning that some some software components provisoning failed), examine the failed tasks by clicking the button with the ellipses.

Make any necessary property values adjustments or configuration changes in the blueprint, save it and then request provisioning again.

In case of either Success or Failure of vRA blueprint provisioning (if Event Broker subscription workflow is configured as described in Section 5 – vRealize Automation Tenant Configuration), there should be notification e-mail generated and sent with a content like following:

        Thank you for your vRealize Automation Content request!

        Your Request status for deployment of Blueprint vRealize Automation with Infrastructure Updated into tenant: qe is below:

        Deployment name: vRealize Automation with Infrastructure Updated-51881796, description: Now requesting standalone IaaS

           vRA VM Name: oem-vra-0011

           Build Type-Number: ob-4660246

           Hardware capacity: CPU count: 4, RAM (Mb): 18432, Total Disk Usage(Mb): 143360

           Management/API/Other URL: https://dz-vra-oem-5.sqa.local:5480, login: root, password: XXXXXXX

           Hostname: dz-vra-oem-5.sqa.local

           IP address: 10.145.154.10

           Default Tenant URL: https://dz-vra-oem-5.sqa.local/vcac

           Default Tenant Admin credentials ([email protected]) – XXXXXXX

           Lease Days: 10

          IaaS VM Name: oem-iaas-0013

          Hardware capacity: CPU count: 2, RAM (Mb): 8192, Total Disk Usage(Mb): 92160

          Management/API/Other URL: (RDP) mstsc /v:dz-vra-oem-6.sqa.local, login: Administrator, password: XXXXXXX

          Hostname: dz-vra-oem-6.sqa.local

          IP address: 10.145.154.11

          Lease Days: 10

 Follow up

Now that you can efficiently spin up developer instances of vRA for every developer in your team, we’ll show how to use the Lifecycle Manager Content Management features to put a end to end DevOps workflow behind content development.

The best part is developers get to work independently without stepping on each other, content is properly tested before being pushed to Production and velocity goes up because people are working in clean environments.

While we get that post ready, get started here and please leave any feedback in the comments section below